* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-08-23 18:10 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-08-23 18:10 UTC (permalink / raw
To: gentoo-commits
commit: e97ec5edeee8a64d588372637d04ae934d3c514b
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 23 17:59:39 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Aug 23 18:10:22 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e97ec5ed
dev-libs/openssl-compat: bump to v1.0.2s
Package-Manager: Portage-2.3.72, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/Manifest | 4 +
.../openssl-compat/openssl-compat-1.0.2s.ebuild | 258 +++++++++++++++++++++
2 files changed, 262 insertions(+)
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 8fc04945964..260480f8468 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -4,3 +4,7 @@ DIST openssl-1.0.2r.tar.gz 5348369 BLAKE2B 9f9c2d2fe6eaf9acacab29b394a318f30c38e
DIST openssl-1.0.2r_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
DIST openssl-1.0.2r_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
DIST openssl-1.0.2r_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
+DIST openssl-1.0.2s.tar.gz 5349149 BLAKE2B 46c72dcceb5b473b129be0a895f3d6c25a24ee852a31dc369ccf0e44319259d8694d3571b8cb698efb8bce89dbe31f4fc9f82753cacb24cbd3d50fa2ab9b6e83 SHA512 9f745452c4f777df694158e95003cde78a2cf8199bc481a563ec36644664c3c1415a774779b9791dd18f2aeb57fa1721cb52b3db12d025955e970071d5b66d2a
+DIST openssl-1.0.2s_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
+DIST openssl-1.0.2s_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
+DIST openssl-1.0.2s_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2s.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2s.ebuild
new file mode 100644
index 00000000000..7449ff20b7e
--- /dev/null
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2s.ebuild
@@ -0,0 +1,258 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+MY_P=openssl-${PV/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+ !vanilla? (
+ mirror://gentoo/${PATCH_SET}.tar.xz
+ https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
+ https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
+ https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+ )"
+
+LICENSE="openssl"
+SLOT="1.0.0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+ !=dev-libs/openssl-1.0.2*:0"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ >=dev-lang/perl-5
+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+ test? (
+ sys-apps/diffutils
+ sys-devel/bc
+ )"
+
+RESTRICT="test"
+
+# Do not install any docs
+DOCS=()
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+# These are ported instead
+#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+#PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f25'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+ FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> openssl-${PV}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+ FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+ usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+ if use bindist; then
+ # This just removes the prefix, and puts it into WORKDIR like the RPM.
+ for i in "${FEDORA_SOURCE[@]}" ; do
+ cp -f "${DISTDIR}"/"openssl-${PV}_${i}" "${WORKDIR}"/"${i}" || die
+ done
+ # .spec %prep
+ bash "${WORKDIR}"/"${SOURCE1}" || die
+ cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+ cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
+ for i in "${FEDORA_PATCH[@]}" ; do
+ eapply "${DISTDIR}"/"${i}"
+ done
+ eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
+ # Also see the configure parts below:
+ # enable-ec \
+ # $(use_ssl !bindist ec2m) \
+ # $(use_ssl !bindist srp) \
+ fi
+
+ # keep this in sync with app-misc/c_rehash
+ SSL_CNF_DIR="/etc/ssl"
+
+ # Make sure we only ever touch Makefile.org and avoid patching a file
+ # that gets blown away anyways by the Configure script in src_configure
+ rm -f Makefile
+
+ if ! use vanilla ; then
+ if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+ [[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+ fi
+ fi
+
+ eapply_user
+
+ # disable fips in the build
+ # make sure the man pages are suffixed #302165
+ # don't bother building man pages if they're disabled
+ sed -i \
+ -e '/DIRS/s: fips : :g' \
+ -e '/^MANSUFFIX/s:=.*:=ssl:' \
+ -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+ -e $(has noman FEATURES \
+ && echo '/^install:/s:install_docs::' \
+ || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+ Makefile.org \
+ || die
+ # show the actual commands in the log
+ sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+ # since we're forcing $(CC) as makedep anyway, just fix
+ # the conditional as always-on
+ # helps clang (#417795), and versioned gcc (#499818)
+ # this breaks build with 1.0.2p, not sure if it is needed anymore
+ #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+ # quiet out unknown driver argument warnings since openssl
+ # doesn't have well-split CFLAGS and we're making it even worse
+ # and 'make depend' uses -Werror for added fun (#417795 again)
+ [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+ # allow openssl to be cross-compiled
+ cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+ chmod a+rx gentoo.config || die
+
+ append-flags -fno-strict-aliasing
+ append-flags $(test-flags-CC -Wa,--noexecstack)
+ append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+ sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+ # The config script does stupid stuff to prompt the user. Kill it.
+ sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+ ./config --test-sanity || die "I AM NOT SANE"
+
+ multilib_copy_sources
+}
+
+multilib_src_configure() {
+ unset APPS #197996
+ unset SCRIPTS #312551
+ unset CROSS_COMPILE #311473
+
+ tc-export CC AR RANLIB RC
+
+ # Clean out patent-or-otherwise-encumbered code
+ # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
+ # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+ # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+ # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
+ # RC5: Expired https://en.wikipedia.org/wiki/RC5
+
+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+ echoit() { echo "$@" ; "$@" ; }
+
+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+ # See if our toolchain supports __uint128_t. If so, it's 64bit
+ # friendly and can use the nicely optimized code paths. #460790
+ local ec_nistp_64_gcc_128
+ # Disable it for now though #469976
+ #if ! use bindist ; then
+ # echo "__uint128_t i;" > "${T}"/128.c
+ # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+ # fi
+ #fi
+
+ # https://github.com/openssl/openssl/issues/2286
+ if use ia64 ; then
+ replace-flags -g3 -g2
+ replace-flags -ggdb3 -ggdb2
+ fi
+
+ local sslout=$(./gentoo.config)
+ einfo "Use configuration ${sslout:-(openssl knows best)}"
+ local config="Configure"
+ [[ -z ${sslout} ]] && config="config"
+
+ # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+ # Make sure user flags don't get added *yet* to avoid duplicated
+ # flags.
+ CFLAGS= LDFLAGS= echoit \
+ ./${config} \
+ ${sslout} \
+ $(use cpu_flags_x86_sse2 || echo "no-sse2") \
+ enable-camellia \
+ enable-ec \
+ $(use_ssl !bindist ec2m) \
+ $(use_ssl !bindist srp) \
+ ${ec_nistp_64_gcc_128} \
+ enable-idea \
+ enable-mdc2 \
+ enable-rc5 \
+ enable-tlsext \
+ $(use_ssl asm) \
+ $(use_ssl gmp gmp -lgmp) \
+ $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+ $(use_ssl rfc3779) \
+ $(use_ssl sctp) \
+ $(use_ssl sslv2 ssl2) \
+ $(use_ssl sslv3 ssl3) \
+ $(use_ssl tls-heartbeat heartbeats) \
+ $(use_ssl zlib) \
+ --prefix="${EPREFIX}"/usr \
+ --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+ --libdir=$(get_libdir) \
+ shared threads \
+ || die
+
+ # Clean out hardcoded flags that openssl uses
+ local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+ -e 's:^CFLAG=::' \
+ -e 's:\(^\| \)-fomit-frame-pointer::g' \
+ -e 's:\(^\| \)-O[^ ]*::g' \
+ -e 's:\(^\| \)-march=[^ ]*::g' \
+ -e 's:\(^\| \)-mcpu=[^ ]*::g' \
+ -e 's:\(^\| \)-m[^ ]*::g' \
+ -e 's:^ *::' \
+ -e 's: *$::' \
+ -e 's: \+: :g' \
+ -e 's:\\:\\\\:g'
+ )
+
+ # Now insert clean default flags with user flags
+ sed -i \
+ -e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+ -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+ Makefile || die
+}
+
+multilib_src_compile() {
+ # depend is needed to use $confopts; it also doesn't matter
+ # that it's -j1 as the code itself serializes subdirs
+ emake -j1 V=1 depend
+ emake build_libs
+}
+
+multilib_src_test() {
+ emake -j1 test
+}
+
+multilib_src_install() {
+ dolib.so lib{crypto,ssl}.so.${SLOT}
+}
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-12 13:57 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-09-12 13:57 UTC (permalink / raw
To: gentoo-commits
commit: e0a0f34d749f26e4a03c1a61f0bbd61de0d273de
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 12 13:57:05 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Sep 12 13:57:05 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0a0f34d
dev-libs/openssl-compat: bump to v1.0.2t
Package-Manager: Portage-2.3.75, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/Manifest | 2 +
.../openssl-compat/openssl-compat-1.0.2t.ebuild | 247 +++++++++++++++++++++
2 files changed, 249 insertions(+)
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 260480f8468..5966e6d5d9a 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -8,3 +8,5 @@ DIST openssl-1.0.2s.tar.gz 5349149 BLAKE2B 46c72dcceb5b473b129be0a895f3d6c25a24e
DIST openssl-1.0.2s_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
DIST openssl-1.0.2s_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
DIST openssl-1.0.2s_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
+DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
+DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
new file mode 100644
index 00000000000..4f49e0ff20c
--- /dev/null
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
@@ -0,0 +1,247 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+
+MY_P=openssl-${PV/_/-}
+
+# This patch set is based on the following files from Fedora 25,
+# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+ bindist? (
+ mirror://gentoo/${BINDIST_PATCH_SET}
+ https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+ )
+ !vanilla? (
+ mirror://gentoo/${PATCH_SET}.tar.xz
+ https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
+ https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
+ https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+ )"
+
+LICENSE="openssl"
+SLOT="1.0.0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+ !=dev-libs/openssl-1.0.2*:0"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ >=dev-lang/perl-5
+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+ test? (
+ sys-apps/diffutils
+ sys-devel/bc
+ )"
+
+RESTRICT="test"
+
+# Do not install any docs
+DOCS=()
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+ usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+ if use bindist; then
+ mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+ bash "${WORKDIR}"/hobble-openssl || die
+
+ cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+ cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
+
+ eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+ # Also see the configure parts below:
+ # enable-ec \
+ # $(use_ssl !bindist ec2m) \
+ # $(use_ssl !bindist srp) \
+ fi
+
+ # keep this in sync with app-misc/c_rehash
+ SSL_CNF_DIR="/etc/ssl"
+
+ # Make sure we only ever touch Makefile.org and avoid patching a file
+ # that gets blown away anyways by the Configure script in src_configure
+ rm -f Makefile
+
+ if ! use vanilla ; then
+ if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+ [[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+ fi
+ fi
+
+ eapply_user
+
+ # disable fips in the build
+ # make sure the man pages are suffixed #302165
+ # don't bother building man pages if they're disabled
+ sed -i \
+ -e '/DIRS/s: fips : :g' \
+ -e '/^MANSUFFIX/s:=.*:=ssl:' \
+ -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+ -e $(has noman FEATURES \
+ && echo '/^install:/s:install_docs::' \
+ || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+ Makefile.org \
+ || die
+ # show the actual commands in the log
+ sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+ # since we're forcing $(CC) as makedep anyway, just fix
+ # the conditional as always-on
+ # helps clang (#417795), and versioned gcc (#499818)
+ # this breaks build with 1.0.2p, not sure if it is needed anymore
+ #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+ # quiet out unknown driver argument warnings since openssl
+ # doesn't have well-split CFLAGS and we're making it even worse
+ # and 'make depend' uses -Werror for added fun (#417795 again)
+ [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+ # allow openssl to be cross-compiled
+ cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+ chmod a+rx gentoo.config || die
+
+ append-flags -fno-strict-aliasing
+ append-flags $(test-flags-CC -Wa,--noexecstack)
+ append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+ sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+ # The config script does stupid stuff to prompt the user. Kill it.
+ sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+ ./config --test-sanity || die "I AM NOT SANE"
+
+ multilib_copy_sources
+}
+
+multilib_src_configure() {
+ unset APPS #197996
+ unset SCRIPTS #312551
+ unset CROSS_COMPILE #311473
+
+ tc-export CC AR RANLIB RC
+
+ # Clean out patent-or-otherwise-encumbered code
+ # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
+ # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+ # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+ # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
+ # RC5: Expired https://en.wikipedia.org/wiki/RC5
+
+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+ echoit() { echo "$@" ; "$@" ; }
+
+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+ # See if our toolchain supports __uint128_t. If so, it's 64bit
+ # friendly and can use the nicely optimized code paths. #460790
+ local ec_nistp_64_gcc_128
+ # Disable it for now though #469976
+ #if ! use bindist ; then
+ # echo "__uint128_t i;" > "${T}"/128.c
+ # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+ # fi
+ #fi
+
+ # https://github.com/openssl/openssl/issues/2286
+ if use ia64 ; then
+ replace-flags -g3 -g2
+ replace-flags -ggdb3 -ggdb2
+ fi
+
+ local sslout=$(./gentoo.config)
+ einfo "Use configuration ${sslout:-(openssl knows best)}"
+ local config="Configure"
+ [[ -z ${sslout} ]] && config="config"
+
+ # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+ # Make sure user flags don't get added *yet* to avoid duplicated
+ # flags.
+ CFLAGS= LDFLAGS= echoit \
+ ./${config} \
+ ${sslout} \
+ $(use cpu_flags_x86_sse2 || echo "no-sse2") \
+ enable-camellia \
+ enable-ec \
+ $(use_ssl !bindist ec2m) \
+ $(use_ssl !bindist srp) \
+ ${ec_nistp_64_gcc_128} \
+ enable-idea \
+ enable-mdc2 \
+ enable-rc5 \
+ enable-tlsext \
+ $(use_ssl asm) \
+ $(use_ssl gmp gmp -lgmp) \
+ $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+ $(use_ssl rfc3779) \
+ $(use_ssl sctp) \
+ $(use_ssl sslv2 ssl2) \
+ $(use_ssl sslv3 ssl3) \
+ $(use_ssl tls-heartbeat heartbeats) \
+ $(use_ssl zlib) \
+ --prefix="${EPREFIX}"/usr \
+ --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+ --libdir=$(get_libdir) \
+ shared threads \
+ || die
+
+ # Clean out hardcoded flags that openssl uses
+ local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+ -e 's:^CFLAG=::' \
+ -e 's:\(^\| \)-fomit-frame-pointer::g' \
+ -e 's:\(^\| \)-O[^ ]*::g' \
+ -e 's:\(^\| \)-march=[^ ]*::g' \
+ -e 's:\(^\| \)-mcpu=[^ ]*::g' \
+ -e 's:\(^\| \)-m[^ ]*::g' \
+ -e 's:^ *::' \
+ -e 's: *$::' \
+ -e 's: \+: :g' \
+ -e 's:\\:\\\\:g'
+ )
+
+ # Now insert clean default flags with user flags
+ sed -i \
+ -e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+ -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+ Makefile || die
+}
+
+multilib_src_compile() {
+ # depend is needed to use $confopts; it also doesn't matter
+ # that it's -j1 as the code itself serializes subdirs
+ emake -j1 V=1 depend
+ emake build_libs
+}
+
+multilib_src_test() {
+ emake -j1 test
+}
+
+multilib_src_install() {
+ dolib.so lib{crypto,ssl}.so.${SLOT}
+}
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-13 0:00 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-09-13 0:00 UTC (permalink / raw
To: gentoo-commits
commit: b1b02130e1aa03dccde799abbcac3386cfcc9922
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 12 23:53:48 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Sep 12 23:53:48 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1b02130
dev-libs/openssl-compat: x86 stable (bug #694162)
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
index 4f49e0ff20c..ae9c07be6f7 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
LICENSE="openssl"
SLOT="1.0.0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
RESTRICT="!bindist? ( bindist )"
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-13 12:15 Mikle Kolyada
0 siblings, 0 replies; 33+ messages in thread
From: Mikle Kolyada @ 2019-09-13 12:15 UTC (permalink / raw
To: gentoo-commits
commit: 5bcb35aa2160c79d9b77029efb85cc1c4e47d779
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 13 12:15:35 2019 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Fri Sep 13 12:15:35 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5bcb35aa
dev-libs/openssl-compat: amd64 stable wrt bug #694162
Package-Manager: Portage-2.3.69, Repoman-2.3.16
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
index ae9c07be6f7..717d2d311a8 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
LICENSE="openssl"
SLOT="1.0.0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
RESTRICT="!bindist? ( bindist )"
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-15 20:28 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-09-15 20:28 UTC (permalink / raw
To: gentoo-commits
commit: 3201627815cc92ff5f4396c288354fd3acfcd7c3
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 20:27:47 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Sep 15 20:28:02 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32016278
dev-libs/openssl-compat: limit parallel jobs
Bug: https://bugs.gentoo.org/694512
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
index 717d2d311a8..292f5d8fd0f 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
@@ -3,7 +3,7 @@
EAPI="7"
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+inherit flag-o-matic toolchain-funcs multiprocessing multilib multilib-minimal
# openssl-1.0.2-patches-1.6 contain additional CVE patches
# which got fixed with this release.
@@ -135,6 +135,13 @@ src_prepare() {
sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
./config --test-sanity || die "I AM NOT SANE"
+ local make_jobs=$(makeopts_jobs)
+ if [[ ${make_jobs} -gt 6 ]] ; then
+ # bug 694512
+ einfo "Limiting parallel jobs to 6 ..."
+ export MAKEOPTS=-j6
+ fi
+
multilib_copy_sources
}
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-15 20:37 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-09-15 20:37 UTC (permalink / raw
To: gentoo-commits
commit: 3558a38befebeadab55ef698eb900b625838408d
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 20:36:50 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Sep 15 20:36:50 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3558a38b
dev-libs/openssl-compat: filter load average
Bug: https://bugs.gentoo.org/694512
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild | 3 +++
1 file changed, 3 insertions(+)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
index 292f5d8fd0f..8bb26744d2d 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
@@ -140,6 +140,9 @@ src_prepare() {
# bug 694512
einfo "Limiting parallel jobs to 6 ..."
export MAKEOPTS=-j6
+ else
+ # Filter load average
+ export MAKEOPTS=-j${make_jobs}
fi
multilib_copy_sources
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-16 0:06 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-09-16 0:06 UTC (permalink / raw
To: gentoo-commits
commit: 73567ce3bf59198b1c2fe19aa59d70fed4c8a13a
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 23:49:52 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Sep 16 00:06:04 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73567ce3
Revert "dev-libs/openssl-compat: filter load average"
This reverts commit 3558a38befebeadab55ef698eb900b625838408d.
Bug: https://bugs.gentoo.org/694512
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild | 3 ---
1 file changed, 3 deletions(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
index 8bb26744d2d..292f5d8fd0f 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
@@ -140,9 +140,6 @@ src_prepare() {
# bug 694512
einfo "Limiting parallel jobs to 6 ..."
export MAKEOPTS=-j6
- else
- # Filter load average
- export MAKEOPTS=-j${make_jobs}
fi
multilib_copy_sources
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-16 0:06 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-09-16 0:06 UTC (permalink / raw
To: gentoo-commits
commit: 5a2ebf9296293621d4a74c1090b5a6087b8a86d4
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 23:50:08 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Sep 16 00:06:08 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a2ebf92
Revert "dev-libs/openssl-compat: limit parallel jobs"
This reverts commit 3201627815cc92ff5f4396c288354fd3acfcd7c3.
Bug: https://bugs.gentoo.org/694512
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
index 292f5d8fd0f..717d2d311a8 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
@@ -3,7 +3,7 @@
EAPI="7"
-inherit flag-o-matic toolchain-funcs multiprocessing multilib multilib-minimal
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
# openssl-1.0.2-patches-1.6 contain additional CVE patches
# which got fixed with this release.
@@ -135,13 +135,6 @@ src_prepare() {
sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
./config --test-sanity || die "I AM NOT SANE"
- local make_jobs=$(makeopts_jobs)
- if [[ ${make_jobs} -gt 6 ]] ; then
- # bug 694512
- einfo "Limiting parallel jobs to 6 ..."
- export MAKEOPTS=-j6
- fi
-
multilib_copy_sources
}
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-09-16 0:06 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-09-16 0:06 UTC (permalink / raw
To: gentoo-commits
commit: 77f41cb32418c535b2e948e4bd29d4647b6c99c0
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 16 00:03:38 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Sep 16 00:06:18 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77f41cb3
dev-libs/openssl-compat: restore Gentoo patch set
Patch set for 1.0.2x series were longer applied when ebuilds were
bumped to EAPI=7 and unified.
Fixes a039f65 ("dev-libs/openssl: bump to EAPI 7")
Closes: https://bugs.gentoo.org/694512
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
.../{openssl-compat-1.0.2s.ebuild => openssl-compat-1.0.2s-r1.ebuild} | 4 +---
.../{openssl-compat-1.0.2t.ebuild => openssl-compat-1.0.2t-r1.ebuild} | 4 +---
2 files changed, 2 insertions(+), 6 deletions(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2s.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2s-r1.ebuild
similarity index 98%
rename from dev-libs/openssl-compat/openssl-compat-1.0.2s.ebuild
rename to dev-libs/openssl-compat/openssl-compat-1.0.2s-r1.ebuild
index 7449ff20b7e..f956fa3826a 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2s.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2s-r1.ebuild
@@ -100,9 +100,7 @@ src_prepare() {
rm -f Makefile
if ! use vanilla ; then
- if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
- [[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
- fi
+ eapply "${WORKDIR}"/patch/*.patch
fi
eapply_user
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
similarity index 98%
rename from dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
rename to dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
index 717d2d311a8..670f557544d 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
@@ -89,9 +89,7 @@ src_prepare() {
rm -f Makefile
if ! use vanilla ; then
- if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
- [[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
- fi
+ eapply "${WORKDIR}"/patch/*.patch
fi
eapply_user
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-10-01 19:38 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-10-01 19:38 UTC (permalink / raw
To: gentoo-commits
commit: b91192d5d750dadc3673000dc065cf42f750da35
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 1 19:34:22 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Oct 1 19:34:22 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b91192d5
dev-libs/openssl-compat: security cleanup (#694162)
Bug: https://bugs.gentoo.org/694162
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/Manifest | 8 -
.../openssl-compat/openssl-compat-1.0.2r.ebuild | 249 --------------------
.../openssl-compat/openssl-compat-1.0.2s-r1.ebuild | 256 ---------------------
3 files changed, 513 deletions(-)
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 5966e6d5d9a..5b5c397e40b 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -1,12 +1,4 @@
DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
-DIST openssl-1.0.2r.tar.gz 5348369 BLAKE2B 9f9c2d2fe6eaf9acacab29b394a318f30c38e831a5f9c193b2da660f9d04acbf407d8b752274783765416c0f5ba557c24ee293ad7fb7d727771db289e6acc901 SHA512 6eb2211f3ad56d7573ac26f388338592c37e5faaf5e2d44c0fa9062c12186e56a324f135d1c956a89b55fcce047e6428bec2756658d103e7275e08b46f741235
-DIST openssl-1.0.2r_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
-DIST openssl-1.0.2r_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
-DIST openssl-1.0.2r_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
-DIST openssl-1.0.2s.tar.gz 5349149 BLAKE2B 46c72dcceb5b473b129be0a895f3d6c25a24ee852a31dc369ccf0e44319259d8694d3571b8cb698efb8bce89dbe31f4fc9f82753cacb24cbd3d50fa2ab9b6e83 SHA512 9f745452c4f777df694158e95003cde78a2cf8199bc481a563ec36644664c3c1415a774779b9791dd18f2aeb57fa1721cb52b3db12d025955e970071d5b66d2a
-DIST openssl-1.0.2s_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
-DIST openssl-1.0.2s_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
-DIST openssl-1.0.2s_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2r.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2r.ebuild
deleted file mode 100644
index 7aef40f273d..00000000000
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2r.ebuild
+++ /dev/null
@@ -1,249 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-# openssl-1.0.2-patches-1.6 contain additional CVE patches
-# which got fixed with this release.
-# Please use 1.7 version number when rolling a new tarball!
-PATCH_SET="openssl-1.0.2-patches-1.5"
-MY_P=openssl-${PV/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
- !vanilla? (
- mirror://gentoo/${PATCH_SET}.tar.xz
- https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
- https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
- https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
- )"
-
-LICENSE="openssl"
-SLOT="1.0.0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
- gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
- kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
- !=dev-libs/openssl-1.0.2*:0
- !dev-libs/openssl:1.0.0"
-DEPEND="${RDEPEND}
- >=dev-lang/perl-5
- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
- test? (
- sys-apps/diffutils
- sys-devel/bc
- )"
-
-RESTRICT="test"
-
-# Do not install any docs
-DOCS=()
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-# These are ported instead
-#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-#PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f25'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
- FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> openssl-${PV}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
- FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
- usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
- if use bindist; then
- # This just removes the prefix, and puts it into WORKDIR like the RPM.
- for i in "${FEDORA_SOURCE[@]}" ; do
- cp -f "${DISTDIR}"/"openssl-${PV}_${i}" "${WORKDIR}"/"${i}" || die
- done
- # .spec %prep
- bash "${WORKDIR}"/"${SOURCE1}" || die
- cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
- cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
- for i in "${FEDORA_PATCH[@]}" ; do
- eapply "${DISTDIR}"/"${i}"
- done
- eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
- # Also see the configure parts below:
- # enable-ec \
- # $(use_ssl !bindist ec2m) \
- # $(use_ssl !bindist srp) \
- fi
-
- # keep this in sync with app-misc/c_rehash
- SSL_CNF_DIR="/etc/ssl"
-
- # Make sure we only ever touch Makefile.org and avoid patching a file
- # that gets blown away anyways by the Configure script in src_configure
- rm -f Makefile
-
- if ! use vanilla ; then
- eapply "${WORKDIR}"/patch/*.patch
- fi
-
- eapply_user
-
- # disable fips in the build
- # make sure the man pages are suffixed #302165
- # don't bother building man pages if they're disabled
- sed -i \
- -e '/DIRS/s: fips : :g' \
- -e '/^MANSUFFIX/s:=.*:=ssl:' \
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
- -e $(has noman FEATURES \
- && echo '/^install:/s:install_docs::' \
- || echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
- Makefile.org \
- || die
- # show the actual commands in the log
- sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
- # since we're forcing $(CC) as makedep anyway, just fix
- # the conditional as always-on
- # helps clang (#417795), and versioned gcc (#499818)
- # this breaks build with 1.0.2p, not sure if it is needed anymore
- #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
- # quiet out unknown driver argument warnings since openssl
- # doesn't have well-split CFLAGS and we're making it even worse
- # and 'make depend' uses -Werror for added fun (#417795 again)
- [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
- # allow openssl to be cross-compiled
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
- chmod a+rx gentoo.config || die
-
- append-flags -fno-strict-aliasing
- append-flags $(test-flags-CC -Wa,--noexecstack)
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
- sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
- # The config script does stupid stuff to prompt the user. Kill it.
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
- ./config --test-sanity || die "I AM NOT SANE"
-
- multilib_copy_sources
-}
-
-multilib_src_configure() {
- unset APPS #197996
- unset SCRIPTS #312551
- unset CROSS_COMPILE #311473
-
- tc-export CC AR RANLIB RC
-
- # Clean out patent-or-otherwise-encumbered code
- # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
- # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
- # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
- # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
- # RC5: Expired https://en.wikipedia.org/wiki/RC5
-
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
- echoit() { echo "$@" ; "$@" ; }
-
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
- # See if our toolchain supports __uint128_t. If so, it's 64bit
- # friendly and can use the nicely optimized code paths. #460790
- local ec_nistp_64_gcc_128
- # Disable it for now though #469976
- #if ! use bindist ; then
- # echo "__uint128_t i;" > "${T}"/128.c
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
- # fi
- #fi
-
- # https://github.com/openssl/openssl/issues/2286
- if use ia64 ; then
- replace-flags -g3 -g2
- replace-flags -ggdb3 -ggdb2
- fi
-
- local sslout=$(./gentoo.config)
- einfo "Use configuration ${sslout:-(openssl knows best)}"
- local config="Configure"
- [[ -z ${sslout} ]] && config="config"
-
- # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
- echoit \
- ./${config} \
- ${sslout} \
- $(use cpu_flags_x86_sse2 || echo "no-sse2") \
- enable-camellia \
- enable-ec \
- $(use_ssl !bindist ec2m) \
- $(use_ssl !bindist srp) \
- ${ec_nistp_64_gcc_128} \
- enable-idea \
- enable-mdc2 \
- enable-rc5 \
- enable-tlsext \
- $(use_ssl asm) \
- $(use_ssl gmp gmp -lgmp) \
- $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
- $(use_ssl rfc3779) \
- $(use_ssl sctp) \
- $(use_ssl sslv2 ssl2) \
- $(use_ssl sslv3 ssl3) \
- $(use_ssl tls-heartbeat heartbeats) \
- $(use_ssl zlib) \
- --prefix="${EPREFIX%/}"/usr \
- --openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
- --libdir=$(get_libdir) \
- shared threads \
- || die
-
- # Clean out hardcoded flags that openssl uses
- local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
- -e 's:^CFLAG=::' \
- -e 's:-fomit-frame-pointer ::g' \
- -e 's:-O[0-9] ::g' \
- -e 's:-march=[-a-z0-9]* ::g' \
- -e 's:-mcpu=[-a-z0-9]* ::g' \
- -e 's:-m[a-z0-9]* ::g' \
- )
- sed -i \
- -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
- -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
- Makefile || die
-}
-
-multilib_src_compile() {
- # depend is needed to use $confopts; it also doesn't matter
- # that it's -j1 as the code itself serializes subdirs
- emake -j1 V=1 depend
- emake build_libs
-}
-
-multilib_src_test() {
- emake -j1 test
-}
-
-multilib_src_install() {
- dolib.so lib{crypto,ssl}.so.${SLOT}
-}
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2s-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2s-r1.ebuild
deleted file mode 100644
index f956fa3826a..00000000000
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2s-r1.ebuild
+++ /dev/null
@@ -1,256 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-# openssl-1.0.2-patches-1.6 contain additional CVE patches
-# which got fixed with this release.
-# Please use 1.7 version number when rolling a new tarball!
-PATCH_SET="openssl-1.0.2-patches-1.5"
-MY_P=openssl-${PV/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
- !vanilla? (
- mirror://gentoo/${PATCH_SET}.tar.xz
- https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
- https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
- https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
- )"
-
-LICENSE="openssl"
-SLOT="1.0.0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
- kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
- !=dev-libs/openssl-1.0.2*:0"
-DEPEND="${RDEPEND}"
-BDEPEND="
- >=dev-lang/perl-5
- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
- test? (
- sys-apps/diffutils
- sys-devel/bc
- )"
-
-RESTRICT="test"
-
-# Do not install any docs
-DOCS=()
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-# These are ported instead
-#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-#PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f25'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
- FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> openssl-${PV}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
- FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
- usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
- if use bindist; then
- # This just removes the prefix, and puts it into WORKDIR like the RPM.
- for i in "${FEDORA_SOURCE[@]}" ; do
- cp -f "${DISTDIR}"/"openssl-${PV}_${i}" "${WORKDIR}"/"${i}" || die
- done
- # .spec %prep
- bash "${WORKDIR}"/"${SOURCE1}" || die
- cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
- cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
- for i in "${FEDORA_PATCH[@]}" ; do
- eapply "${DISTDIR}"/"${i}"
- done
- eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
- # Also see the configure parts below:
- # enable-ec \
- # $(use_ssl !bindist ec2m) \
- # $(use_ssl !bindist srp) \
- fi
-
- # keep this in sync with app-misc/c_rehash
- SSL_CNF_DIR="/etc/ssl"
-
- # Make sure we only ever touch Makefile.org and avoid patching a file
- # that gets blown away anyways by the Configure script in src_configure
- rm -f Makefile
-
- if ! use vanilla ; then
- eapply "${WORKDIR}"/patch/*.patch
- fi
-
- eapply_user
-
- # disable fips in the build
- # make sure the man pages are suffixed #302165
- # don't bother building man pages if they're disabled
- sed -i \
- -e '/DIRS/s: fips : :g' \
- -e '/^MANSUFFIX/s:=.*:=ssl:' \
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
- -e $(has noman FEATURES \
- && echo '/^install:/s:install_docs::' \
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
- Makefile.org \
- || die
- # show the actual commands in the log
- sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
- # since we're forcing $(CC) as makedep anyway, just fix
- # the conditional as always-on
- # helps clang (#417795), and versioned gcc (#499818)
- # this breaks build with 1.0.2p, not sure if it is needed anymore
- #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
- # quiet out unknown driver argument warnings since openssl
- # doesn't have well-split CFLAGS and we're making it even worse
- # and 'make depend' uses -Werror for added fun (#417795 again)
- [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
- # allow openssl to be cross-compiled
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
- chmod a+rx gentoo.config || die
-
- append-flags -fno-strict-aliasing
- append-flags $(test-flags-CC -Wa,--noexecstack)
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
- sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
- # The config script does stupid stuff to prompt the user. Kill it.
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
- ./config --test-sanity || die "I AM NOT SANE"
-
- multilib_copy_sources
-}
-
-multilib_src_configure() {
- unset APPS #197996
- unset SCRIPTS #312551
- unset CROSS_COMPILE #311473
-
- tc-export CC AR RANLIB RC
-
- # Clean out patent-or-otherwise-encumbered code
- # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
- # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
- # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
- # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
- # RC5: Expired https://en.wikipedia.org/wiki/RC5
-
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
- echoit() { echo "$@" ; "$@" ; }
-
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
- # See if our toolchain supports __uint128_t. If so, it's 64bit
- # friendly and can use the nicely optimized code paths. #460790
- local ec_nistp_64_gcc_128
- # Disable it for now though #469976
- #if ! use bindist ; then
- # echo "__uint128_t i;" > "${T}"/128.c
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
- # fi
- #fi
-
- # https://github.com/openssl/openssl/issues/2286
- if use ia64 ; then
- replace-flags -g3 -g2
- replace-flags -ggdb3 -ggdb2
- fi
-
- local sslout=$(./gentoo.config)
- einfo "Use configuration ${sslout:-(openssl knows best)}"
- local config="Configure"
- [[ -z ${sslout} ]] && config="config"
-
- # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
- # Make sure user flags don't get added *yet* to avoid duplicated
- # flags.
- CFLAGS= LDFLAGS= echoit \
- ./${config} \
- ${sslout} \
- $(use cpu_flags_x86_sse2 || echo "no-sse2") \
- enable-camellia \
- enable-ec \
- $(use_ssl !bindist ec2m) \
- $(use_ssl !bindist srp) \
- ${ec_nistp_64_gcc_128} \
- enable-idea \
- enable-mdc2 \
- enable-rc5 \
- enable-tlsext \
- $(use_ssl asm) \
- $(use_ssl gmp gmp -lgmp) \
- $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
- $(use_ssl rfc3779) \
- $(use_ssl sctp) \
- $(use_ssl sslv2 ssl2) \
- $(use_ssl sslv3 ssl3) \
- $(use_ssl tls-heartbeat heartbeats) \
- $(use_ssl zlib) \
- --prefix="${EPREFIX}"/usr \
- --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
- --libdir=$(get_libdir) \
- shared threads \
- || die
-
- # Clean out hardcoded flags that openssl uses
- local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
- -e 's:^CFLAG=::' \
- -e 's:\(^\| \)-fomit-frame-pointer::g' \
- -e 's:\(^\| \)-O[^ ]*::g' \
- -e 's:\(^\| \)-march=[^ ]*::g' \
- -e 's:\(^\| \)-mcpu=[^ ]*::g' \
- -e 's:\(^\| \)-m[^ ]*::g' \
- -e 's:^ *::' \
- -e 's: *$::' \
- -e 's: \+: :g' \
- -e 's:\\:\\\\:g'
- )
-
- # Now insert clean default flags with user flags
- sed -i \
- -e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
- -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
- Makefile || die
-}
-
-multilib_src_compile() {
- # depend is needed to use $confopts; it also doesn't matter
- # that it's -j1 as the code itself serializes subdirs
- emake -j1 V=1 depend
- emake build_libs
-}
-
-multilib_src_test() {
- emake -j1 test
-}
-
-multilib_src_install() {
- dolib.so lib{crypto,ssl}.so.${SLOT}
-}
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-10-22 7:45 Lars Wendler
0 siblings, 0 replies; 33+ messages in thread
From: Lars Wendler @ 2019-10-22 7:45 UTC (permalink / raw
To: gentoo-commits
commit: 45d47532b265f7a314e2c67d52550146fd6cd84f
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 22 07:45:03 2019 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Oct 22 07:45:26 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45d47532
dev-libs/openssl-compat: Block dev-libs/openssl:1.0.0
to avoid file collisions
Closes: https://bugs.gentoo.org/698208
Package-Manager: Portage-2.3.78, Repoman-2.3.17
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
index d42cc5f4f5a..50ca46ba72e 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
@@ -44,7 +44,8 @@ RESTRICT="!bindist? ( bindist )"
RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
- !=dev-libs/openssl-1.0.2*:0"
+ !=dev-libs/openssl-1.0.2*:0
+ !dev-libs/openssl:1.0.0"
DEPEND="${RDEPEND}"
BDEPEND="
>=dev-lang/perl-5
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-11-02 14:56 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-11-02 14:56 UTC (permalink / raw
To: gentoo-commits
commit: 73bddea54d7e0097c86df82f3d43707b344e83e3
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 2 14:55:39 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Nov 2 14:55:39 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73bddea5
dev-libs/openssl-compat: fix RESTRICT
Bug: https://bugs.gentoo.org/699154
Package-Manager: Portage-2.3.78, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
index 50ca46ba72e..b157a2495fc 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
@@ -39,7 +39,9 @@ LICENSE="openssl"
SLOT="1.0.0"
KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~x86-linux"
IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
+
+RESTRICT="!bindist? ( bindist )
+ test"
RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
@@ -55,8 +57,6 @@ BDEPEND="
sys-devel/bc
)"
-RESTRICT="test"
-
# Do not install any docs
DOCS=()
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-11-25 0:42 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-11-25 0:42 UTC (permalink / raw
To: gentoo-commits
commit: a8d0ebd940cc57e1fbf0e47b73e59758ab2b1519
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 25 00:42:25 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Nov 25 00:42:34 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8d0ebd9
dev-libs/openssl-compat: add missing RESTRICT=test
Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild
index d9b04231afd..6516e0257f2 100644
--- a/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild
@@ -20,7 +20,8 @@ LICENSE="openssl"
SLOT="0.9.8"
KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86"
IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
-RESTRICT="!bindist? ( bindist )"
+RESTRICT="!bindist? ( bindist )
+ test"
RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2019-12-21 20:31 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2019-12-21 20:31 UTC (permalink / raw
To: gentoo-commits
commit: c2b642ed1dfc7cb054380769761024dd73a768c6
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 21 20:30:14 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Dec 21 20:30:27 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2b642ed
dev-libs/openssl-compat: bump to v1.0.2u
Bug: https://bugs.gentoo.org/702176
Package-Manager: Portage-2.3.82, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/Manifest | 1 +
.../openssl-compat/openssl-compat-1.0.2u.ebuild | 246 +++++++++++++++++++++
2 files changed, 247 insertions(+)
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 5b5c397e40b..f6ca6a00831 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -2,3 +2,4 @@ DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b384
DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
+DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild
new file mode 100644
index 00000000000..5b3784f01f6
--- /dev/null
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild
@@ -0,0 +1,246 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+
+MY_P=openssl-${PV/_/-}
+
+# This patch set is based on the following files from Fedora 25,
+# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+ bindist? (
+ mirror://gentoo/${BINDIST_PATCH_SET}
+ https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+ )
+ !vanilla? (
+ mirror://gentoo/${PATCH_SET}.tar.xz
+ https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
+ https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
+ https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+ )"
+
+LICENSE="openssl"
+SLOT="1.0.0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+
+RESTRICT="!bindist? ( bindist )
+ test"
+
+RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+ !=dev-libs/openssl-1.0.2*:0
+ !dev-libs/openssl:1.0.0"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ >=dev-lang/perl-5
+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+ test? (
+ sys-apps/diffutils
+ sys-devel/bc
+ )"
+
+# Do not install any docs
+DOCS=()
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+ usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+ if use bindist; then
+ mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+ bash "${WORKDIR}"/hobble-openssl || die
+
+ cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+ cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
+
+ eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+ # Also see the configure parts below:
+ # enable-ec \
+ # $(use_ssl !bindist ec2m) \
+ # $(use_ssl !bindist srp) \
+ fi
+
+ # keep this in sync with app-misc/c_rehash
+ SSL_CNF_DIR="/etc/ssl"
+
+ # Make sure we only ever touch Makefile.org and avoid patching a file
+ # that gets blown away anyways by the Configure script in src_configure
+ rm -f Makefile
+
+ if ! use vanilla ; then
+ eapply "${WORKDIR}"/patch/*.patch
+ fi
+
+ eapply_user
+
+ # disable fips in the build
+ # make sure the man pages are suffixed #302165
+ # don't bother building man pages if they're disabled
+ sed -i \
+ -e '/DIRS/s: fips : :g' \
+ -e '/^MANSUFFIX/s:=.*:=ssl:' \
+ -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+ -e $(has noman FEATURES \
+ && echo '/^install:/s:install_docs::' \
+ || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+ Makefile.org \
+ || die
+ # show the actual commands in the log
+ sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+ # since we're forcing $(CC) as makedep anyway, just fix
+ # the conditional as always-on
+ # helps clang (#417795), and versioned gcc (#499818)
+ # this breaks build with 1.0.2p, not sure if it is needed anymore
+ #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+ # quiet out unknown driver argument warnings since openssl
+ # doesn't have well-split CFLAGS and we're making it even worse
+ # and 'make depend' uses -Werror for added fun (#417795 again)
+ [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+ # allow openssl to be cross-compiled
+ cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+ chmod a+rx gentoo.config || die
+
+ append-flags -fno-strict-aliasing
+ append-flags $(test-flags-CC -Wa,--noexecstack)
+ append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+ sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+ # The config script does stupid stuff to prompt the user. Kill it.
+ sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+ ./config --test-sanity || die "I AM NOT SANE"
+
+ multilib_copy_sources
+}
+
+multilib_src_configure() {
+ unset APPS #197996
+ unset SCRIPTS #312551
+ unset CROSS_COMPILE #311473
+
+ tc-export CC AR RANLIB RC
+
+ # Clean out patent-or-otherwise-encumbered code
+ # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
+ # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+ # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+ # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
+ # RC5: Expired https://en.wikipedia.org/wiki/RC5
+
+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+ echoit() { echo "$@" ; "$@" ; }
+
+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+ # See if our toolchain supports __uint128_t. If so, it's 64bit
+ # friendly and can use the nicely optimized code paths. #460790
+ local ec_nistp_64_gcc_128
+ # Disable it for now though #469976
+ #if ! use bindist ; then
+ # echo "__uint128_t i;" > "${T}"/128.c
+ # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+ # fi
+ #fi
+
+ # https://github.com/openssl/openssl/issues/2286
+ if use ia64 ; then
+ replace-flags -g3 -g2
+ replace-flags -ggdb3 -ggdb2
+ fi
+
+ local sslout=$(./gentoo.config)
+ einfo "Use configuration ${sslout:-(openssl knows best)}"
+ local config="Configure"
+ [[ -z ${sslout} ]] && config="config"
+
+ # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+ # Make sure user flags don't get added *yet* to avoid duplicated
+ # flags.
+ CFLAGS= LDFLAGS= echoit \
+ ./${config} \
+ ${sslout} \
+ $(use cpu_flags_x86_sse2 || echo "no-sse2") \
+ enable-camellia \
+ enable-ec \
+ $(use_ssl !bindist ec2m) \
+ $(use_ssl !bindist srp) \
+ ${ec_nistp_64_gcc_128} \
+ enable-idea \
+ enable-mdc2 \
+ enable-rc5 \
+ enable-tlsext \
+ $(use_ssl asm) \
+ $(use_ssl gmp gmp -lgmp) \
+ $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+ $(use_ssl rfc3779) \
+ $(use_ssl sctp) \
+ $(use_ssl sslv2 ssl2) \
+ $(use_ssl sslv3 ssl3) \
+ $(use_ssl tls-heartbeat heartbeats) \
+ $(use_ssl zlib) \
+ --prefix="${EPREFIX}"/usr \
+ --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+ --libdir=$(get_libdir) \
+ shared threads \
+ || die
+
+ # Clean out hardcoded flags that openssl uses
+ local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+ -e 's:^CFLAG=::' \
+ -e 's:\(^\| \)-fomit-frame-pointer::g' \
+ -e 's:\(^\| \)-O[^ ]*::g' \
+ -e 's:\(^\| \)-march=[^ ]*::g' \
+ -e 's:\(^\| \)-mcpu=[^ ]*::g' \
+ -e 's:\(^\| \)-m[^ ]*::g' \
+ -e 's:^ *::' \
+ -e 's: *$::' \
+ -e 's: \+: :g' \
+ -e 's:\\:\\\\:g'
+ )
+
+ # Now insert clean default flags with user flags
+ sed -i \
+ -e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+ -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+ Makefile || die
+}
+
+multilib_src_compile() {
+ # depend is needed to use $confopts; it also doesn't matter
+ # that it's -j1 as the code itself serializes subdirs
+ emake -j1 V=1 depend
+ emake build_libs
+}
+
+multilib_src_test() {
+ emake -j1 test
+}
+
+multilib_src_install() {
+ dolib.so lib{crypto,ssl}.so.${SLOT}
+}
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2020-01-01 21:25 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2020-01-01 21:25 UTC (permalink / raw
To: gentoo-commits
commit: 617d66b7f218311a247c1b8783d866e2d6325eac
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 1 21:23:57 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jan 1 21:25:10 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=617d66b7
dev-libs/openssl-compat: move stable keywords
Bug: https://bugs.gentoo.org/702176
Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild
index 5b3784f01f6..7e0327f824c 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
LICENSE="openssl"
SLOT="1.0.0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~x86-linux"
IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
RESTRICT="!bindist? ( bindist )
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2020-01-01 21:25 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2020-01-01 21:25 UTC (permalink / raw
To: gentoo-commits
commit: 273422f6cae129a4a97402641e81b13db9461ec4
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 1 21:24:50 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jan 1 21:25:12 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=273422f6
dev-libs/openssl-compat: security cleanup (#702176)
Bug: https://bugs.gentoo.org/702176
Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/Manifest | 1 -
.../openssl-compat/openssl-compat-1.0.2t-r1.ebuild | 246 ---------------------
2 files changed, 247 deletions(-)
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index f6ca6a00831..f8e304a6376 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -1,5 +1,4 @@
DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
-DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
deleted file mode 100644
index b157a2495fc..00000000000
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild
+++ /dev/null
@@ -1,246 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-# openssl-1.0.2-patches-1.6 contain additional CVE patches
-# which got fixed with this release.
