diff options
Diffstat (limited to 'dev-libs/openssl')
17 files changed, 0 insertions, 2585 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest deleted file mode 100644 index ccf2ca86..00000000 --- a/dev-libs/openssl/Manifest +++ /dev/null @@ -1,2 +0,0 @@ -DIST openssl-1.0.1g.tar.gz 4509047 SHA256 53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 SHA512 66ebbad3c8ad98a07b486d39d0c3ae62b00133f8f2877cf8b97c461e7c7f40b29cf9c3cae82cf73a92dcf1daa63d33aa76c910fbcbe60158589fc7cb48f41e6d WHIRLPOOL 6bfb30d1f41b051f794e2eb80ad9116b064f6d464c22698538c4e16b85739b80744387ca160fd1a86b92814b5b1b3fc7d0658a709942b7b31b198da8cce37056 -DIST openssl-c_rehash.sh.1.7 4167 SHA256 4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0 SHA512 55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da WHIRLPOOL c88f06a3b8651f76b6289552cccceb64e13f6697c5f0ce3ff114c781ce1c218912b8ee308af9d087cd76a9600fdacda1953175bff07d7d3eb21b0c0b7f4f1ce1 diff --git a/dev-libs/openssl/files/gentoo.config-1.0.1 b/dev-libs/openssl/files/gentoo.config-1.0.1 deleted file mode 100755 index bbc1aa95..00000000 --- a/dev-libs/openssl/files/gentoo.config-1.0.1 +++ /dev/null @@ -1,160 +0,0 @@ -#!/usr/bin/env bash -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/files/gentoo.config-1.0.1,v 1.1 2013/05/21 17:53:19 vapier Exp $ -# -# Openssl doesn't play along nicely with cross-compiling -# like autotools based projects, so let's teach it new tricks. -# -# Review the bundled 'config' script to see why kind of targets -# we can pass to the 'Configure' script. - - -# Testing routines -if [[ $1 == "test" ]] ; then - for c in \ - "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \ - "armv5b-linux-gnu |linux-armv4 -DB_ENDIAN" \ - "x86_64-pc-linux-gnu |linux-x86_64" \ - "alpha-linux-gnu |linux-alpha-gcc" \ - "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \ - "i686-pc-linux-gnu |linux-elf" \ - "whatever-gentoo-freebsdX.Y |BSD-generic32" \ - "i686-gentoo-freebsdX.Y |BSD-x86-elf" \ - "sparc64-alpha-freebsdX.Y |BSD-sparc64" \ - "ia64-gentoo-freebsd5.99234 |BSD-ia64" \ - "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \ - "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \ - "powerpc-gentOO-linux-uclibc |linux-ppc" \ - "powerpc64-unk-linux-gnu |linux-ppc64" \ - "x86_64-apple-darwinX |darwin64-x86_64-cc" \ - "powerpc64-apple-darwinX |darwin64-ppc-cc" \ - "i686-apple-darwinX |darwin-i386-cc" \ - "i386-apple-darwinX |darwin-i386-cc" \ - "powerpc-apple-darwinX |darwin-ppc-cc" \ - "i586-pc-winnt |winnt-parity" \ - "s390-ibm-linux-gnu |linux-generic32 -DB_ENDIAN" \ - "s390x-linux-gnu |linux64-s390x" \ - ;do - CHOST=${c/|*} - ret_want=${c/*|} - ret_got=$(CHOST=${CHOST} "$0") - - if [[ ${ret_want} == "${ret_got}" ]] ; then - echo "PASS: ${CHOST}" - else - echo "FAIL: ${CHOST}" - echo -e "\twanted: ${ret_want}" - echo -e "\twe got: ${ret_got}" - fi - done - exit 0 -fi -[[ -z ${CHOST} && -n $1 ]] && CHOST=$1 - - -# Detect the operating system -case ${CHOST} in - *-aix*) system="aix";; - *-darwin*) system="darwin";; - *-freebsd*) system="BSD";; - *-hpux*) system="hpux";; - *-linux*) system="linux";; - *-solaris*) system="solaris";; - *-winnt*) system="winnt";; - x86_64-*-mingw*) system="mingw64";; - *mingw*) system="mingw";; - *) exit 0;; -esac - - -# Compiler munging -compiler="gcc" -if [[ ${CC} == "ccc" ]] ; then - compiler=${CC} -fi - - -# Detect target arch -machine="" -chost_machine=${CHOST%%-*} -case ${system} in -linux) - case ${chost_machine}:${ABI} in - alphaev56*|\ - alphaev[678]*)machine=alpha+bwx-${compiler};; - alpha*) machine=alpha-${compiler};; - armv[4-9]*b*) machine="armv4 -DB_ENDIAN";; - armv[4-9]*) machine="armv4 -DL_ENDIAN";; - arm*b*) machine="generic32 -DB_ENDIAN";; - arm*) machine="generic32 -DL_ENDIAN";; - avr*) machine="generic32 -DL_ENDIAN";; - bfin*) machine="generic32 -DL_ENDIAN";; - # hppa64*) machine=parisc64;; - hppa*) machine="generic32 -DB_ENDIAN";; - i[0-9]86*|\ - x86_64*:x86) machine=elf;; - ia64*) machine=ia64;; - m68*) machine="generic32 -DB_ENDIAN";; - mips*el*) machine="generic32 -DL_ENDIAN";; - mips*) machine="generic32 -DB_ENDIAN";; - powerpc64*) machine=ppc64;; - powerpc*) machine=ppc;; - # sh64*) machine=elf;; - sh*b*) machine="generic32 -DB_ENDIAN";; - sh*) machine="generic32 -DL_ENDIAN";; - sparc*v7*) machine="generic32 -DB_ENDIAN";; - sparc64*) machine=sparcv9;; - sparc*) machine=sparcv8;; - s390x*) machine=s390x system=linux64;; - s390*) machine="generic32 -DB_ENDIAN";; - x86_64*:x32) machine=x32;; - x86_64*) machine=x86_64;; - esac - ;; -BSD) - case ${chost_machine} in - alpha*) machine=generic64;; - i[6-9]86*) machine=x86-elf;; - ia64*) machine=ia64;; - sparc64*) machine=sparc64;; - x86_64*) machine=x86_64;; - *) machine=generic32;; - esac - ;; -aix) - machine=${compiler} - ;; -darwin) - case ${chost_machine} in - powerpc64) machine=ppc-cc; system=${system}64;; - powerpc) machine=ppc-cc;; - i?86*) machine=i386-cc;; - x86_64) machine=x86_64-cc; system=${system}64;; - esac - ;; -hpux) - case ${chost_machine} in - ia64) machine=ia64-${compiler} ;; - esac - ;; -solaris) - case ${chost_machine} in - i386) machine=x86-${compiler} ;; - x86_64*) machine=x86_64-${compiler}; system=${system}64;; - sparcv9*) machine=sparcv9-${compiler}; system=${system}64;; - sparc*) machine=sparcv8-${compiler};; - esac - ;; -winnt) - machine=parity - ;; -mingw*) - # special case ... no xxx-yyy style name - echo ${system} - ;; -esac - - -# If we have something, show it -[[ -n ${machine} ]] && echo ${system}-${machine} diff --git a/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch b/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch deleted file mode 100644 index c0b3bc3f..00000000 --- a/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch +++ /dev/null @@ -1,23 +0,0 @@ -http://bugs.gentoo.org/327421 - ---- Makefile.org -+++ Makefile.org -@@ -189,6 +189,7 @@ - MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \ - DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \ - MAKEDEPPROG='$(MAKEDEPPROG)' \ -+ LDFLAGS='${LDFLAGS}' \ - SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \ - KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \ - ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \ ---- Makefile.shared -+++ Makefile.shared -@@ -153,7 +153,7 @@ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - --DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" -+DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)" - - #This is rather special. It's a special target with which one can link - #applications without bothering with any features that have anything to diff --git a/dev-libs/openssl/files/openssl-1.0.0d-windres.patch b/dev-libs/openssl/files/openssl-1.0.0d-windres.patch deleted file mode 100644 index 3f889807..00000000 --- a/dev-libs/openssl/files/openssl-1.0.0d-windres.patch +++ /dev/null @@ -1,76 +0,0 @@ -URL: http://rt.openssl.org/Ticket/Display.html?id=2558 -Subject: make windres controllable via build env var settings - -atm, the windres code in openssl is only usable via the cross-compile prefix -option unlike all the other build tools. so add support for the standard $RC -/ $WINDRES env vars as well. - -Index: Configure -=================================================================== -RCS file: /usr/local/src/openssl/CVSROOT/openssl/Configure,v -retrieving revision 1.621.2.40 -diff -u -p -r1.621.2.40 Configure ---- Configure 30 Nov 2010 22:19:26 -0000 1.621.2.40 -+++ Configure 4 Jul 2011 23:12:32 -0000 -@@ -1094,6 +1094,7 @@ my $shared_extension = $fields[$idx_shar - my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib]; - my $ar = $ENV{'AR'} || "ar"; - my $arflags = $fields[$idx_arflags]; -+my $windres = $ENV{'RC'} || $ENV{'WINDRES'} || "windres"; - my $multilib = $fields[$idx_multilib]; - - # if $prefix/lib$multilib is not an existing directory, then -@@ -1511,12 +1512,14 @@ while (<IN>) - s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/; - s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/; - s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; -+ s/^WINDRES=\s*/WINDRES= \$\(CROSS_COMPILE\)/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc"; - } - else { - s/^CC=.*$/CC= $cc/; - s/^AR=\s*ar/AR= $ar/; - s/^RANLIB=.*/RANLIB= $ranlib/; -+ s/^WINDRES=.*/WINDRES= $windres/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; - } - s/^CFLAG=.