From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 535BB138334 for ; Fri, 23 Aug 2019 18:10:51 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6EE10E075F; Fri, 23 Aug 2019 18:10:50 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 48DECE075F for ; Fri, 23 Aug 2019 18:10:50 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id E563B34A21D for ; Fri, 23 Aug 2019 18:10:48 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 12508770 for ; Fri, 23 Aug 2019 18:10:47 +0000 (UTC) From: "Thomas Deutschmann" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Thomas Deutschmann" Message-ID: <1566583819.4e35a9430566547f4abd646a92718325311ba5c3.whissi@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/ X-VCS-Repository: repo/gentoo X-VCS-Files: dev-libs/openssl/Manifest dev-libs/openssl/openssl-1.1.0k-r1.ebuild dev-libs/openssl/openssl-1.1.1c-r1.ebuild dev-libs/openssl/openssl-1.1.1c.ebuild X-VCS-Directories: dev-libs/openssl/ X-VCS-Committer: whissi X-VCS-Committer-Name: Thomas Deutschmann X-VCS-Revision: 4e35a9430566547f4abd646a92718325311ba5c3 X-VCS-Branch: master Date: Fri, 23 Aug 2019 18:10:47 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 6ceba9fe-ebc6-49a5-b139-1015332a8970 X-Archives-Hash: 9a5f80c4827cdcba1affc7b4033bf5e6 commit: 4e35a9430566547f4abd646a92718325311ba5c3 Author: Thomas Deutschmann gentoo org> AuthorDate: Fri Aug 23 17:39:44 2019 +0000 Commit: Thomas Deutschmann gentoo org> CommitDate: Fri Aug 23 18:10:19 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e35a943 dev-libs/openssl: synchronize v1.1.0x with v1.1.1x Backport commit 604d5b3e0de296fc6fa6f05007b196f9860974e6. Package-Manager: Portage-2.3.72, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann gentoo.org> dev-libs/openssl/Manifest | 4 +- dev-libs/openssl/openssl-1.1.0k-r1.ebuild | 78 +++++++++------------- ...nssl-1.1.1c.ebuild => openssl-1.1.1c-r1.ebuild} | 7 +- 3 files changed, 36 insertions(+), 53 deletions(-) diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index 321134adc24..5f6b9b90602 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -13,10 +13,8 @@ DIST openssl-1.1.0j.tar.gz 5411919 BLAKE2B 0fbd936f38d30b64bea717a67cd59704c5ce4 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 +DIST openssl-1.1.0k-bindist-1.0.tar.xz 11716 BLAKE2B c491ba0899c44dbcc63f85b255548c439c965a20a04ac2a6324a4122c4691b7c95ec18e62be6d708a7ea62ea197d32e5091987cb5043969878f89e5bc26243d4 SHA512 1d5bc9d7b24cf55d32d996e2421d43a1218b605720293f00d07814afb481387856f0dc000ad3c3e4cba2361055668cfe79a945be44ab85a249555f37e683a909 DIST openssl-1.1.0k.tar.gz 5287321 BLAKE2B fce40a399f5a08d5fe183dfcaab11b211d982885fb9888b25fa41bdd9919ecd203fca6f573363cfb42c9a0776ae69ea50b0f144227a3f28ca0dbadf878d396bc SHA512 65f41a240a97d79504c0e1391fde8ac8692f0993437cdc35e4bc964ecc36e5ef75a62499c4c6cb4ce63f892135e06dba2d3594c8869d935554296fa3c6ccd822 -DIST openssl-1.1.0k_d2ede125556ac99aa0faa7744c703af3f559094e_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457 -DIST openssl-1.1.0k_d2ede125556ac99aa0faa7744c703af3f559094e_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b -DIST openssl-1.1.0k_d2ede125556ac99aa0faa7744c703af3f559094e_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 DIST openssl-1.1.1-ec-curves.patch 7265 BLAKE2B 04725d226c430132cf54afbfaa30a82f8f8bbfd3608823d1d0cd42c3c13f417e90762759da3134d7b0c4373e531925db337b681340f2f284cb2f16a4caef22e3 SHA512 de4d0f1635740c57217836a476c420141c0d34a5f90cbf7957aed7a80e7ac9ca036de2d8448e6bf4c122999e308730575899f61cea6e51ab6825dd04890d75a1 DIST openssl-1.1.1b.tar.gz 8213737 BLAKE2B 7ad9da9548052e2a033a684038f97c420cfffd57994604bcb3fa12640796c8c0aea3d24fb05648ee4940fbec40b81462e81c353da5a41a2575c0585d9718eae8 SHA512 b54025fbb4fe264466f3b0d762aad4be45bd23cd48bdb26d901d4c41a40bfd776177e02230995ab181a695435039dbad313f4b9a563239a70807a2e19ecf045d DIST openssl-1.1.1b_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415 diff --git a/dev-libs/openssl/openssl-1.1.0k-r1.ebuild b/dev-libs/openssl/openssl-1.1.0k-r1.ebuild index f8ee7f73587..937d3b7ed11 100644 --- a/dev-libs/openssl/openssl-1.1.0k-r1.ebuild +++ b/dev-libs/openssl/openssl-1.1.0k-r1.ebuild @@ -6,14 +6,25 @@ EAPI="7" inherit flag-o-matic toolchain-funcs multilib multilib-minimal MY_P=${P/_/-} + +# This patch set is based on the following files from Fedora 31, +# see https://src.fedoraproject.org/rpms/openssl/blob/f28/f/openssl.spec +# for more details: +# - hobble-openssl (SOURCE1) +# - ec_curve.c (SOURCE12) +# - ectest.c (SOURCE13) +# - openssl-1.1.0-ec-curves.patch (PATCH37) -- MODIFIED +BINDIST_PATCH_SET="openssl-1.1.0k-bindist-1.0.tar.xz" + DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )" LICENSE="openssl" SLOT="0/1.1" # .so version of libssl/libcrypto KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux" -IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib" +IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib" RESTRICT="!bindist? ( bindist )" RDEPEND=">=app-misc/c_rehash-1.7-r1 @@ -28,28 +39,6 @@ BDEPEND=" )" PDEPEND="app-misc/ca-certificates" -# This does not copy the entire Fedora patchset, but JUST the parts that -# are needed to make it safe to use EC with RESTRICT=bindist. -# See openssl.spec for the matching numbering of SourceNNN, PatchNNN -SOURCE1=hobble-openssl -SOURCE12=ec_curve.c -SOURCE13=ectest.c -PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC -PATCH37=openssl-1.1.0-ec-curves.patch -FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/' -FEDORA_GIT_BRANCH='f28' -FEDORA_GIT_COMMIT="d2ede125556ac99aa0faa7744c703af3f559094e" -FEDORA_SRC_URI=() -FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 ) -FEDORA_PATCH=( $PATCH1 $PATCH37 ) -for i in "${FEDORA_SOURCE[@]}" ; do - FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${P}_${FEDORA_GIT_COMMIT}_${i}" ) -done -for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix - FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${i%.patch}_${FEDORA_GIT_COMMIT}.patch" ) -done -SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )" - PATCHES=( "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 @@ -64,34 +53,29 @@ MULTILIB_WRAPPED_HEADERS=( src_prepare() { if use bindist; then - # we need to patch the patch but we cannot patch in DISTDIR... - mkdir "${WORKDIR}"/fedora_patches || die - for i in "${FEDORA_PATCH[@]}" ; do - cp "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch" "${WORKDIR}"/fedora_patches || die + mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die + bash "${WORKDIR}"/hobble-openssl || die + + cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die + cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die + + eapply "${WORKDIR}"/bindist-patches/ec-curves.patch + + local known_failing_test + for known_failing_test in \ + 30-test_evp_extra.t \ + 80-test_ssl_new.t \ + ; do + ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist" + rm test/recipes/${known_failing_test} || die + eend $? done - # now patch the path, due to OpenSSL change cb193560e0da17a41b40ce574a2349f1d4d59ed1 - sed -i -e 's#test/evptests.txt#test/recipes/30-test_evp_data/evppkey.txt#g' \ - "${WORKDIR}"/fedora_patches/openssl-1.1.0-build_d2ede125556ac99aa0faa7744c703af3f559094e.patch || \ - die - - # This just removes the prefix, and puts it into WORKDIR like the RPM. - for i in "${FEDORA_SOURCE[@]}" ; do - cp -f "${DISTDIR}"/"${P}_${FEDORA_GIT_COMMIT}_${i}" "${WORKDIR}"/"${i}" || die - done - # .spec %prep - bash "${WORKDIR}"/"${SOURCE1}" || die - cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die - cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die - for i in "${FEDORA_PATCH[@]}" ; do - #eapply "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch" - eapply "${WORKDIR}/fedora_patches/${i%.patch}_${FEDORA_GIT_COMMIT}.patch" - done # Also see the configure parts below: # enable-ec \ # $(use_ssl !bindist ec2m) \ - fi + # keep this in sync with app-misc/c_rehash SSL_CNF_DIR="/etc/ssl" @@ -205,6 +189,8 @@ multilib_src_configure() { enable-idea \ enable-mdc2 \ enable-rc5 \ + $(use_ssl sslv3 ssl3) \ + $(use_ssl sslv3 ssl3-method) \ $(use_ssl asm) \ $(use_ssl rfc3779) \ $(use_ssl sctp) \ diff --git a/dev-libs/openssl/openssl-1.1.1c.ebuild b/dev-libs/openssl/openssl-1.1.1c-r1.ebuild similarity index 98% rename from dev-libs/openssl/openssl-1.1.1c.ebuild rename to dev-libs/openssl/openssl-1.1.1c-r1.ebuild index 1071017acce..683c5707566 100644 --- a/dev-libs/openssl/openssl-1.1.1c.ebuild +++ b/dev-libs/openssl/openssl-1.1.1c-r1.ebuild @@ -1,7 +1,7 @@ # Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI="7" inherit flag-o-matic toolchain-funcs multilib multilib-minimal @@ -18,7 +18,8 @@ BINDIST_PATCH_SET="openssl-1.1.1c-bindist-1.0.tar.xz" DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )" LICENSE="openssl" SLOT="0/1.1" # .so version of libssl/libcrypto @@ -43,8 +44,6 @@ PATCHES=( "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 ) -SRC_URI+=" bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )" - S="${WORKDIR}/${MY_P}" MULTILIB_WRAPPED_HEADERS=(