From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- dev-libs/openssl/Manifest | 24 + dev-libs/openssl/files/gentoo.config-0.9.8 | 144 +++++ dev-libs/openssl/files/gentoo.config-1.0.2 | 169 ++++++ .../openssl/files/openssl-0.9.8e-bsd-sparc64.patch | 25 + .../openssl/files/openssl-0.9.8h-ldflags.patch | 29 + .../openssl/files/openssl-0.9.8m-binutils.patch | 24 + .../openssl/files/openssl-1.0.0a-ldflags.patch | 29 + .../files/openssl-1.0.1p-default-source.patch | 30 + dev-libs/openssl/files/openssl-1.0.2-ipv6.patch | 611 +++++++++++++++++++++ .../openssl-1.0.2a-parallel-install-dirs.patch | 64 +++ .../openssl-1.0.2a-parallel-obj-headers.patch | 37 ++ .../files/openssl-1.0.2a-parallel-symlinking.patch | 63 +++ .../openssl/files/openssl-1.0.2a-x32-asm.patch | 43 ++ .../files/openssl-1.0.2i-parallel-build.patch | 326 +++++++++++ dev-libs/openssl/metadata.xml | 26 + dev-libs/openssl/openssl-0.9.8z_p8.ebuild | 162 ++++++ dev-libs/openssl/openssl-1.0.2k.ebuild | 254 +++++++++ dev-libs/openssl/openssl-1.0.2l.ebuild | 254 +++++++++ dev-libs/openssl/openssl-1.1.0f.ebuild | 240 ++++++++ 19 files changed, 2554 insertions(+) create mode 100644 dev-libs/openssl/Manifest create mode 100644 dev-libs/openssl/files/gentoo.config-0.9.8 create mode 100755 dev-libs/openssl/files/gentoo.config-1.0.2 create mode 100644 dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch create mode 100644 dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch create mode 100644 dev-libs/openssl/files/openssl-0.9.8m-binutils.patch create mode 100644 dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch create mode 100644 dev-libs/openssl/files/openssl-1.0.1p-default-source.patch create mode 100644 dev-libs/openssl/files/openssl-1.0.2-ipv6.patch create mode 100644 dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch create mode 100644 dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch create mode 100644 dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch create mode 100644 dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch create mode 100644 dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch create mode 100644 dev-libs/openssl/metadata.xml create mode 100644 dev-libs/openssl/openssl-0.9.8z_p8.ebuild create mode 100644 dev-libs/openssl/openssl-1.0.2k.ebuild create mode 100644 dev-libs/openssl/openssl-1.0.2l.ebuild create mode 100644 dev-libs/openssl/openssl-1.1.0f.ebuild (limited to 'dev-libs/openssl') diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest new file mode 100644 index 000000000000..2dff4c2c3c72 --- /dev/null +++ b/dev-libs/openssl/Manifest @@ -0,0 +1,24 @@ +AUX gentoo.config-0.9.8 4128 SHA256 7570af2b1cb29c435b24bdc5cb65bb361d08a30250bd2752f0a4913c63c6bf2a SHA512 eb2dcfcd5033bf94a94f60a07096037d8c2c938a8ea4c5cfd6d03903e878938729729262f99428c65e844f4148f3e5a18da984cabee8fa84f19e23351388f471 WHIRLPOOL 67214881670be24a4f19a4e2a8bd256d27b48db5eb831a4a6554df922df5f7d6f65305db7edd197898c9a617791780b9191daf30ea547915540c6bd7403d1885 +AUX gentoo.config-1.0.2 5162 SHA256 c55646cc7ef2411ac2b319535087251af993e06ead223f0edffe56d2257ee542 SHA512 8dfd15edb5266a1f6af7c40efa900e4d171e2be2fa3ba9b231003d5a31ece80ab44135acb868cf2c81beb9167fefbf3afb989edb28ef74fd3b85c6775680d987 WHIRLPOOL 4814681116a627fba5d0a128889a344c0c0b3dfdb9682207f3e12a68c1dfe59fedf8ef236f11bdb8532b972a89191217a4342dd477819999a333fcfdd2e4b4cd +AUX openssl-0.9.8e-bsd-sparc64.patch 1484 SHA256 8a79f022a17a7fadb4eb708538b41a7a034e21ad84162beb1f7fa7cff5eb487e SHA512 dbbfae5ce19a4247a6b1ca4a45ca6c15904e13e6bf603447cb5d9820292ceb411792e29db0001c5869e3c4cb0a8afe7fb64d35f007052efc68098301c2e81def WHIRLPOOL 36959cfb8a3f2ac05b28fb6c0e28574f0267ddb6f89471e663ee370a1a1ce3e6c85c6a637098acdac4644f4c20370e2775d9c2610ff03a5ae2a7662d79a60e95 +AUX openssl-0.9.8h-ldflags.patch 1151 SHA256 29fe4b5e51cbe330451e505a5be9a74a3c83bebdca677848097967cf62f1770f SHA512 7f98c5ad310710aeceefd6fac440682bf2baaf41ce17de535add54af88c45fa0689e6e6c26bafb4fe2290fd3b6d80c51d85ffda1e276a73a3d66a319585aab11 WHIRLPOOL 43069cdcf5ae1b644a73292fc53c148e8356786069dfaadaba9e0f21b1adba5c14dbdfe061c4cffedefa072bc99d54b2af9a39b1063dcef7ab54bb45d01a7ce8 +AUX openssl-0.9.8m-binutils.patch 684 SHA256 1e4475f7183ec237d129b686d4ca5265bf7eb34642e7d9e77cbe8ad9a97b4876 SHA512 5e8a20111bd4809e7375c7323dab2c2edd6a131d1ec2377ee99c5e06ceb7b4b000e9606ba6d0e68cd67d8e001cc8194e11e301eace0feb066d5f3c5b331b5f04 WHIRLPOOL dd4a0329e571e4f9322806fce2e6c510b978b68e5c6c64bfbe6993da16989c1a5451fe1e5b0509c0022925ca356cf3309799cdc204998107425fb016cb49da2d +AUX openssl-1.0.0a-ldflags.patch 1095 SHA256 17bb0b9988de0be6b8bb916d953d5d62cf054943f3bc24c5d7c8fea91d864350 SHA512 80c3677313a6268fdc2eb7b556dc081f1047694cf932a8669820923952bf0e3002da4cd92d6a335b44f8a6ece7d88319c15e9c0171118bfc03ff7a9b718726d8 WHIRLPOOL 55bc5d8f0ee620d8e56215572a6eb65a06ff9bf180d6b33f6db74e2129e5373252238772ba6db25293f398a6713b7259c6ae959b15ce8292da9aeb3071a34243 +AUX openssl-1.0.1p-default-source.patch 861 SHA256 390b6857e76cd0513a089ff3eeed60097c3b30bec4b004bb6adbb8eaab02dc4a SHA512 cbd47ae5553ec0e683a92171cb1c2e68d7eb0cf2b1787e3fe332ca2df0aefa31a1a74d60345d5e42d00bdda439019d089560cf2f5464dfe19ff7a3d6a310d06b WHIRLPOOL d734c8776c2d4f17a562f580f676de08bf35e07b04005f1c2a6e7f2752e3a1b57f6d771195f84d7d9709bf2e669b119fe3ae37e473de192e9c10a8ffb1c8969f +AUX openssl-1.0.2-ipv6.patch 18811 SHA256 9ff3150c75f3f3e6a9773ffe54d90994cbf68cc919134aea68e09e7ed921763d SHA512 58e293f8f19a3fad08729b842dd977b73fedb0c49208d87a056bfea857c0e2b79a310d7d098c04429b65564fce64defeda6d1dcc3068ad5a80ef276db6421e54 WHIRLPOOL 36a0fffc7238011b93077bed94c9507f2ffc1cf199e6c06e94d01589cdc84a6568b9122e1a120b8262bd0a1c43f25169a29796c92a78338dd9f03b4cc2cdf0b8 +AUX openssl-1.0.2a-parallel-install-dirs.patch 2013 SHA256 eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9 SHA512 c3b97fa318b9627bcaf4f39d1615c46322c1081cded135af5b5115beb2be74ead46084119fce5643b12c54b6851c33bfb624694ccf6f3d32060b6d56239d3674 WHIRLPOOL 59228ad2796e28edf7508a3b3bbdab36f7b678922566a1ed43a86727371c7b6b8c362431f49812e7c60a9aa72134d7fffaeb7be0efb6b5ca0f10e1c716b6a557 +AUX openssl-1.0.2a-parallel-obj-headers.patch 1359 SHA256 147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f SHA512 ac8224bc088099d72e7e6761303b8653766372bd027536951c458bd22fd0526163de22bf27675e0292a12ae7257a5c1edf26a92747e00cc139e13e1b624b4072 WHIRLPOOL 58b1de7c90ed96a077065ff6abfdeaffd98ce68cc9a2551dab7ff3d04e9b38be8d4bb94a6830f4e6c3d997747345c43f76c31f4c7b825f56fd488e85b9c6179e +AUX openssl-1.0.2a-parallel-symlinking.patch 2041 SHA256 30cb49489de5041841a74da9155cd4fabfbce33237262ba7cd23974314ae2956 SHA512 b87ab581784c285ef394b31baa1196a831a86c3b2d578704c9d8b80d68c70a8b19cfa88bd29b84578ed024135ae2d2ac4d622c91e1040074016b8fd104d6c05a WHIRLPOOL c8200ec6755efdce550afd2f59b3d5dc36324c6810b3ae7427af7130be9ba0db5857c13811f97dd6672230b9f096f81ebb4136c9589d53d25dcfe5c064355a46 +AUX openssl-1.0.2a-x32-asm.patch 1561 SHA256 8bcff04217c5ad82448e27d14f3559a157c2cad89b5fb2b6af701fff1664f86d SHA512 fbb23393e68776e9d34953f85ba3cbb285421d50f06bd297b485c7cffc8d89ca8caff6783f21038ae668b5c75056c89dc652217ac8609b5328e2c28e70ac294c WHIRLPOOL 70163beaed966de948562c3a633828846d12eda7b04526c7e33746c67af5a20ecf47e9e9e5cce33abf7444676f4b15b770204e95db75d0b91a9db13c46ff92bb +AUX openssl-1.0.2i-parallel-build.patch 10065 SHA256 264233dd15fb73ccb8cd8dd2b09b90ae6d1c5bf6f0b5a2013f1f682e173827f4 SHA512 2a95103d22263ca68582caccfb6860d45da20b92741824a794697eaa4e199199abc95ac8a62b821fc42aeab96098aeb89731ee535726e0a9e779dcd9bf39d12d WHIRLPOOL 95e53be866eda7458ab2289172f70517473d581d293af8d337226508440f1091a56eb2b9ae38e3167db42afb7a6e5cd1f936f5e537efd191f014ab289e34ec37 +DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf +DIST openssl-1.0.2k.tar.gz 5309236 SHA256 6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 SHA512 0d314b42352f4b1df2c40ca1094abc7e9ad684c5c35ea997efdd58204c70f22a1abcb17291820f0fff3769620a4e06906034203d31eb1a4d540df3e0db294016 WHIRLPOOL ffa3d89a078db6829f1fff21779a19c87e059600162e6d7d3114b8440ba5fa7d1a08e04594b6ed8ab47e148782de299d7ec338f2ba2d466bf7737b0749f590cd +DIST openssl-1.0.2l.tar.gz 5365054 SHA256 ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c SHA512 047d964508ad6025c79caabd8965efd2416dc026a56183d0ef4de7a0a6769ce8e0b4608a3f8393d326f6d03b26a2b067e6e0c750f35b20be190e595e8290c0e3 WHIRLPOOL fa5b303fd7007eb2b7afe0b6a7d90a6676b738bf39addc1005f15a4664e61e72f9465d5020477abcf6b3e420d46a618e44751ad9e21671c70e5dbe8cdc768bfc +DIST openssl-1.1.0f.tar.gz 5278176 SHA256 12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765 SHA512 340ab3f38c90dea346e543b58bc0eff0adede15be212ad20b7cf38718a7f94fab51996da414855c180540f7488b8bd31d8b9a0d04bb19159f735c46d8f6df22c WHIRLPOOL bb4ce1d100c5eb567de0139e4a1c0a2bb1cd308bd014704d6bb796d3fcfc16b91fe69839068944831746e0b937a6ccb234b5cea3b4911fab4283500ed380f0b6 +EBUILD openssl-0.9.8z_p8.ebuild 4997 SHA256 68825bbb48e4862340690badf5f4fdffb671e29030ec2a142c707486fb3dae6d SHA512 15767d6ed531a7b27a37e9276f3ae02b1d3a57103db2bc256dad4ac9af8d1797f078731ac6a7325a36ca7b9cec34840dac2e3723343dca69050a524c300e7059 WHIRLPOOL 39d5304c4bfe18f974c7aba3d6180bfb9cd3a76e1684cd83b36d985d49c81fe80a552ad41244e280b2fceff718c4378fbda9bf59dbf6b40e06378c3f6ccbdc95 +EBUILD openssl-1.0.2k.ebuild 8334 SHA256 81be072ce297e7426353f5fc5e1021b464aab6c08317ab0798b3f2f3511e25b9 SHA512 69041d575f7542984cdbc9ef32aa04af49610e1e5752ce77e2566b63d0c60d0cfde6aab808d9c32390ca986911de3b67de057d09c1e036204bf119136e386efb WHIRLPOOL 8b5445b07d05613e3003348c5518d1fdd5fdce4415739b0cfbd3589f5a2801747dcbd5bad2c034cc28b6f8bb73916aeeec4d3d3c591462d024147f494180f2b5 +EBUILD openssl-1.0.2l.ebuild 8338 SHA256 072d91bb6cdf1e356a450d995e1a43026f6a86800a601b853f17ab7da1f17c44 SHA512 2435e1f4b4b8f766d1ea5ed0a21fece5109559e16c9d4260d2ef052ab82795bb7005d3f2777bed3978f0f4940521eeb5bd10c85ab2e2037ac2d053f501646f3d WHIRLPOOL bfaedc69471ef1ef1496c2f87de036b29496d903967a66f6a13154aca7b4ecb85eb7abd668dd4652bccee7a8bb6a1a0ab9d5492b19db8ed0e9360f7fbf67b775 +EBUILD openssl-1.1.0f.ebuild 7419 SHA256 553325ec8be13740869ef1416fb62654c7ec6ea1755a55f2eec81db6797d0950 SHA512 30d243d3d3e13571c8b55f9b13abc8b39ad0e719bd482b54d22ee7cb01217e8288cf2594dca1511bd5bd3945acf4e2963a16d3a172c59c11af93008a7a8874b2 WHIRLPOOL 1248a75677f564b74c2f0e575994fe00a8421c12b6a420a5782c3c3646eeb249dc391cc5b3838ee5d5040a9b0d0a4ec281a3af79a1392aefb9455607a21656c5 +MISC ChangeLog 27134 SHA256 73f6780806505aea9831be5f3b6f45b68a0520bff223e7306988b89bdd5b0762 SHA512 4529bfdc72026bdff344610f7e64c56deeb14711f7dc3d522340e37c264498db57c8e0e10615b5437dc80613b54c4f39c5027797e6893f5283c3fb4eae54939c WHIRLPOOL 32420b6acefa4db82b392a0505c032c3ca8adfb0731f3767b9a10ad6bc0288f07d999d832e053d93ed6265ed971143f8f0b995841b0e0b0168defb65cbae68ae +MISC ChangeLog-2015 105012 SHA256 78da8e54f925dd55fa0e87800ab2e3ad9833cb33f6c334a4364339195d44a8a8 SHA512 fa8deec570b40406f273a5ea929f10113d81d828815c67f225968bbbaa6737f6c4832502a100b06fe6c8cf124529fedaa04cbaf7a70f037680a420ce244be1e5 WHIRLPOOL a2acbfb3283a9521492b4b96d9d2283aefc3445df87e47e584c66f87547cfa954914beaddd040c7097fded7029897f9481cded1d1f2d1ad7fa7b2e5425b285ba +MISC metadata.xml 1264 SHA256 a592ac3e0dfafaf2cc5feb9d582332caf2fd92c9e48ebe261e7859fe6e377abb SHA512 573f280724e4c5a176d2f624b83b780f936e71cf960cd0cbbad417b6aa2e6c5b1886fb8b732a561f40e2360c4d750d57a281ee1c1bd242dc2d3001a8f229b271 WHIRLPOOL 10cd6b0c28bfa8948c16259ecf8e009c8c227e4762eae8da50aa2b0e6959ca985697be123bc5a1ec42be6691c413a4cef9f55d5aace93fae440eeaa4fd8fe3ee diff --git a/dev-libs/openssl/files/gentoo.config-0.9.8 b/dev-libs/openssl/files/gentoo.config-0.9.8 new file mode 100644 index 000000000000..02698250c19d --- /dev/null +++ b/dev-libs/openssl/files/gentoo.config-0.9.8 @@ -0,0 +1,144 @@ +#!/usr/bin/env bash +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# +# Openssl doesn't play along nicely with cross-compiling +# like autotools based projects, so let's teach it new tricks. +# +# Review the bundled 'config' script to see why kind of targets +# we can pass to the 'Configure' script. + + +# Testing routines +if [[ $1 == "test" ]] ; then + for c in \ + "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \ + "armv5b-linux-gnu |linux-generic32 -DB_ENDIAN" \ + "x86_64-pc-linux-gnu |linux-x86_64" \ + "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \ + "i686-pc-linux-gnu |linux-elf" \ + "whatever-gentoo-freebsdX.Y |BSD-generic32" \ + "i686-gentoo-freebsdX.Y |BSD-x86-elf" \ + "sparc64-alpha-freebsdX.Y |BSD-sparc64" \ + "ia64-gentoo-freebsd5.99234 |BSD-ia64" \ + "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \ + "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \ + "powerpc-gentOO-linux-uclibc |linux-ppc" \ + "powerpc64-unk-linux-gnu |linux-ppc64" \ + "x86_64-apple-darwinX |darwin64-x86_64-cc" \ + "powerpc64-apple-darwinX |darwin64-ppc-cc" \ + "i686-apple-darwinX |darwin-i386-cc" \ + "i386-apple-darwinX |darwin-i386-cc" \ + "powerpc-apple-darwinX |darwin-ppc-cc" \ + "i586-pc-winnt |winnt-parity" \ + ;do + CHOST=${c/|*} + ret_want=${c/*|} + ret_got=$(CHOST=${CHOST} "$0") + + if [[ ${ret_want} == "${ret_got}" ]] ; then + echo "PASS: ${CHOST}" + else + echo "FAIL: ${CHOST}" + echo -e "\twanted: ${ret_want}" + echo -e "\twe got: ${ret_got}" + fi + done + exit 0 +fi +[[ -z ${CHOST} && -n $1 ]] && CHOST=$1 + + +# Detect the operating system +case ${CHOST} in + *-aix*) system="aix";; + *-darwin*) system="darwin";; + *-freebsd*) system="BSD";; + *-hpux*) system="hpux";; + *-linux*) system="linux";; + *-solaris*) system="solaris";; + *-winnt*) system="winnt";; + *) exit 0;; +esac + + +# Compiler munging +compiler="gcc" +if [[ ${CC} == "ccc" ]] ; then + compiler=${CC} +fi + + +# Detect target arch +machine="" +chost_machine=${CHOST%%-*} +case ${system} in +linux) + case ${chost_machine} in + alphaev56*) machine=alpha+bwx-${compiler};; + alphaev[678]*)machine=alpha+bwx-${compiler};; + alpha*) machine=alpha-${compiler};; + arm*b*) machine="generic32 -DB_ENDIAN";; + arm*) machine="generic32 -DL_ENDIAN";; + # hppa64*) machine=parisc64;; + hppa*) machine="generic32 -DB_ENDIAN";; + i[0-9]86*) machine=elf;; + ia64*) machine=ia64;; + m68*) machine="generic32 -DB_ENDIAN";; + mips*el*) machine="generic32 -DL_ENDIAN";; + mips*) machine="generic32 -DB_ENDIAN";; + powerpc64*) machine=ppc64;; + powerpc*) machine=ppc;; + # sh64*) machine=elf;; + sh*b*) machine="generic32 -DB_ENDIAN";; + sh*) machine="generic32 -DL_ENDIAN";; + sparc*v7*) machine="generic32 -DB_ENDIAN";; + sparc64*) machine=sparcv9;; + sparc*) machine=sparcv8;; + s390x*) machine="generic64 -DB_ENDIAN";; + s390*) machine="generic32 -DB_ENDIAN";; + x86_64*) machine=x86_64;; + esac + ;; +BSD) + case ${chost_machine} in + alpha*) machine=generic64;; + i[6-9]86*) machine=x86-elf;; + ia64*) machine=ia64;; + sparc64*) machine=sparc64;; + x86_64*) machine=x86_64;; + *) machine=generic32;; + esac + ;; +aix) + machine=${compiler} + ;; +darwin) + case ${chost_machine} in + powerpc64) machine=ppc-cc; system=${system}64;; + powerpc) machine=ppc-cc;; + i?86*) machine=i386-cc;; + x86_64) machine=x86_64-cc; system=${system}64;; + esac + ;; +hpux) + case ${chost_machine} in + ia64) machine=ia64-${compiler} ;; + esac + ;; +solaris) + case ${chost_machine} in + i386) machine=x86-${compiler} ;; + x86_64*) machine=x86_64-${compiler}; system=${system}64;; + sparcv9*) machine=sparcv9-${compiler}; system=${system}64;; + sparc*) machine=sparcv8-${compiler};; + esac + ;; +winnt) + machine=parity + ;; +esac + + +# If we have something, show it +[[ -n ${machine} ]] && echo ${system}-${machine} diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.2 new file mode 100755 index 000000000000..95644527068c --- /dev/null +++ b/dev-libs/openssl/files/gentoo.config-1.0.2 @@ -0,0 +1,169 @@ +#!/usr/bin/env bash +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# +# Openssl doesn't play along nicely with cross-compiling +# like autotools based projects, so let's teach it new tricks. +# +# Review the bundled 'config' script to see why kind of targets +# we can pass to the 'Configure' script. + + +# Testing routines +if [[ $1 == "test" ]] ; then + for c in \ + "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \ + "armv5b-linux-gnu |linux-armv4 -DB_ENDIAN" \ + "x86_64-pc-linux-gnu |linux-x86_64" \ + "alpha-linux-gnu |linux-alpha-gcc" \ + "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \ + "i686-pc-linux-gnu |linux-elf" \ + "whatever-gentoo-freebsdX.Y |BSD-generic32" \ + "i686-gentoo-freebsdX.Y |BSD-x86-elf" \ + "sparc64-alpha-freebsdX.Y |BSD-sparc64" \ + "ia64-gentoo-freebsd5.99234 |BSD-ia64" \ + "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \ + "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \ + "powerpc-gentOO-linux-uclibc |linux-ppc" \ + "powerpc64-unk-linux-gnu |linux-ppc64" \ + "powerpc64le-linux-gnu |linux-ppc64le" \ + "x86_64-apple-darwinX |darwin64-x86_64-cc" \ + "powerpc64-apple-darwinX |darwin64-ppc-cc" \ + "i686-apple-darwinX |darwin-i386-cc" \ + "i386-apple-darwinX |darwin-i386-cc" \ + "powerpc-apple-darwinX |darwin-ppc-cc" \ + "i586-pc-winnt |winnt-parity" \ + "s390-ibm-linux-gnu |linux-generic32 -DB_ENDIAN" \ + "s390x-linux-gnu |linux64-s390x" \ + ;do + CHOST=${c/|*} + ret_want=${c/*|} + ret_got=$(CHOST=${CHOST} "$0") + + if [[ ${ret_want} == "${ret_got}" ]] ; then + echo "PASS: ${CHOST}" + else + echo "FAIL: ${CHOST}" + echo -e "\twanted: ${ret_want}" + echo -e "\twe got: ${ret_got}" + fi + done + exit 0 +fi +[[ -z ${CHOST} && -n $1 ]] && CHOST=$1 + + +# Detect the operating system +case ${CHOST} in + *-aix*) system="aix";; + *-darwin*) system="darwin";; + *-freebsd*) system="BSD";; + *-hpux*) system="hpux";; + *-linux*) system="linux";; + *-solaris*) system="solaris";; + *-winnt*) system="winnt";; + x86_64-*-mingw*) system="mingw64";; + *mingw*) system="mingw";; + *) exit 0;; +esac + + +# Compiler munging +compiler="gcc" +if [[ ${CC} == "ccc" ]] ; then + compiler=${CC} +fi + + +# Detect target arch +machine="" +chost_machine=${CHOST%%-*} +case ${system} in +linux) + case ${chost_machine}:${ABI} in + aarch64*be*) machine="generic64 -DB_ENDIAN";; + aarch64*) machine="generic64 -DL_ENDIAN";; + alphaev56*|\ + alphaev[678]*)machine=alpha+bwx-${compiler};; + alpha*) machine=alpha-${compiler};; + armv[4-9]*b*) machine="armv4 -DB_ENDIAN";; + armv[4-9]*) machine="armv4 -DL_ENDIAN";; + arm*b*) machine="generic32 -DB_ENDIAN";; + arm*) machine="generic32 -DL_ENDIAN";; + avr*) machine="generic32 -DL_ENDIAN";; + bfin*) machine="generic32 -DL_ENDIAN";; + # hppa64*) machine=parisc64;; + hppa*) machine="generic32 -DB_ENDIAN";; + i[0-9]86*|\ + x86_64*:x86) machine=elf;; + ia64*) machine=ia64;; + m68*) machine="generic32 -DB_ENDIAN";; + mips*el*) machine="generic32 -DL_ENDIAN";; + mips*) machine="generic32 -DB_ENDIAN";; + powerpc64*le*)machine=ppc64le;; + powerpc64*) machine=ppc64;; + powerpc*le*) machine="generic32 -DL_ENDIAN";; + powerpc*) machine=ppc;; + # sh64*) machine=elf;; + sh*b*) machine="generic32 -DB_ENDIAN";; + sh*) machine="generic32 -DL_ENDIAN";; + # TODO: Might want to do -mcpu probing like glibc to determine a + # better default for sparc-linux-gnu targets. This logic will + # break v7 and older systems when they use it. + sparc*v7*) machine="generic32 -DB_ENDIAN";; + sparc64*) machine=sparcv9 system=linux64;; + sparc*v9*) machine=sparcv9;; + sparc*v8*) machine=sparcv8;; + sparc*) machine=sparcv8;; + s390x*) machine=s390x system=linux64;; + s390*) machine="generic32 -DB_ENDIAN";; + x86_64*:x32) machine=x32;; + x86_64*) machine=x86_64;; + esac + ;; +BSD) + case ${chost_machine} in + alpha*) machine=generic64;; + i[6-9]86*) machine=x86-elf;; + ia64*) machine=ia64;; + sparc64*) machine=sparc64;; + x86_64*) machine=x86_64;; + *) machine=generic32;; + esac + ;; +aix) + machine=${compiler} + ;; +darwin) + case ${chost_machine} in + powerpc64) machine=ppc-cc; system=${system}64;; + powerpc) machine=ppc-cc;; + i?86*) machine=i386-cc;; + x86_64) machine=x86_64-cc; system=${system}64;; + esac + ;; +hpux) + case ${chost_machine} in + ia64) machine=ia64-${compiler} ;; + esac + ;; +solaris) + case ${chost_machine} in + i386) machine=x86-${compiler} ;; + x86_64*) machine=x86_64-${compiler}; system=${system}64;; + sparcv9*) machine=sparcv9-${compiler}; system=${system}64;; + sparc*) machine=sparcv8-${compiler};; + esac + ;; +winnt) + machine=parity + ;; +mingw*) + # special case ... no xxx-yyy style name + echo ${system} + ;; +esac + + +# If we have something, show it +[[ -n ${machine} ]] && echo ${system}-${machine} diff --git a/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch b/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch new file mode 100644 index 000000000000..a798164a9069 --- /dev/null +++ b/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch @@ -0,0 +1,25 @@ +--- a/Configure ++++ b/Configure +@@ -365,7 +365,7 @@ + # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it + # simply *happens* to work around a compiler bug in gcc 3.3.3, + # triggered by RIPEMD160 code. +-"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:ULTRASPARC::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + + +the -B flag is a no-op nowadays + +--- a/crypto/des/Makefile ++++ b/crypto/des/Makefile +@@ -62,7 +62,7 @@ + $(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB) + + des_enc-sparc.S: asm/des_enc.m4 +- m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S ++ m4 asm/des_enc.m4 > des_enc-sparc.S + + # ELF + dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl diff --git a/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch b/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch new file mode 100644 index 000000000000..64cc7bde0504 --- /dev/null +++ b/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch @@ -0,0 +1,29 @@ +http://bugs.gentoo.org/181438 +http://bugs.gentoo.org/327421 +https://rt.openssl.org/Ticket/Display.html?id=3332&user=guest&pass=guest + +make sure we respect LDFLAGS + +also make sure we don't add useless -rpath flags to the system libdir + +--- openssl-0.9.8h/Makefile.org ++++ openssl-0.9.8h/Makefile.org +@@ -180,6 +181,7 @@ + MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \ + DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \ + MAKEDEPPROG='${MAKEDEPPROG}' \ ++ LDFLAGS='${LDFLAGS}' \ + SHARED_LDFLAGS='${SHARED_LDFLAGS}' \ + KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \ + EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \ +--- openssl-0.9.8h/Makefile.shared ++++ openssl-0.9.8h/Makefile.shared +@@ -153,7 +153,7 @@ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to diff --git a/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch b/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch new file mode 100644 index 000000000000..9fa79b9a65fb --- /dev/null +++ b/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch @@ -0,0 +1,24 @@ +http://bugs.gentoo.org/289130 + +Ripped from Fedora + +--- openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl.binutils 2009-11-12 15:17:29.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl 2009-11-12 17:24:18.000000000 +0100 +@@ -150,7 +150,7 @@ ___ + sub BODY_20_39 { + my ($i,$a,$b,$c,$d,$e,$f)=@_; + my $j=$i+1; +-my $K=($i<40)?0x6ed9eba1:0xca62c1d6; ++my $K=($i<40)?0x6ed9eba1:-0x359d3e2a; + $code.=<<___ if ($i<79); + lea $K($xi,$e),$f + mov `4*($j%16)`(%rsp),$xi +@@ -187,7 +187,7 @@ sub BODY_40_59 { + my ($i,$a,$b,$c,$d,$e,$f)=@_; + my $j=$i+1; + $code.=<<___; +- lea 0x8f1bbcdc($xi,$e),$f ++ lea -0x70e44324($xi,$e),$f + mov `4*($j%16)`(%rsp),$xi + mov $b,$t0 + mov $b,$t1 diff --git a/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch b/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch new file mode 100644 index 000000000000..c99ef4abb852 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch @@ -0,0 +1,29 @@ +http://bugs.gentoo.org/181438 +http://bugs.gentoo.org/327421 +https://rt.openssl.org/Ticket/Display.html?id=3331&user=guest&pass=guest + +make sure we respect LDFLAGS + +also make sure we don't add useless -rpath flags to the system libdir + +--- Makefile.org ++++ Makefile.org +@@ -189,6 +189,7 @@ + MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \ + DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \ + MAKEDEPPROG='$(MAKEDEPPROG)' \ ++ LDFLAGS='${LDFLAGS}' \ + SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \ + KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \ + ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \ +--- Makefile.shared ++++ Makefile.shared +@@ -153,7 +153,7 @@ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to diff --git a/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch b/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch new file mode 100644 index 000000000000..73029985ae09 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch @@ -0,0 +1,30 @@ +https://bugs.gentoo.org/554338 +https://rt.openssl.org/Ticket/Display.html?id=3934&user=guest&pass=guest + +From 7c2e97f8bbae517496fdc11f475b4ae54b2534f5 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Fri, 10 Jul 2015 01:50:52 -0400 +Subject: [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions + +The _BSD_SOURCE macro is replaced by the _DEFAULT_SOURCE macro. Using +just the former with newer versions leads to a build time warning, so +make sure to use the new macro too. +--- + ssl/ssltest.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/ssl/ssltest.c b/ssl/ssltest.c +index 26cf96c..b36f667 100644 +--- a/ssl/ssltest.c ++++ b/ssl/ssltest.c +@@ -141,6 +141,7 @@ + */ + + /* Or gethostname won't be declared properly on Linux and GNU platforms. */ ++#define _DEFAULT_SOURCE 1 + #define _BSD_SOURCE 1 + + #include +-- +2.4.4 + diff --git a/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch new file mode 100644 index 000000000000..27574ea616de --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch @@ -0,0 +1,611 @@ +http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest + +--- openssl-1.0.2/apps/s_apps.h ++++ openssl-1.0.2/apps/s_apps.h +@@ -154,7 +154,7 @@ + int do_server(int port, int type, int *ret, + int (*cb) (char *hostname, int s, int stype, + unsigned char *context), unsigned char *context, +- int naccept); ++ int naccept, int use_ipv4, int use_ipv6); + #ifdef HEADER_X509_H + int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); + #endif +@@ -167,7 +167,8 @@ + int ssl_print_curves(BIO *out, SSL *s, int noshared); + #endif + int ssl_print_tmp_key(BIO *out, SSL *s); +-int init_client(int *sock, char *server, int port, int type); ++int init_client(int *sock, char *server, int port, int type, ++ int use_ipv4, int use_ipv6); + int should_retry(int i); + int extract_port(char *str, short *port_ptr); + int extract_host_port(char *str, char **host_ptr, unsigned char *ip, +--- openssl-1.0.2/apps/s_client.c ++++ openssl-1.0.2/apps/s_client.c +@@ -302,6 +302,10 @@ + { + BIO_printf(bio_err, "usage: s_client args\n"); + BIO_printf(bio_err, "\n"); ++ BIO_printf(bio_err, " -4 - use IPv4 only\n"); ++#if OPENSSL_USE_IPV6 ++ BIO_printf(bio_err, " -6 - use IPv6 only\n"); ++#endif + BIO_printf(bio_err, " -host host - use -connect instead\n"); + BIO_printf(bio_err, " -port port - use -connect instead\n"); + BIO_printf(bio_err, +@@ -658,6 +662,7 @@ + int sbuf_len, sbuf_off; + fd_set readfds, writefds; + short port = PORT; ++ int use_ipv4, use_ipv6; + int full_log = 1; + char *host = SSL_HOST_NAME; + char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; +@@ -709,7 +714,11 @@ + #endif + char *sess_in = NULL; + char *sess_out = NULL; +- struct sockaddr peer; ++#if OPENSSL_USE_IPV6 ++ struct sockaddr_storage peer; ++#else ++ struct sockaddr_in peer; ++#endif + int peerlen = sizeof(peer); + int fallback_scsv = 0; + int enable_timeouts = 0; +@@ -737,6 +746,12 @@ + + meth = SSLv23_client_method(); + ++ use_ipv4 = 1; ++#if OPENSSL_USE_IPV6 ++ use_ipv6 = 1; ++#else ++ use_ipv6 = 0; ++#endif + apps_startup(); + c_Pause = 0; + c_quiet = 0; +@@ -1096,6 +1111,16 @@ + jpake_secret = *++argv; + } + #endif ++ else if (strcmp(*argv,"-4") == 0) { ++ use_ipv4 = 1; ++ use_ipv6 = 0; ++ } ++#if OPENSSL_USE_IPV6 ++ else if (strcmp(*argv,"-6") == 0) { ++ use_ipv4 = 0; ++ use_ipv6 = 1; ++ } ++#endif + #ifndef OPENSSL_NO_SRTP + else if (strcmp(*argv, "-use_srtp") == 0) { + if (--argc < 1) +@@ -1421,7 +1446,7 @@ + + re_start: + +- if (init_client(&s, host, port, socket_type) == 0) { ++ if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) { + BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); + SHUTDOWN(s); + goto end; +@@ -1444,7 +1469,7 @@ + if (socket_type == SOCK_DGRAM) { + + sbio = BIO_new_dgram(s, BIO_NOCLOSE); +- if (getsockname(s, &peer, (void *)&peerlen) < 0) { ++ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) { + BIO_printf(bio_err, "getsockname:errno=%d\n", + get_last_socket_error()); + SHUTDOWN(s); +--- openssl-1.0.2/apps/s_server.c ++++ openssl-1.0.2/apps/s_server.c +@@ -643,6 +643,10 @@ + BIO_printf(bio_err, + " -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); + #endif ++ BIO_printf(bio_err, " -4 - use IPv4 only\n"); ++#if OPENSSL_USE_IPV6 ++ BIO_printf(bio_err, " -6 - use IPv6 only\n"); ++#endif + BIO_printf(bio_err, + " -keymatexport label - Export keying material using label\n"); + BIO_printf(bio_err, +@@ -1070,6 +1074,7 @@ + int state = 0; + const SSL_METHOD *meth = NULL; + int socket_type = SOCK_STREAM; ++ int use_ipv4, use_ipv6; + ENGINE *e = NULL; + char *inrand = NULL; + int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; +@@ -1111,6 +1116,12 @@ + + meth = SSLv23_server_method(); + ++ use_ipv4 = 1; ++#if OPENSSL_USE_IPV6 ++ use_ipv6 = 1; ++#else ++ use_ipv6 = 0; ++#endif + local_argc = argc; + local_argv = argv; + +@@ -1503,6 +1514,16 @@ + jpake_secret = *(++argv); + } + #endif ++ else if (strcmp(*argv,"-4") == 0) { ++ use_ipv4 = 1; ++ use_ipv6 = 0; ++ } ++#if OPENSSL_USE_IPV6 ++ else if (strcmp(*argv,"-6") == 0) { ++ use_ipv4 = 0; ++ use_ipv6 = 1; ++ } ++#endif + #ifndef OPENSSL_NO_SRTP + else if (strcmp(*argv, "-use_srtp") == 0) { + if (--argc < 1) +@@ -2023,13 +2044,13 @@ + (void)BIO_flush(bio_s_out); + if (rev) + do_server(port, socket_type, &accept_socket, rev_body, context, +- naccept); ++ naccept, use_ipv4, use_ipv6); + else if (www) + do_server(port, socket_type, &accept_socket, www_body, context, +- naccept); ++ naccept, use_ipv4, use_ipv6); + else + do_server(port, socket_type, &accept_socket, sv_body, context, +- naccept); ++ naccept, use_ipv4, use_ipv6); + print_stats(bio_s_out, ctx); + ret = 0; + end: +--- openssl-1.0.2/apps/s_socket.c ++++ openssl-1.0.2/apps/s_socket.c +@@ -101,16 +101,16 @@ + # include "netdb.h" + # endif + +-static struct hostent *GetHostByName(char *name); ++static struct hostent *GetHostByName(char *name, int domain); + # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) + static void ssl_sock_cleanup(void); + # endif + static int ssl_sock_init(void); +-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type); +-static int init_server(int *sock, int port, int type); +-static int init_server_long(int *sock, int port, char *ip, int type); ++static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain); ++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6); ++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6); + static int do_accept(int acc_sock, int *sock, char **host); +-static int host_ip(char *str, unsigned char ip[4]); ++static int host_ip(char *str, unsigned char *ip, int domain); + + # ifdef OPENSSL_SYS_WIN16 + # define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ +@@ -231,38 +231,68 @@ + return (1); + } + +-int init_client(int *sock, char *host, int port, int type) ++int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6) + { ++# if OPENSSL_USE_IPV6 ++ unsigned char ip[16]; ++# else + unsigned char ip[4]; ++# endif + +- memset(ip, '\0', sizeof ip); +- if (!host_ip(host, &(ip[0]))) +- return 0; +- return init_client_ip(sock, ip, port, type); +-} +- +-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) +-{ +- unsigned long addr; ++ if (use_ipv4) ++ if (host_ip(host, ip, AF_INET)) ++ return(init_client_ip(sock, ip, port, type, AF_INET)); ++# if OPENSSL_USE_IPV6 ++ if (use_ipv6) ++ if (host_ip(host, ip, AF_INET6)) ++ return(init_client_ip(sock, ip, port, type, AF_INET6)); ++# endif ++ return 0; ++} ++ ++static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain) ++{ ++# if OPENSSL_USE_IPV6 ++ struct sockaddr_storage them; ++ struct sockaddr_in *them_in = (struct sockaddr_in *)&them; ++ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them; ++# else + struct sockaddr_in them; ++ struct sockaddr_in *them_in = &them; ++# endif ++ socklen_t addr_len; + int s, i; + + if (!ssl_sock_init()) + return (0); + + memset((char *)&them, 0, sizeof(them)); +- them.sin_family = AF_INET; +- them.sin_port = htons((unsigned short)port); +- addr = (unsigned long) +- ((unsigned long)ip[0] << 24L) | +- ((unsigned long)ip[1] << 16L) | +- ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]); +- them.sin_addr.s_addr = htonl(addr); ++ if (domain == AF_INET) { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in); ++ them_in->sin_family=AF_INET; ++ them_in->sin_port=htons((unsigned short)port); ++# ifndef BIT_FIELD_LIMITS ++ memcpy(&them_in->sin_addr.s_addr, ip, 4); ++# else ++ memcpy(&them_in->sin_addr, ip, 4); ++# endif ++ } ++ else ++# if OPENSSL_USE_IPV6 ++ { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in6); ++ them_in6->sin6_family=AF_INET6; ++ them_in6->sin6_port=htons((unsigned short)port); ++ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr)); ++ } ++# else ++ return(0); ++# endif + + if (type == SOCK_STREAM) +- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); ++ s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL); + else /* ( type == SOCK_DGRAM) */ +- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); ++ s = socket(domain, SOCK_DGRAM, IPPROTO_UDP); + + if (s == INVALID_SOCKET) { + perror("socket"); +@@ -280,7 +310,7 @@ + } + # endif + +- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) { ++ if (connect(s, (struct sockaddr *)&them, addr_len) == -1) { + closesocket(s); + perror("connect"); + return (0); +@@ -292,14 +322,14 @@ + int do_server(int port, int type, int *ret, + int (*cb) (char *hostname, int s, int stype, + unsigned char *context), unsigned char *context, +- int naccept) ++ int naccept, int use_ipv4, int use_ipv6) + { + int sock; + char *name = NULL; + int accept_socket = 0; + int i; + +- if (!init_server(&accept_socket, port, type)) ++ if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6)) + return (0); + + if (ret != NULL) { +@@ -328,32 +358,41 @@ + } + } + +-static int init_server_long(int *sock, int port, char *ip, int type) ++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6) + { + int ret = 0; ++ int domain; ++# if OPENSSL_USE_IPV6 ++ struct sockaddr_storage server; ++ struct sockaddr_in *server_in = (struct sockaddr_in *)&server; ++ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server; ++# else + struct sockaddr_in server; ++ struct sockaddr_in *server_in = &server; ++# endif ++ socklen_t addr_len; + int s = -1; + ++ if (!use_ipv4 && !use_ipv6) ++ goto err; ++# if OPENSSL_USE_IPV6 ++ /* we are fine here */ ++# else ++ if (use_ipv6) ++ goto err; ++# endif + if (!ssl_sock_init()) + return (0); + +- memset((char *)&server, 0, sizeof(server)); +- server.sin_family = AF_INET; +- server.sin_port = htons((unsigned short)port); +- if (ip == NULL) +- server.sin_addr.s_addr = INADDR_ANY; +- else +-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ +-# ifndef BIT_FIELD_LIMITS +- memcpy(&server.sin_addr.s_addr, ip, 4); ++#if OPENSSL_USE_IPV6 ++ domain = use_ipv6 ? AF_INET6 : AF_INET; + # else +- memcpy(&server.sin_addr, ip, 4); ++ domain = AF_INET; + # endif +- + if (type == SOCK_STREAM) +- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); +- else /* type == SOCK_DGRAM */ +- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); ++ s=socket(domain, SOCK_STREAM, SOCKET_PROTOCOL); ++ else /* type == SOCK_DGRAM */ ++ s=socket(domain, SOCK_DGRAM, IPPROTO_UDP); + + if (s == INVALID_SOCKET) + goto err; +@@ -363,7 +402,42 @@ + setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); + } + # endif +- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { ++# if OPENSSL_USE_IPV6 ++ if ((use_ipv4 == 0) && (use_ipv6 == 1)) { ++ const int on = 1; ++ ++ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, ++ (const void *) &on, sizeof(int)); ++ } ++# endif ++ if (domain == AF_INET) { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in); ++ memset(server_in, 0, sizeof(struct sockaddr_in)); ++ server_in->sin_family=AF_INET; ++ server_in->sin_port = htons((unsigned short)port); ++ if (ip == NULL) ++ server_in->sin_addr.s_addr = htonl(INADDR_ANY); ++ else ++/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ ++# ifndef BIT_FIELD_LIMITS ++ memcpy(&server_in->sin_addr.s_addr, ip, 4); ++# else ++ memcpy(&server_in->sin_addr, ip, 4); ++# endif ++ } ++# if OPENSSL_USE_IPV6 ++ else { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in6); ++ memset(server_in6, 0, sizeof(struct sockaddr_in6)); ++ server_in6->sin6_family = AF_INET6; ++ server_in6->sin6_port = htons((unsigned short)port); ++ if (ip == NULL) ++ server_in6->sin6_addr = in6addr_any; ++ else ++ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr)); ++ } ++# endif ++ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) { + # ifndef OPENSSL_SYS_WINDOWS + perror("bind"); + # endif +@@ -381,16 +455,23 @@ + return (ret); + } + +-static int init_server(int *sock, int port, int type) ++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6) + { +- return (init_server_long(sock, port, NULL, type)); ++ return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6)); + } + + static int do_accept(int acc_sock, int *sock, char **host) + { + int ret; + struct hostent *h1, *h2; +- static struct sockaddr_in from; ++#if OPENSSL_USE_IPV6 ++ struct sockaddr_storage from; ++ struct sockaddr_in *from_in = (struct sockaddr_in *)&from; ++ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from; ++#else ++ struct sockaddr_in from; ++ struct sockaddr_in *from_in = &from; ++#endif + int len; + /* struct linger ling; */ + +@@ -440,14 +521,25 @@ + + if (host == NULL) + goto end; ++# if OPENSSL_USE_IPV6 ++ if (from.ss_family == AF_INET) ++# else ++ if (from.sin_family == AF_INET) ++# endif + # ifndef BIT_FIELD_LIMITS +- /* I should use WSAAsyncGetHostByName() under windows */ +- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr, +- sizeof(from.sin_addr.s_addr), AF_INET); ++ /* I should use WSAAsyncGetHostByName() under windows */ ++ h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr, ++ sizeof(from_in->sin_addr.s_addr), AF_INET); + # else +- h1 = gethostbyaddr((char *)&from.sin_addr, +- sizeof(struct in_addr), AF_INET); ++ h1 = gethostbyaddr((char *)&from_in->sin_addr, ++ sizeof(struct in_addr), AF_INET); ++# endif ++# if OPENSSL_USE_IPV6 ++ else ++ h1 = gethostbyaddr((char *)&from_in6->sin6_addr, ++ sizeof(struct in6_addr), AF_INET6); + # endif ++ + if (h1 == NULL) { + BIO_printf(bio_err, "bad gethostbyaddr\n"); + *host = NULL; +@@ -460,14 +552,22 @@ + } + BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1); + +- h2 = GetHostByName(*host); ++# if OPENSSL_USE_IPV6 ++ h2=GetHostByName(*host, from.ss_family); ++# else ++ h2=GetHostByName(*host, from.sin_family); ++# endif + if (h2 == NULL) { + BIO_printf(bio_err, "gethostbyname failure\n"); + closesocket(ret); + return (0); + } +- if (h2->h_addrtype != AF_INET) { +- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); ++# if OPENSSL_USE_IPV6 ++ if (h2->h_addrtype != from.ss_family) { ++# else ++ if (h2->h_addrtype != from.sin_family) { ++# endif ++ BIO_printf(bio_err, "gethostbyname addr is not correct\n"); + closesocket(ret); + return (0); + } +@@ -483,14 +583,14 @@ + char *h, *p; + + h = str; +- p = strchr(str, ':'); ++ p = strrchr(str, ':'); + if (p == NULL) { + BIO_printf(bio_err, "no port defined\n"); + return (0); + } + *(p++) = '\0'; + +- if ((ip != NULL) && !host_ip(str, ip)) ++ if ((ip != NULL) && !host_ip(str, ip, AF_INET)) + goto err; + if (host_ptr != NULL) + *host_ptr = h; +@@ -502,44 +602,51 @@ + return (0); + } + +-static int host_ip(char *str, unsigned char ip[4]) ++static int host_ip(char *str, unsigned char *ip, int domain) + { + unsigned int in[4]; ++ unsigned long l; + int i; + +- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == +- 4) { ++ if ((domain == AF_INET) && (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == 4)) { + for (i = 0; i < 4; i++) + if (in[i] > 255) { + BIO_printf(bio_err, "invalid IP address\n"); + goto err; + } +- ip[0] = in[0]; +- ip[1] = in[1]; +- ip[2] = in[2]; +- ip[3] = in[3]; +- } else { /* do a gethostbyname */ ++ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]); ++ memcpy(ip, &l, 4); ++ return 1; ++ } ++# if OPENSSL_USE_IPV6 ++ else if ((domain == AF_INET6) && (inet_pton(AF_INET6, str, ip) == 1)) ++ return 1; ++# endif ++ else { /* do a gethostbyname */ + struct hostent *he; + + if (!ssl_sock_init()) + return (0); + +- he = GetHostByName(str); ++ he = GetHostByName(str, domain); + if (he == NULL) { + BIO_printf(bio_err, "gethostbyname failure\n"); + goto err; + } + /* cast to short because of win16 winsock definition */ +- if ((short)he->h_addrtype != AF_INET) { +- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); ++ if ((short)he->h_addrtype != domain) { ++ BIO_printf(bio_err, "gethostbyname addr is not correct\n"); + return (0); + } +- ip[0] = he->h_addr_list[0][0]; +- ip[1] = he->h_addr_list[0][1]; +- ip[2] = he->h_addr_list[0][2]; +- ip[3] = he->h_addr_list[0][3]; ++ if (domain == AF_INET) ++ memset(ip, 0, 4); ++# if OPENSSL_USE_IPV6 ++ else ++ memset(ip, 0, 16); ++# endif ++ memcpy(ip, he->h_addr_list[0], he->h_length); ++ return 1; + } +- return (1); + err: + return (0); + } +@@ -573,7 +680,7 @@ + static unsigned long ghbn_hits = 0L; + static unsigned long ghbn_miss = 0L; + +-static struct hostent *GetHostByName(char *name) ++static struct hostent *GetHostByName(char *name, int domain) + { + struct hostent *ret; + int i, lowi = 0; +@@ -585,13 +692,18 @@ + lowi = i; + } + if (ghbn_cache[i].order > 0) { +- if (strncmp(name, ghbn_cache[i].name, 128) == 0) ++ if ((strncmp(name, ghbn_cache[i].name, 128) == 0) && (ghbn_cache[i].ent.h_addrtype == domain)) + break; + } + } + if (i == GHBN_NUM) { /* no hit */ + ghbn_miss++; +- ret = gethostbyname(name); ++ if (domain == AF_INET) ++ ret = gethostbyname(name); ++# if OPENSSL_USE_IPV6 ++ else ++ ret = gethostbyname2(name, AF_INET6); ++# endif + if (ret == NULL) + return (NULL); + /* else add to cache */ diff --git a/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch b/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch new file mode 100644 index 000000000000..0198818c5fa3 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch @@ -0,0 +1,64 @@ +https://rt.openssl.org/Ticket/Display.html?id=3736&user=guest&pass=guest + +From aba899f2eca21e11e5e9797bf8258e7265dea9f5 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Sun, 8 Mar 2015 01:32:01 -0500 +Subject: [PATCH] fix parallel install with dir creation + +The mkdir-p.pl does not handle parallel creation of directories. +This comes up when the install_sw and install_docs rules run and +both call mkdir-p.pl on sibling directory trees. + +Instead, lets create a single install_dirs rule that makes all of +the dirs we need, and have these two install steps depend on that. +--- + Makefile.org | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/Makefile.org b/Makefile.org +index a6d9471..78e6143 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -536,9 +536,9 @@ + dist_pem_h: + (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) + +-install: all install_docs install_sw ++install: install_docs install_sw + +-install_sw: ++install_dirs: + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ +@@ -547,6 +547,13 @@ + $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/private ++ @$(PERL) $(TOP)/util/mkdir-p.pl \ ++ $(INSTALL_PREFIX)$(MANDIR)/man1 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man3 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man5 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man7 ++ ++install_sw: install_dirs + @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +@@ -636,12 +643,7 @@ + done; \ + done + +-install_docs: +- @$(PERL) $(TOP)/util/mkdir-p.pl \ +- $(INSTALL_PREFIX)$(MANDIR)/man1 \ +- $(INSTALL_PREFIX)$(MANDIR)/man3 \ +- $(INSTALL_PREFIX)$(MANDIR)/man5 \ +- $(INSTALL_PREFIX)$(MANDIR)/man7 ++install_docs: install_dirs + @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ + here="`pwd`"; \ + filecase=; \ +-- +2.3.4 + diff --git a/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch b/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch new file mode 100644 index 000000000000..a7d6f4effea7 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch @@ -0,0 +1,37 @@ +https://rt.openssl.org/Ticket/Display.html?id=3737&user=guest&pass=guest + +From ce279d4361e07e9af9ceca8a6e326e661758ad53 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Sun, 8 Mar 2015 01:34:48 -0500 +Subject: [PATCH] fix parallel generation of obj headers + +The current code has dummy sleep/touch commands to try and work +around the parallel issue, but that is obviously racy. Instead +lets force one of the files to depend on the other so we know +they'll never run in parallel. +--- + crypto/objects/Makefile | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile +index ad2db1e..7d32504 100644 +--- a/crypto/objects/Makefile ++++ b/crypto/objects/Makefile +@@ -44,11 +44,11 @@ + # objects.pl both reads and writes obj_mac.num + obj_mac.h: objects.pl objects.txt obj_mac.num + $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h +- @sleep 1; touch obj_mac.h; sleep 1 + +-obj_xref.h: objxref.pl obj_xref.txt obj_mac.num ++# This doesn't really need obj_mac.h, but since that rule reads & writes ++# obj_mac.num, we can't run in parallel with it. ++obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h + $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h +- @sleep 1; touch obj_xref.h; sleep 1 + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +-- +2.3.4 + diff --git a/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch b/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch new file mode 100644 index 000000000000..f2be696b1068 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch @@ -0,0 +1,63 @@ +https://rt.openssl.org/Ticket/Display.html?id=3780&user=guest&pass=guest + +From cc81af135bda47eaa6956a0329cbbc55bf993ac1 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Fri, 3 Apr 2015 01:16:23 -0400 +Subject: [PATCH] fix race when symlink shareds libs + +When the crypto/ssl targets attempt to build their shared libs, they run: + cd ..; make libcrypto.so.1.0.0 +The top level Makefile in turn runs the build-shared target for that lib. + +The build-shared target depends on both do_$(SHLIB_TARGET) & link-shared. +When building in parallel, make is allowed to run both of these. They +both run Makefile.shared for their respective targets: +do_$(SHLIB_TARGET) -> + link_a.linux-shared -> + link_a.gnu -> + ...; $(LINK_SO_A) -> + $(LINK_SO) -> + $(SYMLINK_SO) +link-shared -> + symlink.linux-shared -> + symlink.gnu -> + ...; $(SYMLINK_SO) + +The shell code for SYMLINK_SO attempts to do a [ -e lib ] check, but fails +basic TOCTOU semantics. Depending on the load, that means two processes +will run the sequence: + rm -f libcrypto.so + ln -s libcrypto.so.1.0.0 libcrypto.so + +Which obviously fails: + ln: failed to create symbolic link 'libcrypto.so': File exists + +Since we know do_$(SHLIB_TARGET) will create the symlink for us, don't +bother depending on link-shared at all in the top level Makefile when +building things. + +Reported-by: Martin von Gagern +URL: https://bugs.gentoo.org/545028 +--- + Makefile.org | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/Makefile.org b/Makefile.org +index 890bfe4..576c60e 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -350,7 +350,10 @@ link-shared: + libs="$$libs -l$$i"; \ + done + +-build-shared: do_$(SHLIB_TARGET) link-shared ++# The link target in Makefile.shared will create the symlink for us, so no need ++# to call link-shared directly. Doing so will cause races with two processes ++# trying to symlink the lib. ++build-shared: do_$(SHLIB_TARGET) + + do_$(SHLIB_TARGET): + @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \ +-- +2.3.4 + diff --git a/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch b/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch new file mode 100644 index 000000000000..3a005c9b099d --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch @@ -0,0 +1,43 @@ +https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest + +From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Sat, 21 Mar 2015 06:01:25 -0400 +Subject: [PATCH] crypto: use bigint in x86-64 perl + +When building on x32 systems where the default type is 32bit, make sure +we can transparently represent 64bit integers. Otherwise we end up with +build errors like: +/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s +Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890. +... +ghash-x86_64.s: Assembler messages: +ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression + +We don't enable this globally as there are some cases where we'd get +32bit values interpreted as unsigned when we need them as signed. + +Reported-by: Bertrand Jacquin +URL: https://bugs.gentoo.org/542618 +--- + crypto/perlasm/x86_64-xlate.pl | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl +index aae8288..0bf9774 100755 +--- a/crypto/perlasm/x86_64-xlate.pl ++++ b/crypto/perlasm/x86_64-xlate.pl +@@ -195,6 +195,10 @@ my %globals; + sub out { + my $self = shift; + ++ # When building on x32 ABIs, the expanded hex value might be too ++ # big to fit into 32bits. Enable transparent 64bit support here ++ # so we can safely print it out. ++ use bigint; + if ($gas) { + # Solaris /usr/ccs/bin/as can't handle multiplications + # in $self->{value} +-- +2.3.3 + diff --git a/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch new file mode 100644 index 000000000000..387a077da27d --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch @@ -0,0 +1,326 @@ +--- openssl-1.0.2i/crypto/Makefile ++++ openssl-1.0.2i/crypto/Makefile +@@ -85,11 +85,11 @@ + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + + subdirs: +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO +- @target=files; $(RECURSIVE_MAKE) ++ +@target=files; $(RECURSIVE_MAKE) + + links: + @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) +@@ -100,7 +100,7 @@ + # lib: $(LIB): are splitted to avoid end-less loop + lib: $(LIB) + @touch lib +-$(LIB): $(LIBOBJ) ++$(LIB): $(LIBOBJ) | subdirs + $(AR) $(LIB) $(LIBOBJ) + test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o + $(RANLIB) $(LIB) || echo Never mind. +@@ -111,7 +111,7 @@ + fi + + libs: +- @target=lib; $(RECURSIVE_MAKE) ++ +@target=lib; $(RECURSIVE_MAKE) + + install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... +@@ -120,7 +120,7 @@ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + lint: + @target=lint; $(RECURSIVE_MAKE) +--- openssl-1.0.2i/engines/Makefile ++++ openssl-1.0.2i/engines/Makefile +@@ -72,7 +72,7 @@ + + all: lib subdirs + +-lib: $(LIBOBJ) ++lib: $(LIBOBJ) | subdirs + @if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ + for l in $(LIBNAMES); do \ +@@ -89,7 +89,7 @@ + + subdirs: + echo $(EDIRS) +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +@@ -128,7 +128,7 @@ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ + done; \ + fi +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + tags: + ctags $(SRC) +--- openssl-1.0.2i/Makefile.org ++++ openssl-1.0.2i/Makefile.org +@@ -281,17 +281,17 @@ + build_libssl: build_ssl libssl.pc + + build_crypto: +- @dir=crypto; target=all; $(BUILD_ONE_CMD) ++ +@dir=crypto; target=all; $(BUILD_ONE_CMD) + build_ssl: build_crypto +- @dir=ssl; target=all; $(BUILD_ONE_CMD) ++ +@dir=ssl; target=all; $(BUILD_ONE_CMD) + build_engines: build_crypto +- @dir=engines; target=all; $(BUILD_ONE_CMD) ++ +@dir=engines; target=all; $(BUILD_ONE_CMD) + build_apps: build_libs +- @dir=apps; target=all; $(BUILD_ONE_CMD) ++ +@dir=apps; target=all; $(BUILD_ONE_CMD) + build_tests: build_libs +- @dir=test; target=all; $(BUILD_ONE_CMD) ++ +@dir=test; target=all; $(BUILD_ONE_CMD) + build_tools: build_libs +- @dir=tools; target=all; $(BUILD_ONE_CMD) ++ +@dir=tools; target=all; $(BUILD_ONE_CMD) + + all_testapps: build_libs build_testapps + build_testapps: +@@ -547,7 +547,7 @@ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @set -e; target=install; $(RECURSIVE_BUILD_CMD) ++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) + @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ + do \ + if [ -f "$$i" ]; then \ +--- openssl-1.0.2i/Makefile.shared ++++ openssl-1.0.2i/Makefile.shared +@@ -105,6 +105,7 @@ + SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ ++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ + $${SHAREDCMD} $${SHAREDFLAGS} \ + -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ +@@ -122,6 +123,7 @@ + done; \ + fi; \ + if [ -n "$$SHLIB_SOVER" ]; then \ ++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ + ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ + ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ + fi; \ +--- openssl-1.0.2i/test/Makefile ++++ openssl-1.0.2i/test/Makefile +@@ -144,7 +144,7 @@ + tags: + ctags $(SRC) + +-tests: exe apps $(TESTS) ++tests: exe $(TESTS) + + apps: + @(cd ..; $(MAKE) DIRS=apps all) +@@ -435,136 +435,136 @@ + link_app.$${shlib_target} + + $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) +- @target=$(RSATEST); $(BUILD_CMD) ++ +@target=$(RSATEST); $(BUILD_CMD) + + $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) +- @target=$(BNTEST); $(BUILD_CMD) ++ +@target=$(BNTEST); $(BUILD_CMD) + + $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) +- @target=$(ECTEST); $(BUILD_CMD) ++ +@target=$(ECTEST); $(BUILD_CMD) + + $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) +- @target=$(EXPTEST); $(BUILD_CMD) ++ +@target=$(EXPTEST); $(BUILD_CMD) + + $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) +- @target=$(IDEATEST); $(BUILD_CMD) ++ +@target=$(IDEATEST); $(BUILD_CMD) + + $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) +- @target=$(MD2TEST); $(BUILD_CMD) ++ +@target=$(MD2TEST); $(BUILD_CMD) + + $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) +- @target=$(SHATEST); $(BUILD_CMD) ++ +@target=$(SHATEST); $(BUILD_CMD) + + $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) +- @target=$(SHA1TEST); $(BUILD_CMD) ++ +@target=$(SHA1TEST); $(BUILD_CMD) + + $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) +- @target=$(SHA256TEST); $(BUILD_CMD) ++ +@target=$(SHA256TEST); $(BUILD_CMD) + + $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) +- @target=$(SHA512TEST); $(BUILD_CMD) ++ +@target=$(SHA512TEST); $(BUILD_CMD) + + $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) +- @target=$(RMDTEST); $(BUILD_CMD) ++ +@target=$(RMDTEST); $(BUILD_CMD) + + $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) +- @target=$(MDC2TEST); $(BUILD_CMD) ++ +@target=$(MDC2TEST); $(BUILD_CMD) + + $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) +- @target=$(MD4TEST); $(BUILD_CMD) ++ +@target=$(MD4TEST); $(BUILD_CMD) + + $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) +- @target=$(MD5TEST); $(BUILD_CMD) ++ +@target=$(MD5TEST); $(BUILD_CMD) + + $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) +- @target=$(HMACTEST); $(BUILD_CMD) ++ +@target=$(HMACTEST); $(BUILD_CMD) + + $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) +- @target=$(WPTEST); $(BUILD_CMD) ++ +@target=$(WPTEST); $(BUILD_CMD) + + $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) +- @target=$(RC2TEST); $(BUILD_CMD) ++ +@target=$(RC2TEST); $(BUILD_CMD) + + $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) +- @target=$(BFTEST); $(BUILD_CMD) ++ +@target=$(BFTEST); $(BUILD_CMD) + + $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) +- @target=$(CASTTEST); $(BUILD_CMD) ++ +@target=$(CASTTEST); $(BUILD_CMD) + + $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) +- @target=$(RC4TEST); $(BUILD_CMD) ++ +@target=$(RC4TEST); $(BUILD_CMD) + + $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) +- @target=$(RC5TEST); $(BUILD_CMD) ++ +@target=$(RC5TEST); $(BUILD_CMD) + + $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) +- @target=$(DESTEST); $(BUILD_CMD) ++ +@target=$(DESTEST); $(BUILD_CMD) + + $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) +- @target=$(RANDTEST); $(BUILD_CMD) ++ +@target=$(RANDTEST); $(BUILD_CMD) + + $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) +- @target=$(DHTEST); $(BUILD_CMD) ++ +@target=$(DHTEST); $(BUILD_CMD) + + $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) +- @target=$(DSATEST); $(BUILD_CMD) ++ +@target=$(DSATEST); $(BUILD_CMD) + + $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) +- @target=$(METHTEST); $(BUILD_CMD) ++ +@target=$(METHTEST); $(BUILD_CMD) + + $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) +- @target=$(SSLTEST); $(FIPS_BUILD_CMD) ++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) + + $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) +- @target=$(ENGINETEST); $(BUILD_CMD) ++ +@target=$(ENGINETEST); $(BUILD_CMD) + + $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) +- @target=$(EVPTEST); $(BUILD_CMD) ++ +@target=$(EVPTEST); $(BUILD_CMD) + + $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) +- @target=$(EVPEXTRATEST); $(BUILD_CMD) ++ +@target=$(EVPEXTRATEST); $(BUILD_CMD) + + $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) +- @target=$(ECDSATEST); $(BUILD_CMD) ++ +@target=$(ECDSATEST); $(BUILD_CMD) + + $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) +- @target=$(ECDHTEST); $(BUILD_CMD) ++ +@target=$(ECDHTEST); $(BUILD_CMD) + + $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) +- @target=$(IGETEST); $(BUILD_CMD) ++ +@target=$(IGETEST); $(BUILD_CMD) + + $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) +- @target=$(JPAKETEST); $(BUILD_CMD) ++ +@target=$(JPAKETEST); $(BUILD_CMD) + + $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) +- @target=$(ASN1TEST); $(BUILD_CMD) ++ +@target=$(ASN1TEST); $(BUILD_CMD) + + $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) +- @target=$(SRPTEST); $(BUILD_CMD) ++ +@target=$(SRPTEST); $(BUILD_CMD) + + $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO) +- @target=$(V3NAMETEST); $(BUILD_CMD) ++ +@target=$(V3NAMETEST); $(BUILD_CMD) + + $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) +- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) ++ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) + + $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o +- @target=$(CONSTTIMETEST) $(BUILD_CMD) ++ +@target=$(CONSTTIMETEST) $(BUILD_CMD) + + $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o +- @target=$(VERIFYEXTRATEST) $(BUILD_CMD) ++ +@target=$(VERIFYEXTRATEST) $(BUILD_CMD) + + $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o +- @target=$(CLIENTHELLOTEST) $(BUILD_CMD) ++ +@target=$(CLIENTHELLOTEST) $(BUILD_CMD) + + $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o +- @target=$(BADDTLSTEST) $(BUILD_CMD) ++ +@target=$(BADDTLSTEST) $(BUILD_CMD) + + $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o +- @target=$(SSLV2CONFTEST) $(BUILD_CMD) ++ +@target=$(SSLV2CONFTEST) $(BUILD_CMD) + + $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) +- @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) ++ +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) + + #$(AESTEST).o: $(AESTEST).c + # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c +@@ -577,7 +577,7 @@ + # fi + + dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) +- @target=dummytest; $(BUILD_CMD) ++ +@target=dummytest; $(BUILD_CMD) + + # DO NOT DELETE THIS LINE -- make depend depends on it. + diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml new file mode 100644 index 000000000000..0ee764ebd0e5 --- /dev/null +++ b/dev-libs/openssl/metadata.xml @@ -0,0 +1,26 @@ + + + + + base-system@gentoo.org + Gentoo Base System + + + Support assembly hand optimized crypto functions (i.e. faster run time) + Disable EC algorithms (as they seem to be patented) -- note: changes the ABI + Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers) + Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https + Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https + Enable the Heartbeat Extension in TLS and DTLS + + + cpe:/a:openssl:openssl + + + For building against. This is the only slot + that provides headers and command line tools. + For binary compatibility, provides libcrypto.so.0.9.8 + and libssl.so.0.9.8 only. + Reflect ABI of libcrypto.so and libssl.so. + + diff --git a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild b/dev-libs/openssl/openssl-0.9.8z_p8.ebuild new file mode 100644 index 000000000000..f6a3c0025f10 --- /dev/null +++ b/dev-libs/openssl/openssl-0.9.8z_p8.ebuild @@ -0,0 +1,162 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat + +EAPI="5" + +inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal + +#PLEVEL=$(printf "\\$(printf '%03o' $((${PV##*_p} + 96)))") +PLEVEL='h' # _p8 -> tr '[1-9]' '[a-i]' -> 'h' +MY_PV=${PV/_p*/${PLEVEL}} +MY_P=${PN}-${MY_PV} +S="${WORKDIR}/${MY_P}" +DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" +HOMEPAGE="http://www.openssl.org/" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" + +LICENSE="openssl" +SLOT="0.9.8" +KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~sparc-fbsd ~x86-fbsd" +IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib" +RESTRICT="!bindist? ( bindist )" + +RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] ) + zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) + kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20140508-r4 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + ) + !=dev-libs/openssl-0.9.8*:0" +DEPEND="${RDEPEND} + >=dev-lang/perl-5 + test? ( + sys-apps/diffutils + sys-devel/bc + )" + +# Do not install any docs +DOCS=() + +src_prepare() { + epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch + epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438 + epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130 + + # disable fips in the build + # make sure the man pages are suffixed #302165 + # don't bother building man pages if they're disabled + sed -i \ + -e '/DIRS/s: fips : :g' \ + -e '/^MANSUFFIX/s:=.*:=ssl:' \ + -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ + -e $(has noman FEATURES \ + && echo '/^install:/s:install_docs::' \ + || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \ + Makefile{,.org} \ + || die + # show the actual commands in the log + sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared + # update the enginedir path. + # punt broken config we don't care about as it fails sanity check. + sed -i \ + -e '/^"debug-ben-debug-64"/d' \ + -e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \ + Configure || die + + # since we're forcing $(CC) as makedep anyway, just fix + # the conditional as always-on + # helps clang (#417795), and versioned gcc (#499818) + sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die + + # quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (#417795 again) + [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments + + # allow openssl to be cross-compiled + cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed" + chmod a+rx gentoo.config + + append-flags -fno-strict-aliasing + append-flags -Wa,--noexecstack + + sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906 + sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken + ./config --test-sanity || die "I AM NOT SANE" + + multilib_copy_sources +} + +multilib_src_configure() { + unset APPS #197996 + unset SCRIPTS #312551 + + tc-export CC AR RANLIB + + # Clean out patent-or-otherwise-encumbered code + # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) + # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm + # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography + # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 + # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 + + use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; } + echoit() { echo "$@" ; "$@" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + local sslout=$(./gentoo.config) + einfo "Use configuration ${sslout:-(openssl knows best)}" + local config="Configure" + [[ -z ${sslout} ]] && config="config" + + echoit \ + ./${config} \ + ${sslout} \ + $(use cpu_flags_x86_sse2 || echo "no-sse2") \ + enable-camellia \ + $(use_ssl !bindist ec) \ + enable-idea \ + enable-mdc2 \ + $(use_ssl !bindist rc5) \ + enable-tlsext \ + $(use_ssl gmp gmp -lgmp) \ + $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ + $(use_ssl zlib) \ + --prefix=/usr \ + --openssldir=/etc/ssl \ + shared threads \ + || die "Configure failed" + + # Clean out hardcoded flags that openssl uses + local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ + -e 's:^CFLAG=::' \ + -e 's:-fomit-frame-pointer ::g' \ + -e 's:-O[0-9] ::g' \ + -e 's:-march=[-a-z0-9]* ::g' \ + -e 's:-mcpu=[-a-z0-9]* ::g' \ + -e 's:-m[a-z0-9]* ::g' \ + ) + sed -i \ + -e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \ + -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ + -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ + Makefile || die +} + +multilib_src_compile() { + # depend is needed to use $confopts + emake -j1 depend + emake -j1 build_libs +} + +multilib_src_test() { + emake -j1 test +} + +multilib_src_install() { + dolib.so lib{crypto,ssl}.so.0.9.8 +} diff --git a/dev-libs/openssl/openssl-1.0.2k.ebuild b/dev-libs/openssl/openssl-1.0.2k.ebuild new file mode 100644 index 000000000000..9ba2eeef6ad4 --- /dev/null +++ b/dev-libs/openssl/openssl-1.0.2k.ebuild @@ -0,0 +1,254 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal + +MY_P=${P/_/-} +DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" +HOMEPAGE="http://www.openssl.org/" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" + +LICENSE="openssl" +SLOT="0" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" +IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" +RESTRICT="!bindist? ( bindist )" + +RDEPEND=">=app-misc/c_rehash-1.7-r1 + gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) + zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) + kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND} + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + sys-devel/bc + )" +PDEPEND="app-misc/ca-certificates" + +S="${WORKDIR}/${MY_P}" + +MULTILIB_WRAPPED_HEADERS=( + usr/include/openssl/opensslconf.h +) + +src_prepare() { + # keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 + epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch + epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch + epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch + epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028 + epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch + epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 + epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338 + + epatch_user #332661 + fi + + # disable fips in the build + # make sure the man pages are suffixed #302165 + # don't bother building man pages if they're disabled + sed -i \ + -e '/DIRS/s: fips : :g' \ + -e '/^MANSUFFIX/s:=.*:=ssl:' \ + -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ + -e $(has noman FEATURES \ + && echo '/^install:/s:install_docs::' \ + || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ + Makefile.org \ + || die + # show the actual commands in the log + sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared + + # since we're forcing $(CC) as makedep anyway, just fix + # the conditional as always-on + # helps clang (#417795), and versioned gcc (#499818) + sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die + + # quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (#417795 again) + [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments + + # allow openssl to be cross-compiled + cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die + chmod a+rx gentoo.config + + append-flags -fno-strict-aliasing + append-flags $(test-flags-CC -Wa,--noexecstack) + append-cppflags -DOPENSSL_NO_BUF_FREELISTS + + sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 + # The config script does stupid stuff to prompt the user. Kill it. + sed -i '/stty -icanon min 0 time 50; read waste/d' config || die + ./config --test-sanity || die "I AM NOT SANE" + + multilib_copy_sources +} + +multilib_src_configure() { + unset APPS #197996 + unset SCRIPTS #312551 + unset CROSS_COMPILE #311473 + + tc-export CC AR RANLIB RC + + # Clean out patent-or-otherwise-encumbered code + # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) + # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm + # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography + # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 + # RC5: Expired http://en.wikipedia.org/wiki/RC5 + + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + echoit() { echo "$@" ; "$@" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths. #460790 + local ec_nistp_64_gcc_128 + # Disable it for now though #469976 + #if ! use bindist ; then + # echo "__uint128_t i;" > "${T}"/128.c + # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + # fi + #fi + + # https://github.com/openssl/openssl/issues/2286 + if use ia64 ; then + replace-flags -g3 -g2 + replace-flags -ggdb3 -ggdb2 + fi + + local sslout=$(./gentoo.config) + einfo "Use configuration ${sslout:-(openssl knows best)}" + local config="Configure" + [[ -z ${sslout} ]] && config="config" + + echoit \ + ./${config} \ + ${sslout} \ + $(use cpu_flags_x86_sse2 || echo "no-sse2") \ + enable-camellia \ + $(use_ssl !bindist ec) \ + ${ec_nistp_64_gcc_128} \ + enable-idea \ + enable-mdc2 \ + enable-rc5 \ + enable-tlsext \ + $(use_ssl asm) \ + $(use_ssl gmp gmp -lgmp) \ + $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ + $(use_ssl rfc3779) \ + $(use_ssl sctp) \ + $(use_ssl sslv2 ssl2) \ + $(use_ssl sslv3 ssl3) \ + $(use_ssl tls-heartbeat heartbeats) \ + $(use_ssl zlib) \ + --prefix="${EPREFIX}"/usr \ + --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ + --libdir=$(get_libdir) \ + shared threads \ + || die + + # Clean out hardcoded flags that openssl uses + local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ + -e 's:^CFLAG=::' \ + -e 's:-fomit-frame-pointer ::g' \ + -e 's:-O[0-9] ::g' \ + -e 's:-march=[-a-z0-9]* ::g' \ + -e 's:-mcpu=[-a-z0-9]* ::g' \ + -e 's:-m[a-z0-9]* ::g' \ + ) + sed -i \ + -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ + -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ + Makefile || die +} + +multilib_src_compile() { + # depend is needed to use $confopts; it also doesn't matter + # that it's -j1 as the code itself serializes subdirs + emake -j1 depend + emake all + # rehash is needed to prep the certs/ dir; do this + # separately to avoid parallel build issues. + emake rehash +} + +multilib_src_test() { + emake -j1 test +} + +multilib_src_install() { + emake INSTALL_PREFIX="${D}" install +} + +multilib_src_install_all() { + # openssl installs perl version of c_rehash by default, but + # we provide a shell version via app-misc/c_rehash + rm "${ED}"/usr/bin/c_rehash || die + + dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el + dohtml -r doc/* + use rfc3779 && dodoc engines/ccgost/README.gost + + # This is crappy in that the static archives are still built even + # when USE=static-libs. But this is due to a failing in the openssl + # build system: the static archives are built as PIC all the time. + # Only way around this would be to manually configure+compile openssl + # twice; once with shared lib support enabled and once without. + use static-libs || rm -f "${ED}"/usr/lib*/lib*.a + + # create the certs directory + dodir ${SSL_CNF_DIR}/certs + cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die + rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} + + # Namespace openssl programs to prevent conflicts with other man pages + cd "${ED}"/usr/share/man + local m d s + for m in $(find . -type f | xargs grep -L '#include') ; do + d=${m%/*} ; d=${d#./} ; m=${m##*/} + [[ ${m} == openssl.1* ]] && continue + [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" + mv ${d}/{,ssl-}${m} + # fix up references to renamed man pages + sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} + ln -s ssl-${m} ${d}/openssl-${m} + # locate any symlinks that point to this man page ... we assume + # that any broken links are due to the above renaming + for s in $(find -L ${d} -type l) ; do + s=${s##*/} + rm -f ${d}/${s} + ln -s ssl-${m} ${d}/ssl-${s} + ln -s ssl-${s} ${d}/openssl-${s} + done + done + [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" + + dodir /etc/sandbox.d #254521 + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl + + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_postinst() { + ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" + c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null + eend $? +} diff --git a/dev-libs/openssl/openssl-1.0.2l.ebuild b/dev-libs/openssl/openssl-1.0.2l.ebuild new file mode 100644 index 000000000000..324313704504 --- /dev/null +++ b/dev-libs/openssl/openssl-1.0.2l.ebuild @@ -0,0 +1,254 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal + +MY_P=${P/_/-} +DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" +HOMEPAGE="http://www.openssl.org/" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" + +LICENSE="openssl" +SLOT="0" +KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" +IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" +RESTRICT="!bindist? ( bindist )" + +RDEPEND=">=app-misc/c_rehash-1.7-r1 + gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) + zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) + kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND} + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + sys-devel/bc + )" +PDEPEND="app-misc/ca-certificates" + +S="${WORKDIR}/${MY_P}" + +MULTILIB_WRAPPED_HEADERS=( + usr/include/openssl/opensslconf.h +) + +src_prepare() { + # keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 + epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch + epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch + epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch + epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028 + epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch + epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 + epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338 + + epatch_user #332661 + fi + + # disable fips in the build + # make sure the man pages are suffixed #302165 + # don't bother building man pages if they're disabled + sed -i \ + -e '/DIRS/s: fips : :g' \ + -e '/^MANSUFFIX/s:=.*:=ssl:' \ + -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ + -e $(has noman FEATURES \ + && echo '/^install:/s:install_docs::' \ + || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ + Makefile.org \ + || die + # show the actual commands in the log + sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared + + # since we're forcing $(CC) as makedep anyway, just fix + # the conditional as always-on + # helps clang (#417795), and versioned gcc (#499818) + sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die + + # quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (#417795 again) + [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments + + # allow openssl to be cross-compiled + cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die + chmod a+rx gentoo.config + + append-flags -fno-strict-aliasing + append-flags $(test-flags-CC -Wa,--noexecstack) + append-cppflags -DOPENSSL_NO_BUF_FREELISTS + + sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 + # The config script does stupid stuff to prompt the user. Kill it. + sed -i '/stty -icanon min 0 time 50; read waste/d' config || die + ./config --test-sanity || die "I AM NOT SANE" + + multilib_copy_sources +} + +multilib_src_configure() { + unset APPS #197996 + unset SCRIPTS #312551 + unset CROSS_COMPILE #311473 + + tc-export CC AR RANLIB RC + + # Clean out patent-or-otherwise-encumbered code + # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) + # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm + # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography + # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 + # RC5: Expired http://en.wikipedia.org/wiki/RC5 + + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + echoit() { echo "$@" ; "$@" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths. #460790 + local ec_nistp_64_gcc_128 + # Disable it for now though #469976 + #if ! use bindist ; then + # echo "__uint128_t i;" > "${T}"/128.c + # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + # fi + #fi + + # https://github.com/openssl/openssl/issues/2286 + if use ia64 ; then + replace-flags -g3 -g2 + replace-flags -ggdb3 -ggdb2 + fi + + local sslout=$(./gentoo.config) + einfo "Use configuration ${sslout:-(openssl knows best)}" + local config="Configure" + [[ -z ${sslout} ]] && config="config" + + echoit \ + ./${config} \ + ${sslout} \ + $(use cpu_flags_x86_sse2 || echo "no-sse2") \ + enable-camellia \ + $(use_ssl !bindist ec) \ + ${ec_nistp_64_gcc_128} \ + enable-idea \ + enable-mdc2 \ + enable-rc5 \ + enable-tlsext \ + $(use_ssl asm) \ + $(use_ssl gmp gmp -lgmp) \ + $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ + $(use_ssl rfc3779) \ + $(use_ssl sctp) \ + $(use_ssl sslv2 ssl2) \ + $(use_ssl sslv3 ssl3) \ + $(use_ssl tls-heartbeat heartbeats) \ + $(use_ssl zlib) \ + --prefix="${EPREFIX}"/usr \ + --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ + --libdir=$(get_libdir) \ + shared threads \ + || die + + # Clean out hardcoded flags that openssl uses + local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ + -e 's:^CFLAG=::' \ + -e 's:-fomit-frame-pointer ::g' \ + -e 's:-O[0-9] ::g' \ + -e 's:-march=[-a-z0-9]* ::g' \ + -e 's:-mcpu=[-a-z0-9]* ::g' \ + -e 's:-m[a-z0-9]* ::g' \ + ) + sed -i \ + -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ + -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ + Makefile || die +} + +multilib_src_compile() { + # depend is needed to use $confopts; it also doesn't matter + # that it's -j1 as the code itself serializes subdirs + emake -j1 depend + emake all + # rehash is needed to prep the certs/ dir; do this + # separately to avoid parallel build issues. + emake rehash +} + +multilib_src_test() { + emake -j1 test +} + +multilib_src_install() { + emake INSTALL_PREFIX="${D}" install +} + +multilib_src_install_all() { + # openssl installs perl version of c_rehash by default, but + # we provide a shell version via app-misc/c_rehash + rm "${ED}"/usr/bin/c_rehash || die + + dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el + dohtml -r doc/* + use rfc3779 && dodoc engines/ccgost/README.gost + + # This is crappy in that the static archives are still built even + # when USE=static-libs. But this is due to a failing in the openssl + # build system: the static archives are built as PIC all the time. + # Only way around this would be to manually configure+compile openssl + # twice; once with shared lib support enabled and once without. + use static-libs || rm -f "${ED}"/usr/lib*/lib*.a + + # create the certs directory + dodir ${SSL_CNF_DIR}/certs + cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die + rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} + + # Namespace openssl programs to prevent conflicts with other man pages + cd "${ED}"/usr/share/man + local m d s + for m in $(find . -type f | xargs grep -L '#include') ; do + d=${m%/*} ; d=${d#./} ; m=${m##*/} + [[ ${m} == openssl.1* ]] && continue + [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" + mv ${d}/{,ssl-}${m} + # fix up references to renamed man pages + sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} + ln -s ssl-${m} ${d}/openssl-${m} + # locate any symlinks that point to this man page ... we assume + # that any broken links are due to the above renaming + for s in $(find -L ${d} -type l) ; do + s=${s##*/} + rm -f ${d}/${s} + ln -s ssl-${m} ${d}/ssl-${s} + ln -s ssl-${s} ${d}/openssl-${s} + done + done + [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" + + dodir /etc/sandbox.d #254521 + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl + + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_postinst() { + ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" + c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null + eend $? +} diff --git a/dev-libs/openssl/openssl-1.1.0f.ebuild b/dev-libs/openssl/openssl-1.1.0f.ebuild new file mode 100644 index 000000000000..c8df4c143302 --- /dev/null +++ b/dev-libs/openssl/openssl-1.1.0f.ebuild @@ -0,0 +1,240 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal + +MY_P=${P/_/-} +DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" +HOMEPAGE="http://www.openssl.org/" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" + +LICENSE="openssl" +SLOT="0/1.1" # .so version of libssl/libcrypto +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" +IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib" +RESTRICT="!bindist? ( bindist )" + +RDEPEND=">=app-misc/c_rehash-1.7-r1 + zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND} + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + sys-devel/bc + )" +PDEPEND="app-misc/ca-certificates" + +S="${WORKDIR}/${MY_P}" + +MULTILIB_WRAPPED_HEADERS=( + usr/include/openssl/opensslconf.h +) + +PATCHES=( + "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 +) + +src_prepare() { + # keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + epatch "${PATCHES[@]}" + epatch_user #332661 + fi + + # make sure the man pages are suffixed #302165 + # don't bother building man pages if they're disabled + # Make DOCDIR Gentoo compliant + sed -i \ + -e '/^MANSUFFIX/s:=.*:=ssl:' \ + -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ + -e $(has noman FEATURES \ + && echo '/^install:/s:install_docs::' \ + || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ + -e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \ + Configurations/unix-Makefile.tmpl \ + || die + + # show the actual commands in the log + sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared + + # quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (#417795 again) + [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments + + # allow openssl to be cross-compiled + cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die + chmod a+rx gentoo.config + + append-flags -fno-strict-aliasing + append-flags $(test-flags-CC -Wa,--noexecstack) + append-cppflags -DOPENSSL_NO_BUF_FREELISTS + + # Prefixify Configure shebang (#141906) + sed \ + -e "1s,/usr/bin/env,${EPREFIX}&," \ + -i Configure || die + # Remove test target when FEATURES=test isn't set + if ! use test ; then + sed \ + -e '/^$config{dirs}/s@ "test",@@' \ + -i Configure || die + fi + # The config script does stupid stuff to prompt the user. Kill it. + sed -i '/stty -icanon min 0 time 50; read waste/d' config || die + ./config --test-sanity || die "I AM NOT SANE" + + multilib_copy_sources +} + +multilib_src_configure() { + unset APPS #197996 + unset SCRIPTS #312551 + unset CROSS_COMPILE #311473 + + tc-export CC AR RANLIB RC + + # Clean out patent-or-otherwise-encumbered code + # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) + # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm + # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography + # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 + # RC5: Expired http://en.wikipedia.org/wiki/RC5 + + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + echoit() { echo "$@" ; "$@" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths. #460790 + local ec_nistp_64_gcc_128 + # Disable it for now though #469976 + #if ! use bindist ; then + # echo "__uint128_t i;" > "${T}"/128.c + # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + # fi + #fi + + local sslout=$(./gentoo.config) + einfo "Use configuration ${sslout:-(openssl knows best)}" + local config="Configure" + [[ -z ${sslout} ]] && config="config" + + echoit \ + ./${config} \ + ${sslout} \ + --api=1.0.0 \ + $(use cpu_flags_x86_sse2 || echo "no-sse2") \ + enable-camellia \ + disable-deprecated \ + $(use_ssl !bindist ec) \ + ${ec_nistp_64_gcc_128} \ + enable-idea \ + enable-mdc2 \ + enable-rc5 \ + $(use_ssl asm) \ + $(use_ssl rfc3779) \ + $(use_ssl sctp) \ + $(use_ssl tls-heartbeat heartbeats) \ + $(use_ssl zlib) \ + --prefix="${EPREFIX}"/usr \ + --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ + --libdir=$(get_libdir) \ + shared threads \ + || die + + # Clean out hardcoded flags that openssl uses + # Fix quoting for sed + local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ + -e 's:^CFLAGS=::' \ + -e 's:-fomit-frame-pointer ::g' \ + -e 's:-O[0-9] ::g' \ + -e 's:-march=[-a-z0-9]* ::g' \ + -e 's:-mcpu=[-a-z0-9]* ::g' \ + -e 's:-m[a-z0-9]* ::g' \ + -e 's:\\:\\\\:g' \ + ) + sed -i \ + -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ + -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ + Makefile || die +} + +multilib_src_compile() { + # depend is needed to use $confopts; it also doesn't matter + # that it's -j1 as the code itself serializes subdirs + emake -j1 depend + emake all +} + +multilib_src_test() { + emake -j1 test +} + +multilib_src_install() { + emake DESTDIR="${D}" install +} + +multilib_src_install_all() { + # openssl installs perl version of c_rehash by default, but + # we provide a shell version via app-misc/c_rehash + rm "${ED}"/usr/bin/c_rehash || die + + dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el + dohtml -r doc/* + + # This is crappy in that the static archives are still built even + # when USE=static-libs. But this is due to a failing in the openssl + # build system: the static archives are built as PIC all the time. + # Only way around this would be to manually configure+compile openssl + # twice; once with shared lib support enabled and once without. + use static-libs || rm -f "${ED}"/usr/lib*/lib*.a + + # create the certs directory + keepdir ${SSL_CNF_DIR}/certs + + # Namespace openssl programs to prevent conflicts with other man pages + cd "${ED}"/usr/share/man + local m d s + for m in $(find . -type f | xargs grep -L '#include') ; do + d=${m%/*} ; d=${d#./} ; m=${m##*/} + [[ ${m} == openssl.1* ]] && continue + [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" + mv ${d}/{,ssl-}${m} + # fix up references to renamed man pages + sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} + ln -s ssl-${m} ${d}/openssl-${m} + # locate any symlinks that point to this man page ... we assume + # that any broken links are due to the above renaming + for s in $(find -L ${d} -type l) ; do + s=${s##*/} + rm -f ${d}/${s} + ln -s ssl-${m} ${d}/ssl-${s} + ln -s ssl-${s} ${d}/openssl-${s} + done + done + [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" + + dodir /etc/sandbox.d #254521 + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl + + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_postinst() { + ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" + c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null + eend $? +} -- cgit v1.2.3