*$/CFLAG= $cflags/; -Index: Makefile.org -=================================================================== -RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.org,v -retrieving revision 1.295.2.10 -diff -u -p -r1.295.2.10 Makefile.org ---- Makefile.org 27 Jan 2010 16:06:58 -0000 1.295.2.10 -+++ Makefile.org 4 Jul 2011 23:13:08 -0000 -@@ -66,6 +66,7 @@ EXE_EXT= - ARFLAGS= - AR=ar $(ARFLAGS) r - RANLIB= ranlib -+WINDRES= windres - NM= nm - PERL= perl - TAR= tar -@@ -180,6 +181,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS - CC='$(CC)' CFLAG='$(CFLAG)' \ - AS='$(CC)' ASFLAG='$(CFLAG) -c' \ - AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \ -+ WINDRES='$(WINDRES)' \ - CROSS_COMPILE='$(CROSS_COMPILE)' \ - PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \ - SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \ -Index: Makefile.shared -=================================================================== -RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.shared,v -retrieving revision 1.72.2.4 -diff -u -p -r1.72.2.4 Makefile.shared ---- Makefile.shared 21 Aug 2010 11:36:49 -0000 1.72.2.4 -+++ Makefile.shared 4 Jul 2011 23:13:52 -0000 -@@ -293,7 +293,7 @@ link_a.cygwin: - fi; \ - dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \ - $(PERL) util/mkrc.pl $$dll_name | \ -- $(CROSS_COMPILE)windres -o rc.o; \ -+ $(WINDRES) -o rc.o; \ - extras="$$extras rc.o"; \ - ALLSYMSFLAGS='-Wl,--whole-archive'; \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ diff --git a/dev-libs/openssl/files/openssl-1.0.0h-pkg-config.patch b/dev-libs/openssl/files/openssl-1.0.0h-pkg-config.patch deleted file mode 100644 index 6c021825..00000000 --- a/dev-libs/openssl/files/openssl-1.0.0h-pkg-config.patch +++ /dev/null @@ -1,32 +0,0 @@ -depend on other pc files rather than encoding library info directly in -every pkg-config file - ---- a/Makefile.org -+++ b/Makefile.org -@@ -335,11 +335,11 @@ libssl.pc: Makefile - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ - echo 'includedir=$${prefix}/include'; \ - echo ''; \ -- echo 'Name: OpenSSL'; \ -+ echo 'Name: OpenSSL-libssl'; \ - echo 'Description: Secure Sockets Layer and cryptography libraries'; \ - echo 'Version: '$(VERSION); \ -- echo 'Requires: '; \ -- echo 'Libs: -L$${libdir} -lssl -lcrypto'; \ -+ echo 'Requires.private: libcrypto'; \ -+ echo 'Libs: -L$${libdir} -lssl'; \ - echo 'Libs.private: $(EX_LIBS)'; \ - echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc - -@@ -352,10 +353,7 @@ openssl.pc: Makefile - echo 'Name: OpenSSL'; \ - echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ - echo 'Version: '$(VERSION); \ -- echo 'Requires: '; \ -- echo 'Libs: -L$${libdir} -lssl -lcrypto'; \ -- echo 'Libs.private: $(EX_LIBS)'; \ -- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc -+ echo 'Requires: libssl libcrypto' ) > openssl.pc - - Makefile: Makefile.org Configure config - @echo "Makefile is older than Makefile.org, Configure or config." diff --git a/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch deleted file mode 100644 index 19f859ab..00000000 --- a/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch +++ /dev/null @@ -1,354 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=2084 - ---- a/Makefile.org -+++ b/Makefile.org -@@ -247,17 +247,17 @@ - build_libs: build_crypto build_ssl build_engines - - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) --build_ssl: -+build_ssl: build_crypto -- @dir=ssl; target=all; $(BUILD_ONE_CMD) -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) --build_engines: -+build_engines: build_crypto -- @dir=engines; target=all; $(BUILD_ONE_CMD) -+ +@dir=engines; target=all; $(BUILD_ONE_CMD) --build_apps: -+build_apps: build_libs -- @dir=apps; target=all; $(BUILD_ONE_CMD) -+ +@dir=apps; target=all; $(BUILD_ONE_CMD) --build_tests: -+build_tests: build_libs -- @dir=test; target=all; $(BUILD_ONE_CMD) -+ +@dir=test; target=all; $(BUILD_ONE_CMD) --build_tools: -+build_tools: build_libs -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ +@dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -@@ -497,9 +497,9 @@ - dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) - --install: all install_docs install_sw -+install: install_docs install_sw - --install_sw: -+install_dirs: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -@@ -508,6 +508,13 @@ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private -+ @$(PERL) $(TOP)/util/mkdir-p.pl \ -+ $(INSTALL_PREFIX)$(MANDIR)/man1 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man3 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man5 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man7 -+ -+install_sw: install_dirs - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ -@@ -511,7 +511,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @set -e; target=install; $(RECURSIVE_BUILD_CMD) -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ -@@ -593,12 +600,7 @@ - done; \ - done - --install_docs: -- @$(PERL) $(TOP)/util/mkdir-p.pl \ -- $(INSTALL_PREFIX)$(MANDIR)/man1 \ -- $(INSTALL_PREFIX)$(MANDIR)/man3 \ -- $(INSTALL_PREFIX)$(MANDIR)/man5 \ -- $(INSTALL_PREFIX)$(MANDIR)/man7 -+install_docs: install_dirs - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ - here="`pwd`"; \ - filecase=; \ ---- a/Makefile.shared -+++ b/Makefile.shared -@@ -105,6 +105,7 @@ LINK_SO= \ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -@@ -122,6 +124,7 @@ SYMLINK_SO= \ - done; \ - fi; \ - if [ -n "$$SHLIB_SOVER" ]; then \ -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ - fi; \ ---- a/crypto/Makefile -+++ b/crypto/Makefile -@@ -85,11 +85,11 @@ - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - - subdirs: -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -- @target=files; $(RECURSIVE_MAKE) -+ +@target=files; $(RECURSIVE_MAKE) - - links: - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -100,7 +100,7 @@ - # lib: $(LIB): are splitted to avoid end-less loop - lib: $(LIB) - @touch lib --$(LIB): $(LIBOBJ) -+$(LIB): $(LIBOBJ) | subdirs - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - -@@ -110,7 +110,7 @@ - fi - - libs: -- @target=lib; $(RECURSIVE_MAKE) -+ +@target=lib; $(RECURSIVE_MAKE) - - install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -119,7 +119,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - lint: - @target=lint; $(RECURSIVE_MAKE) ---- a/engines/Makefile -+++ b/engines/Makefile -@@ -72,7 +72,7 @@ - - all: lib subdirs - --lib: $(LIBOBJ) -+lib: $(LIBOBJ) | subdirs - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ - - subdirs: - echo $(EDIRS) -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -@@ -128,7 +128,7 @@ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - tags: - ctags $(SRC) ---- a/test/Makefile -+++ b/test/Makefile -@@ -123,7 +123,7 @@ - tags: - ctags $(SRC) - --tests: exe apps $(TESTS) -+tests: exe $(TESTS) - - apps: - @(cd ..; $(MAKE) DIRS=apps all) -@@ -365,109 +365,109 @@ - link_app.$${shlib_target} - - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) -- @target=$(RSATEST); $(BUILD_CMD) -+ +@target=$(RSATEST); $(BUILD_CMD) - - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) -- @target=$(BNTEST); $(BUILD_CMD) -+ +@target=$(BNTEST); $(BUILD_CMD) - - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) -- @target=$(ECTEST); $(BUILD_CMD) -+ +@target=$(ECTEST); $(BUILD_CMD) - - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) -- @target=$(EXPTEST); $(BUILD_CMD) -+ +@target=$(EXPTEST); $(BUILD_CMD) - - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) -- @target=$(IDEATEST); $(BUILD_CMD) -+ +@target=$(IDEATEST); $(BUILD_CMD) - - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) -- @target=$(MD2TEST); $(BUILD_CMD) -+ +@target=$(MD2TEST); $(BUILD_CMD) - - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) -- @target=$(SHATEST); $(BUILD_CMD) -+ +@target=$(SHATEST); $(BUILD_CMD) - - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) -- @target=$(SHA1TEST); $(BUILD_CMD) -+ +@target=$(SHA1TEST); $(BUILD_CMD) - - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) -- @target=$(SHA256TEST); $(BUILD_CMD) -+ +@target=$(SHA256TEST); $(BUILD_CMD) - - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) -- @target=$(SHA512TEST); $(BUILD_CMD) -+ +@target=$(SHA512TEST); $(BUILD_CMD) - - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) -- @target=$(RMDTEST); $(BUILD_CMD) -+ +@target=$(RMDTEST); $(BUILD_CMD) - - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) -- @target=$(MDC2TEST); $(BUILD_CMD) -+ +@target=$(MDC2TEST); $(BUILD_CMD) - - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) -- @target=$(MD4TEST); $(BUILD_CMD) -+ +@target=$(MD4TEST); $(BUILD_CMD) - - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) -- @target=$(MD5TEST); $(BUILD_CMD) -+ +@target=$(MD5TEST); $(BUILD_CMD) - - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) -- @target=$(HMACTEST); $(BUILD_CMD) -+ +@target=$(HMACTEST); $(BUILD_CMD) - - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) -- @target=$(WPTEST); $(BUILD_CMD) -+ +@target=$(WPTEST); $(BUILD_CMD) - - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) -- @target=$(RC2TEST); $(BUILD_CMD) -+ +@target=$(RC2TEST); $(BUILD_CMD) - - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) -- @target=$(BFTEST); $(BUILD_CMD) -+ +@target=$(BFTEST); $(BUILD_CMD) - - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) -- @target=$(CASTTEST); $(BUILD_CMD) -+ +@target=$(CASTTEST); $(BUILD_CMD) - - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) -- @target=$(RC4TEST); $(BUILD_CMD) -+ +@target=$(RC4TEST); $(BUILD_CMD) - - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) -- @target=$(RC5TEST); $(BUILD_CMD) -+ +@target=$(RC5TEST); $(BUILD_CMD) - - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) -- @target=$(DESTEST); $(BUILD_CMD) -+ +@target=$(DESTEST); $(BUILD_CMD) - - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) -- @target=$(RANDTEST); $(BUILD_CMD) -+ +@target=$(RANDTEST); $(BUILD_CMD) - - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) -- @target=$(DHTEST); $(BUILD_CMD) -+ +@target=$(DHTEST); $(BUILD_CMD) - - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) -- @target=$(DSATEST); $(BUILD_CMD) -+ +@target=$(DSATEST); $(BUILD_CMD) - - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) -- @target=$(METHTEST); $(BUILD_CMD) -+ +@target=$(METHTEST); $(BUILD_CMD) - - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) -- @target=$(SSLTEST); $(FIPS_BUILD_CMD) -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) - - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) -- @target=$(ENGINETEST); $(BUILD_CMD) -+ +@target=$(ENGINETEST); $(BUILD_CMD) - - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) -- @target=$(EVPTEST); $(BUILD_CMD) -+ +@target=$(EVPTEST); $(BUILD_CMD) - - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) -- @target=$(ECDSATEST); $(BUILD_CMD) -+ +@target=$(ECDSATEST); $(BUILD_CMD) - - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) -- @target=$(ECDHTEST); $(BUILD_CMD) -+ +@target=$(ECDHTEST); $(BUILD_CMD) - - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) -- @target=$(IGETEST); $(BUILD_CMD) -+ +@target=$(IGETEST); $(BUILD_CMD) - - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) -- @target=$(JPAKETEST); $(BUILD_CMD) -+ +@target=$(JPAKETEST); $(BUILD_CMD) - - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) -- @target=$(ASN1TEST); $(BUILD_CMD) -+ +@target=$(ASN1TEST); $(BUILD_CMD) - - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) -- @target=$(SRPTEST); $(BUILD_CMD) -+ +@target=$(SRPTEST); $(BUILD_CMD) - - #$(AESTEST).o: $(AESTEST).c - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -480,7 +480,7 @@ - # fi - - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) -- @target=dummytest; $(BUILD_CMD) -+ +@target=dummytest; $(BUILD_CMD) - - # DO NOT DELETE THIS LINE -- make depend depends on it. - ---- a/crypto/objects/Makefile -+++ b/crypto/objects/Makefile -@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h - # objects.pl both reads and writes obj_mac.num - obj_mac.h: objects.pl objects.txt obj_mac.num - $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h -- @sleep 1; touch obj_mac.h; sleep 1 - --obj_xref.h: objxref.pl obj_xref.txt obj_mac.num -+# This doesn't really need obj_mac.h, but since that rule reads & writes -+# obj_mac.num, we can't run in parallel with it. -+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h - $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h -- @sleep 1; touch obj_xref.h; sleep 1 - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/dev-libs/openssl/files/openssl-1.0.1-x32.patch b/dev-libs/openssl/files/openssl-1.0.1-x32.patch deleted file mode 100644 index 5106cb6e..00000000 --- a/dev-libs/openssl/files/openssl-1.0.1-x32.patch +++ /dev/null @@ -1,79 +0,0 @@ -http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=51bfed2e26fc13a66e8b5710aa2ce1d7a04af721 - -UpstreamStatus: Pending - -Received from H J Liu @ Intel -Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors. -Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13 - -ported the patch to the 1.0.0e version -Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01 -Index: openssl-1.0.0e/Configure -=================================================================== ---- openssl-1.0.0e.orig/Configure -+++ openssl-1.0.0e/Configure -@@ -393,6 +393,7 @@ my %table=( - "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-x32", "gcc:-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "dist", "cc:-O::(unknown)::::::", - - # Basic configs that should work on any (32 and less bit) box -Index: openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c -=================================================================== ---- openssl-1.0.0e.orig/crypto/bn/asm/x86_64-gcc.c -+++ openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c -@@ -55,7 +55,7 @@ - * machine. - */ - --#ifdef _WIN64 -+#if defined _WIN64 || !defined __LP64__ - #define BN_ULONG unsigned long long - #else - #define BN_ULONG unsigned long -@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con - asm ( - " subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " adcq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " adcq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n" -@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con - asm ( - " subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " sbbq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " sbbq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n" -Index: openssl-1.0.0e/crypto/bn/bn.h -=================================================================== ---- openssl-1.0.0e.orig/crypto/bn/bn.h -+++ openssl-1.0.0e/crypto/bn/bn.h -@@ -172,6 +172,13 @@ extern "C" { - # endif - #endif - -+/* Address type. */ -+#ifdef _WIN64 -+#define BN_ADDR unsigned long long -+#else -+#define BN_ADDR unsigned long -+#endif -+ - /* assuming long is 64bit - this is the DEC Alpha - * unsigned long long is only 64 bits :-(, don't define - * BN_LLONG for the DEC Alpha */ diff --git a/dev-libs/openssl/files/openssl-1.0.1e-bad-mac-aes-ni.patch b/dev-libs/openssl/files/openssl-1.0.1e-bad-mac-aes-ni.patch deleted file mode 100644 index 4422a62c..00000000 --- a/dev-libs/openssl/files/openssl-1.0.1e-bad-mac-aes-ni.patch +++ /dev/null @@ -1,35 +0,0 @@ -https://bugs.gentoo.org/463444 - -From 9ab3ce124616cb12bd39c6aa1e1bde0f46969b29 Mon Sep 17 00:00:00 2001 -From: Andy Polyakov <appro@openssl.org> -Date: Mon, 18 Mar 2013 19:29:41 +0100 -Subject: [PATCH] e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI - plaforms. - -PR: 3002 -(cherry picked from commit 5c60046553716fcf160718f59160493194f212dc) ---- - crypto/evp/e_aes_cbc_hmac_sha1.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c -index 483e04b..fb2c884 100644 ---- a/crypto/evp/e_aes_cbc_hmac_sha1.c -+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c -@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - - if (res!=SHA_CBLOCK) continue; - -- mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1)); -+ /* j is not incremented yet */ -+ mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1)); - data->u[SHA_LBLOCK-1] |= bitlen&mask; - sha1_block_data_order(&key->md,data,1); -- mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1)); -+ mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1)); - pmac->u[0] |= key->md.h0 & mask; - pmac->u[1] |= key->md.h1 & mask; - pmac->u[2] |= key->md.h2 & mask; --- -1.8.2.1 - diff --git a/dev-libs/openssl/files/openssl-1.0.1e-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.1e-ipv6.patch deleted file mode 100644 index 521cfb5e..00000000 --- a/dev-libs/openssl/files/openssl-1.0.1e-ipv6.patch +++ /dev/null @@ -1,656 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=2051 -user/pass: guest/guest - -Index: apps/s_apps.h -=================================================================== -RCS file: /v/openssl/cvs/openssl/apps/s_apps.h,v -retrieving revision 1.21.2.1 -diff -u -r1.21.2.1 s_apps.h ---- apps/s_apps.h 4 Sep 2009 17:42:04 -0000 1.21.2.1 -+++ apps/s_apps.h 28 Dec 2011 00:28:14 -0000 -@@ -148,7 +148,7 @@ - #define PORT_STR "4433" - #define PROTOCOL "tcp" - --int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); -+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6); - #ifdef HEADER_X509_H - int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); - #endif -@@ -156,7 +156,7 @@ - int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); - int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); - #endif --int init_client(int *sock, char *server, int port, int type); -+int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6); - int should_retry(int i); - int extract_port(char *str, short *port_ptr); - int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); -Index: apps/s_client.c -=================================================================== -RCS file: /v/openssl/cvs/openssl/apps/s_client.c,v -retrieving revision 1.123.2.6.2.10 -diff -u -r1.123.2.6.2.10 s_client.c ---- apps/s_client.c 14 Dec 2011 22:18:02 -0000 1.123.2.6.2.10 -+++ apps/s_client.c 28 Dec 2011 00:28:14 -0000 -@@ -285,6 +285,10 @@ - { - BIO_printf(bio_err,"usage: s_client args\n"); - BIO_printf(bio_err,"\n"); -+ BIO_printf(bio_err," -4 - use IPv4 only\n"); -+#if OPENSSL_USE_IPV6 -+ BIO_printf(bio_err," -6 - use IPv6 only\n"); -+#endif - BIO_printf(bio_err," -host host - use -connect instead\n"); - BIO_printf(bio_err," -port port - use -connect instead\n"); - BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); -@@ -564,6 +567,7 @@ - int sbuf_len,sbuf_off; - fd_set readfds,writefds; - short port=PORT; -+ int use_ipv4, use_ipv6; - int full_log=1; - char *host=SSL_HOST_NAME; - char *cert_file=NULL,*key_file=NULL; -@@ -609,7 +613,11 @@ - #endif - char *sess_in = NULL; - char *sess_out = NULL; -- struct sockaddr peer; -+#if OPENSSL_USE_IPV6 -+ struct sockaddr_storage peer; -+#else -+ struct sockaddr_in peer; -+#endif - int peerlen = sizeof(peer); - int enable_timeouts = 0 ; - long socket_mtu = 0; -@@ -630,6 +638,12 @@ - meth=SSLv2_client_method(); - #endif - -+ use_ipv4 = 1; -+#if OPENSSL_USE_IPV6 -+ use_ipv6 = 1; -+#else -+ use_ipv6 = 0; -+#endif - apps_startup(); - c_Pause=0; - c_quiet=0; -@@ -951,6 +961,18 @@ - jpake_secret = *++argv; - } - #endif -+ else if (strcmp(*argv,"-4") == 0) -+ { -+ use_ipv4 = 1; -+ use_ipv6 = 0; -+ } -+#if OPENSSL_USE_IPV6 -+ else if (strcmp(*argv,"-6") == 0) -+ { -+ use_ipv4 = 0; -+ use_ipv6 = 1; -+ } -+#endif - #ifndef OPENSSL_NO_SRTP - else if (strcmp(*argv,"-use_srtp") == 0) - { -@@ -1259,7 +1276,7 @@ - - re_start: - -- if (init_client(&s,host,port,socket_type) == 0) -+ if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0) - { - BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); - SHUTDOWN(s); -@@ -1285,7 +1302,7 @@ - { - - sbio=BIO_new_dgram(s,BIO_NOCLOSE); -- if (getsockname(s, &peer, (void *)&peerlen) < 0) -+ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) - { - BIO_printf(bio_err, "getsockname:errno=%d\n", - get_last_socket_error()); -=================================================================== -RCS file: /v/openssl/cvs/openssl/apps/s_server.c,v -retrieving revision 1.136.2.15.2.13 -diff -u -r1.136.2.15.2.13 s_server.c ---- apps/s_server.c 27 Dec 2011 14:23:22 -0000 1.136.2.15.2.13 -+++ apps/s_server.c 28 Dec 2011 00:28:14 -0000 -@@ -558,6 +558,10 @@ - # endif - BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list"); - #endif -+ BIO_printf(bio_err," -4 - use IPv4 only\n"); -+#if OPENSSL_USE_IPV6 -+ BIO_printf(bio_err," -6 - use IPv6 only\n"); -+#endif - BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); - BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); - } -@@ -943,6 +947,7 @@ - int state=0; - const SSL_METHOD *meth=NULL; - int socket_type=SOCK_STREAM; -+ int use_ipv4, use_ipv6; - ENGINE *e=NULL; - char *inrand=NULL; - int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; -@@ -981,6 +986,12 @@ - /* #error no SSL version enabled */ - #endif - -+ use_ipv4 = 1; -+#if OPENSSL_USE_IPV6 -+ use_ipv6 = 1; -+#else -+ use_ipv6 = 0; -+#endif - local_argc=argc; - local_argv=argv; - -@@ -1329,6 +1340,18 @@ - jpake_secret = *(++argv); - } - #endif -+ else if (strcmp(*argv,"-4") == 0) -+ { -+ use_ipv4 = 1; -+ use_ipv6 = 0; -+ } -+#if OPENSSL_USE_IPV6 -+ else if (strcmp(*argv,"-6") == 0) -+ { -+ use_ipv4 = 0; -+ use_ipv6 = 1; -+ } -+#endif - #ifndef OPENSSL_NO_SRTP - else if (strcmp(*argv,"-use_srtp") == 0) - { -@@ -1884,9 +1907,9 @@ - BIO_printf(bio_s_out,"ACCEPT\n"); - (void)BIO_flush(bio_s_out); - if (www) -- do_server(port,socket_type,&accept_socket,www_body, context); -+ do_server(port,socket_type,&accept_socket,www_body, context, use_ipv4, use_ipv6); - else -- do_server(port,socket_type,&accept_socket,sv_body, context); -+ do_server(port,socket_type,&accept_socket,sv_body, context, use_ipv4, use_ipv6); - print_stats(bio_s_out,ctx); - ret=0; - end: -Index: apps/s_socket.c -=================================================================== -RCS file: /v/openssl/cvs/openssl/apps/s_socket.c,v -retrieving revision 1.43.2.3.2.2 -diff -u -r1.43.2.3.2.2 s_socket.c ---- apps/s_socket.c 2 Dec 2011 14:39:40 -0000 1.43.2.3.2.2 -+++ apps/s_socket.c 28 Dec 2011 00:28:14 -0000 -@@ -97,16 +97,16 @@ - #include "netdb.h" - #endif - --static struct hostent *GetHostByName(char *name); -+static struct hostent *GetHostByName(char *name, int domain); - #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) - static void ssl_sock_cleanup(void); - #endif - static int ssl_sock_init(void); --static int init_client_ip(int *sock,unsigned char ip[4], int port, int type); --static int init_server(int *sock, int port, int type); --static int init_server_long(int *sock, int port,char *ip, int type); -+static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain); -+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6); -+static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6); - static int do_accept(int acc_sock, int *sock, char **host); --static int host_ip(char *str, unsigned char ip[4]); -+static int host_ip(char *str, unsigned char *ip, int domain); - - #ifdef OPENSSL_SYS_WIN16 - #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ -@@ -234,38 +234,68 @@ - return(1); - } - --int init_client(int *sock, char *host, int port, int type) -+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6) - { -+#if OPENSSL_USE_IPV6 -+ unsigned char ip[16]; -+#else - unsigned char ip[4]; -+#endif - -- memset(ip, '\0', sizeof ip); -- if (!host_ip(host,&(ip[0]))) -- return 0; -- return init_client_ip(sock,ip,port,type); -- } -- --static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) -- { -- unsigned long addr; -+ if (use_ipv4) -+ if (host_ip(host,ip,AF_INET)) -+ return(init_client_ip(sock,ip,port,type,AF_INET)); -+#if OPENSSL_USE_IPV6 -+ if (use_ipv6) -+ if (host_ip(host,ip,AF_INET6)) -+ return(init_client_ip(sock,ip,port,type,AF_INET6)); -+#endif -+ return 0; -+ } -+ -+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain) -+ { -+#if OPENSSL_USE_IPV6 -+ struct sockaddr_storage them; -+ struct sockaddr_in *them_in = (struct sockaddr_in *)&them; -+ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them; -+#else - struct sockaddr_in them; -+ struct sockaddr_in *them_in = &them; -+#endif -+ socklen_t addr_len; - int s,i; - - if (!ssl_sock_init()) return(0); - - memset((char *)&them,0,sizeof(them)); -- them.sin_family=AF_INET; -- them.sin_port=htons((unsigned short)port); -- addr=(unsigned long) -- ((unsigned long)ip[0]<<24L)| -- ((unsigned long)ip[1]<<16L)| -- ((unsigned long)ip[2]<< 8L)| -- ((unsigned long)ip[3]); -- them.sin_addr.s_addr=htonl(addr); -+ if (domain == AF_INET) -+ { -+ addr_len = (socklen_t)sizeof(struct sockaddr_in); -+ them_in->sin_family=AF_INET; -+ them_in->sin_port=htons((unsigned short)port); -+#ifndef BIT_FIELD_LIMITS -+ memcpy(&them_in->sin_addr.s_addr, ip, 4); -+#else -+ memcpy(&them_in->sin_addr, ip, 4); -+#endif -+ } -+ else -+#if OPENSSL_USE_IPV6 -+ { -+ addr_len = (socklen_t)sizeof(struct sockaddr_in6); -+ them_in6->sin6_family=AF_INET6; -+ them_in6->sin6_port=htons((unsigned short)port); -+ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr)); -+ } -+#else -+ return(0); -+#endif - - if (type == SOCK_STREAM) -- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); -+ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL); - else /* ( type == SOCK_DGRAM) */ -- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP); -+ s=socket(domain,SOCK_DGRAM,IPPROTO_UDP); - - if (s == INVALID_SOCKET) { perror("socket"); return(0); } - -@@ -277,29 +315,27 @@ - if (i < 0) { perror("keepalive"); return(0); } - } - #endif -- -- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) -+ if (connect(s,(struct sockaddr *)&them,addr_len) == -1) - { closesocket(s); perror("connect"); return(0); } - *sock=s; - return(1); - } - --int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) -+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6) - { - int sock; - char *name = NULL; - int accept_socket = 0; - int i; - -- if (!init_server(&accept_socket,port,type)) return(0); -- -+ if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0); - if (ret != NULL) - { - *ret=accept_socket; - /* return(1);*/ - } -- for (;;) -- { -+ for (;;) -+ { - if (type==SOCK_STREAM) - { - if (do_accept(accept_socket,&sock,&name) == 0) -@@ -322,41 +358,88 @@ - } - } - --static int init_server_long(int *sock, int port, char *ip, int type) -+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6) - { - int ret=0; -+ int domain; -+#if OPENSSL_USE_IPV6 -+ struct sockaddr_storage server; -+ struct sockaddr_in *server_in = (struct sockaddr_in *)&server; -+ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server; -+#else - struct sockaddr_in server; -+ struct sockaddr_in *server_in = &server; -+#endif -+ socklen_t addr_len; - int s= -1; - -+ if (!use_ipv4 && !use_ipv6) -+ goto err; -+#if OPENSSL_USE_IPV6 -+ /* we are fine here */ -+#else -+ if (use_ipv6) -+ goto err; -+#endif - if (!ssl_sock_init()) return(0); - -- memset((char *)&server,0,sizeof(server)); -- server.sin_family=AF_INET; -- server.sin_port=htons((unsigned short)port); -- if (ip == NULL) -- server.sin_addr.s_addr=INADDR_ANY; -- else --/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ --#ifndef BIT_FIELD_LIMITS -- memcpy(&server.sin_addr.s_addr,ip,4); -+#if OPENSSL_USE_IPV6 -+ domain = use_ipv6 ? AF_INET6 : AF_INET; - #else -- memcpy(&server.sin_addr,ip,4); -+ domain = AF_INET; - #endif -- -- if (type == SOCK_STREAM) -- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); -- else /* type == SOCK_DGRAM */ -- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); -+ if (type == SOCK_STREAM) -+ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL); -+ else /* type == SOCK_DGRAM */ -+ s=socket(domain, SOCK_DGRAM,IPPROTO_UDP); - - if (s == INVALID_SOCKET) goto err; - #if defined SOL_SOCKET && defined SO_REUSEADDR -+ { -+ int j = 1; -+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, -+ (void *) &j, sizeof j); -+ } -+#endif -+#if OPENSSL_USE_IPV6 -+ if ((use_ipv4 == 0) && (use_ipv6 == 1)) - { -- int j = 1; -- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, -- (void *) &j, sizeof j); -+ const int on = 1; -+ -+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, -+ (const void *) &on, sizeof(int)); - } - #endif -- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) -+ if (domain == AF_INET) -+ { -+ addr_len = (socklen_t)sizeof(struct sockaddr_in); -+ memset(server_in, 0, sizeof(struct sockaddr_in)); -+ server_in->sin_family=AF_INET; -+ server_in->sin_port = htons((unsigned short)port); -+ if (ip == NULL) -+ server_in->sin_addr.s_addr = htonl(INADDR_ANY); -+ else -+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ -+#ifndef BIT_FIELD_LIMITS -+ memcpy(&server_in->sin_addr.s_addr, ip, 4); -+#else -+ memcpy(&server_in->sin_addr, ip, 4); -+#endif -+ } -+#if OPENSSL_USE_IPV6 -+ else -+ { -+ addr_len = (socklen_t)sizeof(struct sockaddr_in6); -+ memset(server_in6, 0, sizeof(struct sockaddr_in6)); -+ server_in6->sin6_family = AF_INET6; -+ server_in6->sin6_port = htons((unsigned short)port); -+ if (ip == NULL) -+ server_in6->sin6_addr = in6addr_any; -+ else -+ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr)); -+ } -+#endif -+ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) - { - #ifndef OPENSSL_SYS_WINDOWS - perror("bind"); -@@ -375,16 +458,23 @@ - return(ret); - } - --static int init_server(int *sock, int port, int type) -+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6) - { -- return(init_server_long(sock, port, NULL, type)); -+ return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6)); - } - - static int do_accept(int acc_sock, int *sock, char **host) - { - int ret; - struct hostent *h1,*h2; -- static struct sockaddr_in from; -+#if OPENSSL_USE_IPV6 -+ struct sockaddr_storage from; -+ struct sockaddr_in *from_in = (struct sockaddr_in *)&from; -+ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from; -+#else -+ struct sockaddr_in from; -+ struct sockaddr_in *from_in = &from; -+#endif - int len; - /* struct linger ling; */ - -@@ -431,13 +521,23 @@ - */ - - if (host == NULL) goto end; -+#if OPENSSL_USE_IPV6 -+ if (from.ss_family == AF_INET) -+#else -+ if (from.sin_family == AF_INET) -+#endif - #ifndef BIT_FIELD_LIMITS -- /* I should use WSAAsyncGetHostByName() under windows */ -- h1=gethostbyaddr((char *)&from.sin_addr.s_addr, -- sizeof(from.sin_addr.s_addr),AF_INET); -+ /* I should use WSAAsyncGetHostByName() under windows */ -+ h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr, -+ sizeof(from_in->sin_addr.s_addr), AF_INET); - #else -- h1=gethostbyaddr((char *)&from.sin_addr, -- sizeof(struct in_addr),AF_INET); -+ h1=gethostbyaddr((char *)&from_in->sin_addr, -+ sizeof(struct in_addr), AF_INET); -+#endif -+#if OPENSSL_USE_IPV6 -+ else -+ h1=gethostbyaddr((char *)&from_in6->sin6_addr, -+ sizeof(struct in6_addr), AF_INET6); - #endif - if (h1 == NULL) - { -@@ -454,15 +554,23 @@ - } - BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); - -- h2=GetHostByName(*host); -+#if OPENSSL_USE_IPV6 -+ h2=GetHostByName(*host, from.ss_family); -+#else -+ h2=GetHostByName(*host, from.sin_family); -+#endif - if (h2 == NULL) - { - BIO_printf(bio_err,"gethostbyname failure\n"); - return(0); - } -- if (h2->h_addrtype != AF_INET) -+#if OPENSSL_USE_IPV6 -+ if (h2->h_addrtype != from.ss_family) -+#else -+ if (h2->h_addrtype != from.sin_family) -+#endif - { -- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); -+ BIO_printf(bio_err,"gethostbyname addr address is not correct\n"); - return(0); - } - } -@@ -477,7 +585,7 @@ - char *h,*p; - - h=str; -- p=strchr(str,':'); -+ p=strrchr(str,':'); - if (p == NULL) - { - BIO_printf(bio_err,"no port defined\n"); -@@ -485,7 +593,7 @@ - } - *(p++)='\0'; - -- if ((ip != NULL) && !host_ip(str,ip)) -+ if ((ip != NULL) && !host_ip(str,ip,AF_INET)) - goto err; - if (host_ptr != NULL) *host_ptr=h; - -@@ -496,48 +604,58 @@ - return(0); - } - --static int host_ip(char *str, unsigned char ip[4]) -+static int host_ip(char *str, unsigned char *ip, int domain) - { -- unsigned int in[4]; -+ unsigned int in[4]; -+ unsigned long l; - int i; - -- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4) -+ if ((domain == AF_INET) && -+ (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)) - { -+ - for (i=0; i<4; i++) - if (in[i] > 255) - { - BIO_printf(bio_err,"invalid IP address\n"); - goto err; - } -- ip[0]=in[0]; -- ip[1]=in[1]; -- ip[2]=in[2]; -- ip[3]=in[3]; -- } -+ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]); -+ memcpy(ip, &l, 4); -+ return 1; -+ } -+#if OPENSSL_USE_IPV6 -+ else if ((domain == AF_INET6) && -+ (inet_pton(AF_INET6, str, ip) == 1)) -+ return 1; -+#endif - else - { /* do a gethostbyname */ - struct hostent *he; - - if (!ssl_sock_init()) return(0); - -- he=GetHostByName(str); -+ he=GetHostByName(str,domain); - if (he == NULL) - { - BIO_printf(bio_err,"gethostbyname failure\n"); - goto err; - } - /* cast to short because of win16 winsock definition */ -- if ((short)he->h_addrtype != AF_INET) -+ if ((short)he->h_addrtype != domain) - { -- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); -+ BIO_printf(bio_err,"gethostbyname addr family is not correct\n"); - return(0); - } -- ip[0]=he->h_addr_list[0][0]; -- ip[1]=he->h_addr_list[0][1]; -- ip[2]=he->h_addr_list[0][2]; -- ip[3]=he->h_addr_list[0][3]; -+ if (domain == AF_INET) -+ memset(ip, 0, 4); -+#if OPENSSL_USE_IPV6 -+ else -+ memset(ip, 0, 16); -+#endif -+ memcpy(ip, he->h_addr_list[0], he->h_length); -+ return 1; - } -- return(1); - err: - return(0); - } -@@ -574,7 +692,7 @@ - static unsigned long ghbn_hits=0L; - static unsigned long ghbn_miss=0L; - --static struct hostent *GetHostByName(char *name) -+static struct hostent *GetHostByName(char *name, int domain) - { - struct hostent *ret; - int i,lowi=0; -@@ -589,14 +707,20 @@ - } - if (ghbn_cache[i].order > 0) - { -- if (strncmp(name,ghbn_cache[i].name,128) == 0) -+ if ((strncmp(name,ghbn_cache[i].name,128) == 0) && -+ (ghbn_cache[i].ent.h_addrtype == domain)) - break; - } - } - if (i == GHBN_NUM) /* no hit*/ - { - ghbn_miss++; -- ret=gethostbyname(name); -+ if (domain == AF_INET) -+ ret=gethostbyname(name); -+#if OPENSSL_USE_IPV6 -+ else -+ ret=gethostbyname2(name, AF_INET6); -+#endif - if (ret == NULL) return(NULL); - /* else add to cache */ - if(strlen(name) < sizeof ghbn_cache[0].name) diff --git a/dev-libs/openssl/files/openssl-1.0.1e-perl-5.18.patch b/dev-libs/openssl/files/openssl-1.0.1e-perl-5.18.patch deleted file mode 100644 index 6427c535..00000000 --- a/dev-libs/openssl/files/openssl-1.0.1e-perl-5.18.patch +++ /dev/null @@ -1,375 +0,0 @@ -https://bugs.gentoo.org/483820 - -Submitted By: Martin Ward <macros_the_black at ntlworld dot com> -Date: 2013-06-18 -Initial Package Version: 1.0.1e -Upstream Status: Unknown -Origin: self, based on fedora -Description: Fixes install with perl-5.18. - ---- openssl-1.0.1e.orig/doc/apps/cms.pod -+++ openssl-1.0.1e/doc/apps/cms.pod -@@ -450,28 +450,28 @@ - - =over 4 - --=item 0 -+=item C<0> - - the operation was completely successfully. - --=item 1 -+=item C<1> - - an error occurred parsing the command options. - --=item 2 -+=item C<2> - - one of the input files could not be read. - --=item 3 -+=item C<3> - - an error occurred creating the CMS file or when reading the MIME - message. - --=item 4 -+=item C<4> - - an error occurred decrypting or verifying the message. - --=item 5 -+=item C<5> - - the message was verified correctly but an error occurred writing out - the signers certificates. ---- openssl-1.0.1e.orig/doc/apps/smime.pod -+++ openssl-1.0.1e/doc/apps/smime.pod -@@ -308,28 +308,28 @@ - - =over 4 - --=item 0 -+=item C<0> - - the operation was completely successfully. - --=item 1 -+=item C<1> - - an error occurred parsing the command options. - --=item 2 -+=item C<2> - - one of the input files could not be read. - --=item 3 -+=item C<3> - - an error occurred creating the PKCS#7 file or when reading the MIME - message. - --=item 4 -+=item C<4> - - an error occurred decrypting or verifying the message. - --=item 5 -+=item C<5> - - the message was verified correctly but an error occurred writing out - the signers certificates. ---- openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod -+++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod -@@ -278,6 +278,8 @@ - an application specific error. This will never be returned unless explicitly - set by an application. - -+=back -+ - =head1 NOTES - - The above functions should be used instead of directly referencing the fields ---- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod -+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod -@@ -44,12 +44,12 @@ - - =over 4 - --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. - --=item 0 -+=item C<0> - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the ---- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod -+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod -@@ -56,12 +56,12 @@ - - =over 4 - --=item 0 -+=item C<0> - - The SSL_clear() operation could not be performed. Check the error stack to - find out the reason. - --=item 1 -+=item C<1> - - The SSL_clear() operation was successful. - ---- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod -+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod -@@ -53,11 +53,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation succeeded. - --=item 1 -+=item C<1> - - The operation failed. Check the error queue to find out the reason. - ---- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod -+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod -@@ -41,12 +41,12 @@ - - =over 4 - --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. - --=item 0 -+=item C<0> - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod -@@ -52,13 +52,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed. In case of the add operation, it was tried to add - the same (identical) session twice. In case of the remove operation, the - session was not found in the cache. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod -@@ -100,13 +100,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed because B<CAfile> and B<CApath> are NULL or the - processing at one of the locations specified failed. Check the error - stack to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod -@@ -66,11 +66,11 @@ - - =over 4 - --=item 1 -+=item C<1> - - The operation succeeded. - --=item 0 -+=item C<0> - - A failure while manipulating the STACK_OF(X509_NAME) object occurred or - the X509_NAME could not be extracted from B<cacert>. Check the error stack ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod -@@ -64,13 +64,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded - the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error - is logged to the error stack. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod -@@ -42,11 +42,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The new choice failed, check the error stack to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -@@ -81,6 +81,8 @@ - - Return values from the server callback are interpreted as follows: - -+=over -+ - =item > 0 - - PSK identity was found and the server callback has provided the PSK -@@ -94,9 +96,11 @@ - connection will fail with decryption_error before it will be finished - completely. - --=item 0 -+=item C<0> - - PSK identity was not found. An "unknown_psk_identity" alert message - will be sent and the connection setup fails. - -+=back -+ - =cut ---- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod -+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod -@@ -45,12 +45,12 @@ - - =over 4 - --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. - --=item 0 -+=item C<0> - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the ---- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod -+++ openssl-1.0.1e/doc/ssl/SSL_read.pod -@@ -86,7 +86,7 @@ - The read operation was successful; the return value is the number of - bytes actually read from the TLS/SSL connection. - --=item 0 -+=item C<0> - - The read operation was not successful. The reason may either be a clean - shutdown due to a "close notify" alert sent by the peer (in which case ---- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod -+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod -@@ -27,11 +27,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - A new session was negotiated. - --=item 1 -+=item C<1> - - A session was reused. - ---- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod -+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod -@@ -35,11 +35,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed. Check the error stack to find out why. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod -+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod -@@ -37,11 +37,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed; check the error stack to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod -+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod -@@ -92,12 +92,12 @@ - - =over 4 - --=item 1 -+=item C<1> - - The shutdown was successfully completed. The "close notify" alert was sent - and the peer's "close notify" alert was received. - --=item 0 -+=item C<0> - - The shutdown is not yet finished. Call SSL_shutdown() for a second time, - if a bidirectional shutdown shall be performed. ---- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod -+++ openssl-1.0.1e/doc/ssl/SSL_write.pod -@@ -79,7 +79,7 @@ - The write operation was successful, the return value is the number of - bytes actually written to the TLS/SSL connection. - --=item 0 -+=item C<0> - - The write operation was not successful. Probably the underlying connection - was closed. Call SSL_get_error() with the return value B<ret> to find out, diff --git a/dev-libs/openssl/files/openssl-1.0.1e-rdrand-explicit.patch b/dev-libs/openssl/files/openssl-1.0.1e-rdrand-explicit.patch deleted file mode 100644 index 8c414a42..00000000 --- a/dev-libs/openssl/files/openssl-1.0.1e-rdrand-explicit.patch +++ /dev/null @@ -1,28 +0,0 @@ -https://chromium-review.googlesource.com/181001 - -From 8a1956f3eac8b164f8c741ff1a259008bab3bac1 Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" <steve@openssl.org> -Date: Wed, 11 Dec 2013 14:45:12 +0000 -Subject: [PATCH] Don't use rdrand engine as default unless explicitly - requested. (cherry picked from commit - 16898401bd47a153fbf799127ff57fdcfcbd324f) - ---- - crypto/engine/eng_rdrand.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c -index a9ba5ae..4e9e91d 100644 ---- a/crypto/engine/eng_rdrand.c -+++ b/crypto/engine/eng_rdrand.c -@@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e) - { - if (!ENGINE_set_id(e, engine_e_rdrand_id) || - !ENGINE_set_name(e, engine_e_rdrand_name) || -+ !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) || - !ENGINE_set_init_function(e, rdrand_init) || - !ENGINE_set_RAND(e, &rdrand_meth) ) - return 0; --- -1.8.4.3 - diff --git a/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch b/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch deleted file mode 100644 index 03e4f599..00000000 --- a/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch +++ /dev/null @@ -1,18 +0,0 @@ -https://bugs.gentoo.org/472584 -http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest - -fix verification handling in s_client. when loading paths, make sure -we properly fallback to setting the default paths. - ---- a/apps/s_client.c -+++ b/apps/s_client.c -@@ -899,7 +899,7 @@ - if (!set_cert_key_stuff(ctx,cert,key)) - goto end; - -- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || -+ if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) && - (!SSL_CTX_set_default_verify_paths(ctx))) - { - /* BIO_printf(bio_err,"error setting default verify locations\n"); */ - diff --git a/dev-libs/openssl/files/openssl-1.0.1e-tls-ver-crash.patch b/dev-libs/openssl/files/openssl-1.0.1e-tls-ver-crash.patch deleted file mode 100644 index 034da7d4..00000000 --- a/dev-libs/openssl/files/openssl-1.0.1e-tls-ver-crash.patch +++ /dev/null @@ -1,34 +0,0 @@ -https://bugs.gentoo.org/494816 -https://bugzilla.redhat.com/show_bug.cgi?id=1045363 -http://rt.openssl.org/Ticket/Display.html?id=3200&user=guest&pass=guest - -From ca989269a2876bae79393bd54c3e72d49975fc75 Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" <steve@openssl.org> -Date: Thu, 19 Dec 2013 14:37:39 +0000 -Subject: [PATCH] Use version in SSL_METHOD not SSL structure. - -When deciding whether to use TLS 1.2 PRF and record hash algorithms -use the version number in the corresponding SSL_METHOD structure -instead of the SSL structure. The SSL structure version is sometimes -inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already. -(CVE-2013-6449) ---- - ssl/s3_lib.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index bf832bb..c4ef273 100644 ---- a/ssl/s3_lib.c -+++ b/ssl/s3_lib.c -@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT. - long ssl_get_algorithm2(SSL *s) - { - long alg2 = s->s3->tmp.new_cipher->algorithm2; -- if (TLS1_get_version(s) >= TLS1_2_VERSION && -+ if (s->method->version == TLS1_2_VERSION && - alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) - return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; - return alg2; --- -1.8.4.3 - diff --git a/dev-libs/openssl/files/openssl-1.0.1f-perl-5.18.patch b/dev-libs/openssl/files/openssl-1.0.1f-perl-5.18.patch deleted file mode 100644 index c6620963..00000000 --- a/dev-libs/openssl/files/openssl-1.0.1f-perl-5.18.patch +++ /dev/null @@ -1,356 +0,0 @@ -Forward-ported from openssl-1.0.1e-perl-5.18.patch -Fixes install with perl-5.18. - -https://bugs.gentoo.org/show_bug.cgi?id=497286 - -Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> - ---- openssl-1.0.1f/doc/apps/cms.pod -+++ openssl-1.0.1f/doc/apps/cms.pod -@@ -450,28 +450,28 @@ - - =over 4 - --=item 0 -+=item C<0> - - the operation was completely successfully. - --=item 1 -+=item C<1> - - an error occurred parsing the command options. - --=item 2 -+=item C<2> - - one of the input files could not be read. - --=item 3 -+=item C<3> - - an error occurred creating the CMS file or when reading the MIME - message. - --=item 4 -+=item C<4> - - an error occurred decrypting or verifying the message. - --=item 5 -+=item C<5> - - the message was verified correctly but an error occurred writing out - the signers certificates. ---- openssl-1.0.1f/doc/apps/smime.pod -+++ openssl-1.0.1f/doc/apps/smime.pod -@@ -308,28 +308,28 @@ - - =over 4 - --=item 0 -+=item C<0> - - the operation was completely successfully. - --=item 1 -+=item C<1> - - an error occurred parsing the command options. - --=item 2 -+=item C<2> - - one of the input files could not be read. - --=item 3 -+=item C<3> - - an error occurred creating the PKCS#7 file or when reading the MIME - message. - --=item 4 -+=item C<4> - - an error occurred decrypting or verifying the message. - --=item 5 -+=item C<5> - - the message was verified correctly but an error occurred writing out - the signers certificates. ---- openssl-1.0.1f/doc/ssl/SSL_accept.pod -+++ openssl-1.0.1f/doc/ssl/SSL_accept.pod -@@ -44,13 +44,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B<ret> to find out the reason. - --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. ---- openssl-1.0.1f/doc/ssl/SSL_clear.pod -+++ openssl-1.0.1f/doc/ssl/SSL_clear.pod -@@ -56,12 +56,12 @@ - - =over 4 - --=item 0 -+=item C<0> - - The SSL_clear() operation could not be performed. Check the error stack to - find out the reason. - --=item 1 -+=item C<1> - - The SSL_clear() operation was successful. - ---- openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod -+++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod -@@ -53,11 +53,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation succeeded. - --=item 1 -+=item C<1> - - The operation failed. Check the error queue to find out the reason. - ---- openssl-1.0.1f/doc/ssl/SSL_connect.pod -+++ openssl-1.0.1f/doc/ssl/SSL_connect.pod -@@ -41,13 +41,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B<ret> to find out the reason. - --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. ---- openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod -@@ -52,13 +52,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed. In case of the add operation, it was tried to add - the same (identical) session twice. In case of the remove operation, the - session was not found in the cache. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod -@@ -100,13 +100,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed because B<CAfile> and B<CApath> are NULL or the - processing at one of the locations specified failed. Check the error - stack to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod -@@ -66,13 +66,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - A failure while manipulating the STACK_OF(X509_NAME) object occurred or - the X509_NAME could not be extracted from B<cacert>. Check the error stack - to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod -@@ -64,13 +64,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded - the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error - is logged to the error stack. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod -@@ -42,11 +42,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The new choice failed, check the error stack to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -@@ -96,7 +96,7 @@ - connection will fail with decryption_error before it will be finished - completely. - --=item 0 -+=item C<0> - - PSK identity was not found. An "unknown_psk_identity" alert message - will be sent and the connection setup fails. ---- openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod -+++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod -@@ -45,13 +45,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B<ret> to find out the reason. - --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. ---- openssl-1.0.1f/doc/ssl/SSL_read.pod -+++ openssl-1.0.1f/doc/ssl/SSL_read.pod -@@ -86,7 +86,7 @@ - The read operation was successful; the return value is the number of - bytes actually read from the TLS/SSL connection. - --=item 0 -+=item C<0> - - The read operation was not successful. The reason may either be a clean - shutdown due to a "close notify" alert sent by the peer (in which case ---- openssl-1.0.1f/doc/ssl/SSL_session_reused.pod -+++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod -@@ -27,11 +27,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - A new session was negotiated. - --=item 1 -+=item C<1> - - A session was reused. - ---- openssl-1.0.1f/doc/ssl/SSL_set_fd.pod -+++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod -@@ -35,11 +35,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed. Check the error stack to find out why. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1f/doc/ssl/SSL_set_session.pod -+++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod -@@ -37,11 +37,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed; check the error stack to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1f/doc/ssl/SSL_shutdown.pod -+++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod -@@ -92,14 +92,14 @@ - - =over 4 - --=item 0 -+=item C<0> - - The shutdown is not yet finished. Call SSL_shutdown() for a second time, - if a bidirectional shutdown shall be performed. - The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an - erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. - --=item 1 -+=item C<1> - - The shutdown was successfully completed. The "close notify" alert was sent - and the peer's "close notify" alert was received. ---- openssl-1.0.1f/doc/ssl/SSL_write.pod -+++ openssl-1.0.1f/doc/ssl/SSL_write.pod -@@ -79,7 +79,7 @@ - The write operation was successful, the return value is the number of - bytes actually written to the TLS/SSL connection. - --=item 0 -+=item C<0> - - The write operation was not successful. Probably the underlying connection - was closed. Call SSL_get_error() with the return value B<ret> to find out, diff --git a/dev-libs/openssl/files/openssl-1.0.1f-revert-alpha-perl-generation.patch b/dev-libs/openssl/files/openssl-1.0.1f-revert-alpha-perl-generation.patch deleted file mode 100644 index 42a6fbd5..00000000 --- a/dev-libs/openssl/files/openssl-1.0.1f-revert-alpha-perl-generation.patch +++ /dev/null @@ -1,83 +0,0 @@ -when gcc is given a .s file and told to preprocess it, it outputs nothing - -https://bugs.gentoo.org/499086 - -From a2976461784ce463fc7f336cd0dce607d21c2fad Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vapier@gentoo.org> -Date: Sat, 25 Jan 2014 05:44:47 -0500 -Subject: [PATCH] Revert "Make Makefiles OSF-make-friendly." - -This reverts commit d1cf23ac86c05b22b8780e2c03b67230564d2d34. ---- - crypto/Makefile | 4 +--- - crypto/bn/Makefile | 4 +--- - crypto/evp/Makefile | 2 +- - crypto/modes/Makefile | 5 +---- - crypto/sha/Makefile | 4 +--- - util/shlib_wrap.sh | 6 +----- - 6 files changed, 6 insertions(+), 19 deletions(-) - -diff --git a/crypto/Makefile b/crypto/Makefile -index b253f50..1de9d5f 100644 ---- a/crypto/Makefile -+++ b/crypto/Makefile -@@ -86,9 +86,7 @@ ia64cpuid.s: ia64cpuid.S; $(CC) $(CFLAGS) -E ia64cpuid.S > $@ - ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@ - pariscid.s: pariscid.pl; $(PERL) pariscid.pl $(PERLASM_SCHEME) $@ - alphacpuid.s: alphacpuid.pl -- (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \ -- $(PERL) alphacpuid.pl > $$preproc && \ -- $(CC) -E $$preproc > $@ && rm $$preproc) -+ $(PERL) $< | $(CC) -E - | tee $@ > /dev/null - - subdirs: - @target=all; $(RECURSIVE_MAKE) -diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile -index b62b676..6c03363 100644 ---- a/crypto/bn/Makefile -+++ b/crypto/bn/Makefile -@@ -136,9 +136,7 @@ ppc-mont.s: asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@ - ppc64-mont.s: asm/ppc64-mont.pl;$(PERL) asm/ppc64-mont.pl $(PERLASM_SCHEME) $@ - - alpha-mont.s: asm/alpha-mont.pl -- (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \ -- $(PERL) asm/alpha-mont.pl > $$preproc && \ -- $(CC) -E $$preproc > $@ && rm $$preproc) -+ $(PERL) $< | $(CC) -E - | tee $@ > /dev/null - - # GNU make "catch all" - %-mont.S: asm/%-mont.pl; $(PERL) $< $(PERLASM_SCHEME) $@ -diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile -index ce0dcd6..88ac65e 100644 ---- a/crypto/modes/Makefile -+++ b/crypto/modes/Makefile -@@ -55,10 +55,7 @@ aesni-gcm-x86_64.s: asm/aesni-gcm-x86_64.pl - ghash-sparcv9.s: asm/ghash-sparcv9.pl - $(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS) - ghash-alpha.s: asm/ghash-alpha.pl -- (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \ -- $(PERL) asm/ghash-alpha.pl > $$preproc && \ -- $(CC) -E $$preproc > $@ && rm $$preproc) -- -+ $(PERL) $< | $(CC) -E - | tee $@ > /dev/null - ghash-parisc.s: asm/ghash-parisc.pl - $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@ - -diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile -index 64eab6c..63fba69 100644 ---- a/crypto/sha/Makefile -+++ b/crypto/sha/Makefile -@@ -60,9 +60,7 @@ sha256-armv4.S: asm/sha256-armv4.pl - $(PERL) $< $(PERLASM_SCHEME) $@ - - sha1-alpha.s: asm/sha1-alpha.pl -- (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \ -- $(PERL) asm/sha1-alpha.pl > $$preproc && \ -- $(CC) -E $$preproc > $@ && rm $$preproc) -+ $(PERL) $< | $(CC) -E - | tee $@ > /dev/null - - # Solaris make has to be explicitly told - sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@ --- -1.8.5.3 - diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml deleted file mode 100644 index 84ddb514..00000000 --- a/dev-libs/openssl/metadata.xml +++ /dev/null @@ -1,13 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> -<herd>base-system</herd> -<use> - <flag name='bindist'>Disable EC/RC5 algorithms (as they seem to be patented)</flag> - <flag name='rfc3779'>Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag> - <flag name='tls-heartbeat'>Enable the Heartbeat Extension in TLS and DTLS</flag> -</use> -<upstream> - <remote-id type="cpe">cpe:/a:openssl:openssl</remote-id> -</upstream> -</pkgmetadata> diff --git a/dev-libs/openssl/openssl-1.0.1g-r1.ebuild b/dev-libs/openssl/openssl-1.0.1g-r1.ebuild deleted file mode 100644 index d5a38708..00000000 --- a/dev-libs/openssl/openssl-1.0.1g-r1.ebuild +++ /dev/null @@ -1,261 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: $ - -EAPI="4" - -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal - -REV="1.7" -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${P}.tar.gz - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc -ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib" - -# Have the sub-libs in RDEPEND with [static-libs] since, logically, -# our libssl.a depends on libz.a/etc... at runtime. -LIB_DEPEND="gmp? ( dev-libs/gmp[static-libs(+)] ) - zlib? ( sys-libs/zlib[static-libs(+)] ) - kerberos? ( app-crypt/mit-krb5 )" -# The blocks are temporary just to make sure people upgrade to a -# version that lack runtime version checking. We'll drop them in -# the future. -RDEPEND="static-libs? ( ${LIB_DEPEND} ) - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20131008-r5 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - ) - !static-libs? ( ${LIB_DEPEND//\[static-libs(+)]} ) - !<net-misc/openssh-5.9_p1-r4 - !<net-libs/neon-0.29.6-r1" -DEPEND="${RDEPEND} - sys-apps/diffutils - >=dev-lang/perl-5 - test? ( sys-devel/bc )" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/rand.h - usr/include/openssl/modes.h - usr/include/openssl/seed.h - usr/include/openssl/opensslconf.h - usr/include/openssl/kssl.h - usr/include/openssl/opensslconf.h - usr/include/openssl/srtp.h - usr/include/openssl/ossl_typ.h - usr/include/openssl/sha.h -) - -src_unpack() { - unpack ${P}.tar.gz - SSL_CNF_DIR="/etc/ssl" - sed \ - -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \ - -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \ - "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \ - > "${WORKDIR}"/c_rehash || die #416717 -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch - epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch - epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch - epatch "${FILESDIR}"/${PN}-1.0.1e-ipv6.patch - epatch "${FILESDIR}"/${PN}-1.0.1f-perl-5.18.patch #497286 - epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584 - epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086 - - epatch_user #332661 - fi - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - # Disable it for now though #469976 - #if ! use bindist ; then - # echo "__uint128_t i;" > "${T}"/128.c - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - # fi - #fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - ECONF_SOURCE=${S} \ - echoit \ - ./${config} \ - ${sslout} \ - $(use sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake INSTALL_PREFIX="${D}" install -} - -multilib_src_install_all() { - dobin "${WORKDIR}"/c_rehash #333117 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* - use rfc3779 && dodoc engines/ccgost/README.gost - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? - - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} |