-# Please use 1.7 version number when rolling a new tarball!
-PATCH_SET="openssl-1.0.2-patches-1.5"
-
-MY_P=openssl-${PV/_/-}
-
-# This patch set is based on the following files from Fedora 25,
-# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
-# for more details:
-# - hobble-openssl (SOURCE1)
-# - ec_curve.c (SOURCE12) -- MODIFIED
-# - ectest.c (SOURCE13)
-# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
-BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
-
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
- bindist? (
- mirror://gentoo/${BINDIST_PATCH_SET}
- https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
- )
- !vanilla? (
- mirror://gentoo/${PATCH_SET}.tar.xz
- https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
- https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
- https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
- )"
-
-LICENSE="openssl"
-SLOT="1.0.0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-
-RESTRICT="!bindist? ( bindist )
- test"
-
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
- kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
- !=dev-libs/openssl-1.0.2*:0
- !dev-libs/openssl:1.0.0"
-DEPEND="${RDEPEND}"
-BDEPEND="
- >=dev-lang/perl-5
- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
- test? (
- sys-apps/diffutils
- sys-devel/bc
- )"
-
-# Do not install any docs
-DOCS=()
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
- usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
- if use bindist; then
- mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
- bash "${WORKDIR}"/hobble-openssl || die
-
- cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
- cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
-
- eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
-
- # Also see the configure parts below:
- # enable-ec \
- # $(use_ssl !bindist ec2m) \
- # $(use_ssl !bindist srp) \
- fi
-
- # keep this in sync with app-misc/c_rehash
- SSL_CNF_DIR="/etc/ssl"
-
- # Make sure we only ever touch Makefile.org and avoid patching a file
- # that gets blown away anyways by the Configure script in src_configure
- rm -f Makefile
-
- if ! use vanilla ; then
- eapply "${WORKDIR}"/patch/*.patch
- fi
-
- eapply_user
-
- # disable fips in the build
- # make sure the man pages are suffixed #302165
- # don't bother building man pages if they're disabled
- sed -i \
- -e '/DIRS/s: fips : :g' \
- -e '/^MANSUFFIX/s:=.*:=ssl:' \
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
- -e $(has noman FEATURES \
- && echo '/^install:/s:install_docs::' \
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
- Makefile.org \
- || die
- # show the actual commands in the log
- sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
- # since we're forcing $(CC) as makedep anyway, just fix
- # the conditional as always-on
- # helps clang (#417795), and versioned gcc (#499818)
- # this breaks build with 1.0.2p, not sure if it is needed anymore
- #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
- # quiet out unknown driver argument warnings since openssl
- # doesn't have well-split CFLAGS and we're making it even worse
- # and 'make depend' uses -Werror for added fun (#417795 again)
- [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
- # allow openssl to be cross-compiled
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
- chmod a+rx gentoo.config || die
-
- append-flags -fno-strict-aliasing
- append-flags $(test-flags-CC -Wa,--noexecstack)
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
- sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
- # The config script does stupid stuff to prompt the user. Kill it.
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
- ./config --test-sanity || die "I AM NOT SANE"
-
- multilib_copy_sources
-}
-
-multilib_src_configure() {
- unset APPS #197996
- unset SCRIPTS #312551
- unset CROSS_COMPILE #311473
-
- tc-export CC AR RANLIB RC
-
- # Clean out patent-or-otherwise-encumbered code
- # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
- # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
- # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
- # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
- # RC5: Expired https://en.wikipedia.org/wiki/RC5
-
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
- echoit() { echo "$@" ; "$@" ; }
-
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
- # See if our toolchain supports __uint128_t. If so, it's 64bit
- # friendly and can use the nicely optimized code paths. #460790
- local ec_nistp_64_gcc_128
- # Disable it for now though #469976
- #if ! use bindist ; then
- # echo "__uint128_t i;" > "${T}"/128.c
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
- # fi
- #fi
-
- # https://github.com/openssl/openssl/issues/2286
- if use ia64 ; then
- replace-flags -g3 -g2
- replace-flags -ggdb3 -ggdb2
- fi
-
- local sslout=$(./gentoo.config)
- einfo "Use configuration ${sslout:-(openssl knows best)}"
- local config="Configure"
- [[ -z ${sslout} ]] && config="config"
-
- # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
- # Make sure user flags don't get added *yet* to avoid duplicated
- # flags.
- CFLAGS= LDFLAGS= echoit \
- ./${config} \
- ${sslout} \
- $(use cpu_flags_x86_sse2 || echo "no-sse2") \
- enable-camellia \
- enable-ec \
- $(use_ssl !bindist ec2m) \
- $(use_ssl !bindist srp) \
- ${ec_nistp_64_gcc_128} \
- enable-idea \
- enable-mdc2 \
- enable-rc5 \
- enable-tlsext \
- $(use_ssl asm) \
- $(use_ssl gmp gmp -lgmp) \
- $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
- $(use_ssl rfc3779) \
- $(use_ssl sctp) \
- $(use_ssl sslv2 ssl2) \
- $(use_ssl sslv3 ssl3) \
- $(use_ssl tls-heartbeat heartbeats) \
- $(use_ssl zlib) \
- --prefix="${EPREFIX}"/usr \
- --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
- --libdir=$(get_libdir) \
- shared threads \
- || die
-
- # Clean out hardcoded flags that openssl uses
- local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
- -e 's:^CFLAG=::' \
- -e 's:\(^\| \)-fomit-frame-pointer::g' \
- -e 's:\(^\| \)-O[^ ]*::g' \
- -e 's:\(^\| \)-march=[^ ]*::g' \
- -e 's:\(^\| \)-mcpu=[^ ]*::g' \
- -e 's:\(^\| \)-m[^ ]*::g' \
- -e 's:^ *::' \
- -e 's: *$::' \
- -e 's: \+: :g' \
- -e 's:\\:\\\\:g'
- )
-
- # Now insert clean default flags with user flags
- sed -i \
- -e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
- -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
- Makefile || die
-}
-
-multilib_src_compile() {
- # depend is needed to use $confopts; it also doesn't matter
- # that it's -j1 as the code itself serializes subdirs
- emake -j1 V=1 depend
- emake build_libs
-}
-
-multilib_src_test() {
- emake -j1 test
-}
-
-multilib_src_install() {
- dolib.so lib{crypto,ssl}.so.${SLOT}
-}
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2020-05-08 23:28 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2020-05-08 23:28 UTC (permalink / raw
To: gentoo-commits
commit: 55191829ad11e7f0e48e90e0a3e80c1b9f418d9b
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri May 8 23:27:36 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri May 8 23:27:54 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55191829
dev-libs/openssl-compat: use versioned symbols for OpenSSL binary compatibility
Closes: https://bugs.gentoo.org/720226
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/Manifest | 1 +
.../openssl-compat/openssl-compat-1.0.2u-r1.ebuild | 249 +++++++++++++++++++++
2 files changed, 250 insertions(+)
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index f8e304a6376..1d79926b78f 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -2,3 +2,4 @@ DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b384
DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
+DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
new file mode 100644
index 00000000000..2885b3e2a41
--- /dev/null
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
@@ -0,0 +1,249 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+
+MY_P=openssl-${PV/_/-}
+
+# This patch set is based on the following files from Fedora 25,
+# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+ bindist? (
+ mirror://gentoo/${BINDIST_PATCH_SET}
+ https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+ )
+ !vanilla? (
+ mirror://gentoo/${PATCH_SET}.tar.xz
+ https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
+ https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
+ https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+ )
+ https://dev.gentoo.org/~whissi/dist/openssl/openssl-compat-1.0.2u-versioned-symbols.patch.gz"
+
+LICENSE="openssl"
+SLOT="1.0.0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+
+RESTRICT="!bindist? ( bindist )
+ test"
+
+RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+ !=dev-libs/openssl-1.0.2*:0
+ !dev-libs/openssl:1.0.0"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ >=dev-lang/perl-5
+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+ test? (
+ sys-apps/diffutils
+ sys-devel/bc
+ )"
+
+# Do not install any docs
+DOCS=()
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+ usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+ mv "${WORKDIR}"/openssl-compat-1.0.2u-versioned-symbols.patch "${WORKDIR}"/patch || die
+
+ if use bindist; then
+ mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+ bash "${WORKDIR}"/hobble-openssl || die
+
+ cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+ cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
+
+ eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+ # Also see the configure parts below:
+ # enable-ec \
+ # $(use_ssl !bindist ec2m) \
+ # $(use_ssl !bindist srp) \
+ fi
+
+ # keep this in sync with app-misc/c_rehash
+ SSL_CNF_DIR="/etc/ssl"
+
+ # Make sure we only ever touch Makefile.org and avoid patching a file
+ # that gets blown away anyways by the Configure script in src_configure
+ rm -f Makefile
+
+ if ! use vanilla ; then
+ eapply "${WORKDIR}"/patch/*.patch
+ fi
+
+ eapply_user
+
+ # disable fips in the build
+ # make sure the man pages are suffixed #302165
+ # don't bother building man pages if they're disabled
+ sed -i \
+ -e '/DIRS/s: fips : :g' \
+ -e '/^MANSUFFIX/s:=.*:=ssl:' \
+ -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+ -e $(has noman FEATURES \
+ && echo '/^install:/s:install_docs::' \
+ || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+ Makefile.org \
+ || die
+ # show the actual commands in the log
+ sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+ # since we're forcing $(CC) as makedep anyway, just fix
+ # the conditional as always-on
+ # helps clang (#417795), and versioned gcc (#499818)
+ # this breaks build with 1.0.2p, not sure if it is needed anymore
+ #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+ # quiet out unknown driver argument warnings since openssl
+ # doesn't have well-split CFLAGS and we're making it even worse
+ # and 'make depend' uses -Werror for added fun (#417795 again)
+ [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+ # allow openssl to be cross-compiled
+ cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+ chmod a+rx gentoo.config || die
+
+ append-flags -fno-strict-aliasing
+ append-flags $(test-flags-CC -Wa,--noexecstack)
+ append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+ sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+ # The config script does stupid stuff to prompt the user. Kill it.
+ sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+ ./config --test-sanity || die "I AM NOT SANE"
+
+ multilib_copy_sources
+}
+
+multilib_src_configure() {
+ unset APPS #197996
+ unset SCRIPTS #312551
+ unset CROSS_COMPILE #311473
+
+ tc-export CC AR RANLIB RC
+
+ # Clean out patent-or-otherwise-encumbered code
+ # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
+ # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+ # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+ # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
+ # RC5: Expired https://en.wikipedia.org/wiki/RC5
+
+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+ echoit() { echo "$@" ; "$@" ; }
+
+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+ # See if our toolchain supports __uint128_t. If so, it's 64bit
+ # friendly and can use the nicely optimized code paths. #460790
+ local ec_nistp_64_gcc_128
+ # Disable it for now though #469976
+ #if ! use bindist ; then
+ # echo "__uint128_t i;" > "${T}"/128.c
+ # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+ # fi
+ #fi
+
+ # https://github.com/openssl/openssl/issues/2286
+ if use ia64 ; then
+ replace-flags -g3 -g2
+ replace-flags -ggdb3 -ggdb2
+ fi
+
+ local sslout=$(./gentoo.config)
+ einfo "Use configuration ${sslout:-(openssl knows best)}"
+ local config="Configure"
+ [[ -z ${sslout} ]] && config="config"
+
+ # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+ # Make sure user flags don't get added *yet* to avoid duplicated
+ # flags.
+ CFLAGS= LDFLAGS= echoit \
+ ./${config} \
+ ${sslout} \
+ $(use cpu_flags_x86_sse2 || echo "no-sse2") \
+ enable-camellia \
+ enable-ec \
+ $(use_ssl !bindist ec2m) \
+ $(use_ssl !bindist srp) \
+ ${ec_nistp_64_gcc_128} \
+ enable-idea \
+ enable-mdc2 \
+ enable-rc5 \
+ enable-tlsext \
+ $(use_ssl asm) \
+ $(use_ssl gmp gmp -lgmp) \
+ $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+ $(use_ssl rfc3779) \
+ $(use_ssl sctp) \
+ $(use_ssl sslv2 ssl2) \
+ $(use_ssl sslv3 ssl3) \
+ $(use_ssl tls-heartbeat heartbeats) \
+ $(use_ssl zlib) \
+ --prefix="${EPREFIX}"/usr \
+ --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+ --libdir=$(get_libdir) \
+ shared threads \
+ || die
+
+ # Clean out hardcoded flags that openssl uses
+ local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+ -e 's:^CFLAG=::' \
+ -e 's:\(^\| \)-fomit-frame-pointer::g' \
+ -e 's:\(^\| \)-O[^ ]*::g' \
+ -e 's:\(^\| \)-march=[^ ]*::g' \
+ -e 's:\(^\| \)-mcpu=[^ ]*::g' \
+ -e 's:\(^\| \)-m[^ ]*::g' \
+ -e 's:^ *::' \
+ -e 's: *$::' \
+ -e 's: \+: :g' \
+ -e 's:\\:\\\\:g'
+ )
+
+ # Now insert clean default flags with user flags
+ sed -i \
+ -e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+ -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+ Makefile || die
+}
+
+multilib_src_compile() {
+ # depend is needed to use $confopts; it also doesn't matter
+ # that it's -j1 as the code itself serializes subdirs
+ emake -j1 V=1 depend
+ emake build_libs
+}
+
+multilib_src_test() {
+ emake -j1 test
+}
+
+multilib_src_install() {
+ dolib.so lib{crypto,ssl}.so.${SLOT}
+}
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2020-05-19 9:49 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2020-05-19 9:49 UTC (permalink / raw
To: gentoo-commits
commit: 079ccd2bed1aab50480821c697b81f8db8b708ba
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 19 09:32:36 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 19 09:48:57 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=079ccd2b
dev-libs/openssl-compat: drop old
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
.../openssl-compat/openssl-compat-1.0.2u.ebuild | 246 ---------------------
1 file changed, 246 deletions(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild
deleted file mode 100644
index 25a816cf47d..00000000000
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u.ebuild
+++ /dev/null
@@ -1,246 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-# openssl-1.0.2-patches-1.6 contain additional CVE patches
-# which got fixed with this release.
-# Please use 1.7 version number when rolling a new tarball!
-PATCH_SET="openssl-1.0.2-patches-1.5"
-
-MY_P=openssl-${PV/_/-}
-
-# This patch set is based on the following files from Fedora 25,
-# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
-# for more details:
-# - hobble-openssl (SOURCE1)
-# - ec_curve.c (SOURCE12) -- MODIFIED
-# - ectest.c (SOURCE13)
-# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
-BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
-
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
- bindist? (
- mirror://gentoo/${BINDIST_PATCH_SET}
- https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
- )
- !vanilla? (
- mirror://gentoo/${PATCH_SET}.tar.xz
- https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
- https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
- https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
- )"
-
-LICENSE="openssl"
-SLOT="1.0.0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-
-RESTRICT="!bindist? ( bindist )
- test"
-
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
- kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
- !=dev-libs/openssl-1.0.2*:0
- !dev-libs/openssl:1.0.0"
-DEPEND="${RDEPEND}"
-BDEPEND="
- >=dev-lang/perl-5
- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
- test? (
- sys-apps/diffutils
- sys-devel/bc
- )"
-
-# Do not install any docs
-DOCS=()
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
- usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
- if use bindist; then
- mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
- bash "${WORKDIR}"/hobble-openssl || die
-
- cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
- cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
-
- eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
-
- # Also see the configure parts below:
- # enable-ec \
- # $(use_ssl !bindist ec2m) \
- # $(use_ssl !bindist srp) \
- fi
-
- # keep this in sync with app-misc/c_rehash
- SSL_CNF_DIR="/etc/ssl"
-
- # Make sure we only ever touch Makefile.org and avoid patching a file
- # that gets blown away anyways by the Configure script in src_configure
- rm -f Makefile
-
- if ! use vanilla ; then
- eapply "${WORKDIR}"/patch/*.patch
- fi
-
- eapply_user
-
- # disable fips in the build
- # make sure the man pages are suffixed #302165
- # don't bother building man pages if they're disabled
- sed -i \
- -e '/DIRS/s: fips : :g' \
- -e '/^MANSUFFIX/s:=.*:=ssl:' \
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
- -e $(has noman FEATURES \
- && echo '/^install:/s:install_docs::' \
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
- Makefile.org \
- || die
- # show the actual commands in the log
- sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
- # since we're forcing $(CC) as makedep anyway, just fix
- # the conditional as always-on
- # helps clang (#417795), and versioned gcc (#499818)
- # this breaks build with 1.0.2p, not sure if it is needed anymore
- #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
- # quiet out unknown driver argument warnings since openssl
- # doesn't have well-split CFLAGS and we're making it even worse
- # and 'make depend' uses -Werror for added fun (#417795 again)
- [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
- # allow openssl to be cross-compiled
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
- chmod a+rx gentoo.config || die
-
- append-flags -fno-strict-aliasing
- append-flags $(test-flags-CC -Wa,--noexecstack)
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
- sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
- # The config script does stupid stuff to prompt the user. Kill it.
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
- ./config --test-sanity || die "I AM NOT SANE"
-
- multilib_copy_sources
-}
-
-multilib_src_configure() {
- unset APPS #197996
- unset SCRIPTS #312551
- unset CROSS_COMPILE #311473
-
- tc-export CC AR RANLIB RC
-
- # Clean out patent-or-otherwise-encumbered code
- # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
- # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
- # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
- # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
- # RC5: Expired https://en.wikipedia.org/wiki/RC5
-
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
- echoit() { echo "$@" ; "$@" ; }
-
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
- # See if our toolchain supports __uint128_t. If so, it's 64bit
- # friendly and can use the nicely optimized code paths. #460790
- local ec_nistp_64_gcc_128
- # Disable it for now though #469976
- #if ! use bindist ; then
- # echo "__uint128_t i;" > "${T}"/128.c
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
- # fi
- #fi
-
- # https://github.com/openssl/openssl/issues/2286
- if use ia64 ; then
- replace-flags -g3 -g2
- replace-flags -ggdb3 -ggdb2
- fi
-
- local sslout=$(./gentoo.config)
- einfo "Use configuration ${sslout:-(openssl knows best)}"
- local config="Configure"
- [[ -z ${sslout} ]] && config="config"
-
- # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
- # Make sure user flags don't get added *yet* to avoid duplicated
- # flags.
- CFLAGS= LDFLAGS= echoit \
- ./${config} \
- ${sslout} \
- $(use cpu_flags_x86_sse2 || echo "no-sse2") \
- enable-camellia \
- enable-ec \
- $(use_ssl !bindist ec2m) \
- $(use_ssl !bindist srp) \
- ${ec_nistp_64_gcc_128} \
- enable-idea \
- enable-mdc2 \
- enable-rc5 \
- enable-tlsext \
- $(use_ssl asm) \
- $(use_ssl gmp gmp -lgmp) \
- $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
- $(use_ssl rfc3779) \
- $(use_ssl sctp) \
- $(use_ssl sslv2 ssl2) \
- $(use_ssl sslv3 ssl3) \
- $(use_ssl tls-heartbeat heartbeats) \
- $(use_ssl zlib) \
- --prefix="${EPREFIX}"/usr \
- --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
- --libdir=$(get_libdir) \
- shared threads \
- || die
-
- # Clean out hardcoded flags that openssl uses
- local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
- -e 's:^CFLAG=::' \
- -e 's:\(^\| \)-fomit-frame-pointer::g' \
- -e 's:\(^\| \)-O[^ ]*::g' \
- -e 's:\(^\| \)-march=[^ ]*::g' \
- -e 's:\(^\| \)-mcpu=[^ ]*::g' \
- -e 's:\(^\| \)-m[^ ]*::g' \
- -e 's:^ *::' \
- -e 's: *$::' \
- -e 's: \+: :g' \
- -e 's:\\:\\\\:g'
- )
-
- # Now insert clean default flags with user flags
- sed -i \
- -e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
- -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
- Makefile || die
-}
-
-multilib_src_compile() {
- # depend is needed to use $confopts; it also doesn't matter
- # that it's -j1 as the code itself serializes subdirs
- emake -j1 V=1 depend
- emake build_libs
-}
-
-multilib_src_test() {
- emake -j1 test
-}
-
-multilib_src_install() {
- dolib.so lib{crypto,ssl}.so.${SLOT}
-}
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2020-05-19 9:49 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2020-05-19 9:49 UTC (permalink / raw
To: gentoo-commits
commit: 0a342bcd638f54014f98f3320f5ab190e0f0e7bb
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 19 09:31:58 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 19 09:48:56 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a342bcd
dev-libs/openssl-compat: rollover keywords
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
index 2885b3e2a41..1501ae504d3 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
@@ -38,7 +38,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
LICENSE="openssl"
SLOT="1.0.0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
RESTRICT="!bindist? ( bindist )
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2021-07-21 12:56 Thomas Deutschmann
0 siblings, 0 replies; 33+ messages in thread
From: Thomas Deutschmann @ 2021-07-21 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 50c70265cca12034c5e44f75696186287f4bc20f
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 21 12:55:19 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jul 21 12:55:19 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50c70265
dev-libs/openssl-compat: rename USE=zlib to USE=tls-compression
Package-Manager: Portage-3.0.21, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/openssl-compat/metadata.xml | 1 +
...ompat-0.9.8z_p8-r1.ebuild => openssl-compat-0.9.8z_p8-r2.ebuild} | 6 +++---
...nssl-compat-1.0.2u-r1.ebuild => openssl-compat-1.0.2u-r2.ebuild} | 6 +++---
3 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/dev-libs/openssl-compat/metadata.xml b/dev-libs/openssl-compat/metadata.xml
index 8419c576d83..5dfd9a9f2f9 100644
--- a/dev-libs/openssl-compat/metadata.xml
+++ b/dev-libs/openssl-compat/metadata.xml
@@ -11,6 +11,7 @@
<flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
<flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag>
<flag name="sslv3">Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https</flag>
+ <flag name="tls-compression">Enable support for discouraged TLS compression</flag>
<flag name="tls-heartbeat">Enable the Heartbeat Extension in TLS and DTLS</flag>
</use>
<upstream>
diff --git a/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r2.ebuild
similarity index 96%
rename from dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild
rename to dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r2.ebuild
index e683f59fccf..3b77fd0b9f4 100644
--- a/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r2.ebuild
@@ -19,12 +19,12 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
LICENSE="openssl"
SLOT="0.9.8"
KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86"
-IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
+IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test tls-compression"
RESTRICT="!bindist? ( bindist )
test"
RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+ tls-compression? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
!=dev-libs/openssl-0.9.8*:0
!dev-libs/openssl:0.9.8"
@@ -128,7 +128,7 @@ multilib_src_configure() {
enable-tlsext \
$(use_ssl gmp gmp -lgmp) \
$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
- $(use_ssl zlib) \
+ $(use_ssl tls-compression zlib) \
--prefix=/usr \
--openssldir=/etc/ssl \
shared threads \
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
similarity index 97%
rename from dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
rename to dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
index 4ba9941176c..ee152f0d89e 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
@@ -39,14 +39,14 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
LICENSE="openssl"
SLOT="1.0.0"
KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla tls-compression"
RESTRICT="!bindist? ( bindist )
test"
RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+ tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
!=dev-libs/openssl-1.0.2*:0
!dev-libs/openssl:1.0.0"
DEPEND="${RDEPEND}"
@@ -205,7 +205,7 @@ multilib_src_configure() {
$(use_ssl sslv2 ssl2) \
$(use_ssl sslv3 ssl3) \
$(use_ssl tls-heartbeat heartbeats) \
- $(use_ssl zlib) \
+ $(use_ssl tls-compression zlib) \
--prefix="${EPREFIX}"/usr \
--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
--libdir=$(get_libdir) \
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2022-06-11 5:12 Sam James
0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2022-06-11 5:12 UTC (permalink / raw
To: gentoo-commits
commit: d080ce6504c316484c2540cb69b71e7ec57f6011
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 11 05:12:28 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun 11 05:12:37 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d080ce65
dev-libs/openssl-compat: tidy up; sync with openssl
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild
index cdf051c1295d..20a03ddac7fa 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild
@@ -69,11 +69,11 @@ src_unpack() {
}
src_prepare() {
- # allow openssl to be cross-compiled
+ # Allow openssl to be cross-compiled
cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
chmod a+rx gentoo.config || die
- # keep this in sync with app-misc/c_rehash
+ # Keep this in sync with app-misc/c_rehash
SSL_CNF_DIR="/etc/ssl"
# Make sure we only ever touch Makefile.org and avoid patching a file
@@ -125,10 +125,11 @@ src_prepare() {
append-flags $(test-flags-CC -Wa,--noexecstack)
- # Prefixify Configure shebang (#141906)
+ # Prefixify Configure shebang (bug #141906)
sed \
-e "1s,/usr/bin/env,${EPREFIX}&," \
-i Configure || die
+
# Remove test target when FEATURES=test isn't set
if ! use test ; then
sed \
@@ -172,9 +173,10 @@ multilib_src_configure() {
local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
# See if our toolchain supports __uint128_t. If so, it's 64bit
- # friendly and can use the nicely optimized code paths. #460790
+ # friendly and can use the nicely optimized code paths, bug #460790.
local ec_nistp_64_gcc_128
- # Disable it for now though #469976
+
+ # Disable it for now though (bug #469976)
# echo "__uint128_t i;" > "${T}"/128.c
# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
# ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2022-11-15 8:46 Sam James
0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2022-11-15 8:46 UTC (permalink / raw
To: gentoo-commits
commit: 18b0735d5ef866fc770e2a71f87a8eaefa58e3fb
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 15 08:42:37 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Nov 15 08:42:37 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18b0735d
dev-libs/openssl-compat: add 1.1.1s
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/openssl-compat/Manifest | 2 +
.../openssl-compat/openssl-compat-1.1.1s.ebuild | 261 +++++++++++++++++++++
2 files changed, 263 insertions(+)
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index a1d91620a616..159bbdd0bcfd 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -4,4 +4,6 @@ DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e
DIST openssl-1.1.1o-test-fixes-expiry.patch.xz 6180 BLAKE2B 23ef36d7bd05c98f7fab6de25681a53fa7a558d114548836b6cd90a57c4f4e45dc9fb622936053608b463320605b7df60db2d2caf3811b249f6ead3791a1c081 SHA512 577aec97fb31cd9efe3b30d82c560d3e7da57ae52c4de0f86e951b777a673830baaadcc5eb366c523024d37405531c6d32de26bbbc1e77df15c7822c72e937e6
DIST openssl-1.1.1o.tar.gz 9856386 BLAKE2B 5bd355fd17adf43ba4e3bf1a8036ceb724edd4f4ab80dc25aecc3d2647372e9db2bc12e2b89791fc4b6f7fd95a7b68e00490d09ca6518d25ab990ee27798e641 SHA512 75b2f1499cb4640229eb6cd35d85cbff2e19db17b959ac4d04b60f1b395b73567f9003521452a0fcfeea9b31b26de0a7bccf476ecf9caae02298f3647cfb7e23
DIST openssl-1.1.1o.tar.gz.asc 488 BLAKE2B a03a967e7e2124d1a76ad7765e2f48065f40d32ba102a433be603ee8f86b26a2d246dcb97a95bd694ef3005889ce4f1951f76d39fe1d683f92da1aa3023e9c2d SHA512 da6d88de7c1cd807b6089d50f8bb102c317c0b45ca26e517e3e400c5c65f787d94a1ee522af76279e93790a7fb491348cf25ffcfd66ecb9a9d35209328cb221e
+DIST openssl-1.1.1s.tar.gz 9868981 BLAKE2B ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb SHA512 2ef983f166b5e1bf456ca37938e7e39d58d4cd85e9fc4b5174a05f5c37cc5ad89c3a9af97a6919bcaab128a8a92e4bdc8a045e5d9156d90768da8f73ac67c5b9
+DIST openssl-1.1.1s.tar.gz.asc 858 BLAKE2B d95f0f80d460feac737f84ed629c45aaf5e453103ef202ec7d33cf33b89ad83a9007429433b10754b725d7963b1960e350b64e8bdfe569ad149e26bef462eeca SHA512 aa6e5e940448297a90c46ba162f8e6ee324c2e202a9283328c31f996dc2259dd9f5f981d94d1cf1dd3cc73c44647b473602dacb857b9719bf066931b43b899e6
DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9
diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1s.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1s.ebuild
new file mode 100644
index 000000000000..7f129274d627
--- /dev/null
+++ b/dev-libs/openssl-compat/openssl-compat-1.1.1s.ebuild
@@ -0,0 +1,261 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=openssl-${PV/_/-}
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+ verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="$(ver_cut 1-3)"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND="!=dev-libs/openssl-1.1.1*:0
+ tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ >=dev-lang/perl-5
+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+ test? (
+ sys-apps/diffutils
+ sys-devel/bc
+ kernel_linux? ( sys-process/procps )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-openssl )"
+
+# Do not install any docs
+DOCS=()
+
+PATCHES=(
+ # General patches which are suitable to always apply
+ # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+ "${FILESDIR}"/${PN/-compat}-1.1.0j-parallel_install_fix.patch # bug #671602
+ "${FILESDIR}"/${PN/-compat}-1.1.1i-riscv32.patch
+)
+
+pkg_setup() {
+ [[ ${MERGE_TYPE} == binary ]] && return
+
+ # must check in pkg_setup; sysctl doesn't work with userpriv!
+ if use test && use sctp; then
+ # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+ # if sctp.auth_enable is not enabled.
+ local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+ if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+ die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+ fi
+ fi
+}
+
+src_unpack() {
+ # Can delete this once test fix patch is dropped
+ if use verify-sig ; then
+ # Needed for downloaded patch (which is unsigned, which is fine)
+ verify-sig_verify_detached "${DISTDIR}"/${P/-compat}.tar.gz{,.asc}
+ fi
+
+ default
+}
+
+src_prepare() {
+ # Allow openssl to be cross-compiled
+ cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+ chmod a+rx gentoo.config || die
+
+ # Keep this in sync with app-misc/c_rehash
+ SSL_CNF_DIR="/etc/ssl"
+
+ # Make sure we only ever touch Makefile.org and avoid patching a file
+ # that gets blown away anyways by the Configure script in src_configure
+ rm -f Makefile
+
+ if ! use vanilla ; then
+ PATCHES+=(
+ # Add patches which are Gentoo-specific customisations here
+ )
+ fi
+
+ default
+
+ if use test && use sctp && has network-sandbox ${FEATURES}; then
+ einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+ rm test/recipes/80-test_ssl_new.t || die
+ fi
+
+ # - Make sure the man pages are suffixed (bug #302165)
+ # - Don't bother building man pages if they're disabled
+ # - Make DOCDIR Gentoo compliant
+ sed -i \
+ -e '/^MANSUFFIX/s:=.*:=ssl:' \
+ -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+ -e $(has noman FEATURES \
+ && echo '/^install:/s:install_docs::' \
+ || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+ -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+ Configurations/unix-Makefile.tmpl \
+ || die
+
+ # Quiet out unknown driver argument warnings since openssl
+ # doesn't have well-split CFLAGS and we're making it even worse
+ # and 'make depend' uses -Werror for added fun (bug #417795 again)
+ tc-is-clang && append-flags -Qunused-arguments
+
+ # We really, really need to build OpenSSL w/ strict aliasing disabled.
+ # It's filled with violations and it *will* result in miscompiled
+ # code. This has been in the ebuild for > 10 years but even in 2022,
+ # it's still relevant:
+ # - https://github.com/llvm/llvm-project/issues/55255
+ # - https://github.com/openssl/openssl/issues/18225
+ # Don't remove the no strict aliasing bits below!
+ filter-flags -fstrict-aliasing
+ append-flags -fno-strict-aliasing
+
+ append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+ append-flags $(test-flags-CC -Wa,--noexecstack)
+
+ # Prefixify Configure shebang (bug #141906)
+ sed \
+ -e "1s,/usr/bin/env,${EPREFIX}&," \
+ -i Configure || die
+
+ # Remove test target when FEATURES=test isn't set
+ if ! use test ; then
+ sed \
+ -e '/^$config{dirs}/s@ "test",@@' \
+ -i Configure || die
+ fi
+
+ if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+ # use GNU ld full option, not to confuse it on Solaris
+ sed -i \
+ -e 's/-Wl,-M,/-Wl,--version-script=/' \
+ -e 's/-Wl,-h,/-Wl,--soname=/' \
+ Configurations/10-main.conf || die
+
+ # fix building on Solaris 10
+ # https://github.com/openssl/openssl/issues/6333
+ sed -i \
+ -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
+ Configurations/10-main.conf || die
+ fi
+
+ # The config script does stupid stuff to prompt the user. Kill it.
+ sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+ ./config --test-sanity || die "I AM NOT SANE"
+
+ multilib_copy_sources
+}
+
+multilib_src_configure() {
+ # bug #197996
+ unset APPS
+ # bug #312551
+ unset SCRIPTS
+ # bug #311473
+ unset CROSS_COMPILE
+
+ tc-export AR CC CXX RANLIB RC
+
+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+ # See if our toolchain supports __uint128_t. If so, it's 64bit
+ # friendly and can use the nicely optimized code paths, bug #460790.
+ local ec_nistp_64_gcc_128
+
+ # Disable it for now though (bug #469976)
+ # echo "__uint128_t i;" > "${T}"/128.c
+ # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+ # fi
+
+ local sslout=$(./gentoo.config)
+ einfo "Use configuration ${sslout:-(openssl knows best)}"
+ local config="Configure"
+ [[ -z ${sslout} ]] && config="config"
+
+ # "disable-deprecated" option breaks too many consumers.
+ # Don't set it without thorough revdeps testing.
+ # Make sure user flags don't get added *yet* to avoid duplicated
+ # flags.
+ local myeconfargs=(
+ ${sslout}
+
+ $(use cpu_flags_x86_sse2 || echo "no-sse2")
+ enable-camellia
+ enable-ec
+ enable-ec2m
+ enable-sm2
+ enable-srp
+ $(use elibc_musl && echo "no-async")
+ ${ec_nistp_64_gcc_128}
+ enable-idea
+ enable-mdc2
+ enable-rc5
+ $(use_ssl sslv3 ssl3)
+ $(use_ssl sslv3 ssl3-method)
+ $(use_ssl asm)
+ $(use_ssl rfc3779)
+ $(use_ssl sctp)
+ $(use test || echo "no-tests")
+ $(use_ssl tls-compression zlib)
+ $(use_ssl tls-heartbeat heartbeats)
+ $(use_ssl weak-ssl-ciphers)
+
+ --prefix="${EPREFIX}"/usr
+ --openssldir="${EPREFIX}"${SSL_CNF_DIR}
+ --libdir=$(get_libdir)
+
+ shared
+ threads
+ )
+
+ CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
+
+ # Clean out hardcoded flags that openssl uses
+ local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+ -e 's:^CFLAGS=::' \
+ -e 's:\(^\| \)-fomit-frame-pointer::g' \
+ -e 's:\(^\| \)-O[^ ]*::g' \
+ -e 's:\(^\| \)-march=[^ ]*::g' \
+ -e 's:\(^\| \)-mcpu=[^ ]*::g' \
+ -e 's:\(^\| \)-m[^ ]*::g' \
+ -e 's:^ *::' \
+ -e 's: *$::' \
+ -e 's: \+: :g' \
+ -e 's:\\:\\\\:g'
+ )
+
+ # Now insert clean default flags with user flags
+ sed -i \
+ -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+ -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+ Makefile || die
+}
+
+multilib_src_compile() {
+ # depend is needed to use $confopts; it also doesn't matter
+ # that it's -j1 as the code itself serializes subdirs
+ emake -j1 depend
+
+ emake build_libs
+}
+
+multilib_src_test() {
+ emake -j1 test
+}
+
+multilib_src_install() {
+ dolib.so lib{crypto,ssl}.so.$(ver_cut 1-2 "${SLOT}")
+}
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2022-12-15 6:16 Sam James
0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2022-12-15 6:16 UTC (permalink / raw
To: gentoo-commits
commit: 4f2ec2a7212e2e31aeee24dbe76459b8c10a73d6
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 15 06:16:09 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 15 06:16:19 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f2ec2a7
dev-libs/openssl-compat: drop 1.1.1o
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/openssl-compat/Manifest | 3 -
.../openssl-compat/openssl-compat-1.1.1o.ebuild | 263 ---------------------
2 files changed, 266 deletions(-)
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 159bbdd0bcfd..a57a9cc57064 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -1,9 +1,6 @@
DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
-DIST openssl-1.1.1o-test-fixes-expiry.patch.xz 6180 BLAKE2B 23ef36d7bd05c98f7fab6de25681a53fa7a558d114548836b6cd90a57c4f4e45dc9fb622936053608b463320605b7df60db2d2caf3811b249f6ead3791a1c081 SHA512 577aec97fb31cd9efe3b30d82c560d3e7da57ae52c4de0f86e951b777a673830baaadcc5eb366c523024d37405531c6d32de26bbbc1e77df15c7822c72e937e6
-DIST openssl-1.1.1o.tar.gz 9856386 BLAKE2B 5bd355fd17adf43ba4e3bf1a8036ceb724edd4f4ab80dc25aecc3d2647372e9db2bc12e2b89791fc4b6f7fd95a7b68e00490d09ca6518d25ab990ee27798e641 SHA512 75b2f1499cb4640229eb6cd35d85cbff2e19db17b959ac4d04b60f1b395b73567f9003521452a0fcfeea9b31b26de0a7bccf476ecf9caae02298f3647cfb7e23
-DIST openssl-1.1.1o.tar.gz.asc 488 BLAKE2B a03a967e7e2124d1a76ad7765e2f48065f40d32ba102a433be603ee8f86b26a2d246dcb97a95bd694ef3005889ce4f1951f76d39fe1d683f92da1aa3023e9c2d SHA512 da6d88de7c1cd807b6089d50f8bb102c317c0b45ca26e517e3e400c5c65f787d94a1ee522af76279e93790a7fb491348cf25ffcfd66ecb9a9d35209328cb221e
DIST openssl-1.1.1s.tar.gz 9868981 BLAKE2B ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb SHA512 2ef983f166b5e1bf456ca37938e7e39d58d4cd85e9fc4b5174a05f5c37cc5ad89c3a9af97a6919bcaab128a8a92e4bdc8a045e5d9156d90768da8f73ac67c5b9
DIST openssl-1.1.1s.tar.gz.asc 858 BLAKE2B d95f0f80d460feac737f84ed629c45aaf5e453103ef202ec7d33cf33b89ad83a9007429433b10754b725d7963b1960e350b64e8bdfe569ad149e26bef462eeca SHA512 aa6e5e940448297a90c46ba162f8e6ee324c2e202a9283328c31f996dc2259dd9f5f981d94d1cf1dd3cc73c44647b473602dacb857b9719bf066931b43b899e6
DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9
diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild
deleted file mode 100644
index 20a03ddac7fa..000000000000
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild
+++ /dev/null
@@ -1,263 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
-
-MY_P=openssl-${PV/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
- https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN/-compat}/${P/-compat}-test-fixes-expiry.patch.xz
- verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="$(ver_cut 1-3)"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND="!=dev-libs/openssl-1.1.1*:0
- tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
- >=dev-lang/perl-5
- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
- test? (
- sys-apps/diffutils
- sys-devel/bc
- kernel_linux? ( sys-process/procps )
- )
- verify-sig? ( sec-keys/openpgp-keys-openssl )"
-
-# Do not install any docs
-DOCS=()
-
-PATCHES=(
- # General patches which are suitable to always apply
- # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
- "${FILESDIR}"/${PN/-compat}-1.1.0j-parallel_install_fix.patch # bug #671602
- "${FILESDIR}"/${PN/-compat}-1.1.1i-riscv32.patch
- "${WORKDIR}"/${P/-compat}-test-fixes-expiry.patch
-)
-
-pkg_setup() {
- [[ ${MERGE_TYPE} == binary ]] && return
-
- # must check in pkg_setup; sysctl doesn't work with userpriv!
- if use test && use sctp; then
- # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
- # if sctp.auth_enable is not enabled.
- local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
- if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
- die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
- fi
- fi
-}
-
-src_unpack() {
- # Can delete this once test fix patch is dropped
- if use verify-sig ; then
- # Needed for downloaded patch (which is unsigned, which is fine)
- verify-sig_verify_detached "${DISTDIR}"/${P/-compat}.tar.gz{,.asc}
- fi
-
- default
-}
-
-src_prepare() {
- # Allow openssl to be cross-compiled
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
- chmod a+rx gentoo.config || die
-
- # Keep this in sync with app-misc/c_rehash
- SSL_CNF_DIR="/etc/ssl"
-
- # Make sure we only ever touch Makefile.org and avoid patching a file
- # that gets blown away anyways by the Configure script in src_configure
- rm -f Makefile
-
- if ! use vanilla ; then
- PATCHES+=(
- # Add patches which are Gentoo-specific customisations here
- )
- fi
-
- default
-
- if use test && use sctp && has network-sandbox ${FEATURES}; then
- einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
- rm test/recipes/80-test_ssl_new.t || die
- fi
-
- # - Make sure the man pages are suffixed (bug #302165)
- # - Don't bother building man pages if they're disabled
- # - Make DOCDIR Gentoo compliant
- sed -i \
- -e '/^MANSUFFIX/s:=.*:=ssl:' \
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
- -e $(has noman FEATURES \
- && echo '/^install:/s:install_docs::' \
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
- -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
- Configurations/unix-Makefile.tmpl \
- || die
-
- # Quiet out unknown driver argument warnings since openssl
- # doesn't have well-split CFLAGS and we're making it even worse
- # and 'make depend' uses -Werror for added fun (bug #417795 again)
- tc-is-clang && append-flags -Qunused-arguments
-
- # We really, really need to build OpenSSL w/ strict aliasing disabled.
- # It's filled with violations and it *will* result in miscompiled
- # code. This has been in the ebuild for > 10 years but even in 2022,
- # it's still relevant:
- # - https://github.com/llvm/llvm-project/issues/55255
- # - https://github.com/openssl/openssl/issues/18225
- # Don't remove the no strict aliasing bits below!
- filter-flags -fstrict-aliasing
- append-flags -fno-strict-aliasing
-
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
- append-flags $(test-flags-CC -Wa,--noexecstack)
-
- # Prefixify Configure shebang (bug #141906)
- sed \
- -e "1s,/usr/bin/env,${EPREFIX}&," \
- -i Configure || die
-
- # Remove test target when FEATURES=test isn't set
- if ! use test ; then
- sed \
- -e '/^$config{dirs}/s@ "test",@@' \
- -i Configure || die
- fi
-
- if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
- # use GNU ld full option, not to confuse it on Solaris
- sed -i \
- -e 's/-Wl,-M,/-Wl,--version-script=/' \
- -e 's/-Wl,-h,/-Wl,--soname=/' \
- Configurations/10-main.conf || die
-
- # fix building on Solaris 10
- # https://github.com/openssl/openssl/issues/6333
- sed -i \
- -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
- Configurations/10-main.conf || die
- fi
-
- # The config script does stupid stuff to prompt the user. Kill it.
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
- ./config --test-sanity || die "I AM NOT SANE"
-
- multilib_copy_sources
-}
-
-multilib_src_configure() {
- # bug #197996
- unset APPS
- # bug #312551
- unset SCRIPTS
- # bug #311473
- unset CROSS_COMPILE
-
- tc-export AR CC CXX RANLIB RC
-
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
- # See if our toolchain supports __uint128_t. If so, it's 64bit
- # friendly and can use the nicely optimized code paths, bug #460790.
- local ec_nistp_64_gcc_128
-
- # Disable it for now though (bug #469976)
- # echo "__uint128_t i;" > "${T}"/128.c
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
- # fi
-
- local sslout=$(./gentoo.config)
- einfo "Use configuration ${sslout:-(openssl knows best)}"
- local config="Configure"
- [[ -z ${sslout} ]] && config="config"
-
- # "disable-deprecated" option breaks too many consumers.
- # Don't set it without thorough revdeps testing.
- # Make sure user flags don't get added *yet* to avoid duplicated
- # flags.
- local myeconfargs=(
- ${sslout}
-
- $(use cpu_flags_x86_sse2 || echo "no-sse2")
- enable-camellia
- enable-ec
- enable-ec2m
- enable-sm2
- enable-srp
- $(use elibc_musl && echo "no-async")
- ${ec_nistp_64_gcc_128}
- enable-idea
- enable-mdc2
- enable-rc5
- $(use_ssl sslv3 ssl3)
- $(use_ssl sslv3 ssl3-method)
- $(use_ssl asm)
- $(use_ssl rfc3779)
- $(use_ssl sctp)
- $(use test || echo "no-tests")
- $(use_ssl tls-compression zlib)
- $(use_ssl tls-heartbeat heartbeats)
- $(use_ssl weak-ssl-ciphers)
-
- --prefix="${EPREFIX}"/usr
- --openssldir="${EPREFIX}"${SSL_CNF_DIR}
- --libdir=$(get_libdir)
-
- shared
- threads
- )
-
- CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
-
- # Clean out hardcoded flags that openssl uses
- local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
- -e 's:^CFLAGS=::' \
- -e 's:\(^\| \)-fomit-frame-pointer::g' \
- -e 's:\(^\| \)-O[^ ]*::g' \
- -e 's:\(^\| \)-march=[^ ]*::g' \
- -e 's:\(^\| \)-mcpu=[^ ]*::g' \
- -e 's:\(^\| \)-m[^ ]*::g' \
- -e 's:^ *::' \
- -e 's: *$::' \
- -e 's: \+: :g' \
- -e 's:\\:\\\\:g'
- )
-
- # Now insert clean default flags with user flags
- sed -i \
- -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
- -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
- Makefile || die
-}
-
-multilib_src_compile() {
- # depend is needed to use $confopts; it also doesn't matter
- # that it's -j1 as the code itself serializes subdirs
- emake -j1 depend
-
- emake build_libs
-}
-
-multilib_src_test() {
- emake -j1 test
-}
-
-multilib_src_install() {
- dolib.so lib{crypto,ssl}.so.$(ver_cut 1-2 "${SLOT}")
-}
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2023-05-13 3:23 Sam James
0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2023-05-13 3:23 UTC (permalink / raw
To: gentoo-commits
commit: fe61377ca82545dfbfb0e1d8baa8041c47bfad8f
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 13 03:20:35 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 13 03:20:35 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe61377c
dev-libs/openssl-compat: drop 1.1.1s
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/openssl-compat/Manifest | 2 -
.../openssl-compat/openssl-compat-1.1.1s.ebuild | 264 ---------------------
2 files changed, 266 deletions(-)
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 0826f4aee7ce..610236322663 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -1,8 +1,6 @@
DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
-DIST openssl-1.1.1s.tar.gz 9868981 BLAKE2B ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb SHA512 2ef983f166b5e1bf456ca37938e7e39d58d4cd85e9fc4b5174a05f5c37cc5ad89c3a9af97a6919bcaab128a8a92e4bdc8a045e5d9156d90768da8f73ac67c5b9
-DIST openssl-1.1.1s.tar.gz.asc 858 BLAKE2B d95f0f80d460feac737f84ed629c45aaf5e453103ef202ec7d33cf33b89ad83a9007429433b10754b725d7963b1960e350b64e8bdfe569ad149e26bef462eeca SHA512 aa6e5e940448297a90c46ba162f8e6ee324c2e202a9283328c31f996dc2259dd9f5f981d94d1cf1dd3cc73c44647b473602dacb857b9719bf066931b43b899e6
DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c
DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b
DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9
diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1s.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1s.ebuild
deleted file mode 100644
index e95f60fc6006..000000000000
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1s.ebuild
+++ /dev/null
@@ -1,264 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig linux-info
-
-MY_P=openssl-${PV/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
- verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="$(ver_cut 1-3)"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND="!=dev-libs/openssl-1.1.1*:0
- tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
- >=dev-lang/perl-5
- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
- test? (
- sys-apps/diffutils
- sys-devel/bc
- kernel_linux? ( sys-process/procps )
- )
- verify-sig? ( sec-keys/openpgp-keys-openssl )"
-
-# Do not install any docs
-DOCS=()
-
-PATCHES=(
- # General patches which are suitable to always apply
- # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
- "${FILESDIR}"/${PN/-compat}-1.1.0j-parallel_install_fix.patch # bug #671602
- "${FILESDIR}"/${PN/-compat}-1.1.1i-riscv32.patch
-)
-
-pkg_setup() {
- [[ ${MERGE_TYPE} == binary ]] && return
-
- # must check in pkg_setup; sysctl doesn't work with userpriv!
- if use test && use sctp; then
- # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
- # if sctp.auth_enable is not enabled.
- local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
- if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
- die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
- fi
- fi
-
- use test && CONFIG_CHECK="~CRYPTO_USER_API_SKCIPHER"
- linux-info_pkg_setup
-}
-
-src_unpack() {
- # Can delete this once test fix patch is dropped
- if use verify-sig ; then
- # Needed for downloaded patch (which is unsigned, which is fine)
- verify-sig_verify_detached "${DISTDIR}"/${P/-compat}.tar.gz{,.asc}
- fi
-
- default
-}
-
-src_prepare() {
- # Allow openssl to be cross-compiled
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
- chmod a+rx gentoo.config || die
-
- # Keep this in sync with app-misc/c_rehash
- SSL_CNF_DIR="/etc/ssl"
-
- # Make sure we only ever touch Makefile.org and avoid patching a file
- # that gets blown away anyways by the Configure script in src_configure
- rm -f Makefile
-
- if ! use vanilla ; then
- PATCHES+=(
- # Add patches which are Gentoo-specific customisations here
- )
- fi
-
- default
-
- if use test && use sctp && has network-sandbox ${FEATURES}; then
- einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
- rm test/recipes/80-test_ssl_new.t || die
- fi
-
- # - Make sure the man pages are suffixed (bug #302165)
- # - Don't bother building man pages if they're disabled
- # - Make DOCDIR Gentoo compliant
- sed -i \
- -e '/^MANSUFFIX/s:=.*:=ssl:' \
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
- -e $(has noman FEATURES \
- && echo '/^install:/s:install_docs::' \
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
- -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
- Configurations/unix-Makefile.tmpl \
- || die
-
- # Quiet out unknown driver argument warnings since openssl
- # doesn't have well-split CFLAGS and we're making it even worse
- # and 'make depend' uses -Werror for added fun (bug #417795 again)
- tc-is-clang && append-flags -Qunused-arguments
-
- # We really, really need to build OpenSSL w/ strict aliasing disabled.
- # It's filled with violations and it *will* result in miscompiled
- # code. This has been in the ebuild for > 10 years but even in 2022,
- # it's still relevant:
- # - https://github.com/llvm/llvm-project/issues/55255
- # - https://github.com/openssl/openssl/issues/18225
- # Don't remove the no strict aliasing bits below!
- filter-flags -fstrict-aliasing
- append-flags -fno-strict-aliasing
-
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
- append-flags $(test-flags-CC -Wa,--noexecstack)
-
- # Prefixify Configure shebang (bug #141906)
- sed \
- -e "1s,/usr/bin/env,${EPREFIX}&," \
- -i Configure || die
-
- # Remove test target when FEATURES=test isn't set
- if ! use test ; then
- sed \
- -e '/^$config{dirs}/s@ "test",@@' \
- -i Configure || die
- fi
-
- if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
- # use GNU ld full option, not to confuse it on Solaris
- sed -i \
- -e 's/-Wl,-M,/-Wl,--version-script=/' \
- -e 's/-Wl,-h,/-Wl,--soname=/' \
- Configurations/10-main.conf || die
-
- # fix building on Solaris 10
- # https://github.com/openssl/openssl/issues/6333
- sed -i \
- -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
- Configurations/10-main.conf || die
- fi
-
- # The config script does stupid stuff to prompt the user. Kill it.
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
- ./config --test-sanity || die "I AM NOT SANE"
-
- multilib_copy_sources
-}
-
-multilib_src_configure() {
- # bug #197996
- unset APPS
- # bug #312551
- unset SCRIPTS
- # bug #311473
- unset CROSS_COMPILE
-
- tc-export AR CC CXX RANLIB RC
-
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
- # See if our toolchain supports __uint128_t. If so, it's 64bit
- # friendly and can use the nicely optimized code paths, bug #460790.
- local ec_nistp_64_gcc_128
-
- # Disable it for now though (bug #469976)
- # echo "__uint128_t i;" > "${T}"/128.c
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
- # fi
-
- local sslout=$(./gentoo.config)
- einfo "Use configuration ${sslout:-(openssl knows best)}"
- local config="Configure"
- [[ -z ${sslout} ]] && config="config"
-
- # "disable-deprecated" option breaks too many consumers.
- # Don't set it without thorough revdeps testing.
- # Make sure user flags don't get added *yet* to avoid duplicated
- # flags.
- local myeconfargs=(
- ${sslout}
-
- $(use cpu_flags_x86_sse2 || echo "no-sse2")
- enable-camellia
- enable-ec
- enable-ec2m
- enable-sm2
- enable-srp
- $(use elibc_musl && echo "no-async")
- ${ec_nistp_64_gcc_128}
- enable-idea
- enable-mdc2
- enable-rc5
- $(use_ssl sslv3 ssl3)
- $(use_ssl sslv3 ssl3-method)
- $(use_ssl asm)
- $(use_ssl rfc3779)
- $(use_ssl sctp)
- $(use test || echo "no-tests")
- $(use_ssl tls-compression zlib)
- $(use_ssl tls-heartbeat heartbeats)
- $(use_ssl weak-ssl-ciphers)
-
- --prefix="${EPREFIX}"/usr
- --openssldir="${EPREFIX}"${SSL_CNF_DIR}
- --libdir=$(get_libdir)
-
- shared
- threads
- )
-
- CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
-
- # Clean out hardcoded flags that openssl uses
- local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
- -e 's:^CFLAGS=::' \
- -e 's:\(^\| \)-fomit-frame-pointer::g' \
- -e 's:\(^\| \)-O[^ ]*::g' \
- -e 's:\(^\| \)-march=[^ ]*::g' \
- -e 's:\(^\| \)-mcpu=[^ ]*::g' \
- -e 's:\(^\| \)-m[^ ]*::g' \
- -e 's:^ *::' \
- -e 's: *$::' \
- -e 's: \+: :g' \
- -e 's:\\:\\\\:g'
- )
-
- # Now insert clean default flags with user flags
- sed -i \
- -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
- -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
- Makefile || die
-}
-
-multilib_src_compile() {
- # depend is needed to use $confopts; it also doesn't matter
- # that it's -j1 as the code itself serializes subdirs
- emake -j1 depend
-
- emake build_libs
-}
-
-multilib_src_test() {
- emake -j1 test
-}
-
-multilib_src_install() {
- dolib.so lib{crypto,ssl}.so.$(ver_cut 1-2 "${SLOT}")
-}
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2023-05-30 16:01 Sam James
0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2023-05-30 16:01 UTC (permalink / raw
To: gentoo-commits
commit: 6d737227c660e1f5c1442ed11dda5fb20ec6d09b
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue May 30 16:00:22 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue May 30 16:00:29 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d737227
dev-libs/openssl-compat: add 1.1.1u
Bug: https://bugs.gentoo.org/907413
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/openssl-compat/Manifest | 2 +
.../openssl-compat/openssl-compat-1.1.1u.ebuild | 221 +++++++++++++++++++++
2 files changed, 223 insertions(+)
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 610236322663..840ba6c455ee 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -3,4 +3,6 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c
DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b
+DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919
+DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9
diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
new file mode 100644
index 000000000000..f1ff4defc6a7
--- /dev/null
+++ b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
@@ -0,0 +1,221 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=openssl-${PV/_/-}
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+ verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="$(ver_cut 1-3)"
+if [[ ${PV} != *_pre* ]] ; then
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ !=dev-libs/openssl-1.1.1*:0
+ tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ >=dev-lang/perl-5
+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+ test? (
+ sys-apps/diffutils
+ sys-devel/bc
+ kernel_linux? ( sys-process/procps )
+ )
+ verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
+
+# Do not install any docs
+DOCS=()
+
+PATCHES=(
+ # General patches which are suitable to always apply
+ # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+ "${FILESDIR}"/${PN/-compat}-1.1.0j-parallel_install_fix.patch # bug #671602
+ "${FILESDIR}"/${PN/-compat}-1.1.1i-riscv32.patch
+)
+
+pkg_setup() {
+ [[ ${MERGE_TYPE} == binary ]] && return
+
+ # must check in pkg_setup; sysctl doesn't work with userpriv!
+ if use test && use sctp; then
+ # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+ # if sctp.auth_enable is not enabled.
+ local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+ if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+ die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+ fi
+ fi
+}
+
+src_prepare() {
+ # Allow openssl to be cross-compiled
+ cp "${FILESDIR}"/gentoo.config-1.0.4 gentoo.config || die
+ chmod a+rx gentoo.config || die
+
+ # Keep this in sync with app-misc/c_rehash
+ SSL_CNF_DIR="/etc/ssl"
+
+ # Make sure we only ever touch Makefile.org and avoid patching a file
+ # that gets blown away anyways by the Configure script in src_configure
+ rm -f Makefile
+
+ if ! use vanilla ; then
+ PATCHES+=(
+ # Add patches which are Gentoo-specific customisations here
+ )
+ fi
+
+ default
+
+ if use test && use sctp && has network-sandbox ${FEATURES}; then
+ einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+ rm test/recipes/80-test_ssl_new.t || die
+ fi
+
+ # Quiet out unknown driver argument warnings since openssl
+ # doesn't have well-split CFLAGS and we're making it even worse
+ # and 'make depend' uses -Werror for added fun (bug #417795 again)
+ tc-is-clang && append-flags -Qunused-arguments
+
+ # We really, really need to build OpenSSL w/ strict aliasing disabled.
+ # It's filled with violations and it *will* result in miscompiled
+ # code. This has been in the ebuild for > 10 years but even in 2022,
+ # it's still relevant:
+ # - https://github.com/llvm/llvm-project/issues/55255
+ # - https://github.com/openssl/openssl/issues/18225
+ # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+ # Don't remove the no strict aliasing bits below!
+ filter-flags -fstrict-aliasing
+ append-flags -fno-strict-aliasing
+
+ append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+ append-flags $(test-flags-CC -Wa,--noexecstack)
+
+ # Remove test target when FEATURES=test isn't set
+ if ! use test ; then
+ sed \
+ -e '/^$config{dirs}/s@ "test",@@' \
+ -i Configure || die
+ fi
+
+ if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+ # use GNU ld full option, not to confuse it on Solaris
+ sed -i \
+ -e 's/-Wl,-M,/-Wl,--version-script=/' \
+ -e 's/-Wl,-h,/-Wl,--soname=/' \
+ Configurations/10-main.conf || die
+
+ # fix building on Solaris 10
+ # https://github.com/openssl/openssl/issues/6333
+ sed -i \
+ -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
+ Configurations/10-main.conf || die
+ fi
+
+ local sslout=$(./gentoo.config)
+ einfo "Using configuration: ${sslout:-(openssl knows best)}"
+ local config="perl Configure"
+ [[ -z ${sslout} ]] && config="sh config -v"
+
+ # The config script does stupid stuff to prompt the user. Kill it.
+ sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+ edo ${config} ${sslout} --test-sanity
+
+ multilib_copy_sources
+}
+
+multilib_src_configure() {
+ # bug #197996
+ unset APPS
+ # bug #312551
+ unset SCRIPTS
+ # bug #311473
+ unset CROSS_COMPILE
+
+ tc-export AR CC CXX RANLIB RC
+
+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+ # See if our toolchain supports __uint128_t. If so, it's 64bit
+ # friendly and can use the nicely optimized code paths, bug #460790.
+ #local ec_nistp_64_gcc_128
+ #
+ # Disable it for now though (bug #469976)
+ # Do NOT re-enable without substantial discussion first!
+ #
+ #echo "__uint128_t i;" > "${T}"/128.c
+ #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+ #fi
+
+ local sslout=$(./gentoo.config)
+ einfo "Use configuration ${sslout:-(openssl knows best)}"
+ local config="perl Configure"
+ [[ -z ${sslout} ]] && config="sh config -v"
+
+ # "disable-deprecated" option breaks too many consumers.
+ # Don't set it without thorough revdeps testing.
+ # Make sure user flags don't get added *yet* to avoid duplicated
+ # flags.
+ local myeconfargs=(
+ ${sslout}
+
+ $(use cpu_flags_x86_sse2 || echo "no-sse2")
+ enable-camellia
+ enable-ec
+ enable-ec2m
+ enable-sm2
+ enable-srp
+ $(use elibc_musl && echo "no-async")
+ ${ec_nistp_64_gcc_128}
+ enable-idea
+ enable-mdc2
+ enable-rc5
+ $(use_ssl sslv3 ssl3)
+ $(use_ssl sslv3 ssl3-method)
+ $(use_ssl asm)
+ $(use_ssl rfc3779)
+ $(use_ssl sctp)
+ $(use test || echo "no-tests")
+ $(use_ssl tls-compression zlib)
+ $(use_ssl tls-heartbeat heartbeats)
+ $(use_ssl weak-ssl-ciphers)
+
+ --prefix="${EPREFIX}"/usr
+ --openssldir="${EPREFIX}"${SSL_CNF_DIR}
+ --libdir=$(get_libdir)
+
+ shared
+ threads
+ )
+
+ edo ${config} "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+ emake all
+}
+
+multilib_src_test() {
+ emake -j1 test
+}
+
+multilib_src_install() {
+ dolib.so lib{crypto,ssl}.so.$(ver_cut 1-2 "${SLOT}")
+}
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2023-06-14 5:22 Sam James
0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2023-06-14 5:22 UTC (permalink / raw
To: gentoo-commits
commit: d51d7feb5e2f54c493024c5bd876b91043213ce8
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 14 05:22:07 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 14 05:22:07 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d51d7feb
dev-libs/openssl-compat: drop 1.1.1t
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/openssl-compat/Manifest | 2 -
.../openssl-compat/openssl-compat-1.1.1t.ebuild | 221 ---------------------
2 files changed, 223 deletions(-)
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 840ba6c455ee..6cc3d6b74332 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -1,8 +1,6 @@
DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
-DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c
-DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b
DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919
DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9
diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild
deleted file mode 100644
index f1ff4defc6a7..000000000000
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild
+++ /dev/null
@@ -1,221 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
-
-MY_P=openssl-${PV/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
- verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="$(ver_cut 1-3)"
-if [[ ${PV} != *_pre* ]] ; then
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
- !=dev-libs/openssl-1.1.1*:0
- tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-DEPEND="${RDEPEND}"
-BDEPEND="
- >=dev-lang/perl-5
- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
- test? (
- sys-apps/diffutils
- sys-devel/bc
- kernel_linux? ( sys-process/procps )
- )
- verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-# Do not install any docs
-DOCS=()
-
-PATCHES=(
- # General patches which are suitable to always apply
- # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
- "${FILESDIR}"/${PN/-compat}-1.1.0j-parallel_install_fix.patch # bug #671602
- "${FILESDIR}"/${PN/-compat}-1.1.1i-riscv32.patch
-)
-
-pkg_setup() {
- [[ ${MERGE_TYPE} == binary ]] && return
-
- # must check in pkg_setup; sysctl doesn't work with userpriv!
- if use test && use sctp; then
- # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
- # if sctp.auth_enable is not enabled.
- local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
- if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
- die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
- fi
- fi
-}
-
-src_prepare() {
- # Allow openssl to be cross-compiled
- cp "${FILESDIR}"/gentoo.config-1.0.4 gentoo.config || die
- chmod a+rx gentoo.config || die
-
- # Keep this in sync with app-misc/c_rehash
- SSL_CNF_DIR="/etc/ssl"
-
- # Make sure we only ever touch Makefile.org and avoid patching a file
- # that gets blown away anyways by the Configure script in src_configure
- rm -f Makefile
-
- if ! use vanilla ; then
- PATCHES+=(
- # Add patches which are Gentoo-specific customisations here
- )
- fi
-
- default
-
- if use test && use sctp && has network-sandbox ${FEATURES}; then
- einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
- rm test/recipes/80-test_ssl_new.t || die
- fi
-
- # Quiet out unknown driver argument warnings since openssl
- # doesn't have well-split CFLAGS and we're making it even worse
- # and 'make depend' uses -Werror for added fun (bug #417795 again)
- tc-is-clang && append-flags -Qunused-arguments
-
- # We really, really need to build OpenSSL w/ strict aliasing disabled.
- # It's filled with violations and it *will* result in miscompiled
- # code. This has been in the ebuild for > 10 years but even in 2022,
- # it's still relevant:
- # - https://github.com/llvm/llvm-project/issues/55255
- # - https://github.com/openssl/openssl/issues/18225
- # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
- # Don't remove the no strict aliasing bits below!
- filter-flags -fstrict-aliasing
- append-flags -fno-strict-aliasing
-
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
- append-flags $(test-flags-CC -Wa,--noexecstack)
-
- # Remove test target when FEATURES=test isn't set
- if ! use test ; then
- sed \
- -e '/^$config{dirs}/s@ "test",@@' \
- -i Configure || die
- fi
-
- if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
- # use GNU ld full option, not to confuse it on Solaris
- sed -i \
- -e 's/-Wl,-M,/-Wl,--version-script=/' \
- -e 's/-Wl,-h,/-Wl,--soname=/' \
- Configurations/10-main.conf || die
-
- # fix building on Solaris 10
- # https://github.com/openssl/openssl/issues/6333
- sed -i \
- -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
- Configurations/10-main.conf || die
- fi
-
- local sslout=$(./gentoo.config)
- einfo "Using configuration: ${sslout:-(openssl knows best)}"
- local config="perl Configure"
- [[ -z ${sslout} ]] && config="sh config -v"
-
- # The config script does stupid stuff to prompt the user. Kill it.
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
- edo ${config} ${sslout} --test-sanity
-
- multilib_copy_sources
-}
-
-multilib_src_configure() {
- # bug #197996
- unset APPS
- # bug #312551
- unset SCRIPTS
- # bug #311473
- unset CROSS_COMPILE
-
- tc-export AR CC CXX RANLIB RC
-
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
- # See if our toolchain supports __uint128_t. If so, it's 64bit
- # friendly and can use the nicely optimized code paths, bug #460790.
- #local ec_nistp_64_gcc_128
- #
- # Disable it for now though (bug #469976)
- # Do NOT re-enable without substantial discussion first!
- #
- #echo "__uint128_t i;" > "${T}"/128.c
- #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
- #fi
-
- local sslout=$(./gentoo.config)
- einfo "Use configuration ${sslout:-(openssl knows best)}"
- local config="perl Configure"
- [[ -z ${sslout} ]] && config="sh config -v"
-
- # "disable-deprecated" option breaks too many consumers.
- # Don't set it without thorough revdeps testing.
- # Make sure user flags don't get added *yet* to avoid duplicated
- # flags.
- local myeconfargs=(
- ${sslout}
-
- $(use cpu_flags_x86_sse2 || echo "no-sse2")
- enable-camellia
- enable-ec
- enable-ec2m
- enable-sm2
- enable-srp
- $(use elibc_musl && echo "no-async")
- ${ec_nistp_64_gcc_128}
- enable-idea
- enable-mdc2
- enable-rc5
- $(use_ssl sslv3 ssl3)
- $(use_ssl sslv3 ssl3-method)
- $(use_ssl asm)
- $(use_ssl rfc3779)
- $(use_ssl sctp)
- $(use test || echo "no-tests")
- $(use_ssl tls-compression zlib)
- $(use_ssl tls-heartbeat heartbeats)
- $(use_ssl weak-ssl-ciphers)
-
- --prefix="${EPREFIX}"/usr
- --openssldir="${EPREFIX}"${SSL_CNF_DIR}
- --libdir=$(get_libdir)
-
- shared
- threads
- )
-
- edo ${config} "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
- emake all
-}
-
-multilib_src_test() {
- emake -j1 test
-}
-
-multilib_src_install() {
- dolib.so lib{crypto,ssl}.so.$(ver_cut 1-2 "${SLOT}")
-}
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2023-06-22 2:49 Sam James
0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2023-06-22 2:49 UTC (permalink / raw
To: gentoo-commits
commit: 324aeace7c4cd283cee3f33d595ed1d2fe7337cf
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 22 02:49:06 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 22 02:49:06 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=324aeace
dev-libs/openssl-compat: Stabilize 1.1.1u amd64, #899596
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
index f1ff4defc6a7..a3b7e9c7c441 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
LICENSE="openssl"
SLOT="$(ver_cut 1-3)"
if [[ ${PV} != *_pre* ]] ; then
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+ KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
fi
IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2023-06-22 3:08 Sam James
0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2023-06-22 3:08 UTC (permalink / raw
To: gentoo-commits
commit: 7533a45a035936265952e51d43f80fb339dd1cfe
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 22 03:08:17 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 22 03:08:17 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7533a45a
dev-libs/openssl-compat: Stabilize 1.1.1u x86, #899596
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
index a3b7e9c7c441..b56cfacc466d 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
LICENSE="openssl"
SLOT="$(ver_cut 1-3)"
if [[ ${PV} != *_pre* ]] ; then
- KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+ KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
fi
IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2023-09-09 20:24 Sam James
0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2023-09-09 20:24 UTC (permalink / raw
To: gentoo-commits
commit: 10a8b8d597d27b4323d1c47e4ef91bb725b99396
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 9 19:07:22 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Sep 9 20:22:22 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10a8b8d5
dev-libs/openssl-compat: inherit stable keywords from dev-libs/openssl for 1.1.1u
Needed for rust-bin.
Bug: https://bugs.gentoo.org/797325
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
index b56cfacc466d..bd52a17cba4e 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
LICENSE="openssl"
SLOT="$(ver_cut 1-3)"
if [[ ${PV} != *_pre* ]] ; then
- KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+ KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
fi
IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2024-04-04 1:07 Sam James
0 siblings, 0 replies; 33+ messages in thread
From: Sam James @ 2024-04-04 1:07 UTC (permalink / raw
To: gentoo-commits
commit: 294aafdf1ed6355be05eeed347c754adf99dd815
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 4 01:06:59 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Apr 4 01:06:59 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=294aafdf
dev-libs/openssl-compat: Stabilize 1.0.2u-r2 arm, #928546
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
index e6142b6ffb6e..e3f11f7685f4 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
@@ -38,7 +38,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
LICENSE="openssl"
SLOT="1.0.0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla tls-compression"
RESTRICT="!bindist? ( bindist )
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2024-05-16 16:47 Arthur Zamarin
0 siblings, 0 replies; 33+ messages in thread
From: Arthur Zamarin @ 2024-05-16 16:47 UTC (permalink / raw
To: gentoo-commits
commit: 7caf1146efdda173cb44ae391c08bddb3bea03f3
Author: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu May 16 16:47:14 2024 +0000
Commit: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu May 16 16:47:14 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7caf1146
dev-libs/openssl-compat: Stabilize 1.0.2u-r2 arm64, #928546
Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
index e3f11f7685f4..00f2576c4730 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
@@ -38,7 +38,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
LICENSE="openssl"
SLOT="1.0.0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla tls-compression"
RESTRICT="!bindist? ( bindist )
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2024-07-01 18:55 Mike Gilbert
0 siblings, 0 replies; 33+ messages in thread
From: Mike Gilbert @ 2024-07-01 18:55 UTC (permalink / raw
To: gentoo-commits
commit: 017ff8275951bbb887d34f5b99d6cad70a191aae
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 1 18:47:41 2024 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Jul 1 18:53:26 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=017ff827
dev-libs/openssl-compat: update SRC_URI
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
index 00f2576c4730..97604a0d3850 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
@@ -25,16 +25,12 @@ DESCRIPTION="full-strength general purpose cryptography library (including SSL a
HOMEPAGE="https://www.openssl.org/"
SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
bindist? (
- mirror://gentoo/${BINDIST_PATCH_SET}
- https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+ mirror://gentoo/bb/${BINDIST_PATCH_SET}
)
!vanilla? (
- mirror://gentoo/${PATCH_SET}.tar.xz
https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
- https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
- https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
)
- https://dev.gentoo.org/~whissi/dist/openssl/openssl-compat-1.0.2u-versioned-symbols.patch.gz"
+ mirror://gentoo/ec/openssl-compat-1.0.2u-versioned-symbols.patch.gz"
LICENSE="openssl"
SLOT="1.0.0"
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
@ 2024-08-25 15:24 Andreas K. Hüttel
0 siblings, 0 replies; 33+ messages in thread
From: Andreas K. Hüttel @ 2024-08-25 15:24 UTC (permalink / raw
To: gentoo-commits
commit: 1d4b06a59f2e9a720ce235a2bcbc7ca50e47f479
Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 25 15:17:04 2024 +0000
Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Sun Aug 25 15:24:07 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1d4b06a5
dev-libs/openssl-compat: remove ~mips, library and leaf package
Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>
dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild | 2 +-
dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
index 97604a0d3850..e3253c9ccdee 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r2.ebuild
@@ -34,7 +34,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
LICENSE="openssl"
SLOT="1.0.0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla tls-compression"
RESTRICT="!bindist? ( bindist )
diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
index 49b04530e1d4..a65872c626ca 100644
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
+++ b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
LICENSE="openssl"
SLOT="$(ver_cut 1-3)"
if [[ ${PV} != *_pre* ]] ; then
- KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+ KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
fi
IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 33+ messages in thread
end of thread, other threads:[~2024-08-25 15:24 UTC | newest]
Thread overview: 33+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-09-16 0:06 [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/ Thomas Deutschmann
-- strict thread matches above, loose matches on Subject: below --
2024-08-25 15:24 Andreas K. Hüttel
2024-07-01 18:55 Mike Gilbert
2024-05-16 16:47 Arthur Zamarin
2024-04-04 1:07 Sam James
2023-09-09 20:24 Sam James
2023-06-22 3:08 Sam James
2023-06-22 2:49 Sam James
2023-06-14 5:22 Sam James
2023-05-30 16:01 Sam James
2023-05-13 3:23 Sam James
2022-12-15 6:16 Sam James
2022-11-15 8:46 Sam James
2022-06-11 5:12 Sam James
2021-07-21 12:56 Thomas Deutschmann
2020-05-19 9:49 Thomas Deutschmann
2020-05-19 9:49 Thomas Deutschmann
2020-05-08 23:28 Thomas Deutschmann
2020-01-01 21:25 Thomas Deutschmann
2020-01-01 21:25 Thomas Deutschmann
2019-12-21 20:31 Thomas Deutschmann
2019-11-25 0:42 Thomas Deutschmann
2019-11-02 14:56 Thomas Deutschmann
2019-10-22 7:45 Lars Wendler
2019-10-01 19:38 Thomas Deutschmann
2019-09-16 0:06 Thomas Deutschmann
2019-09-16 0:06 Thomas Deutschmann
2019-09-15 20:37 Thomas Deutschmann
2019-09-15 20:28 Thomas Deutschmann
2019-09-13 12:15 Mikle Kolyada
2019-09-13 0:00 Thomas Deutschmann
2019-09-12 13:57 Thomas Deutschmann
2019-08-23 18:10 Thomas Deutschmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox