public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-08-23 18:10 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-08-23 18:10 UTC (permalink / raw
  To: gentoo-commits

commit:     e97ec5edeee8a64d588372637d04ae934d3c514b
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 23 17:59:39 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Aug 23 18:10:22 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e97ec5ed

dev-libs/openssl-compat: bump to v1.0.2s

Package-Manager: Portage-2.3.72, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/Manifest                   |   4 +
 .../openssl-compat/openssl-compat-1.0.2s.ebuild    | 258 +++++++++++++++++++++
 2 files changed, 262 insertions(+)

diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 8fc04945964..260480f8468 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -4,3 +4,7 @@ DIST openssl-1.0.2r.tar.gz 5348369 BLAKE2B 9f9c2d2fe6eaf9acacab29b394a318f30c38e
 DIST openssl-1.0.2r_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2r_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
 DIST openssl-1.0.2r_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
+DIST openssl-1.0.2s.tar.gz 5349149 BLAKE2B 46c72dcceb5b473b129be0a895f3d6c25a24ee852a31dc369ccf0e44319259d8694d3571b8cb698efb8bce89dbe31f4fc9f82753cacb24cbd3d50fa2ab9b6e83 SHA512 9f745452c4f777df694158e95003cde78a2cf8199bc481a563ec36644664c3c1415a774779b9791dd18f2aeb57fa1721cb52b3db12d025955e970071d5b66d2a
+DIST openssl-1.0.2s_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
+DIST openssl-1.0.2s_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
+DIST openssl-1.0.2s_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2s.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2s.ebuild
new file mode 100644
index 00000000000..7449ff20b7e
--- /dev/null
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2s.ebuild
@@ -0,0 +1,258 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+MY_P=openssl-${PV/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	!vanilla? (
+		mirror://gentoo/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+	)"
+
+LICENSE="openssl"
+SLOT="1.0.0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	!=dev-libs/openssl-1.0.2*:0"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+
+RESTRICT="test"
+
+# Do not install any docs
+DOCS=()
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+# These are ported instead
+#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+#PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f25'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> openssl-${PV}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"openssl-${PV}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
+		for i in "${FEDORA_PATCH[@]}" ; do
+			eapply "${DISTDIR}"/"${i}"
+		done
+		eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+		# $(use_ssl !bindist srp) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	# this breaks build with 1.0.2p, not sure if it is needed anymore
+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist srp) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 V=1 depend
+	emake build_libs
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	dolib.so lib{crypto,ssl}.so.${SLOT}
+}


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-12 13:57 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-09-12 13:57 UTC (permalink / raw
  To: gentoo-commits

commit:     e0a0f34d749f26e4a03c1a61f0bbd61de0d273de
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 12 13:57:05 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Sep 12 13:57:05 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0a0f34d

dev-libs/openssl-compat: bump to v1.0.2t

Package-Manager: Portage-2.3.75, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/Manifest                   |   2 +
 .../openssl-compat/openssl-compat-1.0.2t.ebuild    | 247 +++++++++++++++++++++
 2 files changed, 249 insertions(+)

diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 260480f8468..5966e6d5d9a 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -8,3 +8,5 @@ DIST openssl-1.0.2s.tar.gz 5349149 BLAKE2B 46c72dcceb5b473b129be0a895f3d6c25a24e
 DIST openssl-1.0.2s_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2s_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
 DIST openssl-1.0.2s_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
+DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
+DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
new file mode 100644
index 00000000000..4f49e0ff20c
--- /dev/null
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
@@ -0,0 +1,247 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+
+MY_P=openssl-${PV/_/-}
+
+# This patch set is based on the following files from Fedora 25,
+# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)
+	!vanilla? (
+		mirror://gentoo/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+	)"
+
+LICENSE="openssl"
+SLOT="1.0.0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	!=dev-libs/openssl-1.0.2*:0"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+
+RESTRICT="test"
+
+# Do not install any docs
+DOCS=()
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+		# $(use_ssl !bindist srp) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	# this breaks build with 1.0.2p, not sure if it is needed anymore
+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist srp) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 V=1 depend
+	emake build_libs
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	dolib.so lib{crypto,ssl}.so.${SLOT}
+}


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-13  0:00 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-09-13  0:00 UTC (permalink / raw
  To: gentoo-commits

commit:     b1b02130e1aa03dccde799abbcac3386cfcc9922
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 12 23:53:48 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Sep 12 23:53:48 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1b02130

dev-libs/openssl-compat: x86 stable (bug #694162)

Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
index 4f49e0ff20c..ae9c07be6f7 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="1.0.0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-13 12:15 Mikle Kolyada
  0 siblings, 0 replies; 33+ messages in thread
From: Mikle Kolyada @ 2019-09-13 12:15 UTC (permalink / raw
  To: gentoo-commits

commit:     5bcb35aa2160c79d9b77029efb85cc1c4e47d779
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 13 12:15:35 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Fri Sep 13 12:15:35 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5bcb35aa

dev-libs/openssl-compat: amd64 stable wrt bug #694162

Package-Manager: Portage-2.3.69, Repoman-2.3.16
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
index ae9c07be6f7..717d2d311a8 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="1.0.0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-15 20:28 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-09-15 20:28 UTC (permalink / raw
  To: gentoo-commits

commit:     3201627815cc92ff5f4396c288354fd3acfcd7c3
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 20:27:47 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Sep 15 20:28:02 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32016278

dev-libs/openssl-compat: limit parallel jobs

Bug: https://bugs.gentoo.org/694512
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
index 717d2d311a8..292f5d8fd0f 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
@@ -3,7 +3,7 @@
 
 EAPI="7"
 
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+inherit flag-o-matic toolchain-funcs multiprocessing multilib multilib-minimal
 
 # openssl-1.0.2-patches-1.6 contain additional CVE patches
 # which got fixed with this release.
@@ -135,6 +135,13 @@ src_prepare() {
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
 	./config --test-sanity || die "I AM NOT SANE"
 
+	local make_jobs=$(makeopts_jobs)
+	if [[ ${make_jobs} -gt 6 ]] ; then
+		# bug 694512
+		einfo "Limiting parallel jobs to 6 ..."
+		export MAKEOPTS=-j6
+	fi
+
 	multilib_copy_sources
 }
 


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-15 20:37 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-09-15 20:37 UTC (permalink / raw
  To: gentoo-commits

commit:     3558a38befebeadab55ef698eb900b625838408d
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 20:36:50 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Sep 15 20:36:50 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3558a38b

dev-libs/openssl-compat: filter load average

Bug: https://bugs.gentoo.org/694512
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
index 292f5d8fd0f..8bb26744d2d 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
@@ -140,6 +140,9 @@ src_prepare() {
 		# bug 694512
 		einfo "Limiting parallel jobs to 6 ..."
 		export MAKEOPTS=-j6
+	else
+		# Filter load average
+		export MAKEOPTS=-j${make_jobs}
 	fi
 
 	multilib_copy_sources


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-16  0:06 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-09-16  0:06 UTC (permalink / raw
  To: gentoo-commits

commit:     73567ce3bf59198b1c2fe19aa59d70fed4c8a13a
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 23:49:52 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Sep 16 00:06:04 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73567ce3

Revert "dev-libs/openssl-compat: filter load average"

This reverts commit 3558a38befebeadab55ef698eb900b625838408d.

Bug: https://bugs.gentoo.org/694512
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
index 8bb26744d2d..292f5d8fd0f 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
@@ -140,9 +140,6 @@ src_prepare() {
 		# bug 694512
 		einfo "Limiting parallel jobs to 6 ..."
 		export MAKEOPTS=-j6
-	else
-		# Filter load average
-		export MAKEOPTS=-j${make_jobs}
 	fi
 
 	multilib_copy_sources


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-16  0:06 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-09-16  0:06 UTC (permalink / raw
  To: gentoo-commits

commit:     5a2ebf9296293621d4a74c1090b5a6087b8a86d4
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 23:50:08 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Sep 16 00:06:08 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a2ebf92

Revert "dev-libs/openssl-compat: limit parallel jobs"

This reverts commit 3201627815cc92ff5f4396c288354fd3acfcd7c3.

Bug: https://bugs.gentoo.org/694512
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
index 292f5d8fd0f..717d2d311a8 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
@@ -3,7 +3,7 @@
 
 EAPI="7"
 
-inherit flag-o-matic toolchain-funcs multiprocessing multilib multilib-minimal
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
 
 # openssl-1.0.2-patches-1.6 contain additional CVE patches
 # which got fixed with this release.
@@ -135,13 +135,6 @@ src_prepare() {
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
 	./config --test-sanity || die "I AM NOT SANE"
 
-	local make_jobs=$(makeopts_jobs)
-	if [[ ${make_jobs} -gt 6 ]] ; then
-		# bug 694512
-		einfo "Limiting parallel jobs to 6 ..."
-		export MAKEOPTS=-j6
-	fi
-
 	multilib_copy_sources
 }
 


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-16  0:06 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-09-16  0:06 UTC (permalink / raw
  To: gentoo-commits

commit:     77f41cb32418c535b2e948e4bd29d4647b6c99c0
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 16 00:03:38 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Sep 16 00:06:18 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77f41cb3

dev-libs/openssl-compat: restore Gentoo patch set

Patch set for 1.0.2x series were longer applied when ebuilds were
bumped to EAPI=7 and unified.

Fixes a039f65 ("dev-libs/openssl: bump to EAPI 7")
Closes: https://bugs.gentoo.org/694512
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 .../{openssl-compat-1.0.2s.ebuild => openssl-compat-1.0.2s-r1.ebuild} | 4 +---
 .../{openssl-compat-1.0.2t.ebuild => openssl-compat-1.0.2t-r1.ebuild} | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2s.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2s-r1.ebuild
similarity index 98%
rename from dev-libs/openssl-compat/openssl-compat-1.0.2s.ebuild
rename to dev-libs/openssl-compat/openssl-compat-1.0.2s-r1.ebuild
index 7449ff20b7e..f956fa3826a 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2s.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2s-r1.ebuild
@@ -100,9 +100,7 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
+		eapply "${WORKDIR}"/patch/*.patch
 	fi
 
 	eapply_user

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
similarity index 98%
rename from dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
rename to dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
index 717d2d311a8..670f557544d 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
@@ -89,9 +89,7 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
+		eapply "${WORKDIR}"/patch/*.patch
 	fi
 
 	eapply_user


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-10-01 19:38 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-10-01 19:38 UTC (permalink / raw
  To: gentoo-commits

commit:     b91192d5d750dadc3673000dc065cf42f750da35
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Oct  1 19:34:22 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Oct  1 19:34:22 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b91192d5

dev-libs/openssl-compat: security cleanup (#694162)

Bug: https://bugs.gentoo.org/694162
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/Manifest                   |   8 -
 .../openssl-compat/openssl-compat-1.0.2r.ebuild    | 249 --------------------
 .../openssl-compat/openssl-compat-1.0.2s-r1.ebuild | 256 ---------------------
 3 files changed, 513 deletions(-)

diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 5966e6d5d9a..5b5c397e40b 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -1,12 +1,4 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
-DIST openssl-1.0.2r.tar.gz 5348369 BLAKE2B 9f9c2d2fe6eaf9acacab29b394a318f30c38e831a5f9c193b2da660f9d04acbf407d8b752274783765416c0f5ba557c24ee293ad7fb7d727771db289e6acc901 SHA512 6eb2211f3ad56d7573ac26f388338592c37e5faaf5e2d44c0fa9062c12186e56a324f135d1c956a89b55fcce047e6428bec2756658d103e7275e08b46f741235
-DIST openssl-1.0.2r_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
-DIST openssl-1.0.2r_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
-DIST openssl-1.0.2r_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
-DIST openssl-1.0.2s.tar.gz 5349149 BLAKE2B 46c72dcceb5b473b129be0a895f3d6c25a24ee852a31dc369ccf0e44319259d8694d3571b8cb698efb8bce89dbe31f4fc9f82753cacb24cbd3d50fa2ab9b6e83 SHA512 9f745452c4f777df694158e95003cde78a2cf8199bc481a563ec36644664c3c1415a774779b9791dd18f2aeb57fa1721cb52b3db12d025955e970071d5b66d2a
-DIST openssl-1.0.2s_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
-DIST openssl-1.0.2s_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
-DIST openssl-1.0.2s_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2r.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2r.ebuild
deleted file mode 100644
index 7aef40f273d..00000000000
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2r.ebuild
+++ /dev/null
@@ -1,249 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-# openssl-1.0.2-patches-1.6 contain additional CVE patches
-# which got fixed with this release.
-# Please use 1.7 version number when rolling a new tarball!
-PATCH_SET="openssl-1.0.2-patches-1.5"
-MY_P=openssl-${PV/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	!vanilla? (
-		mirror://gentoo/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
-	)"
-
-LICENSE="openssl"
-SLOT="1.0.0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	!=dev-libs/openssl-1.0.2*:0
-	!dev-libs/openssl:1.0.0"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-
-RESTRICT="test"
-
-# Do not install any docs
-DOCS=()
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-# These are ported instead
-#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-#PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f25'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> openssl-${PV}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"openssl-${PV}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
-		for i in "${FEDORA_PATCH[@]}" ; do
-			eapply "${DISTDIR}"/"${i}"
-		done
-		eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-		# $(use_ssl !bindist srp) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${WORKDIR}"/patch/*.patch
-	fi
-
-	eapply_user
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	# this breaks build with 1.0.2p, not sure if it is needed anymore
-	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	# https://github.com/openssl/openssl/issues/2286
-	if use ia64 ; then
-		replace-flags -g3 -g2
-		replace-flags -ggdb3 -ggdb2
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		$(use_ssl !bindist srp) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX%/}"/usr \
-		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 V=1 depend
-	emake build_libs
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	dolib.so lib{crypto,ssl}.so.${SLOT}
-}

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2s-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2s-r1.ebuild
deleted file mode 100644
index f956fa3826a..00000000000
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2s-r1.ebuild
+++ /dev/null
@@ -1,256 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-# openssl-1.0.2-patches-1.6 contain additional CVE patches
-# which got fixed with this release.
-# Please use 1.7 version number when rolling a new tarball!
-PATCH_SET="openssl-1.0.2-patches-1.5"
-MY_P=openssl-${PV/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	!vanilla? (
-		mirror://gentoo/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
-	)"
-
-LICENSE="openssl"
-SLOT="1.0.0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	!=dev-libs/openssl-1.0.2*:0"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-
-RESTRICT="test"
-
-# Do not install any docs
-DOCS=()
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-# These are ported instead
-#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-#PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f25'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> openssl-${PV}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"openssl-${PV}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
-		for i in "${FEDORA_PATCH[@]}" ; do
-			eapply "${DISTDIR}"/"${i}"
-		done
-		eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-		# $(use_ssl !bindist srp) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${WORKDIR}"/patch/*.patch
-	fi
-
-	eapply_user
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	# this breaks build with 1.0.2p, not sure if it is needed anymore
-	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	# https://github.com/openssl/openssl/issues/2286
-	if use ia64 ; then
-		replace-flags -g3 -g2
-		replace-flags -ggdb3 -ggdb2
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		$(use_ssl !bindist srp) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 V=1 depend
-	emake build_libs
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	dolib.so lib{crypto,ssl}.so.${SLOT}
-}


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-10-22  7:45 Lars Wendler
  0 siblings, 0 replies; 33+ messages in thread
From: Lars Wendler @ 2019-10-22  7:45 UTC (permalink / raw
  To: gentoo-commits

commit:     45d47532b265f7a314e2c67d52550146fd6cd84f
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 22 07:45:03 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Oct 22 07:45:26 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45d47532

dev-libs/openssl-compat: Block dev-libs/openssl:1.0.0

to avoid file collisions

Closes: https://bugs.gentoo.org/698208
Package-Manager: Portage-2.3.78, Repoman-2.3.17
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
index d42cc5f4f5a..50ca46ba72e 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
@@ -44,7 +44,8 @@ RESTRICT="!bindist? ( bindist )"
 RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
 	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	!=dev-libs/openssl-1.0.2*:0"
+	!=dev-libs/openssl-1.0.2*:0
+	!dev-libs/openssl:1.0.0"
 DEPEND="${RDEPEND}"
 BDEPEND="
 	>=dev-lang/perl-5


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-11-02 14:56 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-11-02 14:56 UTC (permalink / raw
  To: gentoo-commits

commit:     73bddea54d7e0097c86df82f3d43707b344e83e3
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Nov  2 14:55:39 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Nov  2 14:55:39 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73bddea5

dev-libs/openssl-compat: fix RESTRICT

Bug: https://bugs.gentoo.org/699154
Package-Manager: Portage-2.3.78, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
index 50ca46ba72e..b157a2495fc 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
@@ -39,7 +39,9 @@ LICENSE="openssl"
 SLOT="1.0.0"
 KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
+
+RESTRICT="!bindist? ( bindist )
+	test"
 
 RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
@@ -55,8 +57,6 @@ BDEPEND="
 		sys-devel/bc
 	)"
 
-RESTRICT="test"
-
 # Do not install any docs
 DOCS=()
 


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-11-25  0:42 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-11-25  0:42 UTC (permalink / raw
  To: gentoo-commits

commit:     a8d0ebd940cc57e1fbf0e47b73e59758ab2b1519
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 25 00:42:25 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Nov 25 00:42:34 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8d0ebd9

dev-libs/openssl-compat: add missing RESTRICT=test

Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild
index d9b04231afd..6516e0257f2 100644
--- a/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild
@@ -20,7 +20,8 @@ LICENSE="openssl"
 SLOT="0.9.8"
 KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86"
 IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
-RESTRICT="!bindist? ( bindist )"
+RESTRICT="!bindist? ( bindist )
+	test"
 
 RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
 	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-12-21 20:31 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-12-21 20:31 UTC (permalink / raw
  To: gentoo-commits

commit:     c2b642ed1dfc7cb054380769761024dd73a768c6
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 21 20:30:14 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Dec 21 20:30:27 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2b642ed

dev-libs/openssl-compat: bump to v1.0.2u

Bug: https://bugs.gentoo.org/702176
Package-Manager: Portage-2.3.82, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/Manifest                   |   1 +
 .../openssl-compat/openssl-compat-1.0.2u.ebuild    | 246 +++++++++++++++++++++
 2 files changed, 247 insertions(+)

diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 5b5c397e40b..f6ca6a00831 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -2,3 +2,4 @@ DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b384
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
+DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild
new file mode 100644
index 00000000000..5b3784f01f6
--- /dev/null
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild
@@ -0,0 +1,246 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+
+MY_P=openssl-${PV/_/-}
+
+# This patch set is based on the following files from Fedora 25,
+# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)
+	!vanilla? (
+		mirror://gentoo/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+	)"
+
+LICENSE="openssl"
+SLOT="1.0.0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+
+RESTRICT="!bindist? ( bindist )
+	test"
+
+RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	!=dev-libs/openssl-1.0.2*:0
+	!dev-libs/openssl:1.0.0"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+
+# Do not install any docs
+DOCS=()
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+		# $(use_ssl !bindist srp) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		eapply "${WORKDIR}"/patch/*.patch
+	fi
+
+	eapply_user
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	# this breaks build with 1.0.2p, not sure if it is needed anymore
+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist srp) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 V=1 depend
+	emake build_libs
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	dolib.so lib{crypto,ssl}.so.${SLOT}
+}


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2020-01-01 21:25 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2020-01-01 21:25 UTC (permalink / raw
  To: gentoo-commits

commit:     617d66b7f218311a247c1b8783d866e2d6325eac
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jan  1 21:23:57 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jan  1 21:25:10 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=617d66b7

dev-libs/openssl-compat: move stable keywords

Bug: https://bugs.gentoo.org/702176
Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild
index 5b3784f01f6..7e0327f824c 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="1.0.0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 
 RESTRICT="!bindist? ( bindist )


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2020-01-01 21:25 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2020-01-01 21:25 UTC (permalink / raw
  To: gentoo-commits

commit:     273422f6cae129a4a97402641e81b13db9461ec4
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jan  1 21:24:50 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jan  1 21:25:12 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=273422f6

dev-libs/openssl-compat: security cleanup (#702176)

Bug: https://bugs.gentoo.org/702176
Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/Manifest                   |   1 -
 .../openssl-compat/openssl-compat-1.0.2t-r1.ebuild | 246 ---------------------
 2 files changed, 247 deletions(-)

diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index f6ca6a00831..f8e304a6376 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -1,5 +1,4 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
-DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
deleted file mode 100644
index b157a2495fc..00000000000
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
+++ /dev/null
@@ -1,246 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-# openssl-1.0.2-patches-1.6 contain additional CVE patches
-# which got fixed with this release.
-# Please use 1.7 version number when rolling a new tarball!
-PATCH_SET="openssl-1.0.2-patches-1.5"
-
-MY_P=openssl-${PV/_/-}
-
-# This patch set is based on the following files from Fedora 25,
-# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
-# for more details:
-# - hobble-openssl (SOURCE1)
-# - ec_curve.c (SOURCE12) -- MODIFIED
-# - ectest.c (SOURCE13)
-# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
-BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
-
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	bindist? (
-		mirror://gentoo/${BINDIST_PATCH_SET}
-		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
-	)
-	!vanilla? (
-		mirror://gentoo/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
-	)"
-
-LICENSE="openssl"
-SLOT="1.0.0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-
-RESTRICT="!bindist? ( bindist )
-	test"
-
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	!=dev-libs/openssl-1.0.2*:0
-	!dev-libs/openssl:1.0.0"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-
-# Do not install any docs
-DOCS=()
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	if use bindist; then
-		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
-		bash "${WORKDIR}"/hobble-openssl || die
-
-		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
-
-		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
-
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-		# $(use_ssl !bindist srp) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${WORKDIR}"/patch/*.patch
-	fi
-
-	eapply_user
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	# this breaks build with 1.0.2p, not sure if it is needed anymore
-	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	# https://github.com/openssl/openssl/issues/2286
-	if use ia64 ; then
-		replace-flags -g3 -g2
-		replace-flags -ggdb3 -ggdb2
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		$(use_ssl !bindist srp) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 V=1 depend
-	emake build_libs
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	dolib.so lib{crypto,ssl}.so.${SLOT}
-}


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2020-05-08 23:28 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2020-05-08 23:28 UTC (permalink / raw
  To: gentoo-commits

commit:     55191829ad11e7f0e48e90e0a3e80c1b9f418d9b
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri May  8 23:27:36 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri May  8 23:27:54 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55191829

dev-libs/openssl-compat: use versioned symbols for OpenSSL binary compatibility

Closes: https://bugs.gentoo.org/720226
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/Manifest                   |   1 +
 .../openssl-compat/openssl-compat-1.0.2u-r1.ebuild | 249 +++++++++++++++++++++
 2 files changed, 250 insertions(+)

diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index f8e304a6376..1d79926b78f 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -2,3 +2,4 @@ DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b384
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
+DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
new file mode 100644
index 00000000000..2885b3e2a41
--- /dev/null
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
@@ -0,0 +1,249 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+
+MY_P=openssl-${PV/_/-}
+
+# This patch set is based on the following files from Fedora 25,
+# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)
+	!vanilla? (
+		mirror://gentoo/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+	)
+	https://dev.gentoo.org/~whissi/dist/openssl/openssl-compat-1.0.2u-versioned-symbols.patch.gz"
+
+LICENSE="openssl"
+SLOT="1.0.0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+
+RESTRICT="!bindist? ( bindist )
+	test"
+
+RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	!=dev-libs/openssl-1.0.2*:0
+	!dev-libs/openssl:1.0.0"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+
+# Do not install any docs
+DOCS=()
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	mv "${WORKDIR}"/openssl-compat-1.0.2u-versioned-symbols.patch "${WORKDIR}"/patch || die
+
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+		# $(use_ssl !bindist srp) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		eapply "${WORKDIR}"/patch/*.patch
+	fi
+
+	eapply_user
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	# this breaks build with 1.0.2p, not sure if it is needed anymore
+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist srp) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 V=1 depend
+	emake build_libs
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	dolib.so lib{crypto,ssl}.so.${SLOT}
+}


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2020-05-19  9:49 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2020-05-19  9:49 UTC (permalink / raw
  To: gentoo-commits

commit:     079ccd2bed1aab50480821c697b81f8db8b708ba
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 19 09:32:36 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 19 09:48:57 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=079ccd2b

dev-libs/openssl-compat: drop old

Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 .../openssl-compat/openssl-compat-1.0.2u.ebuild    | 246 ---------------------
 1 file changed, 246 deletions(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild
deleted file mode 100644
index 25a816cf47d..00000000000
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild
+++ /dev/null
@@ -1,246 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-# openssl-1.0.2-patches-1.6 contain additional CVE patches
-# which got fixed with this release.
-# Please use 1.7 version number when rolling a new tarball!
-PATCH_SET="openssl-1.0.2-patches-1.5"
-
-MY_P=openssl-${PV/_/-}
-
-# This patch set is based on the following files from Fedora 25,
-# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
-# for more details:
-# - hobble-openssl (SOURCE1)
-# - ec_curve.c (SOURCE12) -- MODIFIED
-# - ectest.c (SOURCE13)
-# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
-BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
-
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	bindist? (
-		mirror://gentoo/${BINDIST_PATCH_SET}
-		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
-	)
-	!vanilla? (
-		mirror://gentoo/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
-	)"
-
-LICENSE="openssl"
-SLOT="1.0.0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-
-RESTRICT="!bindist? ( bindist )
-	test"
-
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	!=dev-libs/openssl-1.0.2*:0
-	!dev-libs/openssl:1.0.0"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-
-# Do not install any docs
-DOCS=()
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	if use bindist; then
-		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
-		bash "${WORKDIR}"/hobble-openssl || die
-
-		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
-
-		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
-
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-		# $(use_ssl !bindist srp) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${WORKDIR}"/patch/*.patch
-	fi
-
-	eapply_user
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	# this breaks build with 1.0.2p, not sure if it is needed anymore
-	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	# https://github.com/openssl/openssl/issues/2286
-	if use ia64 ; then
-		replace-flags -g3 -g2
-		replace-flags -ggdb3 -ggdb2
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		$(use_ssl !bindist srp) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 V=1 depend
-	emake build_libs
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	dolib.so lib{crypto,ssl}.so.${SLOT}
-}


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2020-05-19  9:49 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2020-05-19  9:49 UTC (permalink / raw
  To: gentoo-commits

commit:     0a342bcd638f54014f98f3320f5ab190e0f0e7bb
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 19 09:31:58 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 19 09:48:56 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a342bcd

dev-libs/openssl-compat: rollover keywords

Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
index 2885b3e2a41..1501ae504d3 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
@@ -38,7 +38,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="1.0.0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 
 RESTRICT="!bindist? ( bindist )


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2021-07-21 12:56 Thomas Deutschmann
  0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2021-07-21 12:56 UTC (permalink / raw
  To: gentoo-commits

commit:     50c70265cca12034c5e44f75696186287f4bc20f
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 21 12:55:19 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jul 21 12:55:19 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50c70265

dev-libs/openssl-compat: rename USE=zlib to USE=tls-compression

Package-Manager: Portage-3.0.21, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl-compat/metadata.xml                                | 1 +
 ...ompat-0.9.8z_p8-r1.ebuild => openssl-compat-0.9.8z_p8-r2.ebuild} | 6 +++---
 ...nssl-compat-1.0.2u-r1.ebuild => openssl-compat-1.0.2u-r2.ebuild} | 6 +++---
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/dev-libs/openssl-compat/metadata.xml b/dev-libs/openssl-compat/metadata.xml
index 8419c576d83..5dfd9a9f2f9 100644
--- a/dev-libs/openssl-compat/metadata.xml
+++ b/dev-libs/openssl-compat/metadata.xml
@@ -11,6 +11,7 @@
  <flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
  <flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag>
  <flag name="sslv3">Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https</flag>
+ <flag name="tls-compression">Enable support for discouraged TLS compression</flag>
  <flag name="tls-heartbeat">Enable the Heartbeat Extension in TLS and DTLS</flag>
 </use>
 <upstream>

diff --git a/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r2.ebuild
similarity index 96%
rename from dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild
rename to dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r2.ebuild
index e683f59fccf..3b77fd0b9f4 100644
--- a/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r2.ebuild
@@ -19,12 +19,12 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 SLOT="0.9.8"
 KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86"
-IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
+IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test tls-compression"
 RESTRICT="!bindist? ( bindist )
 	test"
 
 RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
 	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
 	!=dev-libs/openssl-0.9.8*:0
 	!dev-libs/openssl:0.9.8"
@@ -128,7 +128,7 @@ multilib_src_configure() {
 		enable-tlsext \
 		$(use_ssl gmp gmp -lgmp) \
 		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl zlib) \
+		$(use_ssl tls-compression zlib) \
 		--prefix=/usr \
 		--openssldir=/etc/ssl \
 		shared threads \

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
similarity index 97%
rename from dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
rename to dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
index 4ba9941176c..ee152f0d89e 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
@@ -39,14 +39,14 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="1.0.0"
 KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla tls-compression"
 
 RESTRICT="!bindist? ( bindist )
 	test"
 
 RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 	!=dev-libs/openssl-1.0.2*:0
 	!dev-libs/openssl:1.0.0"
 DEPEND="${RDEPEND}"
@@ -205,7 +205,7 @@ multilib_src_configure() {
 		$(use_ssl sslv2 ssl2) \
 		$(use_ssl sslv3 ssl3) \
 		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
+		$(use_ssl tls-compression zlib) \
 		--prefix="${EPREFIX}"/usr \
 		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
 		--libdir=$(get_libdir) \


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2022-06-11  5:12 Sam James
  0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2022-06-11  5:12 UTC (permalink / raw
  To: gentoo-commits

commit:     d080ce6504c316484c2540cb69b71e7ec57f6011
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 11 05:12:28 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun 11 05:12:37 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d080ce65

dev-libs/openssl-compat: tidy up; sync with openssl

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild
index cdf051c1295d..20a03ddac7fa 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild
@@ -69,11 +69,11 @@ src_unpack() {
 }
 
 src_prepare() {
-	# allow openssl to be cross-compiled
+	# Allow openssl to be cross-compiled
 	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
 	chmod a+rx gentoo.config || die
 
-	# keep this in sync with app-misc/c_rehash
+	# Keep this in sync with app-misc/c_rehash
 	SSL_CNF_DIR="/etc/ssl"
 
 	# Make sure we only ever touch Makefile.org and avoid patching a file
@@ -125,10 +125,11 @@ src_prepare() {
 
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 
-	# Prefixify Configure shebang (#141906)
+	# Prefixify Configure shebang (bug #141906)
 	sed \
 		-e "1s,/usr/bin/env,${EPREFIX}&," \
 		-i Configure || die
+
 	# Remove test target when FEATURES=test isn't set
 	if ! use test ; then
 		sed \
@@ -172,9 +173,10 @@ multilib_src_configure() {
 	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
 
 	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
+	# friendly and can use the nicely optimized code paths, bug #460790.
 	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
+
+	# Disable it for now though (bug #469976)
 	# echo "__uint128_t i;" > "${T}"/128.c
 	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
 	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2022-11-15  8:46 Sam James
  0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2022-11-15  8:46 UTC (permalink / raw
  To: gentoo-commits

commit:     18b0735d5ef866fc770e2a71f87a8eaefa58e3fb
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 15 08:42:37 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Nov 15 08:42:37 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18b0735d

dev-libs/openssl-compat: add 1.1.1s

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl-compat/Manifest                   |   2 +
 .../openssl-compat/openssl-compat-1.1.1s.ebuild    | 261 +++++++++++++++++++++
 2 files changed, 263 insertions(+)

diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index a1d91620a616..159bbdd0bcfd 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -4,4 +4,6 @@ DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e
 DIST openssl-1.1.1o-test-fixes-expiry.patch.xz 6180 BLAKE2B 23ef36d7bd05c98f7fab6de25681a53fa7a558d114548836b6cd90a57c4f4e45dc9fb622936053608b463320605b7df60db2d2caf3811b249f6ead3791a1c081 SHA512 577aec97fb31cd9efe3b30d82c560d3e7da57ae52c4de0f86e951b777a673830baaadcc5eb366c523024d37405531c6d32de26bbbc1e77df15c7822c72e937e6
 DIST openssl-1.1.1o.tar.gz 9856386 BLAKE2B 5bd355fd17adf43ba4e3bf1a8036ceb724edd4f4ab80dc25aecc3d2647372e9db2bc12e2b89791fc4b6f7fd95a7b68e00490d09ca6518d25ab990ee27798e641 SHA512 75b2f1499cb4640229eb6cd35d85cbff2e19db17b959ac4d04b60f1b395b73567f9003521452a0fcfeea9b31b26de0a7bccf476ecf9caae02298f3647cfb7e23
 DIST openssl-1.1.1o.tar.gz.asc 488 BLAKE2B a03a967e7e2124d1a76ad7765e2f48065f40d32ba102a433be603ee8f86b26a2d246dcb97a95bd694ef3005889ce4f1951f76d39fe1d683f92da1aa3023e9c2d SHA512 da6d88de7c1cd807b6089d50f8bb102c317c0b45ca26e517e3e400c5c65f787d94a1ee522af76279e93790a7fb491348cf25ffcfd66ecb9a9d35209328cb221e
+DIST openssl-1.1.1s.tar.gz 9868981 BLAKE2B ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb SHA512 2ef983f166b5e1bf456ca37938e7e39d58d4cd85e9fc4b5174a05f5c37cc5ad89c3a9af97a6919bcaab128a8a92e4bdc8a045e5d9156d90768da8f73ac67c5b9
+DIST openssl-1.1.1s.tar.gz.asc 858 BLAKE2B d95f0f80d460feac737f84ed629c45aaf5e453103ef202ec7d33cf33b89ad83a9007429433b10754b725d7963b1960e350b64e8bdfe569ad149e26bef462eeca SHA512 aa6e5e940448297a90c46ba162f8e6ee324c2e202a9283328c31f996dc2259dd9f5f981d94d1cf1dd3cc73c44647b473602dacb857b9719bf066931b43b899e6
 DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9

diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1s.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1s.ebuild
new file mode 100644
index 000000000000..7f129274d627
--- /dev/null
+++ b/dev-libs/openssl-compat/openssl-compat-1.1.1s.ebuild
@@ -0,0 +1,261 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=openssl-${PV/_/-}
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="$(ver_cut 1-3)"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND="!=dev-libs/openssl-1.1.1*:0
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		kernel_linux? ( sys-process/procps )
+	)
+	verify-sig? ( sec-keys/openpgp-keys-openssl )"
+
+# Do not install any docs
+DOCS=()
+
+PATCHES=(
+	# General patches which are suitable to always apply
+	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+	"${FILESDIR}"/${PN/-compat}-1.1.0j-parallel_install_fix.patch # bug #671602
+	"${FILESDIR}"/${PN/-compat}-1.1.1i-riscv32.patch
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P/-compat}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# - Make sure the man pages are suffixed (bug #302165)
+	# - Don't bother building man pages if they're disabled
+	# - Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (bug #141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+		# use GNU ld full option, not to confuse it on Solaris
+		sed -i \
+			-e 's/-Wl,-M,/-Wl,--version-script=/' \
+			-e 's/-Wl,-h,/-Wl,--soname=/' \
+			Configurations/10-main.conf || die
+
+		# fix building on Solaris 10
+		# https://github.com/openssl/openssl/issues/6333
+		sed -i \
+			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
+			Configurations/10-main.conf || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	local ec_nistp_64_gcc_128
+
+	# Disable it for now though (bug #469976)
+	# echo "__uint128_t i;" > "${T}"/128.c
+	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	# fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		${ec_nistp_64_gcc_128}
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use_ssl sslv3 ssl3)
+		$(use_ssl sslv3 ssl3-method)
+		$(use_ssl asm)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl tls-heartbeat heartbeats)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+
+	emake build_libs
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	dolib.so lib{crypto,ssl}.so.$(ver_cut 1-2 "${SLOT}")
+}


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2022-12-15  6:16 Sam James
  0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2022-12-15  6:16 UTC (permalink / raw
  To: gentoo-commits

commit:     4f2ec2a7212e2e31aeee24dbe76459b8c10a73d6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 15 06:16:09 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 15 06:16:19 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f2ec2a7

dev-libs/openssl-compat: drop 1.1.1o

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl-compat/Manifest                   |   3 -
 .../openssl-compat/openssl-compat-1.1.1o.ebuild    | 263 ---------------------
 2 files changed, 266 deletions(-)

diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 159bbdd0bcfd..a57a9cc57064 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -1,9 +1,6 @@
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
-DIST openssl-1.1.1o-test-fixes-expiry.patch.xz 6180 BLAKE2B 23ef36d7bd05c98f7fab6de25681a53fa7a558d114548836b6cd90a57c4f4e45dc9fb622936053608b463320605b7df60db2d2caf3811b249f6ead3791a1c081 SHA512 577aec97fb31cd9efe3b30d82c560d3e7da57ae52c4de0f86e951b777a673830baaadcc5eb366c523024d37405531c6d32de26bbbc1e77df15c7822c72e937e6
-DIST openssl-1.1.1o.tar.gz 9856386 BLAKE2B 5bd355fd17adf43ba4e3bf1a8036ceb724edd4f4ab80dc25aecc3d2647372e9db2bc12e2b89791fc4b6f7fd95a7b68e00490d09ca6518d25ab990ee27798e641 SHA512 75b2f1499cb4640229eb6cd35d85cbff2e19db17b959ac4d04b60f1b395b73567f9003521452a0fcfeea9b31b26de0a7bccf476ecf9caae02298f3647cfb7e23
-DIST openssl-1.1.1o.tar.gz.asc 488 BLAKE2B a03a967e7e2124d1a76ad7765e2f48065f40d32ba102a433be603ee8f86b26a2d246dcb97a95bd694ef3005889ce4f1951f76d39fe1d683f92da1aa3023e9c2d SHA512 da6d88de7c1cd807b6089d50f8bb102c317c0b45ca26e517e3e400c5c65f787d94a1ee522af76279e93790a7fb491348cf25ffcfd66ecb9a9d35209328cb221e
 DIST openssl-1.1.1s.tar.gz 9868981 BLAKE2B ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb SHA512 2ef983f166b5e1bf456ca37938e7e39d58d4cd85e9fc4b5174a05f5c37cc5ad89c3a9af97a6919bcaab128a8a92e4bdc8a045e5d9156d90768da8f73ac67c5b9
 DIST openssl-1.1.1s.tar.gz.asc 858 BLAKE2B d95f0f80d460feac737f84ed629c45aaf5e453103ef202ec7d33cf33b89ad83a9007429433b10754b725d7963b1960e350b64e8bdfe569ad149e26bef462eeca SHA512 aa6e5e940448297a90c46ba162f8e6ee324c2e202a9283328c31f996dc2259dd9f5f981d94d1cf1dd3cc73c44647b473602dacb857b9719bf066931b43b899e6
 DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9

diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild
deleted file mode 100644
index 20a03ddac7fa..000000000000
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild
+++ /dev/null
@@ -1,263 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
-
-MY_P=openssl-${PV/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN/-compat}/${P/-compat}-test-fixes-expiry.patch.xz
-	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="$(ver_cut 1-3)"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND="!=dev-libs/openssl-1.1.1*:0
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		kernel_linux? ( sys-process/procps )
-	)
-	verify-sig? ( sec-keys/openpgp-keys-openssl )"
-
-# Do not install any docs
-DOCS=()
-
-PATCHES=(
-	# General patches which are suitable to always apply
-	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
-	"${FILESDIR}"/${PN/-compat}-1.1.0j-parallel_install_fix.patch # bug #671602
-	"${FILESDIR}"/${PN/-compat}-1.1.1i-riscv32.patch
-	"${WORKDIR}"/${P/-compat}-test-fixes-expiry.patch
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P/-compat}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# - Make sure the man pages are suffixed (bug #302165)
-	# - Don't bother building man pages if they're disabled
-	# - Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (bug #141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
-		# use GNU ld full option, not to confuse it on Solaris
-		sed -i \
-			-e 's/-Wl,-M,/-Wl,--version-script=/' \
-			-e 's/-Wl,-h,/-Wl,--soname=/' \
-			Configurations/10-main.conf || die
-
-		# fix building on Solaris 10
-		# https://github.com/openssl/openssl/issues/6333
-		sed -i \
-			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
-			Configurations/10-main.conf || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	local ec_nistp_64_gcc_128
-
-	# Disable it for now though (bug #469976)
-	# echo "__uint128_t i;" > "${T}"/128.c
-	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	# fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		${ec_nistp_64_gcc_128}
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use_ssl sslv3 ssl3)
-		$(use_ssl sslv3 ssl3-method)
-		$(use_ssl asm)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl tls-heartbeat heartbeats)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-
-	emake build_libs
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	dolib.so lib{crypto,ssl}.so.$(ver_cut 1-2 "${SLOT}")
-}


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2023-05-13  3:23 Sam James
  0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2023-05-13  3:23 UTC (permalink / raw
  To: gentoo-commits

commit:     fe61377ca82545dfbfb0e1d8baa8041c47bfad8f
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 13 03:20:35 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 13 03:20:35 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe61377c

dev-libs/openssl-compat: drop 1.1.1s

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl-compat/Manifest                   |   2 -
 .../openssl-compat/openssl-compat-1.1.1s.ebuild    | 264 ---------------------
 2 files changed, 266 deletions(-)

diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 0826f4aee7ce..610236322663 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -1,8 +1,6 @@
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
-DIST openssl-1.1.1s.tar.gz 9868981 BLAKE2B ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb SHA512 2ef983f166b5e1bf456ca37938e7e39d58d4cd85e9fc4b5174a05f5c37cc5ad89c3a9af97a6919bcaab128a8a92e4bdc8a045e5d9156d90768da8f73ac67c5b9
-DIST openssl-1.1.1s.tar.gz.asc 858 BLAKE2B d95f0f80d460feac737f84ed629c45aaf5e453103ef202ec7d33cf33b89ad83a9007429433b10754b725d7963b1960e350b64e8bdfe569ad149e26bef462eeca SHA512 aa6e5e940448297a90c46ba162f8e6ee324c2e202a9283328c31f996dc2259dd9f5f981d94d1cf1dd3cc73c44647b473602dacb857b9719bf066931b43b899e6
 DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c
 DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b
 DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9

diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1s.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1s.ebuild
deleted file mode 100644
index e95f60fc6006..000000000000
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1s.ebuild
+++ /dev/null
@@ -1,264 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig linux-info
-
-MY_P=openssl-${PV/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="$(ver_cut 1-3)"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND="!=dev-libs/openssl-1.1.1*:0
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		kernel_linux? ( sys-process/procps )
-	)
-	verify-sig? ( sec-keys/openpgp-keys-openssl )"
-
-# Do not install any docs
-DOCS=()
-
-PATCHES=(
-	# General patches which are suitable to always apply
-	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
-	"${FILESDIR}"/${PN/-compat}-1.1.0j-parallel_install_fix.patch # bug #671602
-	"${FILESDIR}"/${PN/-compat}-1.1.1i-riscv32.patch
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-
-	use test && CONFIG_CHECK="~CRYPTO_USER_API_SKCIPHER"
-	linux-info_pkg_setup
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P/-compat}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# - Make sure the man pages are suffixed (bug #302165)
-	# - Don't bother building man pages if they're disabled
-	# - Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (bug #141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
-		# use GNU ld full option, not to confuse it on Solaris
-		sed -i \
-			-e 's/-Wl,-M,/-Wl,--version-script=/' \
-			-e 's/-Wl,-h,/-Wl,--soname=/' \
-			Configurations/10-main.conf || die
-
-		# fix building on Solaris 10
-		# https://github.com/openssl/openssl/issues/6333
-		sed -i \
-			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
-			Configurations/10-main.conf || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	local ec_nistp_64_gcc_128
-
-	# Disable it for now though (bug #469976)
-	# echo "__uint128_t i;" > "${T}"/128.c
-	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	# fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		${ec_nistp_64_gcc_128}
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use_ssl sslv3 ssl3)
-		$(use_ssl sslv3 ssl3-method)
-		$(use_ssl asm)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl tls-heartbeat heartbeats)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-
-	emake build_libs
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	dolib.so lib{crypto,ssl}.so.$(ver_cut 1-2 "${SLOT}")
-}


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2023-05-30 16:01 Sam James
  0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2023-05-30 16:01 UTC (permalink / raw
  To: gentoo-commits

commit:     6d737227c660e1f5c1442ed11dda5fb20ec6d09b
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue May 30 16:00:22 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue May 30 16:00:29 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d737227

dev-libs/openssl-compat: add 1.1.1u

Bug: https://bugs.gentoo.org/907413
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl-compat/Manifest                   |   2 +
 .../openssl-compat/openssl-compat-1.1.1u.ebuild    | 221 +++++++++++++++++++++
 2 files changed, 223 insertions(+)

diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 610236322663..840ba6c455ee 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -3,4 +3,6 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c
 DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b
+DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919
+DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
 DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9

diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
new file mode 100644
index 000000000000..f1ff4defc6a7
--- /dev/null
+++ b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
@@ -0,0 +1,221 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=openssl-${PV/_/-}
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="$(ver_cut 1-3)"
+if [[ ${PV} != *_pre* ]] ; then
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	!=dev-libs/openssl-1.1.1*:0
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		kernel_linux? ( sys-process/procps )
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
+
+# Do not install any docs
+DOCS=()
+
+PATCHES=(
+	# General patches which are suitable to always apply
+	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+	"${FILESDIR}"/${PN/-compat}-1.1.0j-parallel_install_fix.patch # bug #671602
+	"${FILESDIR}"/${PN/-compat}-1.1.1i-riscv32.patch
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# Allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.4 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+		# use GNU ld full option, not to confuse it on Solaris
+		sed -i \
+			-e 's/-Wl,-M,/-Wl,--version-script=/' \
+			-e 's/-Wl,-h,/-Wl,--soname=/' \
+			Configurations/10-main.conf || die
+
+		# fix building on Solaris 10
+		# https://github.com/openssl/openssl/issues/6333
+		sed -i \
+			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
+			Configurations/10-main.conf || die
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+	local config="perl Configure"
+	[[ -z ${sslout} ]] && config="sh config -v"
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	edo ${config} ${sslout} --test-sanity
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="perl Configure"
+	[[ -z ${sslout} ]] && config="sh config -v"
+
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		${ec_nistp_64_gcc_128}
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use_ssl sslv3 ssl3)
+		$(use_ssl sslv3 ssl3-method)
+		$(use_ssl asm)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl tls-heartbeat heartbeats)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo ${config} "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	dolib.so lib{crypto,ssl}.so.$(ver_cut 1-2 "${SLOT}")
+}


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2023-06-14  5:22 Sam James
  0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2023-06-14  5:22 UTC (permalink / raw
  To: gentoo-commits

commit:     d51d7feb5e2f54c493024c5bd876b91043213ce8
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 14 05:22:07 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 14 05:22:07 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d51d7feb

dev-libs/openssl-compat: drop 1.1.1t

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl-compat/Manifest                   |   2 -
 .../openssl-compat/openssl-compat-1.1.1t.ebuild    | 221 ---------------------
 2 files changed, 223 deletions(-)

diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 840ba6c455ee..6cc3d6b74332 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -1,8 +1,6 @@
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
-DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c
-DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b
 DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919
 DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
 DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9

diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild
deleted file mode 100644
index f1ff4defc6a7..000000000000
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild
+++ /dev/null
@@ -1,221 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
-
-MY_P=openssl-${PV/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="$(ver_cut 1-3)"
-if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	!=dev-libs/openssl-1.1.1*:0
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		kernel_linux? ( sys-process/procps )
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-# Do not install any docs
-DOCS=()
-
-PATCHES=(
-	# General patches which are suitable to always apply
-	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
-	"${FILESDIR}"/${PN/-compat}-1.1.0j-parallel_install_fix.patch # bug #671602
-	"${FILESDIR}"/${PN/-compat}-1.1.1i-riscv32.patch
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.4 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
-		# use GNU ld full option, not to confuse it on Solaris
-		sed -i \
-			-e 's/-Wl,-M,/-Wl,--version-script=/' \
-			-e 's/-Wl,-h,/-Wl,--soname=/' \
-			Configurations/10-main.conf || die
-
-		# fix building on Solaris 10
-		# https://github.com/openssl/openssl/issues/6333
-		sed -i \
-			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
-			Configurations/10-main.conf || die
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-	local config="perl Configure"
-	[[ -z ${sslout} ]] && config="sh config -v"
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	edo ${config} ${sslout} --test-sanity
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="perl Configure"
-	[[ -z ${sslout} ]] && config="sh config -v"
-
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		${ec_nistp_64_gcc_128}
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use_ssl sslv3 ssl3)
-		$(use_ssl sslv3 ssl3-method)
-		$(use_ssl asm)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl tls-heartbeat heartbeats)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo ${config} "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	dolib.so lib{crypto,ssl}.so.$(ver_cut 1-2 "${SLOT}")
-}


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2023-06-22  2:49 Sam James
  0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2023-06-22  2:49 UTC (permalink / raw
  To: gentoo-commits

commit:     324aeace7c4cd283cee3f33d595ed1d2fe7337cf
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 22 02:49:06 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 22 02:49:06 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=324aeace

dev-libs/openssl-compat: Stabilize 1.1.1u amd64, #899596

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
index f1ff4defc6a7..a3b7e9c7c441 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="$(ver_cut 1-3)"
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2023-06-22  3:08 Sam James
  0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2023-06-22  3:08 UTC (permalink / raw
  To: gentoo-commits

commit:     7533a45a035936265952e51d43f80fb339dd1cfe
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 22 03:08:17 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 22 03:08:17 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7533a45a

dev-libs/openssl-compat: Stabilize 1.1.1u x86, #899596

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
index a3b7e9c7c441..b56cfacc466d 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="$(ver_cut 1-3)"
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2023-09-09 20:24 Sam James
  0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2023-09-09 20:24 UTC (permalink / raw
  To: gentoo-commits

commit:     10a8b8d597d27b4323d1c47e4ef91bb725b99396
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Sep  9 19:07:22 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Sep  9 20:22:22 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10a8b8d5

dev-libs/openssl-compat: inherit stable keywords from dev-libs/openssl for 1.1.1u

Needed for rust-bin.

Bug: https://bugs.gentoo.org/797325
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
index b56cfacc466d..bd52a17cba4e 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="$(ver_cut 1-3)"
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2024-04-04  1:07 Sam James
  0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2024-04-04  1:07 UTC (permalink / raw
  To: gentoo-commits

commit:     294aafdf1ed6355be05eeed347c754adf99dd815
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Apr  4 01:06:59 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Apr  4 01:06:59 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=294aafdf

dev-libs/openssl-compat: Stabilize 1.0.2u-r2 arm, #928546

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
index e6142b6ffb6e..e3f11f7685f4 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
@@ -38,7 +38,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="1.0.0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla tls-compression"
 
 RESTRICT="!bindist? ( bindist )


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2024-05-16 16:47 Arthur Zamarin
  0 siblings, 0 replies; 33+ messages in thread
From: Arthur Zamarin @ 2024-05-16 16:47 UTC (permalink / raw
  To: gentoo-commits

commit:     7caf1146efdda173cb44ae391c08bddb3bea03f3
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu May 16 16:47:14 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu May 16 16:47:14 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7caf1146

dev-libs/openssl-compat: Stabilize 1.0.2u-r2 arm64, #928546

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
index e3f11f7685f4..00f2576c4730 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
@@ -38,7 +38,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="1.0.0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla tls-compression"
 
 RESTRICT="!bindist? ( bindist )


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2024-07-01 18:55 Mike Gilbert
  0 siblings, 0 replies; 33+ messages in thread
From: Mike Gilbert @ 2024-07-01 18:55 UTC (permalink / raw
  To: gentoo-commits

commit:     017ff8275951bbb887d34f5b99d6cad70a191aae
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Jul  1 18:47:41 2024 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Jul  1 18:53:26 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=017ff827

dev-libs/openssl-compat: update SRC_URI

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
index 00f2576c4730..97604a0d3850 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
@@ -25,16 +25,12 @@ DESCRIPTION="full-strength general purpose cryptography library (including SSL a
 HOMEPAGE="https://www.openssl.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 	bindist? (
-		mirror://gentoo/${BINDIST_PATCH_SET}
-		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+		mirror://gentoo/bb/${BINDIST_PATCH_SET}
 	)
 	!vanilla? (
-		mirror://gentoo/${PATCH_SET}.tar.xz
 		https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
 	)
-	https://dev.gentoo.org/~whissi/dist/openssl/openssl-compat-1.0.2u-versioned-symbols.patch.gz"
+	mirror://gentoo/ec/openssl-compat-1.0.2u-versioned-symbols.patch.gz"
 
 LICENSE="openssl"
 SLOT="1.0.0"


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2024-08-25 15:24 Andreas K. Hüttel
  0 siblings, 0 replies; 33+ messages in thread
From: Andreas K. Hüttel @ 2024-08-25 15:24 UTC (permalink / raw
  To: gentoo-commits

commit:     1d4b06a59f2e9a720ce235a2bcbc7ca50e47f479
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 25 15:17:04 2024 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Sun Aug 25 15:24:07 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1d4b06a5

dev-libs/openssl-compat: remove ~mips, library and leaf package

Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild | 2 +-
 dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
index 97604a0d3850..e3253c9ccdee 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
@@ -34,7 +34,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="1.0.0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla tls-compression"
 
 RESTRICT="!bindist? ( bindist )

diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
index 49b04530e1d4..a65872c626ca 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="$(ver_cut 1-3)"
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"


^ permalink raw reply related	[flat|nested] 33+ messages in thread

end of thread, other threads:[~2024-08-25 15:24 UTC | newest]

Thread overview: 33+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-09-16  0:06 [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/ Thomas Deutschmann
  -- strict thread matches above, loose matches on Subject: below --
2024-08-25 15:24 Andreas K. Hüttel
2024-07-01 18:55 Mike Gilbert
2024-05-16 16:47 Arthur Zamarin
2024-04-04  1:07 Sam James
2023-09-09 20:24 Sam James
2023-06-22  3:08 Sam James
2023-06-22  2:49 Sam James
2023-06-14  5:22 Sam James
2023-05-30 16:01 Sam James
2023-05-13  3:23 Sam James
2022-12-15  6:16 Sam James
2022-11-15  8:46 Sam James
2022-06-11  5:12 Sam James
2021-07-21 12:56 Thomas Deutschmann
2020-05-19  9:49 Thomas Deutschmann
2020-05-19  9:49 Thomas Deutschmann
2020-05-08 23:28 Thomas Deutschmann
2020-01-01 21:25 Thomas Deutschmann
2020-01-01 21:25 Thomas Deutschmann
2019-12-21 20:31 Thomas Deutschmann
2019-11-25  0:42 Thomas Deutschmann
2019-11-02 14:56 Thomas Deutschmann
2019-10-22  7:45 Lars Wendler
2019-10-01 19:38 Thomas Deutschmann
2019-09-16  0:06 Thomas Deutschmann
2019-09-16  0:06 Thomas Deutschmann
2019-09-15 20:37 Thomas Deutschmann
2019-09-15 20:28 Thomas Deutschmann
2019-09-13 12:15 Mikle Kolyada
2019-09-13  0:00 Thomas Deutschmann
2019-09-12 13:57 Thomas Deutschmann
2019-08-23 18:10 Thomas Deutschmann

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox