[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     895d71e3d1c76e283f09143480870a500a889233
Author:     Mathieu Tortuyaux <mtortuyaux <AT> microsoft <DOT> com>
AuthorDate: Tue Nov  2 12:52:20 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Nov  2 15:00:10 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=895d71e3

dev-libs/openssl: add `fips` support

`FIPS` provider is not enabled by default with OpenSSL version 3. Let's
make it optional by adding conditional `fips` internal useflag.

See also: https://github.com/openssl/openssl/blob/master/README-FIPS.md

Bug: https://bugs.gentoo.org/820173
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Mathieu Tortuyaux <mtortuyaux <AT> microsoft.com>
Closes: https://github.com/gentoo/gentoo/pull/22796
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/metadata.xml         | 1 +
 dev-libs/openssl/openssl-3.0.0.ebuild | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml
index a338ff2ba12..e0b7df73655 100644
--- a/dev-libs/openssl/metadata.xml
+++ b/dev-libs/openssl/metadata.xml
@@ -8,6 +8,7 @@
 <use>
  <flag name="asm">Support assembly hand optimized crypto functions (i.e. faster run time)</flag>
  <flag name="bindist">Disable/Restrict EC algorithms (as they seem to be patented) -- note: changes the ABI</flag>
+ <flag name="fips">Enable FIPS provider</flag>
  <flag name="ktls">Enable support for Kernel implementation of TLS (kTLS)</flag>
  <flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
  <flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag>

diff --git a/dev-libs/openssl/openssl-3.0.0.ebuild b/dev-libs/openssl/openssl-3.0.0.ebuild
index c7bab83b760..dad6d1b877b 100644
--- a/dev-libs/openssl/openssl-3.0.0.ebuild
+++ b/dev-libs/openssl/openssl-3.0.0.ebuild
@@ -22,7 +22,7 @@ fi
 LICENSE="Apache-2.0"
 SLOT="0/3" # .so version of libssl/libcrypto
 
-IUSE="+asm cpu_flags_x86_sse2 elibc_musl ktls rfc3779 sctp static-libs test tls-compression vanilla"
+IUSE="+asm cpu_flags_x86_sse2 elibc_musl fips ktls rfc3779 sctp static-libs test tls-compression vanilla"
 RESTRICT="!test? ( test )"
 
 COMMON_DEPEND="
@@ -171,6 +171,7 @@ multilib_src_configure() {
 		enable-idea
 		enable-mdc2
 		enable-rc5
+		$(use fips && echo "enable-fips")
 		$(use_ssl asm)
 		$(use_ssl ktls)
 		$(use_ssl rfc3779)

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jakov Smolić]

commit:     5982772de59d228af26f55bfc46c7d11fb2ed78d
Author:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 12 16:16:28 2024 +0000
Commit:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
CommitDate: Thu Sep 12 16:16:28 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5982772d

dev-libs/openssl: Stabilize 3.0.14 ppc64, #938907

Signed-off-by: Jakov Smolić <jsmolic <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.14.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.14.ebuild b/dev-libs/openssl/openssl-3.0.14.ebuild
index e7ad25cf9b87..145622ee2d95 100644
--- a/dev-libs/openssl/openssl-3.0.14.ebuild
+++ b/dev-libs/openssl/openssl-3.0.14.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     85ef004f6fd2f4a060ca16a9005db29c9c2f374e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Sep  5 00:04:02 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Sep  5 00:04:02 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85ef004f

dev-libs/openssl: Stabilize 3.0.14 arm64, #938907

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.14.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.14.ebuild b/dev-libs/openssl/openssl-3.0.14.ebuild
index 6d9843c05000..e7ad25cf9b87 100644
--- a/dev-libs/openssl/openssl-3.0.14.ebuild
+++ b/dev-libs/openssl/openssl-3.0.14.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     37b0d114fe764ab8ed117a01a339c242eb980358
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Mon Sep  2 07:29:27 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Mon Sep  2 07:29:27 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=37b0d114

dev-libs/openssl: Stabilize 3.0.14 sparc, #938907

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.14.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.14.ebuild b/dev-libs/openssl/openssl-3.0.14.ebuild
index 3c87d5a7aee9..6d9843c05000 100644
--- a/dev-libs/openssl/openssl-3.0.14.ebuild
+++ b/dev-libs/openssl/openssl-3.0.14.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     5f8932e6acb1cdce5aac785e9e20d48c562077b7
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Mon Sep  2 07:29:26 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Mon Sep  2 07:29:26 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f8932e6

dev-libs/openssl: Stabilize 3.0.14 x86, #938907

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.14.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.14.ebuild b/dev-libs/openssl/openssl-3.0.14.ebuild
index a1d53e5854e7..3c87d5a7aee9 100644
--- a/dev-libs/openssl/openssl-3.0.14.ebuild
+++ b/dev-libs/openssl/openssl-3.0.14.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     5f7d0127604b8e39b881b7bb5ce8faf0a74731e6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Sep  2 06:47:46 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Sep  2 06:47:46 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f7d0127

dev-libs/openssl: Stabilize 3.0.14 amd64, #938907

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.14.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.14.ebuild b/dev-libs/openssl/openssl-3.0.14.ebuild
index fd4d92a9cffa..a1d53e5854e7 100644
--- a/dev-libs/openssl/openssl-3.0.14.ebuild
+++ b/dev-libs/openssl/openssl-3.0.14.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     37afec878a990da113784452302aec0a19916e42
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Sep  2 06:31:27 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Sep  2 06:31:27 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=37afec87

dev-libs/openssl: Stabilize 3.0.14 arm, #938907

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.14.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.14.ebuild b/dev-libs/openssl/openssl-3.0.14.ebuild
index 2a3a9723b5e3..fd4d92a9cffa 100644
--- a/dev-libs/openssl/openssl-3.0.14.ebuild
+++ b/dev-libs/openssl/openssl-3.0.14.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Ionen Wolkens]

commit:     8cfb9eff9d36827e82e84866b5825fd36c92dae7
Author:     Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Wed Aug 28 17:53:55 2024 +0000
Commit:     Ionen Wolkens <ionen <AT> gentoo <DOT> org>
CommitDate: Thu Aug 29 14:28:10 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8cfb9eff

dev-libs/openssl: Keyword 3.3.1-r3 loong, #936268

Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Signed-off-by: Ionen Wolkens <ionen <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1-r3.ebuild b/dev-libs/openssl/openssl-3.3.1-r3.ebuild
index ebcca4d12f99..dc14ae4b9b07 100644
--- a/dev-libs/openssl/openssl-3.3.1-r3.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1-r3.ebuild
@@ -25,7 +25,7 @@ else
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 	fi
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     6410bdde74e94faa7830ddf913a39c68963dcb4b
Author:     Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Thu Aug  8 22:57:58 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat Aug 10 17:44:46 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6410bdde

dev-libs/openssl: Keyword 3.3.1-r3 riscv, #936268

Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1-r3.ebuild b/dev-libs/openssl/openssl-3.3.1-r3.ebuild
index 732474fcf8be..9aa6b7a630d7 100644
--- a/dev-libs/openssl/openssl-3.3.1-r3.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1-r3.ebuild
@@ -25,7 +25,7 @@ else
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 	fi
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     e30e14217e825e311c295f626a5448117a08f4ae
Author:     Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Fri Aug  9 03:31:25 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat Aug 10 17:44:46 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e30e1421

dev-libs/openssl: Keyword 3.3.1-r3 alpha, #936268

Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1-r3.ebuild b/dev-libs/openssl/openssl-3.3.1-r3.ebuild
index 9aa6b7a630d7..ebcca4d12f99 100644
--- a/dev-libs/openssl/openssl-3.3.1-r3.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1-r3.ebuild
@@ -25,7 +25,7 @@ else
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 	fi
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     69b71e800a83151c77f454b00b60d20e361a3b48
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Aug  8 20:36:55 2024 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Aug  8 20:36:55 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69b71e80

dev-libs/openssl: drop 3.3.1-r1

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1-r1.ebuild | 307 -------------------------------
 1 file changed, 307 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.3.1-r1.ebuild b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
deleted file mode 100644
index b12a8eb58d2a..000000000000
--- a/dev-libs/openssl/openssl-3.3.1-r1.ebuild
+++ /dev/null
@@ -1,307 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://openssl-library.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz
-		verify-sig? (
-			https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz.asc
-		)
-	"
-
-	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-	fi
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls +quic rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20240424 )
-"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	# bug 936311, drop on next version bump
-	"${FILESDIR}"/${P}-riscv.patch
-	# https://bugs.gentoo.org/936793
-	"${FILESDIR}"/openssl-3.3.1-pkg-config.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile || die
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308 -- check inserts GNU ld-compatible arguments
-	[[ ${CHOST} == *-darwin* ]] || append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(multilib_is_native_abi || echo "no-docs")
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use quic && echo "enable-quic")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-}
-
-multilib_src_test() {
-	# See https://github.com/openssl/openssl/blob/master/test/README.md for options.
-	#
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	#
-	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
-	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
-	# controls running the tests.
-	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     11ac41360b39e9383a18060b713412b10f3ac785
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Aug  8 20:33:40 2024 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Aug  8 20:34:16 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11ac4136

dev-libs/openssl: keyword 3.3.1-r3 for ~arm64, ~hppa, ~ppc, ~ppc64

Bug: https://bugs.gentoo.org/936268
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1-r3.ebuild b/dev-libs/openssl/openssl-3.3.1-r3.ebuild
index ede3297ccbdf..732474fcf8be 100644
--- a/dev-libs/openssl/openssl-3.3.1-r3.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1-r3.ebuild
@@ -25,7 +25,7 @@ else
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~amd64 ~arm ~m68k ~mips ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 	fi
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Viorel Munteanu]

commit:     e4e89b57f512b3836dc81c8bc689fb0ec8abcb1e
Author:     Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Tue Aug  6 17:58:17 2024 +0000
Commit:     Viorel Munteanu <ceamac <AT> gentoo <DOT> org>
CommitDate: Thu Aug  8 05:45:32 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4e89b57

dev-libs/openssl: Keyword 3.3.1-r1 hppa, #936268

Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Signed-off-by: Viorel Munteanu <ceamac <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1-r1.ebuild b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
index c01b8662e767..88dec1e6916d 100644
--- a/dev-libs/openssl/openssl-3.3.1-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
@@ -25,7 +25,7 @@ else
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~amd64 ~arm ~m68k ~mips ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+		KEYWORDS="~amd64 ~arm ~hppa ~m68k ~mips ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 	fi
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Viorel Munteanu]

commit:     1c3df0c5830dd229a6ffce5e4740bfe05463f04f
Author:     Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Thu Aug  8 03:57:01 2024 +0000
Commit:     Viorel Munteanu <ceamac <AT> gentoo <DOT> org>
CommitDate: Thu Aug  8 05:45:32 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c3df0c5

dev-libs/openssl: Keyword 3.3.1-r1 ppc, #936268

Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Signed-off-by: Viorel Munteanu <ceamac <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1-r1.ebuild b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
index 3735551e5b34..b12a8eb58d2a 100644
--- a/dev-libs/openssl/openssl-3.3.1-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
@@ -25,7 +25,7 @@ else
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc64 ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 	fi
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Viorel Munteanu]

commit:     9dbd40f396f4d538bdb878b6dfb017a116198568
Author:     Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Tue Aug  6 20:11:48 2024 +0000
Commit:     Viorel Munteanu <ceamac <AT> gentoo <DOT> org>
CommitDate: Thu Aug  8 05:45:32 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9dbd40f3

dev-libs/openssl: Keyword 3.3.1-r1 arm64, #936268

Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Signed-off-by: Viorel Munteanu <ceamac <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1-r1.ebuild b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
index 88dec1e6916d..52792fa353ff 100644
--- a/dev-libs/openssl/openssl-3.3.1-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
@@ -25,7 +25,7 @@ else
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~amd64 ~arm ~hppa ~m68k ~mips ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 	fi
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Viorel Munteanu]

commit:     1c3d7992e5a0d8ff65168b2b1ae8c96e88b240e0
Author:     Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Wed Aug  7 20:21:37 2024 +0000
Commit:     Viorel Munteanu <ceamac <AT> gentoo <DOT> org>
CommitDate: Thu Aug  8 05:45:32 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c3d7992

dev-libs/openssl: Keyword 3.3.1-r1 ppc64, #936268

Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Signed-off-by: Viorel Munteanu <ceamac <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1-r1.ebuild b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
index 52792fa353ff..3735551e5b34 100644
--- a/dev-libs/openssl/openssl-3.3.1-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
@@ -25,7 +25,7 @@ else
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc64 ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 	fi
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     c1886ab4240290daa97a68335e129fd4ac4900f7
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Aug  7 02:40:22 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Aug  7 02:40:22 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1886ab4

dev-libs/openssl: crank verify-sig dep

Closes: https://bugs.gentoo.org/937353
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.2.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.2.2.ebuild b/dev-libs/openssl/openssl-3.2.2.ebuild
index 78b6c73b9715..a1d16e48ec38 100644
--- a/dev-libs/openssl/openssl-3.2.2.ebuild
+++ b/dev-libs/openssl/openssl-3.2.2.ebuild
@@ -48,7 +48,7 @@ BDEPEND="
 		app-alternatives/bc
 		sys-process/procps
 	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20240424 )"
 
 DEPEND="${COMMON_DEPEND}"
 RDEPEND="${COMMON_DEPEND}"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     d6742ae76e50ab8c99724e5329dd3eb3bccdf96e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Aug  3 03:22:43 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug  3 05:06:37 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6742ae7

dev-libs/openssl: drop 3.1.5-r2

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest                |   2 -
 dev-libs/openssl/openssl-3.1.5-r2.ebuild | 286 -------------------------------
 2 files changed, 288 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 143561033212..9b9782d1077f 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -7,8 +7,6 @@ DIST openssl-3.0.13.tar.gz 15294843 BLAKE2B 869aa5f70a8c1d0cac6027e9261530df70ab
 DIST openssl-3.0.13.tar.gz.asc 833 BLAKE2B 519515b6faa505d68ff9acc30db9515fac494145086fa5ad9561c39385a6fabb39ad9de10fedd49c8fc716ec59ea1b13ec5e6b466e549ea9f29b8d0bb74ba7b3 SHA512 c52d97c93d16f3ca2a7026fb25890482b6d86c37b5ab686c56b0e08522743ec4ea3f84afa4deb64b0df0d9a16b557430c4d4139ab42ffcf97d769b61d1e6197c
 DIST openssl-3.0.14.tar.gz 15305497 BLAKE2B 7426aea63d5495775c4a0440658cc9c46c4aa31c31473cd5519c2b1ca158e122634e0bbc275237d3eb124fc8bed3d58808d8ac1d228f24f7281d2630ff7813e0 SHA512 1c59c01e60da902a20780d71f1fa5055d4037f38c4bc3fb27ed5b91f211b36a6018055409441ad4df58b5e9232b2528240d02067272c3c9ccb8c221449ca9ac0
 DIST openssl-3.0.14.tar.gz.asc 833 BLAKE2B 8a700452f6f698fbfa206469888fd72706f1798be212e712fd8a4c1ae87f0d98d54820974c64a3db3b5ac69d7beda665f462e83182337391212c0e72e1feb72e SHA512 003d17a2b71176517f5bfba6699c18b271111e5fec3effc275b965286140d1281fa6f5f5e6bcf63feca89dfa035ab776bda8d2af4b71ae921ca9e7a936581fb4
-DIST openssl-3.1.5.tar.gz 15663524 BLAKE2B a12eb88b0a4f2d927123e0d3ca7d2f80f2bdc867c710d24700fe39b631b93d90c73c3deceff151a9fa818ac88026eb798f3253f22d03c839ab9574086fa61eee SHA512 82e2ac6b3d9b03f8fc66d2ec421246e989eb702eb94586515abfb5afb5300391a0beedf6a2602f61ac10896b41e5608feeeeb4d37714fa17ac0f2ce465249fa9
-DIST openssl-3.1.5.tar.gz.asc 833 BLAKE2B 633502ec0a87074136d7ea42d9ac5f3df53523560d2a97410b5b57d28d916336da95ab5521c10f94202e3a0995331f0e17bdcf8843135634a5d5a95cfafc7b21 SHA512 48187bb8a7bdbd8b76fdcca736d2b03e2a89330b304eefb4e9620f570c741c60f2023307d8619ba1fa101a99223f94895e7be57ced6547a4fb06bd4c3677533a
 DIST openssl-3.1.6.tar.gz 15672690 BLAKE2B 70112a7ece66bb6faf1a262c503c1df08924b8c1b9b08a1395856f903b1d1b4a38956b485e83415c29fafbf990ae8aced9b2fb0a2af84863b5c0a2a6581282cf SHA512 18ca07ee6a98d5fe46accfa0156e0354ad770d78bbbbe8e4bb92b316a0e4404f17a34eb700f17ed355d826a4b2166894aa46d8dd81fedbcb16aa1aad0926a390
 DIST openssl-3.1.6.tar.gz.asc 833 BLAKE2B 24fbb26ccf60ede99b9ea6ef6a2a8f1ae89c7881c21eafafeae7a498332dbaf7e52c94b2c52247e34511cc4bd204e71a68aa1a6dab133376e1f15bf676ef58be SHA512 ef3ca59527ca7b00430c251df399ea2cbe47ef0deebf4158250baac8e575ea26582756228f12dd0f7009b55199b0134e77ec47ade9835f1785c74703aa84987e
 DIST openssl-3.2.1.tar.gz 17733249 BLAKE2B 960222e0305166160e5ab000e29650b92063bf726551ee9ad46060166d99738d1e3a5b86fd28b14c8f4fb3a72f5aa70850defb87c02990acff3dbcbdac40b347 SHA512 bab2b2419319f1feffaba4692f03edbf13b44d1090c6e075a2d69dad67a2d51e64e6edbf83456a26c83900a726d20d2c4ee4ead9c94b322fd0b536f3b5a863c4

diff --git a/dev-libs/openssl/openssl-3.1.5-r2.ebuild b/dev-libs/openssl/openssl-3.1.5-r2.ebuild
deleted file mode 100644
index 7bb70dbf74f3..000000000000
--- a/dev-libs/openssl/openssl-3.1.5-r2.ebuild
+++ /dev/null
@@ -1,286 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://openssl-library.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${P}-p11-segfault.patch
-	"${FILESDIR}"/${P}-CVE-2024-2511.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     513dc576a7cd0c3bf2b3472d0cd1bd7b75fb7a50
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Aug  3 03:23:58 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug  3 05:06:38 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=513dc576

dev-libs/openssl: drop 3.2.1-r2

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest                |   2 -
 dev-libs/openssl/openssl-3.2.1-r2.ebuild | 308 -------------------------------
 2 files changed, 310 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 9b9782d1077f..27750f85fee5 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -9,8 +9,6 @@ DIST openssl-3.0.14.tar.gz 15305497 BLAKE2B 7426aea63d5495775c4a0440658cc9c46c4a
 DIST openssl-3.0.14.tar.gz.asc 833 BLAKE2B 8a700452f6f698fbfa206469888fd72706f1798be212e712fd8a4c1ae87f0d98d54820974c64a3db3b5ac69d7beda665f462e83182337391212c0e72e1feb72e SHA512 003d17a2b71176517f5bfba6699c18b271111e5fec3effc275b965286140d1281fa6f5f5e6bcf63feca89dfa035ab776bda8d2af4b71ae921ca9e7a936581fb4
 DIST openssl-3.1.6.tar.gz 15672690 BLAKE2B 70112a7ece66bb6faf1a262c503c1df08924b8c1b9b08a1395856f903b1d1b4a38956b485e83415c29fafbf990ae8aced9b2fb0a2af84863b5c0a2a6581282cf SHA512 18ca07ee6a98d5fe46accfa0156e0354ad770d78bbbbe8e4bb92b316a0e4404f17a34eb700f17ed355d826a4b2166894aa46d8dd81fedbcb16aa1aad0926a390
 DIST openssl-3.1.6.tar.gz.asc 833 BLAKE2B 24fbb26ccf60ede99b9ea6ef6a2a8f1ae89c7881c21eafafeae7a498332dbaf7e52c94b2c52247e34511cc4bd204e71a68aa1a6dab133376e1f15bf676ef58be SHA512 ef3ca59527ca7b00430c251df399ea2cbe47ef0deebf4158250baac8e575ea26582756228f12dd0f7009b55199b0134e77ec47ade9835f1785c74703aa84987e
-DIST openssl-3.2.1.tar.gz 17733249 BLAKE2B 960222e0305166160e5ab000e29650b92063bf726551ee9ad46060166d99738d1e3a5b86fd28b14c8f4fb3a72f5aa70850defb87c02990acff3dbcbdac40b347 SHA512 bab2b2419319f1feffaba4692f03edbf13b44d1090c6e075a2d69dad67a2d51e64e6edbf83456a26c83900a726d20d2c4ee4ead9c94b322fd0b536f3b5a863c4
-DIST openssl-3.2.1.tar.gz.asc 833 BLAKE2B a1d25fe30bf1804d13a8b6b98edf56be5bf744d9e2706f4169455c24efe2e3a361487d00d0d4bac240c3f0170693d77a39dd0d4ee5c792d2247aa00c47e74ebf SHA512 de39516c7b77612f33cdc830a8d13ef6bcd91c03d24a6ed105480f140f9e1ad7049844e234c96a516d62e0e33ce90442ffd0f309ea674884c735f04d8562f372
 DIST openssl-3.2.2.tar.gz 17744472 BLAKE2B f42d44f31dc9ccf26ffe1fdd4a0119506a211808f92e860a34118109eae2ee7bcb5b0f43cbdf9eb811cd185cb53e092e62d652f7c0c0ce55b13289f7489073c9 SHA512 ebc945065f62a8a2ea4e2f136a2afaea4d38a03bb07a148f7fb73c34a64475a4069de122ebee11a66e421dbd58756ad7ab2d3f905dc90acee72d62757d8c0a2d
 DIST openssl-3.2.2.tar.gz.asc 833 BLAKE2B 09ef1766e771e1d7aac675a09bd9588ee9d76a1fe39794826fd5d9057ae41366a7e92fe81a40bc2fe19a309be612687d8ff760da3f3c44115e3b21b0342b5f46 SHA512 7a798e9c02d25510f4ec49b8956ebf4288760e1272bf327f36b253045ab2f50ac8042071f78984d1b463f07aa2b027f26ad2fbc31deacaac5658fc35437ddc66
 DIST openssl-3.3.0.tar.gz 18038030 BLAKE2B c68efaf8aca87961f396e305acc767b56d651b9adf4fd2c9d9b5a3266e35da4b856c6ed34be47d656c782aade975f20317a6759913b33d29d7eb088e638fa501 SHA512 1f9daeee6542e1b831c65f1f87befaef98ccedc3abc958c9d17f064ef771924c30849e3ff880f94eed4aaa9d81ea105e3bc8815e6d2e4d6b60b5e890f14fc5da

diff --git a/dev-libs/openssl/openssl-3.2.1-r2.ebuild b/dev-libs/openssl/openssl-3.2.1-r2.ebuild
deleted file mode 100644
index a9374f5f25de..000000000000
--- a/dev-libs/openssl/openssl-3.2.1-r2.ebuild
+++ /dev/null
@@ -1,308 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://openssl-library.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-
-	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-	fi
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${P}-p11-segfault.patch
-	# bug 923956 (drop on next version bump)
-	"${FILESDIR}"/${P}-riscv.patch
-	"${FILESDIR}"/${P}-CVE-2024-2511.patch
-	"${FILESDIR}"/${P}-s390x.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308 -- check inserts GNU ld-compatible arguments
-	[[ ${CHOST} == *-darwin* ]] || append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# See https://github.com/openssl/openssl/blob/master/test/README.md for options.
-	#
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	#
-	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
-	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
-	# controls running the tests.
-	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     742598b43b29b50b31b40c194e1ae5cc1ea508df
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Aug  3 03:24:17 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug  3 05:06:39 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=742598b4

dev-libs/openssl: drop 3.3.0

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 -
 dev-libs/openssl/openssl-3.3.0.ebuild | 301 ----------------------------------
 2 files changed, 303 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 27750f85fee5..962bb20fa95f 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -11,7 +11,5 @@ DIST openssl-3.1.6.tar.gz 15672690 BLAKE2B 70112a7ece66bb6faf1a262c503c1df08924b
 DIST openssl-3.1.6.tar.gz.asc 833 BLAKE2B 24fbb26ccf60ede99b9ea6ef6a2a8f1ae89c7881c21eafafeae7a498332dbaf7e52c94b2c52247e34511cc4bd204e71a68aa1a6dab133376e1f15bf676ef58be SHA512 ef3ca59527ca7b00430c251df399ea2cbe47ef0deebf4158250baac8e575ea26582756228f12dd0f7009b55199b0134e77ec47ade9835f1785c74703aa84987e
 DIST openssl-3.2.2.tar.gz 17744472 BLAKE2B f42d44f31dc9ccf26ffe1fdd4a0119506a211808f92e860a34118109eae2ee7bcb5b0f43cbdf9eb811cd185cb53e092e62d652f7c0c0ce55b13289f7489073c9 SHA512 ebc945065f62a8a2ea4e2f136a2afaea4d38a03bb07a148f7fb73c34a64475a4069de122ebee11a66e421dbd58756ad7ab2d3f905dc90acee72d62757d8c0a2d
 DIST openssl-3.2.2.tar.gz.asc 833 BLAKE2B 09ef1766e771e1d7aac675a09bd9588ee9d76a1fe39794826fd5d9057ae41366a7e92fe81a40bc2fe19a309be612687d8ff760da3f3c44115e3b21b0342b5f46 SHA512 7a798e9c02d25510f4ec49b8956ebf4288760e1272bf327f36b253045ab2f50ac8042071f78984d1b463f07aa2b027f26ad2fbc31deacaac5658fc35437ddc66
-DIST openssl-3.3.0.tar.gz 18038030 BLAKE2B c68efaf8aca87961f396e305acc767b56d651b9adf4fd2c9d9b5a3266e35da4b856c6ed34be47d656c782aade975f20317a6759913b33d29d7eb088e638fa501 SHA512 1f9daeee6542e1b831c65f1f87befaef98ccedc3abc958c9d17f064ef771924c30849e3ff880f94eed4aaa9d81ea105e3bc8815e6d2e4d6b60b5e890f14fc5da
-DIST openssl-3.3.0.tar.gz.asc 833 BLAKE2B 207b9fd53de6f57fe24d6a6e5e9f735b7649258bb2873b6c1e29b7d2689c9a75774dbf09392be40f8a8ab240e4e6c745e2864155e8b0f2f3f5ca3b45051e869a SHA512 8750daa607e6bfd2326a4d4f04c9c04608d9fa852fc1515acf1fcf3d1ad33b8ba8435d9ef1ac3a032fecd09aa90446c53996045506bcfbddb7544bb61b26af24
 DIST openssl-3.3.1.tar.gz 18055752 BLAKE2B b09bbe94f49c33015fbcee5f578a20c0da33c289791bf33292170d5d3de44ea2e22144ee11067947aef2733e979c0fded875a4ec92d81468285837053447e68e SHA512 d3682a5ae0721748c6b9ec2f1b74d2b1ba61ee6e4c0d42387b5037a56ef34312833b6abb522d19400b45d807dd65cc834156f5e891cb07fbaf69fcf67e1c595d
 DIST openssl-3.3.1.tar.gz.asc 833 BLAKE2B e22c068dfcd0205f1cd27f965b76dcaf59bed61181523f198e40d61a4867b20a7636c853c427497559362a92766f430807f02b693821ac38daaa898946f2dba2 SHA512 ae2db74829b71a68e1fc86229396d76f60a9a98e6bba9adc62bdcf2581b60fb0e29ecde2b53a5686c452e754801568e05d3c4f47e8faf02219ac1aae78283338

diff --git a/dev-libs/openssl/openssl-3.3.0.ebuild b/dev-libs/openssl/openssl-3.3.0.ebuild
deleted file mode 100644
index 1ec5e236d56b..000000000000
--- a/dev-libs/openssl/openssl-3.3.0.ebuild
+++ /dev/null
@@ -1,301 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://openssl-library.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-
-	#if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-	#	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-	#fi
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls quic rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20240424 )
-"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile || die
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308 -- check inserts GNU ld-compatible arguments
-	[[ ${CHOST} == *-darwin* ]] || append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(multilib_is_native_abi || echo "no-docs")
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use quic && echo "enable-quic")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-}
-
-multilib_src_test() {
-	# See https://github.com/openssl/openssl/blob/master/test/README.md for options.
-	#
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	#
-	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
-	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
-	# controls running the tests.
-	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     1ca220c1899ef2e9a4eb1b97d9474b228e117428
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Aug  3 03:20:14 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug  3 03:20:14 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ca220c1

dev-libs/openssl: update SRC_URI for latest releases (3.1.6/3.2.2/3.3.1)

Follow the redirect from openssl -> github. They've been planning it
for a whlie so it's legitimate.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.1.6.ebuild    | 6 ++++--
 dev-libs/openssl/openssl-3.2.2.ebuild    | 6 ++++--
 dev-libs/openssl/openssl-3.3.1-r1.ebuild | 6 ++++--
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.1.6.ebuild b/dev-libs/openssl/openssl-3.1.6.ebuild
index 5022ced54606..96fc87688904 100644
--- a/dev-libs/openssl/openssl-3.1.6.ebuild
+++ b/dev-libs/openssl/openssl-3.1.6.ebuild
@@ -18,8 +18,10 @@ if [[ ${PV} == 9999 ]] ; then
 	inherit git-r3
 else
 	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+		https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz
+		verify-sig? (
+			https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz.asc
+		)
 	"
 	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi

diff --git a/dev-libs/openssl/openssl-3.2.2.ebuild b/dev-libs/openssl/openssl-3.2.2.ebuild
index 6e64b9892807..78b6c73b9715 100644
--- a/dev-libs/openssl/openssl-3.2.2.ebuild
+++ b/dev-libs/openssl/openssl-3.2.2.ebuild
@@ -18,8 +18,10 @@ if [[ ${PV} == 9999 ]] ; then
 	inherit git-r3
 else
 	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+		https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz
+		verify-sig? (
+			https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz.asc
+		)
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then

diff --git a/dev-libs/openssl/openssl-3.3.1-r1.ebuild b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
index 973266bc9083..c01b8662e767 100644
--- a/dev-libs/openssl/openssl-3.3.1-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
@@ -18,8 +18,10 @@ if [[ ${PV} == 9999 ]] ; then
 	inherit git-r3
 else
 	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+		https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz
+		verify-sig? (
+			https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz.asc
+		)
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     03960013634a39f41a1e0fdc7daabf29a6f4e5b5
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Aug  3 03:15:10 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug  3 03:15:10 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=03960013

dev-libs/openssl: update HOMEPAGE

See https://openssl-library.org/post/2024-07-24-openssl-new-governance-structure/
and https://lwn.net/Articles/983120.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2u-r1.ebuild | 2 +-
 dev-libs/openssl/openssl-1.1.1w.ebuild    | 2 +-
 dev-libs/openssl/openssl-3.0.13-r2.ebuild | 2 +-
 dev-libs/openssl/openssl-3.0.14.ebuild    | 2 +-
 dev-libs/openssl/openssl-3.1.5-r2.ebuild  | 2 +-
 dev-libs/openssl/openssl-3.1.6.ebuild     | 2 +-
 dev-libs/openssl/openssl-3.2.1-r2.ebuild  | 2 +-
 dev-libs/openssl/openssl-3.2.2.ebuild     | 2 +-
 dev-libs/openssl/openssl-3.3.0.ebuild     | 2 +-
 dev-libs/openssl/openssl-3.3.1-r1.ebuild  | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2u-r1.ebuild b/dev-libs/openssl/openssl-1.0.2u-r1.ebuild
index c2abe15ce890..eface797e109 100644
--- a/dev-libs/openssl/openssl-1.0.2u-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2u-r1.ebuild
@@ -22,7 +22,7 @@ MY_P=${P/_/-}
 BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
 
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
+HOMEPAGE="https://openssl-library.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 	bindist? (
 		mirror://gentoo/bb/${BINDIST_PATCH_SET}

diff --git a/dev-libs/openssl/openssl-1.1.1w.ebuild b/dev-libs/openssl/openssl-1.1.1w.ebuild
index d8ec15eef987..356594f41c67 100644
--- a/dev-libs/openssl/openssl-1.1.1w.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1w.ebuild
@@ -8,7 +8,7 @@ inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
 
 MY_P=${P/_/-}
 DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
+HOMEPAGE="https://openssl-library.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 S="${WORKDIR}/${MY_P}"

diff --git a/dev-libs/openssl/openssl-3.0.13-r2.ebuild b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
index 7419ab042851..c134dc8f5faf 100644
--- a/dev-libs/openssl/openssl-3.0.13-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
@@ -8,7 +8,7 @@ inherit edo flag-o-matic linux-info toolchain-funcs
 inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
 
 DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
+HOMEPAGE="https://openssl-library.org/"
 
 MY_P=${P/_/-}
 

diff --git a/dev-libs/openssl/openssl-3.0.14.ebuild b/dev-libs/openssl/openssl-3.0.14.ebuild
index 647c4ee7dbf9..2a3a9723b5e3 100644
--- a/dev-libs/openssl/openssl-3.0.14.ebuild
+++ b/dev-libs/openssl/openssl-3.0.14.ebuild
@@ -8,7 +8,7 @@ inherit edo flag-o-matic linux-info toolchain-funcs
 inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
 
 DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
+HOMEPAGE="https://openssl-library.org/"
 
 MY_P=${P/_/-}
 

diff --git a/dev-libs/openssl/openssl-3.1.5-r2.ebuild b/dev-libs/openssl/openssl-3.1.5-r2.ebuild
index 1c3b048b75a0..7bb70dbf74f3 100644
--- a/dev-libs/openssl/openssl-3.1.5-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.1.5-r2.ebuild
@@ -8,7 +8,7 @@ inherit edo flag-o-matic linux-info toolchain-funcs
 inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
 
 DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
+HOMEPAGE="https://openssl-library.org/"
 
 MY_P=${P/_/-}
 

diff --git a/dev-libs/openssl/openssl-3.1.6.ebuild b/dev-libs/openssl/openssl-3.1.6.ebuild
index a95bf0b407ff..5022ced54606 100644
--- a/dev-libs/openssl/openssl-3.1.6.ebuild
+++ b/dev-libs/openssl/openssl-3.1.6.ebuild
@@ -8,7 +8,7 @@ inherit edo flag-o-matic linux-info toolchain-funcs
 inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
 
 DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
+HOMEPAGE="https://openssl-library.org/"
 
 MY_P=${P/_/-}
 

diff --git a/dev-libs/openssl/openssl-3.2.1-r2.ebuild b/dev-libs/openssl/openssl-3.2.1-r2.ebuild
index fb480821f325..a9374f5f25de 100644
--- a/dev-libs/openssl/openssl-3.2.1-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.2.1-r2.ebuild
@@ -8,7 +8,7 @@ inherit edo flag-o-matic linux-info toolchain-funcs
 inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
 
 DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
+HOMEPAGE="https://openssl-library.org/"
 
 MY_P=${P/_/-}
 

diff --git a/dev-libs/openssl/openssl-3.2.2.ebuild b/dev-libs/openssl/openssl-3.2.2.ebuild
index e00a57886dc5..6e64b9892807 100644
--- a/dev-libs/openssl/openssl-3.2.2.ebuild
+++ b/dev-libs/openssl/openssl-3.2.2.ebuild
@@ -8,7 +8,7 @@ inherit edo flag-o-matic linux-info toolchain-funcs
 inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
 
 DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
+HOMEPAGE="https://openssl-library.org/"
 
 MY_P=${P/_/-}
 

diff --git a/dev-libs/openssl/openssl-3.3.0.ebuild b/dev-libs/openssl/openssl-3.3.0.ebuild
index 3c59077a40e6..1ec5e236d56b 100644
--- a/dev-libs/openssl/openssl-3.3.0.ebuild
+++ b/dev-libs/openssl/openssl-3.3.0.ebuild
@@ -8,7 +8,7 @@ inherit edo flag-o-matic linux-info toolchain-funcs
 inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
 
 DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
+HOMEPAGE="https://openssl-library.org/"
 
 MY_P=${P/_/-}
 

diff --git a/dev-libs/openssl/openssl-3.3.1-r1.ebuild b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
index 987be29a1fbc..973266bc9083 100644
--- a/dev-libs/openssl/openssl-3.3.1-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
@@ -8,7 +8,7 @@ inherit edo flag-o-matic linux-info toolchain-funcs
 inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
 
 DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
+HOMEPAGE="https://openssl-library.org/"
 
 MY_P=${P/_/-}
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Matt Jolly]

commit:     abd034c771fd0ed3f7b2125a5de483ff6767fad8
Author:     Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Thu Aug  1 14:32:01 2024 +0000
Commit:     Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Thu Aug  1 14:32:01 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abd034c7

dev-libs/openssl: enable USE=quic by default.

net-misc/curl enabled HTTP/3 (QUIC) by default in
00f5031e36ffde7784d10ded6f2c753c3a5513a5.

As OpenSSL is the default TLS backend for cURL in
Gentoo, is a well-maintained and tested package,
and cURL's multiple-tls backend support (MultiSSL)
is not currently supported with HTTP/3, it has been
selected as the default QUIC backend for cURL in Gentoo.

Enable USE="+quic" to simplify dependency resolution
for the majority of consumers.

Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1-r1.ebuild b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
index 23def1a53237..987be29a1fbc 100644
--- a/dev-libs/openssl/openssl-3.3.1-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
@@ -31,7 +31,7 @@ S="${WORKDIR}"/${MY_P}
 
 LICENSE="Apache-2.0"
 SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls quic rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+IUSE="+asm cpu_flags_x86_sse2 fips ktls +quic rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 
 COMMON_DEPEND="

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Fabian Groffen]

commit:     d2553625a9263e0442fd1f2fa8aa093bf18928a0
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Thu Aug  1 08:45:55 2024 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Thu Aug  1 08:46:01 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2553625

dev-libs/openssl3.3.1-r1: marked *-macos, x64-solaris

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1-r1.ebuild b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
index b91bebbeb911..23def1a53237 100644
--- a/dev-libs/openssl/openssl-3.3.1-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1-r1.ebuild
@@ -23,7 +23,7 @@ else
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~amd64 ~arm ~m68k ~mips ~s390 ~sparc ~x86"
+		KEYWORDS="~amd64 ~arm ~m68k ~mips ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 	fi
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     3a5ea68806911468aaa65b0c36aea65846fba2d7
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 23 19:15:04 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Tue Jul 23 19:15:04 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a5ea688

dev-libs/openssl: Keyword 3.3.1 s390, #936268

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1.ebuild b/dev-libs/openssl/openssl-3.3.1.ebuild
index 997be084362e..18c0067df4fc 100644
--- a/dev-libs/openssl/openssl-3.3.1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1.ebuild
@@ -23,7 +23,7 @@ else
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~amd64 ~arm ~m68k ~mips ~sparc ~x86"
+		KEYWORDS="~amd64 ~arm ~m68k ~mips ~s390 ~sparc ~x86"
 	fi
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[James Le Cuirot]

commit:     403e38ee8da174f59a673dfe0fdaac18d5bda911
Author:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 23 14:58:20 2024 +0000
Commit:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Tue Jul 23 15:01:55 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=403e38ee

dev-libs/openssl: Keyword 3.3.1 for ~m68k

The tests pass.

Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1.ebuild b/dev-libs/openssl/openssl-3.3.1.ebuild
index 68e7b43ac8fe..997be084362e 100644
--- a/dev-libs/openssl/openssl-3.3.1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1.ebuild
@@ -23,7 +23,7 @@ else
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~amd64 ~arm ~mips ~sparc ~x86"
+		KEYWORDS="~amd64 ~arm ~m68k ~mips ~sparc ~x86"
 	fi
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     5f47b477c6a3fab3b68bd300a888de8d6431eafc
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 22 18:37:33 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Mon Jul 22 18:37:33 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f47b477

dev-libs/openssl: Keyword 3.3.1 arm, #936268

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1.ebuild b/dev-libs/openssl/openssl-3.3.1.ebuild
index d348842d29b0..68e7b43ac8fe 100644
--- a/dev-libs/openssl/openssl-3.3.1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1.ebuild
@@ -23,7 +23,7 @@ else
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~amd64 ~mips ~sparc ~x86"
+		KEYWORDS="~amd64 ~arm ~mips ~sparc ~x86"
 	fi
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     14c00da3cdf84156820b121ae06860b9d5de8710
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 19 12:20:05 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Jul 19 12:20:05 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=14c00da3

dev-libs/openssl: Keyword 3.3.1 x86, #936268

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1.ebuild b/dev-libs/openssl/openssl-3.3.1.ebuild
index aebe75c541c9..bc558bb65a06 100644
--- a/dev-libs/openssl/openssl-3.3.1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1.ebuild
@@ -23,7 +23,7 @@ else
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~amd64 ~mips ~sparc"
+		KEYWORDS="~amd64 ~mips ~sparc ~x86"
 	fi
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     4cdd5fbc6e8b3afff7649c39b4853d75ef842963
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 19 11:12:28 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jul 19 11:12:28 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4cdd5fbc

dev-libs/openssl: Keyword 3.3.1 sparc, #936268

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1.ebuild b/dev-libs/openssl/openssl-3.3.1.ebuild
index b20cef568bf1..aebe75c541c9 100644
--- a/dev-libs/openssl/openssl-3.3.1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1.ebuild
@@ -23,7 +23,7 @@ else
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~amd64 ~mips"
+		KEYWORDS="~amd64 ~mips ~sparc"
 	fi
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     5c453930093d59df6b54765be06d0fc0274b9e43
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 19 11:12:27 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jul 19 11:12:27 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c453930

dev-libs/openssl: Keyword 3.3.1 mips, #936268

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.3.1.ebuild b/dev-libs/openssl/openssl-3.3.1.ebuild
index 57742961b14a..b20cef568bf1 100644
--- a/dev-libs/openssl/openssl-3.3.1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1.ebuild
@@ -23,7 +23,7 @@ else
 	"
 
 	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~amd64"
+		KEYWORDS="~amd64 ~mips"
 	fi
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     696bdc1a7ca824ba541c74df827676c750264372
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 19 06:28:58 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jul 19 06:28:58 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=696bdc1a

dev-libs/openssl: keyword 3.3.1 for ~amd64, adjust KEYWORDS line

Drop the commented out KEYWORDS line as nattka gets confused by it.

Bug: https://bugs.gentoo.org/936268
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.3.1.ebuild | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.3.1.ebuild b/dev-libs/openssl/openssl-3.3.1.ebuild
index 3c59077a40e6..57742961b14a 100644
--- a/dev-libs/openssl/openssl-3.3.1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1.ebuild
@@ -22,9 +22,9 @@ else
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
 	"
 
-	#if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-	#	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-	#fi
+	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
+		KEYWORDS="~amd64"
+	fi
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     75c2e3fac1c1571f2a6e4384aef3664c39f34a55
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Jul  1 18:49:58 2024 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Jul  1 18:53:27 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75c2e3fa

dev-libs/openssl: update SRC_URI

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2u-r1.ebuild | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2u-r1.ebuild b/dev-libs/openssl/openssl-1.0.2u-r1.ebuild
index a6de03448e18..c2abe15ce890 100644
--- a/dev-libs/openssl/openssl-1.0.2u-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2u-r1.ebuild
@@ -25,14 +25,10 @@ DESCRIPTION="full-strength general purpose cryptography library (including SSL a
 HOMEPAGE="https://www.openssl.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 	bindist? (
-		mirror://gentoo/${BINDIST_PATCH_SET}
-		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+		mirror://gentoo/bb/${BINDIST_PATCH_SET}
 	)
 	!vanilla? (
-		mirror://gentoo/${PATCH_SET}.tar.xz
 		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
 	)"
 
 LICENSE="openssl"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Matt Jolly]

commit:     fb6a75fdeced94887cb4e9ca73cfc71dcd874f88
Author:     Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 20 08:35:25 2024 +0000
Commit:     Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Sat Jun 29 06:52:22 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fb6a75fd

dev-libs/openssl: add USE `quic` to openssl

OpenSSL 3.2+ brings an initial RFC 9000 (QUIC)
implementation that is sufficient for use as a client
or for general experimentation and QUIC / HTTP/3
development.

While 3.2 is sufficient, the API exposed by 3.3 is
more mature; we'll only enable it from here so that
client applications (e.g. net-misc/curl) can be wired up
to test QUIC.

This passes tests upstream and is reported to work, but
Gentoo QUIC support is best described as 'developing';
hic sunt dracones.

Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>

 dev-libs/openssl/metadata.xml         | 1 +
 dev-libs/openssl/openssl-3.3.0.ebuild | 3 ++-
 dev-libs/openssl/openssl-3.3.1.ebuild | 3 ++-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml
index bbf8686ec6e9..a00bd02d7b09 100644
--- a/dev-libs/openssl/metadata.xml
+++ b/dev-libs/openssl/metadata.xml
@@ -9,6 +9,7 @@
 		<flag name="bindist">Disable/Restrict EC algorithms (as they seem to be patented) -- note: changes the ABI</flag>
 		<flag name="fips">Enable FIPS provider</flag>
 		<flag name="ktls">Enable support for Kernel implementation of TLS (kTLS)</flag>
+		<flag name="quic">Enable support for QUIC (RFC 9000); a UDP-based protocol intended to replace TCP</flag>
 		<flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
 		<flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag>
 		<flag name="sslv3">Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https</flag>

diff --git a/dev-libs/openssl/openssl-3.3.0.ebuild b/dev-libs/openssl/openssl-3.3.0.ebuild
index 97ec87920e44..3c59077a40e6 100644
--- a/dev-libs/openssl/openssl-3.3.0.ebuild
+++ b/dev-libs/openssl/openssl-3.3.0.ebuild
@@ -31,7 +31,7 @@ S="${WORKDIR}"/${MY_P}
 
 LICENSE="Apache-2.0"
 SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+IUSE="+asm cpu_flags_x86_sse2 fips ktls quic rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 
 COMMON_DEPEND="
@@ -198,6 +198,7 @@ multilib_src_configure() {
 		enable-mdc2
 		enable-rc5
 		$(use fips && echo "enable-fips")
+		$(use quic && echo "enable-quic")
 		$(use_ssl asm)
 		$(use_ssl ktls)
 		$(use_ssl rfc3779)

diff --git a/dev-libs/openssl/openssl-3.3.1.ebuild b/dev-libs/openssl/openssl-3.3.1.ebuild
index 97ec87920e44..3c59077a40e6 100644
--- a/dev-libs/openssl/openssl-3.3.1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.1.ebuild
@@ -31,7 +31,7 @@ S="${WORKDIR}"/${MY_P}
 
 LICENSE="Apache-2.0"
 SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+IUSE="+asm cpu_flags_x86_sse2 fips ktls quic rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 
 COMMON_DEPEND="
@@ -198,6 +198,7 @@ multilib_src_configure() {
 		enable-mdc2
 		enable-rc5
 		$(use fips && echo "enable-fips")
+		$(use quic && echo "enable-quic")
 		$(use_ssl asm)
 		$(use_ssl ktls)
 		$(use_ssl rfc3779)

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     b6aeb3b832426e11db49150f9bdd9c4f72b6cdbb
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 12 04:58:04 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 12 04:58:15 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6aeb3b8

dev-libs/openssl: add 3.3.1

Bug: https://bugs.gentoo.org/932317
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.3.1.ebuild | 300 ++++++++++++++++++++++++++++++++++
 2 files changed, 302 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index c00f3cf0c4ee..143561033212 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -17,3 +17,5 @@ DIST openssl-3.2.2.tar.gz 17744472 BLAKE2B f42d44f31dc9ccf26ffe1fdd4a0119506a211
 DIST openssl-3.2.2.tar.gz.asc 833 BLAKE2B 09ef1766e771e1d7aac675a09bd9588ee9d76a1fe39794826fd5d9057ae41366a7e92fe81a40bc2fe19a309be612687d8ff760da3f3c44115e3b21b0342b5f46 SHA512 7a798e9c02d25510f4ec49b8956ebf4288760e1272bf327f36b253045ab2f50ac8042071f78984d1b463f07aa2b027f26ad2fbc31deacaac5658fc35437ddc66
 DIST openssl-3.3.0.tar.gz 18038030 BLAKE2B c68efaf8aca87961f396e305acc767b56d651b9adf4fd2c9d9b5a3266e35da4b856c6ed34be47d656c782aade975f20317a6759913b33d29d7eb088e638fa501 SHA512 1f9daeee6542e1b831c65f1f87befaef98ccedc3abc958c9d17f064ef771924c30849e3ff880f94eed4aaa9d81ea105e3bc8815e6d2e4d6b60b5e890f14fc5da
 DIST openssl-3.3.0.tar.gz.asc 833 BLAKE2B 207b9fd53de6f57fe24d6a6e5e9f735b7649258bb2873b6c1e29b7d2689c9a75774dbf09392be40f8a8ab240e4e6c745e2864155e8b0f2f3f5ca3b45051e869a SHA512 8750daa607e6bfd2326a4d4f04c9c04608d9fa852fc1515acf1fcf3d1ad33b8ba8435d9ef1ac3a032fecd09aa90446c53996045506bcfbddb7544bb61b26af24
+DIST openssl-3.3.1.tar.gz 18055752 BLAKE2B b09bbe94f49c33015fbcee5f578a20c0da33c289791bf33292170d5d3de44ea2e22144ee11067947aef2733e979c0fded875a4ec92d81468285837053447e68e SHA512 d3682a5ae0721748c6b9ec2f1b74d2b1ba61ee6e4c0d42387b5037a56ef34312833b6abb522d19400b45d807dd65cc834156f5e891cb07fbaf69fcf67e1c595d
+DIST openssl-3.3.1.tar.gz.asc 833 BLAKE2B e22c068dfcd0205f1cd27f965b76dcaf59bed61181523f198e40d61a4867b20a7636c853c427497559362a92766f430807f02b693821ac38daaa898946f2dba2 SHA512 ae2db74829b71a68e1fc86229396d76f60a9a98e6bba9adc62bdcf2581b60fb0e29ecde2b53a5686c452e754801568e05d3c4f47e8faf02219ac1aae78283338

diff --git a/dev-libs/openssl/openssl-3.3.1.ebuild b/dev-libs/openssl/openssl-3.3.1.ebuild
new file mode 100644
index 000000000000..97ec87920e44
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.3.1.ebuild
@@ -0,0 +1,300 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="
+		mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+	"
+
+	#if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
+	#	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	#fi
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	!<net-misc/openssh-9.2_p1-r3
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		app-alternatives/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20240424 )
+"
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+PATCHES=(
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile || die
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308 -- check inserts GNU ld-compatible arguments
+	[[ ${CHOST} == *-darwin* ]] || append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(multilib_is_native_abi || echo "no-docs")
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+}
+
+multilib_src_test() {
+	# See https://github.com/openssl/openssl/blob/master/test/README.md for options.
+	#
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	#
+	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
+	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
+	# controls running the tests.
+	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     d599c0c43be0a01695f429fd40375108621c7f59
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 12 04:45:36 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 12 04:45:36 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d599c0c4

dev-libs/openssl: add 3.2.2

Bug: https://bugs.gentoo.org/932317
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.2.2.ebuild | 300 ++++++++++++++++++++++++++++++++++
 2 files changed, 302 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 62816b2a0cb4..c00f3cf0c4ee 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -13,5 +13,7 @@ DIST openssl-3.1.6.tar.gz 15672690 BLAKE2B 70112a7ece66bb6faf1a262c503c1df08924b
 DIST openssl-3.1.6.tar.gz.asc 833 BLAKE2B 24fbb26ccf60ede99b9ea6ef6a2a8f1ae89c7881c21eafafeae7a498332dbaf7e52c94b2c52247e34511cc4bd204e71a68aa1a6dab133376e1f15bf676ef58be SHA512 ef3ca59527ca7b00430c251df399ea2cbe47ef0deebf4158250baac8e575ea26582756228f12dd0f7009b55199b0134e77ec47ade9835f1785c74703aa84987e
 DIST openssl-3.2.1.tar.gz 17733249 BLAKE2B 960222e0305166160e5ab000e29650b92063bf726551ee9ad46060166d99738d1e3a5b86fd28b14c8f4fb3a72f5aa70850defb87c02990acff3dbcbdac40b347 SHA512 bab2b2419319f1feffaba4692f03edbf13b44d1090c6e075a2d69dad67a2d51e64e6edbf83456a26c83900a726d20d2c4ee4ead9c94b322fd0b536f3b5a863c4
 DIST openssl-3.2.1.tar.gz.asc 833 BLAKE2B a1d25fe30bf1804d13a8b6b98edf56be5bf744d9e2706f4169455c24efe2e3a361487d00d0d4bac240c3f0170693d77a39dd0d4ee5c792d2247aa00c47e74ebf SHA512 de39516c7b77612f33cdc830a8d13ef6bcd91c03d24a6ed105480f140f9e1ad7049844e234c96a516d62e0e33ce90442ffd0f309ea674884c735f04d8562f372
+DIST openssl-3.2.2.tar.gz 17744472 BLAKE2B f42d44f31dc9ccf26ffe1fdd4a0119506a211808f92e860a34118109eae2ee7bcb5b0f43cbdf9eb811cd185cb53e092e62d652f7c0c0ce55b13289f7489073c9 SHA512 ebc945065f62a8a2ea4e2f136a2afaea4d38a03bb07a148f7fb73c34a64475a4069de122ebee11a66e421dbd58756ad7ab2d3f905dc90acee72d62757d8c0a2d
+DIST openssl-3.2.2.tar.gz.asc 833 BLAKE2B 09ef1766e771e1d7aac675a09bd9588ee9d76a1fe39794826fd5d9057ae41366a7e92fe81a40bc2fe19a309be612687d8ff760da3f3c44115e3b21b0342b5f46 SHA512 7a798e9c02d25510f4ec49b8956ebf4288760e1272bf327f36b253045ab2f50ac8042071f78984d1b463f07aa2b027f26ad2fbc31deacaac5658fc35437ddc66
 DIST openssl-3.3.0.tar.gz 18038030 BLAKE2B c68efaf8aca87961f396e305acc767b56d651b9adf4fd2c9d9b5a3266e35da4b856c6ed34be47d656c782aade975f20317a6759913b33d29d7eb088e638fa501 SHA512 1f9daeee6542e1b831c65f1f87befaef98ccedc3abc958c9d17f064ef771924c30849e3ff880f94eed4aaa9d81ea105e3bc8815e6d2e4d6b60b5e890f14fc5da
 DIST openssl-3.3.0.tar.gz.asc 833 BLAKE2B 207b9fd53de6f57fe24d6a6e5e9f735b7649258bb2873b6c1e29b7d2689c9a75774dbf09392be40f8a8ab240e4e6c745e2864155e8b0f2f3f5ca3b45051e869a SHA512 8750daa607e6bfd2326a4d4f04c9c04608d9fa852fc1515acf1fcf3d1ad33b8ba8435d9ef1ac3a032fecd09aa90446c53996045506bcfbddb7544bb61b26af24

diff --git a/dev-libs/openssl/openssl-3.2.2.ebuild b/dev-libs/openssl/openssl-3.2.2.ebuild
new file mode 100644
index 000000000000..e00a57886dc5
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.2.2.ebuild
@@ -0,0 +1,300 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="
+		mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+	"
+
+	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	fi
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	!<net-misc/openssh-9.2_p1-r3
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		app-alternatives/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308 -- check inserts GNU ld-compatible arguments
+	[[ ${CHOST} == *-darwin* ]] || append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# See https://github.com/openssl/openssl/blob/master/test/README.md for options.
+	#
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	#
+	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
+	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
+	# controls running the tests.
+	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     f4f81231fd772c67304f0064b9ed43c76f5934b8
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 12 04:35:21 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 12 04:35:21 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4f81231

dev-libs/openssl: add 3.1.6

Bug: https://bugs.gentoo.org/932317
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.1.6.ebuild | 281 ++++++++++++++++++++++++++++++++++
 2 files changed, 283 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 21967b1c43c1..62816b2a0cb4 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -9,6 +9,8 @@ DIST openssl-3.0.14.tar.gz 15305497 BLAKE2B 7426aea63d5495775c4a0440658cc9c46c4a
 DIST openssl-3.0.14.tar.gz.asc 833 BLAKE2B 8a700452f6f698fbfa206469888fd72706f1798be212e712fd8a4c1ae87f0d98d54820974c64a3db3b5ac69d7beda665f462e83182337391212c0e72e1feb72e SHA512 003d17a2b71176517f5bfba6699c18b271111e5fec3effc275b965286140d1281fa6f5f5e6bcf63feca89dfa035ab776bda8d2af4b71ae921ca9e7a936581fb4
 DIST openssl-3.1.5.tar.gz 15663524 BLAKE2B a12eb88b0a4f2d927123e0d3ca7d2f80f2bdc867c710d24700fe39b631b93d90c73c3deceff151a9fa818ac88026eb798f3253f22d03c839ab9574086fa61eee SHA512 82e2ac6b3d9b03f8fc66d2ec421246e989eb702eb94586515abfb5afb5300391a0beedf6a2602f61ac10896b41e5608feeeeb4d37714fa17ac0f2ce465249fa9
 DIST openssl-3.1.5.tar.gz.asc 833 BLAKE2B 633502ec0a87074136d7ea42d9ac5f3df53523560d2a97410b5b57d28d916336da95ab5521c10f94202e3a0995331f0e17bdcf8843135634a5d5a95cfafc7b21 SHA512 48187bb8a7bdbd8b76fdcca736d2b03e2a89330b304eefb4e9620f570c741c60f2023307d8619ba1fa101a99223f94895e7be57ced6547a4fb06bd4c3677533a
+DIST openssl-3.1.6.tar.gz 15672690 BLAKE2B 70112a7ece66bb6faf1a262c503c1df08924b8c1b9b08a1395856f903b1d1b4a38956b485e83415c29fafbf990ae8aced9b2fb0a2af84863b5c0a2a6581282cf SHA512 18ca07ee6a98d5fe46accfa0156e0354ad770d78bbbbe8e4bb92b316a0e4404f17a34eb700f17ed355d826a4b2166894aa46d8dd81fedbcb16aa1aad0926a390
+DIST openssl-3.1.6.tar.gz.asc 833 BLAKE2B 24fbb26ccf60ede99b9ea6ef6a2a8f1ae89c7881c21eafafeae7a498332dbaf7e52c94b2c52247e34511cc4bd204e71a68aa1a6dab133376e1f15bf676ef58be SHA512 ef3ca59527ca7b00430c251df399ea2cbe47ef0deebf4158250baac8e575ea26582756228f12dd0f7009b55199b0134e77ec47ade9835f1785c74703aa84987e
 DIST openssl-3.2.1.tar.gz 17733249 BLAKE2B 960222e0305166160e5ab000e29650b92063bf726551ee9ad46060166d99738d1e3a5b86fd28b14c8f4fb3a72f5aa70850defb87c02990acff3dbcbdac40b347 SHA512 bab2b2419319f1feffaba4692f03edbf13b44d1090c6e075a2d69dad67a2d51e64e6edbf83456a26c83900a726d20d2c4ee4ead9c94b322fd0b536f3b5a863c4
 DIST openssl-3.2.1.tar.gz.asc 833 BLAKE2B a1d25fe30bf1804d13a8b6b98edf56be5bf744d9e2706f4169455c24efe2e3a361487d00d0d4bac240c3f0170693d77a39dd0d4ee5c792d2247aa00c47e74ebf SHA512 de39516c7b77612f33cdc830a8d13ef6bcd91c03d24a6ed105480f140f9e1ad7049844e234c96a516d62e0e33ce90442ffd0f309ea674884c735f04d8562f372
 DIST openssl-3.3.0.tar.gz 18038030 BLAKE2B c68efaf8aca87961f396e305acc767b56d651b9adf4fd2c9d9b5a3266e35da4b856c6ed34be47d656c782aade975f20317a6759913b33d29d7eb088e638fa501 SHA512 1f9daeee6542e1b831c65f1f87befaef98ccedc3abc958c9d17f064ef771924c30849e3ff880f94eed4aaa9d81ea105e3bc8815e6d2e4d6b60b5e890f14fc5da

diff --git a/dev-libs/openssl/openssl-3.1.6.ebuild b/dev-libs/openssl/openssl-3.1.6.ebuild
new file mode 100644
index 000000000000..a95bf0b407ff
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.1.6.ebuild
@@ -0,0 +1,281 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="
+		mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+	"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	!<net-misc/openssh-9.2_p1-r3
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		app-alternatives/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     a1a16fb0a5bf7b503513b17129f3d4ef5ee8e715
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 12 04:28:13 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 12 04:28:13 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1a16fb0

dev-libs/openssl: add 3.0.14

Bug: https://bugs.gentoo.org/932317
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-3.0.14.ebuild | 278 +++++++++++++++++++++++++++++++++
 2 files changed, 280 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index b49215f484a5..21967b1c43c1 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -5,6 +5,8 @@ DIST openssl-1.1.1w.tar.gz 9893384 BLAKE2B 2fdba6ca0188928ab2f74e606136afca66cfa
 DIST openssl-1.1.1w.tar.gz.asc 833 BLAKE2B d990be69ed913509d52b78e7473668429d4485adb29ef03e4612dd0cadbac4f04c7289d8e5baf6f397bcedeaac9f802f18fc719964d882ae0514ed1ca16ae277 SHA512 0f3d7aa48b1cabf8dd43e8108aeed10a4dffb4f5a244d4da9c86ea358b0c8b90c46da561d21e01c567c2f5035d824ed82ec104aad1776b7f33a1be85990e98ef
 DIST openssl-3.0.13.tar.gz 15294843 BLAKE2B 869aa5f70a8c1d0cac6027e9261530df70ab5a8b448c785f5f8ff3f206e742c5364424132d0e109a6449af9b4082c4c179c7103dccb16a4539f776ca834c8ccc SHA512 22f4096781f0b075f5bf81bd39a0f97e111760dfa73b6f858f6bb54968a7847944d74969ae10f9a51cc21a2f4af20d9a4c463649dc824f5e439e196d6764c4f9
 DIST openssl-3.0.13.tar.gz.asc 833 BLAKE2B 519515b6faa505d68ff9acc30db9515fac494145086fa5ad9561c39385a6fabb39ad9de10fedd49c8fc716ec59ea1b13ec5e6b466e549ea9f29b8d0bb74ba7b3 SHA512 c52d97c93d16f3ca2a7026fb25890482b6d86c37b5ab686c56b0e08522743ec4ea3f84afa4deb64b0df0d9a16b557430c4d4139ab42ffcf97d769b61d1e6197c
+DIST openssl-3.0.14.tar.gz 15305497 BLAKE2B 7426aea63d5495775c4a0440658cc9c46c4aa31c31473cd5519c2b1ca158e122634e0bbc275237d3eb124fc8bed3d58808d8ac1d228f24f7281d2630ff7813e0 SHA512 1c59c01e60da902a20780d71f1fa5055d4037f38c4bc3fb27ed5b91f211b36a6018055409441ad4df58b5e9232b2528240d02067272c3c9ccb8c221449ca9ac0
+DIST openssl-3.0.14.tar.gz.asc 833 BLAKE2B 8a700452f6f698fbfa206469888fd72706f1798be212e712fd8a4c1ae87f0d98d54820974c64a3db3b5ac69d7beda665f462e83182337391212c0e72e1feb72e SHA512 003d17a2b71176517f5bfba6699c18b271111e5fec3effc275b965286140d1281fa6f5f5e6bcf63feca89dfa035ab776bda8d2af4b71ae921ca9e7a936581fb4
 DIST openssl-3.1.5.tar.gz 15663524 BLAKE2B a12eb88b0a4f2d927123e0d3ca7d2f80f2bdc867c710d24700fe39b631b93d90c73c3deceff151a9fa818ac88026eb798f3253f22d03c839ab9574086fa61eee SHA512 82e2ac6b3d9b03f8fc66d2ec421246e989eb702eb94586515abfb5afb5300391a0beedf6a2602f61ac10896b41e5608feeeeb4d37714fa17ac0f2ce465249fa9
 DIST openssl-3.1.5.tar.gz.asc 833 BLAKE2B 633502ec0a87074136d7ea42d9ac5f3df53523560d2a97410b5b57d28d916336da95ab5521c10f94202e3a0995331f0e17bdcf8843135634a5d5a95cfafc7b21 SHA512 48187bb8a7bdbd8b76fdcca736d2b03e2a89330b304eefb4e9620f570c741c60f2023307d8619ba1fa101a99223f94895e7be57ced6547a4fb06bd4c3677533a
 DIST openssl-3.2.1.tar.gz 17733249 BLAKE2B 960222e0305166160e5ab000e29650b92063bf726551ee9ad46060166d99738d1e3a5b86fd28b14c8f4fb3a72f5aa70850defb87c02990acff3dbcbdac40b347 SHA512 bab2b2419319f1feffaba4692f03edbf13b44d1090c6e075a2d69dad67a2d51e64e6edbf83456a26c83900a726d20d2c4ee4ead9c94b322fd0b536f3b5a863c4

diff --git a/dev-libs/openssl/openssl-3.0.14.ebuild b/dev-libs/openssl/openssl-3.0.14.ebuild
new file mode 100644
index 000000000000..647c4ee7dbf9
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.14.ebuild
@@ -0,0 +1,278 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		app-alternatives/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile || die
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     cdd466d15a84aa5779f8d4189f9fb73f37af9ccf
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri May 31 23:57:23 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri May 31 23:57:35 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cdd466d1

dev-libs/openssl: drop 3.1.5-r1, 3.2.1-r1

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.1.5-r1.ebuild | 285 ----------------------------
 dev-libs/openssl/openssl-3.2.1-r1.ebuild | 306 -------------------------------
 2 files changed, 591 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.1.5-r1.ebuild b/dev-libs/openssl/openssl-3.1.5-r1.ebuild
deleted file mode 100644
index 23a3463ec688..000000000000
--- a/dev-libs/openssl/openssl-3.1.5-r1.ebuild
+++ /dev/null
@@ -1,285 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${P}-p11-segfault.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

diff --git a/dev-libs/openssl/openssl-3.2.1-r1.ebuild b/dev-libs/openssl/openssl-3.2.1-r1.ebuild
deleted file mode 100644
index ee2e112cd6f0..000000000000
--- a/dev-libs/openssl/openssl-3.2.1-r1.ebuild
+++ /dev/null
@@ -1,306 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-
-	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-	fi
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${P}-p11-segfault.patch
-	# bug 923956 (drop on next version bump)
-	"${FILESDIR}"/${P}-riscv.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308 -- check inserts GNU ld-compatible arguments
-	[[ ${CHOST} == *-darwin* ]] || append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# See https://github.com/openssl/openssl/blob/master/test/README.md for options.
-	#
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	#
-	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
-	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
-	# controls running the tests.
-	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     794226755044b4ba9593367a1c99d5746eb23305
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri May 31 23:56:57 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri May 31 23:57:34 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=79422675

dev-libs/openssl: drop 3.0.11, 3.0.12, 3.0.13, 3.0.13-r1

Bug: https://bugs.gentoo.org/930047
Bug: https://bugs.gentoo.org/921684
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest                 |   4 -
 dev-libs/openssl/openssl-3.0.11.ebuild    | 288 ------------------------------
 dev-libs/openssl/openssl-3.0.12.ebuild    | 288 ------------------------------
 dev-libs/openssl/openssl-3.0.13-r1.ebuild | 282 -----------------------------
 dev-libs/openssl/openssl-3.0.13.ebuild    | 278 ----------------------------
 5 files changed, 1140 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index eeae374ea4b7..b49215f484a5 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -3,10 +3,6 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1w.tar.gz 9893384 BLAKE2B 2fdba6ca0188928ab2f74e606136afca66cfa0467170fa6298ef160b64ac6fdcad1e81e5dd14013ce0e9921d0f7417edec531cd0beaf1196fec704c2c6d48395 SHA512 b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d
 DIST openssl-1.1.1w.tar.gz.asc 833 BLAKE2B d990be69ed913509d52b78e7473668429d4485adb29ef03e4612dd0cadbac4f04c7289d8e5baf6f397bcedeaac9f802f18fc719964d882ae0514ed1ca16ae277 SHA512 0f3d7aa48b1cabf8dd43e8108aeed10a4dffb4f5a244d4da9c86ea358b0c8b90c46da561d21e01c567c2f5035d824ed82ec104aad1776b7f33a1be85990e98ef
-DIST openssl-3.0.11.tar.gz 15198318 BLAKE2B e522573aa72c8f6ffef82f20de36178fc6f97a8fee8443df4bf1bd9a6448b315742e9cb698717c1b7d9a91d0768d7ce08d55956ddc415b9dc6cb33fe3a98131b SHA512 393e7262cce0e7980d1cbba861291c8791f6c2a290e9867895c4310ab6e16b449067d8b780ae6081dc8d42529a4f32d545c66e8b1e69d301281d92f1882c85b7
-DIST openssl-3.0.11.tar.gz.asc 833 BLAKE2B e6e2636d5bb5fffb86833e64437fb440bbfd1c4e2bfbfdd72280cf1ce388b70d30eeea56ef6f3bb673e7dcd12020d993ef95f96bf099ded38e8cde4b549b38fa SHA512 3c1fe94fc46861870d99d1edcfe3c151272f7864dde36b66e87a0c79d2289e9ed5cfc48bfa65ba0e88eadcb3cc8307d702e01155f48af8ffc2d4f8fbbf3aa03c
-DIST openssl-3.0.12.tar.gz 15204575 BLAKE2B 1f00e33a5ed64a51cf28f0dbe7d53a9197c1edae7538dea9573394ee4dc03a885483d74b0b47a78b9067e87b4f420b9d7103f351bfec91710c168051cb7148df SHA512 63e003653dd1126c66e278969a626cdf0801b97da8b7076824d661e4a77e1572c3171cf7f006c972b95bcfa284889ee0362d8a46a851f7d8e743e2a1fe593b24
-DIST openssl-3.0.12.tar.gz.asc 833 BLAKE2B 5c7914e0449a1f2fad433544fa637263b237c2637b86960f904a7840ef6bd627728dfa45373e03a6ce7a0a4570d03e1dcd0188059bd5dbcc83d49d10be64dd39 SHA512 072d1572e6cc5240fed69c01b1f7f74958ceba33cec3b0a7f0db5929dc884381320fb737ec6b38f95ef81c855e2d382d7ecd19431a328b08efad70288ec4a964
 DIST openssl-3.0.13.tar.gz 15294843 BLAKE2B 869aa5f70a8c1d0cac6027e9261530df70ab5a8b448c785f5f8ff3f206e742c5364424132d0e109a6449af9b4082c4c179c7103dccb16a4539f776ca834c8ccc SHA512 22f4096781f0b075f5bf81bd39a0f97e111760dfa73b6f858f6bb54968a7847944d74969ae10f9a51cc21a2f4af20d9a4c463649dc824f5e439e196d6764c4f9
 DIST openssl-3.0.13.tar.gz.asc 833 BLAKE2B 519515b6faa505d68ff9acc30db9515fac494145086fa5ad9561c39385a6fabb39ad9de10fedd49c8fc716ec59ea1b13ec5e6b466e549ea9f29b8d0bb74ba7b3 SHA512 c52d97c93d16f3ca2a7026fb25890482b6d86c37b5ab686c56b0e08522743ec4ea3f84afa4deb64b0df0d9a16b557430c4d4139ab42ffcf97d769b61d1e6197c
 DIST openssl-3.1.5.tar.gz 15663524 BLAKE2B a12eb88b0a4f2d927123e0d3ca7d2f80f2bdc867c710d24700fe39b631b93d90c73c3deceff151a9fa818ac88026eb798f3253f22d03c839ab9574086fa61eee SHA512 82e2ac6b3d9b03f8fc66d2ec421246e989eb702eb94586515abfb5afb5300391a0beedf6a2602f61ac10896b41e5608feeeeb4d37714fa17ac0f2ce465249fa9

diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
deleted file mode 100644
index 9437bff8e937..000000000000
--- a/dev-libs/openssl/openssl-3.0.11.ebuild
+++ /dev/null
@@ -1,288 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

diff --git a/dev-libs/openssl/openssl-3.0.12.ebuild b/dev-libs/openssl/openssl-3.0.12.ebuild
deleted file mode 100644
index 9437bff8e937..000000000000
--- a/dev-libs/openssl/openssl-3.0.12.ebuild
+++ /dev/null
@@ -1,288 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

diff --git a/dev-libs/openssl/openssl-3.0.13-r1.ebuild b/dev-libs/openssl/openssl-3.0.13-r1.ebuild
deleted file mode 100644
index 4241ad7f72ed..000000000000
--- a/dev-libs/openssl/openssl-3.0.13-r1.ebuild
+++ /dev/null
@@ -1,282 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-3.0.13-CVE-2024-2511.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile || die
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

diff --git a/dev-libs/openssl/openssl-3.0.13.ebuild b/dev-libs/openssl/openssl-3.0.13.ebuild
deleted file mode 100644
index a709a5ecde4a..000000000000
--- a/dev-libs/openssl/openssl-3.0.13.ebuild
+++ /dev/null
@@ -1,278 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile || die
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     099d95e831425ffe0c7b7d4b84ec4de3730ed750
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 25 16:35:19 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Apr 25 16:35:19 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=099d95e8

dev-libs/openssl: Stabilize 3.0.13-r2 arm64, #930057

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.13-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.13-r2.ebuild b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
index b9bc73b86cdc..7419ab042851 100644
--- a/dev-libs/openssl/openssl-3.0.13-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     af691d2c0d081bb3489891eca90ecd3807ffd3cf
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 25 16:35:16 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Apr 25 16:35:16 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af691d2c

dev-libs/openssl: Stabilize 3.0.13-r2 arm, #930057

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.13-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.13-r2.ebuild b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
index 19b6318ef26d..b9bc73b86cdc 100644
--- a/dev-libs/openssl/openssl-3.0.13-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     57d3be48b92faa6351bca929db3ec96bc0259efc
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Wed Apr 24 13:53:48 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 24 15:02:04 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=57d3be48

dev-libs/openssl: stable 3.0.13-r2 for hppa/sparc, bug #930057

Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.13-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.13-r2.ebuild b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
index f24d736cb85c..19b6318ef26d 100644
--- a/dev-libs/openssl/openssl-3.0.13-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     fed82a3c5971cd1b818788754a63436d1466dadb
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 24 10:56:30 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 24 10:57:04 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fed82a3c

dev-libs/openssl: add 3.3.0 (unkeyworded)

Initially unkeyworded for testing.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.3.0.ebuild | 300 ++++++++++++++++++++++++++++++++++
 2 files changed, 302 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 8738e9282251..eeae374ea4b7 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -13,3 +13,5 @@ DIST openssl-3.1.5.tar.gz 15663524 BLAKE2B a12eb88b0a4f2d927123e0d3ca7d2f80f2bdc
 DIST openssl-3.1.5.tar.gz.asc 833 BLAKE2B 633502ec0a87074136d7ea42d9ac5f3df53523560d2a97410b5b57d28d916336da95ab5521c10f94202e3a0995331f0e17bdcf8843135634a5d5a95cfafc7b21 SHA512 48187bb8a7bdbd8b76fdcca736d2b03e2a89330b304eefb4e9620f570c741c60f2023307d8619ba1fa101a99223f94895e7be57ced6547a4fb06bd4c3677533a
 DIST openssl-3.2.1.tar.gz 17733249 BLAKE2B 960222e0305166160e5ab000e29650b92063bf726551ee9ad46060166d99738d1e3a5b86fd28b14c8f4fb3a72f5aa70850defb87c02990acff3dbcbdac40b347 SHA512 bab2b2419319f1feffaba4692f03edbf13b44d1090c6e075a2d69dad67a2d51e64e6edbf83456a26c83900a726d20d2c4ee4ead9c94b322fd0b536f3b5a863c4
 DIST openssl-3.2.1.tar.gz.asc 833 BLAKE2B a1d25fe30bf1804d13a8b6b98edf56be5bf744d9e2706f4169455c24efe2e3a361487d00d0d4bac240c3f0170693d77a39dd0d4ee5c792d2247aa00c47e74ebf SHA512 de39516c7b77612f33cdc830a8d13ef6bcd91c03d24a6ed105480f140f9e1ad7049844e234c96a516d62e0e33ce90442ffd0f309ea674884c735f04d8562f372
+DIST openssl-3.3.0.tar.gz 18038030 BLAKE2B c68efaf8aca87961f396e305acc767b56d651b9adf4fd2c9d9b5a3266e35da4b856c6ed34be47d656c782aade975f20317a6759913b33d29d7eb088e638fa501 SHA512 1f9daeee6542e1b831c65f1f87befaef98ccedc3abc958c9d17f064ef771924c30849e3ff880f94eed4aaa9d81ea105e3bc8815e6d2e4d6b60b5e890f14fc5da
+DIST openssl-3.3.0.tar.gz.asc 833 BLAKE2B 207b9fd53de6f57fe24d6a6e5e9f735b7649258bb2873b6c1e29b7d2689c9a75774dbf09392be40f8a8ab240e4e6c745e2864155e8b0f2f3f5ca3b45051e869a SHA512 8750daa607e6bfd2326a4d4f04c9c04608d9fa852fc1515acf1fcf3d1ad33b8ba8435d9ef1ac3a032fecd09aa90446c53996045506bcfbddb7544bb61b26af24

diff --git a/dev-libs/openssl/openssl-3.3.0.ebuild b/dev-libs/openssl/openssl-3.3.0.ebuild
new file mode 100644
index 000000000000..97ec87920e44
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.3.0.ebuild
@@ -0,0 +1,300 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="
+		mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+	"
+
+	#if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
+	#	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	#fi
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	!<net-misc/openssh-9.2_p1-r3
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		app-alternatives/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20240424 )
+"
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+PATCHES=(
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile || die
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308 -- check inserts GNU ld-compatible arguments
+	[[ ${CHOST} == *-darwin* ]] || append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(multilib_is_native_abi || echo "no-docs")
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+}
+
+multilib_src_test() {
+	# See https://github.com/openssl/openssl/blob/master/test/README.md for options.
+	#
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	#
+	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
+	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
+	# controls running the tests.
+	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     71fb8e9cf51616add45f475a45ab27e2260be8e8
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 17 21:59:27 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 17 21:59:27 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71fb8e9c

dev-libs/openssl: Stabilize 3.0.13-r2 amd64, #930057

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.13-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.13-r2.ebuild b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
index 3482f4e2beed..f24d736cb85c 100644
--- a/dev-libs/openssl/openssl-3.0.13-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     d140b3e4c87d0652f8baa5db732dfde03329ee5f
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 17 06:53:35 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 17 06:53:35 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d140b3e4

dev-libs/openssl: Stabilize 3.0.13-r2 x86, #930057

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.13-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.13-r2.ebuild b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
index 1be1d378801e..3482f4e2beed 100644
--- a/dev-libs/openssl/openssl-3.0.13-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     1f15cbc815819c09d6b8899bc251bc2ea52ae344
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 15 21:09:12 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Apr 15 21:09:12 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f15cbc8

dev-libs/openssl: Stabilize 3.0.13-r2 ppc64, #930057

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.13-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.13-r2.ebuild b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
index 3743359d3e0d..d40b80acec0d 100644
--- a/dev-libs/openssl/openssl-3.0.13-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     e1295a31c2314db1d5a20661aeb37169eedecf4d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 15 21:09:13 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Apr 15 21:09:13 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1295a31

dev-libs/openssl: Stabilize 3.0.13-r2 ppc, #930057

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.13-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.13-r2.ebuild b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
index d40b80acec0d..1be1d378801e 100644
--- a/dev-libs/openssl/openssl-3.0.13-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13-r2.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     bcffaee347c61777b107478b2c68870cf8d0f971
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 15 08:01:49 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Apr 15 08:01:57 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcffaee3

Revert "dev-libs/openssl: drop 3.0.11, 3.0.12"

This reverts commit e12d688bad84974c006a738809fcbed4538de9d2.

Mess with libp11.

Bug: https://bugs.gentoo.org/921684
Bug: https://bugs.gentoo.org/914526
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   4 +
 dev-libs/openssl/openssl-3.0.11.ebuild | 288 +++++++++++++++++++++++++++++++++
 dev-libs/openssl/openssl-3.0.12.ebuild | 288 +++++++++++++++++++++++++++++++++
 3 files changed, 580 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index cdf575d0eb24..8738e9282251 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -3,6 +3,10 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1w.tar.gz 9893384 BLAKE2B 2fdba6ca0188928ab2f74e606136afca66cfa0467170fa6298ef160b64ac6fdcad1e81e5dd14013ce0e9921d0f7417edec531cd0beaf1196fec704c2c6d48395 SHA512 b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d
 DIST openssl-1.1.1w.tar.gz.asc 833 BLAKE2B d990be69ed913509d52b78e7473668429d4485adb29ef03e4612dd0cadbac4f04c7289d8e5baf6f397bcedeaac9f802f18fc719964d882ae0514ed1ca16ae277 SHA512 0f3d7aa48b1cabf8dd43e8108aeed10a4dffb4f5a244d4da9c86ea358b0c8b90c46da561d21e01c567c2f5035d824ed82ec104aad1776b7f33a1be85990e98ef
+DIST openssl-3.0.11.tar.gz 15198318 BLAKE2B e522573aa72c8f6ffef82f20de36178fc6f97a8fee8443df4bf1bd9a6448b315742e9cb698717c1b7d9a91d0768d7ce08d55956ddc415b9dc6cb33fe3a98131b SHA512 393e7262cce0e7980d1cbba861291c8791f6c2a290e9867895c4310ab6e16b449067d8b780ae6081dc8d42529a4f32d545c66e8b1e69d301281d92f1882c85b7
+DIST openssl-3.0.11.tar.gz.asc 833 BLAKE2B e6e2636d5bb5fffb86833e64437fb440bbfd1c4e2bfbfdd72280cf1ce388b70d30eeea56ef6f3bb673e7dcd12020d993ef95f96bf099ded38e8cde4b549b38fa SHA512 3c1fe94fc46861870d99d1edcfe3c151272f7864dde36b66e87a0c79d2289e9ed5cfc48bfa65ba0e88eadcb3cc8307d702e01155f48af8ffc2d4f8fbbf3aa03c
+DIST openssl-3.0.12.tar.gz 15204575 BLAKE2B 1f00e33a5ed64a51cf28f0dbe7d53a9197c1edae7538dea9573394ee4dc03a885483d74b0b47a78b9067e87b4f420b9d7103f351bfec91710c168051cb7148df SHA512 63e003653dd1126c66e278969a626cdf0801b97da8b7076824d661e4a77e1572c3171cf7f006c972b95bcfa284889ee0362d8a46a851f7d8e743e2a1fe593b24
+DIST openssl-3.0.12.tar.gz.asc 833 BLAKE2B 5c7914e0449a1f2fad433544fa637263b237c2637b86960f904a7840ef6bd627728dfa45373e03a6ce7a0a4570d03e1dcd0188059bd5dbcc83d49d10be64dd39 SHA512 072d1572e6cc5240fed69c01b1f7f74958ceba33cec3b0a7f0db5929dc884381320fb737ec6b38f95ef81c855e2d382d7ecd19431a328b08efad70288ec4a964
 DIST openssl-3.0.13.tar.gz 15294843 BLAKE2B 869aa5f70a8c1d0cac6027e9261530df70ab5a8b448c785f5f8ff3f206e742c5364424132d0e109a6449af9b4082c4c179c7103dccb16a4539f776ca834c8ccc SHA512 22f4096781f0b075f5bf81bd39a0f97e111760dfa73b6f858f6bb54968a7847944d74969ae10f9a51cc21a2f4af20d9a4c463649dc824f5e439e196d6764c4f9
 DIST openssl-3.0.13.tar.gz.asc 833 BLAKE2B 519515b6faa505d68ff9acc30db9515fac494145086fa5ad9561c39385a6fabb39ad9de10fedd49c8fc716ec59ea1b13ec5e6b466e549ea9f29b8d0bb74ba7b3 SHA512 c52d97c93d16f3ca2a7026fb25890482b6d86c37b5ab686c56b0e08522743ec4ea3f84afa4deb64b0df0d9a16b557430c4d4139ab42ffcf97d769b61d1e6197c
 DIST openssl-3.1.5.tar.gz 15663524 BLAKE2B a12eb88b0a4f2d927123e0d3ca7d2f80f2bdc867c710d24700fe39b631b93d90c73c3deceff151a9fa818ac88026eb798f3253f22d03c839ab9574086fa61eee SHA512 82e2ac6b3d9b03f8fc66d2ec421246e989eb702eb94586515abfb5afb5300391a0beedf6a2602f61ac10896b41e5608feeeeb4d37714fa17ac0f2ce465249fa9

diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
new file mode 100644
index 000000000000..9437bff8e937
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.11.ebuild
@@ -0,0 +1,288 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		app-alternatives/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

diff --git a/dev-libs/openssl/openssl-3.0.12.ebuild b/dev-libs/openssl/openssl-3.0.12.ebuild
new file mode 100644
index 000000000000..9437bff8e937
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.12.ebuild
@@ -0,0 +1,288 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		app-alternatives/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     e12d688bad84974c006a738809fcbed4538de9d2
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 15 07:18:38 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Apr 15 07:26:57 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e12d688b

dev-libs/openssl: drop 3.0.11, 3.0.12

Bug: https://bugs.gentoo.org/921684
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   4 -
 dev-libs/openssl/openssl-3.0.11.ebuild | 288 ---------------------------------
 dev-libs/openssl/openssl-3.0.12.ebuild | 288 ---------------------------------
 3 files changed, 580 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 8738e9282251..cdf575d0eb24 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -3,10 +3,6 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1w.tar.gz 9893384 BLAKE2B 2fdba6ca0188928ab2f74e606136afca66cfa0467170fa6298ef160b64ac6fdcad1e81e5dd14013ce0e9921d0f7417edec531cd0beaf1196fec704c2c6d48395 SHA512 b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d
 DIST openssl-1.1.1w.tar.gz.asc 833 BLAKE2B d990be69ed913509d52b78e7473668429d4485adb29ef03e4612dd0cadbac4f04c7289d8e5baf6f397bcedeaac9f802f18fc719964d882ae0514ed1ca16ae277 SHA512 0f3d7aa48b1cabf8dd43e8108aeed10a4dffb4f5a244d4da9c86ea358b0c8b90c46da561d21e01c567c2f5035d824ed82ec104aad1776b7f33a1be85990e98ef
-DIST openssl-3.0.11.tar.gz 15198318 BLAKE2B e522573aa72c8f6ffef82f20de36178fc6f97a8fee8443df4bf1bd9a6448b315742e9cb698717c1b7d9a91d0768d7ce08d55956ddc415b9dc6cb33fe3a98131b SHA512 393e7262cce0e7980d1cbba861291c8791f6c2a290e9867895c4310ab6e16b449067d8b780ae6081dc8d42529a4f32d545c66e8b1e69d301281d92f1882c85b7
-DIST openssl-3.0.11.tar.gz.asc 833 BLAKE2B e6e2636d5bb5fffb86833e64437fb440bbfd1c4e2bfbfdd72280cf1ce388b70d30eeea56ef6f3bb673e7dcd12020d993ef95f96bf099ded38e8cde4b549b38fa SHA512 3c1fe94fc46861870d99d1edcfe3c151272f7864dde36b66e87a0c79d2289e9ed5cfc48bfa65ba0e88eadcb3cc8307d702e01155f48af8ffc2d4f8fbbf3aa03c
-DIST openssl-3.0.12.tar.gz 15204575 BLAKE2B 1f00e33a5ed64a51cf28f0dbe7d53a9197c1edae7538dea9573394ee4dc03a885483d74b0b47a78b9067e87b4f420b9d7103f351bfec91710c168051cb7148df SHA512 63e003653dd1126c66e278969a626cdf0801b97da8b7076824d661e4a77e1572c3171cf7f006c972b95bcfa284889ee0362d8a46a851f7d8e743e2a1fe593b24
-DIST openssl-3.0.12.tar.gz.asc 833 BLAKE2B 5c7914e0449a1f2fad433544fa637263b237c2637b86960f904a7840ef6bd627728dfa45373e03a6ce7a0a4570d03e1dcd0188059bd5dbcc83d49d10be64dd39 SHA512 072d1572e6cc5240fed69c01b1f7f74958ceba33cec3b0a7f0db5929dc884381320fb737ec6b38f95ef81c855e2d382d7ecd19431a328b08efad70288ec4a964
 DIST openssl-3.0.13.tar.gz 15294843 BLAKE2B 869aa5f70a8c1d0cac6027e9261530df70ab5a8b448c785f5f8ff3f206e742c5364424132d0e109a6449af9b4082c4c179c7103dccb16a4539f776ca834c8ccc SHA512 22f4096781f0b075f5bf81bd39a0f97e111760dfa73b6f858f6bb54968a7847944d74969ae10f9a51cc21a2f4af20d9a4c463649dc824f5e439e196d6764c4f9
 DIST openssl-3.0.13.tar.gz.asc 833 BLAKE2B 519515b6faa505d68ff9acc30db9515fac494145086fa5ad9561c39385a6fabb39ad9de10fedd49c8fc716ec59ea1b13ec5e6b466e549ea9f29b8d0bb74ba7b3 SHA512 c52d97c93d16f3ca2a7026fb25890482b6d86c37b5ab686c56b0e08522743ec4ea3f84afa4deb64b0df0d9a16b557430c4d4139ab42ffcf97d769b61d1e6197c
 DIST openssl-3.1.5.tar.gz 15663524 BLAKE2B a12eb88b0a4f2d927123e0d3ca7d2f80f2bdc867c710d24700fe39b631b93d90c73c3deceff151a9fa818ac88026eb798f3253f22d03c839ab9574086fa61eee SHA512 82e2ac6b3d9b03f8fc66d2ec421246e989eb702eb94586515abfb5afb5300391a0beedf6a2602f61ac10896b41e5608feeeeb4d37714fa17ac0f2ce465249fa9

diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
deleted file mode 100644
index 9437bff8e937..000000000000
--- a/dev-libs/openssl/openssl-3.0.11.ebuild
+++ /dev/null
@@ -1,288 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

diff --git a/dev-libs/openssl/openssl-3.0.12.ebuild b/dev-libs/openssl/openssl-3.0.12.ebuild
deleted file mode 100644
index 9437bff8e937..000000000000
--- a/dev-libs/openssl/openssl-3.0.12.ebuild
+++ /dev/null
@@ -1,288 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     e65d5b223df859daba53ec3d7d9bb6d59f91941b
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Mon Mar  4 18:30:14 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Mar  4 20:58:29 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e65d5b22

dev-libs/openssl: stable 3.0.13 for hppa, bug #925738

Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.13.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.13.ebuild b/dev-libs/openssl/openssl-3.0.13.ebuild
index a899b9572648..a709a5ecde4a 100644
--- a/dev-libs/openssl/openssl-3.0.13.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     d41218950258cc92b77d4f960b361be696c2e72e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar  3 23:01:47 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Mar  3 23:01:47 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4121895

dev-libs/openssl: Stabilize 3.0.13 sparc, #925738

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.13.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.13.ebuild b/dev-libs/openssl/openssl-3.0.13.ebuild
index 12c153c7fba2..a899b9572648 100644
--- a/dev-libs/openssl/openssl-3.0.13.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     ddb1eaf016807ff7b73ebe13a7618fb815a7457d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Mar  2 23:29:37 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Mar  2 23:29:44 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ddb1eaf0

dev-libs/openssl: Stabilize 3.0.13 ppc, #925738

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.13.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.13.ebuild b/dev-libs/openssl/openssl-3.0.13.ebuild
index 33011ab3147f..12c153c7fba2 100644
--- a/dev-libs/openssl/openssl-3.0.13.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     bc3b2ea0f68372cd05e66e0e374415821345e373
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sat Mar  2 11:17:56 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat Mar  2 11:17:56 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc3b2ea0

dev-libs/openssl: Stabilize 3.0.13 arm64, #925738

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.13.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.13.ebuild b/dev-libs/openssl/openssl-3.0.13.ebuild
index e192036cdade..33011ab3147f 100644
--- a/dev-libs/openssl/openssl-3.0.13.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     dd4583758cb6ead1edfc40cfae5f7a0019b6ab31
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sat Mar  2 10:13:50 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat Mar  2 10:13:50 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd458375

dev-libs/openssl: Stabilize 3.0.13 arm, #925738

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.13.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.13.ebuild b/dev-libs/openssl/openssl-3.0.13.ebuild
index e0ef94eacae6..e192036cdade 100644
--- a/dev-libs/openssl/openssl-3.0.13.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     c7ddd4589f2c3a2894c6c3bad05f082aaad23134
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 29 05:49:34 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 29 05:49:34 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c7ddd458

dev-libs/openssl: Stabilize 3.0.13 x86, #925738

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.13.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.13.ebuild b/dev-libs/openssl/openssl-3.0.13.ebuild
index 647c4ee7dbf9..e6271b6a02d0 100644
--- a/dev-libs/openssl/openssl-3.0.13.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     1e9cf17a2d3dd7c216a37e244102bb73b42b53ad
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 29 05:49:35 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 29 05:49:35 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e9cf17a

dev-libs/openssl: Stabilize 3.0.13 ppc64, #925738

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.13.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.13.ebuild b/dev-libs/openssl/openssl-3.0.13.ebuild
index e6271b6a02d0..ea954c36b774 100644
--- a/dev-libs/openssl/openssl-3.0.13.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     36196d3897a5fb652cc11e153bd5d3b3974ec09f
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 29 05:49:36 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 29 05:49:36 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36196d38

dev-libs/openssl: Stabilize 3.0.13 amd64, #925738

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.13.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.13.ebuild b/dev-libs/openssl/openssl-3.0.13.ebuild
index ea954c36b774..e0ef94eacae6 100644
--- a/dev-libs/openssl/openssl-3.0.13.ebuild
+++ b/dev-libs/openssl/openssl-3.0.13.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     62dbf662c13023f2ca9babbdf9b33525e056ece6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 29 04:34:53 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 29 04:34:53 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62dbf662

dev-libs/openssl: stabilize 1.1.1w

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1w.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1w.ebuild b/dev-libs/openssl/openssl-1.1.1w.ebuild
index 442b2389c9ba..d8ec15eef987 100644
--- a/dev-libs/openssl/openssl-1.1.1w.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1w.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     a5223b0613d7f5980421c02679210e44c4659265
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 29 04:34:57 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 29 04:34:57 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5223b06

dev-libs/openssl: drop 1.1.1u

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 -
 dev-libs/openssl/openssl-1.1.1u.ebuild | 268 ---------------------------------
 2 files changed, 270 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index da52e9627ce6..8738e9282251 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,8 +1,6 @@
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
-DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919
-DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
 DIST openssl-1.1.1w.tar.gz 9893384 BLAKE2B 2fdba6ca0188928ab2f74e606136afca66cfa0467170fa6298ef160b64ac6fdcad1e81e5dd14013ce0e9921d0f7417edec531cd0beaf1196fec704c2c6d48395 SHA512 b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d
 DIST openssl-1.1.1w.tar.gz.asc 833 BLAKE2B d990be69ed913509d52b78e7473668429d4485adb29ef03e4612dd0cadbac4f04c7289d8e5baf6f397bcedeaac9f802f18fc719964d882ae0514ed1ca16ae277 SHA512 0f3d7aa48b1cabf8dd43e8108aeed10a4dffb4f5a244d4da9c86ea358b0c8b90c46da561d21e01c567c2f5035d824ed82ec104aad1776b7f33a1be85990e98ef
 DIST openssl-3.0.11.tar.gz 15198318 BLAKE2B e522573aa72c8f6ffef82f20de36178fc6f97a8fee8443df4bf1bd9a6448b315742e9cb698717c1b7d9a91d0768d7ce08d55956ddc415b9dc6cb33fe3a98131b SHA512 393e7262cce0e7980d1cbba861291c8791f6c2a290e9867895c4310ab6e16b449067d8b780ae6081dc8d42529a4f32d545c66e8b1e69d301281d92f1882c85b7

diff --git a/dev-libs/openssl/openssl-1.1.1u.ebuild b/dev-libs/openssl/openssl-1.1.1u.ebuild
deleted file mode 100644
index 75ded5076084..000000000000
--- a/dev-libs/openssl/openssl-1.1.1u.ebuild
+++ /dev/null
@@ -1,268 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
-
-MY_P=${P/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		kernel_linux? ( sys-process/procps )
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-PDEPEND="app-misc/ca-certificates"
-
-# force upgrade to prevent broken login, bug #696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	# General patches which are suitable to always apply
-	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
-		# use GNU ld full option, not to confuse it on Solaris
-		sed -i \
-			-e 's/-Wl,-M,/-Wl,--version-script=/' \
-			-e 's/-Wl,-h,/-Wl,--soname=/' \
-			Configurations/10-main.conf || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config=( perl "${S}/Configure" )
-	[[ -z ${sslout} ]] && config=( sh "${S}/config" -v )
-
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		${ec_nistp_64_gcc_128}
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use_ssl sslv3 ssl3)
-		$(use_ssl sslv3 ssl3-method)
-		$(use_ssl asm)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl tls-heartbeat heartbeats)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo "${config[@]}" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     44f8ac6e2f85d1896fbe8134db2c55c9f9511390
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 29 03:47:50 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 29 03:48:11 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44f8ac6e

dev-libs/openssl: drop 3.1.4, 3.1.5

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 -
 dev-libs/openssl/openssl-3.1.4.ebuild | 291 ----------------------------------
 dev-libs/openssl/openssl-3.1.5.ebuild | 281 --------------------------------
 3 files changed, 574 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index eea2719b6307..000c0d29d104 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -11,8 +11,6 @@ DIST openssl-3.0.12.tar.gz 15204575 BLAKE2B 1f00e33a5ed64a51cf28f0dbe7d53a9197c1
 DIST openssl-3.0.12.tar.gz.asc 833 BLAKE2B 5c7914e0449a1f2fad433544fa637263b237c2637b86960f904a7840ef6bd627728dfa45373e03a6ce7a0a4570d03e1dcd0188059bd5dbcc83d49d10be64dd39 SHA512 072d1572e6cc5240fed69c01b1f7f74958ceba33cec3b0a7f0db5929dc884381320fb737ec6b38f95ef81c855e2d382d7ecd19431a328b08efad70288ec4a964
 DIST openssl-3.0.13.tar.gz 15294843 BLAKE2B 869aa5f70a8c1d0cac6027e9261530df70ab5a8b448c785f5f8ff3f206e742c5364424132d0e109a6449af9b4082c4c179c7103dccb16a4539f776ca834c8ccc SHA512 22f4096781f0b075f5bf81bd39a0f97e111760dfa73b6f858f6bb54968a7847944d74969ae10f9a51cc21a2f4af20d9a4c463649dc824f5e439e196d6764c4f9
 DIST openssl-3.0.13.tar.gz.asc 833 BLAKE2B 519515b6faa505d68ff9acc30db9515fac494145086fa5ad9561c39385a6fabb39ad9de10fedd49c8fc716ec59ea1b13ec5e6b466e549ea9f29b8d0bb74ba7b3 SHA512 c52d97c93d16f3ca2a7026fb25890482b6d86c37b5ab686c56b0e08522743ec4ea3f84afa4deb64b0df0d9a16b557430c4d4139ab42ffcf97d769b61d1e6197c
-DIST openssl-3.1.4.tar.gz 15569450 BLAKE2B bd6a3ef458f86dd5173e87b10432bd81c1570e1848da3c4d7a06eb021d2f67e4075421885c402f6ea792e383e756d78757c17ef060094e840ed5df6faf3d7f9e SHA512 a69df4a018f57dee7d8a57c8003a6869eba11f1eaa394518976642a993780d0de3326019e92dea4c679c6c581fef568ea616ec541afc0792800359c606dffcd2
-DIST openssl-3.1.4.tar.gz.asc 833 BLAKE2B 9f4c2365617b3ea21c8d4f4281befe584e8d39d5f0546fb17d151b21b20615e5d20ed9105881ee981948e866a7629930a7544263c124dce66a9df4f19e16708e SHA512 fc5fa55a54e3da5d48229f25073186613ddf6bb3907999b53ed61832cce9acef00c79d45357bc8590eeeeffb04a829d45921d982924300da16d84eb5333c1512
 DIST openssl-3.1.5.tar.gz 15663524 BLAKE2B a12eb88b0a4f2d927123e0d3ca7d2f80f2bdc867c710d24700fe39b631b93d90c73c3deceff151a9fa818ac88026eb798f3253f22d03c839ab9574086fa61eee SHA512 82e2ac6b3d9b03f8fc66d2ec421246e989eb702eb94586515abfb5afb5300391a0beedf6a2602f61ac10896b41e5608feeeeb4d37714fa17ac0f2ce465249fa9
 DIST openssl-3.1.5.tar.gz.asc 833 BLAKE2B 633502ec0a87074136d7ea42d9ac5f3df53523560d2a97410b5b57d28d916336da95ab5521c10f94202e3a0995331f0e17bdcf8843135634a5d5a95cfafc7b21 SHA512 48187bb8a7bdbd8b76fdcca736d2b03e2a89330b304eefb4e9620f570c741c60f2023307d8619ba1fa101a99223f94895e7be57ced6547a4fb06bd4c3677533a
 DIST openssl-3.2.0.tar.gz 17698352 BLAKE2B 776123929796d2eb0f3974bf6ee3a55df9187231632837576bf5ded7b5917f052683cdfc756693c1bee6fe1ffc7c3cb1ebcf833018d3caf51886f4f4e7a495f1 SHA512 ba3ac38365fd0c50f1eaf1693b6200a0d66f01ff53c2d3bb0358643cd83fc0c61fc3b84c0658cf74b6ae91d7d8a9da7291697bd9be3063ada8a9df879e58ed52

diff --git a/dev-libs/openssl/openssl-3.1.4.ebuild b/dev-libs/openssl/openssl-3.1.4.ebuild
deleted file mode 100644
index 01d315ed7afc..000000000000
--- a/dev-libs/openssl/openssl-3.1.4.ebuild
+++ /dev/null
@@ -1,291 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

diff --git a/dev-libs/openssl/openssl-3.1.5.ebuild b/dev-libs/openssl/openssl-3.1.5.ebuild
deleted file mode 100644
index a95bf0b407ff..000000000000
--- a/dev-libs/openssl/openssl-3.1.5.ebuild
+++ /dev/null
@@ -1,281 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     4335e63018dca728f5b26194e1c5ae1637892d3e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 29 03:47:58 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 29 03:48:11 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4335e630

dev-libs/openssl: drop 3.2.0, 3.2.1

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 -
 dev-libs/openssl/openssl-3.2.0.ebuild | 302 ----------------------------------
 dev-libs/openssl/openssl-3.2.1.ebuild | 300 ---------------------------------
 3 files changed, 604 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 000c0d29d104..da52e9627ce6 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -13,7 +13,5 @@ DIST openssl-3.0.13.tar.gz 15294843 BLAKE2B 869aa5f70a8c1d0cac6027e9261530df70ab
 DIST openssl-3.0.13.tar.gz.asc 833 BLAKE2B 519515b6faa505d68ff9acc30db9515fac494145086fa5ad9561c39385a6fabb39ad9de10fedd49c8fc716ec59ea1b13ec5e6b466e549ea9f29b8d0bb74ba7b3 SHA512 c52d97c93d16f3ca2a7026fb25890482b6d86c37b5ab686c56b0e08522743ec4ea3f84afa4deb64b0df0d9a16b557430c4d4139ab42ffcf97d769b61d1e6197c
 DIST openssl-3.1.5.tar.gz 15663524 BLAKE2B a12eb88b0a4f2d927123e0d3ca7d2f80f2bdc867c710d24700fe39b631b93d90c73c3deceff151a9fa818ac88026eb798f3253f22d03c839ab9574086fa61eee SHA512 82e2ac6b3d9b03f8fc66d2ec421246e989eb702eb94586515abfb5afb5300391a0beedf6a2602f61ac10896b41e5608feeeeb4d37714fa17ac0f2ce465249fa9
 DIST openssl-3.1.5.tar.gz.asc 833 BLAKE2B 633502ec0a87074136d7ea42d9ac5f3df53523560d2a97410b5b57d28d916336da95ab5521c10f94202e3a0995331f0e17bdcf8843135634a5d5a95cfafc7b21 SHA512 48187bb8a7bdbd8b76fdcca736d2b03e2a89330b304eefb4e9620f570c741c60f2023307d8619ba1fa101a99223f94895e7be57ced6547a4fb06bd4c3677533a
-DIST openssl-3.2.0.tar.gz 17698352 BLAKE2B 776123929796d2eb0f3974bf6ee3a55df9187231632837576bf5ded7b5917f052683cdfc756693c1bee6fe1ffc7c3cb1ebcf833018d3caf51886f4f4e7a495f1 SHA512 ba3ac38365fd0c50f1eaf1693b6200a0d66f01ff53c2d3bb0358643cd83fc0c61fc3b84c0658cf74b6ae91d7d8a9da7291697bd9be3063ada8a9df879e58ed52
-DIST openssl-3.2.0.tar.gz.asc 833 BLAKE2B b73fd622276e9c8c592b49853c4aec04a9a84bab296aedf1489866ea6e0b5bfe0f299eadbd6e8eecb54e350958f253308f197ed5998cebf0512ca058bf48fdac SHA512 636ed26fc3e9ad63f0666407f254be885c3e8e5db15e5d95f13207099853bac5dbb4e682113a9339f795630396fda78a735aa04b72098d34d5c65ae3c2ed7a33
 DIST openssl-3.2.1.tar.gz 17733249 BLAKE2B 960222e0305166160e5ab000e29650b92063bf726551ee9ad46060166d99738d1e3a5b86fd28b14c8f4fb3a72f5aa70850defb87c02990acff3dbcbdac40b347 SHA512 bab2b2419319f1feffaba4692f03edbf13b44d1090c6e075a2d69dad67a2d51e64e6edbf83456a26c83900a726d20d2c4ee4ead9c94b322fd0b536f3b5a863c4
 DIST openssl-3.2.1.tar.gz.asc 833 BLAKE2B a1d25fe30bf1804d13a8b6b98edf56be5bf744d9e2706f4169455c24efe2e3a361487d00d0d4bac240c3f0170693d77a39dd0d4ee5c792d2247aa00c47e74ebf SHA512 de39516c7b77612f33cdc830a8d13ef6bcd91c03d24a6ed105480f140f9e1ad7049844e234c96a516d62e0e33ce90442ffd0f309ea674884c735f04d8562f372

diff --git a/dev-libs/openssl/openssl-3.2.0.ebuild b/dev-libs/openssl/openssl-3.2.0.ebuild
deleted file mode 100644
index 3d9bf86351ee..000000000000
--- a/dev-libs/openssl/openssl-3.2.0.ebuild
+++ /dev/null
@@ -1,302 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-
-	#if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-	#	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-	#fi
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# See https://github.com/openssl/openssl/blob/master/test/README.md for options.
-	#
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	#
-	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
-	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
-	# controls running the tests.
-	#
-	# test_symbol_presence: https://github.com/openssl/openssl/issues/22837
-	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 TESTS='-test_symbol_presence' test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

diff --git a/dev-libs/openssl/openssl-3.2.1.ebuild b/dev-libs/openssl/openssl-3.2.1.ebuild
deleted file mode 100644
index d64504cbcd91..000000000000
--- a/dev-libs/openssl/openssl-3.2.1.ebuild
+++ /dev/null
@@ -1,300 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-
-	#if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-	#	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-	#fi
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		app-alternatives/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# See https://github.com/openssl/openssl/blob/master/test/README.md for options.
-	#
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	#
-	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
-	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
-	# controls running the tests.
-	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     83e2ccb40aa0c93f0e4c2eac36a5f6557e22e6cd
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb  1 16:45:40 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb  1 16:45:56 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83e2ccb4

dev-libs/openssl: keyword 3.2.1-r1

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.2.1-r1.ebuild | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.2.1-r1.ebuild b/dev-libs/openssl/openssl-3.2.1-r1.ebuild
index 4226369d0bf0..24ae65f3321f 100644
--- a/dev-libs/openssl/openssl-3.2.1-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.2.1-r1.ebuild
@@ -22,9 +22,9 @@ else
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
 	"
 
-	#if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
-	#	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-	#fi
+	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	fi
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     cf4aa17dcf12ffaa32bab85786298f3c307e76c8
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 30 21:06:17 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jan 30 21:21:29 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf4aa17d

dev-libs/openssl: drop obsolete test workaround from 3.2.1

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.2.1.ebuild | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.2.1.ebuild b/dev-libs/openssl/openssl-3.2.1.ebuild
index 3d9bf86351ee..d64504cbcd91 100644
--- a/dev-libs/openssl/openssl-3.2.1.ebuild
+++ b/dev-libs/openssl/openssl-3.2.1.ebuild
@@ -230,9 +230,7 @@ multilib_src_test() {
 	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
 	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
 	# controls running the tests.
-	#
-	# test_symbol_presence: https://github.com/openssl/openssl/issues/22837
-	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 TESTS='-test_symbol_presence' test
+	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
 }
 
 multilib_src_install() {

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     52d89097c8d92c390e1bc396165553a00da780b5
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 30 20:30:44 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jan 30 20:49:09 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=52d89097

dev-libs/openssl: add 3.0.13

Bug: https://bugs.gentoo.org/921684
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-3.0.13.ebuild | 278 +++++++++++++++++++++++++++++++++
 2 files changed, 280 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index e8e3d588c177..3133f8a68c91 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -9,6 +9,8 @@ DIST openssl-3.0.11.tar.gz 15198318 BLAKE2B e522573aa72c8f6ffef82f20de36178fc6f9
 DIST openssl-3.0.11.tar.gz.asc 833 BLAKE2B e6e2636d5bb5fffb86833e64437fb440bbfd1c4e2bfbfdd72280cf1ce388b70d30eeea56ef6f3bb673e7dcd12020d993ef95f96bf099ded38e8cde4b549b38fa SHA512 3c1fe94fc46861870d99d1edcfe3c151272f7864dde36b66e87a0c79d2289e9ed5cfc48bfa65ba0e88eadcb3cc8307d702e01155f48af8ffc2d4f8fbbf3aa03c
 DIST openssl-3.0.12.tar.gz 15204575 BLAKE2B 1f00e33a5ed64a51cf28f0dbe7d53a9197c1edae7538dea9573394ee4dc03a885483d74b0b47a78b9067e87b4f420b9d7103f351bfec91710c168051cb7148df SHA512 63e003653dd1126c66e278969a626cdf0801b97da8b7076824d661e4a77e1572c3171cf7f006c972b95bcfa284889ee0362d8a46a851f7d8e743e2a1fe593b24
 DIST openssl-3.0.12.tar.gz.asc 833 BLAKE2B 5c7914e0449a1f2fad433544fa637263b237c2637b86960f904a7840ef6bd627728dfa45373e03a6ce7a0a4570d03e1dcd0188059bd5dbcc83d49d10be64dd39 SHA512 072d1572e6cc5240fed69c01b1f7f74958ceba33cec3b0a7f0db5929dc884381320fb737ec6b38f95ef81c855e2d382d7ecd19431a328b08efad70288ec4a964
+DIST openssl-3.0.13.tar.gz 15294843 BLAKE2B 869aa5f70a8c1d0cac6027e9261530df70ab5a8b448c785f5f8ff3f206e742c5364424132d0e109a6449af9b4082c4c179c7103dccb16a4539f776ca834c8ccc SHA512 22f4096781f0b075f5bf81bd39a0f97e111760dfa73b6f858f6bb54968a7847944d74969ae10f9a51cc21a2f4af20d9a4c463649dc824f5e439e196d6764c4f9
+DIST openssl-3.0.13.tar.gz.asc 833 BLAKE2B 519515b6faa505d68ff9acc30db9515fac494145086fa5ad9561c39385a6fabb39ad9de10fedd49c8fc716ec59ea1b13ec5e6b466e549ea9f29b8d0bb74ba7b3 SHA512 c52d97c93d16f3ca2a7026fb25890482b6d86c37b5ab686c56b0e08522743ec4ea3f84afa4deb64b0df0d9a16b557430c4d4139ab42ffcf97d769b61d1e6197c
 DIST openssl-3.1.4.tar.gz 15569450 BLAKE2B bd6a3ef458f86dd5173e87b10432bd81c1570e1848da3c4d7a06eb021d2f67e4075421885c402f6ea792e383e756d78757c17ef060094e840ed5df6faf3d7f9e SHA512 a69df4a018f57dee7d8a57c8003a6869eba11f1eaa394518976642a993780d0de3326019e92dea4c679c6c581fef568ea616ec541afc0792800359c606dffcd2
 DIST openssl-3.1.4.tar.gz.asc 833 BLAKE2B 9f4c2365617b3ea21c8d4f4281befe584e8d39d5f0546fb17d151b21b20615e5d20ed9105881ee981948e866a7629930a7544263c124dce66a9df4f19e16708e SHA512 fc5fa55a54e3da5d48229f25073186613ddf6bb3907999b53ed61832cce9acef00c79d45357bc8590eeeeffb04a829d45921d982924300da16d84eb5333c1512
 DIST openssl-3.2.0.tar.gz 17698352 BLAKE2B 776123929796d2eb0f3974bf6ee3a55df9187231632837576bf5ded7b5917f052683cdfc756693c1bee6fe1ffc7c3cb1ebcf833018d3caf51886f4f4e7a495f1 SHA512 ba3ac38365fd0c50f1eaf1693b6200a0d66f01ff53c2d3bb0358643cd83fc0c61fc3b84c0658cf74b6ae91d7d8a9da7291697bd9be3063ada8a9df879e58ed52

diff --git a/dev-libs/openssl/openssl-3.0.13.ebuild b/dev-libs/openssl/openssl-3.0.13.ebuild
new file mode 100644
index 000000000000..647c4ee7dbf9
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.13.ebuild
@@ -0,0 +1,278 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		app-alternatives/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile || die
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     985a8d64ce5b3fdf25a95741c6b0574df9e7fa86
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 30 20:49:04 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jan 30 20:49:10 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=985a8d64

dev-libs/openssl: add 3.2.1

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.2.1.ebuild | 302 ++++++++++++++++++++++++++++++++++
 2 files changed, 304 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 820073948c2c..eea2719b6307 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -17,3 +17,5 @@ DIST openssl-3.1.5.tar.gz 15663524 BLAKE2B a12eb88b0a4f2d927123e0d3ca7d2f80f2bdc
 DIST openssl-3.1.5.tar.gz.asc 833 BLAKE2B 633502ec0a87074136d7ea42d9ac5f3df53523560d2a97410b5b57d28d916336da95ab5521c10f94202e3a0995331f0e17bdcf8843135634a5d5a95cfafc7b21 SHA512 48187bb8a7bdbd8b76fdcca736d2b03e2a89330b304eefb4e9620f570c741c60f2023307d8619ba1fa101a99223f94895e7be57ced6547a4fb06bd4c3677533a
 DIST openssl-3.2.0.tar.gz 17698352 BLAKE2B 776123929796d2eb0f3974bf6ee3a55df9187231632837576bf5ded7b5917f052683cdfc756693c1bee6fe1ffc7c3cb1ebcf833018d3caf51886f4f4e7a495f1 SHA512 ba3ac38365fd0c50f1eaf1693b6200a0d66f01ff53c2d3bb0358643cd83fc0c61fc3b84c0658cf74b6ae91d7d8a9da7291697bd9be3063ada8a9df879e58ed52
 DIST openssl-3.2.0.tar.gz.asc 833 BLAKE2B b73fd622276e9c8c592b49853c4aec04a9a84bab296aedf1489866ea6e0b5bfe0f299eadbd6e8eecb54e350958f253308f197ed5998cebf0512ca058bf48fdac SHA512 636ed26fc3e9ad63f0666407f254be885c3e8e5db15e5d95f13207099853bac5dbb4e682113a9339f795630396fda78a735aa04b72098d34d5c65ae3c2ed7a33
+DIST openssl-3.2.1.tar.gz 17733249 BLAKE2B 960222e0305166160e5ab000e29650b92063bf726551ee9ad46060166d99738d1e3a5b86fd28b14c8f4fb3a72f5aa70850defb87c02990acff3dbcbdac40b347 SHA512 bab2b2419319f1feffaba4692f03edbf13b44d1090c6e075a2d69dad67a2d51e64e6edbf83456a26c83900a726d20d2c4ee4ead9c94b322fd0b536f3b5a863c4
+DIST openssl-3.2.1.tar.gz.asc 833 BLAKE2B a1d25fe30bf1804d13a8b6b98edf56be5bf744d9e2706f4169455c24efe2e3a361487d00d0d4bac240c3f0170693d77a39dd0d4ee5c792d2247aa00c47e74ebf SHA512 de39516c7b77612f33cdc830a8d13ef6bcd91c03d24a6ed105480f140f9e1ad7049844e234c96a516d62e0e33ce90442ffd0f309ea674884c735f04d8562f372

diff --git a/dev-libs/openssl/openssl-3.2.1.ebuild b/dev-libs/openssl/openssl-3.2.1.ebuild
new file mode 100644
index 000000000000..3d9bf86351ee
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.2.1.ebuild
@@ -0,0 +1,302 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="
+		mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+	"
+
+	#if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
+	#	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	#fi
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	!<net-misc/openssh-9.2_p1-r3
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		app-alternatives/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# See https://github.com/openssl/openssl/blob/master/test/README.md for options.
+	#
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	#
+	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
+	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
+	# controls running the tests.
+	#
+	# test_symbol_presence: https://github.com/openssl/openssl/issues/22837
+	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 TESTS='-test_symbol_presence' test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     e5a2169ef505c94723553bc396cc5db16c1e3005
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 30 20:38:55 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jan 30 20:49:09 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5a2169e

dev-libs/openssl: add 3.1.5

Bug: https://bugs.gentoo.org/921684
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.1.5.ebuild | 281 ++++++++++++++++++++++++++++++++++
 2 files changed, 283 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 3133f8a68c91..820073948c2c 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -13,5 +13,7 @@ DIST openssl-3.0.13.tar.gz 15294843 BLAKE2B 869aa5f70a8c1d0cac6027e9261530df70ab
 DIST openssl-3.0.13.tar.gz.asc 833 BLAKE2B 519515b6faa505d68ff9acc30db9515fac494145086fa5ad9561c39385a6fabb39ad9de10fedd49c8fc716ec59ea1b13ec5e6b466e549ea9f29b8d0bb74ba7b3 SHA512 c52d97c93d16f3ca2a7026fb25890482b6d86c37b5ab686c56b0e08522743ec4ea3f84afa4deb64b0df0d9a16b557430c4d4139ab42ffcf97d769b61d1e6197c
 DIST openssl-3.1.4.tar.gz 15569450 BLAKE2B bd6a3ef458f86dd5173e87b10432bd81c1570e1848da3c4d7a06eb021d2f67e4075421885c402f6ea792e383e756d78757c17ef060094e840ed5df6faf3d7f9e SHA512 a69df4a018f57dee7d8a57c8003a6869eba11f1eaa394518976642a993780d0de3326019e92dea4c679c6c581fef568ea616ec541afc0792800359c606dffcd2
 DIST openssl-3.1.4.tar.gz.asc 833 BLAKE2B 9f4c2365617b3ea21c8d4f4281befe584e8d39d5f0546fb17d151b21b20615e5d20ed9105881ee981948e866a7629930a7544263c124dce66a9df4f19e16708e SHA512 fc5fa55a54e3da5d48229f25073186613ddf6bb3907999b53ed61832cce9acef00c79d45357bc8590eeeeffb04a829d45921d982924300da16d84eb5333c1512
+DIST openssl-3.1.5.tar.gz 15663524 BLAKE2B a12eb88b0a4f2d927123e0d3ca7d2f80f2bdc867c710d24700fe39b631b93d90c73c3deceff151a9fa818ac88026eb798f3253f22d03c839ab9574086fa61eee SHA512 82e2ac6b3d9b03f8fc66d2ec421246e989eb702eb94586515abfb5afb5300391a0beedf6a2602f61ac10896b41e5608feeeeb4d37714fa17ac0f2ce465249fa9
+DIST openssl-3.1.5.tar.gz.asc 833 BLAKE2B 633502ec0a87074136d7ea42d9ac5f3df53523560d2a97410b5b57d28d916336da95ab5521c10f94202e3a0995331f0e17bdcf8843135634a5d5a95cfafc7b21 SHA512 48187bb8a7bdbd8b76fdcca736d2b03e2a89330b304eefb4e9620f570c741c60f2023307d8619ba1fa101a99223f94895e7be57ced6547a4fb06bd4c3677533a
 DIST openssl-3.2.0.tar.gz 17698352 BLAKE2B 776123929796d2eb0f3974bf6ee3a55df9187231632837576bf5ded7b5917f052683cdfc756693c1bee6fe1ffc7c3cb1ebcf833018d3caf51886f4f4e7a495f1 SHA512 ba3ac38365fd0c50f1eaf1693b6200a0d66f01ff53c2d3bb0358643cd83fc0c61fc3b84c0658cf74b6ae91d7d8a9da7291697bd9be3063ada8a9df879e58ed52
 DIST openssl-3.2.0.tar.gz.asc 833 BLAKE2B b73fd622276e9c8c592b49853c4aec04a9a84bab296aedf1489866ea6e0b5bfe0f299eadbd6e8eecb54e350958f253308f197ed5998cebf0512ca058bf48fdac SHA512 636ed26fc3e9ad63f0666407f254be885c3e8e5db15e5d95f13207099853bac5dbb4e682113a9339f795630396fda78a735aa04b72098d34d5c65ae3c2ed7a33

diff --git a/dev-libs/openssl/openssl-3.1.5.ebuild b/dev-libs/openssl/openssl-3.1.5.ebuild
new file mode 100644
index 000000000000..a95bf0b407ff
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.1.5.ebuild
@@ -0,0 +1,281 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="
+		mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+	"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	!<net-misc/openssh-9.2_p1-r3
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		app-alternatives/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     a79bc979317020db22782c6c116aea7e50228305
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 29 16:38:05 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 29 16:38:05 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a79bc979

dev-libs/openssl: Stabilize 3.0.12 ppc, #920847

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.12.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.12.ebuild b/dev-libs/openssl/openssl-3.0.12.ebuild
index c673cde4fdb5..6de74119336f 100644
--- a/dev-libs/openssl/openssl-3.0.12.ebuild
+++ b/dev-libs/openssl/openssl-3.0.12.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     5b06da927955141262ded68fc40c57e47182837f
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 29 13:44:54 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 29 13:44:54 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b06da92

dev-libs/openssl: Stabilize 3.0.12 arm, #920847

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.12.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.12.ebuild b/dev-libs/openssl/openssl-3.0.12.ebuild
index e880fbb47786..bded3d55c5b2 100644
--- a/dev-libs/openssl/openssl-3.0.12.ebuild
+++ b/dev-libs/openssl/openssl-3.0.12.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     366c1a18fb1a4532e2b9a15ba7bf754a31ed602a
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 29 13:44:57 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 29 13:44:57 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=366c1a18

dev-libs/openssl: Stabilize 3.0.12 arm64, #920847

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.12.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.12.ebuild b/dev-libs/openssl/openssl-3.0.12.ebuild
index bded3d55c5b2..c673cde4fdb5 100644
--- a/dev-libs/openssl/openssl-3.0.12.ebuild
+++ b/dev-libs/openssl/openssl-3.0.12.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     e0efdf0ae5c044c1904feb45d774c52dbbb000b6
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 29 06:58:15 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 29 06:58:15 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0efdf0a

dev-libs/openssl: Stabilize 3.0.12 x86, #920847

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.12.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.12.ebuild b/dev-libs/openssl/openssl-3.0.12.ebuild
index 52de4ce133dd..e880fbb47786 100644
--- a/dev-libs/openssl/openssl-3.0.12.ebuild
+++ b/dev-libs/openssl/openssl-3.0.12.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     35ce5fb574d443edb8c65b1975910df17916117c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 29 00:23:27 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 29 00:23:27 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35ce5fb5

dev-libs/openssl: Stabilize 3.0.12 amd64, #920847

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.12.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.12.ebuild b/dev-libs/openssl/openssl-3.0.12.ebuild
index 54173e4b4838..a409c971a5f7 100644
--- a/dev-libs/openssl/openssl-3.0.12.ebuild
+++ b/dev-libs/openssl/openssl-3.0.12.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     4a989177757b81d175835357fe57b88c8b458390
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 29 00:23:26 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 29 00:23:26 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a989177

dev-libs/openssl: Stabilize 3.0.12 ppc64, #920847

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.12.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.12.ebuild b/dev-libs/openssl/openssl-3.0.12.ebuild
index 0554f775b981..54173e4b4838 100644
--- a/dev-libs/openssl/openssl-3.0.12.ebuild
+++ b/dev-libs/openssl/openssl-3.0.12.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     2d40d9c4d1740b13aab7a6589ff2a9271dcd4e05
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 29 00:23:28 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 29 00:23:28 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d40d9c4

dev-libs/openssl: Stabilize 3.0.12 sparc, #920847

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.12.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.12.ebuild b/dev-libs/openssl/openssl-3.0.12.ebuild
index a409c971a5f7..52de4ce133dd 100644
--- a/dev-libs/openssl/openssl-3.0.12.ebuild
+++ b/dev-libs/openssl/openssl-3.0.12.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     171917dd2694a560d96bfb88f79e94c4c9111012
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 28 04:40:38 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 28 04:40:38 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=171917dd

dev-libs/openssl: drop 3.1.2, 3.1.3

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   4 -
 dev-libs/openssl/openssl-3.1.2.ebuild | 291 ----------------------------------
 dev-libs/openssl/openssl-3.1.3.ebuild | 291 ----------------------------------
 3 files changed, 586 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index ab13e01ef03c..e8e3d588c177 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -9,10 +9,6 @@ DIST openssl-3.0.11.tar.gz 15198318 BLAKE2B e522573aa72c8f6ffef82f20de36178fc6f9
 DIST openssl-3.0.11.tar.gz.asc 833 BLAKE2B e6e2636d5bb5fffb86833e64437fb440bbfd1c4e2bfbfdd72280cf1ce388b70d30eeea56ef6f3bb673e7dcd12020d993ef95f96bf099ded38e8cde4b549b38fa SHA512 3c1fe94fc46861870d99d1edcfe3c151272f7864dde36b66e87a0c79d2289e9ed5cfc48bfa65ba0e88eadcb3cc8307d702e01155f48af8ffc2d4f8fbbf3aa03c
 DIST openssl-3.0.12.tar.gz 15204575 BLAKE2B 1f00e33a5ed64a51cf28f0dbe7d53a9197c1edae7538dea9573394ee4dc03a885483d74b0b47a78b9067e87b4f420b9d7103f351bfec91710c168051cb7148df SHA512 63e003653dd1126c66e278969a626cdf0801b97da8b7076824d661e4a77e1572c3171cf7f006c972b95bcfa284889ee0362d8a46a851f7d8e743e2a1fe593b24
 DIST openssl-3.0.12.tar.gz.asc 833 BLAKE2B 5c7914e0449a1f2fad433544fa637263b237c2637b86960f904a7840ef6bd627728dfa45373e03a6ce7a0a4570d03e1dcd0188059bd5dbcc83d49d10be64dd39 SHA512 072d1572e6cc5240fed69c01b1f7f74958ceba33cec3b0a7f0db5929dc884381320fb737ec6b38f95ef81c855e2d382d7ecd19431a328b08efad70288ec4a964
-DIST openssl-3.1.2.tar.gz 15560427 BLAKE2B 7b4ba35df7d5680c5f13a1986e4c6abaf4592690647dcfa84d7f14c196326355e8ad0ea62f81f8269f0605f0d29f18e9def9c2158fcbe00baefabf819f82374d SHA512 9f41113e5537aee4c3f92711ff85fa12da080363fef0c8b8b34e5b3fc608473c6e4cadd9d8c78f2fcbe97462e51f26a0bb6781656a69ad40226e68af2cf2c762
-DIST openssl-3.1.2.tar.gz.asc 833 BLAKE2B aba3207c5eafaafc34bea078a9684612f7d9b4c5a888a27781cfe2421d27de6c2af3539abfc6efdac81ab0b923b7044a9b764902aa76edfd44ce5979f871a8b9 SHA512 fe143d2d90de1d3d30590ef9801185f8d2837668474ef3879d409bd4eb9417a127dee6c2a4e45076aa3ae3e443bfedd24de434ba4cf3ea0589c113990345a9ce
-DIST openssl-3.1.3.tar.gz 15561739 BLAKE2B a279a5c80191b95ca735aed20beb56ab899ee302258ce3529c377820739bf55075537cd900b06b3ca07b85efdce95cb081bcad1dfd4d33f81695c7ef0cefdf03 SHA512 2388eaa8e99acf1e8af4691a645b9b9af456900c74959e82d4cb02808301e11dcfecc86954a922262b16fa4b664b459894d133ab7d35ec82e1633a33194b7b20
-DIST openssl-3.1.3.tar.gz.asc 833 BLAKE2B 27427a4523c9fa9f9ffc0e00d6492e4bab4cd0d24ebf903fee05197c5089c4d201a76ef0073e856bedd86abf54ae01491e78d259eedf21a4797eee6c9cbd8fcf SHA512 0b8f12dd8623160f7358c24a8f36edb5d8c3460d1f7d711e1367051b172d9ac90c2c7c4980da1aa9f9c89d72384a034fe888b109650156fa197c363a14337127
 DIST openssl-3.1.4.tar.gz 15569450 BLAKE2B bd6a3ef458f86dd5173e87b10432bd81c1570e1848da3c4d7a06eb021d2f67e4075421885c402f6ea792e383e756d78757c17ef060094e840ed5df6faf3d7f9e SHA512 a69df4a018f57dee7d8a57c8003a6869eba11f1eaa394518976642a993780d0de3326019e92dea4c679c6c581fef568ea616ec541afc0792800359c606dffcd2
 DIST openssl-3.1.4.tar.gz.asc 833 BLAKE2B 9f4c2365617b3ea21c8d4f4281befe584e8d39d5f0546fb17d151b21b20615e5d20ed9105881ee981948e866a7629930a7544263c124dce66a9df4f19e16708e SHA512 fc5fa55a54e3da5d48229f25073186613ddf6bb3907999b53ed61832cce9acef00c79d45357bc8590eeeeffb04a829d45921d982924300da16d84eb5333c1512
 DIST openssl-3.2.0.tar.gz 17698352 BLAKE2B 776123929796d2eb0f3974bf6ee3a55df9187231632837576bf5ded7b5917f052683cdfc756693c1bee6fe1ffc7c3cb1ebcf833018d3caf51886f4f4e7a495f1 SHA512 ba3ac38365fd0c50f1eaf1693b6200a0d66f01ff53c2d3bb0358643cd83fc0c61fc3b84c0658cf74b6ae91d7d8a9da7291697bd9be3063ada8a9df879e58ed52

diff --git a/dev-libs/openssl/openssl-3.1.2.ebuild b/dev-libs/openssl/openssl-3.1.2.ebuild
deleted file mode 100644
index 0abd2585a656..000000000000
--- a/dev-libs/openssl/openssl-3.1.2.ebuild
+++ /dev/null
@@ -1,291 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

diff --git a/dev-libs/openssl/openssl-3.1.3.ebuild b/dev-libs/openssl/openssl-3.1.3.ebuild
deleted file mode 100644
index 0abd2585a656..000000000000
--- a/dev-libs/openssl/openssl-3.1.3.ebuild
+++ /dev/null
@@ -1,291 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     03ed151102256c7905f06b5b6c88a448975c34ef
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 28 04:40:25 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 28 04:40:25 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=03ed1511

dev-libs/openssl: drop 3.0.9-r1, 3.0.9-r2, 3.0.10

Bug: https://bugs.gentoo.org/910556
Bug: https://bugs.gentoo.org/916241
Bug: https://bugs.gentoo.org/911560
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest                |   4 -
 dev-libs/openssl/openssl-3.0.10.ebuild   | 288 ------------------------------
 dev-libs/openssl/openssl-3.0.9-r1.ebuild | 286 ------------------------------
 dev-libs/openssl/openssl-3.0.9-r2.ebuild | 293 -------------------------------
 4 files changed, 871 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 8ef4a82b3d3a..ab13e01ef03c 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -5,14 +5,10 @@ DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093
 DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
 DIST openssl-1.1.1w.tar.gz 9893384 BLAKE2B 2fdba6ca0188928ab2f74e606136afca66cfa0467170fa6298ef160b64ac6fdcad1e81e5dd14013ce0e9921d0f7417edec531cd0beaf1196fec704c2c6d48395 SHA512 b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d
 DIST openssl-1.1.1w.tar.gz.asc 833 BLAKE2B d990be69ed913509d52b78e7473668429d4485adb29ef03e4612dd0cadbac4f04c7289d8e5baf6f397bcedeaac9f802f18fc719964d882ae0514ed1ca16ae277 SHA512 0f3d7aa48b1cabf8dd43e8108aeed10a4dffb4f5a244d4da9c86ea358b0c8b90c46da561d21e01c567c2f5035d824ed82ec104aad1776b7f33a1be85990e98ef
-DIST openssl-3.0.10.tar.gz 15194904 BLAKE2B 8bb3bd02b8dc64441ebfea98c4778d3ee0794540186904371a5aed81cb4f6d6903809bf97faafbc2a719617353234484f0d610f2806621229131fdad343f7231 SHA512 fc12f3beed5e2d2f4767aeb772ceb6ba26f6cbfabc247765854108266b27a1223134f0e81735867a9069bc9c07a14b9816e85903cef91bd1b90f781f0b98b61a
-DIST openssl-3.0.10.tar.gz.asc 833 BLAKE2B e1a8fa7c95d5dffdce9fa1824cecc5c81a03228d21c983f23ed4c6c459f085e7406f53337cad41f82506b2a8614497b4eb4cbe261ff4db3c002f1470b90100ba SHA512 3d91e763dcb0bb37cf6586b75c5310c824b5ca75e59a206d759081a67bc016add501648a365aa479dc621f33b86e7aac26d1deb528b43a37187d91eb194b2bdc
 DIST openssl-3.0.11.tar.gz 15198318 BLAKE2B e522573aa72c8f6ffef82f20de36178fc6f97a8fee8443df4bf1bd9a6448b315742e9cb698717c1b7d9a91d0768d7ce08d55956ddc415b9dc6cb33fe3a98131b SHA512 393e7262cce0e7980d1cbba861291c8791f6c2a290e9867895c4310ab6e16b449067d8b780ae6081dc8d42529a4f32d545c66e8b1e69d301281d92f1882c85b7
 DIST openssl-3.0.11.tar.gz.asc 833 BLAKE2B e6e2636d5bb5fffb86833e64437fb440bbfd1c4e2bfbfdd72280cf1ce388b70d30eeea56ef6f3bb673e7dcd12020d993ef95f96bf099ded38e8cde4b549b38fa SHA512 3c1fe94fc46861870d99d1edcfe3c151272f7864dde36b66e87a0c79d2289e9ed5cfc48bfa65ba0e88eadcb3cc8307d702e01155f48af8ffc2d4f8fbbf3aa03c
 DIST openssl-3.0.12.tar.gz 15204575 BLAKE2B 1f00e33a5ed64a51cf28f0dbe7d53a9197c1edae7538dea9573394ee4dc03a885483d74b0b47a78b9067e87b4f420b9d7103f351bfec91710c168051cb7148df SHA512 63e003653dd1126c66e278969a626cdf0801b97da8b7076824d661e4a77e1572c3171cf7f006c972b95bcfa284889ee0362d8a46a851f7d8e743e2a1fe593b24
 DIST openssl-3.0.12.tar.gz.asc 833 BLAKE2B 5c7914e0449a1f2fad433544fa637263b237c2637b86960f904a7840ef6bd627728dfa45373e03a6ce7a0a4570d03e1dcd0188059bd5dbcc83d49d10be64dd39 SHA512 072d1572e6cc5240fed69c01b1f7f74958ceba33cec3b0a7f0db5929dc884381320fb737ec6b38f95ef81c855e2d382d7ecd19431a328b08efad70288ec4a964
-DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9dab5eab2e1c8f74e6a74fa2c38207817921b65d7293cb241c190a910191c7163600bb75243adde0e2f9ec31cc885 SHA512 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a
-DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf
 DIST openssl-3.1.2.tar.gz 15560427 BLAKE2B 7b4ba35df7d5680c5f13a1986e4c6abaf4592690647dcfa84d7f14c196326355e8ad0ea62f81f8269f0605f0d29f18e9def9c2158fcbe00baefabf819f82374d SHA512 9f41113e5537aee4c3f92711ff85fa12da080363fef0c8b8b34e5b3fc608473c6e4cadd9d8c78f2fcbe97462e51f26a0bb6781656a69ad40226e68af2cf2c762
 DIST openssl-3.1.2.tar.gz.asc 833 BLAKE2B aba3207c5eafaafc34bea078a9684612f7d9b4c5a888a27781cfe2421d27de6c2af3539abfc6efdac81ab0b923b7044a9b764902aa76edfd44ce5979f871a8b9 SHA512 fe143d2d90de1d3d30590ef9801185f8d2837668474ef3879d409bd4eb9417a127dee6c2a4e45076aa3ae3e443bfedd24de434ba4cf3ea0589c113990345a9ce
 DIST openssl-3.1.3.tar.gz 15561739 BLAKE2B a279a5c80191b95ca735aed20beb56ab899ee302258ce3529c377820739bf55075537cd900b06b3ca07b85efdce95cb081bcad1dfd4d33f81695c7ef0cefdf03 SHA512 2388eaa8e99acf1e8af4691a645b9b9af456900c74959e82d4cb02808301e11dcfecc86954a922262b16fa4b664b459894d133ab7d35ec82e1633a33194b7b20

diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild
deleted file mode 100644
index dbe7e40dd02b..000000000000
--- a/dev-libs/openssl/openssl-3.0.10.ebuild
+++ /dev/null
@@ -1,288 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

diff --git a/dev-libs/openssl/openssl-3.0.9-r1.ebuild b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
deleted file mode 100644
index 3d8f016cea7b..000000000000
--- a/dev-libs/openssl/openssl-3.0.9-r1.ebuild
+++ /dev/null
@@ -1,286 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

diff --git a/dev-libs/openssl/openssl-3.0.9-r2.ebuild b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
deleted file mode 100644
index d09869034c8e..000000000000
--- a/dev-libs/openssl/openssl-3.0.9-r2.ebuild
+++ /dev/null
@@ -1,293 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${P}-CVE-2023-2975.patch
-	"${FILESDIR}"/${P}-CVE-2023-3446.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/12247
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	# Only -j1 is supported for the install targets:
-	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
-	emake DESTDIR="${D}" -j1 install_sw
-	if use fips; then
-		emake DESTDIR="${D}" -j1 install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" -j1 install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     131de709da233cd74223315527de34b38ab54dde
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 29 04:56:38 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Nov 29 04:56:38 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=131de709

dev-libs/openssl: add test_symbol_reference test skip reference

Bug: https://github.com/openssl/openssl/issues/22837
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.2.0.ebuild | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dev-libs/openssl/openssl-3.2.0.ebuild b/dev-libs/openssl/openssl-3.2.0.ebuild
index 0145fb23a3c9..5e0defcf0ef7 100644
--- a/dev-libs/openssl/openssl-3.2.0.ebuild
+++ b/dev-libs/openssl/openssl-3.2.0.ebuild
@@ -230,6 +230,8 @@ multilib_src_test() {
 	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
 	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
 	# controls running the tests.
+	#
+	# test_symbol_presence: https://github.com/openssl/openssl/issues/22837
 	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 TESTS='-test_symbol_presence' test
 }
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     c59aad9f3bf7d5aaa0c4cbb05a90202a90d399da
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 29 04:53:14 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Nov 29 04:53:38 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c59aad9f

dev-libs/openssl: add another strict aliasing reference

There may even be some hope...

Bug: https://github.com/openssl/openssl/issues/12247
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1u.ebuild   | 1 +
 dev-libs/openssl/openssl-1.1.1w.ebuild   | 1 +
 dev-libs/openssl/openssl-3.0.10.ebuild   | 1 +
 dev-libs/openssl/openssl-3.0.11.ebuild   | 1 +
 dev-libs/openssl/openssl-3.0.12.ebuild   | 1 +
 dev-libs/openssl/openssl-3.0.9-r1.ebuild | 1 +
 dev-libs/openssl/openssl-3.0.9-r2.ebuild | 1 +
 dev-libs/openssl/openssl-3.1.2.ebuild    | 1 +
 dev-libs/openssl/openssl-3.1.3.ebuild    | 1 +
 dev-libs/openssl/openssl-3.1.4.ebuild    | 1 +
 dev-libs/openssl/openssl-3.2.0.ebuild    | 1 +
 11 files changed, 11 insertions(+)

diff --git a/dev-libs/openssl/openssl-1.1.1u.ebuild b/dev-libs/openssl/openssl-1.1.1u.ebuild
index ee411f3a17bb..7c790183c7f3 100644
--- a/dev-libs/openssl/openssl-1.1.1u.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1u.ebuild
@@ -127,6 +127,7 @@ src_configure() {
 	# code. This has been in the ebuild for > 10 years but even in 2022,
 	# it's still relevant:
 	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
 	# - https://github.com/openssl/openssl/issues/18225
 	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
 	# Don't remove the no strict aliasing bits below!

diff --git a/dev-libs/openssl/openssl-1.1.1w.ebuild b/dev-libs/openssl/openssl-1.1.1w.ebuild
index 6a9d9d491eec..74c0f8812c70 100644
--- a/dev-libs/openssl/openssl-1.1.1w.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1w.ebuild
@@ -127,6 +127,7 @@ src_configure() {
 	# code. This has been in the ebuild for > 10 years but even in 2022,
 	# it's still relevant:
 	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
 	# - https://github.com/openssl/openssl/issues/18225
 	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
 	# Don't remove the no strict aliasing bits below!

diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild
index c343a0f3b254..dbe7e40dd02b 100644
--- a/dev-libs/openssl/openssl-3.0.10.ebuild
+++ b/dev-libs/openssl/openssl-3.0.10.ebuild
@@ -123,6 +123,7 @@ src_configure() {
 	# code. This has been in the ebuild for > 10 years but even in 2022,
 	# it's still relevant:
 	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
 	# - https://github.com/openssl/openssl/issues/18225
 	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
 	# Don't remove the no strict aliasing bits below!

diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
index c343a0f3b254..dbe7e40dd02b 100644
--- a/dev-libs/openssl/openssl-3.0.11.ebuild
+++ b/dev-libs/openssl/openssl-3.0.11.ebuild
@@ -123,6 +123,7 @@ src_configure() {
 	# code. This has been in the ebuild for > 10 years but even in 2022,
 	# it's still relevant:
 	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
 	# - https://github.com/openssl/openssl/issues/18225
 	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
 	# Don't remove the no strict aliasing bits below!

diff --git a/dev-libs/openssl/openssl-3.0.12.ebuild b/dev-libs/openssl/openssl-3.0.12.ebuild
index 6174d64a62b7..0554f775b981 100644
--- a/dev-libs/openssl/openssl-3.0.12.ebuild
+++ b/dev-libs/openssl/openssl-3.0.12.ebuild
@@ -123,6 +123,7 @@ src_configure() {
 	# code. This has been in the ebuild for > 10 years but even in 2022,
 	# it's still relevant:
 	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
 	# - https://github.com/openssl/openssl/issues/18225
 	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
 	# Don't remove the no strict aliasing bits below!

diff --git a/dev-libs/openssl/openssl-3.0.9-r1.ebuild b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
index 190a2eee3380..3d8f016cea7b 100644
--- a/dev-libs/openssl/openssl-3.0.9-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
@@ -123,6 +123,7 @@ src_configure() {
 	# code. This has been in the ebuild for > 10 years but even in 2022,
 	# it's still relevant:
 	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
 	# - https://github.com/openssl/openssl/issues/18225
 	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
 	# Don't remove the no strict aliasing bits below!

diff --git a/dev-libs/openssl/openssl-3.0.9-r2.ebuild b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
index d4b6774d57b2..d09869034c8e 100644
--- a/dev-libs/openssl/openssl-3.0.9-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
@@ -128,6 +128,7 @@ src_configure() {
 	# code. This has been in the ebuild for > 10 years but even in 2022,
 	# it's still relevant:
 	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
 	# - https://github.com/openssl/openssl/issues/18225
 	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
 	# Don't remove the no strict aliasing bits below!

diff --git a/dev-libs/openssl/openssl-3.1.2.ebuild b/dev-libs/openssl/openssl-3.1.2.ebuild
index 89509db94481..0abd2585a656 100644
--- a/dev-libs/openssl/openssl-3.1.2.ebuild
+++ b/dev-libs/openssl/openssl-3.1.2.ebuild
@@ -126,6 +126,7 @@ src_configure() {
 	# code. This has been in the ebuild for > 10 years but even in 2022,
 	# it's still relevant:
 	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
 	# - https://github.com/openssl/openssl/issues/18225
 	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
 	# Don't remove the no strict aliasing bits below!

diff --git a/dev-libs/openssl/openssl-3.1.3.ebuild b/dev-libs/openssl/openssl-3.1.3.ebuild
index 89509db94481..0abd2585a656 100644
--- a/dev-libs/openssl/openssl-3.1.3.ebuild
+++ b/dev-libs/openssl/openssl-3.1.3.ebuild
@@ -126,6 +126,7 @@ src_configure() {
 	# code. This has been in the ebuild for > 10 years but even in 2022,
 	# it's still relevant:
 	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
 	# - https://github.com/openssl/openssl/issues/18225
 	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
 	# Don't remove the no strict aliasing bits below!

diff --git a/dev-libs/openssl/openssl-3.1.4.ebuild b/dev-libs/openssl/openssl-3.1.4.ebuild
index 89509db94481..0abd2585a656 100644
--- a/dev-libs/openssl/openssl-3.1.4.ebuild
+++ b/dev-libs/openssl/openssl-3.1.4.ebuild
@@ -126,6 +126,7 @@ src_configure() {
 	# code. This has been in the ebuild for > 10 years but even in 2022,
 	# it's still relevant:
 	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
 	# - https://github.com/openssl/openssl/issues/18225
 	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
 	# Don't remove the no strict aliasing bits below!

diff --git a/dev-libs/openssl/openssl-3.2.0.ebuild b/dev-libs/openssl/openssl-3.2.0.ebuild
index 69f5895d0795..0145fb23a3c9 100644
--- a/dev-libs/openssl/openssl-3.2.0.ebuild
+++ b/dev-libs/openssl/openssl-3.2.0.ebuild
@@ -129,6 +129,7 @@ src_configure() {
 	# code. This has been in the ebuild for > 10 years but even in 2022,
 	# it's still relevant:
 	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
 	# - https://github.com/openssl/openssl/issues/18225
 	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
 	# Don't remove the no strict aliasing bits below!

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     b4200caf7772c5d8e09577c4a6d52a97c1fd672d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 21 16:18:59 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Nov 21 18:05:10 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4200caf

dev-libs/openssl: add 3.2.0_beta1 (unkeyworded)

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest                   |   2 +
 dev-libs/openssl/openssl-3.2.0_beta1.ebuild | 297 ++++++++++++++++++++++++++++
 2 files changed, 299 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 7f5693717a76..91d934d1740e 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -19,3 +19,5 @@ DIST openssl-3.1.3.tar.gz 15561739 BLAKE2B a279a5c80191b95ca735aed20beb56ab899ee
 DIST openssl-3.1.3.tar.gz.asc 833 BLAKE2B 27427a4523c9fa9f9ffc0e00d6492e4bab4cd0d24ebf903fee05197c5089c4d201a76ef0073e856bedd86abf54ae01491e78d259eedf21a4797eee6c9cbd8fcf SHA512 0b8f12dd8623160f7358c24a8f36edb5d8c3460d1f7d711e1367051b172d9ac90c2c7c4980da1aa9f9c89d72384a034fe888b109650156fa197c363a14337127
 DIST openssl-3.1.4.tar.gz 15569450 BLAKE2B bd6a3ef458f86dd5173e87b10432bd81c1570e1848da3c4d7a06eb021d2f67e4075421885c402f6ea792e383e756d78757c17ef060094e840ed5df6faf3d7f9e SHA512 a69df4a018f57dee7d8a57c8003a6869eba11f1eaa394518976642a993780d0de3326019e92dea4c679c6c581fef568ea616ec541afc0792800359c606dffcd2
 DIST openssl-3.1.4.tar.gz.asc 833 BLAKE2B 9f4c2365617b3ea21c8d4f4281befe584e8d39d5f0546fb17d151b21b20615e5d20ed9105881ee981948e866a7629930a7544263c124dce66a9df4f19e16708e SHA512 fc5fa55a54e3da5d48229f25073186613ddf6bb3907999b53ed61832cce9acef00c79d45357bc8590eeeeffb04a829d45921d982924300da16d84eb5333c1512
+DIST openssl-3.2.0-beta1.tar.gz 17624092 BLAKE2B 3bb38ddce0345b13193669ec950af4d13da4aebba07dd31b258bdd973a94ddc4dda62391ee7dab3e7b99fad408cad1d82ad9ea03b4638234b786ae0416e0ae4f SHA512 07ce7d1c5c84371a1aeb64a208fbc74f89275765f9bb00a0e3262fcae7ecb83cdd73cba30a01fe44b60a0616b9c6bb4c9c42c43fc42ecf0b6fdde57a621813c6
+DIST openssl-3.2.0-beta1.tar.gz.asc 833 BLAKE2B e651499cb40790ba2f03c3af804bf2a76bc698982c096c6ef96942c5e66ec3f3c485547c52f9b83cf5857deeac22054517301350201d68b907d3a490f91a3f56 SHA512 15fd8d41669ed90292b36bc4408186a6dde0444e3bfcce4dc398968cdcdaad014c7d348ae88d368c9a7ec2c7995adc011706a97aeb92f62edde47d9511d5d75c

diff --git a/dev-libs/openssl/openssl-3.2.0_beta1.ebuild b/dev-libs/openssl/openssl-3.2.0_beta1.ebuild
new file mode 100644
index 000000000000..cbd8ca5decd5
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.2.0_beta1.ebuild
@@ -0,0 +1,297 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="
+		mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+	"
+
+	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	fi
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	!<net-misc/openssh-9.2_p1-r3
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	#
+	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
+	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
+	# controls running the tests.
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 -j1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     69e175f7c633d32575408fe845b459c55b39242d
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 24 18:17:12 2023 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue Oct 24 18:17:24 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69e175f7

dev-libs/openssl: add 3.1.4

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.1.4.ebuild | 290 ++++++++++++++++++++++++++++++++++
 2 files changed, 292 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index e9de21867275..7f5693717a76 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -17,3 +17,5 @@ DIST openssl-3.1.2.tar.gz 15560427 BLAKE2B 7b4ba35df7d5680c5f13a1986e4c6abaf4592
 DIST openssl-3.1.2.tar.gz.asc 833 BLAKE2B aba3207c5eafaafc34bea078a9684612f7d9b4c5a888a27781cfe2421d27de6c2af3539abfc6efdac81ab0b923b7044a9b764902aa76edfd44ce5979f871a8b9 SHA512 fe143d2d90de1d3d30590ef9801185f8d2837668474ef3879d409bd4eb9417a127dee6c2a4e45076aa3ae3e443bfedd24de434ba4cf3ea0589c113990345a9ce
 DIST openssl-3.1.3.tar.gz 15561739 BLAKE2B a279a5c80191b95ca735aed20beb56ab899ee302258ce3529c377820739bf55075537cd900b06b3ca07b85efdce95cb081bcad1dfd4d33f81695c7ef0cefdf03 SHA512 2388eaa8e99acf1e8af4691a645b9b9af456900c74959e82d4cb02808301e11dcfecc86954a922262b16fa4b664b459894d133ab7d35ec82e1633a33194b7b20
 DIST openssl-3.1.3.tar.gz.asc 833 BLAKE2B 27427a4523c9fa9f9ffc0e00d6492e4bab4cd0d24ebf903fee05197c5089c4d201a76ef0073e856bedd86abf54ae01491e78d259eedf21a4797eee6c9cbd8fcf SHA512 0b8f12dd8623160f7358c24a8f36edb5d8c3460d1f7d711e1367051b172d9ac90c2c7c4980da1aa9f9c89d72384a034fe888b109650156fa197c363a14337127
+DIST openssl-3.1.4.tar.gz 15569450 BLAKE2B bd6a3ef458f86dd5173e87b10432bd81c1570e1848da3c4d7a06eb021d2f67e4075421885c402f6ea792e383e756d78757c17ef060094e840ed5df6faf3d7f9e SHA512 a69df4a018f57dee7d8a57c8003a6869eba11f1eaa394518976642a993780d0de3326019e92dea4c679c6c581fef568ea616ec541afc0792800359c606dffcd2
+DIST openssl-3.1.4.tar.gz.asc 833 BLAKE2B 9f4c2365617b3ea21c8d4f4281befe584e8d39d5f0546fb17d151b21b20615e5d20ed9105881ee981948e866a7629930a7544263c124dce66a9df4f19e16708e SHA512 fc5fa55a54e3da5d48229f25073186613ddf6bb3907999b53ed61832cce9acef00c79d45357bc8590eeeeffb04a829d45921d982924300da16d84eb5333c1512

diff --git a/dev-libs/openssl/openssl-3.1.4.ebuild b/dev-libs/openssl/openssl-3.1.4.ebuild
new file mode 100644
index 000000000000..a89ece323f28
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.1.4.ebuild
@@ -0,0 +1,290 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="
+		mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+	"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	!<net-misc/openssh-9.2_p1-r3
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     63aa3262c2918a299b6ecc6f9c5263557d09910c
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 24 18:15:54 2023 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue Oct 24 18:17:23 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63aa3262

dev-libs/openssl: add 3.0.12

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-3.0.12.ebuild | 287 +++++++++++++++++++++++++++++++++
 2 files changed, 289 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 890b05d86e5b..e9de21867275 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -9,6 +9,8 @@ DIST openssl-3.0.10.tar.gz 15194904 BLAKE2B 8bb3bd02b8dc64441ebfea98c4778d3ee079
 DIST openssl-3.0.10.tar.gz.asc 833 BLAKE2B e1a8fa7c95d5dffdce9fa1824cecc5c81a03228d21c983f23ed4c6c459f085e7406f53337cad41f82506b2a8614497b4eb4cbe261ff4db3c002f1470b90100ba SHA512 3d91e763dcb0bb37cf6586b75c5310c824b5ca75e59a206d759081a67bc016add501648a365aa479dc621f33b86e7aac26d1deb528b43a37187d91eb194b2bdc
 DIST openssl-3.0.11.tar.gz 15198318 BLAKE2B e522573aa72c8f6ffef82f20de36178fc6f97a8fee8443df4bf1bd9a6448b315742e9cb698717c1b7d9a91d0768d7ce08d55956ddc415b9dc6cb33fe3a98131b SHA512 393e7262cce0e7980d1cbba861291c8791f6c2a290e9867895c4310ab6e16b449067d8b780ae6081dc8d42529a4f32d545c66e8b1e69d301281d92f1882c85b7
 DIST openssl-3.0.11.tar.gz.asc 833 BLAKE2B e6e2636d5bb5fffb86833e64437fb440bbfd1c4e2bfbfdd72280cf1ce388b70d30eeea56ef6f3bb673e7dcd12020d993ef95f96bf099ded38e8cde4b549b38fa SHA512 3c1fe94fc46861870d99d1edcfe3c151272f7864dde36b66e87a0c79d2289e9ed5cfc48bfa65ba0e88eadcb3cc8307d702e01155f48af8ffc2d4f8fbbf3aa03c
+DIST openssl-3.0.12.tar.gz 15204575 BLAKE2B 1f00e33a5ed64a51cf28f0dbe7d53a9197c1edae7538dea9573394ee4dc03a885483d74b0b47a78b9067e87b4f420b9d7103f351bfec91710c168051cb7148df SHA512 63e003653dd1126c66e278969a626cdf0801b97da8b7076824d661e4a77e1572c3171cf7f006c972b95bcfa284889ee0362d8a46a851f7d8e743e2a1fe593b24
+DIST openssl-3.0.12.tar.gz.asc 833 BLAKE2B 5c7914e0449a1f2fad433544fa637263b237c2637b86960f904a7840ef6bd627728dfa45373e03a6ce7a0a4570d03e1dcd0188059bd5dbcc83d49d10be64dd39 SHA512 072d1572e6cc5240fed69c01b1f7f74958ceba33cec3b0a7f0db5929dc884381320fb737ec6b38f95ef81c855e2d382d7ecd19431a328b08efad70288ec4a964
 DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9dab5eab2e1c8f74e6a74fa2c38207817921b65d7293cb241c190a910191c7163600bb75243adde0e2f9ec31cc885 SHA512 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a
 DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf
 DIST openssl-3.1.2.tar.gz 15560427 BLAKE2B 7b4ba35df7d5680c5f13a1986e4c6abaf4592690647dcfa84d7f14c196326355e8ad0ea62f81f8269f0605f0d29f18e9def9c2158fcbe00baefabf819f82374d SHA512 9f41113e5537aee4c3f92711ff85fa12da080363fef0c8b8b34e5b3fc608473c6e4cadd9d8c78f2fcbe97462e51f26a0bb6781656a69ad40226e68af2cf2c762

diff --git a/dev-libs/openssl/openssl-3.0.12.ebuild b/dev-libs/openssl/openssl-3.0.12.ebuild
new file mode 100644
index 000000000000..1dcdb2f9f6ab
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.12.ebuild
@@ -0,0 +1,287 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     d716abadd69d784837ea07e792e09a81d3aaafb1
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 19 14:56:32 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Oct 19 14:57:26 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d716abad

dev-libs/openssl: pass -j1 for install

See https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 -
upstream say parallelism isn't supported for the install targets.

Bug: https://github.com/openssl/openssl/issues/21999
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2u-r1.ebuild |  4 +++-
 dev-libs/openssl/openssl-1.1.1u.ebuild    |  8 +++++---
 dev-libs/openssl/openssl-1.1.1w.ebuild    |  8 +++++---
 dev-libs/openssl/openssl-3.0.10.ebuild    | 10 ++++++----
 dev-libs/openssl/openssl-3.0.11.ebuild    | 10 ++++++----
 dev-libs/openssl/openssl-3.0.9-r1.ebuild  |  8 ++++----
 dev-libs/openssl/openssl-3.0.9-r2.ebuild  | 10 ++++++----
 dev-libs/openssl/openssl-3.1.2.ebuild     | 10 ++++++----
 dev-libs/openssl/openssl-3.1.3.ebuild     | 10 ++++++----
 9 files changed, 47 insertions(+), 31 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2u-r1.ebuild b/dev-libs/openssl/openssl-1.0.2u-r1.ebuild
index 77d0b75e9fe5..a76877972d3a 100644
--- a/dev-libs/openssl/openssl-1.0.2u-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2u-r1.ebuild
@@ -248,7 +248,9 @@ multilib_src_install() {
 		mkdir "${ED}"/usr || die
 	fi
 
-	emake INSTALL_PREFIX="${D}" install
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake INSTALL_PREFIX="${D}" -j1 install
 
 	# This is crappy in that the static archives are still built even
 	# when USE=static-libs.  But this is due to a failing in the openssl

diff --git a/dev-libs/openssl/openssl-1.1.1u.ebuild b/dev-libs/openssl/openssl-1.1.1u.ebuild
index c90541dca291..c8d53908be94 100644
--- a/dev-libs/openssl/openssl-1.1.1u.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1u.ebuild
@@ -223,11 +223,13 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
 
 	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl -j1 install_docs
 	fi
 
 	# This is crappy in that the static archives are still built even

diff --git a/dev-libs/openssl/openssl-1.1.1w.ebuild b/dev-libs/openssl/openssl-1.1.1w.ebuild
index 7440cf3d3dcc..17d784938024 100644
--- a/dev-libs/openssl/openssl-1.1.1w.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1w.ebuild
@@ -223,11 +223,13 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
 
 	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl -j1 install_docs
 	fi
 
 	# This is crappy in that the static archives are still built even

diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild
index b469b0b55dc6..9759230620fb 100644
--- a/dev-libs/openssl/openssl-3.0.10.ebuild
+++ b/dev-libs/openssl/openssl-3.0.10.ebuild
@@ -221,16 +221,18 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
 	if use fips; then
-		emake DESTDIR="${D}" install_fips
+		emake DESTDIR="${D}" -j1 install_fips
 		# Regen this in pkg_preinst, bug 900625
 		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
 	fi
 
 	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
 	fi
 
 	# This is crappy in that the static archives are still built even

diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
index b469b0b55dc6..9759230620fb 100644
--- a/dev-libs/openssl/openssl-3.0.11.ebuild
+++ b/dev-libs/openssl/openssl-3.0.11.ebuild
@@ -221,16 +221,18 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
 	if use fips; then
-		emake DESTDIR="${D}" install_fips
+		emake DESTDIR="${D}" -j1 install_fips
 		# Regen this in pkg_preinst, bug 900625
 		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
 	fi
 
 	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
 	fi
 
 	# This is crappy in that the static archives are still built even

diff --git a/dev-libs/openssl/openssl-3.0.9-r1.ebuild b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
index 766737ef1a4b..70b659682512 100644
--- a/dev-libs/openssl/openssl-3.0.9-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
@@ -221,16 +221,16 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
+	emake DESTDIR="${D}" -j1 install_sw
 	if use fips; then
-		emake DESTDIR="${D}" install_fips
+		emake DESTDIR="${D}" -j1 install_fips
 		# Regen this in pkg_preinst, bug 900625
 		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
 	fi
 
 	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
 	fi
 
 	# This is crappy in that the static archives are still built even

diff --git a/dev-libs/openssl/openssl-3.0.9-r2.ebuild b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
index 72845dd2599a..49b80ff8b1c9 100644
--- a/dev-libs/openssl/openssl-3.0.9-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
@@ -226,16 +226,18 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
 	if use fips; then
-		emake DESTDIR="${D}" install_fips
+		emake DESTDIR="${D}" -j1 install_fips
 		# Regen this in pkg_preinst, bug 900625
 		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
 	fi
 
 	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
 	fi
 
 	# This is crappy in that the static archives are still built even

diff --git a/dev-libs/openssl/openssl-3.1.2.ebuild b/dev-libs/openssl/openssl-3.1.2.ebuild
index 67cd58d980dc..a89ece323f28 100644
--- a/dev-libs/openssl/openssl-3.1.2.ebuild
+++ b/dev-libs/openssl/openssl-3.1.2.ebuild
@@ -224,16 +224,18 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
 	if use fips; then
-		emake DESTDIR="${D}" install_fips
+		emake DESTDIR="${D}" -j1 install_fips
 		# Regen this in pkg_preinst, bug 900625
 		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
 	fi
 
 	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
 	fi
 
 	# This is crappy in that the static archives are still built even

diff --git a/dev-libs/openssl/openssl-3.1.3.ebuild b/dev-libs/openssl/openssl-3.1.3.ebuild
index 67cd58d980dc..a89ece323f28 100644
--- a/dev-libs/openssl/openssl-3.1.3.ebuild
+++ b/dev-libs/openssl/openssl-3.1.3.ebuild
@@ -224,16 +224,18 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
 	if use fips; then
-		emake DESTDIR="${D}" install_fips
+		emake DESTDIR="${D}" -j1 install_fips
 		# Regen this in pkg_preinst, bug 900625
 		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
 	fi
 
 	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
 	fi
 
 	# This is crappy in that the static archives are still built even

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     1063af44a9df809f84506e95b63a75d1541bfc42
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Fri Oct 13 12:35:21 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Oct 13 15:11:20 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1063af44

dev-libs/openssl: stable 3.0.11 for sparc, bug #915563

Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
index 2a1a69cff293..b469b0b55dc6 100644
--- a/dev-libs/openssl/openssl-3.0.11.ebuild
+++ b/dev-libs/openssl/openssl-3.0.11.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     a5ad438d7983e847eb25510b7e4a7f379dad9755
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 11 05:21:56 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct 11 05:21:56 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5ad438d

dev-libs/openssl: Stabilize 3.0.11 arm, #915563

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
index 904c2c885693..8265fa337b66 100644
--- a/dev-libs/openssl/openssl-3.0.11.ebuild
+++ b/dev-libs/openssl/openssl-3.0.11.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     93f2305a5c428d1644c1f4c068ed9e5d51a8ff0c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 11 05:21:55 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct 11 05:21:55 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93f2305a

dev-libs/openssl: Stabilize 3.0.11 amd64, #915563

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
index 44c630c4dae6..904c2c885693 100644
--- a/dev-libs/openssl/openssl-3.0.11.ebuild
+++ b/dev-libs/openssl/openssl-3.0.11.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     f25be8a601f99347725e37fc29c2425f8c8f4439
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 11 05:21:57 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct 11 05:21:57 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f25be8a6

dev-libs/openssl: Stabilize 3.0.11 ppc64, #915563

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
index 8265fa337b66..2dfb4cb25c67 100644
--- a/dev-libs/openssl/openssl-3.0.11.ebuild
+++ b/dev-libs/openssl/openssl-3.0.11.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     8661e61fdcbd7f242d7effdfa3829702b61f026f
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 11 05:21:53 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct 11 05:21:53 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8661e61f

dev-libs/openssl: Stabilize 3.0.11 x86, #915563

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
index ae659d5a0c7b..2b2648cc85ae 100644
--- a/dev-libs/openssl/openssl-3.0.11.ebuild
+++ b/dev-libs/openssl/openssl-3.0.11.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     82d3f6a00f5c777d16cb333fc734646553d5d7bc
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 11 05:21:54 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct 11 05:21:54 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82d3f6a0

dev-libs/openssl: Stabilize 3.0.11 hppa, #915563

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
index 2b2648cc85ae..44c630c4dae6 100644
--- a/dev-libs/openssl/openssl-3.0.11.ebuild
+++ b/dev-libs/openssl/openssl-3.0.11.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha ~amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     cee823d1924c439b31809c0705e423db35b02f52
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 11 05:21:52 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct 11 05:21:52 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cee823d1

dev-libs/openssl: Stabilize 3.0.11 arm64, #915563

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
index 9d573d00feeb..ae659d5a0c7b 100644
--- a/dev-libs/openssl/openssl-3.0.11.ebuild
+++ b/dev-libs/openssl/openssl-3.0.11.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     9f505403d83f42dc01a73acdefe69522c3cffbea
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Oct  3 03:12:54 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Oct  3 03:12:54 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f505403

dev-libs/openssl: drop 3.1.1-r1, 3.1.1-r2

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest                |   2 -
 dev-libs/openssl/openssl-3.1.1-r1.ebuild | 288 ------------------------------
 dev-libs/openssl/openssl-3.1.1-r2.ebuild | 293 -------------------------------
 3 files changed, 583 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index f20803a22bd4..33b9b25abf15 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -13,8 +13,6 @@ DIST openssl-3.0.11.tar.gz 15198318 BLAKE2B e522573aa72c8f6ffef82f20de36178fc6f9
 DIST openssl-3.0.11.tar.gz.asc 833 BLAKE2B e6e2636d5bb5fffb86833e64437fb440bbfd1c4e2bfbfdd72280cf1ce388b70d30eeea56ef6f3bb673e7dcd12020d993ef95f96bf099ded38e8cde4b549b38fa SHA512 3c1fe94fc46861870d99d1edcfe3c151272f7864dde36b66e87a0c79d2289e9ed5cfc48bfa65ba0e88eadcb3cc8307d702e01155f48af8ffc2d4f8fbbf3aa03c
 DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9dab5eab2e1c8f74e6a74fa2c38207817921b65d7293cb241c190a910191c7163600bb75243adde0e2f9ec31cc885 SHA512 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a
 DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf
-DIST openssl-3.1.1.tar.gz 15544757 BLAKE2B 094f7e28f16de6528016fcd21df1d7382b0dbdcd80ec469d37add9c37f638c059dda3ffb4415eba890a33d146ddc9016bcc7192df101c73be5e70faf6e3b1097 SHA512 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9
-DIST openssl-3.1.1.tar.gz.asc 833 BLAKE2B 5a2a9aeb475b843862e133d53bc5bb3c8e12e8e03b1e2da41d0eaa0eade1ae03c4318ad1f5c490c5e1ed7e6ac6275a6d7c881d99993911722b043b15d1622b25 SHA512 83349020c67e5b956f3ef37604a03a1970ea393f862691f5fd5d85930c01e559e25db17d397d8fd230c3862a8b2fba2d5c7df883d56d7472f4c01dab3a661cb2
 DIST openssl-3.1.2.tar.gz 15560427 BLAKE2B 7b4ba35df7d5680c5f13a1986e4c6abaf4592690647dcfa84d7f14c196326355e8ad0ea62f81f8269f0605f0d29f18e9def9c2158fcbe00baefabf819f82374d SHA512 9f41113e5537aee4c3f92711ff85fa12da080363fef0c8b8b34e5b3fc608473c6e4cadd9d8c78f2fcbe97462e51f26a0bb6781656a69ad40226e68af2cf2c762
 DIST openssl-3.1.2.tar.gz.asc 833 BLAKE2B aba3207c5eafaafc34bea078a9684612f7d9b4c5a888a27781cfe2421d27de6c2af3539abfc6efdac81ab0b923b7044a9b764902aa76edfd44ce5979f871a8b9 SHA512 fe143d2d90de1d3d30590ef9801185f8d2837668474ef3879d409bd4eb9417a127dee6c2a4e45076aa3ae3e443bfedd24de434ba4cf3ea0589c113990345a9ce
 DIST openssl-3.1.3.tar.gz 15561739 BLAKE2B a279a5c80191b95ca735aed20beb56ab899ee302258ce3529c377820739bf55075537cd900b06b3ca07b85efdce95cb081bcad1dfd4d33f81695c7ef0cefdf03 SHA512 2388eaa8e99acf1e8af4691a645b9b9af456900c74959e82d4cb02808301e11dcfecc86954a922262b16fa4b664b459894d133ab7d35ec82e1633a33194b7b20

diff --git a/dev-libs/openssl/openssl-3.1.1-r1.ebuild b/dev-libs/openssl/openssl-3.1.1-r1.ebuild
deleted file mode 100644
index da24db6f9bc6..000000000000
--- a/dev-libs/openssl/openssl-3.1.1-r1.ebuild
+++ /dev/null
@@ -1,288 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
-	if use fips; then
-		emake DESTDIR="${D}" install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

diff --git a/dev-libs/openssl/openssl-3.1.1-r2.ebuild b/dev-libs/openssl/openssl-3.1.1-r2.ebuild
deleted file mode 100644
index 08f8b95eab01..000000000000
--- a/dev-libs/openssl/openssl-3.1.1-r2.ebuild
+++ /dev/null
@@ -1,293 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${P}-CVE-2023-2975.patch
-	"${FILESDIR}"/${P}-CVE-2023-3446.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
-	if use fips; then
-		emake DESTDIR="${D}" install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     472ce1b77485c3031c6866e2c747436f6e84db33
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Oct  3 03:12:29 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Oct  3 03:12:29 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=472ce1b7

dev-libs/openssl: fix src_unpack for non-releases

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1u.ebuild   | 2 +-
 dev-libs/openssl/openssl-1.1.1v.ebuild   | 2 +-
 dev-libs/openssl/openssl-1.1.1w.ebuild   | 2 +-
 dev-libs/openssl/openssl-3.0.10.ebuild   | 2 +-
 dev-libs/openssl/openssl-3.0.11.ebuild   | 2 +-
 dev-libs/openssl/openssl-3.0.9-r1.ebuild | 2 +-
 dev-libs/openssl/openssl-3.0.9-r2.ebuild | 2 +-
 dev-libs/openssl/openssl-3.1.1-r1.ebuild | 2 +-
 dev-libs/openssl/openssl-3.1.1-r2.ebuild | 2 +-
 dev-libs/openssl/openssl-3.1.2.ebuild    | 2 +-
 dev-libs/openssl/openssl-3.1.3.ebuild    | 2 +-
 11 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1u.ebuild b/dev-libs/openssl/openssl-1.1.1u.ebuild
index 90cdec1ab00b..c90541dca291 100644
--- a/dev-libs/openssl/openssl-1.1.1u.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1u.ebuild
@@ -67,7 +67,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default

diff --git a/dev-libs/openssl/openssl-1.1.1v.ebuild b/dev-libs/openssl/openssl-1.1.1v.ebuild
index 6a237499b429..7440cf3d3dcc 100644
--- a/dev-libs/openssl/openssl-1.1.1v.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1v.ebuild
@@ -67,7 +67,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default

diff --git a/dev-libs/openssl/openssl-1.1.1w.ebuild b/dev-libs/openssl/openssl-1.1.1w.ebuild
index 6a237499b429..7440cf3d3dcc 100644
--- a/dev-libs/openssl/openssl-1.1.1w.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1w.ebuild
@@ -67,7 +67,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default

diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild
index 4251a16a6dea..b469b0b55dc6 100644
--- a/dev-libs/openssl/openssl-3.0.10.ebuild
+++ b/dev-libs/openssl/openssl-3.0.10.ebuild
@@ -81,7 +81,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default

diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
index 5d69a16c495e..9d573d00feeb 100644
--- a/dev-libs/openssl/openssl-3.0.11.ebuild
+++ b/dev-libs/openssl/openssl-3.0.11.ebuild
@@ -81,7 +81,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default

diff --git a/dev-libs/openssl/openssl-3.0.9-r1.ebuild b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
index 7f042b6d39c0..766737ef1a4b 100644
--- a/dev-libs/openssl/openssl-3.0.9-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
@@ -81,7 +81,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default

diff --git a/dev-libs/openssl/openssl-3.0.9-r2.ebuild b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
index e4516c8a708f..72845dd2599a 100644
--- a/dev-libs/openssl/openssl-3.0.9-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
@@ -86,7 +86,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default

diff --git a/dev-libs/openssl/openssl-3.1.1-r1.ebuild b/dev-libs/openssl/openssl-3.1.1-r1.ebuild
index 7f787b960f44..da24db6f9bc6 100644
--- a/dev-libs/openssl/openssl-3.1.1-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.1.1-r1.ebuild
@@ -84,7 +84,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default

diff --git a/dev-libs/openssl/openssl-3.1.1-r2.ebuild b/dev-libs/openssl/openssl-3.1.1-r2.ebuild
index cfa017e58411..08f8b95eab01 100644
--- a/dev-libs/openssl/openssl-3.1.1-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.1.1-r2.ebuild
@@ -89,7 +89,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default

diff --git a/dev-libs/openssl/openssl-3.1.2.ebuild b/dev-libs/openssl/openssl-3.1.2.ebuild
index cbdd13f19657..67cd58d980dc 100644
--- a/dev-libs/openssl/openssl-3.1.2.ebuild
+++ b/dev-libs/openssl/openssl-3.1.2.ebuild
@@ -84,7 +84,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default

diff --git a/dev-libs/openssl/openssl-3.1.3.ebuild b/dev-libs/openssl/openssl-3.1.3.ebuild
index cbdd13f19657..67cd58d980dc 100644
--- a/dev-libs/openssl/openssl-3.1.3.ebuild
+++ b/dev-libs/openssl/openssl-3.1.3.ebuild
@@ -84,7 +84,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     854e41602f005250f34368be3a3cc5be5615663c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Oct  3 03:13:03 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Oct  3 03:13:03 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=854e4160

dev-libs/openssl: drop 1.1.1v

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 -
 dev-libs/openssl/openssl-1.1.1v.ebuild | 265 ---------------------------------
 2 files changed, 267 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 33b9b25abf15..890b05d86e5b 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -3,8 +3,6 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919
 DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
-DIST openssl-1.1.1v.tar.gz 9893443 BLAKE2B 9b3066d1911466dec909052667aafe9b974d2fa0a9798105b7501d62300e5a61a154fb94e633e46918303e9fcc1afc077e6efb5727eb967b75a795d8e2ed60a7 SHA512 1a67340d99026aa62bf50ff89165d9f77fe4a6690fe30d1751b5021dd3f238391afd581b41724687c322c4e3af1770c44a63766a06e9b8cab6425101153e0c7e
-DIST openssl-1.1.1v.tar.gz.asc 833 BLAKE2B a851629231591679c37a53342a7da565879fe626ce56ee586184c6e3694ee9cb15cf10b52e6ef17eac6cb25b66e3d50d1a703d42a5056a51f1567178956bfb11 SHA512 3e188f60d57f844fda6e6382623cb082e18d7caec38f9e6ab13d8d101ca0b0d234cfd7aba041ab975d5cd168c1ec0f147ff8a77e515a416461bfd108cb4244e0
 DIST openssl-1.1.1w.tar.gz 9893384 BLAKE2B 2fdba6ca0188928ab2f74e606136afca66cfa0467170fa6298ef160b64ac6fdcad1e81e5dd14013ce0e9921d0f7417edec531cd0beaf1196fec704c2c6d48395 SHA512 b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d
 DIST openssl-1.1.1w.tar.gz.asc 833 BLAKE2B d990be69ed913509d52b78e7473668429d4485adb29ef03e4612dd0cadbac4f04c7289d8e5baf6f397bcedeaac9f802f18fc719964d882ae0514ed1ca16ae277 SHA512 0f3d7aa48b1cabf8dd43e8108aeed10a4dffb4f5a244d4da9c86ea358b0c8b90c46da561d21e01c567c2f5035d824ed82ec104aad1776b7f33a1be85990e98ef
 DIST openssl-3.0.10.tar.gz 15194904 BLAKE2B 8bb3bd02b8dc64441ebfea98c4778d3ee0794540186904371a5aed81cb4f6d6903809bf97faafbc2a719617353234484f0d610f2806621229131fdad343f7231 SHA512 fc12f3beed5e2d2f4767aeb772ceb6ba26f6cbfabc247765854108266b27a1223134f0e81735867a9069bc9c07a14b9816e85903cef91bd1b90f781f0b98b61a

diff --git a/dev-libs/openssl/openssl-1.1.1v.ebuild b/dev-libs/openssl/openssl-1.1.1v.ebuild
deleted file mode 100644
index 7440cf3d3dcc..000000000000
--- a/dev-libs/openssl/openssl-1.1.1v.ebuild
+++ /dev/null
@@ -1,265 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
-
-MY_P=${P/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		kernel_linux? ( sys-process/procps )
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-PDEPEND="app-misc/ca-certificates"
-
-# force upgrade to prevent broken login, bug #696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	# General patches which are suitable to always apply
-	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
-		# use GNU ld full option, not to confuse it on Solaris
-		sed -i \
-			-e 's/-Wl,-M,/-Wl,--version-script=/' \
-			-e 's/-Wl,-h,/-Wl,--soname=/' \
-			Configurations/10-main.conf || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config=( perl "${S}/Configure" )
-	[[ -z ${sslout} ]] && config=( sh "${S}/config" -v )
-
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		${ec_nistp_64_gcc_128}
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use_ssl sslv3 ssl3)
-		$(use_ssl sslv3 ssl3-method)
-		$(use_ssl asm)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl tls-heartbeat heartbeats)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo "${config[@]}" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     ae7771fd1a5fadafbeee774eb9fa79dca400bc93
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 26 15:40:15 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Tue Sep 26 15:40:15 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae7771fd

dev-libs/openssl: Stabilize 3.0.10 ppc, #911993

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.10.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild
index 4f27d597bef2..4251a16a6dea 100644
--- a/dev-libs/openssl/openssl-3.0.10.ebuild
+++ b/dev-libs/openssl/openssl-3.0.10.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     b50b88c7c9e6549ad637113f6a3ed787fa60ba1e
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 26 15:39:52 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Tue Sep 26 15:39:52 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b50b88c7

dev-libs/openssl: Stabilize 3.0.10 arm, #911993

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.10.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild
index c82e32cd37e4..4f27d597bef2 100644
--- a/dev-libs/openssl/openssl-3.0.10.ebuild
+++ b/dev-libs/openssl/openssl-3.0.10.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[David Seifert]

commit:     314833116ee7ac6624b4c9d8aaee41c1a9d079d2
Author:     David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 20 13:55:23 2023 +0000
Commit:     David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Wed Sep 20 13:55:23 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31483311

dev-libs/openssl: destabilize 3.0.11

Fixes: f4699519479ba4e744403fa9bfa0e856eebc108a
Signed-off-by: David Seifert <soap <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
index c82e32cd37e4..5d69a16c495e 100644
--- a/dev-libs/openssl/openssl-3.0.11.ebuild
+++ b/dev-libs/openssl/openssl-3.0.11.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     05bce982c48dac1f31dc461dc2abd9329a85b549
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 19 18:06:45 2023 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue Sep 19 18:07:25 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05bce982

dev-libs/openssl: add 3.1.3

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.1.3.ebuild | 288 ++++++++++++++++++++++++++++++++++
 2 files changed, 290 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 6fe5f1afb85c..8fe0ddba241f 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -15,3 +15,5 @@ DIST openssl-3.1.1.tar.gz 15544757 BLAKE2B 094f7e28f16de6528016fcd21df1d7382b0db
 DIST openssl-3.1.1.tar.gz.asc 833 BLAKE2B 5a2a9aeb475b843862e133d53bc5bb3c8e12e8e03b1e2da41d0eaa0eade1ae03c4318ad1f5c490c5e1ed7e6ac6275a6d7c881d99993911722b043b15d1622b25 SHA512 83349020c67e5b956f3ef37604a03a1970ea393f862691f5fd5d85930c01e559e25db17d397d8fd230c3862a8b2fba2d5c7df883d56d7472f4c01dab3a661cb2
 DIST openssl-3.1.2.tar.gz 15560427 BLAKE2B 7b4ba35df7d5680c5f13a1986e4c6abaf4592690647dcfa84d7f14c196326355e8ad0ea62f81f8269f0605f0d29f18e9def9c2158fcbe00baefabf819f82374d SHA512 9f41113e5537aee4c3f92711ff85fa12da080363fef0c8b8b34e5b3fc608473c6e4cadd9d8c78f2fcbe97462e51f26a0bb6781656a69ad40226e68af2cf2c762
 DIST openssl-3.1.2.tar.gz.asc 833 BLAKE2B aba3207c5eafaafc34bea078a9684612f7d9b4c5a888a27781cfe2421d27de6c2af3539abfc6efdac81ab0b923b7044a9b764902aa76edfd44ce5979f871a8b9 SHA512 fe143d2d90de1d3d30590ef9801185f8d2837668474ef3879d409bd4eb9417a127dee6c2a4e45076aa3ae3e443bfedd24de434ba4cf3ea0589c113990345a9ce
+DIST openssl-3.1.3.tar.gz 15561739 BLAKE2B a279a5c80191b95ca735aed20beb56ab899ee302258ce3529c377820739bf55075537cd900b06b3ca07b85efdce95cb081bcad1dfd4d33f81695c7ef0cefdf03 SHA512 2388eaa8e99acf1e8af4691a645b9b9af456900c74959e82d4cb02808301e11dcfecc86954a922262b16fa4b664b459894d133ab7d35ec82e1633a33194b7b20
+DIST openssl-3.1.3.tar.gz.asc 833 BLAKE2B 27427a4523c9fa9f9ffc0e00d6492e4bab4cd0d24ebf903fee05197c5089c4d201a76ef0073e856bedd86abf54ae01491e78d259eedf21a4797eee6c9cbd8fcf SHA512 0b8f12dd8623160f7358c24a8f36edb5d8c3460d1f7d711e1367051b172d9ac90c2c7c4980da1aa9f9c89d72384a034fe888b109650156fa197c363a14337127

diff --git a/dev-libs/openssl/openssl-3.1.3.ebuild b/dev-libs/openssl/openssl-3.1.3.ebuild
new file mode 100644
index 000000000000..cbdd13f19657
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.1.3.ebuild
@@ -0,0 +1,288 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="
+		mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+	"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	!<net-misc/openssh-9.2_p1-r3
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install_sw
+	if use fips; then
+		emake DESTDIR="${D}" install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     f4699519479ba4e744403fa9bfa0e856eebc108a
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 19 18:07:17 2023 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue Sep 19 18:07:25 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4699519

dev-libs/openssl: add 3.0.11

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-3.0.11.ebuild | 285 +++++++++++++++++++++++++++++++++
 2 files changed, 287 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 8fe0ddba241f..f20803a22bd4 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -9,6 +9,8 @@ DIST openssl-1.1.1w.tar.gz 9893384 BLAKE2B 2fdba6ca0188928ab2f74e606136afca66cfa
 DIST openssl-1.1.1w.tar.gz.asc 833 BLAKE2B d990be69ed913509d52b78e7473668429d4485adb29ef03e4612dd0cadbac4f04c7289d8e5baf6f397bcedeaac9f802f18fc719964d882ae0514ed1ca16ae277 SHA512 0f3d7aa48b1cabf8dd43e8108aeed10a4dffb4f5a244d4da9c86ea358b0c8b90c46da561d21e01c567c2f5035d824ed82ec104aad1776b7f33a1be85990e98ef
 DIST openssl-3.0.10.tar.gz 15194904 BLAKE2B 8bb3bd02b8dc64441ebfea98c4778d3ee0794540186904371a5aed81cb4f6d6903809bf97faafbc2a719617353234484f0d610f2806621229131fdad343f7231 SHA512 fc12f3beed5e2d2f4767aeb772ceb6ba26f6cbfabc247765854108266b27a1223134f0e81735867a9069bc9c07a14b9816e85903cef91bd1b90f781f0b98b61a
 DIST openssl-3.0.10.tar.gz.asc 833 BLAKE2B e1a8fa7c95d5dffdce9fa1824cecc5c81a03228d21c983f23ed4c6c459f085e7406f53337cad41f82506b2a8614497b4eb4cbe261ff4db3c002f1470b90100ba SHA512 3d91e763dcb0bb37cf6586b75c5310c824b5ca75e59a206d759081a67bc016add501648a365aa479dc621f33b86e7aac26d1deb528b43a37187d91eb194b2bdc
+DIST openssl-3.0.11.tar.gz 15198318 BLAKE2B e522573aa72c8f6ffef82f20de36178fc6f97a8fee8443df4bf1bd9a6448b315742e9cb698717c1b7d9a91d0768d7ce08d55956ddc415b9dc6cb33fe3a98131b SHA512 393e7262cce0e7980d1cbba861291c8791f6c2a290e9867895c4310ab6e16b449067d8b780ae6081dc8d42529a4f32d545c66e8b1e69d301281d92f1882c85b7
+DIST openssl-3.0.11.tar.gz.asc 833 BLAKE2B e6e2636d5bb5fffb86833e64437fb440bbfd1c4e2bfbfdd72280cf1ce388b70d30eeea56ef6f3bb673e7dcd12020d993ef95f96bf099ded38e8cde4b549b38fa SHA512 3c1fe94fc46861870d99d1edcfe3c151272f7864dde36b66e87a0c79d2289e9ed5cfc48bfa65ba0e88eadcb3cc8307d702e01155f48af8ffc2d4f8fbbf3aa03c
 DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9dab5eab2e1c8f74e6a74fa2c38207817921b65d7293cb241c190a910191c7163600bb75243adde0e2f9ec31cc885 SHA512 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a
 DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf
 DIST openssl-3.1.1.tar.gz 15544757 BLAKE2B 094f7e28f16de6528016fcd21df1d7382b0dbdcd80ec469d37add9c37f638c059dda3ffb4415eba890a33d146ddc9016bcc7192df101c73be5e70faf6e3b1097 SHA512 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9

diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
new file mode 100644
index 000000000000..c82e32cd37e4
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.11.ebuild
@@ -0,0 +1,285 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install_sw
+	if use fips; then
+		emake DESTDIR="${D}" install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     0571fbd97a268a184ad07e2cc63e6c5e08d40a54
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Thu Sep 14 13:37:43 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Sep 14 22:53:30 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0571fbd9

dev-libs/openssl: stable 3.0.10 for sparc, bug #911993

Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.10.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild
index efea69f19611..c82e32cd37e4 100644
--- a/dev-libs/openssl/openssl-3.0.10.ebuild
+++ b/dev-libs/openssl/openssl-3.0.10.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     5922c2f521c77d81d0469bd203576d63c63dfacf
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 13 03:45:03 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Sep 13 03:45:03 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5922c2f5

dev-libs/openssl: add 1.1.1w

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.1.1w.ebuild | 265 +++++++++++++++++++++++++++++++++
 2 files changed, 267 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 2b19991d6f4c..6fe5f1afb85c 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -5,6 +5,8 @@ DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093
 DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
 DIST openssl-1.1.1v.tar.gz 9893443 BLAKE2B 9b3066d1911466dec909052667aafe9b974d2fa0a9798105b7501d62300e5a61a154fb94e633e46918303e9fcc1afc077e6efb5727eb967b75a795d8e2ed60a7 SHA512 1a67340d99026aa62bf50ff89165d9f77fe4a6690fe30d1751b5021dd3f238391afd581b41724687c322c4e3af1770c44a63766a06e9b8cab6425101153e0c7e
 DIST openssl-1.1.1v.tar.gz.asc 833 BLAKE2B a851629231591679c37a53342a7da565879fe626ce56ee586184c6e3694ee9cb15cf10b52e6ef17eac6cb25b66e3d50d1a703d42a5056a51f1567178956bfb11 SHA512 3e188f60d57f844fda6e6382623cb082e18d7caec38f9e6ab13d8d101ca0b0d234cfd7aba041ab975d5cd168c1ec0f147ff8a77e515a416461bfd108cb4244e0
+DIST openssl-1.1.1w.tar.gz 9893384 BLAKE2B 2fdba6ca0188928ab2f74e606136afca66cfa0467170fa6298ef160b64ac6fdcad1e81e5dd14013ce0e9921d0f7417edec531cd0beaf1196fec704c2c6d48395 SHA512 b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d
+DIST openssl-1.1.1w.tar.gz.asc 833 BLAKE2B d990be69ed913509d52b78e7473668429d4485adb29ef03e4612dd0cadbac4f04c7289d8e5baf6f397bcedeaac9f802f18fc719964d882ae0514ed1ca16ae277 SHA512 0f3d7aa48b1cabf8dd43e8108aeed10a4dffb4f5a244d4da9c86ea358b0c8b90c46da561d21e01c567c2f5035d824ed82ec104aad1776b7f33a1be85990e98ef
 DIST openssl-3.0.10.tar.gz 15194904 BLAKE2B 8bb3bd02b8dc64441ebfea98c4778d3ee0794540186904371a5aed81cb4f6d6903809bf97faafbc2a719617353234484f0d610f2806621229131fdad343f7231 SHA512 fc12f3beed5e2d2f4767aeb772ceb6ba26f6cbfabc247765854108266b27a1223134f0e81735867a9069bc9c07a14b9816e85903cef91bd1b90f781f0b98b61a
 DIST openssl-3.0.10.tar.gz.asc 833 BLAKE2B e1a8fa7c95d5dffdce9fa1824cecc5c81a03228d21c983f23ed4c6c459f085e7406f53337cad41f82506b2a8614497b4eb4cbe261ff4db3c002f1470b90100ba SHA512 3d91e763dcb0bb37cf6586b75c5310c824b5ca75e59a206d759081a67bc016add501648a365aa479dc621f33b86e7aac26d1deb528b43a37187d91eb194b2bdc
 DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9dab5eab2e1c8f74e6a74fa2c38207817921b65d7293cb241c190a910191c7163600bb75243adde0e2f9ec31cc885 SHA512 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a

diff --git a/dev-libs/openssl/openssl-1.1.1w.ebuild b/dev-libs/openssl/openssl-1.1.1w.ebuild
new file mode 100644
index 000000000000..6a237499b429
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1w.ebuild
@@ -0,0 +1,265 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=${P/_/-}
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+if [[ ${PV} != *_pre* ]] ; then
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		kernel_linux? ( sys-process/procps )
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+PDEPEND="app-misc/ca-certificates"
+
+# force upgrade to prevent broken login, bug #696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	# General patches which are suitable to always apply
+	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+		# use GNU ld full option, not to confuse it on Solaris
+		sed -i \
+			-e 's/-Wl,-M,/-Wl,--version-script=/' \
+			-e 's/-Wl,-h,/-Wl,--soname=/' \
+			Configurations/10-main.conf || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config=( perl "${S}/Configure" )
+	[[ -z ${sslout} ]] && config=( sh "${S}/config" -v )
+
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		${ec_nistp_64_gcc_128}
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use_ssl sslv3 ssl3)
+		$(use_ssl sslv3 ssl3-method)
+		$(use_ssl asm)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl tls-heartbeat heartbeats)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo "${config[@]}" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install_sw
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Fabian Groffen]

commit:     fd455fed487e60fc3e378cf614dedffe224d7a23
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 10 10:38:02 2023 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sun Sep 10 10:40:57 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd455fed

dev-libs/openssl-3.1.2: added Prefix keywords

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 dev-libs/openssl/openssl-3.1.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.1.2.ebuild b/dev-libs/openssl/openssl-3.1.2.ebuild
index c8bb089d7ce7..cbdd13f19657 100644
--- a/dev-libs/openssl/openssl-3.1.2.ebuild
+++ b/dev-libs/openssl/openssl-3.1.2.ebuild
@@ -21,7 +21,7 @@ else
 		mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
 	"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Fabian Groffen]

commit:     6da24fc37259ac26dd034a4c921490e0d06ded13
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 10 09:16:14 2023 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sun Sep 10 10:40:52 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6da24fc3

dev-libs/openssl-3.0.10: added Prefix keywords

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.10.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild
index b306c1666a8c..efea69f19611 100644
--- a/dev-libs/openssl/openssl-3.0.10.ebuild
+++ b/dev-libs/openssl/openssl-3.0.10.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     9b763bb0958b85294be7ca9613a6dc3006ef7519
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 10 05:50:25 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Sep 10 05:54:29 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b763bb0

dev-libs/openssl: Stabilize 3.0.10 arm64, #911993

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.10.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild
index c9e6f5b93271..54631168cf8a 100644
--- a/dev-libs/openssl/openssl-3.0.10.ebuild
+++ b/dev-libs/openssl/openssl-3.0.10.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     ab3d8eb3263527d78a0f05e46b35528610d49250
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 10 05:50:26 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Sep 10 05:54:30 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab3d8eb3

dev-libs/openssl: Stabilize 3.0.10 amd64, #911993

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.10.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild
index 54631168cf8a..e470b454af77 100644
--- a/dev-libs/openssl/openssl-3.0.10.ebuild
+++ b/dev-libs/openssl/openssl-3.0.10.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     0a98c83cf3601e327c2eea01ca4a12ac7fd11486
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 10 05:50:29 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Sep 10 05:54:31 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a98c83c

dev-libs/openssl: Stabilize 3.0.10 ppc64, #911993

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.10.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild
index de36395a344f..b306c1666a8c 100644
--- a/dev-libs/openssl/openssl-3.0.10.ebuild
+++ b/dev-libs/openssl/openssl-3.0.10.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     f41296ca5dcdbbac8e051a0beddf7e14e6d41880
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 10 05:50:28 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Sep 10 05:54:30 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f41296ca

dev-libs/openssl: Stabilize 3.0.10 hppa, #911993

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.10.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild
index e470b454af77..de36395a344f 100644
--- a/dev-libs/openssl/openssl-3.0.10.ebuild
+++ b/dev-libs/openssl/openssl-3.0.10.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     4e69decd55e08581a3e8d1d57e97f8d257164d6e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 10 05:50:23 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Sep 10 05:54:28 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e69decd

dev-libs/openssl: Stabilize 3.0.10 x86, #911993

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.10.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild
index 581f6223b5d7..c9e6f5b93271 100644
--- a/dev-libs/openssl/openssl-3.0.10.ebuild
+++ b/dev-libs/openssl/openssl-3.0.10.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     f62012f80139fdf15c11b0cd23cead088fdb802d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Aug  4 10:58:52 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Aug  4 10:58:52 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f62012f8

dev-libs/openssl: Stabilize 3.0.9-r2 ppc, #910660

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9-r2.ebuild b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
index d37433210db8..e4516c8a708f 100644
--- a/dev-libs/openssl/openssl-3.0.9-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     18e092d4054d90a203b2a3d8ebc53c7390789f4d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Aug  1 15:13:13 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Aug  1 15:42:12 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18e092d4

dev-libs/openssl: add 1.1.1v

Bug: https://bugs.gentoo.org/911560
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.1.1v.ebuild | 265 +++++++++++++++++++++++++++++++++
 2 files changed, 267 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index f8b20e47b8a9..862172e46827 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -3,6 +3,8 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919
 DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
+DIST openssl-1.1.1v.tar.gz 9893443 BLAKE2B 9b3066d1911466dec909052667aafe9b974d2fa0a9798105b7501d62300e5a61a154fb94e633e46918303e9fcc1afc077e6efb5727eb967b75a795d8e2ed60a7 SHA512 1a67340d99026aa62bf50ff89165d9f77fe4a6690fe30d1751b5021dd3f238391afd581b41724687c322c4e3af1770c44a63766a06e9b8cab6425101153e0c7e
+DIST openssl-1.1.1v.tar.gz.asc 833 BLAKE2B a851629231591679c37a53342a7da565879fe626ce56ee586184c6e3694ee9cb15cf10b52e6ef17eac6cb25b66e3d50d1a703d42a5056a51f1567178956bfb11 SHA512 3e188f60d57f844fda6e6382623cb082e18d7caec38f9e6ab13d8d101ca0b0d234cfd7aba041ab975d5cd168c1ec0f147ff8a77e515a416461bfd108cb4244e0
 DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9dab5eab2e1c8f74e6a74fa2c38207817921b65d7293cb241c190a910191c7163600bb75243adde0e2f9ec31cc885 SHA512 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a
 DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf
 DIST openssl-3.1.1.tar.gz 15544757 BLAKE2B 094f7e28f16de6528016fcd21df1d7382b0dbdcd80ec469d37add9c37f638c059dda3ffb4415eba890a33d146ddc9016bcc7192df101c73be5e70faf6e3b1097 SHA512 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9

diff --git a/dev-libs/openssl/openssl-1.1.1v.ebuild b/dev-libs/openssl/openssl-1.1.1v.ebuild
new file mode 100644
index 000000000000..6a237499b429
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1v.ebuild
@@ -0,0 +1,265 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=${P/_/-}
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+if [[ ${PV} != *_pre* ]] ; then
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		kernel_linux? ( sys-process/procps )
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+PDEPEND="app-misc/ca-certificates"
+
+# force upgrade to prevent broken login, bug #696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	# General patches which are suitable to always apply
+	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+		# use GNU ld full option, not to confuse it on Solaris
+		sed -i \
+			-e 's/-Wl,-M,/-Wl,--version-script=/' \
+			-e 's/-Wl,-h,/-Wl,--soname=/' \
+			Configurations/10-main.conf || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config=( perl "${S}/Configure" )
+	[[ -z ${sslout} ]] && config=( sh "${S}/config" -v )
+
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		${ec_nistp_64_gcc_128}
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use_ssl sslv3 ssl3)
+		$(use_ssl sslv3 ssl3-method)
+		$(use_ssl asm)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl tls-heartbeat heartbeats)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo "${config[@]}" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install_sw
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     b047d0148c912d45bb2beb4b1accbdfbd6abe11f
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Aug  1 15:31:44 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Aug  1 15:42:14 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b047d014

dev-libs/openssl: add 3.1.2

Bug: https://bugs.gentoo.org/911560
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.1.2.ebuild | 288 ++++++++++++++++++++++++++++++++++
 2 files changed, 290 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 35c68f684c21..2b19991d6f4c 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -11,3 +11,5 @@ DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9d
 DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf
 DIST openssl-3.1.1.tar.gz 15544757 BLAKE2B 094f7e28f16de6528016fcd21df1d7382b0dbdcd80ec469d37add9c37f638c059dda3ffb4415eba890a33d146ddc9016bcc7192df101c73be5e70faf6e3b1097 SHA512 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9
 DIST openssl-3.1.1.tar.gz.asc 833 BLAKE2B 5a2a9aeb475b843862e133d53bc5bb3c8e12e8e03b1e2da41d0eaa0eade1ae03c4318ad1f5c490c5e1ed7e6ac6275a6d7c881d99993911722b043b15d1622b25 SHA512 83349020c67e5b956f3ef37604a03a1970ea393f862691f5fd5d85930c01e559e25db17d397d8fd230c3862a8b2fba2d5c7df883d56d7472f4c01dab3a661cb2
+DIST openssl-3.1.2.tar.gz 15560427 BLAKE2B 7b4ba35df7d5680c5f13a1986e4c6abaf4592690647dcfa84d7f14c196326355e8ad0ea62f81f8269f0605f0d29f18e9def9c2158fcbe00baefabf819f82374d SHA512 9f41113e5537aee4c3f92711ff85fa12da080363fef0c8b8b34e5b3fc608473c6e4cadd9d8c78f2fcbe97462e51f26a0bb6781656a69ad40226e68af2cf2c762
+DIST openssl-3.1.2.tar.gz.asc 833 BLAKE2B aba3207c5eafaafc34bea078a9684612f7d9b4c5a888a27781cfe2421d27de6c2af3539abfc6efdac81ab0b923b7044a9b764902aa76edfd44ce5979f871a8b9 SHA512 fe143d2d90de1d3d30590ef9801185f8d2837668474ef3879d409bd4eb9417a127dee6c2a4e45076aa3ae3e443bfedd24de434ba4cf3ea0589c113990345a9ce

diff --git a/dev-libs/openssl/openssl-3.1.2.ebuild b/dev-libs/openssl/openssl-3.1.2.ebuild
new file mode 100644
index 000000000000..c8bb089d7ce7
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.1.2.ebuild
@@ -0,0 +1,288 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="
+		mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+	"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	!<net-misc/openssh-9.2_p1-r3
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install_sw
+	if use fips; then
+		emake DESTDIR="${D}" install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     8ae4e101b7c4b4e05dbf730fe3651850b98b81bf
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Aug  1 15:24:31 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Aug  1 15:42:13 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ae4e101

dev-libs/openssl: add 3.0.10

Bug: https://bugs.gentoo.org/911560
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-3.0.10.ebuild | 285 +++++++++++++++++++++++++++++++++
 2 files changed, 287 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 862172e46827..35c68f684c21 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -5,6 +5,8 @@ DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093
 DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
 DIST openssl-1.1.1v.tar.gz 9893443 BLAKE2B 9b3066d1911466dec909052667aafe9b974d2fa0a9798105b7501d62300e5a61a154fb94e633e46918303e9fcc1afc077e6efb5727eb967b75a795d8e2ed60a7 SHA512 1a67340d99026aa62bf50ff89165d9f77fe4a6690fe30d1751b5021dd3f238391afd581b41724687c322c4e3af1770c44a63766a06e9b8cab6425101153e0c7e
 DIST openssl-1.1.1v.tar.gz.asc 833 BLAKE2B a851629231591679c37a53342a7da565879fe626ce56ee586184c6e3694ee9cb15cf10b52e6ef17eac6cb25b66e3d50d1a703d42a5056a51f1567178956bfb11 SHA512 3e188f60d57f844fda6e6382623cb082e18d7caec38f9e6ab13d8d101ca0b0d234cfd7aba041ab975d5cd168c1ec0f147ff8a77e515a416461bfd108cb4244e0
+DIST openssl-3.0.10.tar.gz 15194904 BLAKE2B 8bb3bd02b8dc64441ebfea98c4778d3ee0794540186904371a5aed81cb4f6d6903809bf97faafbc2a719617353234484f0d610f2806621229131fdad343f7231 SHA512 fc12f3beed5e2d2f4767aeb772ceb6ba26f6cbfabc247765854108266b27a1223134f0e81735867a9069bc9c07a14b9816e85903cef91bd1b90f781f0b98b61a
+DIST openssl-3.0.10.tar.gz.asc 833 BLAKE2B e1a8fa7c95d5dffdce9fa1824cecc5c81a03228d21c983f23ed4c6c459f085e7406f53337cad41f82506b2a8614497b4eb4cbe261ff4db3c002f1470b90100ba SHA512 3d91e763dcb0bb37cf6586b75c5310c824b5ca75e59a206d759081a67bc016add501648a365aa479dc621f33b86e7aac26d1deb528b43a37187d91eb194b2bdc
 DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9dab5eab2e1c8f74e6a74fa2c38207817921b65d7293cb241c190a910191c7163600bb75243adde0e2f9ec31cc885 SHA512 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a
 DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf
 DIST openssl-3.1.1.tar.gz 15544757 BLAKE2B 094f7e28f16de6528016fcd21df1d7382b0dbdcd80ec469d37add9c37f638c059dda3ffb4415eba890a33d146ddc9016bcc7192df101c73be5e70faf6e3b1097 SHA512 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9

diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild
new file mode 100644
index 000000000000..581f6223b5d7
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.10.ebuild
@@ -0,0 +1,285 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install_sw
+	if use fips; then
+		emake DESTDIR="${D}" install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     5ff6c1b3f21acc2ee6a95eda6ccda6baceedaf7d
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 23 16:01:18 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sun Jul 23 16:01:18 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ff6c1b3

dev-libs/openssl: Stabilize 3.0.9-r2 sparc, #910660

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9-r2.ebuild b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
index bc2c032e96d4..d37433210db8 100644
--- a/dev-libs/openssl/openssl-3.0.9-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     eb43c8bd77660f1286be77cc78597622d5a53ced
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 23 16:00:00 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sun Jul 23 16:00:00 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb43c8bd

dev-libs/openssl: Stabilize 3.0.9-r2 arm, #910660

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9-r2.ebuild b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
index 915313bdae51..a11a83afe68e 100644
--- a/dev-libs/openssl/openssl-3.0.9-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     659e00ce8a4f318005b0f5b13f82bf4b2e4429ae
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 23 16:00:07 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sun Jul 23 16:00:07 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=659e00ce

dev-libs/openssl: Stabilize 3.0.9-r2 hppa, #910660

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9-r2.ebuild b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
index a11a83afe68e..bc2c032e96d4 100644
--- a/dev-libs/openssl/openssl-3.0.9-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     ad195221668bad0a4b911e1ff34fd13f7fed0977
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 23 01:55:42 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jul 23 01:55:42 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad195221

dev-libs/openssl: Stabilize 3.0.9-r2 arm64, #910660

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9-r2.ebuild b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
index 8fa6b19c9113..915313bdae51 100644
--- a/dev-libs/openssl/openssl-3.0.9-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     ddec13df5e5bc6896ebf5ba9e64d79fc20782774
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 22 18:36:12 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jul 22 18:36:12 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ddec13df

dev-libs/openssl: Stabilize 3.0.9-r2 amd64, #910660

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9-r2.ebuild b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
index c1c56681758c..e24c86c78210 100644
--- a/dev-libs/openssl/openssl-3.0.9-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     ca6dcbb579e5963e1b5286b78b7e3f5b37a81705
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 22 18:36:15 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jul 22 18:36:15 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ca6dcbb5

dev-libs/openssl: Stabilize 3.0.9-r2 x86, #910660

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9-r2.ebuild b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
index a5ee34635266..8fa6b19c9113 100644
--- a/dev-libs/openssl/openssl-3.0.9-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     caf090ff3440a21649142ad5d27e4a1b6cfa3f55
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 22 18:36:13 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jul 22 18:36:13 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=caf090ff

dev-libs/openssl: Stabilize 3.0.9-r2 ppc64, #910660

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9-r2.ebuild b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
index e24c86c78210..a5ee34635266 100644
--- a/dev-libs/openssl/openssl-3.0.9-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     abcf1c332125b850a893019e63444c2b93d965bd
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 27 18:02:33 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jun 27 18:02:33 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abcf1c33

dev-libs/openssl: pass -latomic when needed (e.g. i486/old arm)

Closes: https://bugs.gentoo.org/895308
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r1.ebuild | 5 +++++
 dev-libs/openssl/openssl-3.1.1-r1.ebuild | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/dev-libs/openssl/openssl-3.0.9-r1.ebuild b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
index 5a6463868b0d..7f042b6d39c0 100644
--- a/dev-libs/openssl/openssl-3.0.9-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
@@ -135,6 +135,11 @@ src_configure() {
 
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
 	# bug #197996
 	unset APPS
 	# bug #312551

diff --git a/dev-libs/openssl/openssl-3.1.1-r1.ebuild b/dev-libs/openssl/openssl-3.1.1-r1.ebuild
index 48588af55fd7..7f787b960f44 100644
--- a/dev-libs/openssl/openssl-3.1.1-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.1.1-r1.ebuild
@@ -138,6 +138,11 @@ src_configure() {
 
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
 	# bug #197996
 	unset APPS
 	# bug #312551

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     957d004b083d3865308ead9c87cef9ba00c89a92
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 27 08:09:34 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jun 27 10:01:33 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=957d004b

dev-libs/openssl: disable output synch. for tests

It runs a subprocess so you get no output until the end.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r1.ebuild | 2 +-
 dev-libs/openssl/openssl-3.1.1-r1.ebuild | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.9-r1.ebuild b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
index 7317d4627c73..5a6463868b0d 100644
--- a/dev-libs/openssl/openssl-3.0.9-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
@@ -212,7 +212,7 @@ multilib_src_compile() {
 multilib_src_test() {
 	# VFP = show subtests verbosely and show failed tests verbosely
 	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
 }
 
 multilib_src_install() {

diff --git a/dev-libs/openssl/openssl-3.1.1-r1.ebuild b/dev-libs/openssl/openssl-3.1.1-r1.ebuild
index 1f4c2333b34d..48588af55fd7 100644
--- a/dev-libs/openssl/openssl-3.1.1-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.1.1-r1.ebuild
@@ -215,7 +215,7 @@ multilib_src_compile() {
 multilib_src_test() {
 	# VFP = show subtests verbosely and show failed tests verbosely
 	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
 }
 
 multilib_src_install() {

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     d19d521c542bebe12b48fdb24a3eaa9f01400172
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 26 19:32:54 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jun 26 19:32:54 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d19d521c

dev-libs/openssl: keyword 3.1.1-r1

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.1.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.1.1-r1.ebuild b/dev-libs/openssl/openssl-3.1.1-r1.ebuild
index a8e1fa9a6549..1f4c2333b34d 100644
--- a/dev-libs/openssl/openssl-3.1.1-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.1.1-r1.ebuild
@@ -21,7 +21,7 @@ else
 		mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
 	"
-	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     26743d9ebcf4ef4c20011893f9c802e829d8d078
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 25 07:38:27 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jun 25 07:38:27 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26743d9e

dev-libs/openssl: Stabilize 3.0.9-r1 sparc, #899596

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9-r1.ebuild b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
index 96b8df1c3321..7317d4627c73 100644
--- a/dev-libs/openssl/openssl-3.0.9-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     9764a80294e38999ee46dd78b7ff2cc96e5b0005
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 23 05:08:03 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Jun 23 05:08:03 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9764a802

dev-libs/openssl: Stabilize 3.0.9-r1 ppc, #899596

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9-r1.ebuild b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
index 71d14a6357ca..96b8df1c3321 100644
--- a/dev-libs/openssl/openssl-3.0.9-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     c6f25fe6413057fcd4ed7157be79225203ce264f
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 22 07:24:32 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 22 07:24:32 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6f25fe6

dev-libs/openssl: Stabilize 3.0.9-r1 ppc64, #899596

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9-r1.ebuild b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
index caec3243a392..71d14a6357ca 100644
--- a/dev-libs/openssl/openssl-3.0.9-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     4836fadf0fbfb53608d75a47f0727d710dae85c3
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 22 07:13:41 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 22 07:13:41 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4836fadf

dev-libs/openssl: Stabilize 3.0.9-r1 arm, #899596

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9-r1.ebuild b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
index 117e17132402..caec3243a392 100644
--- a/dev-libs/openssl/openssl-3.0.9-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     b73323201b0de5729afb9578e656f8055730f3c0
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 22 07:13:33 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 22 07:13:33 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7332320

dev-libs/openssl: Stabilize 3.0.9-r1 arm64, #899596

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9-r1.ebuild b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
index cac26926ebde..117e17132402 100644
--- a/dev-libs/openssl/openssl-3.0.9-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     a05719d7e86a4b43dec8d8ecc94a0026f74725a1
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 22 07:05:55 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 22 07:05:55 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a05719d7

dev-libs/openssl: Stabilize 3.0.9-r1 hppa, #899596

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9-r1.ebuild b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
index 05076efcb217..cac26926ebde 100644
--- a/dev-libs/openssl/openssl-3.0.9-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     161b4e469a0ef4ff533091bf8c820e0371f61f19
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 22 06:07:07 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 22 06:10:39 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=161b4e46

dev-libs/openssl: use preserve-libs.eclass

coreutils[openssl] will make e.g. sort use openssl for acceleration. For
users with FEATURES="-preserve-libs" (non-default, pretty rare), we need to
use preserve-libs.eclass to force preservation as it'll result in a bricked
system otherwise.

Reported on the forums at https://forums.gentoo.org/viewtopic-t-1163916.html too.

If you've hit this:
* you'll likely need to use a rescue environment to install a binary package
  of coreutils built without openssl, or downgrade openssl instead.

  See https://wiki.gentoo.org/wiki/Fix_my_Gentoo.

* you may want to (although it's not required) set FEATURES="preserved-libs"
  in make.conf.

Bug: https://bugs.gentoo.org/908746
Bug: https://bugs.gentoo.org/908849
Fixes: 842c8893492294933fc5527af41c3c9ab16d0efd
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../openssl/{openssl-3.0.9.ebuild => openssl-3.0.9-r1.ebuild}    | 9 ++++++++-
 .../openssl/{openssl-3.1.1.ebuild => openssl-3.1.1-r1.ebuild}    | 9 ++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.9.ebuild b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
similarity index 95%
rename from dev-libs/openssl/openssl-3.0.9.ebuild
rename to dev-libs/openssl/openssl-3.0.9-r1.ebuild
index ee26cdf431c1..05076efcb217 100644
--- a/dev-libs/openssl/openssl-3.0.9.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
@@ -4,7 +4,8 @@
 EAPI=8
 
 VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
 
 DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
 HOMEPAGE="https://www.openssl.org/"
@@ -264,10 +265,16 @@ pkg_preinst() {
 			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
 		eend $?
 	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
 }
 
 pkg_postinst() {
 	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
 	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
 	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
 }

diff --git a/dev-libs/openssl/openssl-3.1.1.ebuild b/dev-libs/openssl/openssl-3.1.1-r1.ebuild
similarity index 95%
rename from dev-libs/openssl/openssl-3.1.1.ebuild
rename to dev-libs/openssl/openssl-3.1.1-r1.ebuild
index 66fb41062dec..a8e1fa9a6549 100644
--- a/dev-libs/openssl/openssl-3.1.1.ebuild
+++ b/dev-libs/openssl/openssl-3.1.1-r1.ebuild
@@ -4,7 +4,8 @@
 EAPI=8
 
 VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
 
 DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
 HOMEPAGE="https://www.openssl.org/"
@@ -267,10 +268,16 @@ pkg_preinst() {
 			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
 		eend $?
 	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
 }
 
 pkg_postinst() {
 	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
 	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
 	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
 }

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     2ca80194c9344f392d9020f6eed023d4f164e0b6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 22 03:08:16 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 22 03:08:16 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ca80194

dev-libs/openssl: Stabilize 3.0.9 x86, #899596

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9.ebuild b/dev-libs/openssl/openssl-3.0.9.ebuild
index b8c7dad169fb..ee26cdf431c1 100644
--- a/dev-libs/openssl/openssl-3.0.9.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9.ebuild
@@ -18,7 +18,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     aa3b285c81c9dd36a3605eeb14fed0544e0df207
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 22 02:49:05 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 22 02:49:05 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa3b285c

dev-libs/openssl: Stabilize 3.0.9 amd64, #899596

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.9.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.9.ebuild b/dev-libs/openssl/openssl-3.0.9.ebuild
index becca7515681..b8c7dad169fb 100644
--- a/dev-libs/openssl/openssl-3.0.9.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9.ebuild
@@ -18,7 +18,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos"
+	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     6a593ae96eb045245e5ad41879ce602f193d013f
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 14 05:16:57 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 14 05:20:12 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a593ae9

dev-libs/openssl: drop 1.1.1t-r1

Bug: https://bugs.gentoo.org/903545
Bug: https://bugs.gentoo.org/907413
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r1.ebuild | 265 ------------------------------
 1 file changed, 265 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
deleted file mode 100644
index 1d43a457c82a..000000000000
--- a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
+++ /dev/null
@@ -1,265 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
-
-MY_P=${P/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		kernel_linux? ( sys-process/procps )
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-PDEPEND="app-misc/ca-certificates"
-
-# force upgrade to prevent broken login, bug #696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	# General patches which are suitable to always apply
-	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-	"${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
-		# use GNU ld full option, not to confuse it on Solaris
-		sed -i \
-			-e 's/-Wl,-M,/-Wl,--version-script=/' \
-			-e 's/-Wl,-h,/-Wl,--soname=/' \
-			Configurations/10-main.conf || die
-
-		# fix building on Solaris 10
-		# https://github.com/openssl/openssl/issues/6333
-		sed -i \
-			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
-			Configurations/10-main.conf || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config=( perl "${S}/Configure" )
-	[[ -z ${sslout} ]] && config=( sh "${S}/config" -v )
-
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		${ec_nistp_64_gcc_128}
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use_ssl sslv3 ssl3)
-		$(use_ssl sslv3 ssl3-method)
-		$(use_ssl asm)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl tls-heartbeat heartbeats)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo "${config[@]}" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     4afb409f0fc9aa5e8fc368d61a85d1bfc440c3a0
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun  1 17:18:40 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Jun  1 17:18:40 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4afb409f

dev-libs/openssl: Stabilize 1.1.1u arm64, #907592

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1u.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1u.ebuild b/dev-libs/openssl/openssl-1.1.1u.ebuild
index 055dd86fe362..90cdec1ab00b 100644
--- a/dev-libs/openssl/openssl-1.1.1u.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1u.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     a6db475cece462e5eeb2e3a842b0db732f254e56
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun  1 17:18:20 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Jun  1 17:18:20 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6db475c

dev-libs/openssl: Stabilize 1.1.1u hppa, #907592

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1u.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1u.ebuild b/dev-libs/openssl/openssl-1.1.1u.ebuild
index d66fc8e3deed..055dd86fe362 100644
--- a/dev-libs/openssl/openssl-1.1.1u.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1u.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     c2cace7f29e2e4323840ef1572f181e50f3f8a46
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun  1 16:44:39 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Jun  1 16:44:39 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2cace7f

dev-libs/openssl: Stabilize 1.1.1u sparc, #907592

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1u.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1u.ebuild b/dev-libs/openssl/openssl-1.1.1u.ebuild
index b3fb05d86a54..d66fc8e3deed 100644
--- a/dev-libs/openssl/openssl-1.1.1u.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1u.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     b904449d4602b9c85c2bff34825422c3d19131cd
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun  1 07:50:18 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Jun  1 07:50:18 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b904449d

dev-libs/openssl: Stabilize 1.1.1u ppc64, #907592

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1u.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1u.ebuild b/dev-libs/openssl/openssl-1.1.1u.ebuild
index 0c49ead419ee..e725164f8cc2 100644
--- a/dev-libs/openssl/openssl-1.1.1u.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1u.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     36b7028bd1e91f33166a5794451f051a56d50d62
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue May 30 14:08:30 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue May 30 14:16:22 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36b7028b

dev-libs/openssl: add 3.0.9

Bug: https://bugs.gentoo.org/907413
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.0.9.ebuild | 273 ++++++++++++++++++++++++++++++++++
 2 files changed, 275 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 8af7791007d3..d9eed2263d09 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -7,5 +7,7 @@ DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093
 DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
 DIST openssl-3.0.8.tar.gz 15151328 BLAKE2B e163cc9b8b458f72405a2f1bde3811c8d0eb22e8b08ff5608ec64799975f1546dcdce31466b8a1d5ed29bc90d19aa6017d711987c81b71f4b20e279828cf753a SHA512 8ce10be000d7d4092c8efc5b96b1d2f7da04c1c3a624d3a7923899c6b1de06f369016be957e36e8ab6d4c9102eaeec5d1973295d547f7893a7f11f132ae42b0d
 DIST openssl-3.0.8.tar.gz.asc 833 BLAKE2B 1949801150e254e9be648f33014a4a16f803b42ca5a302c3942d377013e983e0ea0cca8aed594e3f9ecde26c6e31d222581e991af5fae6cd451d7ee83541f4bb SHA512 e1c04f1179aded228b39005fd9e9f6f75aedafb938b77ac58c97a00973eb412d93b92ad1c447332a5d96850b62b01093502928e6c190bdd0234a94c4e815d2a6
+DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9dab5eab2e1c8f74e6a74fa2c38207817921b65d7293cb241c190a910191c7163600bb75243adde0e2f9ec31cc885 SHA512 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a
+DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf
 DIST openssl-3.1.0.tar.gz 15525381 BLAKE2B 9212a7fb13f6dee7746721ee406af56ae1b48ec58974c002465d2b0205839eb5ee0483383aa9924fc3e4168ebd34e1a5819480cf10aa318994d7171e54c07108 SHA512 71cc75c7700f445c616e382b76263ad2e4072beec0232458baf3d9891b8b64a7ad0cac4b4d24b727b2b7dcd100c78606fd48eba98a67eccd5f336e3d626ca713
 DIST openssl-3.1.0.tar.gz.asc 488 BLAKE2B f4a844e3db2c2bdf42b6f811d16cc2077cacf713d20474d94e2d0180a6f97eadf4f03522e9fed478d263d680d88091dc2bc48e7ebb15d049bc57ee7ed64c7fbb SHA512 8d542e6471b745822d6cd889c5b168841b4366ee9a96edc2ab5b44fa1bd1b75308422aed312f1bd6e6a3c3e306eceaa95ce9bb4d0aa3e8ff86cb0fd92a7e61ea

diff --git a/dev-libs/openssl/openssl-3.0.9.ebuild b/dev-libs/openssl/openssl-3.0.9.ebuild
new file mode 100644
index 000000000000..becca7515681
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.9.ebuild
@@ -0,0 +1,273 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install_sw
+	if use fips; then
+		emake DESTDIR="${D}" install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     a4aa0cfc16f02cc06906f8aa226074b628a6ce67
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue May 30 14:01:22 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue May 30 14:16:21 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a4aa0cfc

dev-libs/openssl: add 1.1.1u

Bug: https://bugs.gentoo.org/907413
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.1.1u.ebuild | 265 +++++++++++++++++++++++++++++++++
 2 files changed, 267 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 11ae27549ed5..8af7791007d3 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -3,6 +3,8 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c
 DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b
+DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919
+DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
 DIST openssl-3.0.8.tar.gz 15151328 BLAKE2B e163cc9b8b458f72405a2f1bde3811c8d0eb22e8b08ff5608ec64799975f1546dcdce31466b8a1d5ed29bc90d19aa6017d711987c81b71f4b20e279828cf753a SHA512 8ce10be000d7d4092c8efc5b96b1d2f7da04c1c3a624d3a7923899c6b1de06f369016be957e36e8ab6d4c9102eaeec5d1973295d547f7893a7f11f132ae42b0d
 DIST openssl-3.0.8.tar.gz.asc 833 BLAKE2B 1949801150e254e9be648f33014a4a16f803b42ca5a302c3942d377013e983e0ea0cca8aed594e3f9ecde26c6e31d222581e991af5fae6cd451d7ee83541f4bb SHA512 e1c04f1179aded228b39005fd9e9f6f75aedafb938b77ac58c97a00973eb412d93b92ad1c447332a5d96850b62b01093502928e6c190bdd0234a94c4e815d2a6
 DIST openssl-3.1.0.tar.gz 15525381 BLAKE2B 9212a7fb13f6dee7746721ee406af56ae1b48ec58974c002465d2b0205839eb5ee0483383aa9924fc3e4168ebd34e1a5819480cf10aa318994d7171e54c07108 SHA512 71cc75c7700f445c616e382b76263ad2e4072beec0232458baf3d9891b8b64a7ad0cac4b4d24b727b2b7dcd100c78606fd48eba98a67eccd5f336e3d626ca713

diff --git a/dev-libs/openssl/openssl-1.1.1u.ebuild b/dev-libs/openssl/openssl-1.1.1u.ebuild
new file mode 100644
index 000000000000..0c49ead419ee
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1u.ebuild
@@ -0,0 +1,265 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=${P/_/-}
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+if [[ ${PV} != *_pre* ]] ; then
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		kernel_linux? ( sys-process/procps )
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
+PDEPEND="app-misc/ca-certificates"
+
+# force upgrade to prevent broken login, bug #696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	# General patches which are suitable to always apply
+	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+		# use GNU ld full option, not to confuse it on Solaris
+		sed -i \
+			-e 's/-Wl,-M,/-Wl,--version-script=/' \
+			-e 's/-Wl,-h,/-Wl,--soname=/' \
+			Configurations/10-main.conf || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config=( perl "${S}/Configure" )
+	[[ -z ${sslout} ]] && config=( sh "${S}/config" -v )
+
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		${ec_nistp_64_gcc_128}
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use_ssl sslv3 ssl3)
+		$(use_ssl sslv3 ssl3-method)
+		$(use_ssl asm)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl tls-heartbeat heartbeats)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo "${config[@]}" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install_sw
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     2d17210a58009faca0a1bc9ef02d1c90826a9269
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue May 30 14:15:59 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue May 30 14:16:23 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d17210a

dev-libs/openssl: add 3.1.1

Bug: https://bugs.gentoo.org/907413
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.1.1.ebuild | 276 ++++++++++++++++++++++++++++++++++
 2 files changed, 278 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index d9eed2263d09..55a08fc6adbe 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -11,3 +11,5 @@ DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9d
 DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf
 DIST openssl-3.1.0.tar.gz 15525381 BLAKE2B 9212a7fb13f6dee7746721ee406af56ae1b48ec58974c002465d2b0205839eb5ee0483383aa9924fc3e4168ebd34e1a5819480cf10aa318994d7171e54c07108 SHA512 71cc75c7700f445c616e382b76263ad2e4072beec0232458baf3d9891b8b64a7ad0cac4b4d24b727b2b7dcd100c78606fd48eba98a67eccd5f336e3d626ca713
 DIST openssl-3.1.0.tar.gz.asc 488 BLAKE2B f4a844e3db2c2bdf42b6f811d16cc2077cacf713d20474d94e2d0180a6f97eadf4f03522e9fed478d263d680d88091dc2bc48e7ebb15d049bc57ee7ed64c7fbb SHA512 8d542e6471b745822d6cd889c5b168841b4366ee9a96edc2ab5b44fa1bd1b75308422aed312f1bd6e6a3c3e306eceaa95ce9bb4d0aa3e8ff86cb0fd92a7e61ea
+DIST openssl-3.1.1.tar.gz 15544757 BLAKE2B 094f7e28f16de6528016fcd21df1d7382b0dbdcd80ec469d37add9c37f638c059dda3ffb4415eba890a33d146ddc9016bcc7192df101c73be5e70faf6e3b1097 SHA512 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9
+DIST openssl-3.1.1.tar.gz.asc 833 BLAKE2B 5a2a9aeb475b843862e133d53bc5bb3c8e12e8e03b1e2da41d0eaa0eade1ae03c4318ad1f5c490c5e1ed7e6ac6275a6d7c881d99993911722b043b15d1622b25 SHA512 83349020c67e5b956f3ef37604a03a1970ea393f862691f5fd5d85930c01e559e25db17d397d8fd230c3862a8b2fba2d5c7df883d56d7472f4c01dab3a661cb2

diff --git a/dev-libs/openssl/openssl-3.1.1.ebuild b/dev-libs/openssl/openssl-3.1.1.ebuild
new file mode 100644
index 000000000000..66fb41062dec
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.1.1.ebuild
@@ -0,0 +1,276 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="
+		mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+	"
+	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	!<net-misc/openssh-9.2_p1-r3
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install_sw
+	if use fips; then
+		emake DESTDIR="${D}" install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     bebe8fa4ec3ef6b87551157f4e13755956936aa3
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 29 11:50:42 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat Apr 29 11:50:42 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bebe8fa4

dev-libs/openssl: Stabilize 1.1.1t-r3 hppa, #903546

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
index 32b6958bde65..73ac23a153e7 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     e9f01fda0a1d5c0f2b379aa8ebc7a5733ee66b1f
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Fri Apr 28 12:26:47 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Apr 29 08:47:35 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9f01fda

dev-libs/openssl: stable 1.1.1t-r3 for sparc, bug #903546

Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
index 19dc37ea8403..32b6958bde65 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     e2297b9589d681ceb2bab74eea5db3f572341755
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 28 07:02:26 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Apr 28 07:02:26 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2297b95

dev-libs/openssl: skip test_afalg test

It depends on kernel configuration.

Closes: https://bugs.gentoo.org/699134
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r3.ebuild | 3 +++
 dev-libs/openssl/openssl-3.0.8-r4.ebuild  | 3 +++
 dev-libs/openssl/openssl-3.1.0-r3.ebuild  | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
index 939e1ae68dd5..19dc37ea8403 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
@@ -95,6 +95,9 @@ src_prepare() {
 		rm test/recipes/80-test_ssl_new.t || die
 	fi
 
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+
 	# Remove test target when FEATURES=test isn't set
 	if ! use test ; then
 		sed \

diff --git a/dev-libs/openssl/openssl-3.0.8-r4.ebuild b/dev-libs/openssl/openssl-3.0.8-r4.ebuild
index 324bb314e751..e504eb575575 100644
--- a/dev-libs/openssl/openssl-3.0.8-r4.ebuild
+++ b/dev-libs/openssl/openssl-3.0.8-r4.ebuild
@@ -111,6 +111,9 @@ src_prepare() {
 		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
 		rm test/recipes/80-test_ssl_new.t || die
 	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
 }
 
 src_configure() {

diff --git a/dev-libs/openssl/openssl-3.1.0-r3.ebuild b/dev-libs/openssl/openssl-3.1.0-r3.ebuild
index e98ee05437c1..5f1ec4c39f0f 100644
--- a/dev-libs/openssl/openssl-3.1.0-r3.ebuild
+++ b/dev-libs/openssl/openssl-3.1.0-r3.ebuild
@@ -114,6 +114,9 @@ src_prepare() {
 		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
 		rm test/recipes/80-test_ssl_new.t || die
 	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
 }
 
 src_configure() {

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     0d5a819321682ff72e2c3524d8322fb008e069ea
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 20 16:56:33 2023 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Thu Apr 20 16:57:56 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d5a8193

dev-libs/openssl: drop 1.1.1s, 1.1.1t-r2

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 dev-libs/openssl/Manifest                 |   2 -
 dev-libs/openssl/openssl-1.1.1s.ebuild    | 342 ------------------------------
 dev-libs/openssl/openssl-1.1.1t-r2.ebuild | 266 -----------------------
 3 files changed, 610 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 46d864d06642..11ae27549ed5 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,8 +1,6 @@
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
-DIST openssl-1.1.1s.tar.gz 9868981 BLAKE2B ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb SHA512 2ef983f166b5e1bf456ca37938e7e39d58d4cd85e9fc4b5174a05f5c37cc5ad89c3a9af97a6919bcaab128a8a92e4bdc8a045e5d9156d90768da8f73ac67c5b9
-DIST openssl-1.1.1s.tar.gz.asc 858 BLAKE2B d95f0f80d460feac737f84ed629c45aaf5e453103ef202ec7d33cf33b89ad83a9007429433b10754b725d7963b1960e350b64e8bdfe569ad149e26bef462eeca SHA512 aa6e5e940448297a90c46ba162f8e6ee324c2e202a9283328c31f996dc2259dd9f5f981d94d1cf1dd3cc73c44647b473602dacb857b9719bf066931b43b899e6
 DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c
 DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b
 DIST openssl-3.0.8.tar.gz 15151328 BLAKE2B e163cc9b8b458f72405a2f1bde3811c8d0eb22e8b08ff5608ec64799975f1546dcdce31466b8a1d5ed29bc90d19aa6017d711987c81b71f4b20e279828cf753a SHA512 8ce10be000d7d4092c8efc5b96b1d2f7da04c1c3a624d3a7923899c6b1de06f369016be957e36e8ab6d4c9102eaeec5d1973295d547f7893a7f11f132ae42b0d

diff --git a/dev-libs/openssl/openssl-1.1.1s.ebuild b/dev-libs/openssl/openssl-1.1.1s.ebuild
deleted file mode 100644
index ae35bd52b8b8..000000000000
--- a/dev-libs/openssl/openssl-1.1.1s.ebuild
+++ /dev/null
@@ -1,342 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig linux-info
-
-MY_P=${P/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-fi
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		kernel_linux? ( sys-process/procps )
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-PDEPEND="app-misc/ca-certificates"
-
-# force upgrade to prevent broken login, bug #696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	# General patches which are suitable to always apply
-	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-
-	use test && CONFIG_CHECK="~CRYPTO_USER_API_SKCIPHER"
-	linux-info_pkg_setup
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# - Make sure the man pages are suffixed (bug #302165)
-	# - Don't bother building man pages if they're disabled
-	# - Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (bug #141906)
-	sed \
-		-e "1s,/usr/bin/env,${BROOT}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
-		# use GNU ld full option, not to confuse it on Solaris
-		sed -i \
-			-e 's/-Wl,-M,/-Wl,--version-script=/' \
-			-e 's/-Wl,-h,/-Wl,--soname=/' \
-			Configurations/10-main.conf || die
-
-		# fix building on Solaris 10
-		# https://github.com/openssl/openssl/issues/6333
-		sed -i \
-			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
-			Configurations/10-main.conf || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		${ec_nistp_64_gcc_128}
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use_ssl sslv3 ssl3)
-		$(use_ssl sslv3 ssl3-method)
-		$(use_ssl asm)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl tls-heartbeat heartbeats)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
-	dodir /usr
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*}
-		d=${d#./}
-		m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# Fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m}
-
-		# Locate any symlinks that point to this man page
-		# We assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-
-			rm -f ${d}/${s}
-
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.1t-r2.ebuild b/dev-libs/openssl/openssl-1.1.1t-r2.ebuild
deleted file mode 100644
index ed79949dc698..000000000000
--- a/dev-libs/openssl/openssl-1.1.1t-r2.ebuild
+++ /dev/null
@@ -1,266 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
-
-MY_P=${P/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-fi
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		kernel_linux? ( sys-process/procps )
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-PDEPEND="app-misc/ca-certificates"
-
-# force upgrade to prevent broken login, bug #696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	# General patches which are suitable to always apply
-	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-	"${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
-	"${FILESDIR}"/openssl-1.1.1t-CVE-2023-0464.patch
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
-		# use GNU ld full option, not to confuse it on Solaris
-		sed -i \
-			-e 's/-Wl,-M,/-Wl,--version-script=/' \
-			-e 's/-Wl,-h,/-Wl,--soname=/' \
-			Configurations/10-main.conf || die
-
-		# fix building on Solaris 10
-		# https://github.com/openssl/openssl/issues/6333
-		sed -i \
-			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
-			Configurations/10-main.conf || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config=( perl "${S}/Configure" )
-	[[ -z ${sslout} ]] && config=( sh "${S}/config" -v )
-
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		${ec_nistp_64_gcc_128}
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use_ssl sslv3 ssl3)
-		$(use_ssl sslv3 ssl3-method)
-		$(use_ssl asm)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl tls-heartbeat heartbeats)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo "${config[@]}" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     2a0c53dee944232cee403461087b20d935b846f5
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 20 16:56:17 2023 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Thu Apr 20 16:57:56 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a0c53de

dev-libs/openssl: drop 3.1.0, 3.1.0-r1, 3.1.0-r2

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 dev-libs/openssl/openssl-3.1.0-r1.ebuild | 274 ------------------------------
 dev-libs/openssl/openssl-3.1.0-r2.ebuild | 280 -------------------------------
 dev-libs/openssl/openssl-3.1.0.ebuild    | 273 ------------------------------
 3 files changed, 827 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.1.0-r1.ebuild b/dev-libs/openssl/openssl-3.1.0-r1.ebuild
deleted file mode 100644
index f50b53ac125a..000000000000
--- a/dev-libs/openssl/openssl-3.1.0-r1.ebuild
+++ /dev/null
@@ -1,274 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
-	"${FILESDIR}"/openssl-3.1.0-CVE-2023-0464.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
-	if use fips; then
-		emake DESTDIR="${D}" install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-3.1.0-r2.ebuild b/dev-libs/openssl/openssl-3.1.0-r2.ebuild
deleted file mode 100644
index 82fbb55ebda8..000000000000
--- a/dev-libs/openssl/openssl-3.1.0-r2.ebuild
+++ /dev/null
@@ -1,280 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
-	"${FILESDIR}"/openssl-3.1.0-CVE-2023-0464.patch
-	"${FILESDIR}"/openssl-3.1.0-CVE-2023-0465.patch
-	"${FILESDIR}"/openssl-3.1.0-CVE-2023-0466.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
-	if use fips; then
-		emake DESTDIR="${D}" install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-3.1.0.ebuild b/dev-libs/openssl/openssl-3.1.0.ebuild
deleted file mode 100644
index d13af77736ea..000000000000
--- a/dev-libs/openssl/openssl-3.1.0.ebuild
+++ /dev/null
@@ -1,273 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
-	if use fips; then
-		emake DESTDIR="${D}" install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     e62cd3ce1c1f09fb145405cfb66414c1fc392f79
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 20 16:48:35 2023 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Thu Apr 20 16:57:55 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e62cd3ce

dev-libs/openssl: drop 3.0.8-r1, 3.0.8-r2, 3.0.8-r3

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.8-r1.ebuild | 270 ------------------------------
 dev-libs/openssl/openssl-3.0.8-r2.ebuild | 271 ------------------------------
 dev-libs/openssl/openssl-3.0.8-r3.ebuild | 277 -------------------------------
 3 files changed, 818 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.8-r1.ebuild b/dev-libs/openssl/openssl-3.0.8-r1.ebuild
deleted file mode 100644
index ea11e22eb155..000000000000
--- a/dev-libs/openssl/openssl-3.0.8-r1.ebuild
+++ /dev/null
@@ -1,270 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
-	if use fips; then
-		emake DESTDIR="${D}" install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-3.0.8-r2.ebuild b/dev-libs/openssl/openssl-3.0.8-r2.ebuild
deleted file mode 100644
index bc44de5a3345..000000000000
--- a/dev-libs/openssl/openssl-3.0.8-r2.ebuild
+++ /dev/null
@@ -1,271 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
-	"${FILESDIR}"/openssl-3.0.8-CVE-2023-0464.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
-	if use fips; then
-		emake DESTDIR="${D}" install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-3.0.8-r3.ebuild b/dev-libs/openssl/openssl-3.0.8-r3.ebuild
deleted file mode 100644
index 47c1bd2d6e83..000000000000
--- a/dev-libs/openssl/openssl-3.0.8-r3.ebuild
+++ /dev/null
@@ -1,277 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
-	"${FILESDIR}"/openssl-3.0.8-CVE-2023-0464.patch
-	"${FILESDIR}"/openssl-3.0.8-CVE-2023-0465.patch
-	"${FILESDIR}"/openssl-3.0.8-CVE-2023-0466.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
-	if use fips; then
-		emake DESTDIR="${D}" install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     49ae98232120c4b50e6250c4d976306b49e35695
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 19 11:02:09 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 19 11:04:02 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=49ae9823

dev-libs/openssl: Stabilize 1.1.1t-r3 x86, #903546

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
index b68a78a6b738..321c29feb04c 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     f4720b1ce36e619c0aecbffdef18ae2f914193e8
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 19 08:58:04 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 19 08:58:04 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4720b1c

dev-libs/openssl: Stabilize 1.1.1t-r3 amd64, #903546

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
index 3ef20027d548..b68a78a6b738 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     d63745e111bb5ed85963a6f8e360ddb9a7477ca7
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 19 07:12:23 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 19 07:12:23 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d63745e1

dev-libs/openssl: Stabilize 1.1.1t-r3 ppc, #903546

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
index 85c7d308730b..3ef20027d548 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     2e21915de74d92b64f180e0c310f17892cd4c025
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 19 07:05:26 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 19 07:05:26 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2e21915d

dev-libs/openssl: Stabilize 1.1.1t-r3 ppc64, #903546

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
index ed8d94accb0c..85c7d308730b 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     f06fd49b5dfe4083d60705c9a78fa5bfb6c3effb
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 19 07:00:52 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 19 07:00:52 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f06fd49b

dev-libs/openssl: Stabilize 1.1.1t-r3 arm64, #903546

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
index a25fd43760eb..4fba6e446e47 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     1d5187c0f51b662417ada9a18df5ed586dfc3219
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 19 07:00:53 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 19 07:00:53 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1d5187c0

dev-libs/openssl: Stabilize 1.1.1t-r3 arm, #903546

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
index 4fba6e446e47..ed8d94accb0c 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     29f8f224ade5d637560dfad606fd628a75ec9cde
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 13 03:46:32 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Apr 13 03:46:32 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29f8f224

dev-libs/openssl: fix DoubleEmptyLine in 1.1.1t*

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r1.ebuild | 1 -
 dev-libs/openssl/openssl-1.1.1t-r2.ebuild | 1 -
 dev-libs/openssl/openssl-1.1.1t-r3.ebuild | 1 -
 3 files changed, 3 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
index dba4e4adb6ab..9eb808c07eeb 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
@@ -92,7 +92,6 @@ src_prepare() {
 		rm test/recipes/80-test_ssl_new.t || die
 	fi
 
-
 	# Remove test target when FEATURES=test isn't set
 	if ! use test ; then
 		sed \

diff --git a/dev-libs/openssl/openssl-1.1.1t-r2.ebuild b/dev-libs/openssl/openssl-1.1.1t-r2.ebuild
index 6153c5fb1f34..ed79949dc698 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r2.ebuild
@@ -93,7 +93,6 @@ src_prepare() {
 		rm test/recipes/80-test_ssl_new.t || die
 	fi
 
-
 	# Remove test target when FEATURES=test isn't set
 	if ! use test ; then
 		sed \

diff --git a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
index f9c750974d5d..a25fd43760eb 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
@@ -95,7 +95,6 @@ src_prepare() {
 		rm test/recipes/80-test_ssl_new.t || die
 	fi
 
-
 	# Remove test target when FEATURES=test isn't set
 	if ! use test ; then
 		sed \

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     4057dcbc657ddc5d1e3d603110ab2713cb590312
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 13 03:42:52 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Apr 13 03:44:44 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4057dcbc

dev-libs/openssl: filter LTO

The OpenSSL developers don't test with LTO right now, it leads to various
warnings/errors (which may or may not be false positives), and it's
not tested in CI: https://github.com/openssl/openssl/issues/18663.

It's not considered supported at all.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r3.ebuild | 4 ++++
 dev-libs/openssl/openssl-3.0.8-r3.ebuild  | 4 ++++
 dev-libs/openssl/openssl-3.1.0-r2.ebuild  | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
index 1c29542e9287..f9c750974d5d 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
@@ -140,6 +140,10 @@ src_configure() {
 	# Don't remove the no strict aliasing bits below!
 	filter-flags -fstrict-aliasing
 	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
 
 	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
 

diff --git a/dev-libs/openssl/openssl-3.0.8-r3.ebuild b/dev-libs/openssl/openssl-3.0.8-r3.ebuild
index ad4ca4f3b019..47c1bd2d6e83 100644
--- a/dev-libs/openssl/openssl-3.0.8-r3.ebuild
+++ b/dev-libs/openssl/openssl-3.0.8-r3.ebuild
@@ -131,6 +131,10 @@ src_configure() {
 	# Don't remove the no strict aliasing bits below!
 	filter-flags -fstrict-aliasing
 	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
 
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 

diff --git a/dev-libs/openssl/openssl-3.1.0-r2.ebuild b/dev-libs/openssl/openssl-3.1.0-r2.ebuild
index b5a3fe7adebf..82fbb55ebda8 100644
--- a/dev-libs/openssl/openssl-3.1.0-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.1.0-r2.ebuild
@@ -134,6 +134,10 @@ src_configure() {
 	# Don't remove the no strict aliasing bits below!
 	filter-flags -fstrict-aliasing
 	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
 
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     a2a2211dfdfde2ecfec12d870ce19cd000debf06
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 30 18:36:01 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 30 18:36:01 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2a2211d

dev-libs/openssl: Stabilize 1.1.1t-r1 hppa, #893556

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
index 9d237105dbfa..dba4e4adb6ab 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     8bd86374286bfe0a206f939126f728c8af319627
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 30 18:35:58 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 30 18:35:58 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8bd86374

dev-libs/openssl: Stabilize 1.1.1t-r1 sparc, #893556

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
index 5ea6cdd31991..9d237105dbfa 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     137a7952a03341f076c16be211e90ebe82b394db
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 16 17:37:37 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 16 17:37:37 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=137a7952

dev-libs/openssl: Stabilize 1.1.1t-r1 ppc64, #893556

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
index e7fb7976c194..5ea6cdd31991 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     6ec06c4856dc2e53f77295594b97d8825a3b564b
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 15 03:12:53 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Mar 15 03:12:53 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ec06c48

dev-libs/openssl: add blocker on unpatched openssh

Unpatched OpenSSH will think it needs a rebuild before working. A blocker
isn't perfect here but it's better than nothing.

Note that it's likely the running sshd will still need a restart anyway
if people haven't upgraded yet, so not keywording yet + will likely do a news
item.

Reference: 268d1040b0682edf6f042269a33a32315590547b
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.1.0.ebuild | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.1.0.ebuild b/dev-libs/openssl/openssl-3.1.0.ebuild
index 802f9f3870be..d13af77736ea 100644
--- a/dev-libs/openssl/openssl-3.1.0.ebuild
+++ b/dev-libs/openssl/openssl-3.1.0.ebuild
@@ -16,8 +16,10 @@ if [[ ${PV} == 9999 ]] ; then
 
 	inherit git-r3
 else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	SRC_URI="
+		mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+	"
 	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
 fi
 
@@ -29,6 +31,7 @@ IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compre
 RESTRICT="!test? ( test )"
 
 COMMON_DEPEND="
+	!<net-misc/openssh-9.2_p1-r3
 	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 "
 BDEPEND="

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     4abe2ab7c01d53b1eb4600c2ebf914eebf6e697d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 14 19:47:49 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Mar 14 19:48:35 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4abe2ab7

dev-libs/openssl: add 3.1.0 (unkeyworded)

Briefly unkeyworded for some testing but I don't expect this to last long.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.1.0.ebuild | 270 ++++++++++++++++++++++++++++++++++
 2 files changed, 272 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index f45d7d6c5109..46d864d06642 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -7,3 +7,5 @@ DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e85
 DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b
 DIST openssl-3.0.8.tar.gz 15151328 BLAKE2B e163cc9b8b458f72405a2f1bde3811c8d0eb22e8b08ff5608ec64799975f1546dcdce31466b8a1d5ed29bc90d19aa6017d711987c81b71f4b20e279828cf753a SHA512 8ce10be000d7d4092c8efc5b96b1d2f7da04c1c3a624d3a7923899c6b1de06f369016be957e36e8ab6d4c9102eaeec5d1973295d547f7893a7f11f132ae42b0d
 DIST openssl-3.0.8.tar.gz.asc 833 BLAKE2B 1949801150e254e9be648f33014a4a16f803b42ca5a302c3942d377013e983e0ea0cca8aed594e3f9ecde26c6e31d222581e991af5fae6cd451d7ee83541f4bb SHA512 e1c04f1179aded228b39005fd9e9f6f75aedafb938b77ac58c97a00973eb412d93b92ad1c447332a5d96850b62b01093502928e6c190bdd0234a94c4e815d2a6
+DIST openssl-3.1.0.tar.gz 15525381 BLAKE2B 9212a7fb13f6dee7746721ee406af56ae1b48ec58974c002465d2b0205839eb5ee0483383aa9924fc3e4168ebd34e1a5819480cf10aa318994d7171e54c07108 SHA512 71cc75c7700f445c616e382b76263ad2e4072beec0232458baf3d9891b8b64a7ad0cac4b4d24b727b2b7dcd100c78606fd48eba98a67eccd5f336e3d626ca713
+DIST openssl-3.1.0.tar.gz.asc 488 BLAKE2B f4a844e3db2c2bdf42b6f811d16cc2077cacf713d20474d94e2d0180a6f97eadf4f03522e9fed478d263d680d88091dc2bc48e7ebb15d049bc57ee7ed64c7fbb SHA512 8d542e6471b745822d6cd889c5b168841b4366ee9a96edc2ab5b44fa1bd1b75308422aed312f1bd6e6a3c3e306eceaa95ce9bb4d0aa3e8ff86cb0fd92a7e61ea

diff --git a/dev-libs/openssl/openssl-3.1.0.ebuild b/dev-libs/openssl/openssl-3.1.0.ebuild
new file mode 100644
index 000000000000..802f9f3870be
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.1.0.ebuild
@@ -0,0 +1,270 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+PATCHES=(
+	"${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install_sw
+	if use fips; then
+		emake DESTDIR="${D}" install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     1c533645f7470d878b3f1a77eea37529d71fd1a9
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 13 20:49:19 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Mar 13 20:49:19 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c533645

dev-libs/openssl: update openpgp-keys version

Closes: https://bugs.gentoo.org/889712
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1s.ebuild   | 4 ++--
 dev-libs/openssl/openssl-3.0.7-r1.ebuild | 4 ++--
 dev-libs/openssl/openssl-3.0.7-r4.ebuild | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1s.ebuild b/dev-libs/openssl/openssl-1.1.1s.ebuild
index a47367ffab4c..ae35bd52b8b8 100644
--- a/dev-libs/openssl/openssl-1.1.1s.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1s.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -32,7 +32,7 @@ BDEPEND="
 		sys-devel/bc
 		kernel_linux? ( sys-process/procps )
 	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20221101 )"
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
 PDEPEND="app-misc/ca-certificates"
 
 # force upgrade to prevent broken login, bug #696950

diff --git a/dev-libs/openssl/openssl-3.0.7-r1.ebuild b/dev-libs/openssl/openssl-3.0.7-r1.ebuild
index 732cdb499d4b..a1bcc6a59545 100644
--- a/dev-libs/openssl/openssl-3.0.7-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -40,7 +40,7 @@ BDEPEND="
 		sys-devel/bc
 		sys-process/procps
 	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20221101 )"
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
 
 DEPEND="${COMMON_DEPEND}"
 RDEPEND="${COMMON_DEPEND}"

diff --git a/dev-libs/openssl/openssl-3.0.7-r4.ebuild b/dev-libs/openssl/openssl-3.0.7-r4.ebuild
index 9b47e61386dc..54d8d66651f8 100644
--- a/dev-libs/openssl/openssl-3.0.7-r4.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r4.ebuild
@@ -40,7 +40,7 @@ BDEPEND="
 		sys-devel/bc
 		sys-process/procps
 	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20221101 )"
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
 
 DEPEND="${COMMON_DEPEND}"
 RDEPEND="${COMMON_DEPEND}"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     16ddb7d5254ba3dc499c0698235dca32d2a6e014
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 11 18:00:23 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Mar 11 18:01:37 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16ddb7d5

dev-libs/openssl: backport ebuild changes from 3.x

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r1.ebuild | 71 ++++++++++++++-----------------
 1 file changed, 32 insertions(+), 39 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
index a724839c80c5..e7fb7976c194 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
@@ -75,13 +75,6 @@ src_unpack() {
 }
 
 src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.4 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
 	# Make sure we only ever touch Makefile.org and avoid patching a file
 	# that gets blown away anyways by the Configure script in src_configure
 	rm -f Makefile
@@ -99,25 +92,6 @@ src_prepare() {
 		rm test/recipes/80-test_ssl_new.t || die
 	fi
 
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
 
 	# Remove test target when FEATURES=test isn't set
 	if ! use test ; then
@@ -140,19 +114,34 @@ src_prepare() {
 			Configurations/10-main.conf || die
 	fi
 
-	local sslout=$(./gentoo.config)
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-	local config="perl Configure"
-	[[ -z ${sslout} ]] && config="sh config -v"
-
 	# The config script does stupid stuff to prompt the user.  Kill it.
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	edo ${config} ${sslout} --test-sanity
-
-	multilib_copy_sources
 }
 
-multilib_src_configure() {
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
 	# bug #197996
 	unset APPS
 	# bug #312551
@@ -162,6 +151,10 @@ multilib_src_configure() {
 
 	tc-export AR CC CXX RANLIB RC
 
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
 	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
 
 	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
@@ -178,10 +171,10 @@ multilib_src_configure() {
 	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
 	#fi
 
-	local sslout=$(./gentoo.config)
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
 	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="perl Configure"
-	[[ -z ${sslout} ]] && config="sh config -v"
+	local config=( perl "${S}/Configure" )
+	[[ -z ${sslout} ]] && config=( sh "${S}/config" -v )
 
 	# "disable-deprecated" option breaks too many consumers.
 	# Don't set it without thorough revdeps testing.
@@ -219,7 +212,7 @@ multilib_src_configure() {
 		threads
 	)
 
-	edo ${config} "${myeconfargs[@]}"
+	edo "${config[@]}" "${myeconfargs[@]}"
 }
 
 multilib_src_compile() {

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     c1618af0a54e0efcfc91bd690f13c429565c065a
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 11 17:18:04 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Mar 11 18:01:36 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1618af0

dev-libs/openssl: drop commented KEYWORDS

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.8-r1.ebuild | 1 -
 1 file changed, 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.8-r1.ebuild b/dev-libs/openssl/openssl-3.0.8-r1.ebuild
index 5dce04cf6b4f..ea11e22eb155 100644
--- a/dev-libs/openssl/openssl-3.0.8-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.8-r1.ebuild
@@ -18,7 +18,6 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
 	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
 fi
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     f941d0dde58b0bc2d2c563250771de2de353accd
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 11 06:04:55 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Mar 11 16:51:02 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f941d0dd

dev-libs/openssl: drop multilib_copy_sources

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.8-r1.ebuild | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.8-r1.ebuild b/dev-libs/openssl/openssl-3.0.8-r1.ebuild
index 33e696530c76..5dce04cf6b4f 100644
--- a/dev-libs/openssl/openssl-3.0.8-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.8-r1.ebuild
@@ -108,8 +108,6 @@ src_prepare() {
 		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
 		rm test/recipes/80-test_ssl_new.t || die
 	fi
-
-	multilib_copy_sources
 }
 
 src_configure() {
@@ -197,7 +195,7 @@ multilib_src_configure() {
 		threads
 	)
 
-	edo perl Configure "${myeconfargs[@]}"
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
 }
 
 multilib_src_compile() {

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     71654452a1a3503eee95858b125e1beb6ca34686
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 11 05:58:38 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Mar 11 16:51:01 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71654452

dev-libs/openssl: drop sanity test from src_prepare

Configure doesn't do anything special when we pass --test-sanity to it;
it just ignores the option entirely.

Also move more configurey things to src_configure.

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.8-r1.ebuild | 28 ++++++++++++----------------
 1 file changed, 12 insertions(+), 16 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.8-r1.ebuild b/dev-libs/openssl/openssl-3.0.8-r1.ebuild
index d809d357d0fb..33e696530c76 100644
--- a/dev-libs/openssl/openssl-3.0.8-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.8-r1.ebuild
@@ -92,13 +92,6 @@ src_unpack() {
 }
 
 src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.4 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
 	# Make sure we only ever touch Makefile.org and avoid patching a file
 	# that gets blown away anyways by the Configure script in src_configure
 	rm -f Makefile
@@ -116,6 +109,13 @@ src_prepare() {
 		rm test/recipes/80-test_ssl_new.t || die
 	fi
 
+	multilib_copy_sources
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
 	# Quiet out unknown driver argument warnings since openssl
 	# doesn't have well-split CFLAGS and we're making it even worse
 	# and 'make depend' uses -Werror for added fun (bug #417795 again)
@@ -134,14 +134,6 @@ src_prepare() {
 
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 
-	local sslout=$(./gentoo.config)
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-	edo perl Configure ${sslout} --test-sanity
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
 	# bug #197996
 	unset APPS
 	# bug #312551
@@ -151,6 +143,10 @@ multilib_src_configure() {
 
 	tc-export AR CC CXX RANLIB RC
 
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
 	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
 
 	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
@@ -167,7 +163,7 @@ multilib_src_configure() {
 	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
 	#fi
 
-	local sslout=$(./gentoo.config)
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
 	einfo "Using configuration: ${sslout:-(openssl knows best)}"
 
 	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     76f8af3f0ac6bd939ca6c837d0bba99098ac6ce0
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 11 05:50:36 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Mar 11 16:51:01 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76f8af3f

dev-libs/openssl: generate fipsmodule.cnf in pkg_preinst

This file contains an hash of the fips.so module, which may change after
src_install due to automatic stripping by the package manager.

README-FIPS.md says this file should be generated on each machine
separately anyway.

This will fail when cross-compiling since we call openssl from ${D}, but
I don't see a better way to handle it.

Only the primary ABI is handled currently: by the time we get to
pkg_preinst, the tools from the secondary ABIs have been clobbered.

Closes: https://bugs.gentoo.org/900625
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../{openssl-3.0.8.ebuild => openssl-3.0.8-r1.ebuild}       | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/dev-libs/openssl/openssl-3.0.8.ebuild b/dev-libs/openssl/openssl-3.0.8-r1.ebuild
similarity index 95%
rename from dev-libs/openssl/openssl-3.0.8.ebuild
rename to dev-libs/openssl/openssl-3.0.8-r1.ebuild
index a5c46e57fff2..d809d357d0fb 100644
--- a/dev-libs/openssl/openssl-3.0.8.ebuild
+++ b/dev-libs/openssl/openssl-3.0.8-r1.ebuild
@@ -222,6 +222,8 @@ multilib_src_install() {
 	emake DESTDIR="${D}" install_sw
 	if use fips; then
 		emake DESTDIR="${D}" install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
 	fi
 
 	if multilib_is_native_abi; then
@@ -257,6 +259,17 @@ multilib_src_install_all() {
 	keepdir ${SSL_CNF_DIR}/private
 }
 
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+}
+
 pkg_postinst() {
 	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
 	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     78eca91ae6d3c4d2fde5b0da419c731863ab0f95
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 26 21:46:11 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Feb 26 21:46:29 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78eca91a

dev-libs/openssl: fix DoubleEmptyLine

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.8.ebuild | 1 -
 1 file changed, 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.8.ebuild b/dev-libs/openssl/openssl-3.0.8.ebuild
index 37799cd36092..a5c46e57fff2 100644
--- a/dev-libs/openssl/openssl-3.0.8.ebuild
+++ b/dev-libs/openssl/openssl-3.0.8.ebuild
@@ -103,7 +103,6 @@ src_prepare() {
 	# that gets blown away anyways by the Configure script in src_configure
 	rm -f Makefile
 
-
 	if ! use vanilla ; then
 		PATCHES+=(
 			# Add patches which are Gentoo-specific customisations here

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     4f09977440c201ea068a3dc3aee04258df29d4b9
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 26 18:26:53 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sun Feb 26 18:26:53 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f099774

dev-libs/openssl: Stabilize 1.1.1t-r1 arm64, #893556

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
index 7261dbf43506..a724839c80c5 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     77ffa041609f4f1b80aec71c781eb12fbc749487
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  8 01:56:38 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb  8 01:56:38 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77ffa041

dev-libs/openssl: Stabilize 1.1.1t-r1 amd64, #893556

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
index 6f5f892f56a6..89d9f7f6c010 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     93af482b2413c2215a41fee877105c1e5e29e702
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  8 01:55:05 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb  8 01:55:05 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93af482b

dev-libs/openssl: Stabilize 1.1.1t-r1 arm, #893556

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
index 7ba0355f1114..6f5f892f56a6 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     d06970048f80989bd42e225521661e2469f54a32
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  8 01:18:34 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb  8 01:18:34 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0697004

dev-libs/openssl: forward ~ppc64

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.8.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.8.ebuild b/dev-libs/openssl/openssl-3.0.8.ebuild
index 4b7932289c61..e259080c01c3 100644
--- a/dev-libs/openssl/openssl-3.0.8.ebuild
+++ b/dev-libs/openssl/openssl-3.0.8.ebuild
@@ -19,7 +19,7 @@ else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~riscv ~s390 ~sparc ~x86"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     453bc0b33c126bf09c3c8d11384a9ab477d33cc2
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  8 01:17:31 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb  8 01:17:31 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=453bc0b3

dev-libs/openssl: Keyword 3.0.7-r4 ppc64, #886243

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.7-r4.ebuild b/dev-libs/openssl/openssl-3.0.7-r4.ebuild
index 8e3b2c022af1..9b47e61386dc 100644
--- a/dev-libs/openssl/openssl-3.0.7-r4.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r4.ebuild
@@ -19,7 +19,7 @@ else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~riscv ~s390 ~sparc ~x86"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     2f1b04b5bcca6dffcf400496db2e1dd8f8c4f0aa
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  8 01:14:24 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb  8 01:14:24 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2f1b04b5

dev-libs/openssl: Stabilize 1.1.1t-r1 x86, #893556

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
index f16e69f03a73..7ba0355f1114 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     ca59d8299a2dff39928b0dcf4f1dc5473df3570a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  8 01:03:50 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb  8 01:03:50 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ca59d829

dev-libs/openssl: Stabilize 1.1.1t-r1 ppc, #893556

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1t-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
index 94cbd598ce40..f16e69f03a73 100644
--- a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     2bfbe8f9be6a224b0f7c0c69bef32eca1cb4b833
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Feb  7 20:32:31 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Feb  7 20:32:31 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2bfbe8f9

dev-libs/openssl: drop 1.1.1s-r2

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1s-r2.ebuild | 340 ------------------------------
 1 file changed, 340 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1s-r2.ebuild b/dev-libs/openssl/openssl-1.1.1s-r2.ebuild
deleted file mode 100644
index e9c80f3f1ea3..000000000000
--- a/dev-libs/openssl/openssl-1.1.1s-r2.ebuild
+++ /dev/null
@@ -1,340 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
-
-MY_P=${P/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-if [[ ${PV} != *_pre* ]] ; then
-	#KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-	KEYWORDS=""
-fi
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		kernel_linux? ( sys-process/procps )
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20221101 )"
-PDEPEND="app-misc/ca-certificates"
-
-# force upgrade to prevent broken login, bug #696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	# General patches which are suitable to always apply
-	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.4 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# - Make sure the man pages are suffixed (bug #302165)
-	# - Don't bother building man pages if they're disabled
-	# - Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
-		# use GNU ld full option, not to confuse it on Solaris
-		sed -i \
-			-e 's/-Wl,-M,/-Wl,--version-script=/' \
-			-e 's/-Wl,-h,/-Wl,--soname=/' \
-			Configurations/10-main.conf || die
-
-		# fix building on Solaris 10
-		# https://github.com/openssl/openssl/issues/6333
-		sed -i \
-			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
-			Configurations/10-main.conf || die
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-	local config="perl Configure"
-	[[ -z ${sslout} ]] && config="sh config -v"
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	edo ${config} ${sslout} --test-sanity
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="perl Configure"
-	[[ -z ${sslout} ]] && config="sh config -v"
-
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		${ec_nistp_64_gcc_128}
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use_ssl sslv3 ssl3)
-		$(use_ssl sslv3 ssl3-method)
-		$(use_ssl asm)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl tls-heartbeat heartbeats)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= edo ${config} "${myeconfargs[@]}"
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
-	dodir /usr
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*}
-		d=${d#./}
-		m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# Fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m}
-
-		# Locate any symlinks that point to this man page
-		# We assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-
-			rm -f ${d}/${s}
-
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     b70f35884e163fe19b5035113b12b66072195206
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Feb  7 20:31:46 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Feb  7 20:32:01 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b70f3588

dev-libs/openssl: Keyword 3.0.7-r4, 3.0.8 arm, #886243

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r4.ebuild | 2 +-
 dev-libs/openssl/openssl-3.0.8.ebuild    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.7-r4.ebuild b/dev-libs/openssl/openssl-3.0.7-r4.ebuild
index 38e487d6d1f6..8e3b2c022af1 100644
--- a/dev-libs/openssl/openssl-3.0.7-r4.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r4.ebuild
@@ -19,7 +19,7 @@ else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-	KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~riscv ~s390 ~sparc ~x86"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~riscv ~s390 ~sparc ~x86"
 fi
 
 S="${WORKDIR}"/${MY_P}

diff --git a/dev-libs/openssl/openssl-3.0.8.ebuild b/dev-libs/openssl/openssl-3.0.8.ebuild
index 9672b67fb367..4b7932289c61 100644
--- a/dev-libs/openssl/openssl-3.0.8.ebuild
+++ b/dev-libs/openssl/openssl-3.0.8.ebuild
@@ -19,7 +19,7 @@ else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-	KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~riscv ~s390 ~sparc ~x86"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~riscv ~s390 ~sparc ~x86"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     1a4e9077e7eda7129241945b2d304da1fe0bda2e
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Tue Feb  7 19:45:31 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Feb  7 20:05:35 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a4e9077

dev-libs/openssl: update 1.1.1 match recent changes in 3.x ebuilds

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 ...nssl-1.1.1t.ebuild => openssl-1.1.1t-r1.ebuild} | 79 ++--------------------
 1 file changed, 6 insertions(+), 73 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1t.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
similarity index 78%
rename from dev-libs/openssl/openssl-1.1.1t.ebuild
rename to dev-libs/openssl/openssl-1.1.1t-r1.ebuild
index 7ac17c73c0da..94cbd598ce40 100644
--- a/dev-libs/openssl/openssl-1.1.1t.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
@@ -98,19 +98,6 @@ src_prepare() {
 		rm test/recipes/80-test_ssl_new.t || die
 	fi
 
-	# - Make sure the man pages are suffixed (bug #302165)
-	# - Don't bother building man pages if they're disabled
-	# - Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
 	# Quiet out unknown driver argument warnings since openssl
 	# doesn't have well-split CFLAGS and we're making it even worse
 	# and 'make depend' uses -Werror for added fun (bug #417795 again)
@@ -231,34 +218,10 @@ multilib_src_configure() {
 		threads
 	)
 
-	CFLAGS= LDFLAGS= edo ${config} "${myeconfargs[@]}"
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
+	edo ${config} "${myeconfargs[@]}"
 }
 
 multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-
 	emake all
 }
 
@@ -267,10 +230,12 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
-	dodir /usr
+	emake DESTDIR="${D}" install_sw
 
-	emake DESTDIR="${D}" install
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs
+	fi
 
 	# This is crappy in that the static archives are still built even
 	# when USE=static-libs. But this is due to a failing in the openssl
@@ -292,38 +257,6 @@ multilib_src_install_all() {
 	# Create the certs directory
 	keepdir ${SSL_CNF_DIR}/certs
 
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*}
-		d=${d#./}
-		m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# Fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m}
-
-		# Locate any symlinks that point to this man page
-		# We assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-
-			rm -f ${d}/${s}
-
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
 	# bug #254521
 	dodir /etc/sandbox.d
 	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     9244da7eb56662070fd787a5934fd985701894ab
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Feb  4 03:18:20 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Feb  4 03:22:46 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9244da7e

dev-libs/openssl: drop obsolete 'emake depend'

INSTALL.md claims this target is obsolete since OpenSSL 1.1.0.

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r4.ebuild | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.7-r4.ebuild b/dev-libs/openssl/openssl-3.0.7-r4.ebuild
index 0fd8cec1764e..38e487d6d1f6 100644
--- a/dev-libs/openssl/openssl-3.0.7-r4.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r4.ebuild
@@ -205,10 +205,6 @@ multilib_src_configure() {
 }
 
 multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-
 	emake build_sw
 
 	if multilib_is_native_abi; then

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     bf435595a9b979a91898c1d86958cb776a31b192
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Feb  4 02:53:24 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Feb  4 03:13:53 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf435595

dev-libs/openssl: drop Makefile CFLAGS hackery

From what I can tell, the current build system respects CFLAGS without
any intervention.

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r4.ebuild | 23 +----------------------
 1 file changed, 1 insertion(+), 22 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.7-r4.ebuild b/dev-libs/openssl/openssl-3.0.7-r4.ebuild
index 6921c7f98501..0fd8cec1764e 100644
--- a/dev-libs/openssl/openssl-3.0.7-r4.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r4.ebuild
@@ -201,28 +201,7 @@ multilib_src_configure() {
 		threads
 	)
 
-	CFLAGS= LDFLAGS= edo perl Configure "${myeconfargs[@]}"
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile \
-		|| die
+	edo perl Configure "${myeconfargs[@]}"
 }
 
 multilib_src_compile() {

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     908717bbd9e9d664b1dc61cb4b8cc478a2479359
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Feb  4 02:21:52 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Feb  4 03:13:53 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=908717bb

dev-libs/openssl: remove broken code to prefix manpages

The man pages already have suffix applied to the section number which
will prevent any collisions.

Adding a prefix just makes the proper man pages harder to locate.

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r4.ebuild | 293 +++++++++++++++++++++++++++++++
 1 file changed, 293 insertions(+)

diff --git a/dev-libs/openssl/openssl-3.0.7-r4.ebuild b/dev-libs/openssl/openssl-3.0.7-r4.ebuild
new file mode 100644
index 000000000000..26cc0f5113f2
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.7-r4.ebuild
@@ -0,0 +1,293 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+	KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~riscv ~s390 ~sparc ~x86"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20221101 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+PATCHES=(
+	"${FILESDIR}"/${P}-x509-CVE-2022-3996.patch
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.4 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# - Make sure the man pages are suffixed (bug #302165)
+	# - Don't bother building man pages if they're disabled
+	# - Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	local sslout=$(./gentoo.config)
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+	edo perl Configure ${sslout} --test-sanity
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= edo perl Configure "${myeconfargs[@]}"
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile \
+		|| die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+
+	emake all
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
+	dodir /usr
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     edbe2b02fe0e5cbf2372205fc5ffe0bc51971a69
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Feb  4 02:43:19 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Feb  4 03:13:53 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=edbe2b02

dev-libs/openssl: optimize docs build

Remove hacky sed to disable manpage buliding based on FEATURES.
Skip building docs for non-native abis.
Use upstream default manpage suffix "ossl".

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r4.ebuild | 30 +++++++++++++-----------------
 1 file changed, 13 insertions(+), 17 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.7-r4.ebuild b/dev-libs/openssl/openssl-3.0.7-r4.ebuild
index 26cc0f5113f2..6921c7f98501 100644
--- a/dev-libs/openssl/openssl-3.0.7-r4.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r4.ebuild
@@ -116,19 +116,6 @@ src_prepare() {
 		rm test/recipes/80-test_ssl_new.t || die
 	fi
 
-	# - Make sure the man pages are suffixed (bug #302165)
-	# - Don't bother building man pages if they're disabled
-	# - Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
 	# Quiet out unknown driver argument warnings since openssl
 	# doesn't have well-split CFLAGS and we're making it even worse
 	# and 'make depend' uses -Werror for added fun (bug #417795 again)
@@ -243,7 +230,11 @@ multilib_src_compile() {
 	# that it's -j1 as the code itself serializes subdirs
 	emake -j1 depend
 
-	emake all
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
 }
 
 multilib_src_test() {
@@ -253,10 +244,15 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
-	dodir /usr
+	emake DESTDIR="${D}" install_sw
+	if use fips; then
+		emake DESTDIR="${D}" install_fips
+	fi
 
-	emake DESTDIR="${D}" install
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+	fi
 
 	# This is crappy in that the static archives are still built even
 	# when USE=static-libs. But this is due to a failing in the openssl

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     1cb751e862be780084c4d9a1ae09bc19c783b55d
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Feb  4 01:36:14 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Feb  4 01:36:14 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1cb751e8

dev-libs/openssl: replace c_rehash with openssl rehash

Bug: https://bugs.gentoo.org/855494
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../openssl/{openssl-1.1.1s-r1.ebuild => openssl-1.1.1s-r2.ebuild}  | 6 +++---
 .../openssl/{openssl-3.0.7-r2.ebuild => openssl-3.0.7-r3.ebuild}    | 5 ++---
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1s-r1.ebuild b/dev-libs/openssl/openssl-1.1.1s-r2.ebuild
similarity index 98%
rename from dev-libs/openssl/openssl-1.1.1s-r1.ebuild
rename to dev-libs/openssl/openssl-1.1.1s-r2.ebuild
index 910d8fcfbda4..e9c80f3f1ea3 100644
--- a/dev-libs/openssl/openssl-1.1.1s-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1s-r2.ebuild
@@ -22,7 +22,7 @@ fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 
-RDEPEND=">=app-misc/c_rehash-1.7-r1
+RDEPEND="
 	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
 DEPEND="${RDEPEND}"
 BDEPEND="
@@ -334,7 +334,7 @@ multilib_src_install_all() {
 }
 
 pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
 	eend $?
 }

diff --git a/dev-libs/openssl/openssl-3.0.7-r2.ebuild b/dev-libs/openssl/openssl-3.0.7-r3.ebuild
similarity index 98%
rename from dev-libs/openssl/openssl-3.0.7-r2.ebuild
rename to dev-libs/openssl/openssl-3.0.7-r3.ebuild
index e83dd0df830b..4c45fff5299e 100644
--- a/dev-libs/openssl/openssl-3.0.7-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r3.ebuild
@@ -30,7 +30,6 @@ IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compre
 RESTRICT="!test? ( test )"
 
 COMMON_DEPEND="
-	>=app-misc/c_rehash-1.7-r1
 	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 "
 BDEPEND="
@@ -320,7 +319,7 @@ multilib_src_install_all() {
 }
 
 pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
 	eend $?
 }

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     9c414b3f9c6e171687b801cc3daa7c6af698491c
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 15 01:48:10 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Jan 15 01:54:16 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c414b3f

dev-libs/openssl: tweak config/Configure for 1.1.1 branch

If gentoo.config succeeds, call "perl Configure ...". This uses perl
from PATH to avoid issue on prefix, and bypasses the funky config shell
script.

If gentoo.config fails, call "sh config -v ...". This uses sh from PATH to
avoid any issues on prefix, and produces verbose output for the build
log.

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1s-r1.ebuild | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1s-r1.ebuild b/dev-libs/openssl/openssl-1.1.1s-r1.ebuild
index e2f32f1b8861..910d8fcfbda4 100644
--- a/dev-libs/openssl/openssl-1.1.1s-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1s-r1.ebuild
@@ -132,11 +132,6 @@ src_prepare() {
 
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 
-	# Prefixify Configure shebang (bug #141906)
-	sed \
-		-e "1s,/usr/bin/env,${BROOT}&," \
-		-i Configure || die
-
 	# Remove test target when FEATURES=test isn't set
 	if ! use test ; then
 		sed \
@@ -160,12 +155,12 @@ src_prepare() {
 
 	local sslout=$(./gentoo.config)
 	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
+	local config="perl Configure"
+	[[ -z ${sslout} ]] && config="sh config -v"
 
 	# The config script does stupid stuff to prompt the user.  Kill it.
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	edo ./${config} ${sslout} --test-sanity || die "I AM NOT SANE"
+	edo ${config} ${sslout} --test-sanity
 
 	multilib_copy_sources
 }
@@ -198,8 +193,8 @@ multilib_src_configure() {
 
 	local sslout=$(./gentoo.config)
 	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
+	local config="perl Configure"
+	[[ -z ${sslout} ]] && config="sh config -v"
 
 	# "disable-deprecated" option breaks too many consumers.
 	# Don't set it without thorough revdeps testing.
@@ -237,7 +232,7 @@ multilib_src_configure() {
 		threads
 	)
 
-	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
+	CFLAGS= LDFLAGS= edo ${config} "${myeconfargs[@]}"
 
 	# Clean out hardcoded flags that openssl uses
 	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     35d5e203ea11a89c95364f1e66d0673d7da9c24b
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 15 01:18:59 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Jan 15 01:18:59 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35d5e203

dev-libs/openssl: always call Configure directly

Since 2f44c815, config has been a wrapper that simply passes its
arguments to Configure.

We can call Configure directly, using perl from PATH to avoid any
shebang issues on prefix.

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r2.ebuild | 21 ++-------------------
 1 file changed, 2 insertions(+), 19 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.7-r2.ebuild b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
index b32f5c40c02c..e83dd0df830b 100644
--- a/dev-libs/openssl/openssl-3.0.7-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
@@ -148,24 +148,9 @@ src_prepare() {
 
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 
-	# Prefixify Configure shebang (bug #141906)
-	sed \
-		-e "1s,/usr/bin/env,${BROOT}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
 	local sslout=$(./gentoo.config)
 	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# The config script does stupid stuff to prompt the user. Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config ${sslout} --test-sanity || die "I AM NOT SANE"
+	edo perl Configure ${sslout} --test-sanity
 
 	multilib_copy_sources
 }
@@ -198,8 +183,6 @@ multilib_src_configure() {
 
 	local sslout=$(./gentoo.config)
 	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
 
 	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
 	local myeconfargs=(
@@ -232,7 +215,7 @@ multilib_src_configure() {
 		threads
 	)
 
-	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
+	CFLAGS= LDFLAGS= edo perl Configure "${myeconfargs[@]}"
 
 	# Clean out hardcoded flags that openssl uses
 	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     2a91638573ba9e4b0dbca6c817c3fa318c47416c
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 13 20:42:09 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Jan 13 20:42:53 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a916385

dev-libs/openssl: fix config call in src_prepare

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1s-r1.ebuild | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1s-r1.ebuild b/dev-libs/openssl/openssl-1.1.1s-r1.ebuild
index cadb162ac5ec..e2f32f1b8861 100644
--- a/dev-libs/openssl/openssl-1.1.1s-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1s-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -160,10 +160,12 @@ src_prepare() {
 
 	local sslout=$(./gentoo.config)
 	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
 
 	# The config script does stupid stuff to prompt the user.  Kill it.
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config ${sslout} --test-sanity || die "I AM NOT SANE"
+	edo ./${config} ${sslout} --test-sanity || die "I AM NOT SANE"
 
 	multilib_copy_sources
 }

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     470df1b713ec8e645ad07d1df41b724dbf191be7
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 13 17:55:37 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Jan 13 17:55:37 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=470df1b7

dev-libs/openssl: Keyword 3.0.7-r2 ppc, #886243

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r2.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.7-r2.ebuild b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
index 3ce576abc93d..b32f5c40c02c 100644
--- a/dev-libs/openssl/openssl-3.0.7-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -19,7 +19,7 @@ else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-	KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~riscv ~s390 ~sparc ~x86"
+	KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~riscv ~s390 ~sparc ~x86"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Andreas K. Hüttel]

commit:     8263780cbef6fd6d62bdd57dc14373f869739e77
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Sun Jan  8 18:24:05 2023 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Sun Jan  8 18:24:52 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8263780c

dev-libs/openssl: backport configuration improvements to 1.1.1s-r1 (unkeyworded)

Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1s-r1.ebuild | 343 ++++++++++++++++++++++++++++++
 1 file changed, 343 insertions(+)

diff --git a/dev-libs/openssl/openssl-1.1.1s-r1.ebuild b/dev-libs/openssl/openssl-1.1.1s-r1.ebuild
new file mode 100644
index 000000000000..cadb162ac5ec
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1s-r1.ebuild
@@ -0,0 +1,343 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=${P/_/-}
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+if [[ ${PV} != *_pre* ]] ; then
+	#KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS=""
+fi
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		kernel_linux? ( sys-process/procps )
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20221101 )"
+PDEPEND="app-misc/ca-certificates"
+
+# force upgrade to prevent broken login, bug #696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	# General patches which are suitable to always apply
+	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.4 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# - Make sure the man pages are suffixed (bug #302165)
+	# - Don't bother building man pages if they're disabled
+	# - Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (bug #141906)
+	sed \
+		-e "1s,/usr/bin/env,${BROOT}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+		# use GNU ld full option, not to confuse it on Solaris
+		sed -i \
+			-e 's/-Wl,-M,/-Wl,--version-script=/' \
+			-e 's/-Wl,-h,/-Wl,--soname=/' \
+			Configurations/10-main.conf || die
+
+		# fix building on Solaris 10
+		# https://github.com/openssl/openssl/issues/6333
+		sed -i \
+			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
+			Configurations/10-main.conf || die
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config ${sslout} --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		${ec_nistp_64_gcc_128}
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use_ssl sslv3 ssl3)
+		$(use_ssl sslv3 ssl3-method)
+		$(use_ssl asm)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl tls-heartbeat heartbeats)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
+	dodir /usr
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*}
+		d=${d#./}
+		m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# Fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m}
+
+		# Locate any symlinks that point to this man page
+		# We assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+
+			rm -f ${d}/${s}
+
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Andreas K. Hüttel]

commit:     b593e400df801e096ab162b550fa6e4333038775
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 18 16:09:27 2022 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Sun Dec 18 16:09:47 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b593e400

dev-libs/openssl: keyword 3.0.7-r2 for ~hppa

Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.7-r2.ebuild b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
index ed53a116cbbd..17ccd678b293 100644
--- a/dev-libs/openssl/openssl-3.0.7-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
@@ -19,7 +19,7 @@ else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-	KEYWORDS="~alpha ~amd64 ~arm64 ~ia64 ~loong ~m68k ~mips ~riscv ~s390 ~sparc ~x86"
+	KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~riscv ~s390 ~sparc ~x86"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Andreas K. Hüttel]

commit:     560212a3e4112349b2b10c0f8707334aa125b395
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 18 11:15:17 2022 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Sun Dec 18 11:15:33 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=560212a3

dev-libs/openssl: keyword 3.0.7-r2 for ~sparc

Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.7-r2.ebuild b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
index 82448a37129b..ed53a116cbbd 100644
--- a/dev-libs/openssl/openssl-3.0.7-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
@@ -19,7 +19,7 @@ else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-	KEYWORDS="~alpha ~amd64 ~arm64 ~ia64 ~loong ~m68k ~mips ~riscv ~s390 ~x86"
+	KEYWORDS="~alpha ~amd64 ~arm64 ~ia64 ~loong ~m68k ~mips ~riscv ~s390 ~sparc ~x86"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Andreas K. Hüttel]

commit:     769b2965597f2a5c61c11f5d78daa73d8c3669bf
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 18 02:32:20 2022 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Sun Dec 18 02:32:20 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=769b2965

dev-libs/openssl: keyword 3.0.7-r2 for ~s390

Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.7-r2.ebuild b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
index f16bc2e1aba6..35089e6f56f5 100644
--- a/dev-libs/openssl/openssl-3.0.7-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
@@ -19,7 +19,7 @@ else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-	KEYWORDS="~alpha ~amd64 ~arm64 ~ia64 ~loong ~m68k ~mips ~riscv"
+	KEYWORDS="~alpha ~amd64 ~arm64 ~ia64 ~loong ~m68k ~mips ~riscv ~s390"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Andreas K. Hüttel]

commit:     265c46688bfa8ee74e59b6af056762068981d766
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 18 02:27:31 2022 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Sun Dec 18 02:27:31 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=265c4668

dev-libs/openssl: keyword 3.0.7-r2 for ~ia64

Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.7-r2.ebuild b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
index 6c4fc5d5cb57..f16bc2e1aba6 100644
--- a/dev-libs/openssl/openssl-3.0.7-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
@@ -19,7 +19,7 @@ else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-	KEYWORDS="~alpha ~amd64 ~arm64 ~loong ~m68k ~mips ~riscv"
+	KEYWORDS="~alpha ~amd64 ~arm64 ~ia64 ~loong ~m68k ~mips ~riscv"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Andreas K. Hüttel]

commit:     78fbc4cc550db9a8457e625fbd7240288a9b283b
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 18 00:18:05 2022 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Sun Dec 18 00:18:29 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78fbc4cc

dev-libs/openssl: keyword 3.0.7-r2 for ~m68k

Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.7-r2.ebuild b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
index 2bccbd686aa0..1bb9088f7ed1 100644
--- a/dev-libs/openssl/openssl-3.0.7-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
@@ -19,7 +19,7 @@ else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-	KEYWORDS="~alpha ~amd64 ~arm64 ~loong ~mips"
+	KEYWORDS="~alpha ~amd64 ~arm64 ~loong ~m68k ~mips"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Andreas K. Hüttel]

commit:     aa9be9e55218700d3ce9d62cb3bb172393962de1
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 17 08:14:19 2022 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Sat Dec 17 08:14:19 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa9be9e5

dev-libs/openssl: keyword 3.0.7-r2 for ~mips

Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.7-r2.ebuild b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
index 4cbd0bd5374b..4ee76298915b 100644
--- a/dev-libs/openssl/openssl-3.0.7-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
@@ -19,7 +19,7 @@ else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-	KEYWORDS="~alpha ~amd64 ~arm64"
+	KEYWORDS="~alpha ~amd64 ~arm64 ~mips"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     95810d977c5ecbb700bd99fccc727013bf054d50
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 16 20:59:16 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 16 20:59:16 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=95810d97

dev-libs/openssl: Stabilize 1.1.1s hppa, #885117

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1s.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1s.ebuild b/dev-libs/openssl/openssl-1.1.1s.ebuild
index 52f934c66d45..cfd42576afdb 100644
--- a/dev-libs/openssl/openssl-1.1.1s.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1s.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     8d33969253f750be5667f0323159157dbd9fdd0c
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 16 20:59:19 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 16 20:59:19 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d339692

dev-libs/openssl: Stabilize 1.1.1s ppc, #885117

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1s.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1s.ebuild b/dev-libs/openssl/openssl-1.1.1s.ebuild
index cfd42576afdb..3bfa37a91882 100644
--- a/dev-libs/openssl/openssl-1.1.1s.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1s.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     ed9bd438d1632c29fc069a7fd756dc029ae2f843
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 16 18:27:44 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 16 18:27:44 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed9bd438

dev-libs/openssl: Keyword 3.0.7-r2 arm64, #886243

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.7-r2.ebuild b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
index 45aab079830a..5ec2da26dfd6 100644
--- a/dev-libs/openssl/openssl-3.0.7-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
@@ -19,7 +19,7 @@ else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-	KEYWORDS="~alpha ~amd64"
+	KEYWORDS="~alpha ~amd64 ~arm64"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Andreas K. Hüttel]

commit:     7f58d222c5764c9efb2c5ab52ada0945913cc808
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 15 22:30:49 2022 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Thu Dec 15 22:31:04 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f58d222

dev-libs/openssl: keyword 3.0.7-r2 for ~amd64

Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.7-r2.ebuild b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
index 888beea7b170..45aab079830a 100644
--- a/dev-libs/openssl/openssl-3.0.7-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
@@ -19,7 +19,7 @@ else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-	KEYWORDS="~alpha"
+	KEYWORDS="~alpha ~amd64"
 fi
 
 S="${WORKDIR}"/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Andreas K. Hüttel]

commit:     ebd3e366699d8fd53614a489d6ad9f4a5359440f
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 15 22:20:37 2022 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Thu Dec 15 22:20:37 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ebd3e366

dev-libs/openssl: Revbump: use config file also in src_prepare

Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7-r2.ebuild | 342 +++++++++++++++++++++++++++++++
 1 file changed, 342 insertions(+)

diff --git a/dev-libs/openssl/openssl-3.0.7-r2.ebuild b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
new file mode 100644
index 000000000000..888beea7b170
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.7-r2.ebuild
@@ -0,0 +1,342 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+	KEYWORDS="~alpha"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	>=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20221101 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+PATCHES=(
+	"${FILESDIR}"/${P}-x509-CVE-2022-3996.patch
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.3 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# - Make sure the man pages are suffixed (bug #302165)
+	# - Don't bother building man pages if they're disabled
+	# - Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (bug #141906)
+	sed \
+		-e "1s,/usr/bin/env,${BROOT}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# The config script does stupid stuff to prompt the user. Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config ${sslout} --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile \
+		|| die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+
+	emake all
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
+	dodir /usr
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*}
+		d=${d#./}
+		m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# Fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m} || die
+
+		# Locate any symlinks that point to this man page
+		# We assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+
+			rm -f ${d}/${s}
+
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     febf14caacb3cb7171cd6e861d9961cb6d6faaa6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 13 18:16:42 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Dec 13 18:16:50 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=febf14ca

dev-libs/openssl: drop 3.0.7

Bug: https://bugs.gentoo.org/885797
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.7.ebuild | 337 ----------------------------------
 1 file changed, 337 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.7.ebuild b/dev-libs/openssl/openssl-3.0.7.ebuild
deleted file mode 100644
index 8bde8401c1ce..000000000000
--- a/dev-libs/openssl/openssl-3.0.7.ebuild
+++ /dev/null
@@ -1,337 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	>=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20221101 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# - Make sure the man pages are suffixed (bug #302165)
-	# - Don't bother building man pages if they're disabled
-	# - Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (bug #141906)
-	sed \
-		-e "1s,/usr/bin/env,${BROOT}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	# The config script does stupid stuff to prompt the user. Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile \
-		|| die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-
-	emake all
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
-	dodir /usr
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*}
-		d=${d#./}
-		m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# Fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m} || die
-
-		# Locate any symlinks that point to this man page
-		# We assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-
-			rm -f ${d}/${s}
-
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     afd37c598220344eef0828528c0e5282515c364d
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 11 18:13:30 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sun Dec 11 18:13:30 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afd37c59

dev-libs/openssl: Stabilize 1.1.1s sparc, #885117

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1s.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1s.ebuild b/dev-libs/openssl/openssl-1.1.1s.ebuild
index 8b227918d226..52f934c66d45 100644
--- a/dev-libs/openssl/openssl-1.1.1s.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1s.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     5b9ffe684775c0f5e88c8c8683b01041ab433c0d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 10 04:48:27 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Dec 10 04:48:27 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b9ffe68

dev-libs/openssl: Stabilize 1.1.1s arm64, #885117

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1s.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1s.ebuild b/dev-libs/openssl/openssl-1.1.1s.ebuild
index 1a7f7ba49afb..6585b0d00025 100644
--- a/dev-libs/openssl/openssl-1.1.1s.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1s.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     4ee793083d77a749629ffd08d37bbd2cc837687c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 10 04:35:39 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Dec 10 04:35:39 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ee79308

dev-libs/openssl: Stabilize 1.1.1s ppc64, #885117

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1s.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1s.ebuild b/dev-libs/openssl/openssl-1.1.1s.ebuild
index 8f9670fb158d..1a7f7ba49afb 100644
--- a/dev-libs/openssl/openssl-1.1.1s.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1s.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     0a43ab1dc2b94aa08b49093dbf6def4777c502c8
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 10 04:20:28 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Dec 10 04:20:28 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a43ab1d

dev-libs/openssl: Stabilize 1.1.1s arm, #885117

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1s.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1s.ebuild b/dev-libs/openssl/openssl-1.1.1s.ebuild
index 1314b4d0326b..892b07fa51b2 100644
--- a/dev-libs/openssl/openssl-1.1.1s.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1s.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     bb7a353742f5b9eec656ac03fd4a68afce9a13fb
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 10 04:20:30 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Dec 10 04:20:30 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb7a3537

dev-libs/openssl: Stabilize 1.1.1s amd64, #885117

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1s.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1s.ebuild b/dev-libs/openssl/openssl-1.1.1s.ebuild
index 892b07fa51b2..8f9670fb158d 100644
--- a/dev-libs/openssl/openssl-1.1.1s.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1s.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     9ffdcaba89a94dc933e722339fe9471ad16af62a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Nov  1 20:13:47 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Nov  1 20:15:14 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ffdcaba

dev-libs/openssl: drop 1.1.1s back to ~arch; fix verify-sig dependency

- Drop 1.1.1s back to ~arch (wasn't supposed to be stabled yet)
- Update dependency on sec-keys/openpgp-keys-openssl for refreshed keys

Bug: https://github.com/openssl/openssl/issues/19566
Bug: https://github.com/openssl/openssl/issues/19567
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1s.ebuild | 4 ++--
 dev-libs/openssl/openssl-3.0.7.ebuild  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1s.ebuild b/dev-libs/openssl/openssl-1.1.1s.ebuild
index 5539a1b32d86..1314b4d0326b 100644
--- a/dev-libs/openssl/openssl-1.1.1s.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1s.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
@@ -32,7 +32,7 @@ BDEPEND="
 		sys-devel/bc
 		kernel_linux? ( sys-process/procps )
 	)
-	verify-sig? ( sec-keys/openpgp-keys-openssl )"
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20221101 )"
 PDEPEND="app-misc/ca-certificates"
 
 # force upgrade to prevent broken login, bug #696950

diff --git a/dev-libs/openssl/openssl-3.0.7.ebuild b/dev-libs/openssl/openssl-3.0.7.ebuild
index 518b44da5f56..8bde8401c1ce 100644
--- a/dev-libs/openssl/openssl-3.0.7.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7.ebuild
@@ -40,7 +40,7 @@ BDEPEND="
 		sys-devel/bc
 		sys-process/procps
 	)
-	verify-sig? ( sec-keys/openpgp-keys-openssl )"
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20221101 )"
 
 DEPEND="${COMMON_DEPEND}"
 RDEPEND="${COMMON_DEPEND}"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[John Helmert III]

commit:     631f1a4debe2b69dff229ba93250c218840d7bfd
Author:     John Helmert III <ajak <AT> gentoo <DOT> org>
AuthorDate: Tue Nov  1 19:36:48 2022 +0000
Commit:     John Helmert III <ajak <AT> gentoo <DOT> org>
CommitDate: Tue Nov  1 19:36:48 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=631f1a4d

dev-libs/openssl: update Manifest

Signed-off-by: John Helmert III <ajak <AT> gentoo.org>

 dev-libs/openssl/Manifest | 2 --
 1 file changed, 2 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index a30619fa0e5b..755c0209561e 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -5,7 +5,5 @@ DIST openssl-1.1.1q.tar.gz 9864061 BLAKE2B fc8fd6a62dc291d0bda328a051e253175fb04
 DIST openssl-1.1.1q.tar.gz.asc 833 BLAKE2B 9311abf47469c3802a84dc9b7427a168ba7717496960e6f84b04e4d9263dea1168493082937a06bcb6ef4169b2ed9b2f36084bbac15b5f7ca5b4c41041c4bab6 SHA512 03a41f29d1713c47bb300e01e36dbd048074076a6a3b9913e2fc9a1b56b726c038978f99e86f9a3e4ea39f72bd82a15965842f6d94210fa9d3474f6f0f68559e
 DIST openssl-1.1.1s.tar.gz 9868981 BLAKE2B ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb SHA512 2ef983f166b5e1bf456ca37938e7e39d58d4cd85e9fc4b5174a05f5c37cc5ad89c3a9af97a6919bcaab128a8a92e4bdc8a045e5d9156d90768da8f73ac67c5b9
 DIST openssl-1.1.1s.tar.gz.asc 858 BLAKE2B d95f0f80d460feac737f84ed629c45aaf5e453103ef202ec7d33cf33b89ad83a9007429433b10754b725d7963b1960e350b64e8bdfe569ad149e26bef462eeca SHA512 aa6e5e940448297a90c46ba162f8e6ee324c2e202a9283328c31f996dc2259dd9f5f981d94d1cf1dd3cc73c44647b473602dacb857b9719bf066931b43b899e6
-DIST openssl-3.0.5.tar.gz 15074407 BLAKE2B 7bf89e042417c003ef02a8bb1278590a52ce4a3d50f66795c66b750f90248840edb0d3352811caaaaff708c7e65b77384142e316916a6c311f1d2b4747f44816 SHA512 782b0df3d0252468aa696bd74a3b661810499819c0df849aa9698ba0e06a845820dc856aac650fced4be234f1271e576d4317ac3ab1406cf0ffe087d695d20fe
-DIST openssl-3.0.5.tar.gz.asc 862 BLAKE2B 24f1839227be7acec45eb6b748cea7be0b5e66b5cf745814861f7290670733936bf1af2c1dc9357439b31a2ca28f418880d63726d4be6fa994902ac95b51e401 SHA512 516da9ef291601400576adaba7271854af3caa23dc1d70116004360f580e4c28fe61d51e86477d341e4c5bf0ca5f98db8264581ed6cc2c8df124da83ad3e40be
 DIST openssl-3.0.7.tar.gz 15107575 BLAKE2B 141881071fa62f056c514e7c653a61c59cc45fe951ec094041e23fb5e619133b7ebbfe31cd8203969c9d8842b8cbc10ec58da67cc181761a11c1cfdd0869df9a SHA512 6c2bcd1cd4b499e074e006150dda906980df505679d8e9d988ae93aa61ee6f8c23c0fa369e2edc1e1a743d7bec133044af11d5ed57633b631ae479feb59e3424
 DIST openssl-3.0.7.tar.gz.asc 858 BLAKE2B bd07a6f656cce817038743caf1131ef8d7a21bf587e706e32771ad9e09cb4821d21b71171a7fe7bb6bece95e9b06cea6d723aae9de8b62049b5a8316578500be SHA512 9093a8a5a990f5f37bd95e7ca55f2371e59242be408ea7d9403bcfc9c8873c022237e13c0ec81881a20607ea46927887a895a82b6f50c6f423b4c54f9ef0cde1

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Robin H. Johnson]

commit:     b125a0435c6ac1f605701c780124584ffd08f01d
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Tue Nov  1 16:03:35 2022 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Tue Nov  1 19:19:49 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b125a043

dev-libs/openssl: cleanup vulnerable

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.5.ebuild | 338 ----------------------------------
 1 file changed, 338 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.5.ebuild b/dev-libs/openssl/openssl-3.0.5.ebuild
deleted file mode 100644
index 83047974b399..000000000000
--- a/dev-libs/openssl/openssl-3.0.5.ebuild
+++ /dev/null
@@ -1,338 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	>=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( sec-keys/openpgp-keys-openssl )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${P}-test-memcmp.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# - Make sure the man pages are suffixed (bug #302165)
-	# - Don't bother building man pages if they're disabled
-	# - Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (bug #141906)
-	sed \
-		-e "1s,/usr/bin/env,${BROOT}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	# The config script does stupid stuff to prompt the user. Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile \
-		|| die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-
-	emake all
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
-	dodir /usr
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*}
-		d=${d#./}
-		m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# Fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m} || die
-
-		# Locate any symlinks that point to this man page
-		# We assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-
-			rm -f ${d}/${s}
-
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Robin H. Johnson]

commit:     b44348a1402e57617265926dd257161f5d15c7c5
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Tue Nov  1 16:00:28 2022 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Tue Nov  1 19:19:43 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b44348a1

dev-libs/openssl: bump, non-security

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.1.1s.ebuild | 339 +++++++++++++++++++++++++++++++++
 2 files changed, 341 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index f6ae5062d044..a30619fa0e5b 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -3,6 +3,8 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1q.tar.gz 9864061 BLAKE2B fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5 SHA512 cb9f184ec4974a3423ef59c8ec86b6bf523d5b887da2087ae58c217249da3246896fdd6966ee9c13aea9e6306783365239197e9f742c508a0e35e5744e3e085f
 DIST openssl-1.1.1q.tar.gz.asc 833 BLAKE2B 9311abf47469c3802a84dc9b7427a168ba7717496960e6f84b04e4d9263dea1168493082937a06bcb6ef4169b2ed9b2f36084bbac15b5f7ca5b4c41041c4bab6 SHA512 03a41f29d1713c47bb300e01e36dbd048074076a6a3b9913e2fc9a1b56b726c038978f99e86f9a3e4ea39f72bd82a15965842f6d94210fa9d3474f6f0f68559e
+DIST openssl-1.1.1s.tar.gz 9868981 BLAKE2B ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb SHA512 2ef983f166b5e1bf456ca37938e7e39d58d4cd85e9fc4b5174a05f5c37cc5ad89c3a9af97a6919bcaab128a8a92e4bdc8a045e5d9156d90768da8f73ac67c5b9
+DIST openssl-1.1.1s.tar.gz.asc 858 BLAKE2B d95f0f80d460feac737f84ed629c45aaf5e453103ef202ec7d33cf33b89ad83a9007429433b10754b725d7963b1960e350b64e8bdfe569ad149e26bef462eeca SHA512 aa6e5e940448297a90c46ba162f8e6ee324c2e202a9283328c31f996dc2259dd9f5f981d94d1cf1dd3cc73c44647b473602dacb857b9719bf066931b43b899e6
 DIST openssl-3.0.5.tar.gz 15074407 BLAKE2B 7bf89e042417c003ef02a8bb1278590a52ce4a3d50f66795c66b750f90248840edb0d3352811caaaaff708c7e65b77384142e316916a6c311f1d2b4747f44816 SHA512 782b0df3d0252468aa696bd74a3b661810499819c0df849aa9698ba0e06a845820dc856aac650fced4be234f1271e576d4317ac3ab1406cf0ffe087d695d20fe
 DIST openssl-3.0.5.tar.gz.asc 862 BLAKE2B 24f1839227be7acec45eb6b748cea7be0b5e66b5cf745814861f7290670733936bf1af2c1dc9357439b31a2ca28f418880d63726d4be6fa994902ac95b51e401 SHA512 516da9ef291601400576adaba7271854af3caa23dc1d70116004360f580e4c28fe61d51e86477d341e4c5bf0ca5f98db8264581ed6cc2c8df124da83ad3e40be
 DIST openssl-3.0.7.tar.gz 15107575 BLAKE2B 141881071fa62f056c514e7c653a61c59cc45fe951ec094041e23fb5e619133b7ebbfe31cd8203969c9d8842b8cbc10ec58da67cc181761a11c1cfdd0869df9a SHA512 6c2bcd1cd4b499e074e006150dda906980df505679d8e9d988ae93aa61ee6f8c23c0fa369e2edc1e1a743d7bec133044af11d5ed57633b631ae479feb59e3424

diff --git a/dev-libs/openssl/openssl-1.1.1s.ebuild b/dev-libs/openssl/openssl-1.1.1s.ebuild
new file mode 100644
index 000000000000..5539a1b32d86
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1s.ebuild
@@ -0,0 +1,339 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=${P/_/-}
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+if [[ ${PV} != *_pre* ]] ; then
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+fi
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		kernel_linux? ( sys-process/procps )
+	)
+	verify-sig? ( sec-keys/openpgp-keys-openssl )"
+PDEPEND="app-misc/ca-certificates"
+
+# force upgrade to prevent broken login, bug #696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	# General patches which are suitable to always apply
+	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# - Make sure the man pages are suffixed (bug #302165)
+	# - Don't bother building man pages if they're disabled
+	# - Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (bug #141906)
+	sed \
+		-e "1s,/usr/bin/env,${BROOT}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+		# use GNU ld full option, not to confuse it on Solaris
+		sed -i \
+			-e 's/-Wl,-M,/-Wl,--version-script=/' \
+			-e 's/-Wl,-h,/-Wl,--soname=/' \
+			Configurations/10-main.conf || die
+
+		# fix building on Solaris 10
+		# https://github.com/openssl/openssl/issues/6333
+		sed -i \
+			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
+			Configurations/10-main.conf || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		${ec_nistp_64_gcc_128}
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use_ssl sslv3 ssl3)
+		$(use_ssl sslv3 ssl3-method)
+		$(use_ssl asm)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl tls-heartbeat heartbeats)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
+	dodir /usr
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*}
+		d=${d#./}
+		m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# Fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m}
+
+		# Locate any symlinks that point to this man page
+		# We assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+
+			rm -f ${d}/${s}
+
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Robin H. Johnson]

commit:     4c40f1c782a71d48b194236040145c171190a25f
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Tue Nov  1 15:47:50 2022 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Tue Nov  1 15:48:02 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c40f1c7

dev-libs/openssl: security bump

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
Bug: https://bugs.gentoo.org/878269

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.0.7.ebuild | 337 ++++++++++++++++++++++++++++++++++
 2 files changed, 339 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index a411ae31d39e..f6ae5062d044 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -5,3 +5,5 @@ DIST openssl-1.1.1q.tar.gz 9864061 BLAKE2B fc8fd6a62dc291d0bda328a051e253175fb04
 DIST openssl-1.1.1q.tar.gz.asc 833 BLAKE2B 9311abf47469c3802a84dc9b7427a168ba7717496960e6f84b04e4d9263dea1168493082937a06bcb6ef4169b2ed9b2f36084bbac15b5f7ca5b4c41041c4bab6 SHA512 03a41f29d1713c47bb300e01e36dbd048074076a6a3b9913e2fc9a1b56b726c038978f99e86f9a3e4ea39f72bd82a15965842f6d94210fa9d3474f6f0f68559e
 DIST openssl-3.0.5.tar.gz 15074407 BLAKE2B 7bf89e042417c003ef02a8bb1278590a52ce4a3d50f66795c66b750f90248840edb0d3352811caaaaff708c7e65b77384142e316916a6c311f1d2b4747f44816 SHA512 782b0df3d0252468aa696bd74a3b661810499819c0df849aa9698ba0e06a845820dc856aac650fced4be234f1271e576d4317ac3ab1406cf0ffe087d695d20fe
 DIST openssl-3.0.5.tar.gz.asc 862 BLAKE2B 24f1839227be7acec45eb6b748cea7be0b5e66b5cf745814861f7290670733936bf1af2c1dc9357439b31a2ca28f418880d63726d4be6fa994902ac95b51e401 SHA512 516da9ef291601400576adaba7271854af3caa23dc1d70116004360f580e4c28fe61d51e86477d341e4c5bf0ca5f98db8264581ed6cc2c8df124da83ad3e40be
+DIST openssl-3.0.7.tar.gz 15107575 BLAKE2B 141881071fa62f056c514e7c653a61c59cc45fe951ec094041e23fb5e619133b7ebbfe31cd8203969c9d8842b8cbc10ec58da67cc181761a11c1cfdd0869df9a SHA512 6c2bcd1cd4b499e074e006150dda906980df505679d8e9d988ae93aa61ee6f8c23c0fa369e2edc1e1a743d7bec133044af11d5ed57633b631ae479feb59e3424
+DIST openssl-3.0.7.tar.gz.asc 858 BLAKE2B bd07a6f656cce817038743caf1131ef8d7a21bf587e706e32771ad9e09cb4821d21b71171a7fe7bb6bece95e9b06cea6d723aae9de8b62049b5a8316578500be SHA512 9093a8a5a990f5f37bd95e7ca55f2371e59242be408ea7d9403bcfc9c8873c022237e13c0ec81881a20607ea46927887a895a82b6f50c6f423b4c54f9ef0cde1

diff --git a/dev-libs/openssl/openssl-3.0.7.ebuild b/dev-libs/openssl/openssl-3.0.7.ebuild
new file mode 100644
index 000000000000..518b44da5f56
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.7.ebuild
@@ -0,0 +1,337 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	>=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( sec-keys/openpgp-keys-openssl )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+PATCHES=(
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# - Make sure the man pages are suffixed (bug #302165)
+	# - Don't bother building man pages if they're disabled
+	# - Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (bug #141906)
+	sed \
+		-e "1s,/usr/bin/env,${BROOT}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	# The config script does stupid stuff to prompt the user. Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile \
+		|| die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+
+	emake all
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
+	dodir /usr
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*}
+		d=${d#./}
+		m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# Fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m} || die
+
+		# Locate any symlinks that point to this man page
+		# We assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+
+			rm -f ${d}/${s}
+
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     17e29d72ab7d349ac79c15291d47eb1a8499265b
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 12 23:40:05 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct 12 23:40:07 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17e29d72

dev-libs/openssl: drop yanked, masked versions

Especially important given many will be unmasking 3.x generally.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   4 -
 dev-libs/openssl/openssl-1.1.1r.ebuild | 339 ---------------------------------
 dev-libs/openssl/openssl-3.0.6.ebuild  | 334 --------------------------------
 3 files changed, 677 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 14c8d59c9155..a411ae31d39e 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -3,9 +3,5 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1q.tar.gz 9864061 BLAKE2B fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5 SHA512 cb9f184ec4974a3423ef59c8ec86b6bf523d5b887da2087ae58c217249da3246896fdd6966ee9c13aea9e6306783365239197e9f742c508a0e35e5744e3e085f
 DIST openssl-1.1.1q.tar.gz.asc 833 BLAKE2B 9311abf47469c3802a84dc9b7427a168ba7717496960e6f84b04e4d9263dea1168493082937a06bcb6ef4169b2ed9b2f36084bbac15b5f7ca5b4c41041c4bab6 SHA512 03a41f29d1713c47bb300e01e36dbd048074076a6a3b9913e2fc9a1b56b726c038978f99e86f9a3e4ea39f72bd82a15965842f6d94210fa9d3474f6f0f68559e
-DIST openssl-1.1.1r.tar.gz 9868506 BLAKE2B ae1f56718d6a9400e9670f1ad1db2bc15bfbefc4fb114c7920c95a193285984d46cb28fe8dfbfa732f7755fb7810b51412f6e23a592d5769af9925026aa912d9 SHA512 73577707f7846af3c53606cb7590872306ba2bce331dc64692acb6d998a95982221dd39948f5f4ef7430897c0430bc61410983c5bac0f8dd88f2d9dbbc305fae
-DIST openssl-1.1.1r.tar.gz.asc 488 BLAKE2B 9308c87f2d7bfcbcaf7f61aad892aeb411e1d600eea085e5e4adb9c24c0f2087f43cdc81615b1dc7bb8a199daca225e10df98c14e33af5be851b4f8394f02dbe SHA512 dcb33a52e646d68e936833ef2170016227e4fc2a1b2741fe9091b76751d66c6601eaa48a085793ec6deb87b641187bdc350afce1f31499c8ab6e02a7ff36f3b4
 DIST openssl-3.0.5.tar.gz 15074407 BLAKE2B 7bf89e042417c003ef02a8bb1278590a52ce4a3d50f66795c66b750f90248840edb0d3352811caaaaff708c7e65b77384142e316916a6c311f1d2b4747f44816 SHA512 782b0df3d0252468aa696bd74a3b661810499819c0df849aa9698ba0e06a845820dc856aac650fced4be234f1271e576d4317ac3ab1406cf0ffe087d695d20fe
 DIST openssl-3.0.5.tar.gz.asc 862 BLAKE2B 24f1839227be7acec45eb6b748cea7be0b5e66b5cf745814861f7290670733936bf1af2c1dc9357439b31a2ca28f418880d63726d4be6fa994902ac95b51e401 SHA512 516da9ef291601400576adaba7271854af3caa23dc1d70116004360f580e4c28fe61d51e86477d341e4c5bf0ca5f98db8264581ed6cc2c8df124da83ad3e40be
-DIST openssl-3.0.6.tar.gz 15101953 BLAKE2B 08e1217dc2fb874062c0f2248257c340dac6e24edd13310f4f0c0ee367c61cd629f4e73a043545895e6ec94ed6eef760eb8fc8a7eec9547b046e82c01f2e9770 SHA512 1d1fc07122116ce68c85b8eb57a13024ed65fc5c4f0311327dfe68a29f38b9e66f32e6345f11827e0b26ee0de3c21bb92d5834604ffaf37db5c6a380d98c0e51
-DIST openssl-3.0.6.tar.gz.asc 488 BLAKE2B 482bfd9569ebac0ea0eee1d311a62c28f0dd3a7d54c3d264e37c7f52edda7ecf41e8e6825619a40a2c6256bba92fdb97f5a9c236ec22d470cdd8c5e894756ee9 SHA512 458e7721b179121f46a7972e9a7cf253b593f25742de9b4536d76f157bd9681a9d2540c7dc92dc1a73fb53e43900ffae61708cd0ef71207fdab66d10bc424de1

diff --git a/dev-libs/openssl/openssl-1.1.1r.ebuild b/dev-libs/openssl/openssl-1.1.1r.ebuild
deleted file mode 100644
index 8dba22fd8d85..000000000000
--- a/dev-libs/openssl/openssl-1.1.1r.ebuild
+++ /dev/null
@@ -1,339 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
-
-MY_P=${P/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-fi
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		kernel_linux? ( sys-process/procps )
-	)
-	verify-sig? ( sec-keys/openpgp-keys-openssl )"
-PDEPEND="app-misc/ca-certificates"
-
-# force upgrade to prevent broken login, bug #696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	# General patches which are suitable to always apply
-	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# - Make sure the man pages are suffixed (bug #302165)
-	# - Don't bother building man pages if they're disabled
-	# - Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (bug #141906)
-	sed \
-		-e "1s,/usr/bin/env,${BROOT}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
-		# use GNU ld full option, not to confuse it on Solaris
-		sed -i \
-			-e 's/-Wl,-M,/-Wl,--version-script=/' \
-			-e 's/-Wl,-h,/-Wl,--soname=/' \
-			Configurations/10-main.conf || die
-
-		# fix building on Solaris 10
-		# https://github.com/openssl/openssl/issues/6333
-		sed -i \
-			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
-			Configurations/10-main.conf || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		${ec_nistp_64_gcc_128}
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use_ssl sslv3 ssl3)
-		$(use_ssl sslv3 ssl3-method)
-		$(use_ssl asm)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl tls-heartbeat heartbeats)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
-	dodir /usr
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*}
-		d=${d#./}
-		m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# Fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m}
-
-		# Locate any symlinks that point to this man page
-		# We assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-
-			rm -f ${d}/${s}
-
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-3.0.6.ebuild b/dev-libs/openssl/openssl-3.0.6.ebuild
deleted file mode 100644
index 5e1d61247902..000000000000
--- a/dev-libs/openssl/openssl-3.0.6.ebuild
+++ /dev/null
@@ -1,334 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	>=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( sec-keys/openpgp-keys-openssl )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# - Make sure the man pages are suffixed (bug #302165)
-	# - Don't bother building man pages if they're disabled
-	# - Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (bug #141906)
-	sed \
-		-e "1s,/usr/bin/env,${BROOT}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	# The config script does stupid stuff to prompt the user. Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile \
-		|| die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-
-	emake all
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
-	dodir /usr
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*}
-		d=${d#./}
-		m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# Fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m} || die
-
-		# Locate any symlinks that point to this man page
-		# We assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-
-			rm -f ${d}/${s}
-
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     f99733502c417e043f89f01042abec3b854d203c
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 11 22:59:14 2022 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue Oct 11 22:59:14 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9973350

dev-libs/openssl: add 3.0.6

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.0.6.ebuild | 334 ++++++++++++++++++++++++++++++++++
 2 files changed, 336 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 50f5837c4af2..14c8d59c9155 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -7,3 +7,5 @@ DIST openssl-1.1.1r.tar.gz 9868506 BLAKE2B ae1f56718d6a9400e9670f1ad1db2bc15bfbe
 DIST openssl-1.1.1r.tar.gz.asc 488 BLAKE2B 9308c87f2d7bfcbcaf7f61aad892aeb411e1d600eea085e5e4adb9c24c0f2087f43cdc81615b1dc7bb8a199daca225e10df98c14e33af5be851b4f8394f02dbe SHA512 dcb33a52e646d68e936833ef2170016227e4fc2a1b2741fe9091b76751d66c6601eaa48a085793ec6deb87b641187bdc350afce1f31499c8ab6e02a7ff36f3b4
 DIST openssl-3.0.5.tar.gz 15074407 BLAKE2B 7bf89e042417c003ef02a8bb1278590a52ce4a3d50f66795c66b750f90248840edb0d3352811caaaaff708c7e65b77384142e316916a6c311f1d2b4747f44816 SHA512 782b0df3d0252468aa696bd74a3b661810499819c0df849aa9698ba0e06a845820dc856aac650fced4be234f1271e576d4317ac3ab1406cf0ffe087d695d20fe
 DIST openssl-3.0.5.tar.gz.asc 862 BLAKE2B 24f1839227be7acec45eb6b748cea7be0b5e66b5cf745814861f7290670733936bf1af2c1dc9357439b31a2ca28f418880d63726d4be6fa994902ac95b51e401 SHA512 516da9ef291601400576adaba7271854af3caa23dc1d70116004360f580e4c28fe61d51e86477d341e4c5bf0ca5f98db8264581ed6cc2c8df124da83ad3e40be
+DIST openssl-3.0.6.tar.gz 15101953 BLAKE2B 08e1217dc2fb874062c0f2248257c340dac6e24edd13310f4f0c0ee367c61cd629f4e73a043545895e6ec94ed6eef760eb8fc8a7eec9547b046e82c01f2e9770 SHA512 1d1fc07122116ce68c85b8eb57a13024ed65fc5c4f0311327dfe68a29f38b9e66f32e6345f11827e0b26ee0de3c21bb92d5834604ffaf37db5c6a380d98c0e51
+DIST openssl-3.0.6.tar.gz.asc 488 BLAKE2B 482bfd9569ebac0ea0eee1d311a62c28f0dd3a7d54c3d264e37c7f52edda7ecf41e8e6825619a40a2c6256bba92fdb97f5a9c236ec22d470cdd8c5e894756ee9 SHA512 458e7721b179121f46a7972e9a7cf253b593f25742de9b4536d76f157bd9681a9d2540c7dc92dc1a73fb53e43900ffae61708cd0ef71207fdab66d10bc424de1

diff --git a/dev-libs/openssl/openssl-3.0.6.ebuild b/dev-libs/openssl/openssl-3.0.6.ebuild
new file mode 100644
index 000000000000..5e1d61247902
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.6.ebuild
@@ -0,0 +1,334 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	>=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( sec-keys/openpgp-keys-openssl )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# - Make sure the man pages are suffixed (bug #302165)
+	# - Don't bother building man pages if they're disabled
+	# - Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (bug #141906)
+	sed \
+		-e "1s,/usr/bin/env,${BROOT}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	# The config script does stupid stuff to prompt the user. Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile \
+		|| die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+
+	emake all
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
+	dodir /usr
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*}
+		d=${d#./}
+		m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# Fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m} || die
+
+		# Locate any symlinks that point to this man page
+		# We assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+
+			rm -f ${d}/${s}
+
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     6e33789090395e63bac19f152782c3b85f5ed1b4
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 11 22:53:12 2022 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue Oct 11 22:53:12 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e337890

dev-libs/openssl: add 1.1.1r

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.1.1r.ebuild | 339 +++++++++++++++++++++++++++++++++
 2 files changed, 341 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index a411ae31d39e..50f5837c4af2 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -3,5 +3,7 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1q.tar.gz 9864061 BLAKE2B fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5 SHA512 cb9f184ec4974a3423ef59c8ec86b6bf523d5b887da2087ae58c217249da3246896fdd6966ee9c13aea9e6306783365239197e9f742c508a0e35e5744e3e085f
 DIST openssl-1.1.1q.tar.gz.asc 833 BLAKE2B 9311abf47469c3802a84dc9b7427a168ba7717496960e6f84b04e4d9263dea1168493082937a06bcb6ef4169b2ed9b2f36084bbac15b5f7ca5b4c41041c4bab6 SHA512 03a41f29d1713c47bb300e01e36dbd048074076a6a3b9913e2fc9a1b56b726c038978f99e86f9a3e4ea39f72bd82a15965842f6d94210fa9d3474f6f0f68559e
+DIST openssl-1.1.1r.tar.gz 9868506 BLAKE2B ae1f56718d6a9400e9670f1ad1db2bc15bfbefc4fb114c7920c95a193285984d46cb28fe8dfbfa732f7755fb7810b51412f6e23a592d5769af9925026aa912d9 SHA512 73577707f7846af3c53606cb7590872306ba2bce331dc64692acb6d998a95982221dd39948f5f4ef7430897c0430bc61410983c5bac0f8dd88f2d9dbbc305fae
+DIST openssl-1.1.1r.tar.gz.asc 488 BLAKE2B 9308c87f2d7bfcbcaf7f61aad892aeb411e1d600eea085e5e4adb9c24c0f2087f43cdc81615b1dc7bb8a199daca225e10df98c14e33af5be851b4f8394f02dbe SHA512 dcb33a52e646d68e936833ef2170016227e4fc2a1b2741fe9091b76751d66c6601eaa48a085793ec6deb87b641187bdc350afce1f31499c8ab6e02a7ff36f3b4
 DIST openssl-3.0.5.tar.gz 15074407 BLAKE2B 7bf89e042417c003ef02a8bb1278590a52ce4a3d50f66795c66b750f90248840edb0d3352811caaaaff708c7e65b77384142e316916a6c311f1d2b4747f44816 SHA512 782b0df3d0252468aa696bd74a3b661810499819c0df849aa9698ba0e06a845820dc856aac650fced4be234f1271e576d4317ac3ab1406cf0ffe087d695d20fe
 DIST openssl-3.0.5.tar.gz.asc 862 BLAKE2B 24f1839227be7acec45eb6b748cea7be0b5e66b5cf745814861f7290670733936bf1af2c1dc9357439b31a2ca28f418880d63726d4be6fa994902ac95b51e401 SHA512 516da9ef291601400576adaba7271854af3caa23dc1d70116004360f580e4c28fe61d51e86477d341e4c5bf0ca5f98db8264581ed6cc2c8df124da83ad3e40be

diff --git a/dev-libs/openssl/openssl-1.1.1r.ebuild b/dev-libs/openssl/openssl-1.1.1r.ebuild
new file mode 100644
index 000000000000..8dba22fd8d85
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1r.ebuild
@@ -0,0 +1,339 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=${P/_/-}
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+if [[ ${PV} != *_pre* ]] ; then
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+fi
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		kernel_linux? ( sys-process/procps )
+	)
+	verify-sig? ( sec-keys/openpgp-keys-openssl )"
+PDEPEND="app-misc/ca-certificates"
+
+# force upgrade to prevent broken login, bug #696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	# General patches which are suitable to always apply
+	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# - Make sure the man pages are suffixed (bug #302165)
+	# - Don't bother building man pages if they're disabled
+	# - Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (bug #141906)
+	sed \
+		-e "1s,/usr/bin/env,${BROOT}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+		# use GNU ld full option, not to confuse it on Solaris
+		sed -i \
+			-e 's/-Wl,-M,/-Wl,--version-script=/' \
+			-e 's/-Wl,-h,/-Wl,--soname=/' \
+			Configurations/10-main.conf || die
+
+		# fix building on Solaris 10
+		# https://github.com/openssl/openssl/issues/6333
+		sed -i \
+			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
+			Configurations/10-main.conf || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		${ec_nistp_64_gcc_128}
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use_ssl sslv3 ssl3)
+		$(use_ssl sslv3 ssl3-method)
+		$(use_ssl asm)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl tls-heartbeat heartbeats)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
+	dodir /usr
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*}
+		d=${d#./}
+		m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# Fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m}
+
+		# Locate any symlinks that point to this man page
+		# We assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+
+			rm -f ${d}/${s}
+
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     67d5e8becd1d75d307864ad28a6fd2304be64602
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Oct  8 16:15:54 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Oct  8 16:16:44 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=67d5e8be

dev-libs/openssl: elaborate on ec_nistp_64_gcc_128 reasoning, forward comment to 3.x

Bug: https://bugs.gentoo.org/469976
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2u-r1.ebuild | 19 ++++++++++---------
 dev-libs/openssl/openssl-1.1.1q.ebuild    | 14 ++++++++------
 dev-libs/openssl/openssl-3.0.5.ebuild     | 12 ++++++++++++
 3 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2u-r1.ebuild b/dev-libs/openssl/openssl-1.0.2u-r1.ebuild
index a54fa8fc1b08..0da2a107522e 100644
--- a/dev-libs/openssl/openssl-1.0.2u-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2u-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -153,14 +153,15 @@ multilib_src_configure() {
 	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
 
 	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
 	#fi
 
 	# https://github.com/openssl/openssl/issues/2286

diff --git a/dev-libs/openssl/openssl-1.1.1q.ebuild b/dev-libs/openssl/openssl-1.1.1q.ebuild
index c4ed751b3d15..9182cb8af7f9 100644
--- a/dev-libs/openssl/openssl-1.1.1q.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1q.ebuild
@@ -181,13 +181,15 @@ multilib_src_configure() {
 
 	# See if our toolchain supports __uint128_t.  If so, it's 64bit
 	# friendly and can use the nicely optimized code paths, bug #460790.
-	local ec_nistp_64_gcc_128
-
+	#local ec_nistp_64_gcc_128
+	#
 	# Disable it for now though (bug #469976)
-	# echo "__uint128_t i;" > "${T}"/128.c
-	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	# fi
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
 
 	local sslout=$(./gentoo.config)
 	einfo "Use configuration ${sslout:-(openssl knows best)}"

diff --git a/dev-libs/openssl/openssl-3.0.5.ebuild b/dev-libs/openssl/openssl-3.0.5.ebuild
index ae1bd523cc63..83047974b399 100644
--- a/dev-libs/openssl/openssl-3.0.5.ebuild
+++ b/dev-libs/openssl/openssl-3.0.5.ebuild
@@ -179,6 +179,18 @@ multilib_src_configure() {
 
 	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
 
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
 	local sslout=$(./gentoo.config)
 	einfo "Using configuration: ${sslout:-(openssl knows best)}"
 	local config="Configure"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     061152756fc5be348c9bcdc52eae3f2539359359
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Oct  8 13:16:16 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Oct  8 13:16:26 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06115275

dev-libs/openssl: add additional strict-aliasing reference

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1q.ebuild | 1 +
 dev-libs/openssl/openssl-3.0.5.ebuild  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/dev-libs/openssl/openssl-1.1.1q.ebuild b/dev-libs/openssl/openssl-1.1.1q.ebuild
index 50ffbb8a79f0..c4ed751b3d15 100644
--- a/dev-libs/openssl/openssl-1.1.1q.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1q.ebuild
@@ -123,6 +123,7 @@ src_prepare() {
 	# it's still relevant:
 	# - https://github.com/llvm/llvm-project/issues/55255
 	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
 	# Don't remove the no strict aliasing bits below!
 	filter-flags -fstrict-aliasing
 	append-flags -fno-strict-aliasing

diff --git a/dev-libs/openssl/openssl-3.0.5.ebuild b/dev-libs/openssl/openssl-3.0.5.ebuild
index 56af5a262265..ae1bd523cc63 100644
--- a/dev-libs/openssl/openssl-3.0.5.ebuild
+++ b/dev-libs/openssl/openssl-3.0.5.ebuild
@@ -139,6 +139,7 @@ src_prepare() {
 	# it's still relevant:
 	# - https://github.com/llvm/llvm-project/issues/55255
 	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
 	# Don't remove the no strict aliasing bits below!
 	filter-flags -fstrict-aliasing
 	append-flags -fno-strict-aliasing

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     afc79582bb108fd7823f73a4c7b6783778a98605
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 29 21:34:23 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Aug 29 21:34:23 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afc79582

dev-libs/openssl: Stabilize 1.1.1q hppa, #858143

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1q.ebuild b/dev-libs/openssl/openssl-1.1.1q.ebuild
index 0fc7c1126680..50ffbb8a79f0 100644
--- a/dev-libs/openssl/openssl-1.1.1q.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1q.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     02650e029b00d217022c2e56bbcafd4ab1f797b4
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 18 17:21:29 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Aug 18 17:21:46 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=02650e02

dev-libs/openssl: drop 3.0.2, 3.0.3, 3.0.4-r1

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest                |   7 -
 dev-libs/openssl/openssl-3.0.2.ebuild    | 297 ----------------------------
 dev-libs/openssl/openssl-3.0.3.ebuild    | 328 -------------------------------
 dev-libs/openssl/openssl-3.0.4-r1.ebuild | 326 ------------------------------
 4 files changed, 958 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index f960853b8a8a..eb14a155609f 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -10,12 +10,5 @@ DIST openssl-1.1.1p.tar.gz 9860217 BLAKE2B 4354753a5e52393c9cc4569954c2cac6d89a1
 DIST openssl-1.1.1p.tar.gz.asc 488 BLAKE2B e68c8a4c992c2448b48428137f61f91fb89e4814f6e80c5525cea695bcf898326eca729f31b953fbd7ff51b448004101ca78abfbd3138ec2389596faa3eafc2f SHA512 c85d65df1ed0f1ae87b799d794ea43e32c8ecaf85caf6e36fbbd4a890ef1d47710380d3846296e0124898680be66113a959ad974e0448bc00d1253794dc48972
 DIST openssl-1.1.1q.tar.gz 9864061 BLAKE2B fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5 SHA512 cb9f184ec4974a3423ef59c8ec86b6bf523d5b887da2087ae58c217249da3246896fdd6966ee9c13aea9e6306783365239197e9f742c508a0e35e5744e3e085f
 DIST openssl-1.1.1q.tar.gz.asc 833 BLAKE2B 9311abf47469c3802a84dc9b7427a168ba7717496960e6f84b04e4d9263dea1168493082937a06bcb6ef4169b2ed9b2f36084bbac15b5f7ca5b4c41041c4bab6 SHA512 03a41f29d1713c47bb300e01e36dbd048074076a6a3b9913e2fc9a1b56b726c038978f99e86f9a3e4ea39f72bd82a15965842f6d94210fa9d3474f6f0f68559e
-DIST openssl-3.0.2.tar.gz 15038141 BLAKE2B 140c4c80a0cad89cb0059fef6a4cd421460e6af9a3973f7a3eb5e39f64c0d44794d46e7a869e5235fced139f2249351e37a9ee5ebaa17f2708d63141ebebf919 SHA512 f986850d5be908b4d6b5fd7091bc4652d7378c9bccebfbc5becd7753843c04c1eb61a1749c432139d263dfac33df0b1f6c773664b485cad47542266823a4eb03
-DIST openssl-3.0.2.tar.gz.asc 488 BLAKE2B 2f6482114271c4f512159fa159486a3b3470637d770cd1614fda004918d06ed9ab562e655d1580d2ebb05745ec72987488c2161b72d078017cc157003d4205da SHA512 4303391a58107c76ad9b05510f5bfc95f687f4cb2f9ff5b03fb262ba99b573423ab83f0437471199954496799b343191b889ad9ef8fabdd7ee4ec3ec9b5f1d81
-DIST openssl-3.0.3-test-fixes-expiry.patch.xz 29056 BLAKE2B 11be776b9c4baec770d81ff180581d7d8292261f32ebfcb2cfd399d684cef1b9e7b4575d906f23e8a61d853eafb178e1b0e01d9324dbe598c876c0ef74bcf5e8 SHA512 23bc571dfca453deb4f1812aea5fc1bcf1c27358d8638a66ce7f359a698b09a35bdc86e01db36aa5e59b37cc7e36f0ced6f1463b383fb0d904aada69f5d5cb04
-DIST openssl-3.0.3.tar.gz 15058905 BLAKE2B 8141d13dbea2f1febdd4e46aa404e9f3bac51e1fdc0c9b0df8bf3bf6852e18b09201a2a8cbee99f72e8d6de660834093449b7a14a3fbdda8511286ca3b6743e7 SHA512 949472025211fabdaf2564122f0a9a3baef0facb6373e90cf6c4485164a50898050b179722d0b358c4d8cf1787384ea30d5fd03b98757634631d3e8978509b1a
-DIST openssl-3.0.3.tar.gz.asc 488 BLAKE2B 3f31e3a73706b69683220e05b1b4ddc75dc3e7e12652dca711e4aa0eb3c023ef736aee9ade15172d7f28e1e1af03e86d4854ec6c3d167cad42882f483c5e56d4 SHA512 04afe65c6af1ae43a9967462383a6a4f567f5acff19ec1952cd6fce2dc3c3d4dfb3cb54126562724c148f40dcb66668abf727282d35730bbf36f82b5c6bacace
-DIST openssl-3.0.4.tar.gz 15069605 BLAKE2B e8ef09d74aa128fee0ddc347458a41cde65af07a6e6836889a0230cd7989e46b5d10a4930eb7a63c0cf93485914ec33665d14637b6c27fd442c0e9becb2d2a86 SHA512 478cd801dc4787688e6d9062969ae738c24f869bb186f717ad3be54ae8f2630e5cd845c504efd3405ea1ecda07ebee00014cc6ef7bca9585a6240cf89d516557
-DIST openssl-3.0.4.tar.gz.asc 488 BLAKE2B 54f652ae78c6f39aef970fd7372808c876d37a823cc31431d770db67caf11342d1045992e393242d4c73253e4e16640dd9bd56203864394e907976918909e5dc SHA512 c30af3cda92b06cff864ed33c17d8dcb8c7d429ed8419f96d19d3049dfaa268c73ec7753815a134b069ae7f4ea20fb4bcdd04f86d33628592ce4500777494c85
 DIST openssl-3.0.5.tar.gz 15074407 BLAKE2B 7bf89e042417c003ef02a8bb1278590a52ce4a3d50f66795c66b750f90248840edb0d3352811caaaaff708c7e65b77384142e316916a6c311f1d2b4747f44816 SHA512 782b0df3d0252468aa696bd74a3b661810499819c0df849aa9698ba0e06a845820dc856aac650fced4be234f1271e576d4317ac3ab1406cf0ffe087d695d20fe
 DIST openssl-3.0.5.tar.gz.asc 862 BLAKE2B 24f1839227be7acec45eb6b748cea7be0b5e66b5cf745814861f7290670733936bf1af2c1dc9357439b31a2ca28f418880d63726d4be6fa994902ac95b51e401 SHA512 516da9ef291601400576adaba7271854af3caa23dc1d70116004360f580e4c28fe61d51e86477d341e4c5bf0ca5f98db8264581ed6cc2c8df124da83ad3e40be

diff --git a/dev-libs/openssl/openssl-3.0.2.ebuild b/dev-libs/openssl/openssl-3.0.2.ebuild
deleted file mode 100644
index 3d56892f5980..000000000000
--- a/dev-libs/openssl/openssl-3.0.2.ebuild
+++ /dev/null
@@ -1,297 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic linux-info toolchain-funcs multilib-minimal verify-sig
-
-MY_P=${P/_/-}
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-if [[ ${PV} == "9999" ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-fi
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	>=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( sec-keys/openpgp-keys-openssl )"
-
-DEPEND="${COMMON_DEPEND}"
-
-RDEPEND="${COMMON_DEPEND}"
-
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl don't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${BROOT}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	local myeconfargs=(
-		${sslout}
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= echoit \
-		./${config} \
-		"${myeconfargs[@]}" \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile \
-		|| die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]] ; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m} || die
-
-		# locate any symlinks that point to this man page ...
-		# we assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-3.0.3.ebuild b/dev-libs/openssl/openssl-3.0.3.ebuild
deleted file mode 100644
index 23cddb4f6b9b..000000000000
--- a/dev-libs/openssl/openssl-3.0.3.ebuild
+++ /dev/null
@@ -1,328 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-test-fixes-expiry.patch.xz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	>=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( sec-keys/openpgp-keys-openssl )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	# General patches which are suitable to always apply
-	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
-	"${WORKDIR}"/${P}-test-fixes-expiry.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# - Make sure the man pages are suffixed (bug #302165)
-	# - Don't bother building man pages if they're disabled
-	# - Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (bug #141906)
-	sed \
-		-e "1s,/usr/bin/env,${BROOT}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	# The config script does stupid stuff to prompt the user. Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	local sslout=$(./gentoo.config)
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile \
-		|| die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-
-	emake all
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
-	dodir /usr
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*}
-		d=${d#./}
-		m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# Fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m} || die
-
-		# Locate any symlinks that point to this man page
-		# We assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-
-			rm -f ${d}/${s}
-
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-3.0.4-r1.ebuild b/dev-libs/openssl/openssl-3.0.4-r1.ebuild
deleted file mode 100644
index f4951da01454..000000000000
--- a/dev-libs/openssl/openssl-3.0.4-r1.ebuild
+++ /dev/null
@@ -1,326 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	>=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( sec-keys/openpgp-keys-openssl )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${P}-avx512-buffer-overflow.patch
-	"${FILESDIR}"/${P}-fix-test-build.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# - Make sure the man pages are suffixed (bug #302165)
-	# - Don't bother building man pages if they're disabled
-	# - Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (bug #141906)
-	sed \
-		-e "1s,/usr/bin/env,${BROOT}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	# The config script does stupid stuff to prompt the user. Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	local sslout=$(./gentoo.config)
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile \
-		|| die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-
-	emake all
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
-	dodir /usr
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*}
-		d=${d#./}
-		m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# Fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m} || die
-
-		# Locate any symlinks that point to this man page
-		# We assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-
-			rm -f ${d}/${s}
-
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     14583471fdaa28a52357b07f522e347bc1000a20
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 16 08:59:13 2022 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sat Jul 16 08:59:13 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=14583471

dev-libs/openssl: x86 stable wrt bug #858143

Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1q.ebuild b/dev-libs/openssl/openssl-1.1.1q.ebuild
index 8b97069d0b73..0fc7c1126680 100644
--- a/dev-libs/openssl/openssl-1.1.1q.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1q.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     2f644c8834bd1c8a363e9d4870d51ceb2765d699
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 16 08:58:28 2022 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sat Jul 16 08:58:28 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2f644c88

dev-libs/openssl: sparc stable wrt bug #858143

Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1q.ebuild b/dev-libs/openssl/openssl-1.1.1q.ebuild
index 297a2ff4076d..8b97069d0b73 100644
--- a/dev-libs/openssl/openssl-1.1.1q.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1q.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     8d22fa4cff4375b9c8c474f8712275204f438e61
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 15 12:13:44 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jul 15 12:14:12 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d22fa4c

dev-libs/openssl: Stabilize 1.1.1q amd64, #858143

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1q.ebuild b/dev-libs/openssl/openssl-1.1.1q.ebuild
index 61c824a6ffe7..297a2ff4076d 100644
--- a/dev-libs/openssl/openssl-1.1.1q.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1q.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     72397b5ead22b5a20b948652ef846f4584b3afd5
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 15 11:31:20 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Jul 15 11:31:20 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72397b5e

dev-libs/openssl: Stabilize 1.1.1q ppc, #858143

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1q.ebuild b/dev-libs/openssl/openssl-1.1.1q.ebuild
index b094b94f7d91..4248ff267658 100644
--- a/dev-libs/openssl/openssl-1.1.1q.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1q.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     f70d19308792d0a7710868c1f76efd013d05b039
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 15 11:31:21 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Jul 15 11:31:21 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f70d1930

dev-libs/openssl: Stabilize 1.1.1q ppc64, #858143

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1q.ebuild b/dev-libs/openssl/openssl-1.1.1q.ebuild
index 4248ff267658..61c824a6ffe7 100644
--- a/dev-libs/openssl/openssl-1.1.1q.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1q.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     e31380291ac746a37721fa3cfa5fbff2c5c5d601
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 15 10:12:44 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Jul 15 10:12:44 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3138029

dev-libs/openssl: Stabilize 1.1.1q arm64, #858143

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1q.ebuild b/dev-libs/openssl/openssl-1.1.1q.ebuild
index ff51db66bd0d..f448b4b6dba1 100644
--- a/dev-libs/openssl/openssl-1.1.1q.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1q.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     a255625d49d5d79532f38e6ab63e3777bc83e96e
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 15 10:12:45 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Jul 15 10:12:45 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a255625d

dev-libs/openssl: Stabilize 1.1.1q arm, #858143

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1q.ebuild b/dev-libs/openssl/openssl-1.1.1q.ebuild
index f448b4b6dba1..b094b94f7d91 100644
--- a/dev-libs/openssl/openssl-1.1.1q.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1q.ebuild
@@ -16,7 +16,7 @@ S="${WORKDIR}/${MY_P}"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+	KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Benda XU]

commit:     7e4bd69f8a93527031d7eb99860df7224c8ada6b
Author:     Benda Xu <heroxbd <AT> gentoo <DOT> org>
AuthorDate: Fri Jul  1 05:03:12 2022 +0000
Commit:     Benda XU <heroxbd <AT> gentoo <DOT> org>
CommitDate: Fri Jul  1 05:03:12 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e4bd69f

dev-libs/openssl: use BROOT to locate env.

The shebang "/usr/bin/env" should be in build dependency.

Reference: a02ce7cc406ff8803a21d6f5512ee8fdbb1a2e73
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Benda Xu <heroxbd <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1p.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1p.ebuild b/dev-libs/openssl/openssl-1.1.1p.ebuild
index f4af78d2c330..fef3fdf53f3f 100644
--- a/dev-libs/openssl/openssl-1.1.1p.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1p.ebuild
@@ -133,7 +133,7 @@ src_prepare() {
 
 	# Prefixify Configure shebang (bug #141906)
 	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-e "1s,/usr/bin/env,${BROOT}&," \
 		-i Configure || die
 
 	# Remove test target when FEATURES=test isn't set

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     e42854131c0978488233a283d90f45000d4f31d6
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 28 18:57:29 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 30 19:32:44 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4285413

dev-libs/openssl: add 3.0.4

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
(cherry picked from commit 0b821769c686087817a412b9f6f47ad03603491b)
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.0.4.ebuild | 323 ++++++++++++++++++++++++++++++++++
 2 files changed, 325 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index fd4aba44df2c..86edfb8addcb 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -13,3 +13,5 @@ DIST openssl-3.0.2.tar.gz.asc 488 BLAKE2B 2f6482114271c4f512159fa159486a3b347063
 DIST openssl-3.0.3-test-fixes-expiry.patch.xz 29056 BLAKE2B 11be776b9c4baec770d81ff180581d7d8292261f32ebfcb2cfd399d684cef1b9e7b4575d906f23e8a61d853eafb178e1b0e01d9324dbe598c876c0ef74bcf5e8 SHA512 23bc571dfca453deb4f1812aea5fc1bcf1c27358d8638a66ce7f359a698b09a35bdc86e01db36aa5e59b37cc7e36f0ced6f1463b383fb0d904aada69f5d5cb04
 DIST openssl-3.0.3.tar.gz 15058905 BLAKE2B 8141d13dbea2f1febdd4e46aa404e9f3bac51e1fdc0c9b0df8bf3bf6852e18b09201a2a8cbee99f72e8d6de660834093449b7a14a3fbdda8511286ca3b6743e7 SHA512 949472025211fabdaf2564122f0a9a3baef0facb6373e90cf6c4485164a50898050b179722d0b358c4d8cf1787384ea30d5fd03b98757634631d3e8978509b1a
 DIST openssl-3.0.3.tar.gz.asc 488 BLAKE2B 3f31e3a73706b69683220e05b1b4ddc75dc3e7e12652dca711e4aa0eb3c023ef736aee9ade15172d7f28e1e1af03e86d4854ec6c3d167cad42882f483c5e56d4 SHA512 04afe65c6af1ae43a9967462383a6a4f567f5acff19ec1952cd6fce2dc3c3d4dfb3cb54126562724c148f40dcb66668abf727282d35730bbf36f82b5c6bacace
+DIST openssl-3.0.4.tar.gz 15069605 BLAKE2B e8ef09d74aa128fee0ddc347458a41cde65af07a6e6836889a0230cd7989e46b5d10a4930eb7a63c0cf93485914ec33665d14637b6c27fd442c0e9becb2d2a86 SHA512 478cd801dc4787688e6d9062969ae738c24f869bb186f717ad3be54ae8f2630e5cd845c504efd3405ea1ecda07ebee00014cc6ef7bca9585a6240cf89d516557
+DIST openssl-3.0.4.tar.gz.asc 488 BLAKE2B 54f652ae78c6f39aef970fd7372808c876d37a823cc31431d770db67caf11342d1045992e393242d4c73253e4e16640dd9bd56203864394e907976918909e5dc SHA512 c30af3cda92b06cff864ed33c17d8dcb8c7d429ed8419f96d19d3049dfaa268c73ec7753815a134b069ae7f4ea20fb4bcdd04f86d33628592ce4500777494c85

diff --git a/dev-libs/openssl/openssl-3.0.4.ebuild b/dev-libs/openssl/openssl-3.0.4.ebuild
new file mode 100644
index 000000000000..ede15424a910
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.4.ebuild
@@ -0,0 +1,323 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	>=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( sec-keys/openpgp-keys-openssl )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+REQUIRED_USE="test? ( rfc3779 )"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# - Make sure the man pages are suffixed (bug #302165)
+	# - Don't bother building man pages if they're disabled
+	# - Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (bug #141906)
+	sed \
+		-e "1s,/usr/bin/env,${BROOT}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	# The config script does stupid stuff to prompt the user. Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	local sslout=$(./gentoo.config)
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile \
+		|| die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+
+	emake all
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
+	dodir /usr
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*}
+		d=${d#./}
+		m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# Fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m} || die
+
+		# Locate any symlinks that point to this man page
+		# We assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+
+			rm -f ${d}/${s}
+
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     33d271c0c8822f6b04657469e777885577eb7893
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 28 18:50:25 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 30 19:32:43 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33d271c0

dev-libs/openssl: add 1.1.1p

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
(cherry picked from commit eb0b67201d70d0def107d9db7f78844815113274)
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.1.1p.ebuild | 336 +++++++++++++++++++++++++++++++++
 2 files changed, 338 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 3984e90d7345..fd4aba44df2c 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -6,6 +6,8 @@ DIST openssl-1.1.1n.tar.gz.asc 488 BLAKE2B 8fc18fdc884473dc4c243499cc3528691a9ec
 DIST openssl-1.1.1o-test-fixes-expiry.patch.xz 6180 BLAKE2B 23ef36d7bd05c98f7fab6de25681a53fa7a558d114548836b6cd90a57c4f4e45dc9fb622936053608b463320605b7df60db2d2caf3811b249f6ead3791a1c081 SHA512 577aec97fb31cd9efe3b30d82c560d3e7da57ae52c4de0f86e951b777a673830baaadcc5eb366c523024d37405531c6d32de26bbbc1e77df15c7822c72e937e6
 DIST openssl-1.1.1o.tar.gz 9856386 BLAKE2B 5bd355fd17adf43ba4e3bf1a8036ceb724edd4f4ab80dc25aecc3d2647372e9db2bc12e2b89791fc4b6f7fd95a7b68e00490d09ca6518d25ab990ee27798e641 SHA512 75b2f1499cb4640229eb6cd35d85cbff2e19db17b959ac4d04b60f1b395b73567f9003521452a0fcfeea9b31b26de0a7bccf476ecf9caae02298f3647cfb7e23
 DIST openssl-1.1.1o.tar.gz.asc 488 BLAKE2B a03a967e7e2124d1a76ad7765e2f48065f40d32ba102a433be603ee8f86b26a2d246dcb97a95bd694ef3005889ce4f1951f76d39fe1d683f92da1aa3023e9c2d SHA512 da6d88de7c1cd807b6089d50f8bb102c317c0b45ca26e517e3e400c5c65f787d94a1ee522af76279e93790a7fb491348cf25ffcfd66ecb9a9d35209328cb221e
+DIST openssl-1.1.1p.tar.gz 9860217 BLAKE2B 4354753a5e52393c9cc4569954c2cac6d89a1e204fa4f9ca00a60492782d29f8952fb92664cdbb3576c6443d3cb2eacebea51db584738589f3598b40df579b12 SHA512 203470b1cd37bdbfabfec5ef37fc97c991d9943f070c988316f6396b09dae7cea16ac884bd8646dbf7dd1ed40ebde6bdfa5700beee2d714d07c97cc70b4e48d9
+DIST openssl-1.1.1p.tar.gz.asc 488 BLAKE2B e68c8a4c992c2448b48428137f61f91fb89e4814f6e80c5525cea695bcf898326eca729f31b953fbd7ff51b448004101ca78abfbd3138ec2389596faa3eafc2f SHA512 c85d65df1ed0f1ae87b799d794ea43e32c8ecaf85caf6e36fbbd4a890ef1d47710380d3846296e0124898680be66113a959ad974e0448bc00d1253794dc48972
 DIST openssl-3.0.2.tar.gz 15038141 BLAKE2B 140c4c80a0cad89cb0059fef6a4cd421460e6af9a3973f7a3eb5e39f64c0d44794d46e7a869e5235fced139f2249351e37a9ee5ebaa17f2708d63141ebebf919 SHA512 f986850d5be908b4d6b5fd7091bc4652d7378c9bccebfbc5becd7753843c04c1eb61a1749c432139d263dfac33df0b1f6c773664b485cad47542266823a4eb03
 DIST openssl-3.0.2.tar.gz.asc 488 BLAKE2B 2f6482114271c4f512159fa159486a3b3470637d770cd1614fda004918d06ed9ab562e655d1580d2ebb05745ec72987488c2161b72d078017cc157003d4205da SHA512 4303391a58107c76ad9b05510f5bfc95f687f4cb2f9ff5b03fb262ba99b573423ab83f0437471199954496799b343191b889ad9ef8fabdd7ee4ec3ec9b5f1d81
 DIST openssl-3.0.3-test-fixes-expiry.patch.xz 29056 BLAKE2B 11be776b9c4baec770d81ff180581d7d8292261f32ebfcb2cfd399d684cef1b9e7b4575d906f23e8a61d853eafb178e1b0e01d9324dbe598c876c0ef74bcf5e8 SHA512 23bc571dfca453deb4f1812aea5fc1bcf1c27358d8638a66ce7f359a698b09a35bdc86e01db36aa5e59b37cc7e36f0ced6f1463b383fb0d904aada69f5d5cb04

diff --git a/dev-libs/openssl/openssl-1.1.1p.ebuild b/dev-libs/openssl/openssl-1.1.1p.ebuild
new file mode 100644
index 000000000000..90f1683c106f
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1p.ebuild
@@ -0,0 +1,336 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=${P/_/-}
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+if [[ ${PV} != *_pre* ]] ; then
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+fi
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		kernel_linux? ( sys-process/procps )
+	)
+	verify-sig? ( sec-keys/openpgp-keys-openssl )"
+PDEPEND="app-misc/ca-certificates"
+
+# force upgrade to prevent broken login, bug #696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	# General patches which are suitable to always apply
+	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# - Make sure the man pages are suffixed (bug #302165)
+	# - Don't bother building man pages if they're disabled
+	# - Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (bug #141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+		# use GNU ld full option, not to confuse it on Solaris
+		sed -i \
+			-e 's/-Wl,-M,/-Wl,--version-script=/' \
+			-e 's/-Wl,-h,/-Wl,--soname=/' \
+			Configurations/10-main.conf || die
+
+		# fix building on Solaris 10
+		# https://github.com/openssl/openssl/issues/6333
+		sed -i \
+			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
+			Configurations/10-main.conf || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	local ec_nistp_64_gcc_128
+
+	# Disable it for now though (bug #469976)
+	# echo "__uint128_t i;" > "${T}"/128.c
+	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	# fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		${ec_nistp_64_gcc_128}
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use_ssl sslv3 ssl3)
+		$(use_ssl sslv3 ssl3-method)
+		$(use_ssl asm)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl tls-heartbeat heartbeats)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
+	dodir /usr
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*}
+		d=${d#./}
+		m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# Fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m}
+
+		# Locate any symlinks that point to this man page
+		# We assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+
+			rm -f ${d}/${s}
+
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     ac22f739ccb5a81016f42859ec489d9fdbc416dd
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 29 00:01:53 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 29 00:01:53 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac22f739

Revert "dev-libs/openssl: Add REQUIRED_USE for tests"

This reverts commit 47566b1990e0c860841eb9b53b16b3d033a2cce3.

This is a hack which avoids the real issue - doesn't mention
the bug upstream which I reported that explains why we need
this. I don't think we want to keep this workaround in.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1p.ebuild | 2 --
 1 file changed, 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1p.ebuild b/dev-libs/openssl/openssl-1.1.1p.ebuild
index 21020a80a28c..90f1683c106f 100644
--- a/dev-libs/openssl/openssl-1.1.1p.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1p.ebuild
@@ -38,8 +38,6 @@ PDEPEND="app-misc/ca-certificates"
 # force upgrade to prevent broken login, bug #696950
 RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
 
-REQUIRED_USE="test? ( rfc3779 )"
-
 MULTILIB_WRAPPED_HEADERS=(
 	usr/include/openssl/opensslconf.h
 )

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     e509d05a877800358c778520f149e51c978ca0f4
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 29 00:01:16 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 29 00:01:16 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e509d05a

Revert "dev-libs/openssl: add 3.0.4"

This reverts commit 0b821769c686087817a412b9f6f47ad03603491b.

This doesn't include the AVX512 overflow patch and
we'd discussed not bumping it on IRC. But I should've
pre-emptively masked / added a note in the ebuild.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 -
 dev-libs/openssl/openssl-3.0.4.ebuild | 323 ----------------------------------
 2 files changed, 325 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 86edfb8addcb..fd4aba44df2c 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -13,5 +13,3 @@ DIST openssl-3.0.2.tar.gz.asc 488 BLAKE2B 2f6482114271c4f512159fa159486a3b347063
 DIST openssl-3.0.3-test-fixes-expiry.patch.xz 29056 BLAKE2B 11be776b9c4baec770d81ff180581d7d8292261f32ebfcb2cfd399d684cef1b9e7b4575d906f23e8a61d853eafb178e1b0e01d9324dbe598c876c0ef74bcf5e8 SHA512 23bc571dfca453deb4f1812aea5fc1bcf1c27358d8638a66ce7f359a698b09a35bdc86e01db36aa5e59b37cc7e36f0ced6f1463b383fb0d904aada69f5d5cb04
 DIST openssl-3.0.3.tar.gz 15058905 BLAKE2B 8141d13dbea2f1febdd4e46aa404e9f3bac51e1fdc0c9b0df8bf3bf6852e18b09201a2a8cbee99f72e8d6de660834093449b7a14a3fbdda8511286ca3b6743e7 SHA512 949472025211fabdaf2564122f0a9a3baef0facb6373e90cf6c4485164a50898050b179722d0b358c4d8cf1787384ea30d5fd03b98757634631d3e8978509b1a
 DIST openssl-3.0.3.tar.gz.asc 488 BLAKE2B 3f31e3a73706b69683220e05b1b4ddc75dc3e7e12652dca711e4aa0eb3c023ef736aee9ade15172d7f28e1e1af03e86d4854ec6c3d167cad42882f483c5e56d4 SHA512 04afe65c6af1ae43a9967462383a6a4f567f5acff19ec1952cd6fce2dc3c3d4dfb3cb54126562724c148f40dcb66668abf727282d35730bbf36f82b5c6bacace
-DIST openssl-3.0.4.tar.gz 15069605 BLAKE2B e8ef09d74aa128fee0ddc347458a41cde65af07a6e6836889a0230cd7989e46b5d10a4930eb7a63c0cf93485914ec33665d14637b6c27fd442c0e9becb2d2a86 SHA512 478cd801dc4787688e6d9062969ae738c24f869bb186f717ad3be54ae8f2630e5cd845c504efd3405ea1ecda07ebee00014cc6ef7bca9585a6240cf89d516557
-DIST openssl-3.0.4.tar.gz.asc 488 BLAKE2B 54f652ae78c6f39aef970fd7372808c876d37a823cc31431d770db67caf11342d1045992e393242d4c73253e4e16640dd9bd56203864394e907976918909e5dc SHA512 c30af3cda92b06cff864ed33c17d8dcb8c7d429ed8419f96d19d3049dfaa268c73ec7753815a134b069ae7f4ea20fb4bcdd04f86d33628592ce4500777494c85

diff --git a/dev-libs/openssl/openssl-3.0.4.ebuild b/dev-libs/openssl/openssl-3.0.4.ebuild
deleted file mode 100644
index ede15424a910..000000000000
--- a/dev-libs/openssl/openssl-3.0.4.ebuild
+++ /dev/null
@@ -1,323 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	>=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( sec-keys/openpgp-keys-openssl )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-REQUIRED_USE="test? ( rfc3779 )"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# - Make sure the man pages are suffixed (bug #302165)
-	# - Don't bother building man pages if they're disabled
-	# - Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (bug #141906)
-	sed \
-		-e "1s,/usr/bin/env,${BROOT}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	# The config script does stupid stuff to prompt the user. Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	local sslout=$(./gentoo.config)
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile \
-		|| die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-
-	emake all
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
-	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
-	dodir /usr
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*}
-		d=${d#./}
-		m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# Fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m} || die
-
-		# Locate any symlinks that point to this man page
-		# We assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-
-			rm -f ${d}/${s}
-
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     e7b9a095de5e6f78668385223fa6ccd9fdeb36ae
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 29 00:02:17 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 29 00:02:17 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e7b9a095

Revert "dev-libs/openssl: add 1.1.1p"

This reverts commit eb0b67201d70d0def107d9db7f78844815113274.

Given the previous test issue and we're not vulnerable to the rehash
script CVE anyway (we use our own), I don't think we want to bump to it yet.

We'd discussed not bumping it on IRC. But I should've
pre-emptively masked / added a note in the ebuild.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 -
 dev-libs/openssl/openssl-1.1.1p.ebuild | 336 ---------------------------------
 2 files changed, 338 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index fd4aba44df2c..3984e90d7345 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -6,8 +6,6 @@ DIST openssl-1.1.1n.tar.gz.asc 488 BLAKE2B 8fc18fdc884473dc4c243499cc3528691a9ec
 DIST openssl-1.1.1o-test-fixes-expiry.patch.xz 6180 BLAKE2B 23ef36d7bd05c98f7fab6de25681a53fa7a558d114548836b6cd90a57c4f4e45dc9fb622936053608b463320605b7df60db2d2caf3811b249f6ead3791a1c081 SHA512 577aec97fb31cd9efe3b30d82c560d3e7da57ae52c4de0f86e951b777a673830baaadcc5eb366c523024d37405531c6d32de26bbbc1e77df15c7822c72e937e6
 DIST openssl-1.1.1o.tar.gz 9856386 BLAKE2B 5bd355fd17adf43ba4e3bf1a8036ceb724edd4f4ab80dc25aecc3d2647372e9db2bc12e2b89791fc4b6f7fd95a7b68e00490d09ca6518d25ab990ee27798e641 SHA512 75b2f1499cb4640229eb6cd35d85cbff2e19db17b959ac4d04b60f1b395b73567f9003521452a0fcfeea9b31b26de0a7bccf476ecf9caae02298f3647cfb7e23
 DIST openssl-1.1.1o.tar.gz.asc 488 BLAKE2B a03a967e7e2124d1a76ad7765e2f48065f40d32ba102a433be603ee8f86b26a2d246dcb97a95bd694ef3005889ce4f1951f76d39fe1d683f92da1aa3023e9c2d SHA512 da6d88de7c1cd807b6089d50f8bb102c317c0b45ca26e517e3e400c5c65f787d94a1ee522af76279e93790a7fb491348cf25ffcfd66ecb9a9d35209328cb221e
-DIST openssl-1.1.1p.tar.gz 9860217 BLAKE2B 4354753a5e52393c9cc4569954c2cac6d89a1e204fa4f9ca00a60492782d29f8952fb92664cdbb3576c6443d3cb2eacebea51db584738589f3598b40df579b12 SHA512 203470b1cd37bdbfabfec5ef37fc97c991d9943f070c988316f6396b09dae7cea16ac884bd8646dbf7dd1ed40ebde6bdfa5700beee2d714d07c97cc70b4e48d9
-DIST openssl-1.1.1p.tar.gz.asc 488 BLAKE2B e68c8a4c992c2448b48428137f61f91fb89e4814f6e80c5525cea695bcf898326eca729f31b953fbd7ff51b448004101ca78abfbd3138ec2389596faa3eafc2f SHA512 c85d65df1ed0f1ae87b799d794ea43e32c8ecaf85caf6e36fbbd4a890ef1d47710380d3846296e0124898680be66113a959ad974e0448bc00d1253794dc48972
 DIST openssl-3.0.2.tar.gz 15038141 BLAKE2B 140c4c80a0cad89cb0059fef6a4cd421460e6af9a3973f7a3eb5e39f64c0d44794d46e7a869e5235fced139f2249351e37a9ee5ebaa17f2708d63141ebebf919 SHA512 f986850d5be908b4d6b5fd7091bc4652d7378c9bccebfbc5becd7753843c04c1eb61a1749c432139d263dfac33df0b1f6c773664b485cad47542266823a4eb03
 DIST openssl-3.0.2.tar.gz.asc 488 BLAKE2B 2f6482114271c4f512159fa159486a3b3470637d770cd1614fda004918d06ed9ab562e655d1580d2ebb05745ec72987488c2161b72d078017cc157003d4205da SHA512 4303391a58107c76ad9b05510f5bfc95f687f4cb2f9ff5b03fb262ba99b573423ab83f0437471199954496799b343191b889ad9ef8fabdd7ee4ec3ec9b5f1d81
 DIST openssl-3.0.3-test-fixes-expiry.patch.xz 29056 BLAKE2B 11be776b9c4baec770d81ff180581d7d8292261f32ebfcb2cfd399d684cef1b9e7b4575d906f23e8a61d853eafb178e1b0e01d9324dbe598c876c0ef74bcf5e8 SHA512 23bc571dfca453deb4f1812aea5fc1bcf1c27358d8638a66ce7f359a698b09a35bdc86e01db36aa5e59b37cc7e36f0ced6f1463b383fb0d904aada69f5d5cb04

diff --git a/dev-libs/openssl/openssl-1.1.1p.ebuild b/dev-libs/openssl/openssl-1.1.1p.ebuild
deleted file mode 100644
index 90f1683c106f..000000000000
--- a/dev-libs/openssl/openssl-1.1.1p.ebuild
+++ /dev/null
@@ -1,336 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
-
-MY_P=${P/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-fi
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		kernel_linux? ( sys-process/procps )
-	)
-	verify-sig? ( sec-keys/openpgp-keys-openssl )"
-PDEPEND="app-misc/ca-certificates"
-
-# force upgrade to prevent broken login, bug #696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	# General patches which are suitable to always apply
-	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# - Make sure the man pages are suffixed (bug #302165)
-	# - Don't bother building man pages if they're disabled
-	# - Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (bug #141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
-		# use GNU ld full option, not to confuse it on Solaris
-		sed -i \
-			-e 's/-Wl,-M,/-Wl,--version-script=/' \
-			-e 's/-Wl,-h,/-Wl,--soname=/' \
-			Configurations/10-main.conf || die
-
-		# fix building on Solaris 10
-		# https://github.com/openssl/openssl/issues/6333
-		sed -i \
-			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
-			Configurations/10-main.conf || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	local ec_nistp_64_gcc_128
-
-	# Disable it for now though (bug #469976)
-	# echo "__uint128_t i;" > "${T}"/128.c
-	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	# fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		${ec_nistp_64_gcc_128}
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use_ssl sslv3 ssl3)
-		$(use_ssl sslv3 ssl3-method)
-		$(use_ssl asm)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl tls-heartbeat heartbeats)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
-	dodir /usr
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*}
-		d=${d#./}
-		m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# Fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m}
-
-		# Locate any symlinks that point to this man page
-		# We assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-
-			rm -f ${d}/${s}
-
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     0b821769c686087817a412b9f6f47ad03603491b
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 28 18:57:29 2022 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue Jun 28 18:57:29 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b821769

dev-libs/openssl: add 3.0.4

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.0.4.ebuild | 323 ++++++++++++++++++++++++++++++++++
 2 files changed, 325 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index fd4aba44df2c..86edfb8addcb 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -13,3 +13,5 @@ DIST openssl-3.0.2.tar.gz.asc 488 BLAKE2B 2f6482114271c4f512159fa159486a3b347063
 DIST openssl-3.0.3-test-fixes-expiry.patch.xz 29056 BLAKE2B 11be776b9c4baec770d81ff180581d7d8292261f32ebfcb2cfd399d684cef1b9e7b4575d906f23e8a61d853eafb178e1b0e01d9324dbe598c876c0ef74bcf5e8 SHA512 23bc571dfca453deb4f1812aea5fc1bcf1c27358d8638a66ce7f359a698b09a35bdc86e01db36aa5e59b37cc7e36f0ced6f1463b383fb0d904aada69f5d5cb04
 DIST openssl-3.0.3.tar.gz 15058905 BLAKE2B 8141d13dbea2f1febdd4e46aa404e9f3bac51e1fdc0c9b0df8bf3bf6852e18b09201a2a8cbee99f72e8d6de660834093449b7a14a3fbdda8511286ca3b6743e7 SHA512 949472025211fabdaf2564122f0a9a3baef0facb6373e90cf6c4485164a50898050b179722d0b358c4d8cf1787384ea30d5fd03b98757634631d3e8978509b1a
 DIST openssl-3.0.3.tar.gz.asc 488 BLAKE2B 3f31e3a73706b69683220e05b1b4ddc75dc3e7e12652dca711e4aa0eb3c023ef736aee9ade15172d7f28e1e1af03e86d4854ec6c3d167cad42882f483c5e56d4 SHA512 04afe65c6af1ae43a9967462383a6a4f567f5acff19ec1952cd6fce2dc3c3d4dfb3cb54126562724c148f40dcb66668abf727282d35730bbf36f82b5c6bacace
+DIST openssl-3.0.4.tar.gz 15069605 BLAKE2B e8ef09d74aa128fee0ddc347458a41cde65af07a6e6836889a0230cd7989e46b5d10a4930eb7a63c0cf93485914ec33665d14637b6c27fd442c0e9becb2d2a86 SHA512 478cd801dc4787688e6d9062969ae738c24f869bb186f717ad3be54ae8f2630e5cd845c504efd3405ea1ecda07ebee00014cc6ef7bca9585a6240cf89d516557
+DIST openssl-3.0.4.tar.gz.asc 488 BLAKE2B 54f652ae78c6f39aef970fd7372808c876d37a823cc31431d770db67caf11342d1045992e393242d4c73253e4e16640dd9bd56203864394e907976918909e5dc SHA512 c30af3cda92b06cff864ed33c17d8dcb8c7d429ed8419f96d19d3049dfaa268c73ec7753815a134b069ae7f4ea20fb4bcdd04f86d33628592ce4500777494c85

diff --git a/dev-libs/openssl/openssl-3.0.4.ebuild b/dev-libs/openssl/openssl-3.0.4.ebuild
new file mode 100644
index 000000000000..ede15424a910
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.4.ebuild
@@ -0,0 +1,323 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	>=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( sec-keys/openpgp-keys-openssl )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+REQUIRED_USE="test? ( rfc3779 )"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# - Make sure the man pages are suffixed (bug #302165)
+	# - Don't bother building man pages if they're disabled
+	# - Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (bug #141906)
+	sed \
+		-e "1s,/usr/bin/env,${BROOT}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	# The config script does stupid stuff to prompt the user. Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	local sslout=$(./gentoo.config)
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile \
+		|| die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+
+	emake all
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
+	dodir /usr
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*}
+		d=${d#./}
+		m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# Fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m} || die
+
+		# Locate any symlinks that point to this man page
+		# We assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+
+			rm -f ${d}/${s}
+
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     47566b1990e0c860841eb9b53b16b3d033a2cce3
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 28 18:53:46 2022 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue Jun 28 18:53:46 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47566b19

dev-libs/openssl: Add REQUIRED_USE for tests

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1p.ebuild | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dev-libs/openssl/openssl-1.1.1p.ebuild b/dev-libs/openssl/openssl-1.1.1p.ebuild
index 90f1683c106f..21020a80a28c 100644
--- a/dev-libs/openssl/openssl-1.1.1p.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1p.ebuild
@@ -38,6 +38,8 @@ PDEPEND="app-misc/ca-certificates"
 # force upgrade to prevent broken login, bug #696950
 RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
 
+REQUIRED_USE="test? ( rfc3779 )"
+
 MULTILIB_WRAPPED_HEADERS=(
 	usr/include/openssl/opensslconf.h
 )

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     eb0b67201d70d0def107d9db7f78844815113274
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 28 18:50:25 2022 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue Jun 28 18:51:36 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb0b6720

dev-libs/openssl: add 1.1.1p

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.1.1p.ebuild | 336 +++++++++++++++++++++++++++++++++
 2 files changed, 338 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 3984e90d7345..fd4aba44df2c 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -6,6 +6,8 @@ DIST openssl-1.1.1n.tar.gz.asc 488 BLAKE2B 8fc18fdc884473dc4c243499cc3528691a9ec
 DIST openssl-1.1.1o-test-fixes-expiry.patch.xz 6180 BLAKE2B 23ef36d7bd05c98f7fab6de25681a53fa7a558d114548836b6cd90a57c4f4e45dc9fb622936053608b463320605b7df60db2d2caf3811b249f6ead3791a1c081 SHA512 577aec97fb31cd9efe3b30d82c560d3e7da57ae52c4de0f86e951b777a673830baaadcc5eb366c523024d37405531c6d32de26bbbc1e77df15c7822c72e937e6
 DIST openssl-1.1.1o.tar.gz 9856386 BLAKE2B 5bd355fd17adf43ba4e3bf1a8036ceb724edd4f4ab80dc25aecc3d2647372e9db2bc12e2b89791fc4b6f7fd95a7b68e00490d09ca6518d25ab990ee27798e641 SHA512 75b2f1499cb4640229eb6cd35d85cbff2e19db17b959ac4d04b60f1b395b73567f9003521452a0fcfeea9b31b26de0a7bccf476ecf9caae02298f3647cfb7e23
 DIST openssl-1.1.1o.tar.gz.asc 488 BLAKE2B a03a967e7e2124d1a76ad7765e2f48065f40d32ba102a433be603ee8f86b26a2d246dcb97a95bd694ef3005889ce4f1951f76d39fe1d683f92da1aa3023e9c2d SHA512 da6d88de7c1cd807b6089d50f8bb102c317c0b45ca26e517e3e400c5c65f787d94a1ee522af76279e93790a7fb491348cf25ffcfd66ecb9a9d35209328cb221e
+DIST openssl-1.1.1p.tar.gz 9860217 BLAKE2B 4354753a5e52393c9cc4569954c2cac6d89a1e204fa4f9ca00a60492782d29f8952fb92664cdbb3576c6443d3cb2eacebea51db584738589f3598b40df579b12 SHA512 203470b1cd37bdbfabfec5ef37fc97c991d9943f070c988316f6396b09dae7cea16ac884bd8646dbf7dd1ed40ebde6bdfa5700beee2d714d07c97cc70b4e48d9
+DIST openssl-1.1.1p.tar.gz.asc 488 BLAKE2B e68c8a4c992c2448b48428137f61f91fb89e4814f6e80c5525cea695bcf898326eca729f31b953fbd7ff51b448004101ca78abfbd3138ec2389596faa3eafc2f SHA512 c85d65df1ed0f1ae87b799d794ea43e32c8ecaf85caf6e36fbbd4a890ef1d47710380d3846296e0124898680be66113a959ad974e0448bc00d1253794dc48972
 DIST openssl-3.0.2.tar.gz 15038141 BLAKE2B 140c4c80a0cad89cb0059fef6a4cd421460e6af9a3973f7a3eb5e39f64c0d44794d46e7a869e5235fced139f2249351e37a9ee5ebaa17f2708d63141ebebf919 SHA512 f986850d5be908b4d6b5fd7091bc4652d7378c9bccebfbc5becd7753843c04c1eb61a1749c432139d263dfac33df0b1f6c773664b485cad47542266823a4eb03
 DIST openssl-3.0.2.tar.gz.asc 488 BLAKE2B 2f6482114271c4f512159fa159486a3b3470637d770cd1614fda004918d06ed9ab562e655d1580d2ebb05745ec72987488c2161b72d078017cc157003d4205da SHA512 4303391a58107c76ad9b05510f5bfc95f687f4cb2f9ff5b03fb262ba99b573423ab83f0437471199954496799b343191b889ad9ef8fabdd7ee4ec3ec9b5f1d81
 DIST openssl-3.0.3-test-fixes-expiry.patch.xz 29056 BLAKE2B 11be776b9c4baec770d81ff180581d7d8292261f32ebfcb2cfd399d684cef1b9e7b4575d906f23e8a61d853eafb178e1b0e01d9324dbe598c876c0ef74bcf5e8 SHA512 23bc571dfca453deb4f1812aea5fc1bcf1c27358d8638a66ce7f359a698b09a35bdc86e01db36aa5e59b37cc7e36f0ced6f1463b383fb0d904aada69f5d5cb04

diff --git a/dev-libs/openssl/openssl-1.1.1p.ebuild b/dev-libs/openssl/openssl-1.1.1p.ebuild
new file mode 100644
index 000000000000..90f1683c106f
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1p.ebuild
@@ -0,0 +1,336 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=${P/_/-}
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+if [[ ${PV} != *_pre* ]] ; then
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+fi
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		kernel_linux? ( sys-process/procps )
+	)
+	verify-sig? ( sec-keys/openpgp-keys-openssl )"
+PDEPEND="app-misc/ca-certificates"
+
+# force upgrade to prevent broken login, bug #696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	# General patches which are suitable to always apply
+	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# Allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# - Make sure the man pages are suffixed (bug #302165)
+	# - Don't bother building man pages if they're disabled
+	# - Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (bug #141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+		# use GNU ld full option, not to confuse it on Solaris
+		sed -i \
+			-e 's/-Wl,-M,/-Wl,--version-script=/' \
+			-e 's/-Wl,-h,/-Wl,--soname=/' \
+			Configurations/10-main.conf || die
+
+		# fix building on Solaris 10
+		# https://github.com/openssl/openssl/issues/6333
+		sed -i \
+			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
+			Configurations/10-main.conf || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	local ec_nistp_64_gcc_128
+
+	# Disable it for now though (bug #469976)
+	# echo "__uint128_t i;" > "${T}"/128.c
+	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	# fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		${ec_nistp_64_gcc_128}
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use_ssl sslv3 ssl3)
+		$(use_ssl sslv3 ssl3-method)
+		$(use_ssl asm)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl tls-heartbeat heartbeats)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
+	dodir /usr
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*}
+		d=${d#./}
+		m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# Fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m}
+
+		# Locate any symlinks that point to this man page
+		# We assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+
+			rm -f ${d}/${s}
+
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     796edf36f0106903f2fd32ebe6c6bce3a6bf1be6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 11 05:10:14 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun 11 05:12:37 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=796edf36

dev-libs/openssl: tiny comment tidyup

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1o-r1.ebuild | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1o-r1.ebuild b/dev-libs/openssl/openssl-1.1.1o-r1.ebuild
index 795b98f026c5..0e55dcc43e49 100644
--- a/dev-libs/openssl/openssl-1.1.1o-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o-r1.ebuild
@@ -132,7 +132,7 @@ src_prepare() {
 
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 
-	# Prefixify Configure shebang (#141906)
+	# Prefixify Configure shebang (bug #141906)
 	sed \
 		-e "1s,/usr/bin/env,${EPREFIX}&," \
 		-i Configure || die
@@ -180,9 +180,10 @@ multilib_src_configure() {
 	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
 
 	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
+	# friendly and can use the nicely optimized code paths, bug #460790.
 	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
+
+	# Disable it for now though (bug #469976)
 	# echo "__uint128_t i;" > "${T}"/128.c
 	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
 	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     a46b42914421b73a5bb3370a61172541fc0a1307
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 11 05:09:04 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun 11 05:09:04 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a46b4291

dev-libs/openssl: ebegin -> einfo

If it failed, we'd hit the || die anyway, so the eend was never going to be anything
other than OK.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1o-r1.ebuild | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1o-r1.ebuild b/dev-libs/openssl/openssl-1.1.1o-r1.ebuild
index 930239eb1259..795b98f026c5 100644
--- a/dev-libs/openssl/openssl-1.1.1o-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o-r1.ebuild
@@ -96,9 +96,8 @@ src_prepare() {
 	default
 
 	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
 		rm test/recipes/80-test_ssl_new.t || die
-		eend $?
 	fi
 
 	# - Make sure the man pages are suffixed (bug #302165)

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     e66ea6a3c3c7a193e3942c39c371effca5527d28
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 11 05:08:07 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun 11 05:08:07 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e66ea6a3

dev-libs/openssl: Update DESCRIPTION

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1o-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1o-r1.ebuild b/dev-libs/openssl/openssl-1.1.1o-r1.ebuild
index 7cf22eaddb0e..930239eb1259 100644
--- a/dev-libs/openssl/openssl-1.1.1o-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o-r1.ebuild
@@ -7,7 +7,7 @@ VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
 inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
 
 MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
 HOMEPAGE="https://www.openssl.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-test-fixes-expiry.patch.xz

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     141101644281c6e7d1f0c86c5cf85558884563f1
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 11 03:38:15 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun 11 03:38:18 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=14110164

dev-libs/openssl: unify logic b/t 1.1.x and 3.x as much as possible

Makes it easier in particular when working on forthcoming openssl-compat for
1.1.x.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 ...enssl-3.0.3.ebuild => openssl-1.1.1o-r1.ebuild} | 144 +++++++++++----------
 dev-libs/openssl/openssl-3.0.3.ebuild              |  14 +-
 2 files changed, 86 insertions(+), 72 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.3.ebuild b/dev-libs/openssl/openssl-1.1.1o-r1.ebuild
similarity index 69%
copy from dev-libs/openssl/openssl-3.0.3.ebuild
copy to dev-libs/openssl/openssl-1.1.1o-r1.ebuild
index 8f5264ad9e35..7cf22eaddb0e 100644
--- a/dev-libs/openssl/openssl-3.0.3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o-r1.ebuild
@@ -1,83 +1,65 @@
 # Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI="7"
+EAPI=7
 
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
 
 MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-test-fixes-expiry.patch.xz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-test-fixes-expiry.patch.xz
+	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+if [[ ${PV} != *_pre* ]] ; then
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 
-COMMON_DEPEND="
-	>=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
 BDEPEND="
 	>=dev-lang/perl-5
 	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
 	test? (
 		sys-apps/diffutils
 		sys-devel/bc
-		sys-process/procps
+		kernel_linux? ( sys-process/procps )
 	)
 	verify-sig? ( sec-keys/openpgp-keys-openssl )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
 PDEPEND="app-misc/ca-certificates"
 
+# force upgrade to prevent broken login, bug #696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
 MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
+	usr/include/openssl/opensslconf.h
 )
 
 PATCHES=(
 	# General patches which are suitable to always apply
 	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
 	"${WORKDIR}"/${P}-test-fixes-expiry.patch
 )
 
 pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
 	[[ ${MERGE_TYPE} == binary ]] && return
 
 	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
+	if use test && use sctp; then
 		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
 		# if sctp.auth_enable is not enabled.
 		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
 			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
 		fi
 	fi
@@ -92,6 +74,7 @@ src_unpack() {
 
 	default
 }
+
 src_prepare() {
 	# Allow openssl to be cross-compiled
 	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
@@ -112,9 +95,10 @@ src_prepare() {
 
 	default
 
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
 		rm test/recipes/80-test_ssl_new.t || die
+		eend $?
 	fi
 
 	# - Make sure the man pages are suffixed (bug #302165)
@@ -145,11 +129,13 @@ src_prepare() {
 	filter-flags -fstrict-aliasing
 	append-flags -fno-strict-aliasing
 
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 
-	# Prefixify Configure shebang (bug #141906)
+	# Prefixify Configure shebang (#141906)
 	sed \
-		-e "1s,/usr/bin/env,${BROOT}&," \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
 		-i Configure || die
 
 	# Remove test target when FEATURES=test isn't set
@@ -159,7 +145,21 @@ src_prepare() {
 			-i Configure || die
 	fi
 
-	# The config script does stupid stuff to prompt the user. Kill it.
+	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+		# use GNU ld full option, not to confuse it on Solaris
+		sed -i \
+			-e 's/-Wl,-M,/-Wl,--version-script=/' \
+			-e 's/-Wl,-h,/-Wl,--soname=/' \
+			Configurations/10-main.conf || die
+
+		# fix building on Solaris 10
+		# https://github.com/openssl/openssl/issues/6333
+		sed -i \
+			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
+			Configurations/10-main.conf || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
 	./config --test-sanity || die "I AM NOT SANE"
 
@@ -180,12 +180,24 @@ multilib_src_configure() {
 
 	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
 
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	# echo "__uint128_t i;" > "${T}"/128.c
+	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	# fi
+
 	local sslout=$(./gentoo.config)
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
 	local config="Configure"
 	[[ -z ${sslout} ]] && config="config"
 
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
 	local myeconfargs=(
 		${sslout}
 
@@ -196,16 +208,18 @@ multilib_src_configure() {
 		enable-sm2
 		enable-srp
 		$(use elibc_musl && echo "no-async")
+		${ec_nistp_64_gcc_128}
 		enable-idea
 		enable-mdc2
 		enable-rc5
-		$(use fips && echo "enable-fips")
+		$(use_ssl sslv3 ssl3)
+		$(use_ssl sslv3 ssl3-method)
 		$(use_ssl asm)
-		$(use_ssl ktls)
 		$(use_ssl rfc3779)
 		$(use_ssl sctp)
 		$(use test || echo "no-tests")
 		$(use_ssl tls-compression zlib)
+		$(use_ssl tls-heartbeat heartbeats)
 		$(use_ssl weak-ssl-ciphers)
 
 		--prefix="${EPREFIX}"/usr
@@ -216,9 +230,7 @@ multilib_src_configure() {
 		threads
 	)
 
-	CFLAGS= LDFLAGS= edo \
-		./${config} \
-		"${myeconfargs[@]}"
+	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
 
 	# Clean out hardcoded flags that openssl uses
 	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
@@ -238,8 +250,7 @@ multilib_src_configure() {
 	sed -i \
 		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
 		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile \
-		|| die
+		Makefile || die
 }
 
 multilib_src_compile() {
@@ -251,9 +262,7 @@ multilib_src_compile() {
 }
 
 multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+	emake -j1 test
 }
 
 multilib_src_install() {
@@ -267,7 +276,7 @@ multilib_src_install() {
 	# build system: the static archives are built as PIC all the time.
 	# Only way around this would be to manually configure+compile openssl
 	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
+	if ! use static-libs; then
 		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
 	fi
 }
@@ -277,7 +286,7 @@ multilib_src_install_all() {
 	# we provide a shell version via app-misc/c_rehash
 	rm "${ED}"/usr/bin/c_rehash || die
 
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
 
 	# Create the certs directory
 	keepdir ${SSL_CNF_DIR}/certs
@@ -286,7 +295,9 @@ multilib_src_install_all() {
 	cd "${ED}"/usr/share/man || die
 	local m d s
 	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		d=${m%/*}
+		d=${d#./}
+		m=${m##*/}
 
 		[[ ${m} == openssl.1* ]] && continue
 
@@ -296,12 +307,13 @@ multilib_src_install_all() {
 
 		# Fix up references to renamed man pages
 		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m}
 
 		# Locate any symlinks that point to this man page
 		# We assume that any broken links are due to the above renaming
 		for s in $(find -L ${d} -type l) ; do
 			s=${s##*/}
+
 			rm -f ${d}/${s}
 
 			# We don't want to "|| die" here

diff --git a/dev-libs/openssl/openssl-3.0.3.ebuild b/dev-libs/openssl/openssl-3.0.3.ebuild
index 8f5264ad9e35..23cddb4f6b9b 100644
--- a/dev-libs/openssl/openssl-3.0.3.ebuild
+++ b/dev-libs/openssl/openssl-3.0.3.ebuild
@@ -1,8 +1,9 @@
 # Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI="7"
+EAPI=7
 
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
 inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
 
 DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
@@ -18,7 +19,6 @@ else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-test-fixes-expiry.patch.xz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
 	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
 fi
 
@@ -92,6 +92,7 @@ src_unpack() {
 
 	default
 }
+
 src_prepare() {
 	# Allow openssl to be cross-compiled
 	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
@@ -216,9 +217,7 @@ multilib_src_configure() {
 		threads
 	)
 
-	CFLAGS= LDFLAGS= edo \
-		./${config} \
-		"${myeconfargs[@]}"
+	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
 
 	# Clean out hardcoded flags that openssl uses
 	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
@@ -286,7 +285,9 @@ multilib_src_install_all() {
 	cd "${ED}"/usr/share/man || die
 	local m d s
 	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		d=${m%/*}
+		d=${d#./}
+		m=${m##*/}
 
 		[[ ${m} == openssl.1* ]] && continue
 
@@ -302,6 +303,7 @@ multilib_src_install_all() {
 		# We assume that any broken links are due to the above renaming
 		for s in $(find -L ${d} -type l) ; do
 			s=${s##*/}
+
 			rm -f ${d}/${s}
 
 			# We don't want to "|| die" here

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     8ed39c475241a1c75cf4c6dc890f08932941e16a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  7 19:48:23 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jun  7 19:48:23 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ed39c47

dev-libs/openssl: fix PATCHES

Closes: https://bugs.gentoo.org/850523
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1o.ebuild | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild
index ed6595b67b33..730dfb22685e 100644
--- a/dev-libs/openssl/openssl-1.1.1o.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o.ebuild
@@ -35,12 +35,6 @@ BDEPEND="
 	verify-sig? ( sec-keys/openpgp-keys-openssl )"
 PDEPEND="app-misc/ca-certificates"
 
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-	"${FILESDIR}"/${P}-test-fixes-expiry.patch
-)
-
 S="${WORKDIR}/${MY_P}"
 
 # force upgrade to prevent broken login, bug 696950
@@ -51,6 +45,8 @@ MULTILIB_WRAPPED_HEADERS=(
 )
 
 PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
 	"${WORKDIR}"/${P}-test-fixes-expiry.patch
 )
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     9397ce3017323d2b97028622a8bf088409efa86a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  7 03:32:00 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jun  7 03:44:47 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9397ce30

dev-libs/openssl: backport test fix (certificates expired!)

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest              |  2 ++
 dev-libs/openssl/openssl-1.1.1o.ebuild | 16 ++++++++++++++++
 dev-libs/openssl/openssl-3.0.3.ebuild  | 11 +++++++++++
 3 files changed, 29 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 6cde0ea0f423..3984e90d7345 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -3,9 +3,11 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1n.tar.gz 9850712 BLAKE2B af530258d9f7ca4f1bd1c6c344eb385e766e465c9341dd08797676165f67bbb82d3fd549ed7559dc12fb8c9c4db5e04fa6ec7ab729ec1467f5e8bce469ff5398 SHA512 1937796736613dcf4105a54e42ecb61f95a1cea74677156f9459aea0f2c95159359e766089632bf364ee6b0d28d661eb9957bce8fecc9d2436378d8d79e8d0a4
 DIST openssl-1.1.1n.tar.gz.asc 488 BLAKE2B 8fc18fdc884473dc4c243499cc3528691a9ecc184e39e8d942450d41c42d22a96398036ae804af23c4f28d082c62f5babaa275ceb2e13b33b5acfd59a802c186 SHA512 24abc3d187cabed830dcd3189a34c2dc29e0b8013a607011a0e85cc68f0ec48c1de14a005053a4de3a4013cfa9658016ac65cfb8cfac58da55231371926beeda
+DIST openssl-1.1.1o-test-fixes-expiry.patch.xz 6180 BLAKE2B 23ef36d7bd05c98f7fab6de25681a53fa7a558d114548836b6cd90a57c4f4e45dc9fb622936053608b463320605b7df60db2d2caf3811b249f6ead3791a1c081 SHA512 577aec97fb31cd9efe3b30d82c560d3e7da57ae52c4de0f86e951b777a673830baaadcc5eb366c523024d37405531c6d32de26bbbc1e77df15c7822c72e937e6
 DIST openssl-1.1.1o.tar.gz 9856386 BLAKE2B 5bd355fd17adf43ba4e3bf1a8036ceb724edd4f4ab80dc25aecc3d2647372e9db2bc12e2b89791fc4b6f7fd95a7b68e00490d09ca6518d25ab990ee27798e641 SHA512 75b2f1499cb4640229eb6cd35d85cbff2e19db17b959ac4d04b60f1b395b73567f9003521452a0fcfeea9b31b26de0a7bccf476ecf9caae02298f3647cfb7e23
 DIST openssl-1.1.1o.tar.gz.asc 488 BLAKE2B a03a967e7e2124d1a76ad7765e2f48065f40d32ba102a433be603ee8f86b26a2d246dcb97a95bd694ef3005889ce4f1951f76d39fe1d683f92da1aa3023e9c2d SHA512 da6d88de7c1cd807b6089d50f8bb102c317c0b45ca26e517e3e400c5c65f787d94a1ee522af76279e93790a7fb491348cf25ffcfd66ecb9a9d35209328cb221e
 DIST openssl-3.0.2.tar.gz 15038141 BLAKE2B 140c4c80a0cad89cb0059fef6a4cd421460e6af9a3973f7a3eb5e39f64c0d44794d46e7a869e5235fced139f2249351e37a9ee5ebaa17f2708d63141ebebf919 SHA512 f986850d5be908b4d6b5fd7091bc4652d7378c9bccebfbc5becd7753843c04c1eb61a1749c432139d263dfac33df0b1f6c773664b485cad47542266823a4eb03
 DIST openssl-3.0.2.tar.gz.asc 488 BLAKE2B 2f6482114271c4f512159fa159486a3b3470637d770cd1614fda004918d06ed9ab562e655d1580d2ebb05745ec72987488c2161b72d078017cc157003d4205da SHA512 4303391a58107c76ad9b05510f5bfc95f687f4cb2f9ff5b03fb262ba99b573423ab83f0437471199954496799b343191b889ad9ef8fabdd7ee4ec3ec9b5f1d81
+DIST openssl-3.0.3-test-fixes-expiry.patch.xz 29056 BLAKE2B 11be776b9c4baec770d81ff180581d7d8292261f32ebfcb2cfd399d684cef1b9e7b4575d906f23e8a61d853eafb178e1b0e01d9324dbe598c876c0ef74bcf5e8 SHA512 23bc571dfca453deb4f1812aea5fc1bcf1c27358d8638a66ce7f359a698b09a35bdc86e01db36aa5e59b37cc7e36f0ced6f1463b383fb0d904aada69f5d5cb04
 DIST openssl-3.0.3.tar.gz 15058905 BLAKE2B 8141d13dbea2f1febdd4e46aa404e9f3bac51e1fdc0c9b0df8bf3bf6852e18b09201a2a8cbee99f72e8d6de660834093449b7a14a3fbdda8511286ca3b6743e7 SHA512 949472025211fabdaf2564122f0a9a3baef0facb6373e90cf6c4485164a50898050b179722d0b358c4d8cf1787384ea30d5fd03b98757634631d3e8978509b1a
 DIST openssl-3.0.3.tar.gz.asc 488 BLAKE2B 3f31e3a73706b69683220e05b1b4ddc75dc3e7e12652dca711e4aa0eb3c023ef736aee9ade15172d7f28e1e1af03e86d4854ec6c3d167cad42882f483c5e56d4 SHA512 04afe65c6af1ae43a9967462383a6a4f567f5acff19ec1952cd6fce2dc3c3d4dfb3cb54126562724c148f40dcb66668abf727282d35730bbf36f82b5c6bacace

diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild
index 78897bc1821c..ed6595b67b33 100644
--- a/dev-libs/openssl/openssl-1.1.1o.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o.ebuild
@@ -10,6 +10,7 @@ MY_P=${P/_/-}
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
 HOMEPAGE="https://www.openssl.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-test-fixes-expiry.patch.xz
 	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 
@@ -37,6 +38,7 @@ PDEPEND="app-misc/ca-certificates"
 PATCHES=(
 	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
 	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+	"${FILESDIR}"/${P}-test-fixes-expiry.patch
 )
 
 S="${WORKDIR}/${MY_P}"
@@ -48,6 +50,10 @@ MULTILIB_WRAPPED_HEADERS=(
 	usr/include/openssl/opensslconf.h
 )
 
+PATCHES=(
+	"${WORKDIR}"/${P}-test-fixes-expiry.patch
+)
+
 pkg_setup() {
 	[[ ${MERGE_TYPE} == binary ]] && return
 
@@ -62,6 +68,16 @@ pkg_setup() {
 	fi
 }
 
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
 src_prepare() {
 	# allow openssl to be cross-compiled
 	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die

diff --git a/dev-libs/openssl/openssl-3.0.3.ebuild b/dev-libs/openssl/openssl-3.0.3.ebuild
index c113ce8057fa..8f5264ad9e35 100644
--- a/dev-libs/openssl/openssl-3.0.3.ebuild
+++ b/dev-libs/openssl/openssl-3.0.3.ebuild
@@ -16,6 +16,7 @@ if [[ ${PV} == 9999 ]] ; then
 	inherit git-r3
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-test-fixes-expiry.patch.xz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
 	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
 	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
@@ -53,6 +54,7 @@ MULTILIB_WRAPPED_HEADERS=(
 PATCHES=(
 	# General patches which are suitable to always apply
 	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+	"${WORKDIR}"/${P}-test-fixes-expiry.patch
 )
 
 pkg_setup() {
@@ -81,6 +83,15 @@ pkg_setup() {
 	fi
 }
 
+src_unpack() {
+	# Can delete this once test fix patch is dropped
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
 src_prepare() {
 	# Allow openssl to be cross-compiled
 	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Benda XU]

commit:     a02ce7cc406ff8803a21d6f5512ee8fdbb1a2e73
Author:     Benda Xu <heroxbd <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 30 15:22:00 2022 +0000
Commit:     Benda XU <heroxbd <AT> gentoo <DOT> org>
CommitDate: Wed Jun  1 15:28:17 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a02ce7cc

dev-libs/openssl: use BROOT to locate env.

The shebang "/usr/bin/env" should be in build dependency.

Not touching the stablized ebuilds.

Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Benda Xu <heroxbd <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.2.ebuild | 2 +-
 dev-libs/openssl/openssl-3.0.3.ebuild | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.2.ebuild b/dev-libs/openssl/openssl-3.0.2.ebuild
index 2ef0aaed3200..3d56892f5980 100644
--- a/dev-libs/openssl/openssl-3.0.2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.2.ebuild
@@ -128,7 +128,7 @@ src_prepare() {
 
 	# Prefixify Configure shebang (#141906)
 	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-e "1s,/usr/bin/env,${BROOT}&," \
 		-i Configure || die
 
 	# Remove test target when FEATURES=test isn't set

diff --git a/dev-libs/openssl/openssl-3.0.3.ebuild b/dev-libs/openssl/openssl-3.0.3.ebuild
index 2af0d8bf7020..c113ce8057fa 100644
--- a/dev-libs/openssl/openssl-3.0.3.ebuild
+++ b/dev-libs/openssl/openssl-3.0.3.ebuild
@@ -138,7 +138,7 @@ src_prepare() {
 
 	# Prefixify Configure shebang (bug #141906)
 	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-e "1s,/usr/bin/env,${BROOT}&," \
 		-i Configure || die
 
 	# Remove test target when FEATURES=test isn't set

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     b0356a26e7f91315a692202dbd9e890c30cde87e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 28 03:11:37 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 28 03:38:03 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0356a26

dev-libs/openssl: use edo.eclass in 1.1.1o

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1o.ebuild | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild
index d31226dd3168..78897bc1821c 100644
--- a/dev-libs/openssl/openssl-1.1.1o.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o.ebuild
@@ -3,7 +3,7 @@
 
 EAPI="7"
 
-inherit flag-o-matic toolchain-funcs multilib-minimal verify-sig
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
 
 MY_P=${P/_/-}
 
@@ -160,7 +160,6 @@ multilib_src_configure() {
 	tc-export CC AR RANLIB RC
 
 	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
 
 	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
 
@@ -182,8 +181,7 @@ multilib_src_configure() {
 	# Don't set it without thorough revdeps testing.
 	# Make sure user flags don't get added *yet* to avoid duplicated
 	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
+	CFLAGS= LDFLAGS= edo ./${config} \
 		${sslout} \
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
@@ -208,8 +206,7 @@ multilib_src_configure() {
 		--prefix="${EPREFIX}"/usr \
 		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
 		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
+		shared threads
 
 	# Clean out hardcoded flags that openssl uses
 	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     21863df13161d5a028a7b25f14d4cc973b570789
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Thu May 19 20:24:46 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu May 19 20:31:32 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21863df1

dev-libs/openssl: stable 1.1.1o for hppa, bug #845258

Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild
index 2b2db67325bd..d31226dd3168 100644
--- a/dev-libs/openssl/openssl-1.1.1o.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o.ebuild
@@ -16,7 +16,7 @@ VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     e458dccc33746df0f707065ddafb8ab728c49121
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu May 19 07:47:35 2022 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu May 19 07:47:35 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e458dccc

dev-libs/openssl: arm stable wrt bug #845258

Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="arm"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild
index 48e5e8265b39..2b2db67325bd 100644
--- a/dev-libs/openssl/openssl-1.1.1o.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o.ebuild
@@ -16,7 +16,7 @@ VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     ba26a8dafe2ab11ca59c6cacbaf545b687e62f5c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu May 19 05:12:25 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu May 19 05:17:46 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba26a8da

dev-libs/openssl: explain why -fno-strict-aliasing

OpenSSL has a scary number of strict aliasing violations
within its codebase and it is *extremely* unsafe to build
OpenSSL without this option.

Hence we continue to build with -fno-strict-aliasing,
like we have done for the last 10 years, but explain
why in the ebuild.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1o.ebuild | 12 +++++++++++-
 dev-libs/openssl/openssl-3.0.3.ebuild  |  9 +++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild
index ff2f6ac9a728..48e5e8265b39 100644
--- a/dev-libs/openssl/openssl-1.1.1o.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o.ebuild
@@ -106,10 +106,20 @@ src_prepare() {
 	# and 'make depend' uses -Werror for added fun (#417795 again)
 	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
 
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
 	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
+
 	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
 
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
 	# Prefixify Configure shebang (#141906)
 	sed \
 		-e "1s,/usr/bin/env,${EPREFIX}&," \

diff --git a/dev-libs/openssl/openssl-3.0.3.ebuild b/dev-libs/openssl/openssl-3.0.3.ebuild
index 514ea991ddcc..2af0d8bf7020 100644
--- a/dev-libs/openssl/openssl-3.0.3.ebuild
+++ b/dev-libs/openssl/openssl-3.0.3.ebuild
@@ -124,7 +124,16 @@ src_prepare() {
 	# and 'make depend' uses -Werror for added fun (bug #417795 again)
 	tc-is-clang && append-flags -Qunused-arguments
 
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/18225
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
 	append-flags -fno-strict-aliasing
+
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 
 	# Prefixify Configure shebang (bug #141906)

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jakov Smolić]

commit:     7b052e3503a445f5a079e88a150cac809114ff9d
Author:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
AuthorDate: Wed May 18 14:58:23 2022 +0000
Commit:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
CommitDate: Wed May 18 14:58:23 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b052e35

dev-libs/openssl: Stabilize 1.1.1o arm64, #845258

Signed-off-by: Jakov Smolić <jsmolic <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild
index c64a46aa3f67..ff2f6ac9a728 100644
--- a/dev-libs/openssl/openssl-1.1.1o.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o.ebuild
@@ -16,7 +16,7 @@ VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     56b441d2e4b798d2416ac4486413b6f876a0c64e
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed May 18 07:58:30 2022 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed May 18 07:58:30 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56b441d2

dev-libs/openssl: x86 stable wrt bug #845258

Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild
index be5ed06c1c17..c64a46aa3f67 100644
--- a/dev-libs/openssl/openssl-1.1.1o.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o.ebuild
@@ -16,7 +16,7 @@ VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     a67ed614382c8d2f3e624fd87b531e3147af8c99
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed May 18 07:58:10 2022 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed May 18 07:58:10 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a67ed614

dev-libs/openssl: sparc stable wrt bug #845258

Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild
index df45d70f0451..be5ed06c1c17 100644
--- a/dev-libs/openssl/openssl-1.1.1o.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o.ebuild
@@ -16,7 +16,7 @@ VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     b54b55046b50ac7680b9e75fff18b6c3f8a646e0
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed May 18 07:57:47 2022 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed May 18 07:57:47 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b54b5504

dev-libs/openssl: ppc64 stable wrt bug #845258

Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild
index 251a62cadefe..df45d70f0451 100644
--- a/dev-libs/openssl/openssl-1.1.1o.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o.ebuild
@@ -16,7 +16,7 @@ VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     73ee06bd2a9ce760f07eff8c906e778eeebc8940
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed May 18 07:57:25 2022 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed May 18 07:57:25 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73ee06bd

dev-libs/openssl: ppc stable wrt bug #845258

Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild
index 2f4cf4e9c358..251a62cadefe 100644
--- a/dev-libs/openssl/openssl-1.1.1o.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o.ebuild
@@ -16,7 +16,7 @@ VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     b48dfe65c02afab963edfb78a0467c103ddf64e2
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed May 18 07:57:01 2022 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed May 18 07:57:01 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b48dfe65

dev-libs/openssl: amd64 stable wrt bug #845258

Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild
index eca7051ca685..2f4cf4e9c358 100644
--- a/dev-libs/openssl/openssl-1.1.1o.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o.ebuild
@@ -16,7 +16,7 @@ VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     e23107f0d77cda138f949ae15ae578442f8cb8d5
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed May 18 03:30:05 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed May 18 03:30:09 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e23107f0

dev-libs/openssl: use no-tests configure arg in 1.1.1o

Use official method (but keep sed for now) to disable building tests if not enabled.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1o.ebuild | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild
index 5b19fd948893..eca7051ca685 100644
--- a/dev-libs/openssl/openssl-1.1.1o.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1o.ebuild
@@ -191,6 +191,7 @@ multilib_src_configure() {
 		$(use_ssl asm) \
 		$(use_ssl rfc3779) \
 		$(use_ssl sctp) \
+		$(use test || echo "no-tests") \
 		$(use_ssl tls-compression zlib) \
 		$(use_ssl tls-heartbeat heartbeats) \
 		$(use_ssl weak-ssl-ciphers) \

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     7732f634098b141537ebdd71fc3963b368265b24
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri May  6 06:57:54 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri May  6 07:12:32 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7732f634

dev-libs/openssl: conditionally build tests

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.3.ebuild | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dev-libs/openssl/openssl-3.0.3.ebuild b/dev-libs/openssl/openssl-3.0.3.ebuild
index 22459db77bf3..c724bb6cca15 100644
--- a/dev-libs/openssl/openssl-3.0.3.ebuild
+++ b/dev-libs/openssl/openssl-3.0.3.ebuild
@@ -179,6 +179,7 @@ multilib_src_configure() {
 		$(use_ssl ktls)
 		$(use_ssl rfc3779)
 		$(use_ssl sctp)
+		$(use test || echo "no-tests")
 		$(use_ssl tls-compression zlib)
 		$(use_ssl weak-ssl-ciphers)
 		--prefix="${EPREFIX}"/usr

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     296c0f547c510b0450b177b43e43336e1628ac01
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri May  6 07:06:26 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri May  6 07:12:33 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=296c0f54

dev-libs/openssl: modernise 3.0.3

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.3.ebuild | 97 ++++++++++++++++++-----------------
 1 file changed, 51 insertions(+), 46 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.3.ebuild b/dev-libs/openssl/openssl-3.0.3.ebuild
index c724bb6cca15..514ea991ddcc 100644
--- a/dev-libs/openssl/openssl-3.0.3.ebuild
+++ b/dev-libs/openssl/openssl-3.0.3.ebuild
@@ -3,27 +3,28 @@
 
 EAPI="7"
 
-inherit flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-MY_P=${P/_/-}
+inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
 
 DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
 HOMEPAGE="https://www.openssl.org/"
 
-if [[ ${PV} == "9999" ]] ; then
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
 	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
 
 	inherit git-r3
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
+	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
 	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
 fi
 
+S="${WORKDIR}"/${MY_P}
+
 LICENSE="Apache-2.0"
 SLOT="0/3" # .so version of libssl/libcrypto
-
 IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 
@@ -31,7 +32,6 @@ COMMON_DEPEND="
 	>=app-misc/c_rehash-1.7-r1
 	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 "
-
 BDEPEND="
 	>=dev-lang/perl-5
 	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
@@ -43,17 +43,18 @@ BDEPEND="
 	verify-sig? ( sec-keys/openpgp-keys-openssl )"
 
 DEPEND="${COMMON_DEPEND}"
-
 RDEPEND="${COMMON_DEPEND}"
-
 PDEPEND="app-misc/ca-certificates"
 
-S="${WORKDIR}/${MY_P}"
-
 MULTILIB_WRAPPED_HEADERS=(
 	/usr/include/openssl/configuration.h
 )
 
+PATCHES=(
+	# General patches which are suitable to always apply
+	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+)
+
 pkg_setup() {
 	if use ktls ; then
 		if kernel_is -lt 4 18 ; then
@@ -69,7 +70,7 @@ pkg_setup() {
 
 	[[ ${MERGE_TYPE} == binary ]] && return
 
-	# must check in pkg_setup; sysctl don't work with userpriv!
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
 	if use test && use sctp ; then
 		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
 		# if sctp.auth_enable is not enabled.
@@ -81,11 +82,11 @@ pkg_setup() {
 }
 
 src_prepare() {
-	# allow openssl to be cross-compiled
+	# Allow openssl to be cross-compiled
 	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
 	chmod a+rx gentoo.config || die
 
-	# keep this in sync with app-misc/c_rehash
+	# Keep this in sync with app-misc/c_rehash
 	SSL_CNF_DIR="/etc/ssl"
 
 	# Make sure we only ever touch Makefile.org and avoid patching a file
@@ -93,21 +94,21 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
 	fi
 
-	eapply_user
+	default
 
 	if use test && use sctp && has network-sandbox ${FEATURES} ; then
 		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
 		rm test/recipes/80-test_ssl_new.t || die
 	fi
 
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
+	# - Make sure the man pages are suffixed (bug #302165)
+	# - Don't bother building man pages if they're disabled
+	# - Make DOCDIR Gentoo compliant
 	sed -i \
 		-e '/^MANSUFFIX/s:=.*:=ssl:' \
 		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
@@ -118,15 +119,15 @@ src_prepare() {
 		Configurations/unix-Makefile.tmpl \
 		|| die
 
-	# quiet out unknown driver argument warnings since openssl
+	# Quiet out unknown driver argument warnings since openssl
 	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
 
 	append-flags -fno-strict-aliasing
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 
-	# Prefixify Configure shebang (#141906)
+	# Prefixify Configure shebang (bug #141906)
 	sed \
 		-e "1s,/usr/bin/env,${EPREFIX}&," \
 		-i Configure || die
@@ -138,7 +139,7 @@ src_prepare() {
 			-i Configure || die
 	fi
 
-	# The config script does stupid stuff to prompt the user.  Kill it.
+	# The config script does stupid stuff to prompt the user. Kill it.
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
 	./config --test-sanity || die "I AM NOT SANE"
 
@@ -146,24 +147,28 @@ src_prepare() {
 }
 
 multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
 
 	tc-export AR CC CXX RANLIB RC
 
 	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
 
 	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
 
 	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
 	local config="Configure"
 	[[ -z ${sslout} ]] && config="config"
 
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
 	local myeconfargs=(
 		${sslout}
+
 		$(use cpu_flags_x86_sse2 || echo "no-sse2")
 		enable-camellia
 		enable-ec
@@ -182,17 +187,18 @@ multilib_src_configure() {
 		$(use test || echo "no-tests")
 		$(use_ssl tls-compression zlib)
 		$(use_ssl weak-ssl-ciphers)
+
 		--prefix="${EPREFIX}"/usr
 		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
 		--libdir=$(get_libdir)
+
 		shared
 		threads
 	)
 
-	CFLAGS= LDFLAGS= echoit \
+	CFLAGS= LDFLAGS= edo \
 		./${config} \
-		"${myeconfargs[@]}" \
-		|| die
+		"${myeconfargs[@]}"
 
 	# Clean out hardcoded flags that openssl uses
 	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
@@ -231,16 +237,13 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]] ; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
+	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
+	dodir /usr
 
 	emake DESTDIR="${D}" install
 
 	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
+	# when USE=static-libs. But this is due to a failing in the openssl
 	# build system: the static archives are built as PIC all the time.
 	# Only way around this would be to manually configure+compile openssl
 	# twice; once with shared lib support enabled and once without.
@@ -256,7 +259,7 @@ multilib_src_install_all() {
 
 	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
 
-	# create the certs directory
+	# Create the certs directory
 	keepdir ${SSL_CNF_DIR}/certs
 
 	# Namespace openssl programs to prevent conflicts with other man pages
@@ -271,15 +274,16 @@ multilib_src_install_all() {
 
 		mv ${d}/{,ssl-}${m} || die
 
-		# fix up references to renamed man pages
+		# Fix up references to renamed man pages
 		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
 		ln -s ssl-${m} ${d}/openssl-${m} || die
 
-		# locate any symlinks that point to this man page ...
-		# we assume that any broken links are due to the above renaming
+		# Locate any symlinks that point to this man page
+		# We assume that any broken links are due to the above renaming
 		for s in $(find -L ${d} -type l) ; do
 			s=${s##*/}
 			rm -f ${d}/${s}
+
 			# We don't want to "|| die" here
 			ln -s ssl-${m} ${d}/ssl-${s}
 			ln -s ssl-${s} ${d}/openssl-${s}
@@ -287,7 +291,8 @@ multilib_src_install_all() {
 	done
 	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
 
-	dodir /etc/sandbox.d #254521
+	# bug #254521
+	dodir /etc/sandbox.d
 	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
 
 	diropts -m0700
@@ -295,7 +300,7 @@ multilib_src_install_all() {
 }
 
 pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
 	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
 	eend $?
 }

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     d653416679bc345f411f249405f999b4439d1411
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri May  6 05:31:32 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri May  6 05:43:05 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6534166

dev-libs/openssl: run tests for 3.x in parallel

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.3.ebuild | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-3.0.3.ebuild b/dev-libs/openssl/openssl-3.0.3.ebuild
index 2ef0aaed3200..22459db77bf3 100644
--- a/dev-libs/openssl/openssl-3.0.3.ebuild
+++ b/dev-libs/openssl/openssl-3.0.3.ebuild
@@ -3,7 +3,7 @@
 
 EAPI="7"
 
-inherit flag-o-matic linux-info toolchain-funcs multilib-minimal verify-sig
+inherit flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
 
 MY_P=${P/_/-}
 
@@ -219,11 +219,14 @@ multilib_src_compile() {
 	# depend is needed to use $confopts; it also doesn't matter
 	# that it's -j1 as the code itself serializes subdirs
 	emake -j1 depend
+
 	emake all
 }
 
 multilib_src_test() {
-	emake -j1 test
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
 }
 
 multilib_src_install() {

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     a796465aab66d211626dda8a31633fd68117aace
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue May  3 21:32:20 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue May  3 21:32:26 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a796465a

dev-libs/openssl: add 3.0.3

Masked still (3.x) so not the focus of the sec bug, but need to bump
to address some vulnerabilities anyhow.

Bug: https://bugs.gentoo.org/842489
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.0.3.ebuild | 297 ++++++++++++++++++++++++++++++++++
 2 files changed, 299 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index bbdc6eea0074..6cde0ea0f423 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -7,3 +7,5 @@ DIST openssl-1.1.1o.tar.gz 9856386 BLAKE2B 5bd355fd17adf43ba4e3bf1a8036ceb724edd
 DIST openssl-1.1.1o.tar.gz.asc 488 BLAKE2B a03a967e7e2124d1a76ad7765e2f48065f40d32ba102a433be603ee8f86b26a2d246dcb97a95bd694ef3005889ce4f1951f76d39fe1d683f92da1aa3023e9c2d SHA512 da6d88de7c1cd807b6089d50f8bb102c317c0b45ca26e517e3e400c5c65f787d94a1ee522af76279e93790a7fb491348cf25ffcfd66ecb9a9d35209328cb221e
 DIST openssl-3.0.2.tar.gz 15038141 BLAKE2B 140c4c80a0cad89cb0059fef6a4cd421460e6af9a3973f7a3eb5e39f64c0d44794d46e7a869e5235fced139f2249351e37a9ee5ebaa17f2708d63141ebebf919 SHA512 f986850d5be908b4d6b5fd7091bc4652d7378c9bccebfbc5becd7753843c04c1eb61a1749c432139d263dfac33df0b1f6c773664b485cad47542266823a4eb03
 DIST openssl-3.0.2.tar.gz.asc 488 BLAKE2B 2f6482114271c4f512159fa159486a3b3470637d770cd1614fda004918d06ed9ab562e655d1580d2ebb05745ec72987488c2161b72d078017cc157003d4205da SHA512 4303391a58107c76ad9b05510f5bfc95f687f4cb2f9ff5b03fb262ba99b573423ab83f0437471199954496799b343191b889ad9ef8fabdd7ee4ec3ec9b5f1d81
+DIST openssl-3.0.3.tar.gz 15058905 BLAKE2B 8141d13dbea2f1febdd4e46aa404e9f3bac51e1fdc0c9b0df8bf3bf6852e18b09201a2a8cbee99f72e8d6de660834093449b7a14a3fbdda8511286ca3b6743e7 SHA512 949472025211fabdaf2564122f0a9a3baef0facb6373e90cf6c4485164a50898050b179722d0b358c4d8cf1787384ea30d5fd03b98757634631d3e8978509b1a
+DIST openssl-3.0.3.tar.gz.asc 488 BLAKE2B 3f31e3a73706b69683220e05b1b4ddc75dc3e7e12652dca711e4aa0eb3c023ef736aee9ade15172d7f28e1e1af03e86d4854ec6c3d167cad42882f483c5e56d4 SHA512 04afe65c6af1ae43a9967462383a6a4f567f5acff19ec1952cd6fce2dc3c3d4dfb3cb54126562724c148f40dcb66668abf727282d35730bbf36f82b5c6bacace

diff --git a/dev-libs/openssl/openssl-3.0.3.ebuild b/dev-libs/openssl/openssl-3.0.3.ebuild
new file mode 100644
index 000000000000..2ef0aaed3200
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.3.ebuild
@@ -0,0 +1,297 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic linux-info toolchain-funcs multilib-minimal verify-sig
+
+MY_P=${P/_/-}
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+if [[ ${PV} == "9999" ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	>=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)
+	verify-sig? ( sec-keys/openpgp-keys-openssl )"
+
+DEPEND="${COMMON_DEPEND}"
+
+RDEPEND="${COMMON_DEPEND}"
+
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	local myeconfargs=(
+		${sslout}
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= echoit \
+		./${config} \
+		"${myeconfargs[@]}" \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile \
+		|| die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]] ; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m} || die
+
+		# locate any symlinks that point to this man page ...
+		# we assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     5876585a138a317e27542ed50331f9e6c7315cca
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Tue May  3 20:30:01 2022 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue May  3 20:30:10 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5876585a

dev-libs/openssl: add 1.1.1o

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.1.1o.ebuild | 298 +++++++++++++++++++++++++++++++++
 2 files changed, 300 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index ddca5b64dd88..bbdc6eea0074 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -3,5 +3,7 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1n.tar.gz 9850712 BLAKE2B af530258d9f7ca4f1bd1c6c344eb385e766e465c9341dd08797676165f67bbb82d3fd549ed7559dc12fb8c9c4db5e04fa6ec7ab729ec1467f5e8bce469ff5398 SHA512 1937796736613dcf4105a54e42ecb61f95a1cea74677156f9459aea0f2c95159359e766089632bf364ee6b0d28d661eb9957bce8fecc9d2436378d8d79e8d0a4
 DIST openssl-1.1.1n.tar.gz.asc 488 BLAKE2B 8fc18fdc884473dc4c243499cc3528691a9ecc184e39e8d942450d41c42d22a96398036ae804af23c4f28d082c62f5babaa275ceb2e13b33b5acfd59a802c186 SHA512 24abc3d187cabed830dcd3189a34c2dc29e0b8013a607011a0e85cc68f0ec48c1de14a005053a4de3a4013cfa9658016ac65cfb8cfac58da55231371926beeda
+DIST openssl-1.1.1o.tar.gz 9856386 BLAKE2B 5bd355fd17adf43ba4e3bf1a8036ceb724edd4f4ab80dc25aecc3d2647372e9db2bc12e2b89791fc4b6f7fd95a7b68e00490d09ca6518d25ab990ee27798e641 SHA512 75b2f1499cb4640229eb6cd35d85cbff2e19db17b959ac4d04b60f1b395b73567f9003521452a0fcfeea9b31b26de0a7bccf476ecf9caae02298f3647cfb7e23
+DIST openssl-1.1.1o.tar.gz.asc 488 BLAKE2B a03a967e7e2124d1a76ad7765e2f48065f40d32ba102a433be603ee8f86b26a2d246dcb97a95bd694ef3005889ce4f1951f76d39fe1d683f92da1aa3023e9c2d SHA512 da6d88de7c1cd807b6089d50f8bb102c317c0b45ca26e517e3e400c5c65f787d94a1ee522af76279e93790a7fb491348cf25ffcfd66ecb9a9d35209328cb221e
 DIST openssl-3.0.2.tar.gz 15038141 BLAKE2B 140c4c80a0cad89cb0059fef6a4cd421460e6af9a3973f7a3eb5e39f64c0d44794d46e7a869e5235fced139f2249351e37a9ee5ebaa17f2708d63141ebebf919 SHA512 f986850d5be908b4d6b5fd7091bc4652d7378c9bccebfbc5becd7753843c04c1eb61a1749c432139d263dfac33df0b1f6c773664b485cad47542266823a4eb03
 DIST openssl-3.0.2.tar.gz.asc 488 BLAKE2B 2f6482114271c4f512159fa159486a3b3470637d770cd1614fda004918d06ed9ab562e655d1580d2ebb05745ec72987488c2161b72d078017cc157003d4205da SHA512 4303391a58107c76ad9b05510f5bfc95f687f4cb2f9ff5b03fb262ba99b573423ab83f0437471199954496799b343191b889ad9ef8fabdd7ee4ec3ec9b5f1d81

diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild
new file mode 100644
index 000000000000..5b19fd948893
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1o.ebuild
@@ -0,0 +1,298 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=${P/_/-}
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		kernel_linux? ( sys-process/procps )
+	)
+	verify-sig? ( sec-keys/openpgp-keys-openssl )"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+)
+
+S="${WORKDIR}/${MY_P}"
+
+# force upgrade to prevent broken login, bug 696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if use test && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+		rm test/recipes/80-test_ssl_new.t || die
+		eend $?
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+		# use GNU ld full option, not to confuse it on Solaris
+		sed -i \
+			-e 's/-Wl,-M,/-Wl,--version-script=/' \
+			-e 's/-Wl,-h,/-Wl,--soname=/' \
+			Configurations/10-main.conf || die
+
+		# fix building on Solaris 10
+		# https://github.com/openssl/openssl/issues/6333
+		sed -i \
+			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
+			Configurations/10-main.conf || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	# echo "__uint128_t i;" > "${T}"/128.c
+	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	# fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		enable-ec2m \
+		enable-sm2 \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-compression zlib) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl weak-ssl-ciphers) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     66eada125753c1ea12cb1e18e2468bea88356775
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 17 16:58:38 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Apr 17 17:05:50 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66eada12

dev-libs/openssl: drop versions

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest                 |   8 -
 dev-libs/openssl/openssl-1.1.1k-r1.ebuild | 328 ------------------------------
 dev-libs/openssl/openssl-1.1.1l-r1.ebuild | 279 -------------------------
 dev-libs/openssl/openssl-1.1.1l.ebuild    | 328 ------------------------------
 dev-libs/openssl/openssl-1.1.1m.ebuild    | 294 --------------------------
 dev-libs/openssl/openssl-3.0.0.ebuild     | 296 ---------------------------
 dev-libs/openssl/openssl-3.0.1.ebuild     | 297 ---------------------------
 7 files changed, 1830 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 075df27bb2d6..ddca5b64dd88 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,15 +1,7 @@
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
-DIST openssl-1.1.1i-bindist-1.0.tar.xz 18124 BLAKE2B bcbce700676d1d61498ac98281b7ad06f9970d91afa6bfb2c259ab7462b2554be79a1c06759bc7aaeca9948c2f5276bac2c4f42dbc6822669f863444b9913ccd SHA512 1dbb81bcb4cf7e634bb363c7e2bb2590a1fe3fcb6c3b5e377cac3c5241abd116c2a89c516be8e5fd1799ab64375a58052a4df944eeadc87b0b7785da710906d8
-DIST openssl-1.1.1k.tar.gz 9823400 BLAKE2B e9bd90f17bc819c4960d07bbee04346e8a7adb87a764a09d033ef76f1d638c67b180c4f2beb84ec25fbff54ccc9c14c13b9b16a27cac231a5dd22b02635d5cec SHA512 73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121
-DIST openssl-1.1.1l.tar.gz 9834044 BLAKE2B 9e8739015db63a013c05587e3d164d67c3f65f1f6c5fc75e4592bcd038c036cde88a7bc95fbc1f1b4ed876f6124ca4dabcd4f5dbb45d1b84299f2efe1a59431a SHA512 d9611f393e37577cca05004531388d3e0ebbf714894cab9f95f4903909cd4f45c214faab664c0cbc3ad3cca309d500b9e6d0ecbf9a0a0588d1677dc6b047f9e0
-DIST openssl-1.1.1m.tar.gz 9847315 BLAKE2B 163262933df11afdb7b0c58fbbf0454b05e02951d28ed24e2c530affa18dee884d86555f7314506852ebfcc092bb509b6f9cd33893e30dab67bfb6f5713946eb SHA512 ba0ef99b321546c13385966e4a607734df38b96f6ed45c4c67063a5f8d1482986855279797a6920d9f86c2ec31ce3e104dcc62c37328caacdd78aec59aa66156
 DIST openssl-1.1.1n.tar.gz 9850712 BLAKE2B af530258d9f7ca4f1bd1c6c344eb385e766e465c9341dd08797676165f67bbb82d3fd549ed7559dc12fb8c9c4db5e04fa6ec7ab729ec1467f5e8bce469ff5398 SHA512 1937796736613dcf4105a54e42ecb61f95a1cea74677156f9459aea0f2c95159359e766089632bf364ee6b0d28d661eb9957bce8fecc9d2436378d8d79e8d0a4
 DIST openssl-1.1.1n.tar.gz.asc 488 BLAKE2B 8fc18fdc884473dc4c243499cc3528691a9ecc184e39e8d942450d41c42d22a96398036ae804af23c4f28d082c62f5babaa275ceb2e13b33b5acfd59a802c186 SHA512 24abc3d187cabed830dcd3189a34c2dc29e0b8013a607011a0e85cc68f0ec48c1de14a005053a4de3a4013cfa9658016ac65cfb8cfac58da55231371926beeda
-DIST openssl-3.0.0.tar.gz 14978663 BLAKE2B 64721ee958fc47d57a479dffff91be5692d80d10a6727d804f8a9da66fcaea799b67fda8987f9ecdfb2777ec42033c5e8a6a135e30784d6422eb3c65e676abe6 SHA512 1fdf769ef69631eb802671a9e0bb3a01883d58282f651986212983c2d7c9d3499dabe99a6dee0411e997e6fcfa6f682b121b7698596de0d6c78850c2200241b1
-DIST openssl-3.0.0.tar.gz.asc 833 BLAKE2B df0dac703a5259bb312e4e2a9cb81d061331e69426633097354dbcc0658345f6723eaddf74303d97bb3d849bc93f07ecdaad0fd807ab9272e01a419e8f1f4abb SHA512 b51d3ec06b5d7bc7ff7297a6530154ff718b288e7daafa28cff1ca8396de229090e8addaf63da2322b0b17f51be8fa114ddc71da2dcd118b7d7d1bdc73b6f46e
-DIST openssl-3.0.1.tar.gz 15011207 BLAKE2B ea1e560cbebbd3fdb560cbd7db518db2f95d1b7a8397435483829eda815e9f74a175693949c3d013205c43c936d703755ca14afba29077570361fca75164a719 SHA512 4eb29386a6c2c47bebc668e68b61872eed1d136e5620d6f8971393ae7dd8d0f640257278735c76adc0c9569a315fdb929c175a2931d52d3fcc4c527ad6a975ce
-DIST openssl-3.0.1.tar.gz.asc 488 BLAKE2B 26e44d5ad4d4c986c6c03f7ddf0406efcbc0748435039c7d121a9040f7494e30ed59a639946e0fc86c43871c433e815f694f7ffa45c7709aae70ac6087b34820 SHA512 085e8734b74e58a7c345cf2170fd476e38fe0a3b6eb1a1c417bd1dab962f96a6e2256c409aa4c650bbb57228aacdc75b8a13b693ebea571932de528d7ce622d6
 DIST openssl-3.0.2.tar.gz 15038141 BLAKE2B 140c4c80a0cad89cb0059fef6a4cd421460e6af9a3973f7a3eb5e39f64c0d44794d46e7a869e5235fced139f2249351e37a9ee5ebaa17f2708d63141ebebf919 SHA512 f986850d5be908b4d6b5fd7091bc4652d7378c9bccebfbc5becd7753843c04c1eb61a1749c432139d263dfac33df0b1f6c773664b485cad47542266823a4eb03
 DIST openssl-3.0.2.tar.gz.asc 488 BLAKE2B 2f6482114271c4f512159fa159486a3b3470637d770cd1614fda004918d06ed9ab562e655d1580d2ebb05745ec72987488c2161b72d078017cc157003d4205da SHA512 4303391a58107c76ad9b05510f5bfc95f687f4cb2f9ff5b03fb262ba99b573423ab83f0437471199954496799b343191b889ad9ef8fabdd7ee4ec3ec9b5f1d81

diff --git a/dev-libs/openssl/openssl-1.1.1k-r1.ebuild b/dev-libs/openssl/openssl-1.1.1k-r1.ebuild
deleted file mode 100644
index a4186f363f17..000000000000
--- a/dev-libs/openssl/openssl-1.1.1k-r1.ebuild
+++ /dev/null
@@ -1,328 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib-minimal
-
-MY_P=${P/_/-}
-
-# This patch set is based on the following files from Fedora 31,
-# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
-# for more details:
-# - hobble-openssl (SOURCE1)
-# - ec_curve.c (SOURCE12) -- MODIFIED
-# - ectest.c (SOURCE13)
-# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
-BINDIST_PATCH_SET="openssl-1.1.1i-bindist-1.0.tar.xz"
-
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	bindist? (
-		mirror://gentoo/${BINDIST_PATCH_SET}
-		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
-	)"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-[[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
-IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
-RESTRICT="!bindist? ( bindist )
-	!test? ( test )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-)
-
-S="${WORKDIR}/${MY_P}"
-
-# force upgrade to prevent broken login, bug 696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl don't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	if use bindist; then
-		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
-		bash "${WORKDIR}"/hobble-openssl || die
-
-		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
-
-		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
-
-		local known_failing_test
-		for known_failing_test in \
-			30-test_evp_extra.t \
-			80-test_ssl_new.t \
-		; do
-			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
-			rm test/recipes/${known_failing_test} || die
-			eend $?
-		done
-
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user #332661
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
-		rm test/recipes/80-test_ssl_new.t || die
-		eend $?
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		$(use_ssl !bindist sm2) \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl sslv3 ssl3-method) \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-compression zlib) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.1l-r1.ebuild b/dev-libs/openssl/openssl-1.1.1l-r1.ebuild
deleted file mode 100644
index 502560ef65a1..000000000000
--- a/dev-libs/openssl/openssl-1.1.1l-r1.ebuild
+++ /dev/null
@@ -1,279 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib-minimal
-
-MY_P=${P/_/-}
-
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-[[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
-RESTRICT="!test? ( test )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-)
-
-S="${WORKDIR}/${MY_P}"
-
-# force upgrade to prevent broken login, bug 696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl don't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user #332661
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
-		rm test/recipes/80-test_ssl_new.t || die
-		eend $?
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	# echo "__uint128_t i;" > "${T}"/128.c
-	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	# fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		enable-ec2m \
-		enable-sm2 \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl sslv3 ssl3-method) \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-compression zlib) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.1l.ebuild b/dev-libs/openssl/openssl-1.1.1l.ebuild
deleted file mode 100644
index a4186f363f17..000000000000
--- a/dev-libs/openssl/openssl-1.1.1l.ebuild
+++ /dev/null
@@ -1,328 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib-minimal
-
-MY_P=${P/_/-}
-
-# This patch set is based on the following files from Fedora 31,
-# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
-# for more details:
-# - hobble-openssl (SOURCE1)
-# - ec_curve.c (SOURCE12) -- MODIFIED
-# - ectest.c (SOURCE13)
-# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
-BINDIST_PATCH_SET="openssl-1.1.1i-bindist-1.0.tar.xz"
-
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	bindist? (
-		mirror://gentoo/${BINDIST_PATCH_SET}
-		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
-	)"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-[[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
-IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
-RESTRICT="!bindist? ( bindist )
-	!test? ( test )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-)
-
-S="${WORKDIR}/${MY_P}"
-
-# force upgrade to prevent broken login, bug 696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl don't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	if use bindist; then
-		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
-		bash "${WORKDIR}"/hobble-openssl || die
-
-		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
-
-		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
-
-		local known_failing_test
-		for known_failing_test in \
-			30-test_evp_extra.t \
-			80-test_ssl_new.t \
-		; do
-			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
-			rm test/recipes/${known_failing_test} || die
-			eend $?
-		done
-
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user #332661
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
-		rm test/recipes/80-test_ssl_new.t || die
-		eend $?
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		$(use_ssl !bindist sm2) \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl sslv3 ssl3-method) \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-compression zlib) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.1m.ebuild b/dev-libs/openssl/openssl-1.1.1m.ebuild
deleted file mode 100644
index c5999a3fb88c..000000000000
--- a/dev-libs/openssl/openssl-1.1.1m.ebuild
+++ /dev/null
@@ -1,294 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib-minimal
-
-MY_P=${P/_/-}
-
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-[[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
-RESTRICT="!test? ( test )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		kernel_linux? ( sys-process/procps )
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-)
-
-S="${WORKDIR}/${MY_P}"
-
-# force upgrade to prevent broken login, bug 696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl don't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user #332661
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
-		rm test/recipes/80-test_ssl_new.t || die
-		eend $?
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
-		# use GNU ld full option, not to confuse it on Solaris
-		sed -i \
-			-e 's/-Wl,-M,/-Wl,--version-script=/' \
-			-e 's/-Wl,-h,/-Wl,--soname=/' \
-			Configurations/10-main.conf || die
-
-		# fix building on Solaris 10
-		# https://github.com/openssl/openssl/issues/6333
-		sed -i \
-			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
-			Configurations/10-main.conf || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	# echo "__uint128_t i;" > "${T}"/128.c
-	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	# fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		enable-ec2m \
-		enable-sm2 \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl sslv3 ssl3-method) \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-compression zlib) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-3.0.0.ebuild b/dev-libs/openssl/openssl-3.0.0.ebuild
deleted file mode 100644
index a42efd8d9f4e..000000000000
--- a/dev-libs/openssl/openssl-3.0.0.ebuild
+++ /dev/null
@@ -1,296 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic linux-info toolchain-funcs multilib-minimal verify-sig
-
-MY_P=${P/_/-}
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-if [[ ${PV} == "9999" ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-fi
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	>=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( sec-keys/openpgp-keys-openssl )"
-
-DEPEND="${COMMON_DEPEND}"
-
-RDEPEND="${COMMON_DEPEND}"
-
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl don't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	local myeconfargs=(
-		${sslout}
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use_ssl tls-compression zlib)
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= echoit \
-		./${config} \
-		"${myeconfargs[@]}" \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile \
-		|| die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]] ; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m} || die
-
-		# locate any symlinks that point to this man page ...
-		# we assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-3.0.1.ebuild b/dev-libs/openssl/openssl-3.0.1.ebuild
deleted file mode 100644
index 81ca32b7cb63..000000000000
--- a/dev-libs/openssl/openssl-3.0.1.ebuild
+++ /dev/null
@@ -1,297 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic linux-info toolchain-funcs multilib-minimal verify-sig
-
-MY_P=${P/_/-}
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-if [[ ${PV} == "9999" ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-fi
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	>=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( sec-keys/openpgp-keys-openssl )"
-
-DEPEND="${COMMON_DEPEND}"
-
-RDEPEND="${COMMON_DEPEND}"
-
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl don't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	local myeconfargs=(
-		${sslout}
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use_ssl tls-compression zlib)
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= echoit \
-		./${config} \
-		"${myeconfargs[@]}" \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile \
-		|| die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]] ; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m} || die
-
-		# locate any symlinks that point to this man page ...
-		# we assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     ce66429a7a58f0745e56644fa9f88d68a9edcdee
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 11 00:39:54 2022 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Apr 11 00:45:02 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce66429a

dev-libs/openssl: add 'weak-ssl-ciphers' USE flag

Closes: https://bugs.gentoo.org/723056
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/metadata.xml          | 1 +
 dev-libs/openssl/openssl-1.1.1n.ebuild | 3 ++-
 dev-libs/openssl/openssl-3.0.2.ebuild  | 3 ++-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml
index e0b7df73655d..7aeb3cfc9e34 100644
--- a/dev-libs/openssl/metadata.xml
+++ b/dev-libs/openssl/metadata.xml
@@ -15,6 +15,7 @@
  <flag name="sslv3">Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https</flag>
  <flag name="tls-compression">Enable support for discouraged TLS compression</flag>
  <flag name="tls-heartbeat">Enable the Heartbeat Extension in TLS and DTLS</flag>
+ <flag name="weak-ssl-ciphers">Build support for SSL/TLS ciphers that are considered "weak"</flag>
 </use>
 <upstream>
  <remote-id type="cpe">cpe:/a:openssl:openssl</remote-id>

diff --git a/dev-libs/openssl/openssl-1.1.1n.ebuild b/dev-libs/openssl/openssl-1.1.1n.ebuild
index af9f45ed046c..5a7d16cfa51b 100644
--- a/dev-libs/openssl/openssl-1.1.1n.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1n.ebuild
@@ -17,7 +17,7 @@ LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
 KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig"
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
@@ -193,6 +193,7 @@ multilib_src_configure() {
 		$(use_ssl sctp) \
 		$(use_ssl tls-compression zlib) \
 		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl weak-ssl-ciphers) \
 		--prefix="${EPREFIX}"/usr \
 		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
 		--libdir=$(get_libdir) \

diff --git a/dev-libs/openssl/openssl-3.0.2.ebuild b/dev-libs/openssl/openssl-3.0.2.ebuild
index a42efd8d9f4e..2ef0aaed3200 100644
--- a/dev-libs/openssl/openssl-3.0.2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.2.ebuild
@@ -24,7 +24,7 @@ fi
 LICENSE="Apache-2.0"
 SLOT="0/3" # .so version of libssl/libcrypto
 
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig"
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 
 COMMON_DEPEND="
@@ -180,6 +180,7 @@ multilib_src_configure() {
 		$(use_ssl rfc3779)
 		$(use_ssl sctp)
 		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
 		--prefix="${EPREFIX}"/usr
 		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
 		--libdir=$(get_libdir)

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jakov Smolić]

commit:     c79cf1c42de6d25f9ae077b70966e75f31286d33
Author:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 23 09:57:33 2022 +0000
Commit:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
CommitDate: Wed Mar 23 09:57:33 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c79cf1c4

dev-libs/openssl: Stabilize 1.1.1n arm64, #835348

Signed-off-by: Jakov Smolić <jsmolic <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1n.ebuild b/dev-libs/openssl/openssl-1.1.1n.ebuild
index 57dee5fb869d..af9f45ed046c 100644
--- a/dev-libs/openssl/openssl-1.1.1n.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1n.ebuild
@@ -16,7 +16,7 @@ VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     e74bab7ef2b5b154d8dec98eaef514485c5fe902
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 19 19:20:59 2022 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sat Mar 19 19:20:59 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e74bab7e

dev-libs/openssl: x86 stable wrt bug #835348

Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1n.ebuild b/dev-libs/openssl/openssl-1.1.1n.ebuild
index 1604d299afa2..57dee5fb869d 100644
--- a/dev-libs/openssl/openssl-1.1.1n.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1n.ebuild
@@ -16,7 +16,7 @@ VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     6033a0b6fa7b6e9c09f407473045cd7d94b30fe9
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 17 02:13:01 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 17 02:13:01 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6033a0b6

dev-libs/openssl: Stabilize 1.1.1n arm, #835348

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1n.ebuild b/dev-libs/openssl/openssl-1.1.1n.ebuild
index ff417a4c6d54..1604d299afa2 100644
--- a/dev-libs/openssl/openssl-1.1.1n.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1n.ebuild
@@ -16,7 +16,7 @@ VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     1e86314e4bb3d1b1fa73ecc9436eb63e875cfd28
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 16 23:51:39 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Mar 16 23:51:39 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e86314e

dev-libs/openssl: Stabilize 1.1.1n ppc, #835348

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1n.ebuild b/dev-libs/openssl/openssl-1.1.1n.ebuild
index 1352a7ccc3de..ff417a4c6d54 100644
--- a/dev-libs/openssl/openssl-1.1.1n.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1n.ebuild
@@ -16,7 +16,7 @@ VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     b40485ad20a285306822ecea05434b69949f9e51
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 16 23:49:40 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Mar 16 23:49:40 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b40485ad

dev-libs/openssl: Stabilize 1.1.1n ppc64, #835348

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1n.ebuild b/dev-libs/openssl/openssl-1.1.1n.ebuild
index be43607af0ab..1352a7ccc3de 100644
--- a/dev-libs/openssl/openssl-1.1.1n.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1n.ebuild
@@ -16,7 +16,7 @@ VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     345c23162665a23cf8f94868379c6c15289e1161
Author:     Jonathan Davies <jpds <AT> protonmail <DOT> com>
AuthorDate: Wed Mar 16 16:18:54 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Mar 16 17:06:22 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=345c2316

dev-libs/openssl: Added verify-sig integration.

Signed-off-by: Jonathan Davies <jpds <AT> protonmail.com>
Closes: https://github.com/gentoo/gentoo/pull/24608
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest              |  4 ++++
 dev-libs/openssl/openssl-1.1.1n.ebuild | 11 +++++++----
 dev-libs/openssl/openssl-3.0.0.ebuild  | 11 +++++++----
 dev-libs/openssl/openssl-3.0.1.ebuild  | 10 +++++++---
 dev-libs/openssl/openssl-3.0.2.ebuild  | 11 +++++++----
 5 files changed, 32 insertions(+), 15 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 538094f696fe..075df27bb2d6 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -6,6 +6,10 @@ DIST openssl-1.1.1k.tar.gz 9823400 BLAKE2B e9bd90f17bc819c4960d07bbee04346e8a7ad
 DIST openssl-1.1.1l.tar.gz 9834044 BLAKE2B 9e8739015db63a013c05587e3d164d67c3f65f1f6c5fc75e4592bcd038c036cde88a7bc95fbc1f1b4ed876f6124ca4dabcd4f5dbb45d1b84299f2efe1a59431a SHA512 d9611f393e37577cca05004531388d3e0ebbf714894cab9f95f4903909cd4f45c214faab664c0cbc3ad3cca309d500b9e6d0ecbf9a0a0588d1677dc6b047f9e0
 DIST openssl-1.1.1m.tar.gz 9847315 BLAKE2B 163262933df11afdb7b0c58fbbf0454b05e02951d28ed24e2c530affa18dee884d86555f7314506852ebfcc092bb509b6f9cd33893e30dab67bfb6f5713946eb SHA512 ba0ef99b321546c13385966e4a607734df38b96f6ed45c4c67063a5f8d1482986855279797a6920d9f86c2ec31ce3e104dcc62c37328caacdd78aec59aa66156
 DIST openssl-1.1.1n.tar.gz 9850712 BLAKE2B af530258d9f7ca4f1bd1c6c344eb385e766e465c9341dd08797676165f67bbb82d3fd549ed7559dc12fb8c9c4db5e04fa6ec7ab729ec1467f5e8bce469ff5398 SHA512 1937796736613dcf4105a54e42ecb61f95a1cea74677156f9459aea0f2c95159359e766089632bf364ee6b0d28d661eb9957bce8fecc9d2436378d8d79e8d0a4
+DIST openssl-1.1.1n.tar.gz.asc 488 BLAKE2B 8fc18fdc884473dc4c243499cc3528691a9ecc184e39e8d942450d41c42d22a96398036ae804af23c4f28d082c62f5babaa275ceb2e13b33b5acfd59a802c186 SHA512 24abc3d187cabed830dcd3189a34c2dc29e0b8013a607011a0e85cc68f0ec48c1de14a005053a4de3a4013cfa9658016ac65cfb8cfac58da55231371926beeda
 DIST openssl-3.0.0.tar.gz 14978663 BLAKE2B 64721ee958fc47d57a479dffff91be5692d80d10a6727d804f8a9da66fcaea799b67fda8987f9ecdfb2777ec42033c5e8a6a135e30784d6422eb3c65e676abe6 SHA512 1fdf769ef69631eb802671a9e0bb3a01883d58282f651986212983c2d7c9d3499dabe99a6dee0411e997e6fcfa6f682b121b7698596de0d6c78850c2200241b1
+DIST openssl-3.0.0.tar.gz.asc 833 BLAKE2B df0dac703a5259bb312e4e2a9cb81d061331e69426633097354dbcc0658345f6723eaddf74303d97bb3d849bc93f07ecdaad0fd807ab9272e01a419e8f1f4abb SHA512 b51d3ec06b5d7bc7ff7297a6530154ff718b288e7daafa28cff1ca8396de229090e8addaf63da2322b0b17f51be8fa114ddc71da2dcd118b7d7d1bdc73b6f46e
 DIST openssl-3.0.1.tar.gz 15011207 BLAKE2B ea1e560cbebbd3fdb560cbd7db518db2f95d1b7a8397435483829eda815e9f74a175693949c3d013205c43c936d703755ca14afba29077570361fca75164a719 SHA512 4eb29386a6c2c47bebc668e68b61872eed1d136e5620d6f8971393ae7dd8d0f640257278735c76adc0c9569a315fdb929c175a2931d52d3fcc4c527ad6a975ce
+DIST openssl-3.0.1.tar.gz.asc 488 BLAKE2B 26e44d5ad4d4c986c6c03f7ddf0406efcbc0748435039c7d121a9040f7494e30ed59a639946e0fc86c43871c433e815f694f7ffa45c7709aae70ac6087b34820 SHA512 085e8734b74e58a7c345cf2170fd476e38fe0a3b6eb1a1c417bd1dab962f96a6e2256c409aa4c650bbb57228aacdc75b8a13b693ebea571932de528d7ce622d6
 DIST openssl-3.0.2.tar.gz 15038141 BLAKE2B 140c4c80a0cad89cb0059fef6a4cd421460e6af9a3973f7a3eb5e39f64c0d44794d46e7a869e5235fced139f2249351e37a9ee5ebaa17f2708d63141ebebf919 SHA512 f986850d5be908b4d6b5fd7091bc4652d7378c9bccebfbc5becd7753843c04c1eb61a1749c432139d263dfac33df0b1f6c773664b485cad47542266823a4eb03
+DIST openssl-3.0.2.tar.gz.asc 488 BLAKE2B 2f6482114271c4f512159fa159486a3b3470637d770cd1614fda004918d06ed9ab562e655d1580d2ebb05745ec72987488c2161b72d078017cc157003d4205da SHA512 4303391a58107c76ad9b05510f5bfc95f687f4cb2f9ff5b03fb262ba99b573423ab83f0437471199954496799b343191b889ad9ef8fabdd7ee4ec3ec9b5f1d81

diff --git a/dev-libs/openssl/openssl-1.1.1n.ebuild b/dev-libs/openssl/openssl-1.1.1n.ebuild
index 9822e71b0267..be43607af0ab 100644
--- a/dev-libs/openssl/openssl-1.1.1n.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1n.ebuild
@@ -3,19 +3,21 @@
 
 EAPI="7"
 
-inherit flag-o-matic toolchain-funcs multilib-minimal
+inherit flag-o-matic toolchain-funcs multilib-minimal verify-sig
 
 MY_P=${P/_/-}
 
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
 HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
 KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig"
 RESTRICT="!test? ( test )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
@@ -28,7 +30,8 @@ BDEPEND="
 		sys-apps/diffutils
 		sys-devel/bc
 		kernel_linux? ( sys-process/procps )
-	)"
+	)
+	verify-sig? ( sec-keys/openpgp-keys-openssl )"
 PDEPEND="app-misc/ca-certificates"
 
 PATCHES=(

diff --git a/dev-libs/openssl/openssl-3.0.0.ebuild b/dev-libs/openssl/openssl-3.0.0.ebuild
index e52ca896a3a6..a42efd8d9f4e 100644
--- a/dev-libs/openssl/openssl-3.0.0.ebuild
+++ b/dev-libs/openssl/openssl-3.0.0.ebuild
@@ -3,7 +3,7 @@
 
 EAPI="7"
 
-inherit flag-o-matic linux-info toolchain-funcs multilib-minimal
+inherit flag-o-matic linux-info toolchain-funcs multilib-minimal verify-sig
 
 MY_P=${P/_/-}
 
@@ -15,14 +15,16 @@ if [[ ${PV} == "9999" ]] ; then
 
 	inherit git-r3
 else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
 fi
 
 LICENSE="Apache-2.0"
 SLOT="0/3" # .so version of libssl/libcrypto
 
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla"
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig"
 RESTRICT="!test? ( test )"
 
 COMMON_DEPEND="
@@ -37,7 +39,8 @@ BDEPEND="
 		sys-apps/diffutils
 		sys-devel/bc
 		sys-process/procps
-	)"
+	)
+	verify-sig? ( sec-keys/openpgp-keys-openssl )"
 
 DEPEND="${COMMON_DEPEND}"
 

diff --git a/dev-libs/openssl/openssl-3.0.1.ebuild b/dev-libs/openssl/openssl-3.0.1.ebuild
index e52ca896a3a6..81ca32b7cb63 100644
--- a/dev-libs/openssl/openssl-3.0.1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.1.ebuild
@@ -3,7 +3,7 @@
 
 EAPI="7"
 
-inherit flag-o-matic linux-info toolchain-funcs multilib-minimal
+inherit flag-o-matic linux-info toolchain-funcs multilib-minimal verify-sig
 
 MY_P=${P/_/-}
 
@@ -16,13 +16,16 @@ if [[ ${PV} == "9999" ]] ; then
 	inherit git-r3
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
 fi
 
 LICENSE="Apache-2.0"
 SLOT="0/3" # .so version of libssl/libcrypto
 
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla"
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig"
 RESTRICT="!test? ( test )"
 
 COMMON_DEPEND="
@@ -37,7 +40,8 @@ BDEPEND="
 		sys-apps/diffutils
 		sys-devel/bc
 		sys-process/procps
-	)"
+	)
+	verify-sig? ( sec-keys/openpgp-keys-openssl )"
 
 DEPEND="${COMMON_DEPEND}"
 

diff --git a/dev-libs/openssl/openssl-3.0.2.ebuild b/dev-libs/openssl/openssl-3.0.2.ebuild
index e52ca896a3a6..a42efd8d9f4e 100644
--- a/dev-libs/openssl/openssl-3.0.2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.2.ebuild
@@ -3,7 +3,7 @@
 
 EAPI="7"
 
-inherit flag-o-matic linux-info toolchain-funcs multilib-minimal
+inherit flag-o-matic linux-info toolchain-funcs multilib-minimal verify-sig
 
 MY_P=${P/_/-}
 
@@ -15,14 +15,16 @@ if [[ ${PV} == "9999" ]] ; then
 
 	inherit git-r3
 else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+	VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
 	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
 fi
 
 LICENSE="Apache-2.0"
 SLOT="0/3" # .so version of libssl/libcrypto
 
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla"
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig"
 RESTRICT="!test? ( test )"
 
 COMMON_DEPEND="
@@ -37,7 +39,8 @@ BDEPEND="
 		sys-apps/diffutils
 		sys-devel/bc
 		sys-process/procps
-	)"
+	)
+	verify-sig? ( sec-keys/openpgp-keys-openssl )"
 
 DEPEND="${COMMON_DEPEND}"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     65579e9616af17760f565c138b2f5d08ea80c19a
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Wed Mar 16 15:08:38 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Mar 16 15:17:30 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65579e96

dev-libs/openssl: stable 1.1.1n for sparc, bug #835348

Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1n.ebuild b/dev-libs/openssl/openssl-1.1.1n.ebuild
index ed4ef97e6a62..f785bf8b41b7 100644
--- a/dev-libs/openssl/openssl-1.1.1n.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1n.ebuild
@@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     a4b93f3fe436b59f0b0b5adebf2aa695690d5fba
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Wed Mar 16 15:13:28 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Mar 16 15:17:42 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a4b93f3f

dev-libs/openssl: stable 1.1.1n for hppa/sparc, bug #835348

Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="hppa sparc"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1n.ebuild b/dev-libs/openssl/openssl-1.1.1n.ebuild
index f785bf8b41b7..9822e71b0267 100644
--- a/dev-libs/openssl/openssl-1.1.1n.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1n.ebuild
@@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     eadd928d278da7cd057c283269c91fbf6a5c60dc
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 15 17:34:35 2022 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue Mar 15 17:34:49 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eadd928d

dev-libs/openssl: Stabilize 1.1.1n on amd64 (bug #835343)

Bug: https://bugs.gentoo.org/835343
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1n.ebuild b/dev-libs/openssl/openssl-1.1.1n.ebuild
index 397cea96f3c9..ed4ef97e6a62 100644
--- a/dev-libs/openssl/openssl-1.1.1n.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1n.ebuild
@@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     c159d820eb8b1f3e16165b718edd935c98e003b7
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 15 17:31:25 2022 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue Mar 15 17:31:39 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c159d820

dev-libs/openssl: Version bumps to 1.1.1n and 3.0.2

Bug: https://bugs.gentoo.org/835343
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.1.1n.ebuild | 294 +++++++++++++++++++++++++++++++++
 dev-libs/openssl/openssl-3.0.2.ebuild  | 293 ++++++++++++++++++++++++++++++++
 3 files changed, 589 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 7a88c27fa7f3..538094f696fe 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -5,5 +5,7 @@ DIST openssl-1.1.1i-bindist-1.0.tar.xz 18124 BLAKE2B bcbce700676d1d61498ac98281b
 DIST openssl-1.1.1k.tar.gz 9823400 BLAKE2B e9bd90f17bc819c4960d07bbee04346e8a7adb87a764a09d033ef76f1d638c67b180c4f2beb84ec25fbff54ccc9c14c13b9b16a27cac231a5dd22b02635d5cec SHA512 73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121
 DIST openssl-1.1.1l.tar.gz 9834044 BLAKE2B 9e8739015db63a013c05587e3d164d67c3f65f1f6c5fc75e4592bcd038c036cde88a7bc95fbc1f1b4ed876f6124ca4dabcd4f5dbb45d1b84299f2efe1a59431a SHA512 d9611f393e37577cca05004531388d3e0ebbf714894cab9f95f4903909cd4f45c214faab664c0cbc3ad3cca309d500b9e6d0ecbf9a0a0588d1677dc6b047f9e0
 DIST openssl-1.1.1m.tar.gz 9847315 BLAKE2B 163262933df11afdb7b0c58fbbf0454b05e02951d28ed24e2c530affa18dee884d86555f7314506852ebfcc092bb509b6f9cd33893e30dab67bfb6f5713946eb SHA512 ba0ef99b321546c13385966e4a607734df38b96f6ed45c4c67063a5f8d1482986855279797a6920d9f86c2ec31ce3e104dcc62c37328caacdd78aec59aa66156
+DIST openssl-1.1.1n.tar.gz 9850712 BLAKE2B af530258d9f7ca4f1bd1c6c344eb385e766e465c9341dd08797676165f67bbb82d3fd549ed7559dc12fb8c9c4db5e04fa6ec7ab729ec1467f5e8bce469ff5398 SHA512 1937796736613dcf4105a54e42ecb61f95a1cea74677156f9459aea0f2c95159359e766089632bf364ee6b0d28d661eb9957bce8fecc9d2436378d8d79e8d0a4
 DIST openssl-3.0.0.tar.gz 14978663 BLAKE2B 64721ee958fc47d57a479dffff91be5692d80d10a6727d804f8a9da66fcaea799b67fda8987f9ecdfb2777ec42033c5e8a6a135e30784d6422eb3c65e676abe6 SHA512 1fdf769ef69631eb802671a9e0bb3a01883d58282f651986212983c2d7c9d3499dabe99a6dee0411e997e6fcfa6f682b121b7698596de0d6c78850c2200241b1
 DIST openssl-3.0.1.tar.gz 15011207 BLAKE2B ea1e560cbebbd3fdb560cbd7db518db2f95d1b7a8397435483829eda815e9f74a175693949c3d013205c43c936d703755ca14afba29077570361fca75164a719 SHA512 4eb29386a6c2c47bebc668e68b61872eed1d136e5620d6f8971393ae7dd8d0f640257278735c76adc0c9569a315fdb929c175a2931d52d3fcc4c527ad6a975ce
+DIST openssl-3.0.2.tar.gz 15038141 BLAKE2B 140c4c80a0cad89cb0059fef6a4cd421460e6af9a3973f7a3eb5e39f64c0d44794d46e7a869e5235fced139f2249351e37a9ee5ebaa17f2708d63141ebebf919 SHA512 f986850d5be908b4d6b5fd7091bc4652d7378c9bccebfbc5becd7753843c04c1eb61a1749c432139d263dfac33df0b1f6c773664b485cad47542266823a4eb03

diff --git a/dev-libs/openssl/openssl-1.1.1n.ebuild b/dev-libs/openssl/openssl-1.1.1n.ebuild
new file mode 100644
index 000000000000..397cea96f3c9
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1n.ebuild
@@ -0,0 +1,294 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib-minimal
+
+MY_P=${P/_/-}
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		kernel_linux? ( sys-process/procps )
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+)
+
+S="${WORKDIR}/${MY_P}"
+
+# force upgrade to prevent broken login, bug 696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if use test && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+		rm test/recipes/80-test_ssl_new.t || die
+		eend $?
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+		# use GNU ld full option, not to confuse it on Solaris
+		sed -i \
+			-e 's/-Wl,-M,/-Wl,--version-script=/' \
+			-e 's/-Wl,-h,/-Wl,--soname=/' \
+			Configurations/10-main.conf || die
+
+		# fix building on Solaris 10
+		# https://github.com/openssl/openssl/issues/6333
+		sed -i \
+			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
+			Configurations/10-main.conf || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	# echo "__uint128_t i;" > "${T}"/128.c
+	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	# fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		enable-ec2m \
+		enable-sm2 \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-compression zlib) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

diff --git a/dev-libs/openssl/openssl-3.0.2.ebuild b/dev-libs/openssl/openssl-3.0.2.ebuild
new file mode 100644
index 000000000000..e52ca896a3a6
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.2.ebuild
@@ -0,0 +1,293 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic linux-info toolchain-funcs multilib-minimal
+
+MY_P=${P/_/-}
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+if [[ ${PV} == "9999" ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	>=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)"
+
+DEPEND="${COMMON_DEPEND}"
+
+RDEPEND="${COMMON_DEPEND}"
+
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	local myeconfargs=(
+		${sslout}
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use_ssl tls-compression zlib)
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= echoit \
+		./${config} \
+		"${myeconfargs[@]}" \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile \
+		|| die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]] ; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m} || die
+
+		# locate any symlinks that point to this man page ...
+		# we assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jakov Smolić]

commit:     f7c40257dbb452fff75643782afd3d801b54817d
Author:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 10 09:47:45 2022 +0000
Commit:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
CommitDate: Thu Mar 10 09:47:45 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7c40257

dev-libs/openssl: Stabilize 1.1.1m arm64, #833655

Signed-off-by: Jakov Smolić <jsmolic <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1m.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1m.ebuild b/dev-libs/openssl/openssl-1.1.1m.ebuild
index 98e7d695b451..c5999a3fb88c 100644
--- a/dev-libs/openssl/openssl-1.1.1m.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1m.ebuild
@@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     707667a52e068a58ddf24bf0ee70e20045d7764a
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Wed Feb 23 05:46:37 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb 23 13:31:52 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=707667a5

dev-libs/openssl: stable 1.1.1m for hppa, bug #833655

Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1m.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1m.ebuild b/dev-libs/openssl/openssl-1.1.1m.ebuild
index c81b4ebb584b..98e7d695b451 100644
--- a/dev-libs/openssl/openssl-1.1.1m.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1m.ebuild
@@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Arthur Zamarin]

commit:     89a6c8ed38dbd8ca17c674e7ab9f6c255e23803b
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 19 10:35:31 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat Feb 19 10:35:31 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89a6c8ed

dev-libs/openssl: Stabilize 1.1.1m arm, #833655

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1m.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1m.ebuild b/dev-libs/openssl/openssl-1.1.1m.ebuild
index 47b397c4f1e5..0539cd20a0cb 100644
--- a/dev-libs/openssl/openssl-1.1.1m.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1m.ebuild
@@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     617d7b1050ce17d4c24e2e206f81c70f14d24017
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 19 02:58:31 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Feb 19 02:58:31 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=617d7b10

dev-libs/openssl: Stabilize 1.1.1m ppc64, #833655

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1m.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1m.ebuild b/dev-libs/openssl/openssl-1.1.1m.ebuild
index 647a225b4bea..47b397c4f1e5 100644
--- a/dev-libs/openssl/openssl-1.1.1m.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1m.ebuild
@@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     5c18d1f6721b6c41de852554e38be4d271901a2f
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 19 02:41:28 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Feb 19 02:41:28 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c18d1f6

dev-libs/openssl: Stabilize 1.1.1m ppc, #833655

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1m.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1m.ebuild b/dev-libs/openssl/openssl-1.1.1m.ebuild
index 2cd03530f94a..647a225b4bea 100644
--- a/dev-libs/openssl/openssl-1.1.1m.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1m.ebuild
@@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     b8dc34fea20de39908d4591db7032f2057548c16
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 19 02:26:39 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Feb 19 02:26:39 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8dc34fe

dev-libs/openssl: Stabilize 1.1.1m x86, #833655

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1m.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1m.ebuild b/dev-libs/openssl/openssl-1.1.1m.ebuild
index 397cea96f3c9..2cd03530f94a 100644
--- a/dev-libs/openssl/openssl-1.1.1m.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1m.ebuild
@@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[David Seifert]

commit:     b3059e406f3f9a7e74b1fecd5c96128fc890b94b
Author:     David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  3 23:26:05 2022 +0000
Commit:     David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Mon Jan  3 23:26:05 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b3059e40

dev-libs/openssl: remove implicit elibc_* flags

Signed-off-by: David Seifert <soap <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1k-r1.ebuild | 4 ++--
 dev-libs/openssl/openssl-1.1.1l-r1.ebuild | 4 ++--
 dev-libs/openssl/openssl-1.1.1l.ebuild    | 4 ++--
 dev-libs/openssl/openssl-1.1.1m.ebuild    | 4 ++--
 dev-libs/openssl/openssl-3.0.0.ebuild     | 4 ++--
 dev-libs/openssl/openssl-3.0.1.ebuild     | 4 ++--
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1k-r1.ebuild b/dev-libs/openssl/openssl-1.1.1k-r1.ebuild
index d07d4096d082..a4186f363f17 100644
--- a/dev-libs/openssl/openssl-1.1.1k-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1k-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -28,7 +28,7 @@ LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
 KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
+IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"
 

diff --git a/dev-libs/openssl/openssl-1.1.1l-r1.ebuild b/dev-libs/openssl/openssl-1.1.1l-r1.ebuild
index 8cd17efa4f22..502560ef65a1 100644
--- a/dev-libs/openssl/openssl-1.1.1l-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1l-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -15,7 +15,7 @@ LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
 KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
-IUSE="+asm elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!test? ( test )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1

diff --git a/dev-libs/openssl/openssl-1.1.1l.ebuild b/dev-libs/openssl/openssl-1.1.1l.ebuild
index d07d4096d082..a4186f363f17 100644
--- a/dev-libs/openssl/openssl-1.1.1l.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1l.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -28,7 +28,7 @@ LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
 KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
+IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"
 

diff --git a/dev-libs/openssl/openssl-1.1.1m.ebuild b/dev-libs/openssl/openssl-1.1.1m.ebuild
index 7e5a73877b48..397cea96f3c9 100644
--- a/dev-libs/openssl/openssl-1.1.1m.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1m.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -15,7 +15,7 @@ LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="+asm elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!test? ( test )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1

diff --git a/dev-libs/openssl/openssl-3.0.0.ebuild b/dev-libs/openssl/openssl-3.0.0.ebuild
index dad6d1b877b3..e52ca896a3a6 100644
--- a/dev-libs/openssl/openssl-3.0.0.ebuild
+++ b/dev-libs/openssl/openssl-3.0.0.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -22,7 +22,7 @@ fi
 LICENSE="Apache-2.0"
 SLOT="0/3" # .so version of libssl/libcrypto
 
-IUSE="+asm cpu_flags_x86_sse2 elibc_musl fips ktls rfc3779 sctp static-libs test tls-compression vanilla"
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla"
 RESTRICT="!test? ( test )"
 
 COMMON_DEPEND="

diff --git a/dev-libs/openssl/openssl-3.0.1.ebuild b/dev-libs/openssl/openssl-3.0.1.ebuild
index dad6d1b877b3..e52ca896a3a6 100644
--- a/dev-libs/openssl/openssl-3.0.1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -22,7 +22,7 @@ fi
 LICENSE="Apache-2.0"
 SLOT="0/3" # .so version of libssl/libcrypto
 
-IUSE="+asm cpu_flags_x86_sse2 elibc_musl fips ktls rfc3779 sctp static-libs test tls-compression vanilla"
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla"
 RESTRICT="!test? ( test )"
 
 COMMON_DEPEND="

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     1eabcbd324f54d251d54a27e8d910f6f1e74dc73
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 16 00:08:52 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 16 00:08:52 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1eabcbd3

dev-libs/openssl: Stabilize 1.1.1l-r1 ALLARCHES, #828045

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1l-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1l-r1.ebuild b/dev-libs/openssl/openssl-1.1.1l-r1.ebuild
index 3b4a73bfd284..8cd17efa4f22 100644
--- a/dev-libs/openssl/openssl-1.1.1l-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1l-r1.ebuild
@@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
 IUSE="+asm elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!test? ( test )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     79fc3e6900f1fc8f4dc49d13afa1e7fbf5e1112b
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 15 04:10:41 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Dec 15 04:14:54 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=79fc3e69

dev-libs/openssl: pull in prefix changes for 1.1.1m

Not doing 3.x for now as I imagine that'll need more
testing on Prefix anyway.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1m.ebuild | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1m.ebuild b/dev-libs/openssl/openssl-1.1.1m.ebuild
index 3b4a73bfd284..7e5a73877b48 100644
--- a/dev-libs/openssl/openssl-1.1.1m.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1m.ebuild
@@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!test? ( test )"
 
@@ -27,7 +27,7 @@ BDEPEND="
 	test? (
 		sys-apps/diffutils
 		sys-devel/bc
-		sys-process/procps
+		kernel_linux? ( sys-process/procps )
 	)"
 PDEPEND="app-misc/ca-certificates"
 
@@ -117,6 +117,21 @@ src_prepare() {
 			-e '/^$config{dirs}/s@ "test",@@' \
 			-i Configure || die
 	fi
+
+	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+		# use GNU ld full option, not to confuse it on Solaris
+		sed -i \
+			-e 's/-Wl,-M,/-Wl,--version-script=/' \
+			-e 's/-Wl,-h,/-Wl,--soname=/' \
+			Configurations/10-main.conf || die
+
+		# fix building on Solaris 10
+		# https://github.com/openssl/openssl/issues/6333
+		sed -i \
+			-e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
+			Configurations/10-main.conf || die
+	fi
+
 	# The config script does stupid stuff to prompt the user.  Kill it.
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
 	./config --test-sanity || die "I AM NOT SANE"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     8aed0d8242dfd402a4f24866c23e37740b64dcf5
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 14 17:03:27 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 14 20:42:07 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8aed0d82

dev-libs/openssl: bump to v1.1.1m

Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   1 +
 dev-libs/openssl/openssl-1.1.1m.ebuild | 279 +++++++++++++++++++++++++++++++++
 2 files changed, 280 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 857e8cec71c1..c0c4564b38c2 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -4,4 +4,5 @@ DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e
 DIST openssl-1.1.1i-bindist-1.0.tar.xz 18124 BLAKE2B bcbce700676d1d61498ac98281b7ad06f9970d91afa6bfb2c259ab7462b2554be79a1c06759bc7aaeca9948c2f5276bac2c4f42dbc6822669f863444b9913ccd SHA512 1dbb81bcb4cf7e634bb363c7e2bb2590a1fe3fcb6c3b5e377cac3c5241abd116c2a89c516be8e5fd1799ab64375a58052a4df944eeadc87b0b7785da710906d8
 DIST openssl-1.1.1k.tar.gz 9823400 BLAKE2B e9bd90f17bc819c4960d07bbee04346e8a7adb87a764a09d033ef76f1d638c67b180c4f2beb84ec25fbff54ccc9c14c13b9b16a27cac231a5dd22b02635d5cec SHA512 73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121
 DIST openssl-1.1.1l.tar.gz 9834044 BLAKE2B 9e8739015db63a013c05587e3d164d67c3f65f1f6c5fc75e4592bcd038c036cde88a7bc95fbc1f1b4ed876f6124ca4dabcd4f5dbb45d1b84299f2efe1a59431a SHA512 d9611f393e37577cca05004531388d3e0ebbf714894cab9f95f4903909cd4f45c214faab664c0cbc3ad3cca309d500b9e6d0ecbf9a0a0588d1677dc6b047f9e0
+DIST openssl-1.1.1m.tar.gz 9847315 BLAKE2B 163262933df11afdb7b0c58fbbf0454b05e02951d28ed24e2c530affa18dee884d86555f7314506852ebfcc092bb509b6f9cd33893e30dab67bfb6f5713946eb SHA512 ba0ef99b321546c13385966e4a607734df38b96f6ed45c4c67063a5f8d1482986855279797a6920d9f86c2ec31ce3e104dcc62c37328caacdd78aec59aa66156
 DIST openssl-3.0.0.tar.gz 14978663 BLAKE2B 64721ee958fc47d57a479dffff91be5692d80d10a6727d804f8a9da66fcaea799b67fda8987f9ecdfb2777ec42033c5e8a6a135e30784d6422eb3c65e676abe6 SHA512 1fdf769ef69631eb802671a9e0bb3a01883d58282f651986212983c2d7c9d3499dabe99a6dee0411e997e6fcfa6f682b121b7698596de0d6c78850c2200241b1

diff --git a/dev-libs/openssl/openssl-1.1.1m.ebuild b/dev-libs/openssl/openssl-1.1.1m.ebuild
new file mode 100644
index 000000000000..3b4a73bfd284
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1m.ebuild
@@ -0,0 +1,279 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib-minimal
+
+MY_P=${P/_/-}
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+IUSE="+asm elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+)
+
+S="${WORKDIR}/${MY_P}"
+
+# force upgrade to prevent broken login, bug 696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if use test && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+		rm test/recipes/80-test_ssl_new.t || die
+		eend $?
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	# echo "__uint128_t i;" > "${T}"/128.c
+	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	# fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		enable-ec2m \
+		enable-sm2 \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-compression zlib) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     e1451181429e11e44ff4a97fd5b38ccc65790c66
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 14 17:04:19 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 14 20:42:10 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1451181

dev-libs/openssl: bump to v3.0.1

Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   1 +
 dev-libs/openssl/openssl-3.0.1.ebuild | 293 ++++++++++++++++++++++++++++++++++
 2 files changed, 294 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index c0c4564b38c2..7a88c27fa7f3 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -6,3 +6,4 @@ DIST openssl-1.1.1k.tar.gz 9823400 BLAKE2B e9bd90f17bc819c4960d07bbee04346e8a7ad
 DIST openssl-1.1.1l.tar.gz 9834044 BLAKE2B 9e8739015db63a013c05587e3d164d67c3f65f1f6c5fc75e4592bcd038c036cde88a7bc95fbc1f1b4ed876f6124ca4dabcd4f5dbb45d1b84299f2efe1a59431a SHA512 d9611f393e37577cca05004531388d3e0ebbf714894cab9f95f4903909cd4f45c214faab664c0cbc3ad3cca309d500b9e6d0ecbf9a0a0588d1677dc6b047f9e0
 DIST openssl-1.1.1m.tar.gz 9847315 BLAKE2B 163262933df11afdb7b0c58fbbf0454b05e02951d28ed24e2c530affa18dee884d86555f7314506852ebfcc092bb509b6f9cd33893e30dab67bfb6f5713946eb SHA512 ba0ef99b321546c13385966e4a607734df38b96f6ed45c4c67063a5f8d1482986855279797a6920d9f86c2ec31ce3e104dcc62c37328caacdd78aec59aa66156
 DIST openssl-3.0.0.tar.gz 14978663 BLAKE2B 64721ee958fc47d57a479dffff91be5692d80d10a6727d804f8a9da66fcaea799b67fda8987f9ecdfb2777ec42033c5e8a6a135e30784d6422eb3c65e676abe6 SHA512 1fdf769ef69631eb802671a9e0bb3a01883d58282f651986212983c2d7c9d3499dabe99a6dee0411e997e6fcfa6f682b121b7698596de0d6c78850c2200241b1
+DIST openssl-3.0.1.tar.gz 15011207 BLAKE2B ea1e560cbebbd3fdb560cbd7db518db2f95d1b7a8397435483829eda815e9f74a175693949c3d013205c43c936d703755ca14afba29077570361fca75164a719 SHA512 4eb29386a6c2c47bebc668e68b61872eed1d136e5620d6f8971393ae7dd8d0f640257278735c76adc0c9569a315fdb929c175a2931d52d3fcc4c527ad6a975ce

diff --git a/dev-libs/openssl/openssl-3.0.1.ebuild b/dev-libs/openssl/openssl-3.0.1.ebuild
new file mode 100644
index 000000000000..dad6d1b877b3
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.1.ebuild
@@ -0,0 +1,293 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic linux-info toolchain-funcs multilib-minimal
+
+MY_P=${P/_/-}
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+if [[ ${PV} == "9999" ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+
+IUSE="+asm cpu_flags_x86_sse2 elibc_musl fips ktls rfc3779 sctp static-libs test tls-compression vanilla"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	>=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)"
+
+DEPEND="${COMMON_DEPEND}"
+
+RDEPEND="${COMMON_DEPEND}"
+
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	local myeconfargs=(
+		${sslout}
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use_ssl tls-compression zlib)
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= echoit \
+		./${config} \
+		"${myeconfargs[@]}" \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile \
+		|| die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]] ; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m} || die
+
+		# locate any symlinks that point to this man page ...
+		# we assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     fb3c5a03a2da85076439f9e52efbe478e6c1f517
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Nov  2 15:02:02 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Nov  2 15:02:02 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fb3c5a03

dev-libs/openssl: drop 3.0.0_beta2

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/Manifest                   |   1 -
 dev-libs/openssl/openssl-3.0.0_beta2.ebuild | 293 ----------------------------
 2 files changed, 294 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index d3acbb4772c..857e8cec71c 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -4,5 +4,4 @@ DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e
 DIST openssl-1.1.1i-bindist-1.0.tar.xz 18124 BLAKE2B bcbce700676d1d61498ac98281b7ad06f9970d91afa6bfb2c259ab7462b2554be79a1c06759bc7aaeca9948c2f5276bac2c4f42dbc6822669f863444b9913ccd SHA512 1dbb81bcb4cf7e634bb363c7e2bb2590a1fe3fcb6c3b5e377cac3c5241abd116c2a89c516be8e5fd1799ab64375a58052a4df944eeadc87b0b7785da710906d8
 DIST openssl-1.1.1k.tar.gz 9823400 BLAKE2B e9bd90f17bc819c4960d07bbee04346e8a7adb87a764a09d033ef76f1d638c67b180c4f2beb84ec25fbff54ccc9c14c13b9b16a27cac231a5dd22b02635d5cec SHA512 73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121
 DIST openssl-1.1.1l.tar.gz 9834044 BLAKE2B 9e8739015db63a013c05587e3d164d67c3f65f1f6c5fc75e4592bcd038c036cde88a7bc95fbc1f1b4ed876f6124ca4dabcd4f5dbb45d1b84299f2efe1a59431a SHA512 d9611f393e37577cca05004531388d3e0ebbf714894cab9f95f4903909cd4f45c214faab664c0cbc3ad3cca309d500b9e6d0ecbf9a0a0588d1677dc6b047f9e0
-DIST openssl-3.0.0-beta2.tar.gz 14912360 BLAKE2B f1180eee6561f04e778f40d3d6f9fac5645777de09d965662f00c2506da30d3c3cfa0e98a25fc668e2e1fd39b8d700d7f0fd901f80964be048cb3aaa6432a5f5 SHA512 3eb9b472429bc26a7fc5c5837e2ea496706e3c6273ba33f36bbe3dc13bf7dcf7cba08d19ce005ee9b1cecfc63de68ef86cd8d911df28c82873ee44ba5d7e253a
 DIST openssl-3.0.0.tar.gz 14978663 BLAKE2B 64721ee958fc47d57a479dffff91be5692d80d10a6727d804f8a9da66fcaea799b67fda8987f9ecdfb2777ec42033c5e8a6a135e30784d6422eb3c65e676abe6 SHA512 1fdf769ef69631eb802671a9e0bb3a01883d58282f651986212983c2d7c9d3499dabe99a6dee0411e997e6fcfa6f682b121b7698596de0d6c78850c2200241b1

diff --git a/dev-libs/openssl/openssl-3.0.0_beta2.ebuild b/dev-libs/openssl/openssl-3.0.0_beta2.ebuild
deleted file mode 100644
index 5005c8fa660..00000000000
--- a/dev-libs/openssl/openssl-3.0.0_beta2.ebuild
+++ /dev/null
@@ -1,293 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic linux-info toolchain-funcs multilib-minimal
-
-MY_P=${P/_/-}
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-if [[ ${PV} == "9999" ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-fi
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-
-IUSE="+asm cpu_flags_x86_sse2 elibc_musl ktls rfc3779 sctp static-libs test tls-compression vanilla"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	>=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-
-BDEPEND="
-	>=dev-lang/perl-5
-	dev-perl/Text-Template
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)"
-
-DEPEND="${COMMON_DEPEND}"
-
-RDEPEND="${COMMON_DEPEND}"
-
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl don't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	local myeconfargs=(
-		${sslout}
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use_ssl tls-compression zlib)
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= echoit \
-		./${config} \
-		"${myeconfargs[@]}" \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile \
-		|| die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]] ; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m} || die
-
-		# locate any symlinks that point to this man page ...
-		# we assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Robin H. Johnson]

commit:     c308ac7ab8756cef0d918e5aa0bc211308dc14a7
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 22 18:44:04 2021 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Fri Oct 22 18:44:04 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c308ac7a

dev-libs/openssl: drop USE=bindist

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1l-r1.ebuild | 279 ++++++++++++++++++++++++++++++
 1 file changed, 279 insertions(+)

diff --git a/dev-libs/openssl/openssl-1.1.1l-r1.ebuild b/dev-libs/openssl/openssl-1.1.1l-r1.ebuild
new file mode 100644
index 00000000000..3b4a73bfd28
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1l-r1.ebuild
@@ -0,0 +1,279 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib-minimal
+
+MY_P=${P/_/-}
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+IUSE="+asm elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+)
+
+S="${WORKDIR}/${MY_P}"
+
+# force upgrade to prevent broken login, bug 696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if use test && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+		rm test/recipes/80-test_ssl_new.t || die
+		eend $?
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	# echo "__uint128_t i;" > "${T}"/128.c
+	# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	# 	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	# fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		enable-ec2m \
+		enable-sm2 \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-compression zlib) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     4c25ce6f7a7a23178582c578856b3694bd1f5524
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Thu Sep 16 20:37:12 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Sep 16 21:28:26 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c25ce6f

dev-libs/openssl: stable 1.1.1l for hppa, bug #810433

Package-Manager: Portage-3.0.20, Repoman-3.0.3
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1l.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1l.ebuild b/dev-libs/openssl/openssl-1.1.1l.ebuild
index d7c7ad442da..d07d4096d08 100644
--- a/dev-libs/openssl/openssl-1.1.1l.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1l.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     9595d362c31540ec2db3a7f2e995f596a105e7ec
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Sep  7 15:55:21 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Sep  7 16:07:28 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9595d362

dev-libs/openssl: bump to v3.0.0

Package-Manager: Portage-3.0.22, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest             |   1 +
 dev-libs/openssl/openssl-3.0.0.ebuild | 292 ++++++++++++++++++++++++++++++++++
 2 files changed, 293 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 8063cf862b3..d3acbb4772c 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -5,3 +5,4 @@ DIST openssl-1.1.1i-bindist-1.0.tar.xz 18124 BLAKE2B bcbce700676d1d61498ac98281b
 DIST openssl-1.1.1k.tar.gz 9823400 BLAKE2B e9bd90f17bc819c4960d07bbee04346e8a7adb87a764a09d033ef76f1d638c67b180c4f2beb84ec25fbff54ccc9c14c13b9b16a27cac231a5dd22b02635d5cec SHA512 73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121
 DIST openssl-1.1.1l.tar.gz 9834044 BLAKE2B 9e8739015db63a013c05587e3d164d67c3f65f1f6c5fc75e4592bcd038c036cde88a7bc95fbc1f1b4ed876f6124ca4dabcd4f5dbb45d1b84299f2efe1a59431a SHA512 d9611f393e37577cca05004531388d3e0ebbf714894cab9f95f4903909cd4f45c214faab664c0cbc3ad3cca309d500b9e6d0ecbf9a0a0588d1677dc6b047f9e0
 DIST openssl-3.0.0-beta2.tar.gz 14912360 BLAKE2B f1180eee6561f04e778f40d3d6f9fac5645777de09d965662f00c2506da30d3c3cfa0e98a25fc668e2e1fd39b8d700d7f0fd901f80964be048cb3aaa6432a5f5 SHA512 3eb9b472429bc26a7fc5c5837e2ea496706e3c6273ba33f36bbe3dc13bf7dcf7cba08d19ce005ee9b1cecfc63de68ef86cd8d911df28c82873ee44ba5d7e253a
+DIST openssl-3.0.0.tar.gz 14978663 BLAKE2B 64721ee958fc47d57a479dffff91be5692d80d10a6727d804f8a9da66fcaea799b67fda8987f9ecdfb2777ec42033c5e8a6a135e30784d6422eb3c65e676abe6 SHA512 1fdf769ef69631eb802671a9e0bb3a01883d58282f651986212983c2d7c9d3499dabe99a6dee0411e997e6fcfa6f682b121b7698596de0d6c78850c2200241b1

diff --git a/dev-libs/openssl/openssl-3.0.0.ebuild b/dev-libs/openssl/openssl-3.0.0.ebuild
new file mode 100644
index 00000000000..c7bab83b760
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.0.ebuild
@@ -0,0 +1,292 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic linux-info toolchain-funcs multilib-minimal
+
+MY_P=${P/_/-}
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+if [[ ${PV} == "9999" ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+
+IUSE="+asm cpu_flags_x86_sse2 elibc_musl ktls rfc3779 sctp static-libs test tls-compression vanilla"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	>=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)"
+
+DEPEND="${COMMON_DEPEND}"
+
+RDEPEND="${COMMON_DEPEND}"
+
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	local myeconfargs=(
+		${sslout}
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use_ssl tls-compression zlib)
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= echoit \
+		./${config} \
+		"${myeconfargs[@]}" \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile \
+		|| die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]] ; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m} || die
+
+		# locate any symlinks that point to this man page ...
+		# we assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     15a0806a88671d7641ac6a3f3a1931eb0a7ad4a1
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  1 18:29:15 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Sep  1 18:31:20 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15a0806a

dev-libs/openssl: Stabilize 1.1.1l arm, #810433

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1l.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1l.ebuild b/dev-libs/openssl/openssl-1.1.1l.ebuild
index 54026e0f46c..644608b0611 100644
--- a/dev-libs/openssl/openssl-1.1.1l.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1l.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     7885b5793ecb2fe678dd0f55b32cae928652bc48
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  1 09:32:33 2021 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Sep  1 09:32:33 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7885b579

dev-libs/openssl: ppc64 stable wrt bug #810433

Package-Manager: Portage-3.0.20, Repoman-3.0.2
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1l.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1l.ebuild b/dev-libs/openssl/openssl-1.1.1l.ebuild
index 686b4993ff0..54026e0f46c 100644
--- a/dev-libs/openssl/openssl-1.1.1l.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1l.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     c41ec930010c37e22b538c7039d58fea7f16b12b
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  1 09:31:51 2021 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Sep  1 09:31:51 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c41ec930

dev-libs/openssl: ppc stable wrt bug #810433

Package-Manager: Portage-3.0.20, Repoman-3.0.2
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1l.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1l.ebuild b/dev-libs/openssl/openssl-1.1.1l.ebuild
index a37dd201e16..686b4993ff0 100644
--- a/dev-libs/openssl/openssl-1.1.1l.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1l.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     fe6659adf0608a2091402972059951bf8802a673
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Thu Aug 26 20:18:09 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Aug 26 20:36:11 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe6659ad

dev-libs/openssl: stable 1.1.1l for sparc, bug #810433

Package-Manager: Portage-3.0.20, Repoman-3.0.3
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1l.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1l.ebuild b/dev-libs/openssl/openssl-1.1.1l.ebuild
index 8317d5df770..a37dd201e16 100644
--- a/dev-libs/openssl/openssl-1.1.1l.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1l.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     eebab8de7d5d218bc534cde75d0fa907317bb8c5
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 26 19:51:49 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Aug 26 19:51:49 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eebab8de

dev-libs/openssl: Stabilize 1.1.1l x86, #810433

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1l.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1l.ebuild b/dev-libs/openssl/openssl-1.1.1l.ebuild
index 08826a65093..8317d5df770 100644
--- a/dev-libs/openssl/openssl-1.1.1l.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1l.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     a2cc71bcf80de42b82bf0b5817273b1bbf880f47
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 26 19:51:45 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Aug 26 19:51:45 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2cc71bc

dev-libs/openssl: Stabilize 1.1.1l amd64, #810433

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1l.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1l.ebuild b/dev-libs/openssl/openssl-1.1.1l.ebuild
index 40abe5cb2d8..08826a65093 100644
--- a/dev-libs/openssl/openssl-1.1.1l.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1l.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     d077679d20fcedb1af74ec9bcff3bc760acded09
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 24 14:24:02 2021 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Aug 24 14:24:02 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d077679d

dev-libs/openssl: Bump to version 1.1.1l

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   1 +
 dev-libs/openssl/openssl-1.1.1l.ebuild | 328 +++++++++++++++++++++++++++++++++
 2 files changed, 329 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index fa78265a279..f6f3fd887e6 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -3,5 +3,6 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1i-bindist-1.0.tar.xz 18124 BLAKE2B bcbce700676d1d61498ac98281b7ad06f9970d91afa6bfb2c259ab7462b2554be79a1c06759bc7aaeca9948c2f5276bac2c4f42dbc6822669f863444b9913ccd SHA512 1dbb81bcb4cf7e634bb363c7e2bb2590a1fe3fcb6c3b5e377cac3c5241abd116c2a89c516be8e5fd1799ab64375a58052a4df944eeadc87b0b7785da710906d8
 DIST openssl-1.1.1k.tar.gz 9823400 BLAKE2B e9bd90f17bc819c4960d07bbee04346e8a7adb87a764a09d033ef76f1d638c67b180c4f2beb84ec25fbff54ccc9c14c13b9b16a27cac231a5dd22b02635d5cec SHA512 73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121
+DIST openssl-1.1.1l.tar.gz 9834044 BLAKE2B 9e8739015db63a013c05587e3d164d67c3f65f1f6c5fc75e4592bcd038c036cde88a7bc95fbc1f1b4ed876f6124ca4dabcd4f5dbb45d1b84299f2efe1a59431a SHA512 d9611f393e37577cca05004531388d3e0ebbf714894cab9f95f4903909cd4f45c214faab664c0cbc3ad3cca309d500b9e6d0ecbf9a0a0588d1677dc6b047f9e0
 DIST openssl-3.0.0-beta1.tar.gz 14878832 BLAKE2B a2c8d8cbb226803e78ff00fcbee355f41da90275830714e8c0aea532309ef0b98c27f6796119e2942387a9e92afd917d766faac7b5ea65a36326c368790b8055 SHA512 fbb650638a7ca406b0b5d1eafcef0ca431172c8b255adaf7575325d9c1545dfdacf8e9550b8bec4e1ec73759a02c9efbd729a07e9959932564ba81be61238d5d
 DIST openssl-3.0.0-beta2.tar.gz 14912360 BLAKE2B f1180eee6561f04e778f40d3d6f9fac5645777de09d965662f00c2506da30d3c3cfa0e98a25fc668e2e1fd39b8d700d7f0fd901f80964be048cb3aaa6432a5f5 SHA512 3eb9b472429bc26a7fc5c5837e2ea496706e3c6273ba33f36bbe3dc13bf7dcf7cba08d19ce005ee9b1cecfc63de68ef86cd8d911df28c82873ee44ba5d7e253a

diff --git a/dev-libs/openssl/openssl-1.1.1l.ebuild b/dev-libs/openssl/openssl-1.1.1l.ebuild
new file mode 100644
index 00000000000..40abe5cb2d8
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1l.ebuild
@@ -0,0 +1,328 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib-minimal
+
+MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 31,
+# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.1.1i-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+)
+
+S="${WORKDIR}/${MY_P}"
+
+# force upgrade to prevent broken login, bug 696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if use test && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		local known_failing_test
+		for known_failing_test in \
+			30-test_evp_extra.t \
+			80-test_ssl_new.t \
+		; do
+			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
+			rm test/recipes/${known_failing_test} || die
+			eend $?
+		done
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
+		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+		rm test/recipes/80-test_ssl_new.t || die
+		eend $?
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist sm2) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-compression zlib) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     88d6f9cd180585c7a44115018e3ebc614ead72b0
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 24 14:24:39 2021 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Aug 24 14:24:39 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=88d6f9cd

dev-libs/openssl: Removed old

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl/Manifest                      |   1 -
 dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild | 293 -------------------------
 2 files changed, 294 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index f6f3fd887e6..8063cf862b3 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -4,5 +4,4 @@ DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e
 DIST openssl-1.1.1i-bindist-1.0.tar.xz 18124 BLAKE2B bcbce700676d1d61498ac98281b7ad06f9970d91afa6bfb2c259ab7462b2554be79a1c06759bc7aaeca9948c2f5276bac2c4f42dbc6822669f863444b9913ccd SHA512 1dbb81bcb4cf7e634bb363c7e2bb2590a1fe3fcb6c3b5e377cac3c5241abd116c2a89c516be8e5fd1799ab64375a58052a4df944eeadc87b0b7785da710906d8
 DIST openssl-1.1.1k.tar.gz 9823400 BLAKE2B e9bd90f17bc819c4960d07bbee04346e8a7adb87a764a09d033ef76f1d638c67b180c4f2beb84ec25fbff54ccc9c14c13b9b16a27cac231a5dd22b02635d5cec SHA512 73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121
 DIST openssl-1.1.1l.tar.gz 9834044 BLAKE2B 9e8739015db63a013c05587e3d164d67c3f65f1f6c5fc75e4592bcd038c036cde88a7bc95fbc1f1b4ed876f6124ca4dabcd4f5dbb45d1b84299f2efe1a59431a SHA512 d9611f393e37577cca05004531388d3e0ebbf714894cab9f95f4903909cd4f45c214faab664c0cbc3ad3cca309d500b9e6d0ecbf9a0a0588d1677dc6b047f9e0
-DIST openssl-3.0.0-beta1.tar.gz 14878832 BLAKE2B a2c8d8cbb226803e78ff00fcbee355f41da90275830714e8c0aea532309ef0b98c27f6796119e2942387a9e92afd917d766faac7b5ea65a36326c368790b8055 SHA512 fbb650638a7ca406b0b5d1eafcef0ca431172c8b255adaf7575325d9c1545dfdacf8e9550b8bec4e1ec73759a02c9efbd729a07e9959932564ba81be61238d5d
 DIST openssl-3.0.0-beta2.tar.gz 14912360 BLAKE2B f1180eee6561f04e778f40d3d6f9fac5645777de09d965662f00c2506da30d3c3cfa0e98a25fc668e2e1fd39b8d700d7f0fd901f80964be048cb3aaa6432a5f5 SHA512 3eb9b472429bc26a7fc5c5837e2ea496706e3c6273ba33f36bbe3dc13bf7dcf7cba08d19ce005ee9b1cecfc63de68ef86cd8d911df28c82873ee44ba5d7e253a

diff --git a/dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild b/dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild
deleted file mode 100644
index 5005c8fa660..00000000000
--- a/dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild
+++ /dev/null
@@ -1,293 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic linux-info toolchain-funcs multilib-minimal
-
-MY_P=${P/_/-}
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-if [[ ${PV} == "9999" ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-fi
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-
-IUSE="+asm cpu_flags_x86_sse2 elibc_musl ktls rfc3779 sctp static-libs test tls-compression vanilla"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	>=app-misc/c_rehash-1.7-r1
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-
-BDEPEND="
-	>=dev-lang/perl-5
-	dev-perl/Text-Template
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)"
-
-DEPEND="${COMMON_DEPEND}"
-
-RDEPEND="${COMMON_DEPEND}"
-
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl don't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export AR CC CXX RANLIB RC
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	local myeconfargs=(
-		${sslout}
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use_ssl tls-compression zlib)
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-		shared
-		threads
-	)
-
-	CFLAGS= LDFLAGS= echoit \
-		./${config} \
-		"${myeconfargs[@]}" \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile \
-		|| die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]] ; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake DESTDIR="${D}" install
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m} || die
-
-		# locate any symlinks that point to this man page ...
-		# we assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     4562d26d211d43476ae99bd5ccf8509fdbce7f70
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 11 18:19:12 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Aug 11 18:19:12 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4562d26d

dev-libs/openssl: replace "has test ${FEATURES}" with "use test"

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1k-r1.ebuild      | 2 +-
 dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild | 2 +-
 dev-libs/openssl/openssl-3.0.0_beta2.ebuild    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1k-r1.ebuild b/dev-libs/openssl/openssl-1.1.1k-r1.ebuild
index 5b98e5cde55..d07d4096d08 100644
--- a/dev-libs/openssl/openssl-1.1.1k-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1k-r1.ebuild
@@ -117,7 +117,7 @@ src_prepare() {
 
 	eapply_user #332661
 
-	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
+	if use test && use sctp && has network-sandbox ${FEATURES}; then
 		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
 		rm test/recipes/80-test_ssl_new.t || die
 		eend $?

diff --git a/dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild b/dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild
index d434698778c..5005c8fa660 100644
--- a/dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild
@@ -98,7 +98,7 @@ src_prepare() {
 
 	eapply_user
 
-	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES} ; then
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
 		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
 		rm test/recipes/80-test_ssl_new.t || die
 	fi

diff --git a/dev-libs/openssl/openssl-3.0.0_beta2.ebuild b/dev-libs/openssl/openssl-3.0.0_beta2.ebuild
index d434698778c..5005c8fa660 100644
--- a/dev-libs/openssl/openssl-3.0.0_beta2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.0_beta2.ebuild
@@ -98,7 +98,7 @@ src_prepare() {
 
 	eapply_user
 
-	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES} ; then
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
 		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
 		rm test/recipes/80-test_ssl_new.t || die
 	fi

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     4adb495757c67c5e9ee168264dfe38e66fedf6fb
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 11 18:15:56 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Aug 11 18:15:56 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4adb4957

dev-libs/openssl: replace "has test ${FEATURES}" with "use test"

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1k-r1.ebuild      | 2 +-
 dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild | 2 +-
 dev-libs/openssl/openssl-3.0.0_beta2.ebuild    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1k-r1.ebuild b/dev-libs/openssl/openssl-1.1.1k-r1.ebuild
index d212bef1be7..5b98e5cde55 100644
--- a/dev-libs/openssl/openssl-1.1.1k-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1k-r1.ebuild
@@ -63,7 +63,7 @@ pkg_setup() {
 	[[ ${MERGE_TYPE} == binary ]] && return
 
 	# must check in pkg_setup; sysctl don't work with userpriv!
-	if has test ${FEATURES} && use sctp; then
+	if use test && use sctp; then
 		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
 		# if sctp.auth_enable is not enabled.
 		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)

diff --git a/dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild b/dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild
index f07fa0d1b07..d434698778c 100644
--- a/dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild
@@ -68,7 +68,7 @@ pkg_setup() {
 	[[ ${MERGE_TYPE} == binary ]] && return
 
 	# must check in pkg_setup; sysctl don't work with userpriv!
-	if has test ${FEATURES} && use sctp ; then
+	if use test && use sctp ; then
 		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
 		# if sctp.auth_enable is not enabled.
 		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)

diff --git a/dev-libs/openssl/openssl-3.0.0_beta2.ebuild b/dev-libs/openssl/openssl-3.0.0_beta2.ebuild
index f07fa0d1b07..d434698778c 100644
--- a/dev-libs/openssl/openssl-3.0.0_beta2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.0_beta2.ebuild
@@ -68,7 +68,7 @@ pkg_setup() {
 	[[ ${MERGE_TYPE} == binary ]] && return
 
 	# must check in pkg_setup; sysctl don't work with userpriv!
-	if has test ${FEATURES} && use sctp ; then
+	if use test && use sctp ; then
 		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
 		# if sctp.auth_enable is not enabled.
 		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     b755548cfa9a2c25cc1691df113441ab265585bb
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 29 15:45:52 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Jul 29 15:47:55 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b755548c

dev-libs/openssl: bump to v3.0.0 Beta 2

Package-Manager: Portage-3.0.21, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest                   |   1 +
 dev-libs/openssl/openssl-3.0.0_beta2.ebuild | 293 ++++++++++++++++++++++++++++
 2 files changed, 294 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index ca8ce6e6d73..fa78265a279 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -4,3 +4,4 @@ DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e
 DIST openssl-1.1.1i-bindist-1.0.tar.xz 18124 BLAKE2B bcbce700676d1d61498ac98281b7ad06f9970d91afa6bfb2c259ab7462b2554be79a1c06759bc7aaeca9948c2f5276bac2c4f42dbc6822669f863444b9913ccd SHA512 1dbb81bcb4cf7e634bb363c7e2bb2590a1fe3fcb6c3b5e377cac3c5241abd116c2a89c516be8e5fd1799ab64375a58052a4df944eeadc87b0b7785da710906d8
 DIST openssl-1.1.1k.tar.gz 9823400 BLAKE2B e9bd90f17bc819c4960d07bbee04346e8a7adb87a764a09d033ef76f1d638c67b180c4f2beb84ec25fbff54ccc9c14c13b9b16a27cac231a5dd22b02635d5cec SHA512 73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121
 DIST openssl-3.0.0-beta1.tar.gz 14878832 BLAKE2B a2c8d8cbb226803e78ff00fcbee355f41da90275830714e8c0aea532309ef0b98c27f6796119e2942387a9e92afd917d766faac7b5ea65a36326c368790b8055 SHA512 fbb650638a7ca406b0b5d1eafcef0ca431172c8b255adaf7575325d9c1545dfdacf8e9550b8bec4e1ec73759a02c9efbd729a07e9959932564ba81be61238d5d
+DIST openssl-3.0.0-beta2.tar.gz 14912360 BLAKE2B f1180eee6561f04e778f40d3d6f9fac5645777de09d965662f00c2506da30d3c3cfa0e98a25fc668e2e1fd39b8d700d7f0fd901f80964be048cb3aaa6432a5f5 SHA512 3eb9b472429bc26a7fc5c5837e2ea496706e3c6273ba33f36bbe3dc13bf7dcf7cba08d19ce005ee9b1cecfc63de68ef86cd8d911df28c82873ee44ba5d7e253a

diff --git a/dev-libs/openssl/openssl-3.0.0_beta2.ebuild b/dev-libs/openssl/openssl-3.0.0_beta2.ebuild
new file mode 100644
index 00000000000..f07fa0d1b07
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.0_beta2.ebuild
@@ -0,0 +1,293 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic linux-info toolchain-funcs multilib-minimal
+
+MY_P=${P/_/-}
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+if [[ ${PV} == "9999" ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+
+IUSE="+asm cpu_flags_x86_sse2 elibc_musl ktls rfc3779 sctp static-libs test tls-compression vanilla"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	>=app-misc/c_rehash-1.7-r1
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+
+BDEPEND="
+	>=dev-lang/perl-5
+	dev-perl/Text-Template
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)"
+
+DEPEND="${COMMON_DEPEND}"
+
+RDEPEND="${COMMON_DEPEND}"
+
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if has test ${FEATURES} && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user
+
+	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	local myeconfargs=(
+		${sslout}
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use_ssl tls-compression zlib)
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= echoit \
+		./${config} \
+		"${myeconfargs[@]}" \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile \
+		|| die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]] ; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m} || die
+
+		# locate any symlinks that point to this man page ...
+		# we assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     2dbf858aef6c9f91c2e988d58688360d82981798
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jul  9 13:00:07 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jul 21 12:52:00 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2dbf858a

dev-libs/openssl: rename USE=zlib to USE=tls-compression

USE=zlib is a global USE flag and probably enabled by most users.
However, in OpenSSL, zlib is used for TLS compression which allows
for attacks like CRIME vulnerability. Its usage is discouraged and
banned in TLS 1.3+.

Renaming the USE flag allows us to opt-out from globally set USE=zlib.

Package-Manager: Portage-3.0.21, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/21574
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/metadata.xml                                       | 1 +
 .../openssl/{openssl-1.0.2u.ebuild => openssl-1.0.2u-r1.ebuild}     | 6 +++---
 .../openssl/{openssl-1.1.1k.ebuild => openssl-1.1.1k-r1.ebuild}     | 6 +++---
 .../{openssl-3.0.0_beta1.ebuild => openssl-3.0.0_beta1-r1.ebuild}   | 6 +++---
 4 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml
index 44e5433a485..350be7c07b0 100644
--- a/dev-libs/openssl/metadata.xml
+++ b/dev-libs/openssl/metadata.xml
@@ -12,6 +12,7 @@
  <flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
  <flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag>
  <flag name="sslv3">Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https</flag>
+ <flag name="tls-compression">Enable support for discouraged TLS compression</flag>
  <flag name="tls-heartbeat">Enable the Heartbeat Extension in TLS and DTLS</flag>
 </use>
 <upstream>

diff --git a/dev-libs/openssl/openssl-1.0.2u.ebuild b/dev-libs/openssl/openssl-1.0.2u-r1.ebuild
similarity index 98%
rename from dev-libs/openssl/openssl-1.0.2u.ebuild
rename to dev-libs/openssl/openssl-1.0.2u-r1.ebuild
index 65c29788382..a54fa8fc1b0 100644
--- a/dev-libs/openssl/openssl-1.0.2u.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2u-r1.ebuild
@@ -38,14 +38,14 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0"
 KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test tls-compression +tls-heartbeat vanilla"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
 	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
 DEPEND="${RDEPEND}"
 BDEPEND="
 	>=dev-lang/perl-5
@@ -197,8 +197,8 @@ multilib_src_configure() {
 		$(use_ssl sctp) \
 		$(use_ssl sslv2 ssl2) \
 		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-compression zlib) \
 		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
 		--prefix="${EPREFIX}"/usr \
 		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
 		--libdir=$(get_libdir) \

diff --git a/dev-libs/openssl/openssl-1.1.1k.ebuild b/dev-libs/openssl/openssl-1.1.1k-r1.ebuild
similarity index 98%
rename from dev-libs/openssl/openssl-1.1.1k.ebuild
rename to dev-libs/openssl/openssl-1.1.1k-r1.ebuild
index 1e98af8f703..d212bef1be7 100644
--- a/dev-libs/openssl/openssl-1.1.1k.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1k-r1.ebuild
@@ -28,12 +28,12 @@ LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
 KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
 DEPEND="${RDEPEND}"
 BDEPEND="
 	>=dev-lang/perl-5
@@ -222,8 +222,8 @@ multilib_src_configure() {
 		$(use_ssl asm) \
 		$(use_ssl rfc3779) \
 		$(use_ssl sctp) \
+		$(use_ssl tls-compression zlib) \
 		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
 		--prefix="${EPREFIX}"/usr \
 		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
 		--libdir=$(get_libdir) \

diff --git a/dev-libs/openssl/openssl-3.0.0_beta1.ebuild b/dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild
similarity index 98%
rename from dev-libs/openssl/openssl-3.0.0_beta1.ebuild
rename to dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild
index 396083b136a..f07fa0d1b07 100644
--- a/dev-libs/openssl/openssl-3.0.0_beta1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild
@@ -22,12 +22,12 @@ fi
 LICENSE="Apache-2.0"
 SLOT="0/3" # .so version of libssl/libcrypto
 
-IUSE="+asm cpu_flags_x86_sse2 elibc_musl ktls rfc3779 sctp static-libs test vanilla zlib"
+IUSE="+asm cpu_flags_x86_sse2 elibc_musl ktls rfc3779 sctp static-libs test tls-compression vanilla"
 RESTRICT="!test? ( test )"
 
 COMMON_DEPEND="
 	>=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 "
 
 BDEPEND="
@@ -176,7 +176,7 @@ multilib_src_configure() {
 		$(use_ssl ktls)
 		$(use_ssl rfc3779)
 		$(use_ssl sctp)
-		$(use_ssl zlib)
+		$(use_ssl tls-compression zlib)
 		--prefix="${EPREFIX}"/usr
 		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
 		--libdir=$(get_libdir)

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     fc3bcec057d58f3bfb52112b8208ff11a51520f9
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 22 10:26:52 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jun 22 10:27:11 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc3bcec0

dev-libs/openssl: export $CXX

Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.0_beta1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.0_beta1.ebuild b/dev-libs/openssl/openssl-3.0.0_beta1.ebuild
index f5fac82dbec..396083b136a 100644
--- a/dev-libs/openssl/openssl-3.0.0_beta1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.0_beta1.ebuild
@@ -148,7 +148,7 @@ multilib_src_configure() {
 	unset SCRIPTS #312551
 	unset CROSS_COMPILE #311473
 
-	tc-export CC AR RANLIB RC
+	tc-export AR CC CXX RANLIB RC
 
 	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
 	echoit() { echo "$@" ; "$@" ; }

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     9c711272c89943e3370cfc557f1afc9fc0ebd887
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 17 16:51:14 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Jun 17 16:51:14 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c711272

dev-libs/openssl: add check for kernel TLS options

Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-3.0.0_beta1.ebuild | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-3.0.0_beta1.ebuild b/dev-libs/openssl/openssl-3.0.0_beta1.ebuild
index 1402778eb03..f5fac82dbec 100644
--- a/dev-libs/openssl/openssl-3.0.0_beta1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.0_beta1.ebuild
@@ -3,7 +3,7 @@
 
 EAPI="7"
 
-inherit flag-o-matic toolchain-funcs multilib-minimal
+inherit flag-o-matic linux-info toolchain-funcs multilib-minimal
 
 MY_P=${P/_/-}
 
@@ -53,6 +53,18 @@ MULTILIB_WRAPPED_HEADERS=(
 )
 
 pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
 	[[ ${MERGE_TYPE} == binary ]] && return
 
 	# must check in pkg_setup; sysctl don't work with userpriv!

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     842c8893492294933fc5527af41c3c9ab16d0efd
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 17 16:23:22 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Jun 17 16:27:40 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=842c8893

dev-libs/openssl: bump to v3.0.0 Beta 1

Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest                   |   1 +
 dev-libs/openssl/metadata.xml               |   1 +
 dev-libs/openssl/openssl-3.0.0_beta1.ebuild | 281 ++++++++++++++++++++++++++++
 3 files changed, 283 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 18b48a6e844..ca8ce6e6d73 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -3,3 +3,4 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1i-bindist-1.0.tar.xz 18124 BLAKE2B bcbce700676d1d61498ac98281b7ad06f9970d91afa6bfb2c259ab7462b2554be79a1c06759bc7aaeca9948c2f5276bac2c4f42dbc6822669f863444b9913ccd SHA512 1dbb81bcb4cf7e634bb363c7e2bb2590a1fe3fcb6c3b5e377cac3c5241abd116c2a89c516be8e5fd1799ab64375a58052a4df944eeadc87b0b7785da710906d8
 DIST openssl-1.1.1k.tar.gz 9823400 BLAKE2B e9bd90f17bc819c4960d07bbee04346e8a7adb87a764a09d033ef76f1d638c67b180c4f2beb84ec25fbff54ccc9c14c13b9b16a27cac231a5dd22b02635d5cec SHA512 73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121
+DIST openssl-3.0.0-beta1.tar.gz 14878832 BLAKE2B a2c8d8cbb226803e78ff00fcbee355f41da90275830714e8c0aea532309ef0b98c27f6796119e2942387a9e92afd917d766faac7b5ea65a36326c368790b8055 SHA512 fbb650638a7ca406b0b5d1eafcef0ca431172c8b255adaf7575325d9c1545dfdacf8e9550b8bec4e1ec73759a02c9efbd729a07e9959932564ba81be61238d5d

diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml
index 5ca8d93d2f6..44e5433a485 100644
--- a/dev-libs/openssl/metadata.xml
+++ b/dev-libs/openssl/metadata.xml
@@ -8,6 +8,7 @@
 <use>
  <flag name="asm">Support assembly hand optimized crypto functions (i.e. faster run time)</flag>
  <flag name="bindist">Disable/Restrict EC algorithms (as they seem to be patented) -- note: changes the ABI</flag>
+ <flag name="ktls">Enable support for Kernel implementation of TLS (kTLS)</flag>
  <flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
  <flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag>
  <flag name="sslv3">Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https</flag>

diff --git a/dev-libs/openssl/openssl-3.0.0_beta1.ebuild b/dev-libs/openssl/openssl-3.0.0_beta1.ebuild
new file mode 100644
index 00000000000..1402778eb03
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.0_beta1.ebuild
@@ -0,0 +1,281 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib-minimal
+
+MY_P=${P/_/-}
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+if [[ ${PV} == "9999" ]] ; then
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+	#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+
+IUSE="+asm cpu_flags_x86_sse2 elibc_musl ktls rfc3779 sctp static-libs test vanilla zlib"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	>=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+
+BDEPEND="
+	>=dev-lang/perl-5
+	dev-perl/Text-Template
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)"
+
+DEPEND="${COMMON_DEPEND}"
+
+RDEPEND="${COMMON_DEPEND}"
+
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if has test ${FEATURES} && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user
+
+	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	local myeconfargs=(
+		${sslout}
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use_ssl zlib)
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+		shared
+		threads
+	)
+
+	CFLAGS= LDFLAGS= echoit \
+		./${config} \
+		"${myeconfargs[@]}" \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile \
+		|| die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]] ; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+
+		[[ ${m} == openssl.1* ]] && continue
+
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+
+		mv ${d}/{,ssl-}${m} || die
+
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
+		ln -s ssl-${m} ${d}/openssl-${m} || die
+
+		# locate any symlinks that point to this man page ...
+		# we assume that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Gilbert]

commit:     0ee60b97e7f653fc0cb54ac03809c07ba6c092aa
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Jun  7 19:31:13 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Jun  7 19:31:13 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ee60b97

dev-libs/openssl: be more careful when removing static libs

Avoids removing .dll.a files necessary for linking on mingw.

Closes: https://bugs.gentoo.org/792318
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2u.ebuild | 16 +++++++++-------
 dev-libs/openssl/openssl-1.1.1k.ebuild | 16 +++++++++-------
 2 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2u.ebuild b/dev-libs/openssl/openssl-1.0.2u.ebuild
index b7b3fba6c2e..65c29788382 100644
--- a/dev-libs/openssl/openssl-1.0.2u.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2u.ebuild
@@ -248,6 +248,15 @@ multilib_src_install() {
 	fi
 
 	emake INSTALL_PREFIX="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
 }
 
 multilib_src_install_all() {
@@ -260,13 +269,6 @@ multilib_src_install_all() {
 
 	use rfc3779 && dodoc engines/ccgost/README.gost
 
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
 	# create the certs directory
 	dodir ${SSL_CNF_DIR}/certs
 	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die

diff --git a/dev-libs/openssl/openssl-1.1.1k.ebuild b/dev-libs/openssl/openssl-1.1.1k.ebuild
index 9b4eaf0e7a6..1e98af8f703 100644
--- a/dev-libs/openssl/openssl-1.1.1k.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1k.ebuild
@@ -270,6 +270,15 @@ multilib_src_install() {
 	fi
 
 	emake DESTDIR="${D}" install
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
 }
 
 multilib_src_install_all() {
@@ -279,13 +288,6 @@ multilib_src_install_all() {
 
 	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
 
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
 	# create the certs directory
 	keepdir ${SSL_CNF_DIR}/certs
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     585d8fe6342e713eddbcdc7e560f51c3721532f8
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 28 16:47:06 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Mar 28 16:47:06 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=585d8fe6

dev-libs/openssl: security cleanup

Bug: https://bugs.gentoo.org/777681
Package-Manager: Portage-3.0.17, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 -
 dev-libs/openssl/openssl-1.1.1i.ebuild | 326 ---------------------------------
 dev-libs/openssl/openssl-1.1.1j.ebuild | 326 ---------------------------------
 3 files changed, 654 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 99b5b012c20..18b48a6e844 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -2,6 +2,4 @@ DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab86433795
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1i-bindist-1.0.tar.xz 18124 BLAKE2B bcbce700676d1d61498ac98281b7ad06f9970d91afa6bfb2c259ab7462b2554be79a1c06759bc7aaeca9948c2f5276bac2c4f42dbc6822669f863444b9913ccd SHA512 1dbb81bcb4cf7e634bb363c7e2bb2590a1fe3fcb6c3b5e377cac3c5241abd116c2a89c516be8e5fd1799ab64375a58052a4df944eeadc87b0b7785da710906d8
-DIST openssl-1.1.1i.tar.gz 9808346 BLAKE2B ca98bab08e1874134da113dd0bda0583c133c7dce5b739f9601641ed2cf97894e5e13d901f0db9367aa5d7b78c552ac598aa0a3c2a3f0a438daae044e29f58d6 SHA512 fe12e0ab9e1688f24dd862ac633d0ab703b499c0f34b53c3560aa0d3879d81d647aa0678ed517dda5efb2711f669fcb1a1e0e24f6eac2efc2cf4eae6b62014d8
-DIST openssl-1.1.1j.tar.gz 9823161 BLAKE2B e5699abeca83acd82546e74a0645f2a765d51f22226f8c537d92285eb0b11e12b0a9476cbd3cb6a594e9840433d713be39884fb4dcd5c3968b36ad4f582ed23a SHA512 51e44995663b5258b0018bdc1e2b0e7e8e0cce111138ca1f80514456af920fce4e409a411ce117c0f3eb9190ac3e47c53a43f39b06acd35b7494e2bec4a607d5
 DIST openssl-1.1.1k.tar.gz 9823400 BLAKE2B e9bd90f17bc819c4960d07bbee04346e8a7adb87a764a09d033ef76f1d638c67b180c4f2beb84ec25fbff54ccc9c14c13b9b16a27cac231a5dd22b02635d5cec SHA512 73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121

diff --git a/dev-libs/openssl/openssl-1.1.1i.ebuild b/dev-libs/openssl/openssl-1.1.1i.ebuild
deleted file mode 100644
index 6c86f655c99..00000000000
--- a/dev-libs/openssl/openssl-1.1.1i.ebuild
+++ /dev/null
@@ -1,326 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-
-# This patch set is based on the following files from Fedora 31,
-# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
-# for more details:
-# - hobble-openssl (SOURCE1)
-# - ec_curve.c (SOURCE12) -- MODIFIED
-# - ectest.c (SOURCE13)
-# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
-BINDIST_PATCH_SET="openssl-1.1.1i-bindist-1.0.tar.xz"
-
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	bindist? (
-		mirror://gentoo/${BINDIST_PATCH_SET}
-		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
-	)"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-[[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )
-	!test? ( test )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-)
-
-S="${WORKDIR}/${MY_P}"
-
-# force upgrade to prevent broken login, bug 696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl don't work with userpriv!
-	if has test ${FEATURES} && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	if use bindist; then
-		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
-		bash "${WORKDIR}"/hobble-openssl || die
-
-		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
-
-		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
-
-		local known_failing_test
-		for known_failing_test in \
-			30-test_evp_extra.t \
-			80-test_ssl_new.t \
-		; do
-			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
-			rm test/recipes/${known_failing_test} || die
-			eend $?
-		done
-
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user #332661
-
-	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
-		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
-		rm test/recipes/80-test_ssl_new.t || die
-		eend $?
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		$(use_ssl !bindist sm2) \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl sslv3 ssl3-method) \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.1j.ebuild b/dev-libs/openssl/openssl-1.1.1j.ebuild
deleted file mode 100644
index 2763945ae17..00000000000
--- a/dev-libs/openssl/openssl-1.1.1j.ebuild
+++ /dev/null
@@ -1,326 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-
-# This patch set is based on the following files from Fedora 31,
-# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
-# for more details:
-# - hobble-openssl (SOURCE1)
-# - ec_curve.c (SOURCE12) -- MODIFIED
-# - ectest.c (SOURCE13)
-# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
-BINDIST_PATCH_SET="openssl-1.1.1i-bindist-1.0.tar.xz"
-
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	bindist? (
-		mirror://gentoo/${BINDIST_PATCH_SET}
-		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
-	)"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-[[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )
-	!test? ( test )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-)
-
-S="${WORKDIR}/${MY_P}"
-
-# force upgrade to prevent broken login, bug 696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl don't work with userpriv!
-	if has test ${FEATURES} && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	if use bindist; then
-		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
-		bash "${WORKDIR}"/hobble-openssl || die
-
-		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
-
-		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
-
-		local known_failing_test
-		for known_failing_test in \
-			30-test_evp_extra.t \
-			80-test_ssl_new.t \
-		; do
-			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
-			rm test/recipes/${known_failing_test} || die
-			eend $?
-		done
-
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user #332661
-
-	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
-		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
-		rm test/recipes/80-test_ssl_new.t || die
-		eend $?
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		$(use_ssl !bindist sm2) \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl sslv3 ssl3-method) \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     60a68e1f529e9220922ed16d41232d523cea88f3
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 28 07:10:54 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Mar 28 07:10:54 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=60a68e1f

dev-libs/openssl: Stabilize 1.1.1k arm, #777681

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1k.ebuild b/dev-libs/openssl/openssl-1.1.1k.ebuild
index 59adb0cadad..2763945ae17 100644
--- a/dev-libs/openssl/openssl-1.1.1k.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1k.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     304e38a7d4c4a363414866e715c6e5eae72da603
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Fri Mar 26 15:50:13 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Mar 26 16:35:01 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=304e38a7

dev-libs/openssl: stable 1.1.1k for hppa, bug #777681

Package-Manager: Portage-3.0.13, Repoman-3.0.2
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1k.ebuild b/dev-libs/openssl/openssl-1.1.1k.ebuild
index 117e06116a1..59adb0cadad 100644
--- a/dev-libs/openssl/openssl-1.1.1k.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1k.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     e54b755a1ce57c1adb2cbae55d090c0f602d1059
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 26 11:49:47 2021 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Mar 26 11:49:47 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e54b755a

dev-libs/openssl: s390 stable wrt bug #777681

Package-Manager: Portage-3.0.13, Repoman-3.0.2
RepoMan-Options: --include-arches="s390"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1k.ebuild b/dev-libs/openssl/openssl-1.1.1k.ebuild
index 28ae2c1df7d..117e06116a1 100644
--- a/dev-libs/openssl/openssl-1.1.1k.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1k.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     865e2c2e996ef1d481c24cb1f7d58f0b18b1d00d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 26 00:08:21 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 26 00:08:21 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=865e2c2e

dev-libs/openssl: Stabilize 1.1.1k arm64, #777681

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1k.ebuild b/dev-libs/openssl/openssl-1.1.1k.ebuild
index 626642af7fb..28ae2c1df7d 100644
--- a/dev-libs/openssl/openssl-1.1.1k.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1k.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     f985eba24ab0ea02bea7214627efb5cc0105c56e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 25 23:39:04 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 25 23:39:04 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f985eba2

dev-libs/openssl: Stabilize 1.1.1k sparc, #777681

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1k.ebuild b/dev-libs/openssl/openssl-1.1.1k.ebuild
index 9157948bb1f..626642af7fb 100644
--- a/dev-libs/openssl/openssl-1.1.1k.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1k.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     c9d5181d0eee6a17ad21dc8ab3695f232adf9560
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 25 23:17:36 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 25 23:17:36 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9d5181d

dev-libs/openssl: Stabilize 1.1.1k ppc, #777681

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1k.ebuild b/dev-libs/openssl/openssl-1.1.1k.ebuild
index 09e47f50860..55704a0305d 100644
--- a/dev-libs/openssl/openssl-1.1.1k.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1k.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     62144f03655d0a9cd76e31713064b36c6ceb9942
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 25 23:18:26 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 25 23:18:26 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62144f03

dev-libs/openssl: Stabilize 1.1.1k ppc64, #777681

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1k.ebuild b/dev-libs/openssl/openssl-1.1.1k.ebuild
index 55704a0305d..9157948bb1f 100644
--- a/dev-libs/openssl/openssl-1.1.1k.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1k.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     f9e92479f35363ce415c5d713026596aa3f6e8c6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 25 23:15:22 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 25 23:15:22 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9e92479

dev-libs/openssl: Stabilize 1.1.1k x86, #777681

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1k.ebuild b/dev-libs/openssl/openssl-1.1.1k.ebuild
index 34548311a6b..09e47f50860 100644
--- a/dev-libs/openssl/openssl-1.1.1k.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1k.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     ee9512b7d117a5a69430c6f385b64579ad412103
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 25 23:12:14 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 25 23:13:49 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee9512b7

dev-libs/openssl: Stabilize 1.1.1k amd64, #777681

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1k.ebuild b/dev-libs/openssl/openssl-1.1.1k.ebuild
index e01aa8d7295..34548311a6b 100644
--- a/dev-libs/openssl/openssl-1.1.1k.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1k.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     45e98bc5c10d396ab6ffbeec50ee78093683fdf9
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 25 14:29:45 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Mar 25 14:29:57 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45e98bc5

dev-libs/openssl: bump to v1.1.1k

Bug: https://bugs.gentoo.org/777681
Package-Manager: Portage-3.0.17, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   1 +
 dev-libs/openssl/openssl-1.1.1k.ebuild | 326 +++++++++++++++++++++++++++++++++
 2 files changed, 327 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 0463b528730..99b5b012c20 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -4,3 +4,4 @@ DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e
 DIST openssl-1.1.1i-bindist-1.0.tar.xz 18124 BLAKE2B bcbce700676d1d61498ac98281b7ad06f9970d91afa6bfb2c259ab7462b2554be79a1c06759bc7aaeca9948c2f5276bac2c4f42dbc6822669f863444b9913ccd SHA512 1dbb81bcb4cf7e634bb363c7e2bb2590a1fe3fcb6c3b5e377cac3c5241abd116c2a89c516be8e5fd1799ab64375a58052a4df944eeadc87b0b7785da710906d8
 DIST openssl-1.1.1i.tar.gz 9808346 BLAKE2B ca98bab08e1874134da113dd0bda0583c133c7dce5b739f9601641ed2cf97894e5e13d901f0db9367aa5d7b78c552ac598aa0a3c2a3f0a438daae044e29f58d6 SHA512 fe12e0ab9e1688f24dd862ac633d0ab703b499c0f34b53c3560aa0d3879d81d647aa0678ed517dda5efb2711f669fcb1a1e0e24f6eac2efc2cf4eae6b62014d8
 DIST openssl-1.1.1j.tar.gz 9823161 BLAKE2B e5699abeca83acd82546e74a0645f2a765d51f22226f8c537d92285eb0b11e12b0a9476cbd3cb6a594e9840433d713be39884fb4dcd5c3968b36ad4f582ed23a SHA512 51e44995663b5258b0018bdc1e2b0e7e8e0cce111138ca1f80514456af920fce4e409a411ce117c0f3eb9190ac3e47c53a43f39b06acd35b7494e2bec4a607d5
+DIST openssl-1.1.1k.tar.gz 9823400 BLAKE2B e9bd90f17bc819c4960d07bbee04346e8a7adb87a764a09d033ef76f1d638c67b180c4f2beb84ec25fbff54ccc9c14c13b9b16a27cac231a5dd22b02635d5cec SHA512 73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121

diff --git a/dev-libs/openssl/openssl-1.1.1k.ebuild b/dev-libs/openssl/openssl-1.1.1k.ebuild
new file mode 100644
index 00000000000..e01aa8d7295
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1k.ebuild
@@ -0,0 +1,326 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 31,
+# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.1.1i-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+)
+
+S="${WORKDIR}/${MY_P}"
+
+# force upgrade to prevent broken login, bug 696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if has test ${FEATURES} && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		local known_failing_test
+		for known_failing_test in \
+			30-test_evp_extra.t \
+			80-test_ssl_new.t \
+		; do
+			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
+			rm test/recipes/${known_failing_test} || die
+			eend $?
+		done
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
+		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+		rm test/recipes/80-test_ssl_new.t || die
+		eend $?
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist sm2) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     a7065f66e9422ac4d9f3834427e171ff1e168e58
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 18 23:26:51 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 18 23:26:51 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a7065f66

dev-libs/openssl: Stabilize 1.1.1j arm, #769785

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1j.ebuild b/dev-libs/openssl/openssl-1.1.1j.ebuild
index 59adb0cadad..2763945ae17 100644
--- a/dev-libs/openssl/openssl-1.1.1j.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1j.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     73284533c63b97fb2b864bbebe04698a08c88b0b
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 18 20:01:48 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Feb 18 20:01:48 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73284533

dev-libs/openssl: stable 1.1.1j for ppc64

stable wrt bug #769785

Package-Manager: Portage-3.0.14, Repoman-3.0.2
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1j.ebuild b/dev-libs/openssl/openssl-1.1.1j.ebuild
index 1c76fc30ce7..59adb0cadad 100644
--- a/dev-libs/openssl/openssl-1.1.1j.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1j.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     edf049a3abde6710b863dca646ad9fbd18b4e6e9
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Thu Feb 18 18:18:24 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Feb 18 18:29:56 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=edf049a3

dev-libs/openssl: stable 1.1.1j for hppa, bug #769785

Package-Manager: Portage-3.0.13, Repoman-3.0.2
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1j.ebuild b/dev-libs/openssl/openssl-1.1.1j.ebuild
index b5b1845901b..1c76fc30ce7 100644
--- a/dev-libs/openssl/openssl-1.1.1j.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1j.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     35c81e08622081630bec37ad5b51594ca8e1acdf
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 18 08:49:31 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 18 08:49:31 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35c81e08

dev-libs/openssl: Stabilize 1.1.1j ppc, #769785

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1j.ebuild b/dev-libs/openssl/openssl-1.1.1j.ebuild
index 4795a907d4c..b5b1845901b 100644
--- a/dev-libs/openssl/openssl-1.1.1j.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1j.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     cb450d7546e27167c50189cb88567d9ed841e02a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 18 08:47:48 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 18 08:47:48 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb450d75

dev-libs/openssl: Stabilize 1.1.1j arm64, #769785

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1j.ebuild b/dev-libs/openssl/openssl-1.1.1j.ebuild
index 16e22426c2a..4795a907d4c 100644
--- a/dev-libs/openssl/openssl-1.1.1j.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1j.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     f52dcd777944b23f03aa5b6b90ae2d9538784707
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 18 07:32:13 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 18 07:32:13 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f52dcd77

dev-libs/openssl: Stabilize 1.1.1j sparc, #769785

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1j.ebuild b/dev-libs/openssl/openssl-1.1.1j.ebuild
index 25846692e7c..16e22426c2a 100644
--- a/dev-libs/openssl/openssl-1.1.1j.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1j.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 ~sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     c420866f5c808c91ce06345e8aece92657468dee
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 18 07:29:25 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 18 07:29:25 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c420866f

dev-libs/openssl: Stabilize 1.1.1j s390, #769785

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1j.ebuild b/dev-libs/openssl/openssl-1.1.1j.ebuild
index 09e47f50860..25846692e7c 100644
--- a/dev-libs/openssl/openssl-1.1.1j.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1j.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 ~sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     d3590e0fd5edc8550f517676fb25fc1b804011cf
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 18 00:02:27 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 18 00:02:27 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3590e0f

dev-libs/openssl: Stabilize 1.1.1j x86, #769785

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1j.ebuild b/dev-libs/openssl/openssl-1.1.1j.ebuild
index e01aa8d7295..90304d625f6 100644
--- a/dev-libs/openssl/openssl-1.1.1j.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1j.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     304ba06f60108363e53184850c185a1f0ef01cd7
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 18 00:02:49 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 18 00:02:49 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=304ba06f

dev-libs/openssl: Stabilize 1.1.1j amd64, #769785

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1j.ebuild b/dev-libs/openssl/openssl-1.1.1j.ebuild
index 90304d625f6..09e47f50860 100644
--- a/dev-libs/openssl/openssl-1.1.1j.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1j.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     e046f5a13926d01660a6abfbe63dfeb15ac2adec
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 16 16:32:49 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Feb 16 18:14:15 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e046f5a1

dev-libs/openssl: bump to v1.1.1j

Bug: https://bugs.gentoo.org/769785
Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   1 +
 dev-libs/openssl/openssl-1.1.1j.ebuild | 326 +++++++++++++++++++++++++++++++++
 2 files changed, 327 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index a7dabaf27ae..0463b528730 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -3,3 +3,4 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1i-bindist-1.0.tar.xz 18124 BLAKE2B bcbce700676d1d61498ac98281b7ad06f9970d91afa6bfb2c259ab7462b2554be79a1c06759bc7aaeca9948c2f5276bac2c4f42dbc6822669f863444b9913ccd SHA512 1dbb81bcb4cf7e634bb363c7e2bb2590a1fe3fcb6c3b5e377cac3c5241abd116c2a89c516be8e5fd1799ab64375a58052a4df944eeadc87b0b7785da710906d8
 DIST openssl-1.1.1i.tar.gz 9808346 BLAKE2B ca98bab08e1874134da113dd0bda0583c133c7dce5b739f9601641ed2cf97894e5e13d901f0db9367aa5d7b78c552ac598aa0a3c2a3f0a438daae044e29f58d6 SHA512 fe12e0ab9e1688f24dd862ac633d0ab703b499c0f34b53c3560aa0d3879d81d647aa0678ed517dda5efb2711f669fcb1a1e0e24f6eac2efc2cf4eae6b62014d8
+DIST openssl-1.1.1j.tar.gz 9823161 BLAKE2B e5699abeca83acd82546e74a0645f2a765d51f22226f8c537d92285eb0b11e12b0a9476cbd3cb6a594e9840433d713be39884fb4dcd5c3968b36ad4f582ed23a SHA512 51e44995663b5258b0018bdc1e2b0e7e8e0cce111138ca1f80514456af920fce4e409a411ce117c0f3eb9190ac3e47c53a43f39b06acd35b7494e2bec4a607d5

diff --git a/dev-libs/openssl/openssl-1.1.1j.ebuild b/dev-libs/openssl/openssl-1.1.1j.ebuild
new file mode 100644
index 00000000000..e01aa8d7295
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1j.ebuild
@@ -0,0 +1,326 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 31,
+# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.1.1i-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+)
+
+S="${WORKDIR}/${MY_P}"
+
+# force upgrade to prevent broken login, bug 696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if has test ${FEATURES} && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		local known_failing_test
+		for known_failing_test in \
+			30-test_evp_extra.t \
+			80-test_ssl_new.t \
+		; do
+			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
+			rm test/recipes/${known_failing_test} || die
+			eend $?
+		done
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
+		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+		rm test/recipes/80-test_ssl_new.t || die
+		eend $?
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist sm2) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     7fe6dd336f555072c59021e7755fe0bd0a944fc7
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 13 23:21:57 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Dec 13 23:21:57 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7fe6dd33

dev-libs/openssl: stable 1.1.1i for s390

stable wrt bug #759079

Package-Manager: Portage-3.0.9, Repoman-3.0.2
RepoMan-Options: --include-arches="s390"
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1i.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1i.ebuild b/dev-libs/openssl/openssl-1.1.1i.ebuild
index 77fb15f3027..7d5fc56e026 100644
--- a/dev-libs/openssl/openssl-1.1.1i.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1i.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     9b9838acd2e9ef53ca8229c8ba5f0c3b8be8cbbf
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 11 23:06:08 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Dec 11 23:06:08 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b9838ac

dev-libs/openssl: stable 1.1.1i for ppc

stable wrt bug #759079

Package-Manager: Portage-3.0.12, Repoman-3.0.2
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1i.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1i.ebuild b/dev-libs/openssl/openssl-1.1.1i.ebuild
index dc8d65e2f1d..77fb15f3027 100644
--- a/dev-libs/openssl/openssl-1.1.1i.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1i.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     c92b15b0a74885a73724e383185878f47cb1d66d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 11 22:10:53 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 11 22:10:53 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c92b15b0

dev-libs/openssl: Stabilize 1.1.1i arm, #759079

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1i.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1i.ebuild b/dev-libs/openssl/openssl-1.1.1i.ebuild
index 52fa5d828e3..dc8d65e2f1d 100644
--- a/dev-libs/openssl/openssl-1.1.1i.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1i.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     94281fdebd053152fcad8a7bec5d54e9d537273d
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 10 21:32:44 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Dec 10 21:32:44 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94281fde

dev-libs/openssl: x86 stable (bug #759079)

Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1i.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1i.ebuild b/dev-libs/openssl/openssl-1.1.1i.ebuild
index 2fd38642961..52fa5d828e3 100644
--- a/dev-libs/openssl/openssl-1.1.1i.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1i.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     8a4bb79083eda3dab41f1e096f446e8eda428d28
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Thu Dec 10 18:45:26 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Dec 10 19:21:00 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a4bb790

dev-libs/openssl: stable 1.1.1i for hppa/sparc, bug #759079

Package-Manager: Portage-3.0.9, Repoman-3.0.2
RepoMan-Options: --include-arches="hppa sparc"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1i.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1i.ebuild b/dev-libs/openssl/openssl-1.1.1i.ebuild
index 72f02a16be2..2fd38642961 100644
--- a/dev-libs/openssl/openssl-1.1.1i.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1i.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     2ebf013c5d741eb2a1d21e825a8c2ff0bfc75f9c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 10 18:39:14 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 10 18:39:14 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ebf013c

dev-libs/openssl: Stabilize 1.1.1i arm64, #759079

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1i.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1i.ebuild b/dev-libs/openssl/openssl-1.1.1i.ebuild
index 4d43ee7e45c..72f02a16be2 100644
--- a/dev-libs/openssl/openssl-1.1.1i.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1i.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     7fef3843026267d491d7d1e65e71aacb1467169a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 10 18:38:15 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 10 18:38:15 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7fef3843

dev-libs/openssl: Stabilize 1.1.1i ppc64, #759079

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1i.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1i.ebuild b/dev-libs/openssl/openssl-1.1.1i.ebuild
index 0657dd4d022..4d43ee7e45c 100644
--- a/dev-libs/openssl/openssl-1.1.1i.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1i.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sam James]

commit:     c885ba8bab5fde90f3ead40ceea6a75932304766
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 10 17:47:47 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 10 17:47:47 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c885ba8b

dev-libs/openssl: Stabilize 1.1.1i amd64, #759079

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1i.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1i.ebuild b/dev-libs/openssl/openssl-1.1.1i.ebuild
index 572b1945be6..0657dd4d022 100644
--- a/dev-libs/openssl/openssl-1.1.1i.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1i.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     2915b998b618e03e5c0fa120ae528be64209ea85
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  8 23:02:49 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec  8 23:03:01 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2915b998

dev-libs/openssl: fix USE=bindist

Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest              | 2 +-
 dev-libs/openssl/openssl-1.1.1i.ebuild | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 7c5edfcb9d0..49b73ef3c56 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -6,5 +6,5 @@ DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e96248
 DIST openssl-1.1.1e-bindist-1.0.tar.xz 16948 BLAKE2B 78e034f1d263cbf5e57c92393f72acd07e86e39a5511a8852bad151371430954e07d787fd82cca55b373d1579bb22b9d29c9d677104ed68291a9d2dffe3ffbbb SHA512 0dbfb378b8f2724db82915e17fd4e43977e3e45030db25cdb9241c0ab842e41ef3d597ef71c4db5103635752dc2059ea6022597511a440f55fb56a5a52d3ccea
 DIST openssl-1.1.1g.tar.gz 9801502 BLAKE2B 5e3dd4725ff89b959a5436d64b521317c6ffeb377418cc24c6d1927fab923423cb5f5fce2f9c2cdee597041c7be156d09668a5fd13dc6ff06d235a83db94cf19 SHA512 01e3d0b1bceeed8fb066f542ef5480862001556e0f612e017442330bbd7e5faee228b2de3513d7fc347446b7f217e27de1003dc9d7214d5833b97593f3ec25ab
 DIST openssl-1.1.1h.tar.gz 9810045 BLAKE2B ac9ba6fb0c4da0a761e8655b6907634365ddb114216acfcfc981e13c211577b6bd23ea8d2ad0999c0960b039f5d3dead5733e6dc07c5231ab953307a9015cd36 SHA512 da50fd99325841ed7a4367d9251c771ce505a443a73b327d8a46b2c6a7d2ea99e43551a164efc86f8743b22c2bdb0020bf24a9cbd445e9d68868b2dc1d34033a
-DIST openssl-1.1.1i-bindist-1.0.tar.xz 17696 BLAKE2B bb453ae48ff5031894d120de0d0da66d9528e00f1d773e7ed17435ed8ea4bfa988e55a59cc22b2d99a23ab0a592fc1f10fcf075974b621cb22eb439fdea8f559 SHA512 d03b7cecbadebedd03b41a7a2384d1e9cbf75a782d9607db5aad44bbc49ab38f91673e765819f4d4f0132bc708cd20d3100f402e2ad50130cd140f11ba376834
+DIST openssl-1.1.1i-bindist-1.0.tar.xz 18124 BLAKE2B bcbce700676d1d61498ac98281b7ad06f9970d91afa6bfb2c259ab7462b2554be79a1c06759bc7aaeca9948c2f5276bac2c4f42dbc6822669f863444b9913ccd SHA512 1dbb81bcb4cf7e634bb363c7e2bb2590a1fe3fcb6c3b5e377cac3c5241abd116c2a89c516be8e5fd1799ab64375a58052a4df944eeadc87b0b7785da710906d8
 DIST openssl-1.1.1i.tar.gz 9808346 BLAKE2B ca98bab08e1874134da113dd0bda0583c133c7dce5b739f9601641ed2cf97894e5e13d901f0db9367aa5d7b78c552ac598aa0a3c2a3f0a438daae044e29f58d6 SHA512 fe12e0ab9e1688f24dd862ac633d0ab703b499c0f34b53c3560aa0d3879d81d647aa0678ed517dda5efb2711f669fcb1a1e0e24f6eac2efc2cf4eae6b62014d8

diff --git a/dev-libs/openssl/openssl-1.1.1i.ebuild b/dev-libs/openssl/openssl-1.1.1i.ebuild
index 571e1c7971c..572b1945be6 100644
--- a/dev-libs/openssl/openssl-1.1.1i.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1i.ebuild
@@ -209,6 +209,7 @@ multilib_src_configure() {
 		enable-camellia \
 		enable-ec \
 		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist sm2) \
 		enable-srp \
 		$(use elibc_musl && echo "no-async") \
 		${ec_nistp_64_gcc_128} \

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     2167698533dd62a7a2f240810c040f472e6df584
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  8 16:47:17 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec  8 16:47:17 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21676985

dev-libs/openssl: bump to v1.1.1i

Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   1 +
 dev-libs/openssl/openssl-1.1.1i.ebuild | 324 +++++++++++++++++++++++++++++++++
 2 files changed, 325 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index a4e3450e711..ec7f6b488c8 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -6,3 +6,4 @@ DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e96248
 DIST openssl-1.1.1e-bindist-1.0.tar.xz 16948 BLAKE2B 78e034f1d263cbf5e57c92393f72acd07e86e39a5511a8852bad151371430954e07d787fd82cca55b373d1579bb22b9d29c9d677104ed68291a9d2dffe3ffbbb SHA512 0dbfb378b8f2724db82915e17fd4e43977e3e45030db25cdb9241c0ab842e41ef3d597ef71c4db5103635752dc2059ea6022597511a440f55fb56a5a52d3ccea
 DIST openssl-1.1.1g.tar.gz 9801502 BLAKE2B 5e3dd4725ff89b959a5436d64b521317c6ffeb377418cc24c6d1927fab923423cb5f5fce2f9c2cdee597041c7be156d09668a5fd13dc6ff06d235a83db94cf19 SHA512 01e3d0b1bceeed8fb066f542ef5480862001556e0f612e017442330bbd7e5faee228b2de3513d7fc347446b7f217e27de1003dc9d7214d5833b97593f3ec25ab
 DIST openssl-1.1.1h.tar.gz 9810045 BLAKE2B ac9ba6fb0c4da0a761e8655b6907634365ddb114216acfcfc981e13c211577b6bd23ea8d2ad0999c0960b039f5d3dead5733e6dc07c5231ab953307a9015cd36 SHA512 da50fd99325841ed7a4367d9251c771ce505a443a73b327d8a46b2c6a7d2ea99e43551a164efc86f8743b22c2bdb0020bf24a9cbd445e9d68868b2dc1d34033a
+DIST openssl-1.1.1i.tar.gz 9808346 BLAKE2B ca98bab08e1874134da113dd0bda0583c133c7dce5b739f9601641ed2cf97894e5e13d901f0db9367aa5d7b78c552ac598aa0a3c2a3f0a438daae044e29f58d6 SHA512 fe12e0ab9e1688f24dd862ac633d0ab703b499c0f34b53c3560aa0d3879d81d647aa0678ed517dda5efb2711f669fcb1a1e0e24f6eac2efc2cf4eae6b62014d8

diff --git a/dev-libs/openssl/openssl-1.1.1i.ebuild b/dev-libs/openssl/openssl-1.1.1i.ebuild
new file mode 100644
index 00000000000..ccc0cbc5d58
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1i.ebuild
@@ -0,0 +1,324 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 31,
+# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.1.1e-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+)
+
+S="${WORKDIR}/${MY_P}"
+
+# force upgrade to prevent broken login, bug 696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if has test ${FEATURES} && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		local known_failing_test
+		for known_failing_test in \
+			30-test_evp_extra.t \
+			80-test_ssl_new.t \
+		; do
+			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
+			rm test/recipes/${known_failing_test} || die
+			eend $?
+		done
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
+		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+		rm test/recipes/80-test_ssl_new.t || die
+		eend $?
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     4a0c75df76ef330039317c534e810f59dcd85582
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 22 14:18:13 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Sep 22 14:18:20 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a0c75df

dev-libs/openssl: Bump to version 1.1.1h

Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   1 +
 dev-libs/openssl/openssl-1.1.1h.ebuild | 324 +++++++++++++++++++++++++++++++++
 2 files changed, 325 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 0153ae0ad1c..a4e3450e711 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -5,3 +5,4 @@ DIST openssl-1.1.0l-bindist-1.0.tar.xz 13184 BLAKE2B c09e023458faff17b10d6f20c28
 DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e962487fbe72967f0392ace959955429192541881a98d097d7bb75ed7238b1817b0c3c2c4da04421512bd538f2b07cdd7 SHA512 81b74149f40ea7d9f7e235820a4f977844653ad1e2b302e65e712c12193f47542fe7e3385fd1e25e3dd074e4e6d04199836cbc492656f5a7692edab5e234f4ad
 DIST openssl-1.1.1e-bindist-1.0.tar.xz 16948 BLAKE2B 78e034f1d263cbf5e57c92393f72acd07e86e39a5511a8852bad151371430954e07d787fd82cca55b373d1579bb22b9d29c9d677104ed68291a9d2dffe3ffbbb SHA512 0dbfb378b8f2724db82915e17fd4e43977e3e45030db25cdb9241c0ab842e41ef3d597ef71c4db5103635752dc2059ea6022597511a440f55fb56a5a52d3ccea
 DIST openssl-1.1.1g.tar.gz 9801502 BLAKE2B 5e3dd4725ff89b959a5436d64b521317c6ffeb377418cc24c6d1927fab923423cb5f5fce2f9c2cdee597041c7be156d09668a5fd13dc6ff06d235a83db94cf19 SHA512 01e3d0b1bceeed8fb066f542ef5480862001556e0f612e017442330bbd7e5faee228b2de3513d7fc347446b7f217e27de1003dc9d7214d5833b97593f3ec25ab
+DIST openssl-1.1.1h.tar.gz 9810045 BLAKE2B ac9ba6fb0c4da0a761e8655b6907634365ddb114216acfcfc981e13c211577b6bd23ea8d2ad0999c0960b039f5d3dead5733e6dc07c5231ab953307a9015cd36 SHA512 da50fd99325841ed7a4367d9251c771ce505a443a73b327d8a46b2c6a7d2ea99e43551a164efc86f8743b22c2bdb0020bf24a9cbd445e9d68868b2dc1d34033a

diff --git a/dev-libs/openssl/openssl-1.1.1h.ebuild b/dev-libs/openssl/openssl-1.1.1h.ebuild
new file mode 100644
index 00000000000..ccc0cbc5d58
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1h.ebuild
@@ -0,0 +1,324 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 31,
+# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.1.1e-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+)
+
+S="${WORKDIR}/${MY_P}"
+
+# force upgrade to prevent broken login, bug 696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if has test ${FEATURES} && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		local known_failing_test
+		for known_failing_test in \
+			30-test_evp_extra.t \
+			80-test_ssl_new.t \
+		; do
+			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
+			rm test/recipes/${known_failing_test} || die
+			eend $?
+		done
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
+		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+		rm test/recipes/80-test_ssl_new.t || die
+		eend $?
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Georgy Yakovlev]

commit:     b9c544023344ac4c23d6dbc2058b2201d9593ccd
Author:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
AuthorDate: Fri May 29 18:57:03 2020 +0000
Commit:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
CommitDate: Fri May 29 18:57:40 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b9c54402

dev-libs/openssl: 1.1.1g ppc stable, bug #717442

Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1g.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1g.ebuild b/dev-libs/openssl/openssl-1.1.1g.ebuild
index 292c22c8889..7a3f675be54 100644
--- a/dev-libs/openssl/openssl-1.1.1g.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1g.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Georgy Yakovlev]

commit:     2b6111a759c85f684daa56ad8ebe78d734647f97
Author:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
AuthorDate: Fri May 29 18:49:03 2020 +0000
Commit:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
CommitDate: Fri May 29 18:57:40 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b6111a7

dev-libs/openssl: 1.1.1g ppc64 stable, bug #717442

Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1g.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1g.ebuild b/dev-libs/openssl/openssl-1.1.1g.ebuild
index cb9a8e24cc5..292c22c8889 100644
--- a/dev-libs/openssl/openssl-1.1.1g.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1g.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     9cb03490b4b6bea04b6ca932ab04903c6fc31bd3
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Thu Apr 23 18:16:32 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Apr 23 18:18:37 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9cb03490

dev-libs/openssl: stable 1.1.1g for hppa, bug #717442

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1g.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1g.ebuild b/dev-libs/openssl/openssl-1.1.1g.ebuild
index 203ff855746..cb9a8e24cc5 100644
--- a/dev-libs/openssl/openssl-1.1.1g.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1g.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     63b53e6d891777a0e78a30f922e83e5c70d24884
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 23 06:29:18 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Apr 23 06:29:18 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63b53e6d

dev-libs/openssl: x86 stable wrt bug #717442

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1g.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1g.ebuild b/dev-libs/openssl/openssl-1.1.1g.ebuild
index 0c8e03215a1..203ff855746 100644
--- a/dev-libs/openssl/openssl-1.1.1g.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1g.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     4894fc64fb110f90f08f1f18e56cc961a4701b4c
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 23 06:27:13 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Apr 23 06:27:13 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4894fc64

dev-libs/openssl: s390 stable wrt bug #717442

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="s390"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1g.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1g.ebuild b/dev-libs/openssl/openssl-1.1.1g.ebuild
index 9ba4ff52973..0c8e03215a1 100644
--- a/dev-libs/openssl/openssl-1.1.1g.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1g.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     12a72371ecf73bda142fbf3bce77f3aa91978fc9
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 23 06:21:33 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Apr 23 06:21:33 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=12a72371

dev-libs/openssl: arm stable wrt bug #717442

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="arm"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1g.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1g.ebuild b/dev-libs/openssl/openssl-1.1.1g.ebuild
index 49c888837e2..9ba4ff52973 100644
--- a/dev-libs/openssl/openssl-1.1.1g.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1g.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mart Raudsepp]

commit:     4f28e3f3baa57f90b867dd34e10f3fb0fe332df2
Author:     Sam James (sam_c) <sam <AT> cmpct <DOT> info>
AuthorDate: Wed Apr 22 01:04:47 2020 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Wed Apr 22 16:39:40 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f28e3f3

dev-libs/openssl: arm64 stable (bug #717442)

Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Sam James (sam_c) <sam <AT> cmpct.info>
Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1g.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1g.ebuild b/dev-libs/openssl/openssl-1.1.1g.ebuild
index 111c8013249..49c888837e2 100644
--- a/dev-libs/openssl/openssl-1.1.1g.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1g.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     08de8f8d02a9d6633b5c1dc88b34da9cd53be76b
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 22 13:55:05 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Apr 22 13:55:05 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08de8f8d

dev-libs/openssl: amd64 stable wrt bug #717442

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1g.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1g.ebuild b/dev-libs/openssl/openssl-1.1.1g.ebuild
index 5d2861333bc..111c8013249 100644
--- a/dev-libs/openssl/openssl-1.1.1g.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1g.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     b0ae927a1e88ec206626ec36fe9c001a9bb9e92f
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Wed Apr 22 06:09:29 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Wed Apr 22 06:19:42 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0ae927a

dev-libs/openssl: stable 1.1.1g for sparc, bug #717442

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1g.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1g.ebuild b/dev-libs/openssl/openssl-1.1.1g.ebuild
index ccc0cbc5d58..5d2861333bc 100644
--- a/dev-libs/openssl/openssl-1.1.1g.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1g.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     43795668935812c25e76cc2bca2758347b6357a6
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 21 14:05:53 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 21 14:10:34 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=43795668

dev-libs/openssl: bump to v1.1.1g

Bug: https://bugs.gentoo.org/717442
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   1 +
 dev-libs/openssl/openssl-1.1.1g.ebuild | 324 +++++++++++++++++++++++++++++++++
 2 files changed, 325 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index c84427c7400..2d626cc93bd 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -7,3 +7,4 @@ DIST openssl-1.1.1d-bindist-1.0.tar.xz 13180 BLAKE2B 680bd7400d3dd3930067ee7efa9
 DIST openssl-1.1.1d.tar.gz 8845861 BLAKE2B d3155f07b487ebd8dd4fe25396c874f9af18b5cfd7e622298d29c4f2c8ce14ad4534609d321314a4bcd0d44414e1306190340daaacd3c8fca061c04498446244 SHA512 2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7
 DIST openssl-1.1.1e-bindist-1.0.tar.xz 16948 BLAKE2B 78e034f1d263cbf5e57c92393f72acd07e86e39a5511a8852bad151371430954e07d787fd82cca55b373d1579bb22b9d29c9d677104ed68291a9d2dffe3ffbbb SHA512 0dbfb378b8f2724db82915e17fd4e43977e3e45030db25cdb9241c0ab842e41ef3d597ef71c4db5103635752dc2059ea6022597511a440f55fb56a5a52d3ccea
 DIST openssl-1.1.1f.tar.gz 9792828 BLAKE2B eba30dd12772cd714666ed8e5371e068623d8bfd4ff45863d10e82c65551654508a27f22f7ef1edadb543ab56f3c4c40ac3bcad665c667eb06ee90c69b24782e SHA512 b00bd9b5ad5298fbceeec6bb19c1ab0c106ca5cfb31178497c58bf7e0e0cf30fcc19c20f84e23af31cc126bf2447d3e4f8461db97bafa7bd78f69561932f000c
+DIST openssl-1.1.1g.tar.gz 9801502 BLAKE2B 5e3dd4725ff89b959a5436d64b521317c6ffeb377418cc24c6d1927fab923423cb5f5fce2f9c2cdee597041c7be156d09668a5fd13dc6ff06d235a83db94cf19 SHA512 01e3d0b1bceeed8fb066f542ef5480862001556e0f612e017442330bbd7e5faee228b2de3513d7fc347446b7f217e27de1003dc9d7214d5833b97593f3ec25ab

diff --git a/dev-libs/openssl/openssl-1.1.1g.ebuild b/dev-libs/openssl/openssl-1.1.1g.ebuild
new file mode 100644
index 00000000000..ccc0cbc5d58
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1g.ebuild
@@ -0,0 +1,324 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 31,
+# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.1.1e-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+)
+
+S="${WORKDIR}/${MY_P}"
+
+# force upgrade to prevent broken login, bug 696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if has test ${FEATURES} && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		local known_failing_test
+		for known_failing_test in \
+			30-test_evp_extra.t \
+			80-test_ssl_new.t \
+		; do
+			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
+			rm test/recipes/${known_failing_test} || die
+			eend $?
+		done
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
+		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+		rm test/recipes/80-test_ssl_new.t || die
+		eend $?
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     b261954e9fcdb40cdc3032aa9243b9f1b804ac13
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Apr  8 09:52:19 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Apr  8 09:52:19 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b261954e

dev-libs/openssl: s390 stable wrt bug #715622

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="s390"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1f.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1f.ebuild b/dev-libs/openssl/openssl-1.1.1f.ebuild
index 34454a8943e..150624048da 100644
--- a/dev-libs/openssl/openssl-1.1.1f.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1f.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     f2d87f5de97aacdff9dfd26c6fc122bafbac9533
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Apr  8 09:48:21 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Apr  8 09:48:21 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f2d87f5d

dev-libs/openssl: arm stable wrt bug #715622

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="arm"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1f.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1f.ebuild b/dev-libs/openssl/openssl-1.1.1f.ebuild
index 87ba2ed4519..34454a8943e 100644
--- a/dev-libs/openssl/openssl-1.1.1f.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1f.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mart Raudsepp]

commit:     8c90e945b5d4971100c616e4ab164d17cf48e67c
Author:     Sam James (sam_c) <sam <AT> cmpct <DOT> info>
AuthorDate: Tue Apr  7 04:54:29 2020 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Wed Apr  8 06:09:45 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c90e945

dev-libs/openssl: arm64 stable (bug #715622)

Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Sam James (sam_c) <sam <AT> cmpct.info>
Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1f.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1f.ebuild b/dev-libs/openssl/openssl-1.1.1f.ebuild
index 480a714aa6c..87ba2ed4519 100644
--- a/dev-libs/openssl/openssl-1.1.1f.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1f.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     8914a6586006b5f09ca7511aa455a02ce10f4592
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Apr  7 10:31:30 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Apr  7 10:31:30 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8914a658

dev-libs/openssl: amd64 stable wrt bug #715622

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1f.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1f.ebuild b/dev-libs/openssl/openssl-1.1.1f.ebuild
index 0191640d009..480a714aa6c 100644
--- a/dev-libs/openssl/openssl-1.1.1f.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1f.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     2ec94189ddaf3f588b447ed650408b09c07ee26c
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Tue Apr  7 07:02:58 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Tue Apr  7 08:41:08 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ec94189

dev-libs/openssl: stable 1.1.1f for hppa/sparc, bug #715622

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="hppa sparc"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1f.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1f.ebuild b/dev-libs/openssl/openssl-1.1.1f.ebuild
index ccc0cbc5d58..0191640d009 100644
--- a/dev-libs/openssl/openssl-1.1.1f.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1f.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     e8c78ca5a521c7dc6cfc183c7072949eb7b5d140
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 31 14:04:53 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Mar 31 14:05:07 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e8c78ca5

dev-libs/openssl: drop old

Package-Manager: Portage-2.3.96, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   1 -
 dev-libs/openssl/openssl-1.1.1e.ebuild | 324 ---------------------------------
 2 files changed, 325 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 0d29f70e684..c84427c7400 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -6,5 +6,4 @@ DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e96248
 DIST openssl-1.1.1d-bindist-1.0.tar.xz 13180 BLAKE2B 680bd7400d3dd3930067ee7efa9718b74b30afa9be2397ad80f88031920806b6603b6469beede02b6e7a742abf5f82ebdd7c9b8e69c1ffe223e4860dc9581128 SHA512 9e4296326852010d5cebc204d1a34a34198d8d65460bc91a2bd37c80be892a5ae519513e4b0109e6b51b6faab0e171ef6cdae868868c158711558d147083c06f
 DIST openssl-1.1.1d.tar.gz 8845861 BLAKE2B d3155f07b487ebd8dd4fe25396c874f9af18b5cfd7e622298d29c4f2c8ce14ad4534609d321314a4bcd0d44414e1306190340daaacd3c8fca061c04498446244 SHA512 2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7
 DIST openssl-1.1.1e-bindist-1.0.tar.xz 16948 BLAKE2B 78e034f1d263cbf5e57c92393f72acd07e86e39a5511a8852bad151371430954e07d787fd82cca55b373d1579bb22b9d29c9d677104ed68291a9d2dffe3ffbbb SHA512 0dbfb378b8f2724db82915e17fd4e43977e3e45030db25cdb9241c0ab842e41ef3d597ef71c4db5103635752dc2059ea6022597511a440f55fb56a5a52d3ccea
-DIST openssl-1.1.1e.tar.gz 9792634 BLAKE2B d8731ece2f0929fdb71c324480128e182e41bda1b9ef32b9a0ff2d7a1120ad45d918ee6162fbf038bb7459cfad283307d5bc85777fe75fd7b3c11ebab8cfe3ec SHA512 dbc2124f6ce9f1927e2f5e03101ed565d4e52ef09d620200f5cd9372c88c65dd7d74b24b31a8bf404713a5adfab80e0c3b25bf538c52702c4c3af1d80aef16c2
 DIST openssl-1.1.1f.tar.gz 9792828 BLAKE2B eba30dd12772cd714666ed8e5371e068623d8bfd4ff45863d10e82c65551654508a27f22f7ef1edadb543ab56f3c4c40ac3bcad665c667eb06ee90c69b24782e SHA512 b00bd9b5ad5298fbceeec6bb19c1ab0c106ca5cfb31178497c58bf7e0e0cf30fcc19c20f84e23af31cc126bf2447d3e4f8461db97bafa7bd78f69561932f000c

diff --git a/dev-libs/openssl/openssl-1.1.1e.ebuild b/dev-libs/openssl/openssl-1.1.1e.ebuild
deleted file mode 100644
index ccc0cbc5d58..00000000000
--- a/dev-libs/openssl/openssl-1.1.1e.ebuild
+++ /dev/null
@@ -1,324 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-
-# This patch set is based on the following files from Fedora 31,
-# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
-# for more details:
-# - hobble-openssl (SOURCE1)
-# - ec_curve.c (SOURCE12) -- MODIFIED
-# - ectest.c (SOURCE13)
-# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
-BINDIST_PATCH_SET="openssl-1.1.1e-bindist-1.0.tar.xz"
-
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	bindist? (
-		mirror://gentoo/${BINDIST_PATCH_SET}
-		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
-	)"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-[[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )
-	!test? ( test )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-)
-
-S="${WORKDIR}/${MY_P}"
-
-# force upgrade to prevent broken login, bug 696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl don't work with userpriv!
-	if has test ${FEATURES} && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_prepare() {
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	if use bindist; then
-		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
-		bash "${WORKDIR}"/hobble-openssl || die
-
-		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
-
-		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
-
-		local known_failing_test
-		for known_failing_test in \
-			30-test_evp_extra.t \
-			80-test_ssl_new.t \
-		; do
-			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
-			rm test/recipes/${known_failing_test} || die
-			eend $?
-		done
-
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user #332661
-
-	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
-		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
-		rm test/recipes/80-test_ssl_new.t || die
-		eend $?
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl sslv3 ssl3-method) \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     0577a74dfa8c5a293c5004bf80b6f0b3d0f6bb51
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 31 14:03:30 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Mar 31 14:05:05 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0577a74d

dev-libs/openssl: bump to v1.1.1f

Package-Manager: Portage-2.3.96, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   1 +
 dev-libs/openssl/openssl-1.1.1f.ebuild | 324 +++++++++++++++++++++++++++++++++
 2 files changed, 325 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 371e84b8bd8..0d29f70e684 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -7,3 +7,4 @@ DIST openssl-1.1.1d-bindist-1.0.tar.xz 13180 BLAKE2B 680bd7400d3dd3930067ee7efa9
 DIST openssl-1.1.1d.tar.gz 8845861 BLAKE2B d3155f07b487ebd8dd4fe25396c874f9af18b5cfd7e622298d29c4f2c8ce14ad4534609d321314a4bcd0d44414e1306190340daaacd3c8fca061c04498446244 SHA512 2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7
 DIST openssl-1.1.1e-bindist-1.0.tar.xz 16948 BLAKE2B 78e034f1d263cbf5e57c92393f72acd07e86e39a5511a8852bad151371430954e07d787fd82cca55b373d1579bb22b9d29c9d677104ed68291a9d2dffe3ffbbb SHA512 0dbfb378b8f2724db82915e17fd4e43977e3e45030db25cdb9241c0ab842e41ef3d597ef71c4db5103635752dc2059ea6022597511a440f55fb56a5a52d3ccea
 DIST openssl-1.1.1e.tar.gz 9792634 BLAKE2B d8731ece2f0929fdb71c324480128e182e41bda1b9ef32b9a0ff2d7a1120ad45d918ee6162fbf038bb7459cfad283307d5bc85777fe75fd7b3c11ebab8cfe3ec SHA512 dbc2124f6ce9f1927e2f5e03101ed565d4e52ef09d620200f5cd9372c88c65dd7d74b24b31a8bf404713a5adfab80e0c3b25bf538c52702c4c3af1d80aef16c2
+DIST openssl-1.1.1f.tar.gz 9792828 BLAKE2B eba30dd12772cd714666ed8e5371e068623d8bfd4ff45863d10e82c65551654508a27f22f7ef1edadb543ab56f3c4c40ac3bcad665c667eb06ee90c69b24782e SHA512 b00bd9b5ad5298fbceeec6bb19c1ab0c106ca5cfb31178497c58bf7e0e0cf30fcc19c20f84e23af31cc126bf2447d3e4f8461db97bafa7bd78f69561932f000c

diff --git a/dev-libs/openssl/openssl-1.1.1f.ebuild b/dev-libs/openssl/openssl-1.1.1f.ebuild
new file mode 100644
index 00000000000..ccc0cbc5d58
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1f.ebuild
@@ -0,0 +1,324 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 31,
+# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.1.1e-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+)
+
+S="${WORKDIR}/${MY_P}"
+
+# force upgrade to prevent broken login, bug 696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if has test ${FEATURES} && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		local known_failing_test
+		for known_failing_test in \
+			30-test_evp_extra.t \
+			80-test_ssl_new.t \
+		; do
+			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
+			rm test/recipes/${known_failing_test} || die
+			eend $?
+		done
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
+		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+		rm test/recipes/80-test_ssl_new.t || die
+		eend $?
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     70400fdf81338cff57baef60b9243b27e5e222e2
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 19 21:27:39 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Mar 19 21:28:18 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70400fdf

dev-libs/openssl: bump to v1.1.1e

Package-Manager: Portage-2.3.94, Repoman-2.3.21
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.1.1e.ebuild | 324 +++++++++++++++++++++++++++++++++
 2 files changed, 326 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 076dc6a995b..371e84b8bd8 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -5,3 +5,5 @@ DIST openssl-1.1.0l-bindist-1.0.tar.xz 13184 BLAKE2B c09e023458faff17b10d6f20c28
 DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e962487fbe72967f0392ace959955429192541881a98d097d7bb75ed7238b1817b0c3c2c4da04421512bd538f2b07cdd7 SHA512 81b74149f40ea7d9f7e235820a4f977844653ad1e2b302e65e712c12193f47542fe7e3385fd1e25e3dd074e4e6d04199836cbc492656f5a7692edab5e234f4ad
 DIST openssl-1.1.1d-bindist-1.0.tar.xz 13180 BLAKE2B 680bd7400d3dd3930067ee7efa9718b74b30afa9be2397ad80f88031920806b6603b6469beede02b6e7a742abf5f82ebdd7c9b8e69c1ffe223e4860dc9581128 SHA512 9e4296326852010d5cebc204d1a34a34198d8d65460bc91a2bd37c80be892a5ae519513e4b0109e6b51b6faab0e171ef6cdae868868c158711558d147083c06f
 DIST openssl-1.1.1d.tar.gz 8845861 BLAKE2B d3155f07b487ebd8dd4fe25396c874f9af18b5cfd7e622298d29c4f2c8ce14ad4534609d321314a4bcd0d44414e1306190340daaacd3c8fca061c04498446244 SHA512 2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7
+DIST openssl-1.1.1e-bindist-1.0.tar.xz 16948 BLAKE2B 78e034f1d263cbf5e57c92393f72acd07e86e39a5511a8852bad151371430954e07d787fd82cca55b373d1579bb22b9d29c9d677104ed68291a9d2dffe3ffbbb SHA512 0dbfb378b8f2724db82915e17fd4e43977e3e45030db25cdb9241c0ab842e41ef3d597ef71c4db5103635752dc2059ea6022597511a440f55fb56a5a52d3ccea
+DIST openssl-1.1.1e.tar.gz 9792634 BLAKE2B d8731ece2f0929fdb71c324480128e182e41bda1b9ef32b9a0ff2d7a1120ad45d918ee6162fbf038bb7459cfad283307d5bc85777fe75fd7b3c11ebab8cfe3ec SHA512 dbc2124f6ce9f1927e2f5e03101ed565d4e52ef09d620200f5cd9372c88c65dd7d74b24b31a8bf404713a5adfab80e0c3b25bf538c52702c4c3af1d80aef16c2

diff --git a/dev-libs/openssl/openssl-1.1.1e.ebuild b/dev-libs/openssl/openssl-1.1.1e.ebuild
new file mode 100644
index 00000000000..ee289080943
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1e.ebuild
@@ -0,0 +1,324 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 31,
+# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.1.1e-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+		sys-process/procps
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+)
+
+S="${WORKDIR}/${MY_P}"
+
+# force upgrade to prevent broken login, bug 696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if has test ${FEATURES} && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		local known_failing_test
+		for known_failing_test in \
+			30-test_evp_extra.t \
+			80-test_ssl_new.t \
+		; do
+			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
+			rm test/recipes/${known_failing_test} || die
+			eend $?
+		done
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
+		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+		rm test/recipes/80-test_ssl_new.t || die
+		eend $?
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     5d84fb00a536f5754b7ca8d253fb43c19e2a066d
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jan  1 21:21:43 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jan  1 21:25:08 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d84fb00

dev-libs/openssl: move stable keywords

Bug: https://bugs.gentoo.org/702176
Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2u.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2u.ebuild b/dev-libs/openssl/openssl-1.0.2u.ebuild
index a5f618bc77c..11e934c1f7a 100644
--- a/dev-libs/openssl/openssl-1.0.2u.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2u.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     2fd3637f1b9e3cee6adf6b7c10d1ecc4ea08071e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jan  1 21:22:39 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jan  1 21:25:09 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2fd3637f

dev-libs/openssl: security cleanup (#702176)

Bug: https://bugs.gentoo.org/702176
Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest                 |   1 -
 dev-libs/openssl/openssl-1.0.2t-r1.ebuild | 308 ------------------------------
 2 files changed, 309 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 9610c7c62b5..076dc6a995b 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,6 +1,5 @@
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
-DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.0l-bindist-1.0.tar.xz 13184 BLAKE2B c09e023458faff17b10d6f20c28462c0851757a20d59b4b751220ab307324d5778252df112ad74fd319407cc75fdd1cd507d48058dd0234dc8c03020c882ed42 SHA512 39720ecee3ec6080c1416f2fb7c9246b89ee55b21be2baabad51eb6823dbe1559450b1ae92fa61ac1cf5ba04ac8c02438aa469bc65eae6905cf1ea486f270793
 DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e962487fbe72967f0392ace959955429192541881a98d097d7bb75ed7238b1817b0c3c2c4da04421512bd538f2b07cdd7 SHA512 81b74149f40ea7d9f7e235820a4f977844653ad1e2b302e65e712c12193f47542fe7e3385fd1e25e3dd074e4e6d04199836cbc492656f5a7692edab5e234f4ad

diff --git a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
deleted file mode 100644
index 37ad94c9f5d..00000000000
--- a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
+++ /dev/null
@@ -1,308 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-# openssl-1.0.2-patches-1.6 contain additional CVE patches
-# which got fixed with this release.
-# Please use 1.7 version number when rolling a new tarball!
-PATCH_SET="openssl-1.0.2-patches-1.5"
-
-MY_P=${P/_/-}
-
-# This patch set is based on the following files from Fedora 25,
-# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
-# for more details:
-# - hobble-openssl (SOURCE1)
-# - ec_curve.c (SOURCE12) -- MODIFIED
-# - ectest.c (SOURCE13)
-# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
-BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
-
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	bindist? (
-		mirror://gentoo/${BINDIST_PATCH_SET}
-		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
-	)
-	!vanilla? (
-		mirror://gentoo/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
-	)"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )
-	!test? ( test )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	if use bindist; then
-		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
-		bash "${WORKDIR}"/hobble-openssl || die
-
-		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
-
-		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
-
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-		# $(use_ssl !bindist srp) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${WORKDIR}"/patch/*.patch
-	fi
-
-	eapply_user
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	# this breaks build with 1.0.2p, not sure if it is needed anymore
-	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	# https://github.com/openssl/openssl/issues/2286
-	if use ia64 ; then
-		replace-flags -g3 -g2
-		replace-flags -ggdb3 -ggdb2
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		$(use_ssl !bindist srp) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 V=1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
-	einstalldocs
-
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     4ee264fd167eddcdc37f667af5b667a94ceaee8c
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 21 20:28:27 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Dec 21 20:30:26 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ee264fd

dev-libs/openssl: bump to v1.0.2u

Bug: https://bugs.gentoo.org/702176
Package-Manager: Portage-2.3.82, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   1 +
 dev-libs/openssl/openssl-1.0.2u.ebuild | 308 +++++++++++++++++++++++++++++++++
 2 files changed, 309 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index e24a37051ac..9610c7c62b5 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,6 +1,7 @@
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
+DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.0l-bindist-1.0.tar.xz 13184 BLAKE2B c09e023458faff17b10d6f20c28462c0851757a20d59b4b751220ab307324d5778252df112ad74fd319407cc75fdd1cd507d48058dd0234dc8c03020c882ed42 SHA512 39720ecee3ec6080c1416f2fb7c9246b89ee55b21be2baabad51eb6823dbe1559450b1ae92fa61ac1cf5ba04ac8c02438aa469bc65eae6905cf1ea486f270793
 DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e962487fbe72967f0392ace959955429192541881a98d097d7bb75ed7238b1817b0c3c2c4da04421512bd538f2b07cdd7 SHA512 81b74149f40ea7d9f7e235820a4f977844653ad1e2b302e65e712c12193f47542fe7e3385fd1e25e3dd074e4e6d04199836cbc492656f5a7692edab5e234f4ad
 DIST openssl-1.1.1d-bindist-1.0.tar.xz 13180 BLAKE2B 680bd7400d3dd3930067ee7efa9718b74b30afa9be2397ad80f88031920806b6603b6469beede02b6e7a742abf5f82ebdd7c9b8e69c1ffe223e4860dc9581128 SHA512 9e4296326852010d5cebc204d1a34a34198d8d65460bc91a2bd37c80be892a5ae519513e4b0109e6b51b6faab0e171ef6cdae868868c158711558d147083c06f

diff --git a/dev-libs/openssl/openssl-1.0.2u.ebuild b/dev-libs/openssl/openssl-1.0.2u.ebuild
new file mode 100644
index 00000000000..a5f618bc77c
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2u.ebuild
@@ -0,0 +1,308 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+
+MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 25,
+# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)
+	!vanilla? (
+		mirror://gentoo/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+	)"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+		# $(use_ssl !bindist srp) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		eapply "${WORKDIR}"/patch/*.patch
+	fi
+
+	eapply_user
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	# this breaks build with 1.0.2p, not sure if it is needed anymore
+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist srp) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 V=1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake INSTALL_PREFIX="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
+	einstalldocs
+
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     9bfaeeddb9aa2667f3f72bce02b8af5a8c5fb43a
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun Dec  1 19:28:41 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun Dec  1 19:28:52 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bfaeedd

dev-libs/openssl: ebuild code simplification

Added sys-process/procps to BDEPEND because of sysctl usage

Package-Manager: Portage-2.3.80, Repoman-2.3.19
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r3.ebuild | 27 +++++++++++----------------
 1 file changed, 11 insertions(+), 16 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r3.ebuild b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild
index 932e1a155f5..774605b4bf1 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild
@@ -41,6 +41,7 @@ BDEPEND="
 	test? (
 		sys-apps/diffutils
 		sys-devel/bc
+		sys-process/procps
 	)"
 PDEPEND="app-misc/ca-certificates"
 
@@ -64,14 +65,12 @@ pkg_setup() {
 	[[ ${MERGE_TYPE} == binary ]] && return
 
 	# must check in pkg_setup; sysctl don't work with userpriv!
-	if has test ${FEATURES}; then
-		if use sctp; then
-			# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-			# if sctp.auth_enable is not enabled.
-			local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-			if [[ -z "${sctp_auth_status}" || ${sctp_auth_status} != 1 ]]; then
-				die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-			fi
+	if has test ${FEATURES} && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
 		fi
 	fi
 }
@@ -120,14 +119,10 @@ src_prepare() {
 
 	eapply_user #332661
 
-	if has test ${FEATURES}; then
-		if use sctp; then
-			if has network-sandbox ${FEATURES}; then
-				ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
-				rm test/recipes/80-test_ssl_new.t || die
-				eend $?
-			fi
-		fi
+	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
+		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+		rm test/recipes/80-test_ssl_new.t || die
+		eend $?
 	fi
 
 	# make sure the man pages are suffixed #302165

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     788cf647289416d1464bca4556f0207b8b07c390
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 27 08:26:19 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Nov 27 08:27:22 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=788cf647

dev-libs/openssl: move stable keywords

Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r2.ebuild | 331 ------------------------------
 dev-libs/openssl/openssl-1.1.1d-r3.ebuild |   2 +-
 2 files changed, 1 insertion(+), 332 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
deleted file mode 100644
index 4104fdaa8e1..00000000000
--- a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
+++ /dev/null
@@ -1,331 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-
-# This patch set is based on the following files from Fedora 31,
-# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
-# for more details:
-# - hobble-openssl (SOURCE1)
-# - ec_curve.c (SOURCE12) -- MODIFIED
-# - ectest.c (SOURCE13)
-# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
-BINDIST_PATCH_SET="openssl-1.1.1d-bindist-1.0.tar.xz"
-
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	bindist? (
-		mirror://gentoo/${BINDIST_PATCH_SET}
-		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
-	)"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-[[ "${PV}" = *_pre* ]] || \
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )
-	!test? ( test )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-	"${FILESDIR}"/${P}-fix-zlib.patch
-	"${FILESDIR}"/${P}-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch
-)
-
-S="${WORKDIR}/${MY_P}"
-
-# force upgrade to prevent broken login, bug 696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl don't work with userpriv!
-	if has test ${FEATURES}; then
-		if use sctp; then
-			# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-			# if sctp.auth_enable is not enabled.
-			local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-			if [[ -z "${sctp_auth_status}" || ${sctp_auth_status} != 1 ]]; then
-				die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-			fi
-		fi
-	fi
-}
-
-src_prepare() {
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	if use bindist; then
-		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
-		bash "${WORKDIR}"/hobble-openssl || die
-
-		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
-
-		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
-
-		local known_failing_test
-		for known_failing_test in \
-			30-test_evp_extra.t \
-			80-test_ssl_new.t \
-		; do
-			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
-			rm test/recipes/${known_failing_test} || die
-			eend $?
-		done
-
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user #332661
-
-	if has test ${FEATURES}; then
-		if use sctp; then
-			if has network-sandbox ${FEATURES}; then
-				ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
-				rm test/recipes/80-test_ssl_new.t || die
-				eend $?
-			fi
-		fi
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl sslv3 ssl3-method) \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.1d-r3.ebuild b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild
index 803db123632..932e1a155f5 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )
 	!test? ( test )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     14686da541d87634517d6f7fe659618469d0e3e9
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 25 00:40:50 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Nov 25 00:42:33 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=14686da5

dev-libs/openssl: add missing RESTRICT="!test? ( test )"

Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2t-r1.ebuild | 3 ++-
 dev-libs/openssl/openssl-1.1.0l.ebuild    | 3 ++-
 dev-libs/openssl/openssl-1.1.1d-r2.ebuild | 3 ++-
 dev-libs/openssl/openssl-1.1.1d-r3.ebuild | 3 ++-
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
index 53f5acad6ba..37ad94c9f5d 100644
--- a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
@@ -39,7 +39,8 @@ LICENSE="openssl"
 SLOT="0"
 KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
 	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )

diff --git a/dev-libs/openssl/openssl-1.1.0l.ebuild b/dev-libs/openssl/openssl-1.1.0l.ebuild
index deccd8443de..1d5afcf680c 100644
--- a/dev-libs/openssl/openssl-1.1.0l.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0l.ebuild
@@ -28,7 +28,8 @@ LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
 	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"

diff --git a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
index 1b8d0ea6945..4104fdaa8e1 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
@@ -29,7 +29,8 @@ SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
 KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
 	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"

diff --git a/dev-libs/openssl/openssl-1.1.1d-r3.ebuild b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild
index 977c384a375..803db123632 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild
@@ -29,7 +29,8 @@ SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
 	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Matt Turner]

commit:     b03fe86b0421dc362423822f28eeae1105627238
Author:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 10 23:05:30 2019 +0000
Commit:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Sun Nov 10 23:06:06 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b03fe86b

dev-libs/openssl: Allow eapply_user to modify gentoo.config

Signed-off-by: Matt Turner <mattst88 <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r2.ebuild | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
index 68fb0b3b5ad..1b8d0ea6945 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
@@ -75,6 +75,10 @@ pkg_setup() {
 }
 
 src_prepare() {
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
 	if use bindist; then
 		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
 		bash "${WORKDIR}"/hobble-openssl || die
@@ -142,10 +146,6 @@ src_prepare() {
 	# and 'make depend' uses -Werror for added fun (#417795 again)
 	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
 
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
 	append-flags -fno-strict-aliasing
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 	append-cppflags -DOPENSSL_NO_BUF_FREELISTS

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     babc6b8899cd5b64030ee4407575954592faf224
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 20 09:03:03 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Oct 20 09:03:03 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=babc6b88

dev-libs/openssl: arm stable wrt bug #696010

Package-Manager: Portage-2.3.76, Repoman-2.3.16
RepoMan-Options: --include-arches="arm"
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
index fc1574d1e2d..962c7d631e1 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     91aa40e1f03c130d374ab3a36f1e3e7491d01c26
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 20 09:03:25 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Oct 20 09:03:25 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91aa40e1

dev-libs/openssl: m68k stable wrt bug #696010

Package-Manager: Portage-2.3.76, Repoman-2.3.16
RepoMan-Options: --include-arches="m68k"
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
index 962c7d631e1..0ec232bd1b7 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     347f4cbf13df48648f691b68a1447c2f57396313
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 20 09:03:44 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Oct 20 09:03:44 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=347f4cbf

dev-libs/openssl: sh stable wrt bug #696010

Package-Manager: Portage-2.3.76, Repoman-2.3.16
RepoMan-Options: --include-arches="sh"
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
index 0ec232bd1b7..68fb0b3b5ad 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Matt Turner]

commit:     31448d4ddb6810f273bb307635bb800c213c2f97
Author:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 14 03:16:30 2019 +0000
Commit:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Mon Oct 14 03:31:22 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31448d4d

dev-libs/openssl-1.1.1d-r2: alpha stable, bug 696010

Signed-off-by: Matt Turner <mattst88 <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
index 2130482bcb9..fc1574d1e2d 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~x86-linux"
+KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     a8c6a4d74a7bb0ded1c6e7d1d53931794bb2172a
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Sat Oct 12 15:34:23 2019 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sat Oct 12 18:53:47 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8c6a4d7

dev-libs/openssl: stable 1.1.1d-r2 for hppa, bug #696010

Package-Manager: Portage-2.3.76, Repoman-2.3.16
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
index ef036614b14..2130482bcb9 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Aaron Bauman]

commit:     8fb5e419f69f65e077bc95d72689c3a391af5f0e
Author:     Aaron Bauman <bman <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 10 15:57:10 2019 +0000
Commit:     Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Thu Oct 10 15:57:10 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8fb5e419

dev-libs/openssl: arm64 stable (bug #696010)

Signed-off-by: Aaron Bauman <bman <AT> gentoo.org>
Package-Manager: Portage-2.3.76, Repoman-2.3.17

 dev-libs/openssl/openssl-1.1.1d-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
index a28990d986c..7eaa614c890 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     6c4ba2985bde46fad6274ba398c29e66bf15f8fe
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  9 08:27:24 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Oct  9 08:27:24 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c4ba298

dev-libs/openssl: sparc stable wrt bug #696010

Package-Manager: Portage-2.3.76, Repoman-2.3.16
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
index d717e1022e0..a28990d986c 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     9b5604bd5db88fd1b8c87fc3e32f46b20437523c
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  9 08:23:23 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Oct  9 08:23:23 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b5604bd

dev-libs/openssl: ppc64 stable wrt bug #696010

Package-Manager: Portage-2.3.76, Repoman-2.3.16
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
index aff2ff9e343..d717e1022e0 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ~ppc64 ~riscv s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     235fa004274ac60fdacf405efc7a88a9d0afc3a8
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  9 08:12:05 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Oct  9 08:12:05 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=235fa004

dev-libs/openssl: ppc stable wrt bug #696010

Package-Manager: Portage-2.3.76, Repoman-2.3.16
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
index 3ff2f47bbde..aff2ff9e343 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ~ppc64 ~riscv s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     3e5450cea62dc5bc913d68a05f9de96c76eb8fb9
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Oct  8 15:56:59 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Oct  8 15:56:59 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e5450ce

dev-libs/openssl: block incompatible net-misc/openssh versions

Bug: https://bugs.gentoo.org/696950
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 .../openssl/{openssl-1.1.1d-r1.ebuild => openssl-1.1.1d-r2.ebuild}     | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
similarity index 99%
rename from dev-libs/openssl/openssl-1.1.1d-r1.ebuild
rename to dev-libs/openssl/openssl-1.1.1d-r2.ebuild
index 2b1894650b9..3ff2f47bbde 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
@@ -51,6 +51,9 @@ PATCHES=(
 
 S="${WORKDIR}/${MY_P}"
 
+# force upgrade to prevent broken login, bug 696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
 MULTILIB_WRAPPED_HEADERS=(
 	usr/include/openssl/opensslconf.h
 )

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     3ee5fa613aea62f9351fd18ac1d0e7e9576eab04
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Oct  7 19:26:14 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Oct  7 19:26:14 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ee5fa61

dev-libs/openssl: ia64 stable wrt bug #696010

Package-Manager: Portage-2.3.76, Repoman-2.3.16
RepoMan-Options: --include-arches="ia64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
index 36f8426bfc8..2b1894650b9 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     df2d0972604ea526d265e4ff41415b8d0ac97317
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Oct  7 19:25:37 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Oct  7 19:25:37 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df2d0972

dev-libs/openssl: amd64 stable wrt bug #696010

Package-Manager: Portage-2.3.76, Repoman-2.3.16
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
index 1f57c4de0f2..36f8426bfc8 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     02af85f244920d14d9a097b799fa629dea7555a8
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Oct  7 07:28:33 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Oct  7 07:28:33 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=02af85f2

dev-libs/openssl: s390 stable wrt bug #696010

Package-Manager: Portage-2.3.76, Repoman-2.3.16
RepoMan-Options: --include-arches="s390"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
index 09612e3aa85..1f57c4de0f2 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     0924e25ab142f0e61d28e7f6fb6ab591ff5b78ff
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Oct  7 01:21:29 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Oct  7 01:21:55 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0924e25a

dev-libs/openssl: x86 stable (bug #696010)

Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
index e27061b9434..09612e3aa85 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
@@ -27,7 +27,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     472f2458fc5aa5209a454fd91643cb2a7ffdc869
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Oct  4 14:14:43 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Oct  4 15:48:16 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=472f2458

dev-libs/openssl: check pre requirements for USE=sctp

FEATURES=test and USE=sctp requires net.sctp.auth_enable=1 or
test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel".

Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r1.ebuild | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
index db1ec434fd7..1ddfa7ff16f 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
@@ -55,6 +55,22 @@ MULTILIB_WRAPPED_HEADERS=(
 	usr/include/openssl/opensslconf.h
 )
 
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl don't work with userpriv!
+	if has test ${FEATURES}; then
+		if use sctp; then
+			# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+			# if sctp.auth_enable is not enabled.
+			local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+			if [[ -z "${sctp_auth_status}" || ${sctp_auth_status} != 1 ]]; then
+				die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+			fi
+		fi
+	fi
+}
+
 src_prepare() {
 	if use bindist; then
 		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     3a74b0ebf01874bba7f299b7148ee03ed99531fb
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Oct  4 15:43:14 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Oct  4 15:48:17 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a74b0eb

dev-libs/openssl: test_ssl_new.t is known to fail with FEATURES=network-sandbox

Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d-r1.ebuild | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
index 1ddfa7ff16f..e27061b9434 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r1.ebuild
@@ -111,6 +111,16 @@ src_prepare() {
 
 	eapply_user #332661
 
+	if has test ${FEATURES}; then
+		if use sctp; then
+			if has network-sandbox ${FEATURES}; then
+				ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+				rm test/recipes/80-test_ssl_new.t || die
+				eend $?
+			fi
+		fi
+	fi
+
 	# make sure the man pages are suffixed #302165
 	# don't bother building man pages if they're disabled
 	# Make DOCDIR Gentoo compliant

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     3d99ea55293be1ceee8e535de7db09265b7c85ec
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Oct  1 19:38:36 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Oct  1 19:38:36 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d99ea55

dev-libs/openssl: security cleanup (#694162)

Bug: https://bugs.gentoo.org/694162
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest                 |  12 --
 dev-libs/openssl/openssl-1.0.2r.ebuild    | 309 -----------------------------
 dev-libs/openssl/openssl-1.0.2s-r2.ebuild | 318 ------------------------------
 dev-libs/openssl/openssl-1.1.0k-r1.ebuild | 300 ----------------------------
 dev-libs/openssl/openssl-1.1.1c-r1.ebuild | 296 ---------------------------
 5 files changed, 1235 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 14c6ce61047..e24a37051ac 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,19 +1,7 @@
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
-DIST openssl-1.0.2r.tar.gz 5348369 BLAKE2B 9f9c2d2fe6eaf9acacab29b394a318f30c38e831a5f9c193b2da660f9d04acbf407d8b752274783765416c0f5ba557c24ee293ad7fb7d727771db289e6acc901 SHA512 6eb2211f3ad56d7573ac26f388338592c37e5faaf5e2d44c0fa9062c12186e56a324f135d1c956a89b55fcce047e6428bec2756658d103e7275e08b46f741235
-DIST openssl-1.0.2r_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
-DIST openssl-1.0.2r_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
-DIST openssl-1.0.2r_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
-DIST openssl-1.0.2s.tar.gz 5349149 BLAKE2B 46c72dcceb5b473b129be0a895f3d6c25a24ee852a31dc369ccf0e44319259d8694d3571b8cb698efb8bce89dbe31f4fc9f82753cacb24cbd3d50fa2ab9b6e83 SHA512 9f745452c4f777df694158e95003cde78a2cf8199bc481a563ec36644664c3c1415a774779b9791dd18f2aeb57fa1721cb52b3db12d025955e970071d5b66d2a
-DIST openssl-1.0.2s_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
-DIST openssl-1.0.2s_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
-DIST openssl-1.0.2s_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
-DIST openssl-1.1.0k-bindist-1.0.tar.xz 11716 BLAKE2B c491ba0899c44dbcc63f85b255548c439c965a20a04ac2a6324a4122c4691b7c95ec18e62be6d708a7ea62ea197d32e5091987cb5043969878f89e5bc26243d4 SHA512 1d5bc9d7b24cf55d32d996e2421d43a1218b605720293f00d07814afb481387856f0dc000ad3c3e4cba2361055668cfe79a945be44ab85a249555f37e683a909
-DIST openssl-1.1.0k.tar.gz 5287321 BLAKE2B fce40a399f5a08d5fe183dfcaab11b211d982885fb9888b25fa41bdd9919ecd203fca6f573363cfb42c9a0776ae69ea50b0f144227a3f28ca0dbadf878d396bc SHA512 65f41a240a97d79504c0e1391fde8ac8692f0993437cdc35e4bc964ecc36e5ef75a62499c4c6cb4ce63f892135e06dba2d3594c8869d935554296fa3c6ccd822
 DIST openssl-1.1.0l-bindist-1.0.tar.xz 13184 BLAKE2B c09e023458faff17b10d6f20c28462c0851757a20d59b4b751220ab307324d5778252df112ad74fd319407cc75fdd1cd507d48058dd0234dc8c03020c882ed42 SHA512 39720ecee3ec6080c1416f2fb7c9246b89ee55b21be2baabad51eb6823dbe1559450b1ae92fa61ac1cf5ba04ac8c02438aa469bc65eae6905cf1ea486f270793
 DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e962487fbe72967f0392ace959955429192541881a98d097d7bb75ed7238b1817b0c3c2c4da04421512bd538f2b07cdd7 SHA512 81b74149f40ea7d9f7e235820a4f977844653ad1e2b302e65e712c12193f47542fe7e3385fd1e25e3dd074e4e6d04199836cbc492656f5a7692edab5e234f4ad
-DIST openssl-1.1.1c-bindist-1.0.tar.xz 11964 BLAKE2B 8c5190846d13984589a150089d329bb3ecc613788b9462c6f6a1833a040e21cb9bf940140449f09fd797c0e396b0aea073237be374bd16097795b8974c3e7ce5 SHA512 249c6d8c455130b98e3be635f12f323e0cc349f1770648bad591e5de15483917185a473c162ed871a2fa05b47056931e6f12e5fdd9cecee7e6d1c246b862923b
-DIST openssl-1.1.1c.tar.gz 8864262 BLAKE2B bd157b244bedcefb8e646a743732945119b267236789ac69c38856570318aca09299bdaaea3f20294863b633e6fd4dfe124820597185b3b7461cfdf094daadb0 SHA512 8e2c5cc11c120efbb7d7850980cb6eaa782d29b4996b3f3378d37613c1679f852d7cc08a90d62e78fcec3439f06bdbee70064579a8c2adaffd91532a97f646ff
 DIST openssl-1.1.1d-bindist-1.0.tar.xz 13180 BLAKE2B 680bd7400d3dd3930067ee7efa9718b74b30afa9be2397ad80f88031920806b6603b6469beede02b6e7a742abf5f82ebdd7c9b8e69c1ffe223e4860dc9581128 SHA512 9e4296326852010d5cebc204d1a34a34198d8d65460bc91a2bd37c80be892a5ae519513e4b0109e6b51b6faab0e171ef6cdae868868c158711558d147083c06f
 DIST openssl-1.1.1d.tar.gz 8845861 BLAKE2B d3155f07b487ebd8dd4fe25396c874f9af18b5cfd7e622298d29c4f2c8ce14ad4534609d321314a4bcd0d44414e1306190340daaacd3c8fca061c04498446244 SHA512 2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
deleted file mode 100644
index c14fecb318d..00000000000
--- a/dev-libs/openssl/openssl-1.0.2r.ebuild
+++ /dev/null
@@ -1,309 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-# openssl-1.0.2-patches-1.6 contain additional CVE patches
-# which got fixed with this release.
-# Please use 1.7 version number when rolling a new tarball!
-PATCH_SET="openssl-1.0.2-patches-1.5"
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	!vanilla? (
-		mirror://gentoo/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
-	)"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-# These are ported instead
-#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-#PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f25'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
-		for i in "${FEDORA_PATCH[@]}" ; do
-			eapply "${DISTDIR}"/"${i}"
-		done
-		eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-		# $(use_ssl !bindist srp) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${WORKDIR}"/patch/*.patch
-	fi
-
-	eapply_user
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	# this breaks build with 1.0.2p, not sure if it is needed anymore
-	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	# https://github.com/openssl/openssl/issues/2286
-	if use ia64 ; then
-		replace-flags -g3 -g2
-		replace-flags -ggdb3 -ggdb2
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		$(use_ssl !bindist srp) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX%/}"/usr \
-		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 V=1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED%/}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED%/}"/usr || die
-	fi
-
-	emake INSTALL_PREFIX="${D%/}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED%/}"/usr/bin/c_rehash || die
-
-	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
-	einstalldocs
-
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.0.2s-r2.ebuild b/dev-libs/openssl/openssl-1.0.2s-r2.ebuild
deleted file mode 100644
index fbf3c919b91..00000000000
--- a/dev-libs/openssl/openssl-1.0.2s-r2.ebuild
+++ /dev/null
@@ -1,318 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-# openssl-1.0.2-patches-1.6 contain additional CVE patches
-# which got fixed with this release.
-# Please use 1.7 version number when rolling a new tarball!
-PATCH_SET="openssl-1.0.2-patches-1.5"
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	!vanilla? (
-		mirror://gentoo/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
-	)"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-# These are ported instead
-#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-#PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f25'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
-		for i in "${FEDORA_PATCH[@]}" ; do
-			eapply "${DISTDIR}"/"${i}"
-		done
-		eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-		# $(use_ssl !bindist srp) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${WORKDIR}"/patch/*.patch
-	fi
-
-	eapply_user
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	# this breaks build with 1.0.2p, not sure if it is needed anymore
-	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	# https://github.com/openssl/openssl/issues/2286
-	if use ia64 ; then
-		replace-flags -g3 -g2
-		replace-flags -ggdb3 -ggdb2
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		$(use_ssl !bindist srp) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 V=1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
-	einstalldocs
-
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.0k-r1.ebuild b/dev-libs/openssl/openssl-1.1.0k-r1.ebuild
deleted file mode 100644
index 7bcd5d03e7e..00000000000
--- a/dev-libs/openssl/openssl-1.1.0k-r1.ebuild
+++ /dev/null
@@ -1,300 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-
-# This patch set is based on the following files from Fedora 31,
-# see https://src.fedoraproject.org/rpms/openssl/blob/f28/f/openssl.spec
-# for more details:
-# - hobble-openssl (SOURCE1)
-# - ec_curve.c (SOURCE12)
-# - ectest.c (SOURCE13)
-# - openssl-1.1.0-ec-curves.patch (PATCH37) -- MODIFIED
-BINDIST_PATCH_SET="openssl-1.1.0k-bindist-1.0.tar.xz"
-
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-	"${FILESDIR}"/${PN}-1.1.0k-fix-test_fuzz.patch
-)
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	if use bindist; then
-		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
-		bash "${WORKDIR}"/hobble-openssl || die
-
-		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
-
-		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
-
-		local known_failing_test
-		for known_failing_test in \
-			30-test_evp_extra.t \
-			80-test_ssl_new.t \
-		; do
-			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
-			rm test/recipes/${known_failing_test} || die
-			eend $?
-		done
-
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user #332661
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl sslv3 ssl3-method) \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.1c-r1.ebuild b/dev-libs/openssl/openssl-1.1.1c-r1.ebuild
deleted file mode 100644
index a3a0f2a2c06..00000000000
--- a/dev-libs/openssl/openssl-1.1.1c-r1.ebuild
+++ /dev/null
@@ -1,296 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-
-# This patch set is based on the following files from Fedora 31,
-# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
-# for more details:
-# - hobble-openssl (SOURCE1)
-# - ec_curve.c (SOURCE12)
-# - ectest.c (SOURCE13)
-# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
-BINDIST_PATCH_SET="openssl-1.1.1c-bindist-1.0.tar.xz"
-
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-[[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-)
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	if use bindist; then
-		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
-		bash "${WORKDIR}"/hobble-openssl || die
-
-		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
-
-		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
-
-		local known_failing_test
-		for known_failing_test in \
-			30-test_evp_extra.t \
-			80-test_ssl_new.t \
-		; do
-			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
-			rm test/recipes/${known_failing_test} || die
-			eend $?
-		done
-
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user #332661
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl sslv3 ssl3-method) \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED}"/usr || die
-	fi
-
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     c73656df4b2d217d438a6fb8a07d2894dd07e900
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Oct  1 19:36:03 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Oct  1 19:36:03 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c73656df

dev-libs/openssl: m68k/sh stable (#694162)

Bug: https://bugs.gentoo.org/694162
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2t-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
index eb39171323f..34ab82df81e 100644
--- a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Matt Turner]

commit:     93c3b787f1fa9c37eaec8c1389a47412dbfad0e7
Author:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 21 00:59:46 2019 +0000
Commit:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Sat Sep 21 01:01:31 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93c3b787

dev-libs/openssl-1.0.2t-r1: alpha stable, bug 694162

Signed-off-by: Matt Turner <mattst88 <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2t-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
index d8303c31ece..eb39171323f 100644
--- a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     b2420e2c07b3be4633375b787807d4174d559bc3
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 20 12:09:14 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Sep 20 12:09:14 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2420e2c

dev-libs/openssl: s390 stable wrt bug #694162

Package-Manager: Portage-2.3.69, Repoman-2.3.16
RepoMan-Options: --include-arches="s390"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2t-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
index dfadcd6c52c..d8303c31ece 100644
--- a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     77e5e841ec093364a8e947646588230bdc372cc4
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 16 22:00:10 2019 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Mon Sep 16 22:00:28 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77e5e841

dev-libs/openssl: stable 1.0.2t-r1 for ia64, bug #694162

Package-Manager: Portage-2.3.76, Repoman-2.3.17
RepoMan-Options: --include-arches="ia64"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2t-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
index 6dbbac432cd..dfadcd6c52c 100644
--- a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     a21ed49cf57d9a8111876fb49cdd6fc6afb8bd90
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 16 00:01:28 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Sep 16 00:06:17 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a21ed49c

dev-libs/openssl: restore Gentoo patch set

Patch set for 1.0.2x series were longer applied when ebuilds were
bumped to EAPI=7 and unified.

Fixes a039f65 ("dev-libs/openssl: bump to EAPI 7")
Closes: https://bugs.gentoo.org/694512
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 .../openssl/{openssl-1.0.2s-r1.ebuild => openssl-1.0.2s-r2.ebuild}    | 4 +---
 dev-libs/openssl/{openssl-1.0.2t.ebuild => openssl-1.0.2t-r1.ebuild}  | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2s-r1.ebuild b/dev-libs/openssl/openssl-1.0.2s-r2.ebuild
similarity index 98%
rename from dev-libs/openssl/openssl-1.0.2s-r1.ebuild
rename to dev-libs/openssl/openssl-1.0.2s-r2.ebuild
index b4902db7e53..fbf3c919b91 100644
--- a/dev-libs/openssl/openssl-1.0.2s-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2s-r2.ebuild
@@ -96,9 +96,7 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
+		eapply "${WORKDIR}"/patch/*.patch
 	fi
 
 	eapply_user

diff --git a/dev-libs/openssl/openssl-1.0.2t.ebuild b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
similarity index 98%
rename from dev-libs/openssl/openssl-1.0.2t.ebuild
rename to dev-libs/openssl/openssl-1.0.2t-r1.ebuild
index a778b483edc..6dbbac432cd 100644
--- a/dev-libs/openssl/openssl-1.0.2t.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
@@ -85,9 +85,7 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
+		eapply "${WORKDIR}"/patch/*.patch
 	fi
 
 	eapply_user

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     6c4711b3b966c2446f2f937d5bfd39d607060b78
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 23:49:36 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Sep 16 00:06:00 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c4711b3

Revert "dev-libs/openssl: filter load average"

This reverts commit 90be70aa64277dd6fe31c6dea00f7f6c913057ac.

Bug: https://bugs.gentoo.org/694512
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2t.ebuild | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2t.ebuild b/dev-libs/openssl/openssl-1.0.2t.ebuild
index bba4fd047bf..82daa9fab61 100644
--- a/dev-libs/openssl/openssl-1.0.2t.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t.ebuild
@@ -136,9 +136,6 @@ src_prepare() {
 		# bug 694512
 		einfo "Limiting parallel jobs to 6 ..."
 		export MAKEOPTS=-j6
-	else
-		# Filter load average
-		export MAKEOPTS=-j${make_jobs}
 	fi
 
 	multilib_copy_sources

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     4e8a7b0b3b8b702333424151528e2822488c74ad
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 23:50:28 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Sep 16 00:06:13 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e8a7b0b

Revert "dev-libs/openssl: limit parallel jobs"

This reverts commit 2f736482adecae6176bafb64906996c06bade0a3.

Bug: https://bugs.gentoo.org/694512
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2t.ebuild | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2t.ebuild b/dev-libs/openssl/openssl-1.0.2t.ebuild
index 82daa9fab61..a778b483edc 100644
--- a/dev-libs/openssl/openssl-1.0.2t.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t.ebuild
@@ -3,7 +3,7 @@
 
 EAPI="7"
 
-inherit flag-o-matic toolchain-funcs multiprocessing multilib multilib-minimal
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
 
 # openssl-1.0.2-patches-1.6 contain additional CVE patches
 # which got fixed with this release.
@@ -131,13 +131,6 @@ src_prepare() {
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
 	./config --test-sanity || die "I AM NOT SANE"
 
-	local make_jobs=$(makeopts_jobs)
-	if [[ ${make_jobs} -gt 6 ]] ; then
-		# bug 694512
-		einfo "Limiting parallel jobs to 6 ..."
-		export MAKEOPTS=-j6
-	fi
-
 	multilib_copy_sources
 }
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     90be70aa64277dd6fe31c6dea00f7f6c913057ac
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 20:37:37 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Sep 15 20:37:37 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90be70aa

dev-libs/openssl: filter load average

Bug: https://bugs.gentoo.org/694512
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2t.ebuild | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dev-libs/openssl/openssl-1.0.2t.ebuild b/dev-libs/openssl/openssl-1.0.2t.ebuild
index 82daa9fab61..bba4fd047bf 100644
--- a/dev-libs/openssl/openssl-1.0.2t.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t.ebuild
@@ -136,6 +136,9 @@ src_prepare() {
 		# bug 694512
 		einfo "Limiting parallel jobs to 6 ..."
 		export MAKEOPTS=-j6
+	else
+		# Filter load average
+		export MAKEOPTS=-j${make_jobs}
 	fi
 
 	multilib_copy_sources

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     2f736482adecae6176bafb64906996c06bade0a3
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 19:47:46 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Sep 15 20:28:00 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2f736482

dev-libs/openssl: limit parallel jobs

Closes: https://bugs.gentoo.org/694512
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2t.ebuild | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2t.ebuild b/dev-libs/openssl/openssl-1.0.2t.ebuild
index a778b483edc..82daa9fab61 100644
--- a/dev-libs/openssl/openssl-1.0.2t.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t.ebuild
@@ -3,7 +3,7 @@
 
 EAPI="7"
 
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+inherit flag-o-matic toolchain-funcs multiprocessing multilib multilib-minimal
 
 # openssl-1.0.2-patches-1.6 contain additional CVE patches
 # which got fixed with this release.
@@ -131,6 +131,13 @@ src_prepare() {
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
 	./config --test-sanity || die "I AM NOT SANE"
 
+	local make_jobs=$(makeopts_jobs)
+	if [[ ${make_jobs} -gt 6 ]] ; then
+		# bug 694512
+		einfo "Limiting parallel jobs to 6 ..."
+		export MAKEOPTS=-j6
+	fi
+
 	multilib_copy_sources
 }
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     25b8aa2cdf22eb6716f8f200dec7284d15ff6f2f
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 20:25:29 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Sep 15 20:28:01 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25b8aa2c

dev-libs/openssl: re-create openssl-1.1.0l-bindist-1.0.tar.xz tarball

Closes: https://bugs.gentoo.org/694516
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index d8247c8ece3..14c6ce61047 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -11,7 +11,7 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
 DIST openssl-1.1.0k-bindist-1.0.tar.xz 11716 BLAKE2B c491ba0899c44dbcc63f85b255548c439c965a20a04ac2a6324a4122c4691b7c95ec18e62be6d708a7ea62ea197d32e5091987cb5043969878f89e5bc26243d4 SHA512 1d5bc9d7b24cf55d32d996e2421d43a1218b605720293f00d07814afb481387856f0dc000ad3c3e4cba2361055668cfe79a945be44ab85a249555f37e683a909
 DIST openssl-1.1.0k.tar.gz 5287321 BLAKE2B fce40a399f5a08d5fe183dfcaab11b211d982885fb9888b25fa41bdd9919ecd203fca6f573363cfb42c9a0776ae69ea50b0f144227a3f28ca0dbadf878d396bc SHA512 65f41a240a97d79504c0e1391fde8ac8692f0993437cdc35e4bc964ecc36e5ef75a62499c4c6cb4ce63f892135e06dba2d3594c8869d935554296fa3c6ccd822
-DIST openssl-1.1.0l-bindist-1.0.tar.xz 13168 BLAKE2B 1fbd1f7bdba08f14e21485175232283c2309687021a526b4a132b676d7f9429577f8f14e180fb4f59ef24bc9c06873a6936e64559a901803a3f1d21453177b50 SHA512 f664a6876a2a9c7467bbc6a436593eb21cc6be51e08408657f34b67fa69cd6bece3cc65f60220d7e41f36b359b5299adf49a59ede7f8f738d6a31e29d2a49714
+DIST openssl-1.1.0l-bindist-1.0.tar.xz 13184 BLAKE2B c09e023458faff17b10d6f20c28462c0851757a20d59b4b751220ab307324d5778252df112ad74fd319407cc75fdd1cd507d48058dd0234dc8c03020c882ed42 SHA512 39720ecee3ec6080c1416f2fb7c9246b89ee55b21be2baabad51eb6823dbe1559450b1ae92fa61ac1cf5ba04ac8c02438aa469bc65eae6905cf1ea486f270793
 DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e962487fbe72967f0392ace959955429192541881a98d097d7bb75ed7238b1817b0c3c2c4da04421512bd538f2b07cdd7 SHA512 81b74149f40ea7d9f7e235820a4f977844653ad1e2b302e65e712c12193f47542fe7e3385fd1e25e3dd074e4e6d04199836cbc492656f5a7692edab5e234f4ad
 DIST openssl-1.1.1c-bindist-1.0.tar.xz 11964 BLAKE2B 8c5190846d13984589a150089d329bb3ecc613788b9462c6f6a1833a040e21cb9bf940140449f09fd797c0e396b0aea073237be374bd16097795b8974c3e7ce5 SHA512 249c6d8c455130b98e3be635f12f323e0cc349f1770648bad591e5de15483917185a473c162ed871a2fa05b47056931e6f12e5fdd9cecee7e6d1c246b862923b
 DIST openssl-1.1.1c.tar.gz 8864262 BLAKE2B bd157b244bedcefb8e646a743732945119b267236789ac69c38856570318aca09299bdaaea3f20294863b633e6fd4dfe124820597185b3b7461cfdf094daadb0 SHA512 8e2c5cc11c120efbb7d7850980cb6eaa782d29b4996b3f3378d37613c1679f852d7cc08a90d62e78fcec3439f06bdbee70064579a8c2adaffd91532a97f646ff

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Aaron Bauman]

commit:     4ad2e4e0559fd0ba70671ca2db547ee140cd4bf4
Author:     Aaron Bauman <bman <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 13 18:02:16 2019 +0000
Commit:     Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Fri Sep 13 18:02:16 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ad2e4e0

dev-libs/openssl: arm64 stable (bug #694162)

Signed-off-by: Aaron Bauman <bman <AT> gentoo.org>
Package-Manager: Portage-2.3.75, Repoman-2.3.17
RepoMan-Options: --include-arches="arm64"

 dev-libs/openssl/openssl-1.0.2t.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2t.ebuild b/dev-libs/openssl/openssl-1.0.2t.ebuild
index 8f8ab56f283..a778b483edc 100644
--- a/dev-libs/openssl/openssl-1.0.2t.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t.ebuild
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     7880738fc57845a1fed8c85f6b5e0de2e536a75a
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 13 17:37:26 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Fri Sep 13 17:37:26 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7880738f

dev-libs/openssl: arm stable wrt bug #694162

Package-Manager: Portage-2.3.69, Repoman-2.3.16
RepoMan-Options: --include-arches="arm"
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2t.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2t.ebuild b/dev-libs/openssl/openssl-1.0.2t.ebuild
index 90f695879aa..8f8ab56f283 100644
--- a/dev-libs/openssl/openssl-1.0.2t.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t.ebuild
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     8efd73bca2d8da95483ac41db1bb087b543a0507
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 13 12:15:31 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Fri Sep 13 12:15:31 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8efd73bc

dev-libs/openssl: amd64 stable wrt bug #694162

Package-Manager: Portage-2.3.69, Repoman-2.3.16
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2t.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2t.ebuild b/dev-libs/openssl/openssl-1.0.2t.ebuild
index 11d1067af86..90f695879aa 100644
--- a/dev-libs/openssl/openssl-1.0.2t.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t.ebuild
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     f23c8fec4900620896262ea3b0a4bb27975edb00
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 13 12:02:56 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Sep 13 12:02:56 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f23c8fec

dev-libs/openssl: ppc64 stable wrt bug #694162

Package-Manager: Portage-2.3.69, Repoman-2.3.16
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2t.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2t.ebuild b/dev-libs/openssl/openssl-1.0.2t.ebuild
index 321fe4faf06..11d1067af86 100644
--- a/dev-libs/openssl/openssl-1.0.2t.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t.ebuild
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     02409433599c2a27927059c64cd946c352ce9cf8
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 13 12:01:11 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Sep 13 12:01:11 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=02409433

dev-libs/openssl: ppc stable wrt bug #694162

Package-Manager: Portage-2.3.69, Repoman-2.3.16
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2t.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2t.ebuild b/dev-libs/openssl/openssl-1.0.2t.ebuild
index cbf7e2beb3e..321fe4faf06 100644
--- a/dev-libs/openssl/openssl-1.0.2t.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t.ebuild
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     684c3ac88c8453033750910ae35941f35631824e
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Fri Sep 13 05:40:56 2019 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Sep 13 06:20:39 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=684c3ac8

dev-libs/openssl: stable 1.0.2t for hppa/sparc, bug #694162

Package-Manager: Portage-2.3.69, Repoman-2.3.16
RepoMan-Options: --include-arches="hppa sparc"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2t.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2t.ebuild b/dev-libs/openssl/openssl-1.0.2t.ebuild
index eed1f5538d8..cbf7e2beb3e 100644
--- a/dev-libs/openssl/openssl-1.0.2t.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t.ebuild
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     8733ee603753c6298801cc382d870cfc448ef98d
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 12 23:52:59 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Sep 12 23:52:59 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8733ee60

dev-libs/openssl: x86 stable (bug #694162)

Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2t.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2t.ebuild b/dev-libs/openssl/openssl-1.0.2t.ebuild
index acd4d57924d..eed1f5538d8 100644
--- a/dev-libs/openssl/openssl-1.0.2t.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t.ebuild
@@ -37,7 +37,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     fa8c16d6739c91f31c4be97cf2bb7e49e7564c70
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 12 13:21:58 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Sep 12 13:40:27 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa8c16d6

dev-libs/openssl: bump to v1.0.2t

Package-Manager: Portage-2.3.75, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.0.2t.ebuild | 309 +++++++++++++++++++++++++++++++++
 2 files changed, 311 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index fd03dd1eb9b..d8247c8ece3 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -7,6 +7,8 @@ DIST openssl-1.0.2s.tar.gz 5349149 BLAKE2B 46c72dcceb5b473b129be0a895f3d6c25a24e
 DIST openssl-1.0.2s_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2s_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
 DIST openssl-1.0.2s_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
+DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
+DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
 DIST openssl-1.1.0k-bindist-1.0.tar.xz 11716 BLAKE2B c491ba0899c44dbcc63f85b255548c439c965a20a04ac2a6324a4122c4691b7c95ec18e62be6d708a7ea62ea197d32e5091987cb5043969878f89e5bc26243d4 SHA512 1d5bc9d7b24cf55d32d996e2421d43a1218b605720293f00d07814afb481387856f0dc000ad3c3e4cba2361055668cfe79a945be44ab85a249555f37e683a909
 DIST openssl-1.1.0k.tar.gz 5287321 BLAKE2B fce40a399f5a08d5fe183dfcaab11b211d982885fb9888b25fa41bdd9919ecd203fca6f573363cfb42c9a0776ae69ea50b0f144227a3f28ca0dbadf878d396bc SHA512 65f41a240a97d79504c0e1391fde8ac8692f0993437cdc35e4bc964ecc36e5ef75a62499c4c6cb4ce63f892135e06dba2d3594c8869d935554296fa3c6ccd822
 DIST openssl-1.1.0l-bindist-1.0.tar.xz 13168 BLAKE2B 1fbd1f7bdba08f14e21485175232283c2309687021a526b4a132b676d7f9429577f8f14e180fb4f59ef24bc9c06873a6936e64559a901803a3f1d21453177b50 SHA512 f664a6876a2a9c7467bbc6a436593eb21cc6be51e08408657f34b67fa69cd6bece3cc65f60220d7e41f36b359b5299adf49a59ede7f8f738d6a31e29d2a49714

diff --git a/dev-libs/openssl/openssl-1.0.2t.ebuild b/dev-libs/openssl/openssl-1.0.2t.ebuild
new file mode 100644
index 00000000000..acd4d57924d
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2t.ebuild
@@ -0,0 +1,309 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+
+MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 25,
+# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)
+	!vanilla? (
+		mirror://gentoo/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+	)"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+		# $(use_ssl !bindist srp) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	# this breaks build with 1.0.2p, not sure if it is needed anymore
+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist srp) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 V=1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake INSTALL_PREFIX="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
+	einstalldocs
+
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     c94f1af816ed016cda9c4dbddf396a7b6fb8840f
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 11 20:31:56 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Sep 11 20:32:15 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c94f1af8

dev-libs/openssl: fix SRC_URI

Package-Manager: Portage-2.3.75, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1d.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1d.ebuild b/dev-libs/openssl/openssl-1.1.1d.ebuild
index a81f6ca2647..dfb4be45e23 100644
--- a/dev-libs/openssl/openssl-1.1.1d.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d.ebuild
@@ -20,7 +20,7 @@ DESCRIPTION="full-strength general purpose cryptography library (including SSL a
 HOMEPAGE="https://www.openssl.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 	bindist? (
-		mirror://${BINDIST_PATCH_SET}
+		mirror://gentoo/${BINDIST_PATCH_SET}
 		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
 	)"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     db15db160de7f98bd19243abe8102cc4d2f2f39b
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 11 17:01:46 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Sep 11 19:53:09 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db15db16

dev-libs/openssl: bump to v1.1.1d

Package-Manager: Portage-2.3.75, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.1.1d.ebuild | 299 +++++++++++++++++++++++++++++++++
 2 files changed, 301 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 4322efaa3ab..c6474b63d35 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -11,3 +11,5 @@ DIST openssl-1.1.0k-bindist-1.0.tar.xz 11716 BLAKE2B c491ba0899c44dbcc63f85b2555
 DIST openssl-1.1.0k.tar.gz 5287321 BLAKE2B fce40a399f5a08d5fe183dfcaab11b211d982885fb9888b25fa41bdd9919ecd203fca6f573363cfb42c9a0776ae69ea50b0f144227a3f28ca0dbadf878d396bc SHA512 65f41a240a97d79504c0e1391fde8ac8692f0993437cdc35e4bc964ecc36e5ef75a62499c4c6cb4ce63f892135e06dba2d3594c8869d935554296fa3c6ccd822
 DIST openssl-1.1.1c-bindist-1.0.tar.xz 11964 BLAKE2B 8c5190846d13984589a150089d329bb3ecc613788b9462c6f6a1833a040e21cb9bf940140449f09fd797c0e396b0aea073237be374bd16097795b8974c3e7ce5 SHA512 249c6d8c455130b98e3be635f12f323e0cc349f1770648bad591e5de15483917185a473c162ed871a2fa05b47056931e6f12e5fdd9cecee7e6d1c246b862923b
 DIST openssl-1.1.1c.tar.gz 8864262 BLAKE2B bd157b244bedcefb8e646a743732945119b267236789ac69c38856570318aca09299bdaaea3f20294863b633e6fd4dfe124820597185b3b7461cfdf094daadb0 SHA512 8e2c5cc11c120efbb7d7850980cb6eaa782d29b4996b3f3378d37613c1679f852d7cc08a90d62e78fcec3439f06bdbee70064579a8c2adaffd91532a97f646ff
+DIST openssl-1.1.1d-bindist-1.0.tar.xz 13180 BLAKE2B 680bd7400d3dd3930067ee7efa9718b74b30afa9be2397ad80f88031920806b6603b6469beede02b6e7a742abf5f82ebdd7c9b8e69c1ffe223e4860dc9581128 SHA512 9e4296326852010d5cebc204d1a34a34198d8d65460bc91a2bd37c80be892a5ae519513e4b0109e6b51b6faab0e171ef6cdae868868c158711558d147083c06f
+DIST openssl-1.1.1d.tar.gz 8845861 BLAKE2B d3155f07b487ebd8dd4fe25396c874f9af18b5cfd7e622298d29c4f2c8ce14ad4534609d321314a4bcd0d44414e1306190340daaacd3c8fca061c04498446244 SHA512 2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7

diff --git a/dev-libs/openssl/openssl-1.1.1d.ebuild b/dev-libs/openssl/openssl-1.1.1d.ebuild
new file mode 100644
index 00000000000..a81f6ca2647
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1d.ebuild
@@ -0,0 +1,299 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 31,
+# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.1.1d-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+)
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		local known_failing_test
+		for known_failing_test in \
+			30-test_evp_extra.t \
+			80-test_ssl_new.t \
+		; do
+			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
+			rm test/recipes/${known_failing_test} || die
+			eend $?
+		done
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     ec4a218356d59e5d945eec8a3cf10aac09e203f2
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 23 19:01:17 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Aug 23 19:01:39 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec4a2183

dev-libs/openssl: drop libs-only ebuild

Was moved to dev-libs/openssl-compat.

Closes: https://github.com/gentoo/gentoo/pull/12773
Package-Manager: Portage-2.3.72, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2s-r200.ebuild | 258 ----------------------------
 1 file changed, 258 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2s-r200.ebuild b/dev-libs/openssl/openssl-1.0.2s-r200.ebuild
deleted file mode 100644
index 24f2b3a5663..00000000000
--- a/dev-libs/openssl/openssl-1.0.2s-r200.ebuild
+++ /dev/null
@@ -1,258 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-# openssl-1.0.2-patches-1.6 contain additional CVE patches
-# which got fixed with this release.
-# Please use 1.7 version number when rolling a new tarball!
-PATCH_SET="openssl-1.0.2-patches-1.5"
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	!vanilla? (
-		mirror://gentoo/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
-	)"
-
-LICENSE="openssl"
-SLOT="1.0.0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	!=dev-libs/openssl-1.0.2*:0"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-
-RESTRICT="test"
-
-# Do not install any docs
-DOCS=()
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-# These are ported instead
-#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-#PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f25'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
-		for i in "${FEDORA_PATCH[@]}" ; do
-			eapply "${DISTDIR}"/"${i}"
-		done
-		eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-		# $(use_ssl !bindist srp) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	# this breaks build with 1.0.2p, not sure if it is needed anymore
-	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	# https://github.com/openssl/openssl/issues/2286
-	if use ia64 ; then
-		replace-flags -g3 -g2
-		replace-flags -ggdb3 -ggdb2
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	CFLAGS= LDFLAGS= echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		$(use_ssl !bindist srp) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 V=1 depend
-	emake build_libs
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	dolib.so lib{crypto,ssl}.so.${SLOT}
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     975f55449d9ecbac24beb97081273946083168b4
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 23 17:44:30 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Aug 23 18:10:20 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=975f5544

dev-libs/openssl: don't destroy user flags

Thanks-to: Arfrever Frehtes Taifersar Arahesis <Arfrever <AT> Apache.Org>
Closes: https://bugs.gentoo.org/671016
Package-Manager: Portage-2.3.72, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2s-r1.ebuild   | 26 +++++++++++++++++---------
 dev-libs/openssl/openssl-1.0.2s-r200.ebuild | 26 +++++++++++++++++---------
 dev-libs/openssl/openssl-1.1.0k-r1.ebuild   | 22 ++++++++++++++--------
 dev-libs/openssl/openssl-1.1.1c-r1.ebuild   | 22 ++++++++++++++--------
 4 files changed, 62 insertions(+), 34 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2s-r1.ebuild b/dev-libs/openssl/openssl-1.0.2s-r1.ebuild
index a2cb9f7917e..b4902db7e53 100644
--- a/dev-libs/openssl/openssl-1.0.2s-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2s-r1.ebuild
@@ -187,7 +187,9 @@ multilib_src_configure() {
 	[[ -z ${sslout} ]] && config="config"
 
 	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
-	echoit \
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
 	./${config} \
 		${sslout} \
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
@@ -216,17 +218,23 @@ multilib_src_configure() {
 		|| die
 
 	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
 		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
 	)
+
+	# Now insert clean default flags with user flags
 	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
 		Makefile || die
 }
 

diff --git a/dev-libs/openssl/openssl-1.0.2s-r200.ebuild b/dev-libs/openssl/openssl-1.0.2s-r200.ebuild
index 281b169b64b..24f2b3a5663 100644
--- a/dev-libs/openssl/openssl-1.0.2s-r200.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2s-r200.ebuild
@@ -191,7 +191,9 @@ multilib_src_configure() {
 	[[ -z ${sslout} ]] && config="config"
 
 	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
-	echoit \
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
 	./${config} \
 		${sslout} \
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
@@ -220,17 +222,23 @@ multilib_src_configure() {
 		|| die
 
 	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
 		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
 	)
+
+	# Now insert clean default flags with user flags
 	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
 		Makefile || die
 }
 

diff --git a/dev-libs/openssl/openssl-1.1.0k-r1.ebuild b/dev-libs/openssl/openssl-1.1.0k-r1.ebuild
index 937d3b7ed11..7bcd5d03e7e 100644
--- a/dev-libs/openssl/openssl-1.1.0k-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0k-r1.ebuild
@@ -176,7 +176,9 @@ multilib_src_configure() {
 	# 'srp' was restricted until early 2017 as well.
 	# "disable-deprecated" option breaks too many consumers.
 	# Don't set it without thorough revdeps testing.
-	echoit \
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
 	./${config} \
 		${sslout} \
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
@@ -203,16 +205,20 @@ multilib_src_configure() {
 		|| die
 
 	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
 	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
 		-e 's:^CFLAGS=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
 	)
+
+	# Now insert clean default flags with user flags
 	sed -i \
 		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
 		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \

diff --git a/dev-libs/openssl/openssl-1.1.1c-r1.ebuild b/dev-libs/openssl/openssl-1.1.1c-r1.ebuild
index 683c5707566..a3a0f2a2c06 100644
--- a/dev-libs/openssl/openssl-1.1.1c-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1c-r1.ebuild
@@ -172,7 +172,9 @@ multilib_src_configure() {
 	# 'srp' was restricted until early 2017 as well.
 	# "disable-deprecated" option breaks too many consumers.
 	# Don't set it without thorough revdeps testing.
-	echoit \
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
 	./${config} \
 		${sslout} \
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
@@ -199,16 +201,20 @@ multilib_src_configure() {
 		|| die
 
 	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
 	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
 		-e 's:^CFLAGS=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
 	)
+
+	# Now insert clean default flags with user flags
 	sed -i \
 		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
 		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     4e35a9430566547f4abd646a92718325311ba5c3
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 23 17:39:44 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Aug 23 18:10:19 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e35a943

dev-libs/openssl: synchronize v1.1.0x with v1.1.1x

Backport commit 604d5b3e0de296fc6fa6f05007b196f9860974e6.

Package-Manager: Portage-2.3.72, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest                          |  4 +-
 dev-libs/openssl/openssl-1.1.0k-r1.ebuild          | 78 +++++++++-------------
 ...nssl-1.1.1c.ebuild => openssl-1.1.1c-r1.ebuild} |  7 +-
 3 files changed, 36 insertions(+), 53 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 321134adc24..5f6b9b90602 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -13,10 +13,8 @@ DIST openssl-1.1.0j.tar.gz 5411919 BLAKE2B 0fbd936f38d30b64bea717a67cd59704c5ce4
 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.0k-bindist-1.0.tar.xz 11716 BLAKE2B c491ba0899c44dbcc63f85b255548c439c965a20a04ac2a6324a4122c4691b7c95ec18e62be6d708a7ea62ea197d32e5091987cb5043969878f89e5bc26243d4 SHA512 1d5bc9d7b24cf55d32d996e2421d43a1218b605720293f00d07814afb481387856f0dc000ad3c3e4cba2361055668cfe79a945be44ab85a249555f37e683a909
 DIST openssl-1.1.0k.tar.gz 5287321 BLAKE2B fce40a399f5a08d5fe183dfcaab11b211d982885fb9888b25fa41bdd9919ecd203fca6f573363cfb42c9a0776ae69ea50b0f144227a3f28ca0dbadf878d396bc SHA512 65f41a240a97d79504c0e1391fde8ac8692f0993437cdc35e4bc964ecc36e5ef75a62499c4c6cb4ce63f892135e06dba2d3594c8869d935554296fa3c6ccd822
-DIST openssl-1.1.0k_d2ede125556ac99aa0faa7744c703af3f559094e_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
-DIST openssl-1.1.0k_d2ede125556ac99aa0faa7744c703af3f559094e_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
-DIST openssl-1.1.0k_d2ede125556ac99aa0faa7744c703af3f559094e_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
 DIST openssl-1.1.1-ec-curves.patch 7265 BLAKE2B 04725d226c430132cf54afbfaa30a82f8f8bbfd3608823d1d0cd42c3c13f417e90762759da3134d7b0c4373e531925db337b681340f2f284cb2f16a4caef22e3 SHA512 de4d0f1635740c57217836a476c420141c0d34a5f90cbf7957aed7a80e7ac9ca036de2d8448e6bf4c122999e308730575899f61cea6e51ab6825dd04890d75a1
 DIST openssl-1.1.1b.tar.gz 8213737 BLAKE2B 7ad9da9548052e2a033a684038f97c420cfffd57994604bcb3fa12640796c8c0aea3d24fb05648ee4940fbec40b81462e81c353da5a41a2575c0585d9718eae8 SHA512 b54025fbb4fe264466f3b0d762aad4be45bd23cd48bdb26d901d4c41a40bfd776177e02230995ab181a695435039dbad313f4b9a563239a70807a2e19ecf045d
 DIST openssl-1.1.1b_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415

diff --git a/dev-libs/openssl/openssl-1.1.0k-r1.ebuild b/dev-libs/openssl/openssl-1.1.0k-r1.ebuild
index f8ee7f73587..937d3b7ed11 100644
--- a/dev-libs/openssl/openssl-1.1.0k-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0k-r1.ebuild
@@ -6,14 +6,25 @@ EAPI="7"
 inherit flag-o-matic toolchain-funcs multilib multilib-minimal
 
 MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 31,
+# see https://src.fedoraproject.org/rpms/openssl/blob/f28/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12)
+# - ectest.c (SOURCE13)
+# - openssl-1.1.0-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.1.0k-bindist-1.0.tar.xz"
+
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
 HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )"
 
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
@@ -28,28 +39,6 @@ BDEPEND="
 	)"
 PDEPEND="app-misc/ca-certificates"
 
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f28'
-FEDORA_GIT_COMMIT="d2ede125556ac99aa0faa7744c703af3f559094e"
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${P}_${FEDORA_GIT_COMMIT}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${i%.patch}_${FEDORA_GIT_COMMIT}.patch" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
 PATCHES=(
 	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
 	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
@@ -64,34 +53,29 @@ MULTILIB_WRAPPED_HEADERS=(
 
 src_prepare() {
 	if use bindist; then
-		# we need to patch the patch but we cannot patch in DISTDIR...
-		mkdir "${WORKDIR}"/fedora_patches || die
-		for i in "${FEDORA_PATCH[@]}" ; do
-			cp "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch" "${WORKDIR}"/fedora_patches || die
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		local known_failing_test
+		for known_failing_test in \
+			30-test_evp_extra.t \
+			80-test_ssl_new.t \
+		; do
+			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
+			rm test/recipes/${known_failing_test} || die
+			eend $?
 		done
 
-		# now patch the path, due to OpenSSL change cb193560e0da17a41b40ce574a2349f1d4d59ed1
-		sed -i -e 's#test/evptests.txt#test/recipes/30-test_evp_data/evppkey.txt#g' \
-			"${WORKDIR}"/fedora_patches/openssl-1.1.0-build_d2ede125556ac99aa0faa7744c703af3f559094e.patch || \
-			die
-
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${FEDORA_GIT_COMMIT}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
-		for i in "${FEDORA_PATCH[@]}" ; do
-			#eapply "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch"
-			eapply "${WORKDIR}/fedora_patches/${i%.patch}_${FEDORA_GIT_COMMIT}.patch"
-		done
 		# Also see the configure parts below:
 		# enable-ec \
 		# $(use_ssl !bindist ec2m) \
-
 	fi
+
 	# keep this in sync with app-misc/c_rehash
 	SSL_CNF_DIR="/etc/ssl"
 
@@ -205,6 +189,8 @@ multilib_src_configure() {
 		enable-idea \
 		enable-mdc2 \
 		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
 		$(use_ssl asm) \
 		$(use_ssl rfc3779) \
 		$(use_ssl sctp) \

diff --git a/dev-libs/openssl/openssl-1.1.1c.ebuild b/dev-libs/openssl/openssl-1.1.1c-r1.ebuild
similarity index 98%
rename from dev-libs/openssl/openssl-1.1.1c.ebuild
rename to dev-libs/openssl/openssl-1.1.1c-r1.ebuild
index 1071017acce..683c5707566 100644
--- a/dev-libs/openssl/openssl-1.1.1c.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1c-r1.ebuild
@@ -1,7 +1,7 @@
 # Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=7
+EAPI="7"
 
 inherit flag-o-matic toolchain-funcs multilib multilib-minimal
 
@@ -18,7 +18,8 @@ BINDIST_PATCH_SET="openssl-1.1.1c-bindist-1.0.tar.xz"
 
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
 HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )"
 
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
@@ -43,8 +44,6 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
 )
 
-SRC_URI+=" bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )"
-
 S="${WORKDIR}/${MY_P}"
 
 MULTILIB_WRAPPED_HEADERS=(

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     a039f65bedc72889219d1fdd46d18a88949355c0
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 23 17:31:22 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Aug 23 18:10:17 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a039f65b

dev-libs/openssl: bump to EAPI 7

Package-Manager: Portage-2.3.72, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 ...nssl-1.0.2s.ebuild => openssl-1.0.2s-r1.ebuild} | 35 ++++++++++----------
 dev-libs/openssl/openssl-1.0.2s-r200.ebuild        | 26 ++++++++-------
 ...nssl-1.1.0k.ebuild => openssl-1.1.0k-r1.ebuild} | 37 ++++++++++++++--------
 3 files changed, 56 insertions(+), 42 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2s.ebuild b/dev-libs/openssl/openssl-1.0.2s-r1.ebuild
similarity index 92%
rename from dev-libs/openssl/openssl-1.0.2s.ebuild
rename to dev-libs/openssl/openssl-1.0.2s-r1.ebuild
index 57280189ad1..a2cb9f7917e 100644
--- a/dev-libs/openssl/openssl-1.0.2s.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2s-r1.ebuild
@@ -1,9 +1,9 @@
 # Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI="6"
+EAPI="7"
 
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
 
 # openssl-1.0.2-patches-1.6 contain additional CVE patches
 # which got fixed with this release.
@@ -28,9 +28,10 @@ RESTRICT="!bindist? ( bindist )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
 	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
 	>=dev-lang/perl-5
 	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
 	test? (
@@ -95,7 +96,9 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		eapply "${WORKDIR}"/patch/*.patch
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
 	fi
 
 	eapply_user
@@ -109,7 +112,7 @@ src_prepare() {
 		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
 		-e $(has noman FEATURES \
 			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
 		Makefile.org \
 		|| die
 	# show the actual commands in the log
@@ -134,7 +137,7 @@ src_prepare() {
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
 
-	sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
 	# The config script does stupid stuff to prompt the user.  Kill it.
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
 	./config --test-sanity || die "I AM NOT SANE"
@@ -206,8 +209,8 @@ multilib_src_configure() {
 		$(use_ssl sslv3 ssl3) \
 		$(use_ssl tls-heartbeat heartbeats) \
 		$(use_ssl zlib) \
-		--prefix="${EPREFIX%/}"/usr \
-		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
 		--libdir=$(get_libdir) \
 		shared threads \
 		|| die
@@ -243,18 +246,18 @@ multilib_src_test() {
 
 multilib_src_install() {
 	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED%/}/usr" ]]; then
+	if [[ ! -d "${ED}/usr" ]]; then
 		# We can only create this directory once
-		mkdir "${ED%/}"/usr || die
+		mkdir "${ED}"/usr || die
 	fi
 
-	emake INSTALL_PREFIX="${D%/}" install
+	emake INSTALL_PREFIX="${D}" install
 }
 
 multilib_src_install_all() {
 	# openssl installs perl version of c_rehash by default, but
 	# we provide a shell version via app-misc/c_rehash
-	rm "${ED%/}"/usr/bin/c_rehash || die
+	rm "${ED}"/usr/bin/c_rehash || die
 
 	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
 	einstalldocs
@@ -303,7 +306,7 @@ multilib_src_install_all() {
 }
 
 pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
 	eend $?
 }

diff --git a/dev-libs/openssl/openssl-1.0.2s-r200.ebuild b/dev-libs/openssl/openssl-1.0.2s-r200.ebuild
index 44b9547d141..281b169b64b 100644
--- a/dev-libs/openssl/openssl-1.0.2s-r200.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2s-r200.ebuild
@@ -1,9 +1,9 @@
 # Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI="6"
+EAPI="7"
 
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
 
 # openssl-1.0.2-patches-1.6 contain additional CVE patches
 # which got fixed with this release.
@@ -22,16 +22,16 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="1.0.0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 	!=dev-libs/openssl-1.0.2*:0"
-DEPEND="${RDEPEND}
+DEPEND="${RDEPEND}"
+BDEPEND="
 	>=dev-lang/perl-5
 	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
 	test? (
@@ -100,7 +100,9 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		eapply "${WORKDIR}"/patch/*.patch
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
 	fi
 
 	eapply_user
@@ -114,7 +116,7 @@ src_prepare() {
 		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
 		-e $(has noman FEATURES \
 			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
 		Makefile.org \
 		|| die
 	# show the actual commands in the log
@@ -139,7 +141,7 @@ src_prepare() {
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
 
-	sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
 	# The config script does stupid stuff to prompt the user.  Kill it.
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
 	./config --test-sanity || die "I AM NOT SANE"
@@ -211,8 +213,8 @@ multilib_src_configure() {
 		$(use_ssl sslv3 ssl3) \
 		$(use_ssl tls-heartbeat heartbeats) \
 		$(use_ssl zlib) \
-		--prefix="${EPREFIX%/}"/usr \
-		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
 		--libdir=$(get_libdir) \
 		shared threads \
 		|| die

diff --git a/dev-libs/openssl/openssl-1.1.0k.ebuild b/dev-libs/openssl/openssl-1.1.0k-r1.ebuild
similarity index 93%
rename from dev-libs/openssl/openssl-1.1.0k.ebuild
rename to dev-libs/openssl/openssl-1.1.0k-r1.ebuild
index f5af55a9879..5bc111be0f8 100644
--- a/dev-libs/openssl/openssl-1.1.0k.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0k-r1.ebuild
@@ -1,7 +1,7 @@
 # Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI="6"
+EAPI="7"
 
 inherit flag-o-matic toolchain-funcs multilib multilib-minimal
 
@@ -18,7 +18,8 @@ RESTRICT="!bindist? ( bindist )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
 	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
+DEPEND="${RDEPEND}"
+BDEPEND="
 	>=dev-lang/perl-5
 	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
 	test? (
@@ -49,17 +50,17 @@ for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
 done
 SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
 
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+)
+
 S="${WORKDIR}/${MY_P}"
 
 MULTILIB_WRAPPED_HEADERS=(
 	usr/include/openssl/opensslconf.h
 )
 
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-)
-
 src_prepare() {
 	if use bindist; then
 		# we need to patch the patch but we cannot patch in DISTDIR...
@@ -98,7 +99,9 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		eapply "${PATCHES[@]}"
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
 	fi
 
 	eapply_user #332661
@@ -241,13 +244,19 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
 	emake DESTDIR="${D}" install
 }
 
 multilib_src_install_all() {
 	# openssl installs perl version of c_rehash by default, but
 	# we provide a shell version via app-misc/c_rehash
-	rm "${ED%/}"/usr/bin/c_rehash || die
+	rm "${ED}"/usr/bin/c_rehash || die
 
 	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
 
@@ -256,13 +265,13 @@ multilib_src_install_all() {
 	# build system: the static archives are built as PIC all the time.
 	# Only way around this would be to manually configure+compile openssl
 	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
 
 	# create the certs directory
 	keepdir ${SSL_CNF_DIR}/certs
 
 	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED%/}"/usr/share/man || die
+	cd "${ED}"/usr/share/man || die
 	local m d s
 	for m in $(find . -type f | xargs grep -L '#include') ; do
 		d=${m%/*} ; d=${d#./} ; m=${m##*/}
@@ -285,14 +294,14 @@ multilib_src_install_all() {
 	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
 
 	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
 
 	diropts -m0700
 	keepdir ${SSL_CNF_DIR}/private
 }
 
 pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
 	eend $?
 }

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     604d5b3e0de296fc6fa6f05007b196f9860974e6
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 21 22:23:36 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Aug 21 22:24:58 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=604d5b3e

dev-libs/openssl: fix USE=bindist

Patches from upstream are out-of-date and don't apply against openssl-1.1.1c.
Instead of patching a patch it's easier to maintain our own patch set.

Closes: https://bugs.gentoo.org/692678
Package-Manager: Portage-2.3.72, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest              |  4 +--
 dev-libs/openssl/openssl-1.1.1c.ebuild | 62 +++++++++++++++-------------------
 2 files changed, 28 insertions(+), 38 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index ae40847f77d..321134adc24 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -22,7 +22,5 @@ DIST openssl-1.1.1b.tar.gz 8213737 BLAKE2B 7ad9da9548052e2a033a684038f97c420cfff
 DIST openssl-1.1.1b_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415
 DIST openssl-1.1.1b_ectest.c 35091 BLAKE2B a9602255ab529751c2af2419206ce113f03f93b7b776691ea2ec550f26ddbecd241844bb81dc86988fdbb1c0a587318f82ce4faecba1a6142a19cf08d40fb2c5 SHA512 7813d9b6b7ab62119a7f2dd5431c17c5839f4c320ac7071b0714c9b8528bda5fda779dbb263328dca6ee8446e9fa09c663da659c9a82832a65cf53d1cd8a4cef
 DIST openssl-1.1.1b_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.1c-bindist-1.0.tar.xz 11964 BLAKE2B 8c5190846d13984589a150089d329bb3ecc613788b9462c6f6a1833a040e21cb9bf940140449f09fd797c0e396b0aea073237be374bd16097795b8974c3e7ce5 SHA512 249c6d8c455130b98e3be635f12f323e0cc349f1770648bad591e5de15483917185a473c162ed871a2fa05b47056931e6f12e5fdd9cecee7e6d1c246b862923b
 DIST openssl-1.1.1c.tar.gz 8864262 BLAKE2B bd157b244bedcefb8e646a743732945119b267236789ac69c38856570318aca09299bdaaea3f20294863b633e6fd4dfe124820597185b3b7461cfdf094daadb0 SHA512 8e2c5cc11c120efbb7d7850980cb6eaa782d29b4996b3f3378d37613c1679f852d7cc08a90d62e78fcec3439f06bdbee70064579a8c2adaffd91532a97f646ff
-DIST openssl-1.1.1c_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415
-DIST openssl-1.1.1c_ectest.c 35091 BLAKE2B a9602255ab529751c2af2419206ce113f03f93b7b776691ea2ec550f26ddbecd241844bb81dc86988fdbb1c0a587318f82ce4faecba1a6142a19cf08d40fb2c5 SHA512 7813d9b6b7ab62119a7f2dd5431c17c5839f4c320ac7071b0714c9b8528bda5fda779dbb263328dca6ee8446e9fa09c663da659c9a82832a65cf53d1cd8a4cef
-DIST openssl-1.1.1c_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826

diff --git a/dev-libs/openssl/openssl-1.1.1c.ebuild b/dev-libs/openssl/openssl-1.1.1c.ebuild
index b189b395c98..1071017acce 100644
--- a/dev-libs/openssl/openssl-1.1.1c.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1c.ebuild
@@ -6,6 +6,16 @@ EAPI=7
 inherit flag-o-matic toolchain-funcs multilib multilib-minimal
 
 MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 31,
+# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12)
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.1.1c-bindist-1.0.tar.xz"
+
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
 HOMEPAGE="https://www.openssl.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
@@ -33,25 +43,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
 )
 
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-PATCH37=openssl-1.1.1-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f29'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( ${SOURCE1} ${SOURCE12} ${SOURCE13} )
-FEDORA_PATCH=( ${PATCH37} )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+SRC_URI+=" bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )"
 
 S="${WORKDIR}/${MY_P}"
 
@@ -61,27 +53,27 @@ MULTILIB_WRAPPED_HEADERS=(
 
 src_prepare() {
 	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		local known_failing_test
+		for known_failing_test in \
+			30-test_evp_extra.t \
+			80-test_ssl_new.t \
+		; do
+			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
+			rm test/recipes/${known_failing_test} || die
+			eend $?
 		done
 
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
-		for i in "${FEDORA_PATCH[@]}" ; do
-			if [[ "${i}" == "${PATCH37}" ]] ; then
-				# apply our own for OpenSSL 1.1.1b adjusted version of this patch
-				eapply "${FILESDIR}"/openssl-1.1.1b-ec-curves-patch.patch
-			else
-				eapply "${DISTDIR}"/"${i}"
-			fi
-		done
 		# Also see the configure parts below:
 		# enable-ec \
 		# $(use_ssl !bindist ec2m) \
-
 	fi
 
 	# keep this in sync with app-misc/c_rehash

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Alexis Ballier]

commit:     19cdf7fb8415559e6c5a635414cc2d5695e64ac3
Author:     Alexis Ballier <aballier <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 19 15:57:39 2019 +0000
Commit:     Alexis Ballier <aballier <AT> gentoo <DOT> org>
CommitDate: Mon Aug 19 16:40:59 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19cdf7fb

dev-libs/openssl: use BDEPEND for eapi7.

This avoids pulling perl & co for nothing in target images.

Package-Manager: Portage-2.3.71, Repoman-2.3.17
Signed-off-by: Alexis Ballier <aballier <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.1c.ebuild | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.1c.ebuild b/dev-libs/openssl/openssl-1.1.1c.ebuild
index f4e635b13b6..b189b395c98 100644
--- a/dev-libs/openssl/openssl-1.1.1c.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1c.ebuild
@@ -19,7 +19,8 @@ RESTRICT="!bindist? ( bindist )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
 	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
+DEPEND="${RDEPEND}"
+BDEPEND="
 	>=dev-lang/perl-5
 	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
 	test? (

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     004c15696dd6004b9cf8dd4238a05d5569ef8dde
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed May 29 11:59:09 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed May 29 12:04:21 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=004c1569

dev-libs/openssl: Bump to versions 1.0.2s, 1.1.0k and 1.1.1c

Package-Manager: Portage-2.3.67, Repoman-2.3.13
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl/Manifest                   |  12 ++
 dev-libs/openssl/openssl-1.0.2s-r200.ebuild | 248 ++++++++++++++++++++++
 dev-libs/openssl/openssl-1.0.2s.ebuild      | 309 ++++++++++++++++++++++++++++
 dev-libs/openssl/openssl-1.1.0k.ebuild      | 298 +++++++++++++++++++++++++++
 dev-libs/openssl/openssl-1.1.1c.ebuild      | 298 +++++++++++++++++++++++++++
 5 files changed, 1165 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 2d49947a80c..26e97789fde 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -4,14 +4,26 @@ DIST openssl-1.0.2r.tar.gz 5348369 BLAKE2B 9f9c2d2fe6eaf9acacab29b394a318f30c38e
 DIST openssl-1.0.2r_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2r_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
 DIST openssl-1.0.2r_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
+DIST openssl-1.0.2s.tar.gz 5349149 BLAKE2B 46c72dcceb5b473b129be0a895f3d6c25a24ee852a31dc369ccf0e44319259d8694d3571b8cb698efb8bce89dbe31f4fc9f82753cacb24cbd3d50fa2ab9b6e83 SHA512 9f745452c4f777df694158e95003cde78a2cf8199bc481a563ec36644664c3c1415a774779b9791dd18f2aeb57fa1721cb52b3db12d025955e970071d5b66d2a
+DIST openssl-1.0.2s_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
+DIST openssl-1.0.2s_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
+DIST openssl-1.0.2s_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
 DIST openssl-1.1.0-build_d2ede125556ac99aa0faa7744c703af3f559094e.patch 3001 BLAKE2B 8f0ac4be6409b4ec50bec171697da2aebe2688e8ae06bd0dfac8b0c74661d38ebeb0a12bde0ef941b213eee9b85965262213b140636060285dcfb02a3bd14961 SHA512 ec6710e9669ac19e4c6f1286c89a383e7d276a773a2740037f98a8f2dbf18305614e7d30d9ed530923a0e7d10a3776fea2ca77229adc25df13ecad55589a3673
 DIST openssl-1.1.0-ec-curves_d2ede125556ac99aa0faa7744c703af3f559094e.patch 5311 BLAKE2B e9ec985adf6f13eb04412158a05da7cbe10be7d64bce73b899152ea379336ece7b7069089ef46993ac301ef850fd46fd0352898e249b2ea9fff5baf20896e5b5 SHA512 c38c4b05195f2b323a07efd8d17335ba2a168a16a59d7941da36568081f1c043da8d2216b7084b0617963635ded9bafeee736ecddbfa251cf0a02e4cba64cdc8
 DIST openssl-1.1.0j.tar.gz 5411919 BLAKE2B 0fbd936f38d30b64bea717a67cd59704c5ce44ee19f377a820f89ba66b9e0a7509cf39e0fb00c104ae6440a6bd811e388239b458ffe685d8601235bab2afb2f1 SHA512 e7d30951ebb3cbcb6d59e3eb40f64f5a84634b7f5c380a588d378973f1c415395e3ab71a9aaff6478a89ec6efcc88f17f1882c99c25dcd18165f1435a51e5768
 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.0k.tar.gz 5287321 BLAKE2B fce40a399f5a08d5fe183dfcaab11b211d982885fb9888b25fa41bdd9919ecd203fca6f573363cfb42c9a0776ae69ea50b0f144227a3f28ca0dbadf878d396bc SHA512 65f41a240a97d79504c0e1391fde8ac8692f0993437cdc35e4bc964ecc36e5ef75a62499c4c6cb4ce63f892135e06dba2d3594c8869d935554296fa3c6ccd822
+DIST openssl-1.1.0k_d2ede125556ac99aa0faa7744c703af3f559094e_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
+DIST openssl-1.1.0k_d2ede125556ac99aa0faa7744c703af3f559094e_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
+DIST openssl-1.1.0k_d2ede125556ac99aa0faa7744c703af3f559094e_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
 DIST openssl-1.1.1-ec-curves.patch 7265 BLAKE2B 04725d226c430132cf54afbfaa30a82f8f8bbfd3608823d1d0cd42c3c13f417e90762759da3134d7b0c4373e531925db337b681340f2f284cb2f16a4caef22e3 SHA512 de4d0f1635740c57217836a476c420141c0d34a5f90cbf7957aed7a80e7ac9ca036de2d8448e6bf4c122999e308730575899f61cea6e51ab6825dd04890d75a1
 DIST openssl-1.1.1b.tar.gz 8213737 BLAKE2B 7ad9da9548052e2a033a684038f97c420cfffd57994604bcb3fa12640796c8c0aea3d24fb05648ee4940fbec40b81462e81c353da5a41a2575c0585d9718eae8 SHA512 b54025fbb4fe264466f3b0d762aad4be45bd23cd48bdb26d901d4c41a40bfd776177e02230995ab181a695435039dbad313f4b9a563239a70807a2e19ecf045d
 DIST openssl-1.1.1b_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415
 DIST openssl-1.1.1b_ectest.c 35091 BLAKE2B a9602255ab529751c2af2419206ce113f03f93b7b776691ea2ec550f26ddbecd241844bb81dc86988fdbb1c0a587318f82ce4faecba1a6142a19cf08d40fb2c5 SHA512 7813d9b6b7ab62119a7f2dd5431c17c5839f4c320ac7071b0714c9b8528bda5fda779dbb263328dca6ee8446e9fa09c663da659c9a82832a65cf53d1cd8a4cef
 DIST openssl-1.1.1b_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.1c.tar.gz 8864262 BLAKE2B bd157b244bedcefb8e646a743732945119b267236789ac69c38856570318aca09299bdaaea3f20294863b633e6fd4dfe124820597185b3b7461cfdf094daadb0 SHA512 8e2c5cc11c120efbb7d7850980cb6eaa782d29b4996b3f3378d37613c1679f852d7cc08a90d62e78fcec3439f06bdbee70064579a8c2adaffd91532a97f646ff
+DIST openssl-1.1.1c_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415
+DIST openssl-1.1.1c_ectest.c 35091 BLAKE2B a9602255ab529751c2af2419206ce113f03f93b7b776691ea2ec550f26ddbecd241844bb81dc86988fdbb1c0a587318f82ce4faecba1a6142a19cf08d40fb2c5 SHA512 7813d9b6b7ab62119a7f2dd5431c17c5839f4c320ac7071b0714c9b8528bda5fda779dbb263328dca6ee8446e9fa09c663da659c9a82832a65cf53d1cd8a4cef
+DIST openssl-1.1.1c_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826

diff --git a/dev-libs/openssl/openssl-1.0.2s-r200.ebuild b/dev-libs/openssl/openssl-1.0.2s-r200.ebuild
new file mode 100644
index 00000000000..44b9547d141
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2s-r200.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	!vanilla? (
+		mirror://gentoo/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+	)"
+
+LICENSE="openssl"
+SLOT="1.0.0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+	!=dev-libs/openssl-1.0.2*:0"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+
+RESTRICT="test"
+
+# Do not install any docs
+DOCS=()
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+# These are ported instead
+#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+#PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f25'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
+		for i in "${FEDORA_PATCH[@]}" ; do
+			eapply "${DISTDIR}"/"${i}"
+		done
+		eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+		# $(use_ssl !bindist srp) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		eapply "${WORKDIR}"/patch/*.patch
+	fi
+
+	eapply_user
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	# this breaks build with 1.0.2p, not sure if it is needed anymore
+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist srp) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX%/}"/usr \
+		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 V=1 depend
+	emake build_libs
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	dolib.so lib{crypto,ssl}.so.${SLOT}
+}

diff --git a/dev-libs/openssl/openssl-1.0.2s.ebuild b/dev-libs/openssl/openssl-1.0.2s.ebuild
new file mode 100644
index 00000000000..57280189ad1
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2s.ebuild
@@ -0,0 +1,309 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	!vanilla? (
+		mirror://gentoo/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+	)"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+# These are ported instead
+#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+#PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f25'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
+		for i in "${FEDORA_PATCH[@]}" ; do
+			eapply "${DISTDIR}"/"${i}"
+		done
+		eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+		# $(use_ssl !bindist srp) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		eapply "${WORKDIR}"/patch/*.patch
+	fi
+
+	eapply_user
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	# this breaks build with 1.0.2p, not sure if it is needed anymore
+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist srp) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX%/}"/usr \
+		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 V=1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED%/}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED%/}"/usr || die
+	fi
+
+	emake INSTALL_PREFIX="${D%/}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED%/}"/usr/bin/c_rehash || die
+
+	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
+	einstalldocs
+
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

diff --git a/dev-libs/openssl/openssl-1.1.0k.ebuild b/dev-libs/openssl/openssl-1.1.0k.ebuild
new file mode 100644
index 00000000000..f5af55a9879
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.0k.ebuild
@@ -0,0 +1,298 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f28'
+FEDORA_GIT_COMMIT="d2ede125556ac99aa0faa7744c703af3f559094e"
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${P}_${FEDORA_GIT_COMMIT}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${i%.patch}_${FEDORA_GIT_COMMIT}.patch" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+)
+
+src_prepare() {
+	if use bindist; then
+		# we need to patch the patch but we cannot patch in DISTDIR...
+		mkdir "${WORKDIR}"/fedora_patches || die
+		for i in "${FEDORA_PATCH[@]}" ; do
+			cp "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch" "${WORKDIR}"/fedora_patches || die
+		done
+
+		# now patch the path, due to OpenSSL change cb193560e0da17a41b40ce574a2349f1d4d59ed1
+		sed -i -e 's#test/evptests.txt#test/recipes/30-test_evp_data/evppkey.txt#g' \
+			"${WORKDIR}"/fedora_patches/openssl-1.1.0-build_d2ede125556ac99aa0faa7744c703af3f559094e.patch || \
+			die
+
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${FEDORA_GIT_COMMIT}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
+		for i in "${FEDORA_PATCH[@]}" ; do
+			#eapply "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch"
+			eapply "${WORKDIR}/fedora_patches/${i%.patch}_${FEDORA_GIT_COMMIT}.patch"
+		done
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+
+	fi
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		eapply "${PATCHES[@]}"
+	fi
+
+	eapply_user #332661
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# show the actual commands in the log
+	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	# Fix quoting for sed
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+		-e 's:\\:\\\\:g' \
+	)
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED%/}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED%/}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

diff --git a/dev-libs/openssl/openssl-1.1.1c.ebuild b/dev-libs/openssl/openssl-1.1.1c.ebuild
new file mode 100644
index 00000000000..f4e635b13b6
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1c.ebuild
@@ -0,0 +1,298 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+)
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+PATCH37=openssl-1.1.1-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f29'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( ${SOURCE1} ${SOURCE12} ${SOURCE13} )
+FEDORA_PATCH=( ${PATCH37} )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
+		for i in "${FEDORA_PATCH[@]}" ; do
+			if [[ "${i}" == "${PATCH37}" ]] ; then
+				# apply our own for OpenSSL 1.1.1b adjusted version of this patch
+				eapply "${FILESDIR}"/openssl-1.1.1b-ec-curves-patch.patch
+			else
+				eapply "${DISTDIR}"/"${i}"
+			fi
+		done
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	# Fix quoting for sed
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+		-e 's:\\:\\\\:g' \
+	)
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     4b96f7ac2988d34e85ccfba5f7465b208ac9487c
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sat May  4 11:32:59 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sat May  4 11:32:59 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b96f7ac

dev-libs/openssl: Add ~riscv keyword

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11

 dev-libs/openssl/openssl-1.0.2r.ebuild    | 2 +-
 dev-libs/openssl/openssl-1.1.0j-r1.ebuild | 2 +-
 dev-libs/openssl/openssl-1.1.1b-r2.ebuild | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
index 9b19234d960..c14fecb318d 100644
--- a/dev-libs/openssl/openssl-1.0.2r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

diff --git a/dev-libs/openssl/openssl-1.1.0j-r1.ebuild b/dev-libs/openssl/openssl-1.1.0j-r1.ebuild
index b21a33a9e0f..165f6d9a050 100644
--- a/dev-libs/openssl/openssl-1.1.0j-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0j-r1.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

diff --git a/dev-libs/openssl/openssl-1.1.1b-r2.ebuild b/dev-libs/openssl/openssl-1.1.1b-r2.ebuild
index 98e70d05803..09f5e991cf9 100644
--- a/dev-libs/openssl/openssl-1.1.1b-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1b-r2.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     f714c77b627da246ba58f62929875d8d39521ae0
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 12 16:31:15 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Tue Mar 12 16:31:15 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f714c77b

dev-libs/openssl: s390 stable wrt bug #678564

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11
RepoMan-Options: --include-arches="s390"

 dev-libs/openssl/openssl-1.0.2r.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
index a596c4b7757..a49dce87b76 100644
--- a/dev-libs/openssl/openssl-1.0.2r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     b8259df89c24eb56b74bb9fdd21c80af43d4e781
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 12 16:31:35 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Tue Mar 12 16:31:35 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8259df8

dev-libs/openssl: sh stable wrt bug #678564

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11
RepoMan-Options: --include-arches="sh"

 dev-libs/openssl/openssl-1.0.2r.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
index a49dce87b76..8e2ccceffc1 100644
--- a/dev-libs/openssl/openssl-1.0.2r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     0cb3f297e40f2f9d301ef62757067e6e0687e9dd
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 12 16:31:58 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Tue Mar 12 16:31:58 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0cb3f297

dev-libs/openssl: m68k stable wrt bug #678564

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11
RepoMan-Options: --include-arches="m68k"

 dev-libs/openssl/openssl-1.0.2r.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
index 8e2ccceffc1..9b19234d960 100644
--- a/dev-libs/openssl/openssl-1.0.2r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     18b5d006a6cf192d4b9bd95fb8be22e4e3790805
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 12 16:30:39 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Tue Mar 12 16:30:39 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18b5d006

dev-libs/openssl: alpha stable wrt bug #678564

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11
RepoMan-Options: --include-arches="alpha"

 dev-libs/openssl/openssl-1.0.2r.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
index 2b6f708bf9e..a596c4b7757 100644
--- a/dev-libs/openssl/openssl-1.0.2r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     4b7f8b7a4a2b8ca439946c11990c2603a9bc7b62
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 12 16:33:44 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Tue Mar 12 16:33:44 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b7f8b7a

dev-libs/openssl: Security cleanup

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11

 dev-libs/openssl/Manifest              |   4 -
 dev-libs/openssl/openssl-1.0.2q.ebuild | 309 ---------------------------------
 2 files changed, 313 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index dd125204215..2d49947a80c 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,9 +1,5 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
-DIST openssl-1.0.2q.tar.gz 5345604 BLAKE2B c03dd92de1cc8941a7f3e4d9f2fe6f8e4ea89eccc58743d7690491fc22cc54a9783311699b008aeb4a0d37cd3172154e67623c8ada6fc8dde57e80a5cd3c5fc1 SHA512 403e6cad42db3ba860c3fa4fa81c1b7b02f0b873259e5c19a7fc8e42de0854602555f1b1ca74f4e3a7737a4cbd3aac063061e628ec86534586500819fae7fec0
-DIST openssl-1.0.2q_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
-DIST openssl-1.0.2q_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
-DIST openssl-1.0.2q_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
 DIST openssl-1.0.2r.tar.gz 5348369 BLAKE2B 9f9c2d2fe6eaf9acacab29b394a318f30c38e831a5f9c193b2da660f9d04acbf407d8b752274783765416c0f5ba557c24ee293ad7fb7d727771db289e6acc901 SHA512 6eb2211f3ad56d7573ac26f388338592c37e5faaf5e2d44c0fa9062c12186e56a324f135d1c956a89b55fcce047e6428bec2756658d103e7275e08b46f741235
 DIST openssl-1.0.2r_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2r_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19

diff --git a/dev-libs/openssl/openssl-1.0.2q.ebuild b/dev-libs/openssl/openssl-1.0.2q.ebuild
deleted file mode 100644
index 9b19234d960..00000000000
--- a/dev-libs/openssl/openssl-1.0.2q.ebuild
+++ /dev/null
@@ -1,309 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-# openssl-1.0.2-patches-1.6 contain additional CVE patches
-# which got fixed with this release.
-# Please use 1.7 version number when rolling a new tarball!
-PATCH_SET="openssl-1.0.2-patches-1.5"
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	!vanilla? (
-		mirror://gentoo/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
-	)"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-# These are ported instead
-#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-#PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f25'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
-		for i in "${FEDORA_PATCH[@]}" ; do
-			eapply "${DISTDIR}"/"${i}"
-		done
-		eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-		# $(use_ssl !bindist srp) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${WORKDIR}"/patch/*.patch
-	fi
-
-	eapply_user
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	# this breaks build with 1.0.2p, not sure if it is needed anymore
-	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	# https://github.com/openssl/openssl/issues/2286
-	if use ia64 ; then
-		replace-flags -g3 -g2
-		replace-flags -ggdb3 -ggdb2
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		$(use_ssl !bindist srp) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX%/}"/usr \
-		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 V=1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED%/}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED%/}"/usr || die
-	fi
-
-	emake INSTALL_PREFIX="${D%/}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED%/}"/usr/bin/c_rehash || die
-
-	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
-	einstalldocs
-
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mart Raudsepp]

commit:     d282c303655db0b9a7ad616083d222856f961de0
Author:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 12 12:02:25 2019 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Tue Mar 12 12:02:25 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d282c303

dev-libs/openssl: arm64 stable (bug #678564)

Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2r.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
index 7f7493f442a..2b6f708bf9e 100644
--- a/dev-libs/openssl/openssl-1.0.2r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     2b70b35d504dbfef6b02992efa845d3c536bb308
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 10 22:23:52 2019 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Sun Mar 10 22:24:05 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b70b35d

dev-libs/openssl: Stable for HPPA too

Package-Manager: Portage-2.3.62, Repoman-2.3.12
RepoMan-Options: --ignore-arches
Signed-off-by: Jeroen Roovers <jer <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2r.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
index ff8fcdd522a..7f7493f442a 100644
--- a/dev-libs/openssl/openssl-1.0.2r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     98b482c70ce7a719532cb5b546d0795f7b99ec01
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 10 22:17:17 2019 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Mar 10 22:17:17 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98b482c7

dev-libs/openssl: stable 1.0.2r for ia64, bug #678564

Package-Manager: Portage-2.3.62, Repoman-2.3.12
RepoMan-Options: --include-arches="ia64"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2r.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
index 1f6d7abbfbf..ff8fcdd522a 100644
--- a/dev-libs/openssl/openssl-1.0.2r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Matt Turner]

commit:     36b26022478c363343fc5a7e1c327a94e43cd129
Author:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 10 21:15:12 2019 +0000
Commit:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Sun Mar 10 21:38:11 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36b26022

dev-libs/openssl-1.0.2r: ppc stable, bug 678564

Signed-off-by: Matt Turner <mattst88 <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2r.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
index 2bd1920a79f..53fd8461a9c 100644
--- a/dev-libs/openssl/openssl-1.0.2r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Matt Turner]

commit:     7215a317799f8db72df0a5e59dede07cbee980d4
Author:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 10 21:15:16 2019 +0000
Commit:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Sun Mar 10 21:38:11 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7215a317

dev-libs/openssl-1.0.2r: ppc64 stable, bug 678564

Signed-off-by: Matt Turner <mattst88 <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2r.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
index 53fd8461a9c..1f6d7abbfbf 100644
--- a/dev-libs/openssl/openssl-1.0.2r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     93cc78389b66afa7a926dafc46f966448932aae7
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Sun Mar 10 20:28:50 2019 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Mar 10 20:35:30 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93cc7838

dev-libs/openssl: stable 1.0.2r for sparc, bug #678564

Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2r.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
index ef678e5a770..2bd1920a79f 100644
--- a/dev-libs/openssl/openssl-1.0.2r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     1b36153c5e7c1b238f45c4caebeefbf25e373b54
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 10 14:21:26 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Mar 10 14:21:26 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b36153c

dev-libs/openssl: arm stable wrt bug #678564

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
RepoMan-Options: --include-arches="arm"

 dev-libs/openssl/openssl-1.0.2r.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
index 2bde9b89270..ef678e5a770 100644
--- a/dev-libs/openssl/openssl-1.0.2r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     cd617cec99b95eb71fc9b50109e56a3b7aa5e65a
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sat Mar  9 19:35:07 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sat Mar  9 19:35:07 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd617cec

dev-libs/openssl: amd64 stable wrt bug #678564

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
RepoMan-Options: --include-arches="amd64"

 dev-libs/openssl/openssl-1.0.2r.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
index ebd06c826cd..2bde9b89270 100644
--- a/dev-libs/openssl/openssl-1.0.2r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     d9da82997b8d7c36851be910139a32d324531241
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Mar  9 19:13:13 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Mar  9 19:18:28 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9da8299

dev-libs/openssl: x86 stable (bug #678564)

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2r.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
index 27fcb6ba683..ebd06c826cd 100644
--- a/dev-libs/openssl/openssl-1.0.2r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     85fbaa1a7717c341c235c23d38a5cf05df0a484f
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  6 16:56:11 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Mar  6 16:56:11 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85fbaa1a

dev-libs/openssl: security cleanup

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.1.0j.ebuild    | 298 ------------------------------
 dev-libs/openssl/openssl-1.1.1b-r1.ebuild | 298 ------------------------------
 2 files changed, 596 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.0j.ebuild b/dev-libs/openssl/openssl-1.1.0j.ebuild
deleted file mode 100644
index 0fd5ce0918c..00000000000
--- a/dev-libs/openssl/openssl-1.1.0j.ebuild
+++ /dev/null
@@ -1,298 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f28'
-FEDORA_GIT_COMMIT="d2ede125556ac99aa0faa7744c703af3f559094e"
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${P}_${FEDORA_GIT_COMMIT}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${i%.patch}_${FEDORA_GIT_COMMIT}.patch" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-)
-
-src_prepare() {
-	if use bindist; then
-		# we need to patch the patch but we cannot patch in DISTDIR...
-		mkdir "${WORKDIR}"/fedora_patches || die
-		for i in "${FEDORA_PATCH[@]}" ; do
-			cp "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch" "${WORKDIR}"/fedora_patches || die
-		done
-
-		# now patch the path, due to OpenSSL change cb193560e0da17a41b40ce574a2349f1d4d59ed1
-		sed -i -e 's#test/evptests.txt#test/recipes/30-test_evp_data/evppkey.txt#g' \
-			"${WORKDIR}"/fedora_patches/openssl-1.1.0-build_d2ede125556ac99aa0faa7744c703af3f559094e.patch || \
-			die
-
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${FEDORA_GIT_COMMIT}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
-		for i in "${FEDORA_PATCH[@]}" ; do
-			#eapply "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch"
-			eapply "${WORKDIR}/fedora_patches/${i%.patch}_${FEDORA_GIT_COMMIT}.patch"
-		done
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-
-	fi
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${PATCHES[@]}"
-	fi
-
-	eapply_user #332661
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
-	)
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED%/}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED%/}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.1b-r1.ebuild b/dev-libs/openssl/openssl-1.1.1b-r1.ebuild
deleted file mode 100644
index 5e05c9dcab0..00000000000
--- a/dev-libs/openssl/openssl-1.1.1b-r1.ebuild
+++ /dev/null
@@ -1,298 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-[[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-)
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-PATCH37=openssl-1.1.1-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f29'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( ${SOURCE1} ${SOURCE12} ${SOURCE13} )
-FEDORA_PATCH=( ${PATCH37} )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
-		for i in "${FEDORA_PATCH[@]}" ; do
-			if [[ "${i}" == "${PATCH37}" ]] ; then
-				# apply our own for OpenSSL 1.1.1b adjusted version of this patch
-				eapply "${FILESDIR}"/openssl-1.1.1b-ec-curves-patch.patch
-			else
-				eapply "${DISTDIR}"/"${i}"
-			fi
-		done
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user #332661
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX%/}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl sslv3 ssl3-method) \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX%/}"/usr \
-		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
-	)
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED%/}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED%/}"/usr || die
-	fi
-
-	emake DESTDIR="${D%/}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED%/}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED%/}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     bb5e456564cfd1d18e8ec78b3436fbf99dd5496d
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 26 15:11:35 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Feb 26 15:31:40 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb5e4565

dev-libs/openssl: Bump to version 1.0.2r and 1.1.1b

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl/Manifest                   |   8 +
 dev-libs/openssl/openssl-1.0.2r-r200.ebuild | 248 ++++++++++++++++++++++
 dev-libs/openssl/openssl-1.0.2r.ebuild      | 309 ++++++++++++++++++++++++++++
 dev-libs/openssl/openssl-1.1.1b.ebuild      | 292 ++++++++++++++++++++++++++
 4 files changed, 857 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 5a5713736d4..3f3dd41c6a0 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -4,6 +4,10 @@ DIST openssl-1.0.2q.tar.gz 5345604 BLAKE2B c03dd92de1cc8941a7f3e4d9f2fe6f8e4ea89
 DIST openssl-1.0.2q_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2q_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
 DIST openssl-1.0.2q_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
+DIST openssl-1.0.2r.tar.gz 5348369 BLAKE2B 9f9c2d2fe6eaf9acacab29b394a318f30c38e831a5f9c193b2da660f9d04acbf407d8b752274783765416c0f5ba557c24ee293ad7fb7d727771db289e6acc901 SHA512 6eb2211f3ad56d7573ac26f388338592c37e5faaf5e2d44c0fa9062c12186e56a324f135d1c956a89b55fcce047e6428bec2756658d103e7275e08b46f741235
+DIST openssl-1.0.2r_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
+DIST openssl-1.0.2r_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
+DIST openssl-1.0.2r_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
 DIST openssl-1.1.0-build_d2ede125556ac99aa0faa7744c703af3f559094e.patch 3001 BLAKE2B 8f0ac4be6409b4ec50bec171697da2aebe2688e8ae06bd0dfac8b0c74661d38ebeb0a12bde0ef941b213eee9b85965262213b140636060285dcfb02a3bd14961 SHA512 ec6710e9669ac19e4c6f1286c89a383e7d276a773a2740037f98a8f2dbf18305614e7d30d9ed530923a0e7d10a3776fea2ca77229adc25df13ecad55589a3673
 DIST openssl-1.1.0-ec-curves_d2ede125556ac99aa0faa7744c703af3f559094e.patch 5311 BLAKE2B e9ec985adf6f13eb04412158a05da7cbe10be7d64bce73b899152ea379336ece7b7069089ef46993ac301ef850fd46fd0352898e249b2ea9fff5baf20896e5b5 SHA512 c38c4b05195f2b323a07efd8d17335ba2a168a16a59d7941da36568081f1c043da8d2216b7084b0617963635ded9bafeee736ecddbfa251cf0a02e4cba64cdc8
 DIST openssl-1.1.0j.tar.gz 5411919 BLAKE2B 0fbd936f38d30b64bea717a67cd59704c5ce44ee19f377a820f89ba66b9e0a7509cf39e0fb00c104ae6440a6bd811e388239b458ffe685d8601235bab2afb2f1 SHA512 e7d30951ebb3cbcb6d59e3eb40f64f5a84634b7f5c380a588d378973f1c415395e3ab71a9aaff6478a89ec6efcc88f17f1882c99c25dcd18165f1435a51e5768
@@ -15,3 +19,7 @@ DIST openssl-1.1.1a.tar.gz 8350547 BLAKE2B 71dae2f44ade3e31983599a491b5efe5da63b
 DIST openssl-1.1.1a_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415
 DIST openssl-1.1.1a_ectest.c 35091 BLAKE2B a9602255ab529751c2af2419206ce113f03f93b7b776691ea2ec550f26ddbecd241844bb81dc86988fdbb1c0a587318f82ce4faecba1a6142a19cf08d40fb2c5 SHA512 7813d9b6b7ab62119a7f2dd5431c17c5839f4c320ac7071b0714c9b8528bda5fda779dbb263328dca6ee8446e9fa09c663da659c9a82832a65cf53d1cd8a4cef
 DIST openssl-1.1.1a_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.1b.tar.gz 8213737 BLAKE2B 7ad9da9548052e2a033a684038f97c420cfffd57994604bcb3fa12640796c8c0aea3d24fb05648ee4940fbec40b81462e81c353da5a41a2575c0585d9718eae8 SHA512 b54025fbb4fe264466f3b0d762aad4be45bd23cd48bdb26d901d4c41a40bfd776177e02230995ab181a695435039dbad313f4b9a563239a70807a2e19ecf045d
+DIST openssl-1.1.1b_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415
+DIST openssl-1.1.1b_ectest.c 35091 BLAKE2B a9602255ab529751c2af2419206ce113f03f93b7b776691ea2ec550f26ddbecd241844bb81dc86988fdbb1c0a587318f82ce4faecba1a6142a19cf08d40fb2c5 SHA512 7813d9b6b7ab62119a7f2dd5431c17c5839f4c320ac7071b0714c9b8528bda5fda779dbb263328dca6ee8446e9fa09c663da659c9a82832a65cf53d1cd8a4cef
+DIST openssl-1.1.1b_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826

diff --git a/dev-libs/openssl/openssl-1.0.2r-r200.ebuild b/dev-libs/openssl/openssl-1.0.2r-r200.ebuild
new file mode 100644
index 00000000000..44b9547d141
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2r-r200.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	!vanilla? (
+		mirror://gentoo/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+	)"
+
+LICENSE="openssl"
+SLOT="1.0.0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+	!=dev-libs/openssl-1.0.2*:0"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+
+RESTRICT="test"
+
+# Do not install any docs
+DOCS=()
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+# These are ported instead
+#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+#PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f25'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
+		for i in "${FEDORA_PATCH[@]}" ; do
+			eapply "${DISTDIR}"/"${i}"
+		done
+		eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+		# $(use_ssl !bindist srp) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		eapply "${WORKDIR}"/patch/*.patch
+	fi
+
+	eapply_user
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	# this breaks build with 1.0.2p, not sure if it is needed anymore
+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist srp) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX%/}"/usr \
+		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 V=1 depend
+	emake build_libs
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	dolib.so lib{crypto,ssl}.so.${SLOT}
+}

diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
new file mode 100644
index 00000000000..27fcb6ba683
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -0,0 +1,309 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	!vanilla? (
+		mirror://gentoo/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+	)"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+# These are ported instead
+#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+#PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f25'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
+		for i in "${FEDORA_PATCH[@]}" ; do
+			eapply "${DISTDIR}"/"${i}"
+		done
+		eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+		# $(use_ssl !bindist srp) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		eapply "${WORKDIR}"/patch/*.patch
+	fi
+
+	eapply_user
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	# this breaks build with 1.0.2p, not sure if it is needed anymore
+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist srp) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX%/}"/usr \
+		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 V=1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED%/}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED%/}"/usr || die
+	fi
+
+	emake INSTALL_PREFIX="${D%/}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED%/}"/usr/bin/c_rehash || die
+
+	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
+	einstalldocs
+
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

diff --git a/dev-libs/openssl/openssl-1.1.1b.ebuild b/dev-libs/openssl/openssl-1.1.1b.ebuild
new file mode 100644
index 00000000000..ad888b7d6a6
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1b.ebuild
@@ -0,0 +1,292 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+)
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+PATCH37=openssl-1.1.1-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f29'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( ${SOURCE1} ${SOURCE12} ${SOURCE13} )
+FEDORA_PATCH=( ${PATCH37} )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
+		for i in "${FEDORA_PATCH[@]}" ; do
+			eapply "${DISTDIR}"/"${i}"
+		done
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX%/}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX%/}"/usr \
+		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	# Fix quoting for sed
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+		-e 's:\\:\\\\:g' \
+	)
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED%/}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED%/}"/usr || die
+	fi
+
+	emake DESTDIR="${D%/}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED%/}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED%/}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     604a6136f50362e5bcfabf4187ea945e2fdb43f3
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  7 18:44:35 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jan  7 18:44:35 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=604a6136

dev-libs/openssl: security cleanup

Bug: https://bugs.gentoo.org/673056
Package-Manager: Portage-2.3.54, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest                 |   5 -
 dev-libs/openssl/openssl-1.0.2p-r1.ebuild | 306 ------------------------------
 2 files changed, 311 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index be0de8591d7..5a5713736d4 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,10 +1,5 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
-DIST openssl-1.0.2-patches-1.6.tar.xz 16004 BLAKE2B 28c7e9a8c8b09a34aa6ed21dec18b04c1d6140276e319cfa99b63db5ae188ca7837c444e8352748ffc86e6df7676534aef2f28788e825ee8207c0f876efb5b7b SHA512 eac9bbbebd8d942707ef385ee466929045bb4698985f7a0fb16f529f2101a246735cc2e654bfbdaa8a178224bb5ac564478a7587e6156cfcbdfe62a719bfb0a3
-DIST openssl-1.0.2p.tar.gz 5338192 BLAKE2B fe4c0e2bf75d47a76e7377c7977be7bcaaa532061ab89ee989786eeb6495295711a29a88bf026c85d9ed55c97e71b0e9c8cf4c29b6e58a3dc56bcff518666823 SHA512 958c5a7c3324bbdc8f07dfb13e11329d9a1b4452c07cf41fbd2d42b5fe29c95679332a3476d24c2dc2b88be16e4a24744aba675a05a388c0905756c77a8a2f16
-DIST openssl-1.0.2p_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
-DIST openssl-1.0.2p_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
-DIST openssl-1.0.2p_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
 DIST openssl-1.0.2q.tar.gz 5345604 BLAKE2B c03dd92de1cc8941a7f3e4d9f2fe6f8e4ea89eccc58743d7690491fc22cc54a9783311699b008aeb4a0d37cd3172154e67623c8ada6fc8dde57e80a5cd3c5fc1 SHA512 403e6cad42db3ba860c3fa4fa81c1b7b02f0b873259e5c19a7fc8e42de0854602555f1b1ca74f4e3a7737a4cbd3aac063061e628ec86534586500819fae7fec0
 DIST openssl-1.0.2q_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2q_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19

diff --git a/dev-libs/openssl/openssl-1.0.2p-r1.ebuild b/dev-libs/openssl/openssl-1.0.2p-r1.ebuild
deleted file mode 100644
index d691659c26a..00000000000
--- a/dev-libs/openssl/openssl-1.0.2p-r1.ebuild
+++ /dev/null
@@ -1,306 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-PATCH_SET="openssl-1.0.2-patches-1.6"
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	!vanilla? (
-		mirror://gentoo/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
-		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
-	)"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-# These are ported instead
-#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-#PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f25'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
-		for i in "${FEDORA_PATCH[@]}" ; do
-			eapply "${DISTDIR}"/"${i}"
-		done
-		eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-		# $(use_ssl !bindist srp) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${WORKDIR}"/patch/*.patch
-	fi
-
-	eapply_user
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	# this breaks build with 1.0.2p, not sure if it is needed anymore
-	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	# https://github.com/openssl/openssl/issues/2286
-	if use ia64 ; then
-		replace-flags -g3 -g2
-		replace-flags -ggdb3 -ggdb2
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		$(use_ssl !bindist srp) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX%/}"/usr \
-		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 V=1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED%/}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED%/}"/usr || die
-	fi
-
-	emake INSTALL_PREFIX="${D%/}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED%/}"/usr/bin/c_rehash || die
-
-	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
-	einstalldocs
-
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     4e2c81b1ad0f4a31bec56c01a62e60b957fad616
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  7 18:42:39 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jan  7 18:42:39 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e2c81b1

dev-libs/openssl: s390/sh/m68k stable (bug #673056)

Package-Manager: Portage-2.3.54, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2q.ebuild b/dev-libs/openssl/openssl-1.0.2q.ebuild
index 587dbded884..9b19234d960 100644
--- a/dev-libs/openssl/openssl-1.0.2q.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2q.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mart Raudsepp]

commit:     890bf13155a246dcd846be4aef2073767041c73a
Author:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Sun Jan  6 22:16:04 2019 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Sun Jan  6 22:16:04 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=890bf131

dev-libs/openssl: arm64 stable (bug #673056)

Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2q.ebuild b/dev-libs/openssl/openssl-1.0.2q.ebuild
index 3a9c311a5ed..587dbded884 100644
--- a/dev-libs/openssl/openssl-1.0.2q.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2q.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Matt Turner]

commit:     ceeb6a9c7433a072308aafea2536a7c9d726df23
Author:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Sat Jan  5 21:04:03 2019 +0000
Commit:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Sat Jan  5 21:10:55 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ceeb6a9c

dev-libs/openssl-1.0.2q: ppc stable, bug 673056

Signed-off-by: Matt Turner <mattst88 <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2q.ebuild b/dev-libs/openssl/openssl-1.0.2q.ebuild
index 9d23a868ee1..3a9c311a5ed 100644
--- a/dev-libs/openssl/openssl-1.0.2q.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2q.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     f57daf324db6e5c83e0587bf84acecd094707556
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Jan  2 21:28:53 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Jan  2 21:29:21 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f57daf32

dev-libs/openssl: Added slotted openssl-1.0.2q (SLOT="1.0.0")

Closes: https://bugs.gentoo.org/662246
Package-Manager: Portage-2.3.53, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2q-r200.ebuild | 248 ++++++++++++++++++++++++++++
 1 file changed, 248 insertions(+)

diff --git a/dev-libs/openssl/openssl-1.0.2q-r200.ebuild b/dev-libs/openssl/openssl-1.0.2q-r200.ebuild
new file mode 100644
index 00000000000..44b9547d141
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2q-r200.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	!vanilla? (
+		mirror://gentoo/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+	)"
+
+LICENSE="openssl"
+SLOT="1.0.0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+	!=dev-libs/openssl-1.0.2*:0"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+
+RESTRICT="test"
+
+# Do not install any docs
+DOCS=()
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+# These are ported instead
+#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+#PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f25'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
+		for i in "${FEDORA_PATCH[@]}" ; do
+			eapply "${DISTDIR}"/"${i}"
+		done
+		eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+		# $(use_ssl !bindist srp) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		eapply "${WORKDIR}"/patch/*.patch
+	fi
+
+	eapply_user
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	# this breaks build with 1.0.2p, not sure if it is needed anymore
+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist srp) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX%/}"/usr \
+		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 V=1 depend
+	emake build_libs
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	dolib.so lib{crypto,ssl}.so.${SLOT}
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     38b1e9fca9b070b1bf04765a456fd096e57600b8
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Tue Jan  1 12:13:36 2019 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Tue Jan  1 12:13:36 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38b1e9fc

dev-libs/openssl: stable 1.0.2q for ppc64, bug #673056

Package-Manager: Portage-2.3.53, Repoman-2.3.12
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2q.ebuild b/dev-libs/openssl/openssl-1.0.2q.ebuild
index 9aec06b74d5..9d23a868ee1 100644
--- a/dev-libs/openssl/openssl-1.0.2q.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2q.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     b8745825d7929c1c193acba5f5e9e3587a8f481b
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Tue Jan  1 12:04:52 2019 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Tue Jan  1 12:05:20 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8745825

dev-libs/openssl: stable 1.0.2q for ia64, bug #673056

Package-Manager: Portage-2.3.53, Repoman-2.3.12
RepoMan-Options: --include-arches="ia64"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2q.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2q.ebuild b/dev-libs/openssl/openssl-1.0.2q.ebuild
index ce0ecdd0d5b..9aec06b74d5 100644
--- a/dev-libs/openssl/openssl-1.0.2q.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2q.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="6"
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     3358bfa2879ee3321a491f9d948017cb41a98e0a
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 29 18:48:38 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Dec 29 19:12:08 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3358bfa2

dev-libs/openssl: x86 stable (bug #673056)

Package-Manager: Portage-2.3.53, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2q.ebuild b/dev-libs/openssl/openssl-1.0.2q.ebuild
index b88bb16e529..ce0ecdd0d5b 100644
--- a/dev-libs/openssl/openssl-1.0.2q.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2q.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Matt Turner]

commit:     a841b17b550f2f55439a9565250f3724e30e2d8f
Author:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 29 18:02:00 2018 +0000
Commit:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Sat Dec 29 18:02:00 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a841b17b

dev-libs/openssl-1.0.2q: alpha stable, bug 673056

Signed-off-by: Matt Turner <mattst88 <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2q.ebuild b/dev-libs/openssl/openssl-1.0.2q.ebuild
index 57e5aca9390..b88bb16e529 100644
--- a/dev-libs/openssl/openssl-1.0.2q.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2q.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     f586b833691104a7bec1a3f16a2c609d74899dcc
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Sat Dec 29 10:19:53 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sat Dec 29 12:04:56 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f586b833

dev-libs/openssl: stable 1.0.2q for sparc, bug #673056

Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2q.ebuild b/dev-libs/openssl/openssl-1.0.2q.ebuild
index 95ed757672b..57e5aca9390 100644
--- a/dev-libs/openssl/openssl-1.0.2q.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2q.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     b2f97322256b3c3a0dafbcbe50a8a8b4aaa18fc1
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 28 20:19:09 2018 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Fri Dec 28 20:19:09 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2f97322

dev-libs/openssl: wrt bug #673056

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

 dev-libs/openssl/openssl-1.0.2q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2q.ebuild b/dev-libs/openssl/openssl-1.0.2q.ebuild
index 24dba4f3237..95ed757672b 100644
--- a/dev-libs/openssl/openssl-1.0.2q.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2q.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     7ad5b2e8a117bebc2e0df9f989b04b6b75d529fb
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 28 17:06:05 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Dec 28 19:40:42 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ad5b2e8

dev-libs/openssl: stable 1.0.2q for hppa, bug #673056

Package-Manager: Portage-2.3.53, Repoman-2.3.12
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2q.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2q.ebuild b/dev-libs/openssl/openssl-1.0.2q.ebuild
index a073a353fb9..24dba4f3237 100644
--- a/dev-libs/openssl/openssl-1.0.2q.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2q.ebuild
@@ -22,7 +22,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     003fe89b29815879370fc869489952f2c274b4e4
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 28 19:09:16 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Dec 28 19:09:27 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=003fe89b

dev-libs/openssl: fix hobble patch

Closes: https://bugs.gentoo.org/673904
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest              | 10 +++++-----
 dev-libs/openssl/openssl-1.1.0j.ebuild | 21 +++++++++++++++++----
 2 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 830b54cf634..be0de8591d7 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -9,12 +9,12 @@ DIST openssl-1.0.2q.tar.gz 5345604 BLAKE2B c03dd92de1cc8941a7f3e4d9f2fe6f8e4ea89
 DIST openssl-1.0.2q_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2q_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
 DIST openssl-1.0.2q_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
-DIST openssl-1.1.0-build.patch 3001 BLAKE2B 8f0ac4be6409b4ec50bec171697da2aebe2688e8ae06bd0dfac8b0c74661d38ebeb0a12bde0ef941b213eee9b85965262213b140636060285dcfb02a3bd14961 SHA512 ec6710e9669ac19e4c6f1286c89a383e7d276a773a2740037f98a8f2dbf18305614e7d30d9ed530923a0e7d10a3776fea2ca77229adc25df13ecad55589a3673
-DIST openssl-1.1.0-ec-curves.patch 5311 BLAKE2B e9ec985adf6f13eb04412158a05da7cbe10be7d64bce73b899152ea379336ece7b7069089ef46993ac301ef850fd46fd0352898e249b2ea9fff5baf20896e5b5 SHA512 c38c4b05195f2b323a07efd8d17335ba2a168a16a59d7941da36568081f1c043da8d2216b7084b0617963635ded9bafeee736ecddbfa251cf0a02e4cba64cdc8
+DIST openssl-1.1.0-build_d2ede125556ac99aa0faa7744c703af3f559094e.patch 3001 BLAKE2B 8f0ac4be6409b4ec50bec171697da2aebe2688e8ae06bd0dfac8b0c74661d38ebeb0a12bde0ef941b213eee9b85965262213b140636060285dcfb02a3bd14961 SHA512 ec6710e9669ac19e4c6f1286c89a383e7d276a773a2740037f98a8f2dbf18305614e7d30d9ed530923a0e7d10a3776fea2ca77229adc25df13ecad55589a3673
+DIST openssl-1.1.0-ec-curves_d2ede125556ac99aa0faa7744c703af3f559094e.patch 5311 BLAKE2B e9ec985adf6f13eb04412158a05da7cbe10be7d64bce73b899152ea379336ece7b7069089ef46993ac301ef850fd46fd0352898e249b2ea9fff5baf20896e5b5 SHA512 c38c4b05195f2b323a07efd8d17335ba2a168a16a59d7941da36568081f1c043da8d2216b7084b0617963635ded9bafeee736ecddbfa251cf0a02e4cba64cdc8
 DIST openssl-1.1.0j.tar.gz 5411919 BLAKE2B 0fbd936f38d30b64bea717a67cd59704c5ce44ee19f377a820f89ba66b9e0a7509cf39e0fb00c104ae6440a6bd811e388239b458ffe685d8601235bab2afb2f1 SHA512 e7d30951ebb3cbcb6d59e3eb40f64f5a84634b7f5c380a588d378973f1c415395e3ab71a9aaff6478a89ec6efcc88f17f1882c99c25dcd18165f1435a51e5768
-DIST openssl-1.1.0j_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
-DIST openssl-1.1.0j_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
-DIST openssl-1.1.0j_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
+DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
+DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
 DIST openssl-1.1.1-ec-curves.patch 7265 BLAKE2B 04725d226c430132cf54afbfaa30a82f8f8bbfd3608823d1d0cd42c3c13f417e90762759da3134d7b0c4373e531925db337b681340f2f284cb2f16a4caef22e3 SHA512 de4d0f1635740c57217836a476c420141c0d34a5f90cbf7957aed7a80e7ac9ca036de2d8448e6bf4c122999e308730575899f61cea6e51ab6825dd04890d75a1
 DIST openssl-1.1.1a.tar.gz 8350547 BLAKE2B 71dae2f44ade3e31983599a491b5efe5da63bbe4f32a2336a8022b282f844a9d898f3b1c3fa825a5973cb16898e8e87fcd73d68e9b602b58f500c3f3e047b199 SHA512 1523985ba90f38aa91aa6c2d57652f4e243cb2a095ce6336bf34b39b5a9b5b876804299a6825c758b65990e57948da532cca761aa12b10958c97478d04dd6d34
 DIST openssl-1.1.1a_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415

diff --git a/dev-libs/openssl/openssl-1.1.0j.ebuild b/dev-libs/openssl/openssl-1.1.0j.ebuild
index 9394eac2532..0fd5ce0918c 100644
--- a/dev-libs/openssl/openssl-1.1.0j.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0j.ebuild
@@ -37,14 +37,15 @@ PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
 PATCH37=openssl-1.1.0-ec-curves.patch
 FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
 FEDORA_GIT_BRANCH='f28'
+FEDORA_GIT_COMMIT="d2ede125556ac99aa0faa7744c703af3f559094e"
 FEDORA_SRC_URI=()
 FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
 FEDORA_PATCH=( $PATCH1 $PATCH37 )
 for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${P}_${FEDORA_GIT_COMMIT}_${i}" )
 done
 for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${i%.patch}_${FEDORA_GIT_COMMIT}.patch" )
 done
 SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
 
@@ -61,16 +62,28 @@ PATCHES=(
 
 src_prepare() {
 	if use bindist; then
+		# we need to patch the patch but we cannot patch in DISTDIR...
+		mkdir "${WORKDIR}"/fedora_patches || die
+		for i in "${FEDORA_PATCH[@]}" ; do
+			cp "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch" "${WORKDIR}"/fedora_patches || die
+		done
+
+		# now patch the path, due to OpenSSL change cb193560e0da17a41b40ce574a2349f1d4d59ed1
+		sed -i -e 's#test/evptests.txt#test/recipes/30-test_evp_data/evppkey.txt#g' \
+			"${WORKDIR}"/fedora_patches/openssl-1.1.0-build_d2ede125556ac99aa0faa7744c703af3f559094e.patch || \
+			die
+
 		# This just removes the prefix, and puts it into WORKDIR like the RPM.
 		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+			cp -f "${DISTDIR}"/"${P}_${FEDORA_GIT_COMMIT}_${i}" "${WORKDIR}"/"${i}" || die
 		done
 		# .spec %prep
 		bash "${WORKDIR}"/"${SOURCE1}" || die
 		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
 		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
 		for i in "${FEDORA_PATCH[@]}" ; do
-			eapply "${DISTDIR}"/"${i}"
+			#eapply "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch"
+			eapply "${WORKDIR}/fedora_patches/${i%.patch}_${FEDORA_GIT_COMMIT}.patch"
 		done
 		# Also see the configure parts below:
 		# enable-ec \

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     b6658cc2e0116335729d6a1753cd97fd3b097518
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 18 23:18:46 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Nov 18 23:19:05 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6658cc2

dev-libs/openssl: fix USE=bindist

Package-Manager: Portage-2.3.51, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest                          | 12 ++++--
 ...l-1.1.0i-r2.ebuild => openssl-1.1.0i-r3.ebuild} |  2 +-
 ...ssl-1.1.1-r2.ebuild => openssl-1.1.1-r3.ebuild} | 44 +++++++++++++++++++++-
 3 files changed, 51 insertions(+), 7 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 2ecc6370eb7..6586b888cd9 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -4,10 +4,14 @@ DIST openssl-1.0.2p.tar.gz 5338192 BLAKE2B fe4c0e2bf75d47a76e7377c7977be7bcaaa53
 DIST openssl-1.0.2p_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2p_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
 DIST openssl-1.0.2p_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
-DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0
-DIST openssl-1.1.0-ec-curves.patch 2967 BLAKE2B 1c639514445ea85cf731732aa7901b5a03ddb5f637b0483ab2ec6825433ad978723c5a07316db684bdaca4a12fc673b4e049a49c0cd4dbe5f25a5e2bd3b75cf5 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2
+DIST openssl-1.1.0-build.patch 3001 BLAKE2B 8f0ac4be6409b4ec50bec171697da2aebe2688e8ae06bd0dfac8b0c74661d38ebeb0a12bde0ef941b213eee9b85965262213b140636060285dcfb02a3bd14961 SHA512 ec6710e9669ac19e4c6f1286c89a383e7d276a773a2740037f98a8f2dbf18305614e7d30d9ed530923a0e7d10a3776fea2ca77229adc25df13ecad55589a3673
+DIST openssl-1.1.0-ec-curves.patch 5311 BLAKE2B e9ec985adf6f13eb04412158a05da7cbe10be7d64bce73b899152ea379336ece7b7069089ef46993ac301ef850fd46fd0352898e249b2ea9fff5baf20896e5b5 SHA512 c38c4b05195f2b323a07efd8d17335ba2a168a16a59d7941da36568081f1c043da8d2216b7084b0617963635ded9bafeee736ecddbfa251cf0a02e4cba64cdc8
 DIST openssl-1.1.0i.tar.gz 5453234 BLAKE2B ae6bec9c116769d98a77165b96fb7d201fe2ede8ee98e3cb68eba496cc90a5fae38dbcbb68b824c9eeacb25605aa80c3ccca9b4f00725658da3ad646834b0f9d SHA512 4a9d454031f644a3072a980f4ea20df976f6c5c58178549dfa62fd4dcf1417509e3be517d2ccb265c87688836f2993531b142fc5971bac5c41d33060057627df
-DIST openssl-1.1.0i_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879
-DIST openssl-1.1.0i_ectest.c 29908 BLAKE2B b398bafd5d5aea71daa9c3e2749dece9e515950e35547a6191d83987907aae73e090a4b552636af4d1ab2b39f7e3b1ea3fde2012c99f068f9c99d247996c1212 SHA512 e4445f8959b040caca6a7494da2026b840f84348df5d4eab47a68570d274333f62fa0c381955093edd86c857dad98595ffa2980c54afdcf2a8d32f32d0c70450
+DIST openssl-1.1.0i_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
+DIST openssl-1.1.0i_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
 DIST openssl-1.1.0i_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.1-ec-curves.patch 7265 BLAKE2B 04725d226c430132cf54afbfaa30a82f8f8bbfd3608823d1d0cd42c3c13f417e90762759da3134d7b0c4373e531925db337b681340f2f284cb2f16a4caef22e3 SHA512 de4d0f1635740c57217836a476c420141c0d34a5f90cbf7957aed7a80e7ac9ca036de2d8448e6bf4c122999e308730575899f61cea6e51ab6825dd04890d75a1
 DIST openssl-1.1.1.tar.gz 8337920 BLAKE2B 266fb97bad4e1e7c0694c67a065d6669560695c92ad8fa10824169288a3fdfb9798faf408274a1e0c4e10a83a12b57367611bf4037dd2ab7ee74d7edab580a7b SHA512 c0284a4fe84bdf765ca5bc5148da4441ffc36392cfecaf9d372af00cf93b6de5681cab1248b6f8246474532155dc205da5ad49549ad7c61c07c917145e7c9c71
+DIST openssl-1.1.1_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415
+DIST openssl-1.1.1_ectest.c 35091 BLAKE2B a9602255ab529751c2af2419206ce113f03f93b7b776691ea2ec550f26ddbecd241844bb81dc86988fdbb1c0a587318f82ce4faecba1a6142a19cf08d40fb2c5 SHA512 7813d9b6b7ab62119a7f2dd5431c17c5839f4c320ac7071b0714c9b8528bda5fda779dbb263328dca6ee8446e9fa09c663da659c9a82832a65cf53d1cd8a4cef
+DIST openssl-1.1.1_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826

diff --git a/dev-libs/openssl/openssl-1.1.0i-r2.ebuild b/dev-libs/openssl/openssl-1.1.0i-r3.ebuild
similarity index 99%
rename from dev-libs/openssl/openssl-1.1.0i-r2.ebuild
rename to dev-libs/openssl/openssl-1.1.0i-r3.ebuild
index f3862111729..7837bf78175 100644
--- a/dev-libs/openssl/openssl-1.1.0i-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0i-r3.ebuild
@@ -36,7 +36,7 @@ SOURCE13=ectest.c
 PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
 PATCH37=openssl-1.1.0-ec-curves.patch
 FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f27'
+FEDORA_GIT_BRANCH='f28'
 FEDORA_SRC_URI=()
 FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
 FEDORA_PATCH=( $PATCH1 $PATCH37 )

diff --git a/dev-libs/openssl/openssl-1.1.1-r2.ebuild b/dev-libs/openssl/openssl-1.1.1-r3.ebuild
similarity index 84%
rename from dev-libs/openssl/openssl-1.1.1-r2.ebuild
rename to dev-libs/openssl/openssl-1.1.1-r3.ebuild
index 87d4a44d49a..391d0bc059c 100644
--- a/dev-libs/openssl/openssl-1.1.1-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1-r3.ebuild
@@ -28,6 +28,26 @@ DEPEND="${RDEPEND}
 	)"
 PDEPEND="app-misc/ca-certificates"
 
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+PATCH37=openssl-1.1.1-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f29'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( ${SOURCE1} ${SOURCE12} ${SOURCE13} )
+FEDORA_PATCH=( ${PATCH37} )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
 S="${WORKDIR}/${MY_P}"
 
 MULTILIB_WRAPPED_HEADERS=(
@@ -40,6 +60,24 @@ PATCHES=(
 )
 
 src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
+		for i in "${FEDORA_PATCH[@]}" ; do
+			eapply "${DISTDIR}"/"${i}"
+		done
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+
+	fi
+
 	# keep this in sync with app-misc/c_rehash
 	SSL_CNF_DIR="/etc/ssl"
 
@@ -133,6 +171,7 @@ multilib_src_configure() {
 	local config="Configure"
 	[[ -z ${sslout} ]] && config="config"
 
+	# Fedora hobbled-EC needs 'no-ec2m'
 	# 'srp' was restricted until early 2017 as well.
 	# "disable-deprecated" option breaks too many consumers.
 	# Don't set it without thorough revdeps testing.
@@ -141,8 +180,9 @@ multilib_src_configure() {
 		${sslout} \
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
-		$(use_ssl !bindist ec) \
-		$(use_ssl !bindist srp) \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
 		$(use elibc_musl && echo "no-async") \
 		${ec_nistp_64_gcc_128} \
 		enable-idea \

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     01535a37ba9fc101a01c5e3aee1128ef150c10a5
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 12 18:03:16 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Nov 12 18:36:43 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01535a37

dev-libs/openssl: add patch for CVE-2018-0734 & CVE-2018-5407

Package-Manager: Portage-2.3.51, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/openssl/Manifest                                            | 2 +-
 dev-libs/openssl/{openssl-1.0.2p.ebuild => openssl-1.0.2p-r1.ebuild} | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index a942f505233..2ecc6370eb7 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,5 +1,5 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
-DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
+DIST openssl-1.0.2-patches-1.6.tar.xz 16004 BLAKE2B 28c7e9a8c8b09a34aa6ed21dec18b04c1d6140276e319cfa99b63db5ae188ca7837c444e8352748ffc86e6df7676534aef2f28788e825ee8207c0f876efb5b7b SHA512 eac9bbbebd8d942707ef385ee466929045bb4698985f7a0fb16f529f2101a246735cc2e654bfbdaa8a178224bb5ac564478a7587e6156cfcbdfe62a719bfb0a3
 DIST openssl-1.0.2p.tar.gz 5338192 BLAKE2B fe4c0e2bf75d47a76e7377c7977be7bcaaa532061ab89ee989786eeb6495295711a29a88bf026c85d9ed55c97e71b0e9c8cf4c29b6e58a3dc56bcff518666823 SHA512 958c5a7c3324bbdc8f07dfb13e11329d9a1b4452c07cf41fbd2d42b5fe29c95679332a3476d24c2dc2b88be16e4a24744aba675a05a388c0905756c77a8a2f16
 DIST openssl-1.0.2p_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2p_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19

diff --git a/dev-libs/openssl/openssl-1.0.2p.ebuild b/dev-libs/openssl/openssl-1.0.2p-r1.ebuild
similarity index 99%
rename from dev-libs/openssl/openssl-1.0.2p.ebuild
rename to dev-libs/openssl/openssl-1.0.2p-r1.ebuild
index b8c283fe917..d691659c26a 100644
--- a/dev-libs/openssl/openssl-1.0.2p.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2p-r1.ebuild
@@ -1,11 +1,11 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="6"
 
 inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
 
-PATCH_SET="openssl-1.0.2-patches-1.5"
+PATCH_SET="openssl-1.0.2-patches-1.6"
 MY_P=${P/_/-}
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
 HOMEPAGE="https://www.openssl.org/"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     c67ec50310e87127792325c248481334cbab693d
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 11 12:08:39 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Oct 11 12:10:12 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c67ec503

dev-libs/openssl: Fixed doc installation path

without a revbump because openssl-1.1 is still p.masked.

Closes: https://bugs.gentoo.org/668308
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

 dev-libs/openssl/openssl-1.1.1.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.1.ebuild b/dev-libs/openssl/openssl-1.1.1.ebuild
index 4c92eedb393..3b7cd3fc019 100644
--- a/dev-libs/openssl/openssl-1.1.1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="6"
@@ -59,7 +59,7 @@ src_prepare() {
 		-e $(has noman FEATURES \
 			&& echo '/^install:/s:install_docs::' \
 			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
 		Configurations/unix-Makefile.tmpl \
 		|| die
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     f67dc8e2ad885d3fb7f932f63d128057502eb534
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 19 11:28:05 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Sep 19 11:28:19 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f67dc8e2

dev-libs/openssl: Removed old.

Package-Manager: Portage-2.3.49, Repoman-2.3.10

 dev-libs/openssl/openssl-0.9.8z_p8.ebuild | 158 ------------------------------
 1 file changed, 158 deletions(-)

diff --git a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild b/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
deleted file mode 100644
index ab73da7680e..00000000000
--- a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
+++ /dev/null
@@ -1,158 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-#PLEVEL=$(printf "\\$(printf '%03o' $((${PV##*_p} + 96)))")
-PLEVEL='h' # _p8 -> tr '[1-9]' '[a-i]' -> 'h'
-MY_PV=${PV/_p*/${PLEVEL}}
-MY_P=${PN}-${MY_PV}
-S="${WORKDIR}/${MY_P}"
-DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0.9.8"
-KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd"
-IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	!=dev-libs/openssl-0.9.8*:0"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-
-# Do not install any docs
-DOCS=()
-
-src_prepare() {
-	epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
-	epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
-	epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
-		Makefile{,.org} \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-	# update the enginedir path.
-	# punt broken config we don't care about as it fails sanity check.
-	sed -i \
-		-e '/^"debug-ben-debug-64"/d' \
-		-e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \
-		Configure || die
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags -Wa,--noexecstack
-
-	sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
-	sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-
-	tc-export CC AR RANLIB
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      5,724,428 03/03/2015    https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		enable-idea \
-		enable-mdc2 \
-		$(use_ssl !bindist rc5) \
-		enable-tlsext \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl zlib) \
-		--prefix=/usr \
-		--openssldir=/etc/ssl \
-		shared threads \
-		|| die "Configure failed"
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts
-	emake -j1 depend
-	emake -j1 build_libs
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	dolib.so lib{crypto,ssl}.so.0.9.8
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     6515b6442d3bb85807d8803a7609d2fe0e436734
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 11 15:40:50 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Sep 11 15:41:42 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6515b644

dev-libs/openssl: Bump to version 1.1.1

Package-Manager: Portage-2.3.49, Repoman-2.3.10

 dev-libs/openssl/Manifest             |   1 +
 dev-libs/openssl/openssl-1.1.1.ebuild | 248 ++++++++++++++++++++++++++++++++++
 2 files changed, 249 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index ba5fdcfbf60..523a6779775 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -12,3 +12,4 @@ DIST openssl-1.1.0i_ectest.c 29908 BLAKE2B b398bafd5d5aea71daa9c3e2749dece9e5159
 DIST openssl-1.1.0i_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
 DIST openssl-1.1.1-pre8.tar.gz 8334954 BLAKE2B 97cd018908925abd5a4eb660b3488b23efb582dd49dd87504e5522b2e9c5c6500417ef4893590a60ce35cfa316de51bfbf3e448e9cb2a5858ecd8ae72722922d SHA512 33b20f8589e0ba67500993635e1ba7f7f7ce2b6fa1eb8d4d7c44711ff047045dde57ad7e0605377c2b030fc954a3fb9b1f1d68feac2080991ef2b1b72a761041
 DIST openssl-1.1.1-pre9.tar.gz 8411103 BLAKE2B 93ac540afdf734c67aabbaf0682b43f044e8c05f80c0b1e7af926dd4179b215f68d569de24e45ae78a6915923ab5f77a8aa5690873e01c16478bf61d1f1c2a9b SHA512 cf23c11d7591cfa6dfd8b1086c2cdd33bd56f9eb44721cd60b228ef4d3c0c5de650dca53ae7becf7c8f0a9dd4bdae287f48116a3ac11d106b36919deb3214aa2
+DIST openssl-1.1.1.tar.gz 8337920 BLAKE2B 266fb97bad4e1e7c0694c67a065d6669560695c92ad8fa10824169288a3fdfb9798faf408274a1e0c4e10a83a12b57367611bf4037dd2ab7ee74d7edab580a7b SHA512 c0284a4fe84bdf765ca5bc5148da4441ffc36392cfecaf9d372af00cf93b6de5681cab1248b6f8246474532155dc205da5ad49549ad7c61c07c917145e7c9c71

diff --git a/dev-libs/openssl/openssl-1.1.1.ebuild b/dev-libs/openssl/openssl-1.1.1.ebuild
new file mode 100644
index 00000000000..4c92eedb393
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX%/}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		$(use_ssl !bindist ec) \
+		$(use_ssl !bindist srp) \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX%/}"/usr \
+		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	# Fix quoting for sed
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+		-e 's:\\:\\\\:g' \
+	)
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED%/}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED%/}"/usr || die
+	fi
+
+	emake DESTDIR="${D%/}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED%/}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED%/}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     3cd910c8b632da402f548f6d21d196cc3daa1320
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 11 15:41:26 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Sep 11 15:41:44 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3cd910c8

dev-libs/openssl: Removed old.

Package-Manager: Portage-2.3.49, Repoman-2.3.10

 dev-libs/openssl/Manifest                  |   2 -
 dev-libs/openssl/openssl-1.1.1_pre8.ebuild | 244 ----------------------------
 dev-libs/openssl/openssl-1.1.1_pre9.ebuild | 248 -----------------------------
 3 files changed, 494 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 523a6779775..a942f505233 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -10,6 +10,4 @@ DIST openssl-1.1.0i.tar.gz 5453234 BLAKE2B ae6bec9c116769d98a77165b96fb7d201fe2e
 DIST openssl-1.1.0i_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879
 DIST openssl-1.1.0i_ectest.c 29908 BLAKE2B b398bafd5d5aea71daa9c3e2749dece9e515950e35547a6191d83987907aae73e090a4b552636af4d1ab2b39f7e3b1ea3fde2012c99f068f9c99d247996c1212 SHA512 e4445f8959b040caca6a7494da2026b840f84348df5d4eab47a68570d274333f62fa0c381955093edd86c857dad98595ffa2980c54afdcf2a8d32f32d0c70450
 DIST openssl-1.1.0i_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
-DIST openssl-1.1.1-pre8.tar.gz 8334954 BLAKE2B 97cd018908925abd5a4eb660b3488b23efb582dd49dd87504e5522b2e9c5c6500417ef4893590a60ce35cfa316de51bfbf3e448e9cb2a5858ecd8ae72722922d SHA512 33b20f8589e0ba67500993635e1ba7f7f7ce2b6fa1eb8d4d7c44711ff047045dde57ad7e0605377c2b030fc954a3fb9b1f1d68feac2080991ef2b1b72a761041
-DIST openssl-1.1.1-pre9.tar.gz 8411103 BLAKE2B 93ac540afdf734c67aabbaf0682b43f044e8c05f80c0b1e7af926dd4179b215f68d569de24e45ae78a6915923ab5f77a8aa5690873e01c16478bf61d1f1c2a9b SHA512 cf23c11d7591cfa6dfd8b1086c2cdd33bd56f9eb44721cd60b228ef4d3c0c5de650dca53ae7becf7c8f0a9dd4bdae287f48116a3ac11d106b36919deb3214aa2
 DIST openssl-1.1.1.tar.gz 8337920 BLAKE2B 266fb97bad4e1e7c0694c67a065d6669560695c92ad8fa10824169288a3fdfb9798faf408274a1e0c4e10a83a12b57367611bf4037dd2ab7ee74d7edab580a7b SHA512 c0284a4fe84bdf765ca5bc5148da4441ffc36392cfecaf9d372af00cf93b6de5681cab1248b6f8246474532155dc205da5ad49549ad7c61c07c917145e7c9c71

diff --git a/dev-libs/openssl/openssl-1.1.1_pre8.ebuild b/dev-libs/openssl/openssl-1.1.1_pre8.ebuild
deleted file mode 100644
index 746a28e3de3..00000000000
--- a/dev-libs/openssl/openssl-1.1.1_pre8.ebuild
+++ /dev/null
@@ -1,244 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-[[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${PATCHES[@]}"
-	fi
-
-	eapply_user #332661
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		$(use_ssl !bindist srp) \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl sslv3 ssl3-method) \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
-	)
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED%/}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED%/}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.1_pre9.ebuild b/dev-libs/openssl/openssl-1.1.1_pre9.ebuild
deleted file mode 100644
index 4c92eedb393..00000000000
--- a/dev-libs/openssl/openssl-1.1.1_pre9.ebuild
+++ /dev/null
@@ -1,248 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-[[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user #332661
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX%/}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		$(use_ssl !bindist srp) \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl sslv3 ssl3-method) \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX%/}"/usr \
-		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
-	)
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED%/}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED%/}"/usr || die
-	fi
-
-	emake DESTDIR="${D%/}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED%/}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED%/}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     c5b2a6f534ab44e70a1be4c1a7946a2673e61dc7
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Sep  9 11:54:09 2018 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Sep  9 11:54:09 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5b2a6f5

dev-libs/openssl: mark stable wrt bug #663654

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 dev-libs/openssl/openssl-1.0.2p.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2p.ebuild b/dev-libs/openssl/openssl-1.0.2p.ebuild
index 9cca78d6da8..b8c283fe917 100644
--- a/dev-libs/openssl/openssl-1.0.2p.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2p.ebuild
@@ -19,7 +19,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     d9fd788b33ff7e760b2ed4762a94cf587f0c5701
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Sep  9 11:56:09 2018 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Sep  9 11:56:09 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9fd788b

dev-libs/openssl: Drop old

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 dev-libs/openssl/Manifest                 |   5 -
 dev-libs/openssl/openssl-1.0.2o-r3.ebuild | 252 -------------------------
 dev-libs/openssl/openssl-1.0.2o-r6.ebuild | 297 ------------------------------
 3 files changed, 554 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 6486f149bc2..ba5fdcfbf60 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,10 +1,5 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
-DIST openssl-1.0.2-patches-1.4.tar.xz 12864 BLAKE2B ace6a782ef97b61af44988f978d089adffb06894617f9d66d3fce664c04d360b2774e1dd38c2171151fa93fe92428d405674bc2d452d520f10da426f95d09aee SHA512 d152af2841f1bf11c7f2a5ebba9a2b903fb4bcdef0468c56af0f9cc8c020adbf4490ac1a62f5bae8cbe18e379934fa997bfda1c2d49ec62365c07a0c0515a72d
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
-DIST openssl-1.0.2o.tar.gz 5329472 BLAKE2B 30226db49be04317da3a76cce68d5aa401decd198f92505bddb0c72a7ef6a79f3c9c06d4a816db734e2a0991ebcab8b207feced26d83639e50c821d9e76ddc45 SHA512 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd
-DIST openssl-1.0.2o_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
-DIST openssl-1.0.2o_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
-DIST openssl-1.0.2o_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
 DIST openssl-1.0.2p.tar.gz 5338192 BLAKE2B fe4c0e2bf75d47a76e7377c7977be7bcaaa532061ab89ee989786eeb6495295711a29a88bf026c85d9ed55c97e71b0e9c8cf4c29b6e58a3dc56bcff518666823 SHA512 958c5a7c3324bbdc8f07dfb13e11329d9a1b4452c07cf41fbd2d42b5fe29c95679332a3476d24c2dc2b88be16e4a24744aba675a05a388c0905756c77a8a2f16
 DIST openssl-1.0.2p_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2p_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19

diff --git a/dev-libs/openssl/openssl-1.0.2o-r3.ebuild b/dev-libs/openssl/openssl-1.0.2o-r3.ebuild
deleted file mode 100644
index f372f86e99c..00000000000
--- a/dev-libs/openssl/openssl-1.0.2o-r3.ebuild
+++ /dev/null
@@ -1,252 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-PATCH_SET="openssl-1.0.2-patches-1.4"
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	mirror://gentoo/${PATCH_SET}.tar.xz
-	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
-	https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${WORKDIR}"/patch/*.patch
-	fi
-
-	eapply_user
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	# https://github.com/openssl/openssl/issues/2286
-	if use ia64 ; then
-		replace-flags -g3 -g2
-		replace-flags -ggdb3 -ggdb2
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
-	einstalldocs
-
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.0.2o-r6.ebuild b/dev-libs/openssl/openssl-1.0.2o-r6.ebuild
deleted file mode 100644
index 675a09eea9d..00000000000
--- a/dev-libs/openssl/openssl-1.0.2o-r6.ebuild
+++ /dev/null
@@ -1,297 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-PATCH_SET="openssl-1.0.2-patches-1.4"
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	mirror://gentoo/${PATCH_SET}.tar.xz
-	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
-	https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-# These are ported instead
-#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-#PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f25'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
-		for i in "${FEDORA_PATCH[@]}" ; do
-			eapply "${DISTDIR}"/"${i}"
-		done
-		eapply "${FILESDIR}"/openssl-1.0.2o-hobble-ecc.patch
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-		# $(use_ssl !bindist srp) \
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${WORKDIR}"/patch/*.patch
-		eapply "${FILESDIR}"/${P}-CVE-2018-0732.patch
-	fi
-
-	eapply_user
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	# https://github.com/openssl/openssl/issues/2286
-	if use ia64 ; then
-		replace-flags -g3 -g2
-		replace-flags -ggdb3 -ggdb2
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		$(use_ssl !bindist srp) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
-	einstalldocs
-
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Matt Turner]

commit:     bc0c520ff6fff72012c7a44fc738fb1d778da5e1
Author:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Fri Sep  7 20:23:14 2018 +0000
Commit:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Fri Sep  7 20:23:14 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc0c520f

dev-libs/openssl-1.0.2p: alpha stable, bug 663654

 dev-libs/openssl/openssl-1.0.2p.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2p.ebuild b/dev-libs/openssl/openssl-1.0.2p.ebuild
index 410bb8bcfd3..9cca78d6da8 100644
--- a/dev-libs/openssl/openssl-1.0.2p.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2p.ebuild
@@ -19,7 +19,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mart Raudsepp]

commit:     8250ce0960c70a9a04ee6e20beeed721c44a356d
Author:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Fri Sep  7 09:49:04 2018 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Fri Sep  7 09:49:30 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8250ce09

dev-libs/openssl-1.0.2p: arm64 stable (bug 663654)

Package-Manager: Portage-2.3.48, Repoman-2.3.10

 dev-libs/openssl/openssl-1.0.2p.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2p.ebuild b/dev-libs/openssl/openssl-1.0.2p.ebuild
index 42709aebb44..410bb8bcfd3 100644
--- a/dev-libs/openssl/openssl-1.0.2p.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2p.ebuild
@@ -19,7 +19,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     a27c95a8bc147094b7e1881fd6b67ca9f5f60407
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Sep  6 15:26:09 2018 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Sep  6 15:26:09 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a27c95a8

dev-libs/openssl: amd64 stable wrt bug #663654

Package-Manager: Portage-2.3.40, Repoman-2.3.9
RepoMan-Options: --include-arches="amd64"

 dev-libs/openssl/openssl-1.0.2p.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2p.ebuild b/dev-libs/openssl/openssl-1.0.2p.ebuild
index ef70b21c1d7..42709aebb44 100644
--- a/dev-libs/openssl/openssl-1.0.2p.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2p.ebuild
@@ -19,7 +19,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     d0c2e3314fb21e805502c41e23b6e6e784389d63
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  5 14:03:19 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Sep  5 14:03:59 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0c2e331

dev-libs/openssl: fix broken prefix support

Commit ed7230d4486049fdd155ac6b86e07578d624aeb0 has broken prefix
support which this commit will fix.

Closes: https://bugs.gentoo.org/665272
Package-Manager: Portage-2.3.48, Repoman-2.3.10

 dev-libs/openssl/openssl-1.0.2p.ebuild     | 6 +++---
 dev-libs/openssl/openssl-1.1.1_pre9.ebuild | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2p.ebuild b/dev-libs/openssl/openssl-1.0.2p.ebuild
index ddc45aa8700..ef70b21c1d7 100644
--- a/dev-libs/openssl/openssl-1.0.2p.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2p.ebuild
@@ -239,10 +239,10 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	# We need to create $D/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${D%/}/usr" ]]; then
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED%/}/usr" ]]; then
 		# We can only create this directory once
-		mkdir "${D%/}"/usr || die
+		mkdir "${ED%/}"/usr || die
 	fi
 
 	emake INSTALL_PREFIX="${D%/}" install

diff --git a/dev-libs/openssl/openssl-1.1.1_pre9.ebuild b/dev-libs/openssl/openssl-1.1.1_pre9.ebuild
index e694ab91d16..4c92eedb393 100644
--- a/dev-libs/openssl/openssl-1.1.1_pre9.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1_pre9.ebuild
@@ -185,13 +185,13 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	# We need to create $D/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${D%/}/usr" ]]; then
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED%/}/usr" ]]; then
 		# We can only create this directory once
-		mkdir "${D%/}"/usr || die
+		mkdir "${ED%/}"/usr || die
 	fi
 
-	emake DESTDIR="${D%}" install
+	emake DESTDIR="${D%/}" install
 }
 
 multilib_src_install_all() {

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     ed7230d4486049fdd155ac6b86e07578d624aeb0
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Sep  3 14:37:33 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Sep  3 14:39:51 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed7230d4

dev-libs/openssl: fix race condition in install phase

Closes: https://bugs.gentoo.org/665130
Package-Manager: Portage-2.3.48, Repoman-2.3.10

 dev-libs/openssl/openssl-1.0.2p.ebuild     | 18 ++++++++++++------
 dev-libs/openssl/openssl-1.1.1_pre9.ebuild | 16 +++++++++++-----
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2p.ebuild b/dev-libs/openssl/openssl-1.0.2p.ebuild
index 74788708e98..ddc45aa8700 100644
--- a/dev-libs/openssl/openssl-1.0.2p.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2p.ebuild
@@ -106,7 +106,7 @@ src_prepare() {
 		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
 		-e $(has noman FEATURES \
 			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
 		Makefile.org \
 		|| die
 	# show the actual commands in the log
@@ -131,7 +131,7 @@ src_prepare() {
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
 
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
 	# The config script does stupid stuff to prompt the user.  Kill it.
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
 	./config --test-sanity || die "I AM NOT SANE"
@@ -203,8 +203,8 @@ multilib_src_configure() {
 		$(use_ssl sslv3 ssl3) \
 		$(use_ssl tls-heartbeat heartbeats) \
 		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--prefix="${EPREFIX%/}"/usr \
+		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
 		--libdir=$(get_libdir) \
 		shared threads \
 		|| die
@@ -239,13 +239,19 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake INSTALL_PREFIX="${D}" install
+	# We need to create $D/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${D%/}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${D%/}"/usr || die
+	fi
+
+	emake INSTALL_PREFIX="${D%/}" install
 }
 
 multilib_src_install_all() {
 	# openssl installs perl version of c_rehash by default, but
 	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
+	rm "${ED%/}"/usr/bin/c_rehash || die
 
 	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
 	einstalldocs

diff --git a/dev-libs/openssl/openssl-1.1.1_pre9.ebuild b/dev-libs/openssl/openssl-1.1.1_pre9.ebuild
index e16b92f76ff..e694ab91d16 100644
--- a/dev-libs/openssl/openssl-1.1.1_pre9.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1_pre9.ebuild
@@ -58,7 +58,7 @@ src_prepare() {
 		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
 		-e $(has noman FEATURES \
 			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
 		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
 		Configurations/unix-Makefile.tmpl \
 		|| die
@@ -78,7 +78,7 @@ src_prepare() {
 
 	# Prefixify Configure shebang (#141906)
 	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-e "1s,/usr/bin/env,${EPREFIX%/}&," \
 		-i Configure || die
 	# Remove test target when FEATURES=test isn't set
 	if ! use test ; then
@@ -150,8 +150,8 @@ multilib_src_configure() {
 		$(use_ssl sctp) \
 		$(use_ssl tls-heartbeat heartbeats) \
 		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--prefix="${EPREFIX%/}"/usr \
+		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
 		--libdir=$(get_libdir) \
 		shared threads \
 		|| die
@@ -185,7 +185,13 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake DESTDIR="${D}" install
+	# We need to create $D/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${D%/}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${D%/}"/usr || die
+	fi
+
+	emake DESTDIR="${D%}" install
 }
 
 multilib_src_install_all() {

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     973bcb6da64e8a71a2578a70eb073a3f20b94340
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Mon Sep  3 05:44:02 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Mon Sep  3 06:19:06 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=973bcb6d

dev-libs/openssl: stable 1.0.2p for sparc, bug #663654

Package-Manager: Portage-2.3.40, Repoman-2.3.9
RepoMan-Options: --include-arches="sparc"

 dev-libs/openssl/openssl-1.0.2p.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2p.ebuild b/dev-libs/openssl/openssl-1.0.2p.ebuild
index e5a18596401..74788708e98 100644
--- a/dev-libs/openssl/openssl-1.0.2p.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2p.ebuild
@@ -19,7 +19,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     08348d3af0fd23c4b4f6ccaab544b950df7316ad
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Sep  2 11:11:59 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Sep  2 11:12:19 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08348d3a

dev-libs/openssl: stable 1.0.2p for hppa, bug #663654

Package-Manager: Portage-2.3.48, Repoman-2.3.10
RepoMan-Options: --include-arches="hppa"

 dev-libs/openssl/openssl-1.0.2p.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2p.ebuild b/dev-libs/openssl/openssl-1.0.2p.ebuild
index a40137ec11c..e5a18596401 100644
--- a/dev-libs/openssl/openssl-1.0.2p.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2p.ebuild
@@ -19,7 +19,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     c13a0f41e5b74fa45d05e39f222e104f3eda87b3
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sat Sep  1 23:24:32 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sat Sep  1 23:24:32 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c13a0f41

dev-libs/openssl: stable 1.0.2p for ppc64, bug #663654

Package-Manager: Portage-2.3.48, Repoman-2.3.10
RepoMan-Options: --include-arches="ppc64"

 dev-libs/openssl/openssl-1.0.2p.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2p.ebuild b/dev-libs/openssl/openssl-1.0.2p.ebuild
index 67524c08f6a..a40137ec11c 100644
--- a/dev-libs/openssl/openssl-1.0.2p.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2p.ebuild
@@ -19,7 +19,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     bcabaf580ee4a0cddcb45482c61b5c4eade53434
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sat Sep  1 23:15:19 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sat Sep  1 23:15:19 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcabaf58

dev-libs/openssl: stable 1.0.2p for ia64, bug #663654

Package-Manager: Portage-2.3.48, Repoman-2.3.10
RepoMan-Options: --include-arches="ia64"

 dev-libs/openssl/openssl-1.0.2p.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2p.ebuild b/dev-libs/openssl/openssl-1.0.2p.ebuild
index d6b2c542803..67524c08f6a 100644
--- a/dev-libs/openssl/openssl-1.0.2p.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2p.ebuild
@@ -19,7 +19,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     b1b65d1f3b4799f0bc1fc9f8ca07869e6290a752
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sat Sep  1 22:05:25 2018 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sat Sep  1 22:07:33 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1b65d1f

dev-libs/openssl: amd64 stable wrt bug #663654

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 dev-libs/openssl/openssl-1.0.2o-r6.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2o-r6.ebuild b/dev-libs/openssl/openssl-1.0.2o-r6.ebuild
index 7cf37ddb507..675a09eea9d 100644
--- a/dev-libs/openssl/openssl-1.0.2o-r6.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o-r6.ebuild
@@ -16,7 +16,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     7196e6b474bab6997d8f26764089773261afc899
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Sep  1 17:31:07 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Sep  1 17:54:47 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7196e6b4

dev-libs/openssl: x86 stable (bug #663654)

Package-Manager: Portage-2.3.48, Repoman-2.3.10

 dev-libs/openssl/openssl-1.0.2p.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2p.ebuild b/dev-libs/openssl/openssl-1.0.2p.ebuild
index 148b2fd52a7..d6b2c542803 100644
--- a/dev-libs/openssl/openssl-1.0.2p.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2p.ebuild
@@ -19,7 +19,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     fd5cf8ed9414ace7fb2b765228809c4335feab09
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 21 13:15:16 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Aug 21 13:23:48 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd5cf8ed

dev-libs/openssl: bump to v1.1.1 pre release 9 (beta)

- openssl-1.0.2a-x32-asm.patch dropped which shouldn't be
  necessary anymore according to upstream [Link 1].

Link 1: https://rt.openssl.org/Ticket/Display.html?id=3759#txn-62605
Bug: https://bugs.gentoo.org/542618
Package-Manager: Portage-2.3.48, Repoman-2.3.10

 dev-libs/openssl/Manifest                  |   1 +
 dev-libs/openssl/openssl-1.1.1_pre9.ebuild | 242 +++++++++++++++++++++++++++++
 2 files changed, 243 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 212725b6ee8..6486f149bc2 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -16,3 +16,4 @@ DIST openssl-1.1.0i_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8
 DIST openssl-1.1.0i_ectest.c 29908 BLAKE2B b398bafd5d5aea71daa9c3e2749dece9e515950e35547a6191d83987907aae73e090a4b552636af4d1ab2b39f7e3b1ea3fde2012c99f068f9c99d247996c1212 SHA512 e4445f8959b040caca6a7494da2026b840f84348df5d4eab47a68570d274333f62fa0c381955093edd86c857dad98595ffa2980c54afdcf2a8d32f32d0c70450
 DIST openssl-1.1.0i_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
 DIST openssl-1.1.1-pre8.tar.gz 8334954 BLAKE2B 97cd018908925abd5a4eb660b3488b23efb582dd49dd87504e5522b2e9c5c6500417ef4893590a60ce35cfa316de51bfbf3e448e9cb2a5858ecd8ae72722922d SHA512 33b20f8589e0ba67500993635e1ba7f7f7ce2b6fa1eb8d4d7c44711ff047045dde57ad7e0605377c2b030fc954a3fb9b1f1d68feac2080991ef2b1b72a761041
+DIST openssl-1.1.1-pre9.tar.gz 8411103 BLAKE2B 93ac540afdf734c67aabbaf0682b43f044e8c05f80c0b1e7af926dd4179b215f68d569de24e45ae78a6915923ab5f77a8aa5690873e01c16478bf61d1f1c2a9b SHA512 cf23c11d7591cfa6dfd8b1086c2cdd33bd56f9eb44721cd60b228ef4d3c0c5de650dca53ae7becf7c8f0a9dd4bdae287f48116a3ac11d106b36919deb3214aa2

diff --git a/dev-libs/openssl/openssl-1.1.1_pre9.ebuild b/dev-libs/openssl/openssl-1.1.1_pre9.ebuild
new file mode 100644
index 00000000000..c869ecb3ce0
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1_pre9.ebuild
@@ -0,0 +1,242 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		$(use_ssl !bindist ec) \
+		$(use_ssl !bindist srp) \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	# Fix quoting for sed
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+		-e 's:\\:\\\\:g' \
+	)
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED%/}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED%/}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Patrick McLean]

commit:     c511c418f3d19e32999d7ff46e62412c61c3c1c5
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 14 22:29:09 2018 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue Aug 14 22:29:46 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c511c418

dev-libs/openssl: Version bump to 1.0.2p

Package-Manager: Portage-2.3.46, Repoman-2.3.10

 dev-libs/openssl/Manifest              |   5 +
 dev-libs/openssl/openssl-1.0.2p.ebuild | 300 +++++++++++++++++++++++++++++++++
 2 files changed, 305 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index f405455302b..212725b6ee8 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,9 +1,14 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
 DIST openssl-1.0.2-patches-1.4.tar.xz 12864 BLAKE2B ace6a782ef97b61af44988f978d089adffb06894617f9d66d3fce664c04d360b2774e1dd38c2171151fa93fe92428d405674bc2d452d520f10da426f95d09aee SHA512 d152af2841f1bf11c7f2a5ebba9a2b903fb4bcdef0468c56af0f9cc8c020adbf4490ac1a62f5bae8cbe18e379934fa997bfda1c2d49ec62365c07a0c0515a72d
+DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
 DIST openssl-1.0.2o.tar.gz 5329472 BLAKE2B 30226db49be04317da3a76cce68d5aa401decd198f92505bddb0c72a7ef6a79f3c9c06d4a816db734e2a0991ebcab8b207feced26d83639e50c821d9e76ddc45 SHA512 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd
 DIST openssl-1.0.2o_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2o_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
 DIST openssl-1.0.2o_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
+DIST openssl-1.0.2p.tar.gz 5338192 BLAKE2B fe4c0e2bf75d47a76e7377c7977be7bcaaa532061ab89ee989786eeb6495295711a29a88bf026c85d9ed55c97e71b0e9c8cf4c29b6e58a3dc56bcff518666823 SHA512 958c5a7c3324bbdc8f07dfb13e11329d9a1b4452c07cf41fbd2d42b5fe29c95679332a3476d24c2dc2b88be16e4a24744aba675a05a388c0905756c77a8a2f16
+DIST openssl-1.0.2p_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
+DIST openssl-1.0.2p_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
+DIST openssl-1.0.2p_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
 DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0
 DIST openssl-1.1.0-ec-curves.patch 2967 BLAKE2B 1c639514445ea85cf731732aa7901b5a03ddb5f637b0483ab2ec6825433ad978723c5a07316db684bdaca4a12fc673b4e049a49c0cd4dbe5f25a5e2bd3b75cf5 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2
 DIST openssl-1.1.0i.tar.gz 5453234 BLAKE2B ae6bec9c116769d98a77165b96fb7d201fe2ede8ee98e3cb68eba496cc90a5fae38dbcbb68b824c9eeacb25605aa80c3ccca9b4f00725658da3ad646834b0f9d SHA512 4a9d454031f644a3072a980f4ea20df976f6c5c58178549dfa62fd4dcf1417509e3be517d2ccb265c87688836f2993531b142fc5971bac5c41d33060057627df

diff --git a/dev-libs/openssl/openssl-1.0.2p.ebuild b/dev-libs/openssl/openssl-1.0.2p.ebuild
new file mode 100644
index 00000000000..f6f695eb586
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2p.ebuild
@@ -0,0 +1,300 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+PATCH_SET="openssl-1.0.2-patches-1.5"
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	!vanilla? (
+		mirror://gentoo/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+	)"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+# These are ported instead
+#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+#PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f25'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
+		for i in "${FEDORA_PATCH[@]}" ; do
+			eapply "${DISTDIR}"/"${i}"
+		done
+		eapply "${FILESDIR}"/openssl-1.0.2o-hobble-ecc.patch
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+		# $(use_ssl !bindist srp) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		eapply "${WORKDIR}"/patch/*.patch
+	fi
+
+	eapply_user
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	# this breaks build with 1.0.2p, not sure if it is needed anymore
+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist srp) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 V=1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake INSTALL_PREFIX="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
+	einstalldocs
+
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     aa46178b9cff64762121d9f5267eaf06e8f6524a
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Jun  2 18:29:42 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Jun  2 18:32:51 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa46178b

dev-libs/openssl: Don't include kerberos dir in pkgconfig files.

Thanks-to: Arfrever Frehtes Taifersar Arahesis <Arfrever <AT> Apache.Org>
Closes: https://bugs.gentoo.org/401665
Package-Manager: Portage-2.3.40, Repoman-2.3.9

 dev-libs/openssl/Manifest                          |   3 +-
 dev-libs/openssl/openssl-1.0.2o-r1.ebuild          | 251 ---------------------
 ...nssl-1.0.2o.ebuild => openssl-1.0.2o-r3.ebuild} |   5 +-
 ...l-1.0.2o-r2.ebuild => openssl-1.0.2o-r4.ebuild} |   5 +-
 4 files changed, 7 insertions(+), 257 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 1bb7dad417f..0abab2d57a3 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,6 +1,5 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
-DIST openssl-1.0.2-patches-1.2.tar.xz 12208 BLAKE2B 99b7a3538aeeecf8e1939fb08d26e2ce6aa4140488f0f6fc382a4f0dbdd67a0204c4689809e9d170148ad6686d4dbf0c8fc95802712270b0ea5720bc06c8fbbf SHA512 5e5739ab7132e986abe9704739dab2ccd16df9696318ed29762d4ee0245fd2645f9435f7340ba36edd5531a83e48489fc659ad78c09ded0e0d021dd5a3906ea6
-DIST openssl-1.0.2-patches-1.3.tar.xz 12592 BLAKE2B bce0c289ae689091fe62e9c0d7d631cd915fd17beb81b0879931e0414f25c8a08425a08514e28ea7e81c1be23cf162f3bcad7cc3933f2378f53decabd3a7903d SHA512 3ad3efa45eddb733e3db9c406f9f651dbf939bbb13debbcab12b49ecf72490a4868b1563de60ee106483c1b23bd2092fc58c8fc911fe62a019cb97d738163723
+DIST openssl-1.0.2-patches-1.4.tar.xz 12864 BLAKE2B ace6a782ef97b61af44988f978d089adffb06894617f9d66d3fce664c04d360b2774e1dd38c2171151fa93fe92428d405674bc2d452d520f10da426f95d09aee SHA512 d152af2841f1bf11c7f2a5ebba9a2b903fb4bcdef0468c56af0f9cc8c020adbf4490ac1a62f5bae8cbe18e379934fa997bfda1c2d49ec62365c07a0c0515a72d
 DIST openssl-1.0.2o.tar.gz 5329472 BLAKE2B 30226db49be04317da3a76cce68d5aa401decd198f92505bddb0c72a7ef6a79f3c9c06d4a816db734e2a0991ebcab8b207feced26d83639e50c821d9e76ddc45 SHA512 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd
 DIST openssl-1.0.2o_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2o_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19

diff --git a/dev-libs/openssl/openssl-1.0.2o-r1.ebuild b/dev-libs/openssl/openssl-1.0.2o-r1.ebuild
deleted file mode 100644
index 256e230d7cf..00000000000
--- a/dev-libs/openssl/openssl-1.0.2o-r1.ebuild
+++ /dev/null
@@ -1,251 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-PATCH_SET="openssl-1.0.2-patches-1.3"
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	mirror://gentoo/${PATCH_SET}.tar.xz
-	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${WORKDIR}"/patch/*.patch
-	fi
-
-	eapply_user
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	# https://github.com/openssl/openssl/issues/2286
-	if use ia64 ; then
-		replace-flags -g3 -g2
-		replace-flags -ggdb3 -ggdb2
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
-	einstalldocs
-
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.0.2o.ebuild b/dev-libs/openssl/openssl-1.0.2o-r3.ebuild
similarity index 97%
rename from dev-libs/openssl/openssl-1.0.2o.ebuild
rename to dev-libs/openssl/openssl-1.0.2o-r3.ebuild
index b8a3ec6ee43..f54edbbadc2 100644
--- a/dev-libs/openssl/openssl-1.0.2o.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o-r3.ebuild
@@ -5,13 +5,14 @@ EAPI="6"
 
 inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
 
-PATCH_SET="openssl-1.0.2-patches-1.2"
+PATCH_SET="openssl-1.0.2-patches-1.4"
 MY_P=${P/_/-}
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
 HOMEPAGE="https://www.openssl.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 	mirror://gentoo/${PATCH_SET}.tar.xz
-	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz"
+	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
+	https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz"
 
 LICENSE="openssl"
 SLOT="0"

diff --git a/dev-libs/openssl/openssl-1.0.2o-r2.ebuild b/dev-libs/openssl/openssl-1.0.2o-r4.ebuild
similarity index 98%
rename from dev-libs/openssl/openssl-1.0.2o-r2.ebuild
rename to dev-libs/openssl/openssl-1.0.2o-r4.ebuild
index 8959ecc1213..335dce5ded3 100644
--- a/dev-libs/openssl/openssl-1.0.2o-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o-r4.ebuild
@@ -5,13 +5,14 @@ EAPI="6"
 
 inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
 
-PATCH_SET="openssl-1.0.2-patches-1.3"
+PATCH_SET="openssl-1.0.2-patches-1.4"
 MY_P=${P/_/-}
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
 HOMEPAGE="https://www.openssl.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 	mirror://gentoo/${PATCH_SET}.tar.xz
-	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz"
+	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
+	https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz"
 
 LICENSE="openssl"
 SLOT="0"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Frysinger]

commit:     1c58343d4466e6e1d9123d10b9ca83c7926ca2a6
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed May 30 19:53:09 2018 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed May 30 19:53:09 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c58343d

dev-libs/openssl: mark 1.0.2o m68k/s390/sh stable

 dev-libs/openssl/openssl-1.0.2o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2o.ebuild b/dev-libs/openssl/openssl-1.0.2o.ebuild
index ac94fad85ce..b8a3ec6ee43 100644
--- a/dev-libs/openssl/openssl-1.0.2o.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     826bfcc001db75f8992e567de05508bd7fe979ba
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed May 30 09:54:05 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed May 30 10:02:37 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=826bfcc0

dev-libs/openssl: Bump to version 1.1.1_pre7. Removed old.

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 dev-libs/openssl/Manifest                                               | 2 +-
 .../openssl/{openssl-1.1.1_pre6.ebuild => openssl-1.1.1_pre7.ebuild}    | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 1ba31e790c4..1bb7dad417f 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -11,4 +11,4 @@ DIST openssl-1.1.0h.tar.gz 5422717 BLAKE2B 11de1468855c0bb1836fb346c8efdfedd0613
 DIST openssl-1.1.0h_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879
 DIST openssl-1.1.0h_ectest.c 29907 BLAKE2B 73dc800c1de5449f14d7753f7f7b8e672cd36bd4570e6df07f246d1d823c7dbbeef492f25cdd0ebfd693f5956732bc84c9d91fc6a22c854fe4b245ecf3890bda SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae
 DIST openssl-1.1.0h_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
-DIST openssl-1.1.1-pre6.tar.gz 8286337 BLAKE2B 7efa3982148b8bdc64d9db961de830fe45bd087cd422160f231279cba02bafb35b53105e636d2b519e7bfeab318708b279b5ef47dc91956d67a1dc2891e857a4 SHA512 a26e53bce188e0abb20a323414426c3dcd8ed1e9d73f70aa291489aeb91524a80456940f084993bf8e52902be7dc80f841dcce97b678bf6cff243f5fbed58999
+DIST openssl-1.1.1-pre7.tar.gz 8308876 BLAKE2B 621cc6c541d81c2fa62e12eb75b62f1444af2bc1fcf001620515810700eacc3b36975a5b0c4764fed78c37ad1c9ad78b94f5115794b929626b085ccab15d9ab0 SHA512 38efa67b26e83a4dcb6da2d61d92b6be890535c61cec23d781d49efe66173fd9b9185b89ba50d591fed65f440417e16ba0738ffba58a684e48e8b82032ea36ff

diff --git a/dev-libs/openssl/openssl-1.1.1_pre6.ebuild b/dev-libs/openssl/openssl-1.1.1_pre7.ebuild
similarity index 100%
rename from dev-libs/openssl/openssl-1.1.1_pre6.ebuild
rename to dev-libs/openssl/openssl-1.1.1_pre7.ebuild

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     a702e53dab39c9acb75cc705963bd66d05384c7b
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sat May 26 10:06:03 2018 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sat May 26 10:07:13 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a702e53d

dev-libs/openssl: ppc stable wrt bug #651730

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 dev-libs/openssl/openssl-1.0.2o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2o.ebuild b/dev-libs/openssl/openssl-1.0.2o.ebuild
index 341f9075949..ac94fad85ce 100644
--- a/dev-libs/openssl/openssl-1.0.2o.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     6c8ffcc011366d8539b8a4f635b411e40dba6a1b
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sat May 26 10:06:46 2018 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sat May 26 10:07:14 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c8ffcc0

dev-libs/openssl: Drop insecure

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 dev-libs/openssl/Manifest              |   2 -
 dev-libs/openssl/openssl-1.0.2n.ebuild | 251 ---------------------------------
 2 files changed, 253 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 3aa4b9d60df..1ba31e790c4 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,8 +1,6 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
-DIST openssl-1.0.2-patches-1.0.tar.xz 11572 BLAKE2B bdb9d2b8388f1aadf3a9274133aa8f86b0029fae1ce86d005baa39a7347657f8d4d84395b54e8ccd67944356ee197dfb527f843b4f146e305533e2ad5450721d SHA512 15234ade359a0acf001cf10c7a7fc05f54603a44c67831529c2a6eda03342f9ba1cf40664ac782b5b73c50b23ec5649fb48ccff2aea8f0df2ef634959c47e3e9
 DIST openssl-1.0.2-patches-1.2.tar.xz 12208 BLAKE2B 99b7a3538aeeecf8e1939fb08d26e2ce6aa4140488f0f6fc382a4f0dbdd67a0204c4689809e9d170148ad6686d4dbf0c8fc95802712270b0ea5720bc06c8fbbf SHA512 5e5739ab7132e986abe9704739dab2ccd16df9696318ed29762d4ee0245fd2645f9435f7340ba36edd5531a83e48489fc659ad78c09ded0e0d021dd5a3906ea6
 DIST openssl-1.0.2-patches-1.3.tar.xz 12592 BLAKE2B bce0c289ae689091fe62e9c0d7d631cd915fd17beb81b0879931e0414f25c8a08425a08514e28ea7e81c1be23cf162f3bcad7cc3933f2378f53decabd3a7903d SHA512 3ad3efa45eddb733e3db9c406f9f651dbf939bbb13debbcab12b49ecf72490a4868b1563de60ee106483c1b23bd2092fc58c8fc911fe62a019cb97d738163723
-DIST openssl-1.0.2n.tar.gz 5375802 BLAKE2B 2e04f8c3d5e2296859b8474d7e100e270f53f18a26c6d37a4cf5e01cd14f44d24d334b4e705da05d77c33b5dc91cffea0feea9f7c83c77ba16c9b6d5f5085894 SHA512 144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687
 DIST openssl-1.0.2o.tar.gz 5329472 BLAKE2B 30226db49be04317da3a76cce68d5aa401decd198f92505bddb0c72a7ef6a79f3c9c06d4a816db734e2a0991ebcab8b207feced26d83639e50c821d9e76ddc45 SHA512 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd
 DIST openssl-1.0.2o_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2o_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19

diff --git a/dev-libs/openssl/openssl-1.0.2n.ebuild b/dev-libs/openssl/openssl-1.0.2n.ebuild
deleted file mode 100644
index db4a0a8bd9d..00000000000
--- a/dev-libs/openssl/openssl-1.0.2n.ebuild
+++ /dev/null
@@ -1,251 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-PATCH_SET="openssl-1.0.2-patches-1.0"
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	mirror://gentoo/${PATCH_SET}.tar.xz
-	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${WORKDIR}"/patch/*.patch
-	fi
-
-	eapply_user
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	# https://github.com/openssl/openssl/issues/2286
-	if use ia64 ; then
-		replace-flags -g3 -g2
-		replace-flags -ggdb3 -ggdb2
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
-	einstalldocs
-
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     978e16cea232163fe5f344703c91cdd18bea91db
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Sat May 19 11:29:01 2018 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Sat May 19 11:32:53 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=978e16ce

dev-libs/openssl: Whitespace.

Package-Manager: Portage-2.3.38, Repoman-2.3.9

 dev-libs/openssl/openssl-1.0.2o-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2o-r2.ebuild b/dev-libs/openssl/openssl-1.0.2o-r2.ebuild
index ce7b536e3ab..8959ecc1213 100644
--- a/dev-libs/openssl/openssl-1.0.2o-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o-r2.ebuild
@@ -12,7 +12,7 @@ HOMEPAGE="https://www.openssl.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 	mirror://gentoo/${PATCH_SET}.tar.xz
 	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz"
-    
+
 LICENSE="openssl"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     962021d3113f309048201d002be477a83424a08e
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu May 17 15:11:31 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu May 17 15:12:08 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=962021d3

dev-libs/openssl: Revbump to re-add Fedora Hobbled-EC for 1.0

which might have been dropped by accident.
This is merely the work robbat2 did in commit
acd5dfadfd157c7dcb73a3ff1f6295416a2ab04e
so all credits belong to him.
Please also have a look at his commit message in above
mentioned commit.

Package-Manager: Portage-2.3.37, Repoman-2.3.9

 dev-libs/openssl/Manifest                 |   3 +
 dev-libs/openssl/openssl-1.0.2o-r2.ebuild | 293 ++++++++++++++++++++++++++++++
 2 files changed, 296 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index f7748301eff..3aa4b9d60df 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -4,6 +4,9 @@ DIST openssl-1.0.2-patches-1.2.tar.xz 12208 BLAKE2B 99b7a3538aeeecf8e1939fb08d26
 DIST openssl-1.0.2-patches-1.3.tar.xz 12592 BLAKE2B bce0c289ae689091fe62e9c0d7d631cd915fd17beb81b0879931e0414f25c8a08425a08514e28ea7e81c1be23cf162f3bcad7cc3933f2378f53decabd3a7903d SHA512 3ad3efa45eddb733e3db9c406f9f651dbf939bbb13debbcab12b49ecf72490a4868b1563de60ee106483c1b23bd2092fc58c8fc911fe62a019cb97d738163723
 DIST openssl-1.0.2n.tar.gz 5375802 BLAKE2B 2e04f8c3d5e2296859b8474d7e100e270f53f18a26c6d37a4cf5e01cd14f44d24d334b4e705da05d77c33b5dc91cffea0feea9f7c83c77ba16c9b6d5f5085894 SHA512 144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687
 DIST openssl-1.0.2o.tar.gz 5329472 BLAKE2B 30226db49be04317da3a76cce68d5aa401decd198f92505bddb0c72a7ef6a79f3c9c06d4a816db734e2a0991ebcab8b207feced26d83639e50c821d9e76ddc45 SHA512 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd
+DIST openssl-1.0.2o_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
+DIST openssl-1.0.2o_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
+DIST openssl-1.0.2o_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
 DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0
 DIST openssl-1.1.0-ec-curves.patch 2967 BLAKE2B 1c639514445ea85cf731732aa7901b5a03ddb5f637b0483ab2ec6825433ad978723c5a07316db684bdaca4a12fc673b4e049a49c0cd4dbe5f25a5e2bd3b75cf5 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2
 DIST openssl-1.1.0h.tar.gz 5422717 BLAKE2B 11de1468855c0bb1836fb346c8efdfedd06139a774fc4dbae1b0e95fea7a33aa39b541e3d2d27f83f2b5f4dd3846cca2356020aa6ec81793085842ab78b3a127 SHA512 fb7750fcd98e6126eb5b92e7ed63d811a5cfa3391d98572003d925f6c7b477690df86a9aa1fa6bf6bf33d02c6c7aee6cff50a38faa8911409f310645898fda39

diff --git a/dev-libs/openssl/openssl-1.0.2o-r2.ebuild b/dev-libs/openssl/openssl-1.0.2o-r2.ebuild
new file mode 100644
index 00000000000..ce7b536e3ab
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2o-r2.ebuild
@@ -0,0 +1,293 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+PATCH_SET="openssl-1.0.2-patches-1.3"
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	mirror://gentoo/${PATCH_SET}.tar.xz
+	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz"
+    
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+#PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f25'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
+		for i in "${FEDORA_PATCH[@]}" ; do
+			eapply "${DISTDIR}"/"${i}"
+		done
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+		# $(use_ssl !bindist srp) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		eapply "${WORKDIR}"/patch/*.patch
+	fi
+
+	eapply_user
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist srp) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake INSTALL_PREFIX="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
+	einstalldocs
+
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     da3c0b5c9bc30ecb417134f851f01cdbcadf2a83
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue May  1 18:34:51 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue May  1 18:35:26 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da3c0b5c

dev-libs/openssl: Bump to version 1.1.1_pre6. Removed old.

Package-Manager: Portage-2.3.31, Repoman-2.3.9

 dev-libs/openssl/Manifest                                               | 2 +-
 .../openssl/{openssl-1.1.1_pre5.ebuild => openssl-1.1.1_pre6.ebuild}    | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index e624d963695..f7748301eff 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -10,4 +10,4 @@ DIST openssl-1.1.0h.tar.gz 5422717 BLAKE2B 11de1468855c0bb1836fb346c8efdfedd0613
 DIST openssl-1.1.0h_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879
 DIST openssl-1.1.0h_ectest.c 29907 BLAKE2B 73dc800c1de5449f14d7753f7f7b8e672cd36bd4570e6df07f246d1d823c7dbbeef492f25cdd0ebfd693f5956732bc84c9d91fc6a22c854fe4b245ecf3890bda SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae
 DIST openssl-1.1.0h_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
-DIST openssl-1.1.1-pre5.tar.gz 8288689 BLAKE2B f65c797a8cce6e2240008ed842d9bc7667ef4bb792a141a0832f475b51b1e499786fa2bab87977aa58f8edaba7c35be1a67563bc8a6d0e41fcf1a3c95961b877 SHA512 dfdf4ee2e0f05ff9af5ecd7305bad4ff8d587c08ea675055048d7eae2a8e38fe74c2e63b13facd95ccbcb586be2d6e388088c567380af64f0ccc88095a881173
+DIST openssl-1.1.1-pre6.tar.gz 8286337 BLAKE2B 7efa3982148b8bdc64d9db961de830fe45bd087cd422160f231279cba02bafb35b53105e636d2b519e7bfeab318708b279b5ef47dc91956d67a1dc2891e857a4 SHA512 a26e53bce188e0abb20a323414426c3dcd8ed1e9d73f70aa291489aeb91524a80456940f084993bf8e52902be7dc80f841dcce97b678bf6cff243f5fbed58999

diff --git a/dev-libs/openssl/openssl-1.1.1_pre5.ebuild b/dev-libs/openssl/openssl-1.1.1_pre6.ebuild
similarity index 100%
rename from dev-libs/openssl/openssl-1.1.1_pre5.ebuild
rename to dev-libs/openssl/openssl-1.1.1_pre6.ebuild

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     109669cd9f6291cad36383ada4b540659561dad3
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 26 13:13:56 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Apr 26 13:25:34 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=109669cd

dev-libs/openssl: Removed bindist exceptions

until Fedora provides patches for openssl-1.1.1

Closes: https://bugs.gentoo.org/654078
Package-Manager: Portage-2.3.31, Repoman-2.3.9

 dev-libs/openssl/Manifest                  |  3 --
 dev-libs/openssl/openssl-1.1.1_pre5.ebuild | 44 ++----------------------------
 2 files changed, 2 insertions(+), 45 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 2da8795bde0..e624d963695 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -11,6 +11,3 @@ DIST openssl-1.1.0h_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8
 DIST openssl-1.1.0h_ectest.c 29907 BLAKE2B 73dc800c1de5449f14d7753f7f7b8e672cd36bd4570e6df07f246d1d823c7dbbeef492f25cdd0ebfd693f5956732bc84c9d91fc6a22c854fe4b245ecf3890bda SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae
 DIST openssl-1.1.0h_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
 DIST openssl-1.1.1-pre5.tar.gz 8288689 BLAKE2B f65c797a8cce6e2240008ed842d9bc7667ef4bb792a141a0832f475b51b1e499786fa2bab87977aa58f8edaba7c35be1a67563bc8a6d0e41fcf1a3c95961b877 SHA512 dfdf4ee2e0f05ff9af5ecd7305bad4ff8d587c08ea675055048d7eae2a8e38fe74c2e63b13facd95ccbcb586be2d6e388088c567380af64f0ccc88095a881173
-DIST openssl-1.1.1_pre5_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879
-DIST openssl-1.1.1_pre5_ectest.c 29908 BLAKE2B b398bafd5d5aea71daa9c3e2749dece9e515950e35547a6191d83987907aae73e090a4b552636af4d1ab2b39f7e3b1ea3fde2012c99f068f9c99d247996c1212 SHA512 e4445f8959b040caca6a7494da2026b840f84348df5d4eab47a68570d274333f62fa0c381955093edd86c857dad98595ffa2980c54afdcf2a8d32f32d0c70450
-DIST openssl-1.1.1_pre5_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826

diff --git a/dev-libs/openssl/openssl-1.1.1_pre5.ebuild b/dev-libs/openssl/openssl-1.1.1_pre5.ebuild
index 57d99704100..e022bf39b77 100644
--- a/dev-libs/openssl/openssl-1.1.1_pre5.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1_pre5.ebuild
@@ -28,27 +28,6 @@ DEPEND="${RDEPEND}
 	)"
 PDEPEND="app-misc/ca-certificates"
 
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f27'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( ${SOURCE1} ${SOURCE12} ${SOURCE13} )
-FEDORA_PATCH=( ${PATCH1} ${PATCH37} )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
 S="${WORKDIR}/${MY_P}"
 
 MULTILIB_WRAPPED_HEADERS=(
@@ -60,23 +39,6 @@ PATCHES=(
 )
 
 src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
-		for i in "${FEDORA_PATCH[@]}" ; do
-			eapply "${DISTDIR}"/"${i}"
-		done
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-
-	fi
 	# keep this in sync with app-misc/c_rehash
 	SSL_CNF_DIR="/etc/ssl"
 
@@ -168,7 +130,6 @@ multilib_src_configure() {
 	local config="Configure"
 	[[ -z ${sslout} ]] && config="config"
 
-	# Fedora hobbled-EC needs 'no-ec2m'
 	# 'srp' was restricted until early 2017 as well.
 	# "disable-deprecated" option breaks too many consumers.
 	# Don't set it without thorough revdeps testing.
@@ -177,9 +138,8 @@ multilib_src_configure() {
 		${sslout} \
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		enable-srp \
+		$(use_ssl !bindist ec) \
+		$(use_ssl !bindist srp) \
 		$(use elibc_musl && echo "no-async") \
 		${ec_nistp_64_gcc_128} \
 		enable-idea \

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     88b866871abbac089263a5cdf5a74f7da9dc76fb
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 25 08:32:03 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Apr 25 08:32:21 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=88b86687

dev-libs/openssl: Bump to version 1.1.1_pre5

Package-Manager: Portage-2.3.31, Repoman-2.3.9

 dev-libs/openssl/Manifest                  |   4 +
 dev-libs/openssl/openssl-1.1.1_pre5.ebuild | 282 +++++++++++++++++++++++++++++
 2 files changed, 286 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index e0219b43b79..2da8795bde0 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -10,3 +10,7 @@ DIST openssl-1.1.0h.tar.gz 5422717 BLAKE2B 11de1468855c0bb1836fb346c8efdfedd0613
 DIST openssl-1.1.0h_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879
 DIST openssl-1.1.0h_ectest.c 29907 BLAKE2B 73dc800c1de5449f14d7753f7f7b8e672cd36bd4570e6df07f246d1d823c7dbbeef492f25cdd0ebfd693f5956732bc84c9d91fc6a22c854fe4b245ecf3890bda SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae
 DIST openssl-1.1.0h_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.1-pre5.tar.gz 8288689 BLAKE2B f65c797a8cce6e2240008ed842d9bc7667ef4bb792a141a0832f475b51b1e499786fa2bab87977aa58f8edaba7c35be1a67563bc8a6d0e41fcf1a3c95961b877 SHA512 dfdf4ee2e0f05ff9af5ecd7305bad4ff8d587c08ea675055048d7eae2a8e38fe74c2e63b13facd95ccbcb586be2d6e388088c567380af64f0ccc88095a881173
+DIST openssl-1.1.1_pre5_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879
+DIST openssl-1.1.1_pre5_ectest.c 29908 BLAKE2B b398bafd5d5aea71daa9c3e2749dece9e515950e35547a6191d83987907aae73e090a4b552636af4d1ab2b39f7e3b1ea3fde2012c99f068f9c99d247996c1212 SHA512 e4445f8959b040caca6a7494da2026b840f84348df5d4eab47a68570d274333f62fa0c381955093edd86c857dad98595ffa2980c54afdcf2a8d32f32d0c70450
+DIST openssl-1.1.1_pre5_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826

diff --git a/dev-libs/openssl/openssl-1.1.1_pre5.ebuild b/dev-libs/openssl/openssl-1.1.1_pre5.ebuild
new file mode 100644
index 00000000000..57d99704100
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1_pre5.ebuild
@@ -0,0 +1,282 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f27'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( ${SOURCE1} ${SOURCE12} ${SOURCE13} )
+FEDORA_PATCH=( ${PATCH1} ${PATCH37} )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
+		for i in "${FEDORA_PATCH[@]}" ; do
+			eapply "${DISTDIR}"/"${i}"
+		done
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+
+	fi
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		eapply "${PATCHES[@]}"
+	fi
+
+	eapply_user #332661
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	# Fix quoting for sed
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+		-e 's:\\:\\\\:g' \
+	)
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED%/}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED%/}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     f1192b4faa44b72f1f0076df985042323b6f308f
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 19 22:13:22 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Apr 19 22:13:22 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f1192b4f

dev-libs/openssl: stable 1.0.2o for ppc64, bug #651730

Bug: https://bugs.gentoo.org/651730
Package-Manager: Portage-2.3.28, Repoman-2.3.9
RepoMan-Options: --include-arches="ppc64"

 dev-libs/openssl/openssl-1.0.2o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2o.ebuild b/dev-libs/openssl/openssl-1.0.2o.ebuild
index 0c7d4a84c0d..341f9075949 100644
--- a/dev-libs/openssl/openssl-1.0.2o.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     a3691cd7b3ce2b0cdc264be153a610df29e21d54
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 18 08:20:06 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Apr 18 08:27:12 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a3691cd7

dev-libs/openssl: Removed old.

Package-Manager: Portage-2.3.30, Repoman-2.3.9

 dev-libs/openssl/Manifest                 |   4 -
 dev-libs/openssl/openssl-1.1.0g-r3.ebuild | 285 ------------------------------
 dev-libs/openssl/openssl-1.1.0h.ebuild    | 283 -----------------------------
 3 files changed, 572 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 51a22aaeb52..e0219b43b79 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -6,10 +6,6 @@ DIST openssl-1.0.2n.tar.gz 5375802 BLAKE2B 2e04f8c3d5e2296859b8474d7e100e270f53f
 DIST openssl-1.0.2o.tar.gz 5329472 BLAKE2B 30226db49be04317da3a76cce68d5aa401decd198f92505bddb0c72a7ef6a79f3c9c06d4a816db734e2a0991ebcab8b207feced26d83639e50c821d9e76ddc45 SHA512 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd
 DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0
 DIST openssl-1.1.0-ec-curves.patch 2967 BLAKE2B 1c639514445ea85cf731732aa7901b5a03ddb5f637b0483ab2ec6825433ad978723c5a07316db684bdaca4a12fc673b4e049a49c0cd4dbe5f25a5e2bd3b75cf5 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2
-DIST openssl-1.1.0g.tar.gz 5404748 BLAKE2B 23daf80e4143aad4654ae86f8e96042dd7328a9d1186b4922e284fcfe0f68259ea12d21c4472d92d65a7fcef21e049cf9371cc9bdad11b66a3df11286418ed42 SHA512 6c76f698fc2a4540f3977d97c889e139acf7d3f9eb85f349974175e8a7707b19743ef91c5ce32839310b6ea06ca88a03d9709ee011687b4634c5c50b5814f42a
-DIST openssl-1.1.0g_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879
-DIST openssl-1.1.0g_ectest.c 29907 BLAKE2B 73dc800c1de5449f14d7753f7f7b8e672cd36bd4570e6df07f246d1d823c7dbbeef492f25cdd0ebfd693f5956732bc84c9d91fc6a22c854fe4b245ecf3890bda SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae
-DIST openssl-1.1.0g_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
 DIST openssl-1.1.0h.tar.gz 5422717 BLAKE2B 11de1468855c0bb1836fb346c8efdfedd06139a774fc4dbae1b0e95fea7a33aa39b541e3d2d27f83f2b5f4dd3846cca2356020aa6ec81793085842ab78b3a127 SHA512 fb7750fcd98e6126eb5b92e7ed63d811a5cfa3391d98572003d925f6c7b477690df86a9aa1fa6bf6bf33d02c6c7aee6cff50a38faa8911409f310645898fda39
 DIST openssl-1.1.0h_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879
 DIST openssl-1.1.0h_ectest.c 29907 BLAKE2B 73dc800c1de5449f14d7753f7f7b8e672cd36bd4570e6df07f246d1d823c7dbbeef492f25cdd0ebfd693f5956732bc84c9d91fc6a22c854fe4b245ecf3890bda SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae

diff --git a/dev-libs/openssl/openssl-1.1.0g-r3.ebuild b/dev-libs/openssl/openssl-1.1.0g-r3.ebuild
deleted file mode 100644
index 61e2b4b945c..00000000000
--- a/dev-libs/openssl/openssl-1.1.0g-r3.ebuild
+++ /dev/null
@@ -1,285 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f27'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-	"${FILESDIR}"/${PN}-1.1.0g-CVE-2017-3738.patch
-)
-
-src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
-		for i in "${FEDORA_PATCH[@]}" ; do
-			epatch "${DISTDIR}"/"${i}"
-		done
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-
-	fi
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${PATCHES[@]}"
-	fi
-
-	eapply_user #332661
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	echoit \
-	./${config} \
-		${sslout} \
-		--api=1.0.0 \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
-	)
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.0h.ebuild b/dev-libs/openssl/openssl-1.1.0h.ebuild
deleted file mode 100644
index e3426c78ba3..00000000000
--- a/dev-libs/openssl/openssl-1.1.0h.ebuild
+++ /dev/null
@@ -1,283 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f27'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-)
-
-src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
-		for i in "${FEDORA_PATCH[@]}" ; do
-			epatch "${DISTDIR}"/"${i}"
-		done
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-
-	fi
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${PATCHES[@]}"
-	fi
-
-	eapply_user #332661
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
-	)
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     9eee541332775eba42ae292130e96f1b067d4fb1
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 18 08:19:10 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Apr 18 08:27:10 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9eee5413

dev-libs/openssl: Minor ebuild adjustments.

Package-Manager: Portage-2.3.30, Repoman-2.3.9

 dev-libs/openssl/openssl-1.1.0h-r1.ebuild | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.1.0h-r1.ebuild b/dev-libs/openssl/openssl-1.1.0h-r1.ebuild
index d0d225833b6..6e38d19eaf5 100644
--- a/dev-libs/openssl/openssl-1.1.0h-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0h-r1.ebuild
@@ -3,7 +3,7 @@
 
 EAPI="6"
 
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
 
 MY_P=${P/_/-}
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
@@ -70,7 +70,7 @@ src_prepare() {
 		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
 		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
 		for i in "${FEDORA_PATCH[@]}" ; do
-			epatch "${DISTDIR}"/"${i}"
+			eapply "${DISTDIR}"/"${i}"
 		done
 		# Also see the configure parts below:
 		# enable-ec \
@@ -85,7 +85,7 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		epatch "${PATCHES[@]}"
+		eapply "${PATCHES[@]}"
 	fi
 
 	eapply_user #332661
@@ -104,7 +104,7 @@ src_prepare() {
 		|| die
 
 	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
+	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared || die
 
 	# quiet out unknown driver argument warnings since openssl
 	# doesn't have well-split CFLAGS and we're making it even worse
@@ -113,7 +113,7 @@ src_prepare() {
 
 	# allow openssl to be cross-compiled
 	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
+	chmod a+rx gentoo.config || die
 
 	append-flags -fno-strict-aliasing
 	append-flags $(test-flags-CC -Wa,--noexecstack)
@@ -234,7 +234,7 @@ multilib_src_install() {
 multilib_src_install_all() {
 	# openssl installs perl version of c_rehash by default, but
 	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
+	rm "${ED%/}"/usr/bin/c_rehash || die
 
 	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
 
@@ -243,13 +243,13 @@ multilib_src_install_all() {
 	# build system: the static archives are built as PIC all the time.
 	# Only way around this would be to manually configure+compile openssl
 	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+	use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a
 
 	# create the certs directory
 	keepdir ${SSL_CNF_DIR}/certs
 
 	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
+	cd "${ED%/}"/usr/share/man || die
 	local m d s
 	for m in $(find . -type f | xargs grep -L '#include') ; do
 		d=${m%/*} ; d=${d#./} ; m=${m##*/}
@@ -264,6 +264,7 @@ multilib_src_install_all() {
 		for s in $(find -L ${d} -type l) ; do
 			s=${s##*/}
 			rm -f ${d}/${s}
+			# We don't want to "|| die" here
 			ln -s ssl-${m} ${d}/ssl-${s}
 			ln -s ssl-${s} ${d}/openssl-${s}
 		done
@@ -271,7 +272,7 @@ multilib_src_install_all() {
 	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
 
 	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl
 
 	diropts -m0700
 	keepdir ${SSL_CNF_DIR}/private

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     15256ed5cc8006b8bd1ff88bd629dccd7aaeff55
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 16 20:55:47 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Mon Apr 16 21:02:59 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15256ed5

dev-libs/openssl: stable 1.0.2o for ia64, bug #651730

Bug: https://bugs.gentoo.org/651730
Package-Manager: Portage-2.3.28, Repoman-2.3.9
RepoMan-Options: --include-arches="ia64"

 dev-libs/openssl/openssl-1.0.2o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2o.ebuild b/dev-libs/openssl/openssl-1.0.2o.ebuild
index b19312505a6..0c7d4a84c0d 100644
--- a/dev-libs/openssl/openssl-1.0.2o.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Markus Meier]

commit:     6be5f74f11b46fbb173e95af0614c9d2a9af4f40
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 14 11:38:20 2018 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Sat Apr 14 11:38:20 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6be5f74f

dev-libs/openssl: arm stable, bug #651730

Package-Manager: Portage-2.3.24, Repoman-2.3.6
RepoMan-Options: --include-arches="arm"

 dev-libs/openssl/openssl-1.0.2o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2o.ebuild b/dev-libs/openssl/openssl-1.0.2o.ebuild
index 9e7655521b7..b19312505a6 100644
--- a/dev-libs/openssl/openssl-1.0.2o.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     69df51491c930546d51f93ef514deee76e4cc788
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 12 11:12:46 2018 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Thu Apr 12 11:12:46 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69df5149

dev-libs/openssl: Stable for HPPA too.

Package-Manager: Portage-2.3.28, Repoman-2.3.9
RepoMan-Options: --ignore-arches

 dev-libs/openssl/openssl-1.0.2o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2o.ebuild b/dev-libs/openssl/openssl-1.0.2o.ebuild
index 4c70d31e90d..9e7655521b7 100644
--- a/dev-libs/openssl/openssl-1.0.2o.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mart Raudsepp]

commit:     ff2aee6f05714514d29405b4b8b6146e462ac8e6
Author:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 12 10:26:24 2018 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Thu Apr 12 10:28:42 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff2aee6f

dev-libs/openssl-1.0.2o: arm64 stable (bug #651730)

Package-Manager: Portage-2.3.28, Repoman-2.3.9

 dev-libs/openssl/openssl-1.0.2o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2o.ebuild b/dev-libs/openssl/openssl-1.0.2o.ebuild
index c10c5ab0a25..4c70d31e90d 100644
--- a/dev-libs/openssl/openssl-1.0.2o.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     5065ccb685a43429c2af59e7b55e92d85e5d928e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 11 20:33:32 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Apr 11 20:43:28 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5065ccb6

dev-libs/openssl: x86 stable (bug #651730)

Package-Manager: Portage-2.3.28, Repoman-2.3.9

 dev-libs/openssl/openssl-1.0.2o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2o.ebuild b/dev-libs/openssl/openssl-1.0.2o.ebuild
index 25a4951caf1..c10c5ab0a25 100644
--- a/dev-libs/openssl/openssl-1.0.2o.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     4fd4dae1c8a3a687f35a3f38fb3ae54cca83ceb0
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Mon Apr  9 17:57:57 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Mon Apr  9 18:42:02 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fd4dae1

dev-libs/openssl: stable 1.0.2o for sparc

Bug: https://bugs.gentoo.org/651730
Package-Manager: Portage-2.3.24, Repoman-2.3.6
RepoMan-Options: --include-arches="sparc"

 dev-libs/openssl/openssl-1.0.2o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2o.ebuild b/dev-libs/openssl/openssl-1.0.2o.ebuild
index 85beef5b8b9..25a4951caf1 100644
--- a/dev-libs/openssl/openssl-1.0.2o.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Matt Turner]

commit:     1c7b295b274884aa8e273a730395dd889a58d93e
Author:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Mon Apr  9 00:17:46 2018 +0000
Commit:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Mon Apr  9 00:18:00 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c7b295b

dev-libs/openssl-1.0.2o: alpha stable, bug 651730

 dev-libs/openssl/openssl-1.0.2o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2o.ebuild b/dev-libs/openssl/openssl-1.0.2o.ebuild
index db9a24bc8ea..85beef5b8b9 100644
--- a/dev-libs/openssl/openssl-1.0.2o.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Aaron Bauman]

commit:     355d0ed8e244ad53f2a9ebac66aae81d85215cdd
Author:     Aaron Bauman <bman <AT> gentoo <DOT> org>
AuthorDate: Sun Apr  8 15:38:21 2018 +0000
Commit:     Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Sun Apr  8 15:38:43 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=355d0ed8

dev-libs/openssl: amd64 stable

Bug: https://bugs.gentoo.org/651730
Package-Manager: Portage-2.3.28, Repoman-2.3.9

 dev-libs/openssl/openssl-1.0.2o.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2o.ebuild b/dev-libs/openssl/openssl-1.0.2o.ebuild
index 37c5f699c03..db9a24bc8ea 100644
--- a/dev-libs/openssl/openssl-1.0.2o.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     956f1a306e4e257acee022aa28399ffde3f5e3ac
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 29 16:59:14 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Mar 29 16:59:59 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=956f1a30

dev-libs/openssl: Fix parallel build issue

Ebuild changes:
===============
- Patch set bumped to include upstream commit 70a56b9147
  to address a parallel build issue. [Bug 651880]

Closes: https://github.com/gentoo/gentoo/pull/7688
Closes: https://bugs.gentoo.org/651880
Package-Manager: Portage-2.3.24, Repoman-2.3.6

 dev-libs/openssl/Manifest              | 2 +-
 dev-libs/openssl/openssl-1.0.2o.ebuild | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 23a205cd3c0..1b87ae73a6b 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,6 +1,6 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
 DIST openssl-1.0.2-patches-1.0.tar.xz 11572 BLAKE2B bdb9d2b8388f1aadf3a9274133aa8f86b0029fae1ce86d005baa39a7347657f8d4d84395b54e8ccd67944356ee197dfb527f843b4f146e305533e2ad5450721d SHA512 15234ade359a0acf001cf10c7a7fc05f54603a44c67831529c2a6eda03342f9ba1cf40664ac782b5b73c50b23ec5649fb48ccff2aea8f0df2ef634959c47e3e9
-DIST openssl-1.0.2-patches-1.1.tar.xz 11656 BLAKE2B 8e60bddd97eb6475e3f0026f5e6f11e40a2195a6ecac508cbf7efc5e6077fedae6e1a829261540a69616544368561e003c47ce755cf4ef67d4f857b2f594e6c8 SHA512 7f7f509a4a5f15b53fc5fce03ce9988f9a420d8741b82404c89a26379a72b7e4f5ff5b2a4f7d0d4d5c3fd5cb7eb24c42fb4fb1321fbb4b520b3c21dbe7efbca2
+DIST openssl-1.0.2-patches-1.2.tar.xz 12208 BLAKE2B 99b7a3538aeeecf8e1939fb08d26e2ce6aa4140488f0f6fc382a4f0dbdd67a0204c4689809e9d170148ad6686d4dbf0c8fc95802712270b0ea5720bc06c8fbbf SHA512 5e5739ab7132e986abe9704739dab2ccd16df9696318ed29762d4ee0245fd2645f9435f7340ba36edd5531a83e48489fc659ad78c09ded0e0d021dd5a3906ea6
 DIST openssl-1.0.2n.tar.gz 5375802 BLAKE2B 2e04f8c3d5e2296859b8474d7e100e270f53f18a26c6d37a4cf5e01cd14f44d24d334b4e705da05d77c33b5dc91cffea0feea9f7c83c77ba16c9b6d5f5085894 SHA512 144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687
 DIST openssl-1.0.2o.tar.gz 5329472 BLAKE2B 30226db49be04317da3a76cce68d5aa401decd198f92505bddb0c72a7ef6a79f3c9c06d4a816db734e2a0991ebcab8b207feced26d83639e50c821d9e76ddc45 SHA512 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd
 DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0

diff --git a/dev-libs/openssl/openssl-1.0.2o.ebuild b/dev-libs/openssl/openssl-1.0.2o.ebuild
index 10f2fe518b7..37c5f699c03 100644
--- a/dev-libs/openssl/openssl-1.0.2o.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2o.ebuild
@@ -5,7 +5,7 @@ EAPI="6"
 
 inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
 
-PATCH_SET="openssl-1.0.2-patches-1.1"
+PATCH_SET="openssl-1.0.2-patches-1.2"
 MY_P=${P/_/-}
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
 HOMEPAGE="https://www.openssl.org/"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     dbf565e8638eb2f7f13afb4e24e6c146abffcb74
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 27 15:50:47 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Mar 27 15:50:58 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dbf565e8

dev-libs/openssl: Bump to v1.1.0h

Ebuild changes:
===============
- API=1.0.0 config option dropped. [Bug 651074]

Bug: https://bugs.gentoo.org/651074
Package-Manager: Portage-2.3.24, Repoman-2.3.6

 dev-libs/openssl/Manifest              |   4 +
 dev-libs/openssl/openssl-1.1.0h.ebuild | 283 +++++++++++++++++++++++++++++++++
 2 files changed, 287 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 25ea2948794..23a205cd3c0 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -9,3 +9,7 @@ DIST openssl-1.1.0g.tar.gz 5404748 BLAKE2B 23daf80e4143aad4654ae86f8e96042dd7328
 DIST openssl-1.1.0g_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879
 DIST openssl-1.1.0g_ectest.c 29907 BLAKE2B 73dc800c1de5449f14d7753f7f7b8e672cd36bd4570e6df07f246d1d823c7dbbeef492f25cdd0ebfd693f5956732bc84c9d91fc6a22c854fe4b245ecf3890bda SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae
 DIST openssl-1.1.0g_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.0h.tar.gz 5422717 BLAKE2B 11de1468855c0bb1836fb346c8efdfedd06139a774fc4dbae1b0e95fea7a33aa39b541e3d2d27f83f2b5f4dd3846cca2356020aa6ec81793085842ab78b3a127 SHA512 fb7750fcd98e6126eb5b92e7ed63d811a5cfa3391d98572003d925f6c7b477690df86a9aa1fa6bf6bf33d02c6c7aee6cff50a38faa8911409f310645898fda39
+DIST openssl-1.1.0h_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879
+DIST openssl-1.1.0h_ectest.c 29907 BLAKE2B 73dc800c1de5449f14d7753f7f7b8e672cd36bd4570e6df07f246d1d823c7dbbeef492f25cdd0ebfd693f5956732bc84c9d91fc6a22c854fe4b245ecf3890bda SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae
+DIST openssl-1.1.0h_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826

diff --git a/dev-libs/openssl/openssl-1.1.0h.ebuild b/dev-libs/openssl/openssl-1.1.0h.ebuild
new file mode 100644
index 00000000000..e3426c78ba3
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.0h.ebuild
@@ -0,0 +1,283 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f27'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
+		for i in "${FEDORA_PATCH[@]}" ; do
+			epatch "${DISTDIR}"/"${i}"
+		done
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+
+	fi
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		epatch "${PATCHES[@]}"
+	fi
+
+	eapply_user #332661
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# show the actual commands in the log
+	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	# Fix quoting for sed
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+		-e 's:\\:\\\\:g' \
+	)
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     1ee2266ad13bffa3d1e579fde012fd9805bc60b7
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 27 15:22:32 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Mar 27 15:24:06 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ee2266a

dev-libs/openssl: Bump to v1.0.2o

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.0.2o.ebuild | 251 +++++++++++++++++++++++++++++++++
 2 files changed, 253 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 1985ca1d3d7..25ea2948794 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,6 +1,8 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
 DIST openssl-1.0.2-patches-1.0.tar.xz 11572 BLAKE2B bdb9d2b8388f1aadf3a9274133aa8f86b0029fae1ce86d005baa39a7347657f8d4d84395b54e8ccd67944356ee197dfb527f843b4f146e305533e2ad5450721d SHA512 15234ade359a0acf001cf10c7a7fc05f54603a44c67831529c2a6eda03342f9ba1cf40664ac782b5b73c50b23ec5649fb48ccff2aea8f0df2ef634959c47e3e9
+DIST openssl-1.0.2-patches-1.1.tar.xz 11656 BLAKE2B 8e60bddd97eb6475e3f0026f5e6f11e40a2195a6ecac508cbf7efc5e6077fedae6e1a829261540a69616544368561e003c47ce755cf4ef67d4f857b2f594e6c8 SHA512 7f7f509a4a5f15b53fc5fce03ce9988f9a420d8741b82404c89a26379a72b7e4f5ff5b2a4f7d0d4d5c3fd5cb7eb24c42fb4fb1321fbb4b520b3c21dbe7efbca2
 DIST openssl-1.0.2n.tar.gz 5375802 BLAKE2B 2e04f8c3d5e2296859b8474d7e100e270f53f18a26c6d37a4cf5e01cd14f44d24d334b4e705da05d77c33b5dc91cffea0feea9f7c83c77ba16c9b6d5f5085894 SHA512 144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687
+DIST openssl-1.0.2o.tar.gz 5329472 BLAKE2B 30226db49be04317da3a76cce68d5aa401decd198f92505bddb0c72a7ef6a79f3c9c06d4a816db734e2a0991ebcab8b207feced26d83639e50c821d9e76ddc45 SHA512 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd
 DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0
 DIST openssl-1.1.0-ec-curves.patch 2967 BLAKE2B 1c639514445ea85cf731732aa7901b5a03ddb5f637b0483ab2ec6825433ad978723c5a07316db684bdaca4a12fc673b4e049a49c0cd4dbe5f25a5e2bd3b75cf5 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2
 DIST openssl-1.1.0g.tar.gz 5404748 BLAKE2B 23daf80e4143aad4654ae86f8e96042dd7328a9d1186b4922e284fcfe0f68259ea12d21c4472d92d65a7fcef21e049cf9371cc9bdad11b66a3df11286418ed42 SHA512 6c76f698fc2a4540f3977d97c889e139acf7d3f9eb85f349974175e8a7707b19743ef91c5ce32839310b6ea06ca88a03d9709ee011687b4634c5c50b5814f42a

diff --git a/dev-libs/openssl/openssl-1.0.2o.ebuild b/dev-libs/openssl/openssl-1.0.2o.ebuild
new file mode 100644
index 00000000000..10f2fe518b7
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2o.ebuild
@@ -0,0 +1,251 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+PATCH_SET="openssl-1.0.2-patches-1.1"
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	mirror://gentoo/${PATCH_SET}.tar.xz
+	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		eapply "${WORKDIR}"/patch/*.patch
+	fi
+
+	eapply_user
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		$(use_ssl !bindist ec) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake INSTALL_PREFIX="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
+	einstalldocs
+
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     a999820820bddaefedbc959999faa7adf467a12b
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 16 10:33:09 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Mar 16 10:41:01 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a9998208

dev-libs/openssl: Revbump to remove "disable-deprecated" option.

It breaks too many revdeps and many upstreams are not really eager to fix
them because "it works with deprecated features".

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 .../openssl/{openssl-1.1.0g-r2.ebuild => openssl-1.1.0g-r3.ebuild}     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.0g-r2.ebuild b/dev-libs/openssl/openssl-1.1.0g-r3.ebuild
similarity index 98%
rename from dev-libs/openssl/openssl-1.1.0g-r2.ebuild
rename to dev-libs/openssl/openssl-1.1.0g-r3.ebuild
index b782dea17bf..61e2b4b945c 100644
--- a/dev-libs/openssl/openssl-1.1.0g-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0g-r3.ebuild
@@ -173,13 +173,14 @@ multilib_src_configure() {
 
 	# Fedora hobbled-EC needs 'no-ec2m'
 	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
 	echoit \
 	./${config} \
 		${sslout} \
 		--api=1.0.0 \
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
-		disable-deprecated \
 		enable-ec \
 		$(use_ssl !bindist ec2m) \
 		enable-srp \

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jason Zaman]

commit:     8eaf85280574b962d131a6dd784e4948736d5851
Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 14 14:15:53 2018 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Wed Feb 14 14:16:50 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8eaf8528

dev-libs/openssl: amd64 stable

Gentoo-bug: 642594
Package-Manager: Portage-2.3.19, Repoman-2.3.6

 dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild b/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild
index 7ce2d888f2b..f573e495c90 100644
--- a/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild
+++ b/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild
@@ -18,7 +18,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0.9.8"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd"
+KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd"
 IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Michał Górny]

commit:     848ecb94f61d9ceee0d04a1f7e096d7ce705bdbe
Author:     Francesco Turco <fturco <AT> fastmail <DOT> fm>
AuthorDate: Thu Sep  7 15:08:33 2017 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Tue Feb 13 15:06:36 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=848ecb94

dev-libs/openssl: use HTTPS for links to en.wikipedia.org

Closes: https://bugs.gentoo.org/637190
Closes: https://github.com/gentoo/gentoo/pull/5641

 dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild | 10 +++++-----
 dev-libs/openssl/openssl-0.9.8z_p8.ebuild    | 10 +++++-----
 dev-libs/openssl/openssl-1.0.2n.ebuild       | 10 +++++-----
 dev-libs/openssl/openssl-1.1.0g-r2.ebuild    | 10 +++++-----
 4 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild b/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild
index 11e9823a291..7ce2d888f2b 100644
--- a/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild
+++ b/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild
@@ -102,11 +102,11 @@ multilib_src_configure() {
 	tc-export CC AR RANLIB
 
 	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      5,724,428 03/03/2015    https://en.wikipedia.org/wiki/RC5
 
 	use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
 	echoit() { echo "$@" ; "$@" ; }

diff --git a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild b/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
index 229fa4a5244..6ef3483361b 100644
--- a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
+++ b/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
@@ -97,11 +97,11 @@ multilib_src_configure() {
 	tc-export CC AR RANLIB
 
 	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      5,724,428 03/03/2015    https://en.wikipedia.org/wiki/RC5
 
 	use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
 	echoit() { echo "$@" ; "$@" ; }

diff --git a/dev-libs/openssl/openssl-1.0.2n.ebuild b/dev-libs/openssl/openssl-1.0.2n.ebuild
index fc14a2ac528..db4a0a8bd9d 100644
--- a/dev-libs/openssl/openssl-1.0.2n.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2n.ebuild
@@ -101,11 +101,11 @@ multilib_src_configure() {
 	tc-export CC AR RANLIB RC
 
 	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
 
 	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
 	echoit() { echo "$@" ; "$@" ; }

diff --git a/dev-libs/openssl/openssl-1.1.0g-r2.ebuild b/dev-libs/openssl/openssl-1.1.0g-r2.ebuild
index 9f2d149794a..b782dea17bf 100644
--- a/dev-libs/openssl/openssl-1.1.0g-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0g-r2.ebuild
@@ -144,11 +144,11 @@ multilib_src_configure() {
 	tc-export CC AR RANLIB RC
 
 	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
 
 	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
 	echoit() { echo "$@" ; "$@" ; }

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     2e75e786ac3bad1c8592383a6bac23e0841da694
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 12 21:31:54 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Feb 12 21:31:54 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2e75e786

dev-libs/openssl: x86 stable (bug #642594)

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild b/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild
index 7ec8a13fbd6..11e9823a291 100644
--- a/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild
+++ b/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild
@@ -18,7 +18,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0.9.8"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd"
 IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     46eb1c5e01710bb912b82c6ba96411681f321455
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 30 19:48:01 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Dec 30 19:48:01 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46eb1c5e

dev-libs/openssl: arm64 stable (thanks to @flenders72)

Package-Manager: Portage-2.3.19, Repoman-2.3.6

 dev-libs/openssl/openssl-1.0.2n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2n.ebuild b/dev-libs/openssl/openssl-1.0.2n.ebuild
index a88355e47ef..4ace32192ce 100644
--- a/dev-libs/openssl/openssl-1.0.2n.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2n.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Tobias Klausmann]

commit:     f74615824b438a8675d25956917e799ea27b4918
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 14 19:09:05 2017 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Thu Dec 14 19:09:05 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7461582

dev-libs/openssl-1.0.2n-r0: alpha stable

Gentoo-Bug: http://bugs.gentoo.org/640172

 dev-libs/openssl/openssl-1.0.2n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2n.ebuild b/dev-libs/openssl/openssl-1.0.2n.ebuild
index 8fa8b86f320..a88355e47ef 100644
--- a/dev-libs/openssl/openssl-1.0.2n.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2n.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     8c42c3c1458ecefd750159a43194e6541ef1faae
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 14 18:29:27 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Dec 14 18:35:32 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c42c3c1

dev-libs/openssl: m68k/s390/sh stable (bug #640172)

Package-Manager: Portage-2.3.18, Repoman-2.3.6

 dev-libs/openssl/openssl-1.0.2n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2n.ebuild b/dev-libs/openssl/openssl-1.0.2n.ebuild
index 4c76914c8ff..8fa8b86f320 100644
--- a/dev-libs/openssl/openssl-1.0.2n.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2n.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 arm ~arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Markus Meier]

commit:     6e1b1cab971b0606d8c792c3a4410a0d24edac78
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 13 21:07:15 2017 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Wed Dec 13 21:07:15 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e1b1cab

dev-libs/openssl: arm stable, bug #640172

Package-Manager: Portage-2.3.13, Repoman-2.3.3
RepoMan-Options: --include-arches="arm"

 dev-libs/openssl/openssl-1.0.2n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2n.ebuild b/dev-libs/openssl/openssl-1.0.2n.ebuild
index 5d4c51e323b..4c76914c8ff 100644
--- a/dev-libs/openssl/openssl-1.0.2n.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2n.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Manuel Rüger]

commit:     4dd329a23402e83658249c90ad55df21a573c8e7
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 10 23:37:13 2017 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sun Dec 10 23:37:13 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4dd329a2

dev-libs/openssl: Stable on amd64

Package-Manager: Portage-2.3.17, Repoman-2.3.6

 dev-libs/openssl/openssl-1.0.2n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2n.ebuild b/dev-libs/openssl/openssl-1.0.2n.ebuild
index bdd87f5457f..5d4c51e323b 100644
--- a/dev-libs/openssl/openssl-1.0.2n.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2n.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     4ecf2230ed0629664cf904482e22881652877e72
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 10 21:32:10 2017 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Dec 10 21:32:10 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ecf2230

dev-libs/openssl: stable 1.0.2n for sparc, bug #640172 (thanks to Rolf Eike Beer)

Package-Manager: Portage-2.3.16, Repoman-2.3.6
RepoMan-Options: --include-arches="sparc"

 dev-libs/openssl/openssl-1.0.2n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2n.ebuild b/dev-libs/openssl/openssl-1.0.2n.ebuild
index d717370f8d5..bdd87f5457f 100644
--- a/dev-libs/openssl/openssl-1.0.2n.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2n.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     a5717b1a9a8385d84df5751d749d0223d9d2c7c5
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sat Dec  9 10:59:24 2017 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sat Dec  9 10:59:24 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5717b1a

dev-libs/openssl: stable 1.0.2n for ia64/ppc/ppc64, bug #640172

Package-Manager: Portage-2.3.16, Repoman-2.3.6
RepoMan-Options: --include-arches="ia64 ppc ppc64"

 dev-libs/openssl/openssl-1.0.2n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2n.ebuild b/dev-libs/openssl/openssl-1.0.2n.ebuild
index 7b8471f21cf..d717370f8d5 100644
--- a/dev-libs/openssl/openssl-1.0.2n.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2n.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     85f4512c1159308ea9ac39e72fe08b197a9e35fe
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sat Dec  9 10:54:21 2017 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sat Dec  9 10:54:44 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85f4512c

dev-libs/openssl: stable 1.0.2n for hppa, bug #640172

Package-Manager: Portage-2.3.16, Repoman-2.3.6
RepoMan-Options: --include-arches="hppa"

 dev-libs/openssl/openssl-1.0.2n.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2n.ebuild b/dev-libs/openssl/openssl-1.0.2n.ebuild
index bc30a5c867d..7b8471f21cf 100644
--- a/dev-libs/openssl/openssl-1.0.2n.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2n.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     dfa3ddada875c129793d63fa7a5c2c49205434d9
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Dec  7 18:52:39 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Dec  7 18:53:03 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfa3ddad

dev-libs/openssl: Security cleanup

Bug: https://bugs.gentoo.org/640212
Package-Manager: Portage-2.3.16, Repoman-2.3.6

 dev-libs/openssl/Manifest                 |   4 -
 dev-libs/openssl/openssl-1.1.0f-r1.ebuild | 282 -----------------------------
 dev-libs/openssl/openssl-1.1.0f.ebuild    | 240 -------------------------
 dev-libs/openssl/openssl-1.1.0g-r1.ebuild | 283 ------------------------------
 dev-libs/openssl/openssl-1.1.0g.ebuild    | 240 -------------------------
 5 files changed, 1049 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index d18c7e53b34..c98059a8c44 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -9,10 +9,6 @@ DIST openssl-1.0.2m.tar.gz 5373776 BLAKE2B f40cbea061f84087a079d541f7ba841894c86
 DIST openssl-1.0.2n.tar.gz 5375802 BLAKE2B 2e04f8c3d5e2296859b8474d7e100e270f53f18a26c6d37a4cf5e01cd14f44d24d334b4e705da05d77c33b5dc91cffea0feea9f7c83c77ba16c9b6d5f5085894 SHA512 144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687
 DIST openssl-1.1.0-build.patch 3028 SHA256 c626ac8b34df5d55a7272a741f87f06dc06cc20ac80085048788a2c76c08c25f SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0 WHIRLPOOL 950febb159139b145eb7de5bda1115465fa8551234182e6d15459ab5519213f515b4c3e3a3136d05c440d3eec04a7247461d36c2d45136a6f1963613d5896b3e
 DIST openssl-1.1.0-ec-curves.patch 2967 SHA256 da60dfa01ed244cd3f77f60cc2ef479a36e64a58fa5e242aa03647c698cc1a42 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2 WHIRLPOOL e7293ef84f6c36e8e5f5ec8158023fdca484bc9082e73956bd0cc74a17c880350a49799146c855a37f116d743e7c93e54cbe4aa7f70483e235d03687a15a46a5
-DIST openssl-1.1.0f.tar.gz 5278176 SHA256 12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765 SHA512 340ab3f38c90dea346e543b58bc0eff0adede15be212ad20b7cf38718a7f94fab51996da414855c180540f7488b8bd31d8b9a0d04bb19159f735c46d8f6df22c WHIRLPOOL bb4ce1d100c5eb567de0139e4a1c0a2bb1cd308bd014704d6bb796d3fcfc16b91fe69839068944831746e0b937a6ccb234b5cea3b4911fab4283500ed380f0b6
-DIST openssl-1.1.0f_ec_curve.c 18393 SHA256 9dd0e1f422116da45eb16936fbbbe4e4e05e7a8fc0f359594af76e935c37716e SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879 WHIRLPOOL 6f43f3b8037f5edf323ea865d1150eaa63ee60f60b512b52e37b752b328855e57eae70c812071caba0f91eeeb379c4dd9574806ba50d5bee38ad3b0e3fe03f55
-DIST openssl-1.1.0f_ectest.c 29907 SHA256 37682adb07ba260339fad3fead87b186fc8c26321a0aad45deefed4c25ad87cb SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae WHIRLPOOL f39da1830f5a6492add40f460af9d85b2fbfac0d5d8ff4eb4ba3cb16e6ff50a030aee38c518d7a06d1167f59030ded5496000793ad4cf2de7ff36f22eeefe7c7
-DIST openssl-1.1.0f_hobble-openssl 1117 SHA256 ab168bd8bf578f7361524f9a12eecbbaf41fd7e2c852a0158aafd3bce9cac569 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 WHIRLPOOL 94537166ad8f5cacba2d30d0b6e4676d896cab157be5891fbeecdb2efa10a322d77e2b35a44ff1d474e860dcece63a8688f9df5edf8fe859bf67b410148ea64a
 DIST openssl-1.1.0g.tar.gz 5404748 BLAKE2B 23daf80e4143aad4654ae86f8e96042dd7328a9d1186b4922e284fcfe0f68259ea12d21c4472d92d65a7fcef21e049cf9371cc9bdad11b66a3df11286418ed42 SHA512 6c76f698fc2a4540f3977d97c889e139acf7d3f9eb85f349974175e8a7707b19743ef91c5ce32839310b6ea06ca88a03d9709ee011687b4634c5c50b5814f42a
 DIST openssl-1.1.0g_ec_curve.c 18393 SHA256 9dd0e1f422116da45eb16936fbbbe4e4e05e7a8fc0f359594af76e935c37716e SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879 WHIRLPOOL 6f43f3b8037f5edf323ea865d1150eaa63ee60f60b512b52e37b752b328855e57eae70c812071caba0f91eeeb379c4dd9574806ba50d5bee38ad3b0e3fe03f55
 DIST openssl-1.1.0g_ectest.c 29907 SHA256 37682adb07ba260339fad3fead87b186fc8c26321a0aad45deefed4c25ad87cb SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae WHIRLPOOL f39da1830f5a6492add40f460af9d85b2fbfac0d5d8ff4eb4ba3cb16e6ff50a030aee38c518d7a06d1167f59030ded5496000793ad4cf2de7ff36f22eeefe7c7

diff --git a/dev-libs/openssl/openssl-1.1.0f-r1.ebuild b/dev-libs/openssl/openssl-1.1.0f-r1.ebuild
deleted file mode 100644
index 151632bbbcb..00000000000
--- a/dev-libs/openssl/openssl-1.1.0f-r1.ebuild
+++ /dev/null
@@ -1,282 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f27'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-)
-
-src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
-		for i in "${FEDORA_PATCH[@]}" ; do
-			epatch "${DISTDIR}"/"${i}"
-		done
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-
-	fi
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${PATCHES[@]}"
-		epatch_user #332661
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	echoit \
-	./${config} \
-		${sslout} \
-		--api=1.0.0 \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		disable-deprecated \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		enable-srp \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
-	)
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-	dohtml -r doc/*
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.0f.ebuild b/dev-libs/openssl/openssl-1.1.0f.ebuild
deleted file mode 100644
index c8df4c14330..00000000000
--- a/dev-libs/openssl/openssl-1.1.0f.ebuild
+++ /dev/null
@@ -1,240 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${PATCHES[@]}"
-		epatch_user #332661
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		--api=1.0.0 \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		disable-deprecated \
-		$(use_ssl !bindist ec) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
-	)
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-	dohtml -r doc/*
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.0g-r1.ebuild b/dev-libs/openssl/openssl-1.1.0g-r1.ebuild
deleted file mode 100644
index f698c4714e6..00000000000
--- a/dev-libs/openssl/openssl-1.1.0g-r1.ebuild
+++ /dev/null
@@ -1,283 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f27'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-)
-
-src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
-		for i in "${FEDORA_PATCH[@]}" ; do
-			epatch "${DISTDIR}"/"${i}"
-		done
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-
-	fi
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${PATCHES[@]}"
-		epatch_user #332661
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	echoit \
-	./${config} \
-		${sslout} \
-		--api=1.0.0 \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		disable-deprecated \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
-	)
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-	dohtml -r doc/*
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.0g.ebuild b/dev-libs/openssl/openssl-1.1.0g.ebuild
deleted file mode 100644
index c8df4c14330..00000000000
--- a/dev-libs/openssl/openssl-1.1.0g.ebuild
+++ /dev/null
@@ -1,240 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${PATCHES[@]}"
-		epatch_user #332661
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		--api=1.0.0 \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		disable-deprecated \
-		$(use_ssl !bindist ec) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
-	)
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-	dohtml -r doc/*
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     05628c565ad40ec855e418551e20c69beccb43a9
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 27 21:12:21 2017 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Mon Nov 27 21:12:40 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05628c56

dev-libs/openssl: stable 1.0.2m for sparc, bug #636264 (thanks to Rolf Eike Beer)

Package-Manager: Portage-2.3.16, Repoman-2.3.6
RepoMan-Options: --include-arches="sparc"

 dev-libs/openssl/Manifest              | 6 +++---
 dev-libs/openssl/openssl-1.0.2m.ebuild | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 7f50221db89..720173c3554 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,10 +1,10 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
-DIST openssl-1.0.2k.tar.gz 5309236 SHA256 6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 SHA512 0d314b42352f4b1df2c40ca1094abc7e9ad684c5c35ea997efdd58204c70f22a1abcb17291820f0fff3769620a4e06906034203d31eb1a4d540df3e0db294016 WHIRLPOOL ffa3d89a078db6829f1fff21779a19c87e059600162e6d7d3114b8440ba5fa7d1a08e04594b6ed8ab47e148782de299d7ec338f2ba2d466bf7737b0749f590cd
-DIST openssl-1.0.2l.tar.gz 5365054 SHA256 ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c SHA512 047d964508ad6025c79caabd8965efd2416dc026a56183d0ef4de7a0a6769ce8e0b4608a3f8393d326f6d03b26a2b067e6e0c750f35b20be190e595e8290c0e3 WHIRLPOOL fa5b303fd7007eb2b7afe0b6a7d90a6676b738bf39addc1005f15a4664e61e72f9465d5020477abcf6b3e420d46a618e44751ad9e21671c70e5dbe8cdc768bfc
+DIST openssl-1.0.2k.tar.gz 5309236 BLAKE2B 97069b9c7aaab2381ae5be989caff6907cd44ab1831d84685c3421ad985889a2bbc3a462decdff9c4c158ace96975de2b9e49e4f1b9f306990c3dc0f03767dad SHA512 0d314b42352f4b1df2c40ca1094abc7e9ad684c5c35ea997efdd58204c70f22a1abcb17291820f0fff3769620a4e06906034203d31eb1a4d540df3e0db294016
+DIST openssl-1.0.2l.tar.gz 5365054 BLAKE2B 0a459a93a0013269dea79bd6df96a434b9dad95b6d98b24a48bc1b1438415c0a8de01b67166ac13a73ae65fb64131568924c3e6f945d862b7e960f05332cf097 SHA512 047d964508ad6025c79caabd8965efd2416dc026a56183d0ef4de7a0a6769ce8e0b4608a3f8393d326f6d03b26a2b067e6e0c750f35b20be190e595e8290c0e3
 DIST openssl-1.0.2l_ec_curve.c 17254 SHA256 43ad99527a9f494c97c1efd4a87b49508455437da5de1b9ecd89b0d36fb764c8 SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15 WHIRLPOOL 5a43777a2886a2e7bd41eeb3a96c90c62b0eaa771249a50eb5996993f43384dca5f24993ed6a6deede2c4f119f896fb11dbc26b72650c909c856bd8c313501f0
 DIST openssl-1.0.2l_ectest.c 30735 SHA256 14f12b1db5121f3f58466f52ad10555c038c281e90e53c0a2f7940a754bb4d80 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19 WHIRLPOOL 0d708b382d97e1f20a03e695f0a990fb9fd6cd8ab8ced29e072d52ca3f09f87d18c287d6134fd5ac2243ca541982f4d9eaa2fa8964d62b6b8f1a4b879e8fd997
 DIST openssl-1.0.2l_hobble-openssl 1302 SHA256 7ec32aab6a1db2124de52c3918cc7f7e487972581e30235447eed15d59415384 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e WHIRLPOOL b9630ce76492bff481d0bd48b72449d1e1d4fbb98c2387c4824d84833796adaba716e10976b3130eed9fd9442511a71604d9944600ba6be5253087f865cefe8c
-DIST openssl-1.0.2m.tar.gz 5373776 SHA256 8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f SHA512 7619aa223ee50d0f5e270ac9090e95b2b1ba5dfc656c98f625a9a277dda472fb960a4e89a7ba300044cb401b2072b2ca6a6fcce8206d927bf373d1c981806a93 WHIRLPOOL 0fa5ab02eb3ca8507b45c408739027f8632a77183a7355f8c31bcc5fedc507222e5cc44a4aff88b22fba87b69188f90465980c4a84bad1133287442ebd136a23
+DIST openssl-1.0.2m.tar.gz 5373776 BLAKE2B f40cbea061f84087a079d541f7ba841894c86c00827865f0f508ee297df45e8825d7d74bbbe16bf1f81d46f9af503a6191c9e65df674c4a5ae28172b5b03986f SHA512 7619aa223ee50d0f5e270ac9090e95b2b1ba5dfc656c98f625a9a277dda472fb960a4e89a7ba300044cb401b2072b2ca6a6fcce8206d927bf373d1c981806a93
 DIST openssl-1.1.0-build.patch 3028 SHA256 c626ac8b34df5d55a7272a741f87f06dc06cc20ac80085048788a2c76c08c25f SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0 WHIRLPOOL 950febb159139b145eb7de5bda1115465fa8551234182e6d15459ab5519213f515b4c3e3a3136d05c440d3eec04a7247461d36c2d45136a6f1963613d5896b3e
 DIST openssl-1.1.0-ec-curves.patch 2967 SHA256 da60dfa01ed244cd3f77f60cc2ef479a36e64a58fa5e242aa03647c698cc1a42 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2 WHIRLPOOL e7293ef84f6c36e8e5f5ec8158023fdca484bc9082e73956bd0cc74a17c880350a49799146c855a37f116d743e7c93e54cbe4aa7f70483e235d03687a15a46a5
 DIST openssl-1.1.0f.tar.gz 5278176 SHA256 12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765 SHA512 340ab3f38c90dea346e543b58bc0eff0adede15be212ad20b7cf38718a7f94fab51996da414855c180540f7488b8bd31d8b9a0d04bb19159f735c46d8f6df22c WHIRLPOOL bb4ce1d100c5eb567de0139e4a1c0a2bb1cd308bd014704d6bb796d3fcfc16b91fe69839068944831746e0b937a6ccb234b5cea3b4911fab4283500ed380f0b6

diff --git a/dev-libs/openssl/openssl-1.0.2m.ebuild b/dev-libs/openssl/openssl-1.0.2m.ebuild
index bb666d8ce61..c356e4ff2bd 100644
--- a/dev-libs/openssl/openssl-1.0.2m.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2m.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Matt Thode]

commit:     43f12cee5009303ea52000cfc507b16621143e6b
Author:     Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 20 02:05:58 2017 +0000
Commit:     Matt Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Mon Nov 20 02:06:20 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=43f12cee

dev-libs/openssl: fixing musl builds on 1.1.0g-r1

Package-Manager: Portage-2.3.14, Repoman-2.3.6

 dev-libs/openssl/openssl-1.1.0g-r1.ebuild | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.1.0g-r1.ebuild b/dev-libs/openssl/openssl-1.1.0g-r1.ebuild
index 151632bbbcb..f698c4714e6 100644
--- a/dev-libs/openssl/openssl-1.1.0g-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0g-r1.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
@@ -181,6 +181,7 @@ multilib_src_configure() {
 		enable-ec \
 		$(use_ssl !bindist ec2m) \
 		enable-srp \
+		$(use elibc_musl && echo "no-async") \
 		${ec_nistp_64_gcc_128} \
 		enable-idea \
 		enable-mdc2 \

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Markus Meier]

commit:     a79a0428c987913c69b4e7b8b6c6d13a9c35ddb1
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 19 15:11:58 2017 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Sun Nov 19 15:11:58 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a79a0428

dev-libs/openssl: arm stable, bug #636264

Package-Manager: Portage-2.3.13, Repoman-2.3.3
RepoMan-Options: --include-arches="arm"

 dev-libs/openssl/openssl-1.0.2m.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2m.ebuild b/dev-libs/openssl/openssl-1.0.2m.ebuild
index 25aa9f3e325..bb666d8ce61 100644
--- a/dev-libs/openssl/openssl-1.0.2m.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2m.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Matt Thode]

commit:     fb0cd51f7af107fcedc03bdf61f358c2e2310607
Author:     Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 18 06:51:26 2017 +0000
Commit:     Matt Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Sat Nov 18 06:51:45 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fb0cd51f

dev-libs/openssl: re-add add Fedora Hobbled-EC.

see bdd5c9e7d6a375e99b3ae89afd4517a3a5786df2 for more details as this is
an identical patch.

Package-Manager: Portage-2.3.14, Repoman-2.3.6

 dev-libs/openssl/Manifest                 |   3 +
 dev-libs/openssl/openssl-1.1.0g-r1.ebuild | 282 ++++++++++++++++++++++++++++++
 2 files changed, 285 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 9ea348a713c..7f50221db89 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -12,3 +12,6 @@ DIST openssl-1.1.0f_ec_curve.c 18393 SHA256 9dd0e1f422116da45eb16936fbbbe4e4e05e
 DIST openssl-1.1.0f_ectest.c 29907 SHA256 37682adb07ba260339fad3fead87b186fc8c26321a0aad45deefed4c25ad87cb SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae WHIRLPOOL f39da1830f5a6492add40f460af9d85b2fbfac0d5d8ff4eb4ba3cb16e6ff50a030aee38c518d7a06d1167f59030ded5496000793ad4cf2de7ff36f22eeefe7c7
 DIST openssl-1.1.0f_hobble-openssl 1117 SHA256 ab168bd8bf578f7361524f9a12eecbbaf41fd7e2c852a0158aafd3bce9cac569 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 WHIRLPOOL 94537166ad8f5cacba2d30d0b6e4676d896cab157be5891fbeecdb2efa10a322d77e2b35a44ff1d474e860dcece63a8688f9df5edf8fe859bf67b410148ea64a
 DIST openssl-1.1.0g.tar.gz 5404748 SHA256 de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af SHA512 6c76f698fc2a4540f3977d97c889e139acf7d3f9eb85f349974175e8a7707b19743ef91c5ce32839310b6ea06ca88a03d9709ee011687b4634c5c50b5814f42a WHIRLPOOL 86363a038df1621b9fbf634efec6648e0c35b882f7b582e6522a3869f8f5c67e32ed1a4637cb0009bf6fab4528072964cba5878540407306ea2e4210026c7a78
+DIST openssl-1.1.0g_ec_curve.c 18393 SHA256 9dd0e1f422116da45eb16936fbbbe4e4e05e7a8fc0f359594af76e935c37716e SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879 WHIRLPOOL 6f43f3b8037f5edf323ea865d1150eaa63ee60f60b512b52e37b752b328855e57eae70c812071caba0f91eeeb379c4dd9574806ba50d5bee38ad3b0e3fe03f55
+DIST openssl-1.1.0g_ectest.c 29907 SHA256 37682adb07ba260339fad3fead87b186fc8c26321a0aad45deefed4c25ad87cb SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae WHIRLPOOL f39da1830f5a6492add40f460af9d85b2fbfac0d5d8ff4eb4ba3cb16e6ff50a030aee38c518d7a06d1167f59030ded5496000793ad4cf2de7ff36f22eeefe7c7
+DIST openssl-1.1.0g_hobble-openssl 1117 SHA256 ab168bd8bf578f7361524f9a12eecbbaf41fd7e2c852a0158aafd3bce9cac569 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 WHIRLPOOL 94537166ad8f5cacba2d30d0b6e4676d896cab157be5891fbeecdb2efa10a322d77e2b35a44ff1d474e860dcece63a8688f9df5edf8fe859bf67b410148ea64a

diff --git a/dev-libs/openssl/openssl-1.1.0g-r1.ebuild b/dev-libs/openssl/openssl-1.1.0g-r1.ebuild
new file mode 100644
index 00000000000..151632bbbcb
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.0g-r1.ebuild
@@ -0,0 +1,282 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f27'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
+		for i in "${FEDORA_PATCH[@]}" ; do
+			epatch "${DISTDIR}"/"${i}"
+		done
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+
+	fi
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		epatch "${PATCHES[@]}"
+		epatch_user #332661
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# show the actual commands in the log
+	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	echoit \
+	./${config} \
+		${sslout} \
+		--api=1.0.0 \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		disable-deprecated \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	# Fix quoting for sed
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+		-e 's:\\:\\\\:g' \
+	)
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+	dohtml -r doc/*
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     bfbe9a2c669750b9f265791d6a190e2ef43d8db1
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 10 08:07:13 2017 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Nov 10 08:07:13 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfbe9a2c

dev-libs/openssl: stable 1.0.2m for ppc/ppc64, bug #636264

Package-Manager: Portage-2.3.13, Repoman-2.3.4
RepoMan-Options: --include-arches="ppc ppc64"

 dev-libs/openssl/openssl-1.0.2m.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2m.ebuild b/dev-libs/openssl/openssl-1.0.2m.ebuild
index 7c115757958..25aa9f3e325 100644
--- a/dev-libs/openssl/openssl-1.0.2m.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2m.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Tobias Klausmann]

commit:     014a077d5090414d3c2ce19d886c364cd0e826f7
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  8 12:50:38 2017 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Wed Nov  8 12:50:38 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=014a077d

dev-libs/openssl-1.0.2m-r0: alpha stable

Gentoo-Bug: http://bugs.gentoo.org/636264

 dev-libs/openssl/openssl-1.0.2m.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2m.ebuild b/dev-libs/openssl/openssl-1.0.2m.ebuild
index fa6b1ea8007..7c115757958 100644
--- a/dev-libs/openssl/openssl-1.0.2m.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2m.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     09089a8d0fc0b04c3e71acc9cf7d35278efc18da
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Mon Nov  6 06:50:11 2017 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Mon Nov  6 06:50:11 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09089a8d

dev-libs/openssl: Stable for HPPA too.

Package-Manager: Portage-2.3.13, Repoman-2.3.4
RepoMan-Options: --ignore-arches

 dev-libs/openssl/openssl-1.0.2m.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2m.ebuild b/dev-libs/openssl/openssl-1.0.2m.ebuild
index 0f428590f7a..fa6b1ea8007 100644
--- a/dev-libs/openssl/openssl-1.0.2m.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2m.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     b90001afcc8b96c7716e6a443836598e96fb031c
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sat Nov  4 13:02:45 2017 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sat Nov  4 13:04:37 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b90001af

dev-libs/openssl: stable 1.0.2m for ia64, bug #636264

Package-Manager: Portage-2.3.13, Repoman-2.3.4
RepoMan-Options: --include-arches="ia64"

 dev-libs/openssl/openssl-1.0.2m.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2m.ebuild b/dev-libs/openssl/openssl-1.0.2m.ebuild
index 9514ee98812..0f428590f7a 100644
--- a/dev-libs/openssl/openssl-1.0.2m.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2m.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Manuel Rüger]

commit:     766a8d7aed409661191ca33d66b553d0086c8bd6
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  2 21:48:00 2017 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Thu Nov  2 21:48:00 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=766a8d7a

dev-libs/openssl: Stable on amd64

Package-Manager: Portage-2.3.12, Repoman-2.3.4

 dev-libs/openssl/openssl-1.0.2m.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2m.ebuild b/dev-libs/openssl/openssl-1.0.2m.ebuild
index 0b7251545fa..9514ee98812 100644
--- a/dev-libs/openssl/openssl-1.0.2m.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2m.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     471a6c94c63aeb990feac9c76cfec06a6973a390
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  2 20:54:12 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Nov  2 21:13:02 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=471a6c94

dev-libs/openssl: x86 stable (bug #636264)

Package-Manager: Portage-2.3.13, Repoman-2.3.4

 dev-libs/openssl/openssl-1.0.2m.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2m.ebuild b/dev-libs/openssl/openssl-1.0.2m.ebuild
index e47810140be..0b7251545fa 100644
--- a/dev-libs/openssl/openssl-1.0.2m.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2m.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     ddc7a2854b198ea1377a9b109a1d366e4c3099e0
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  2 15:57:41 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Nov  2 15:57:55 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ddc7a285

dev-libs/openssl: Bump for CVE-2017-{3735,3736}

Bug: https://bugs.gentoo.org/629290
Bug: https://bugs.gentoo.org/636264
Package-Manager: Portage-2.3.13, Repoman-2.3.4

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.0.2m.ebuild | 254 +++++++++++++++++++++++++++++++++
 dev-libs/openssl/openssl-1.1.0g.ebuild | 240 +++++++++++++++++++++++++++++++
 3 files changed, 496 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 732d1736742..9ea348a713c 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -4,9 +4,11 @@ DIST openssl-1.0.2l.tar.gz 5365054 SHA256 ce07195b659e75f4e1db43552860070061f156
 DIST openssl-1.0.2l_ec_curve.c 17254 SHA256 43ad99527a9f494c97c1efd4a87b49508455437da5de1b9ecd89b0d36fb764c8 SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15 WHIRLPOOL 5a43777a2886a2e7bd41eeb3a96c90c62b0eaa771249a50eb5996993f43384dca5f24993ed6a6deede2c4f119f896fb11dbc26b72650c909c856bd8c313501f0
 DIST openssl-1.0.2l_ectest.c 30735 SHA256 14f12b1db5121f3f58466f52ad10555c038c281e90e53c0a2f7940a754bb4d80 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19 WHIRLPOOL 0d708b382d97e1f20a03e695f0a990fb9fd6cd8ab8ced29e072d52ca3f09f87d18c287d6134fd5ac2243ca541982f4d9eaa2fa8964d62b6b8f1a4b879e8fd997
 DIST openssl-1.0.2l_hobble-openssl 1302 SHA256 7ec32aab6a1db2124de52c3918cc7f7e487972581e30235447eed15d59415384 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e WHIRLPOOL b9630ce76492bff481d0bd48b72449d1e1d4fbb98c2387c4824d84833796adaba716e10976b3130eed9fd9442511a71604d9944600ba6be5253087f865cefe8c
+DIST openssl-1.0.2m.tar.gz 5373776 SHA256 8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f SHA512 7619aa223ee50d0f5e270ac9090e95b2b1ba5dfc656c98f625a9a277dda472fb960a4e89a7ba300044cb401b2072b2ca6a6fcce8206d927bf373d1c981806a93 WHIRLPOOL 0fa5ab02eb3ca8507b45c408739027f8632a77183a7355f8c31bcc5fedc507222e5cc44a4aff88b22fba87b69188f90465980c4a84bad1133287442ebd136a23
 DIST openssl-1.1.0-build.patch 3028 SHA256 c626ac8b34df5d55a7272a741f87f06dc06cc20ac80085048788a2c76c08c25f SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0 WHIRLPOOL 950febb159139b145eb7de5bda1115465fa8551234182e6d15459ab5519213f515b4c3e3a3136d05c440d3eec04a7247461d36c2d45136a6f1963613d5896b3e
 DIST openssl-1.1.0-ec-curves.patch 2967 SHA256 da60dfa01ed244cd3f77f60cc2ef479a36e64a58fa5e242aa03647c698cc1a42 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2 WHIRLPOOL e7293ef84f6c36e8e5f5ec8158023fdca484bc9082e73956bd0cc74a17c880350a49799146c855a37f116d743e7c93e54cbe4aa7f70483e235d03687a15a46a5
 DIST openssl-1.1.0f.tar.gz 5278176 SHA256 12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765 SHA512 340ab3f38c90dea346e543b58bc0eff0adede15be212ad20b7cf38718a7f94fab51996da414855c180540f7488b8bd31d8b9a0d04bb19159f735c46d8f6df22c WHIRLPOOL bb4ce1d100c5eb567de0139e4a1c0a2bb1cd308bd014704d6bb796d3fcfc16b91fe69839068944831746e0b937a6ccb234b5cea3b4911fab4283500ed380f0b6
 DIST openssl-1.1.0f_ec_curve.c 18393 SHA256 9dd0e1f422116da45eb16936fbbbe4e4e05e7a8fc0f359594af76e935c37716e SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879 WHIRLPOOL 6f43f3b8037f5edf323ea865d1150eaa63ee60f60b512b52e37b752b328855e57eae70c812071caba0f91eeeb379c4dd9574806ba50d5bee38ad3b0e3fe03f55
 DIST openssl-1.1.0f_ectest.c 29907 SHA256 37682adb07ba260339fad3fead87b186fc8c26321a0aad45deefed4c25ad87cb SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae WHIRLPOOL f39da1830f5a6492add40f460af9d85b2fbfac0d5d8ff4eb4ba3cb16e6ff50a030aee38c518d7a06d1167f59030ded5496000793ad4cf2de7ff36f22eeefe7c7
 DIST openssl-1.1.0f_hobble-openssl 1117 SHA256 ab168bd8bf578f7361524f9a12eecbbaf41fd7e2c852a0158aafd3bce9cac569 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 WHIRLPOOL 94537166ad8f5cacba2d30d0b6e4676d896cab157be5891fbeecdb2efa10a322d77e2b35a44ff1d474e860dcece63a8688f9df5edf8fe859bf67b410148ea64a
+DIST openssl-1.1.0g.tar.gz 5404748 SHA256 de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af SHA512 6c76f698fc2a4540f3977d97c889e139acf7d3f9eb85f349974175e8a7707b19743ef91c5ce32839310b6ea06ca88a03d9709ee011687b4634c5c50b5814f42a WHIRLPOOL 86363a038df1621b9fbf634efec6648e0c35b882f7b582e6522a3869f8f5c67e32ed1a4637cb0009bf6fab4528072964cba5878540407306ea2e4210026c7a78

diff --git a/dev-libs/openssl/openssl-1.0.2m.ebuild b/dev-libs/openssl/openssl-1.0.2m.ebuild
new file mode 100644
index 00000000000..e47810140be
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2m.ebuild
@@ -0,0 +1,254 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
+		epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
+
+		epatch_user #332661
+	fi
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		$(use_ssl !bindist ec) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake INSTALL_PREFIX="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
+	dohtml -r doc/*
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

diff --git a/dev-libs/openssl/openssl-1.1.0g.ebuild b/dev-libs/openssl/openssl-1.1.0g.ebuild
new file mode 100644
index 00000000000..c8df4c14330
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.0g.ebuild
@@ -0,0 +1,240 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+)
+
+src_prepare() {
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		epatch "${PATCHES[@]}"
+		epatch_user #332661
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# show the actual commands in the log
+	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	echoit \
+	./${config} \
+		${sslout} \
+		--api=1.0.0 \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		disable-deprecated \
+		$(use_ssl !bindist ec) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	# Fix quoting for sed
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+		-e 's:\\:\\\\:g' \
+	)
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+	dohtml -r doc/*
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Robin H. Johnson]

commit:     acd5dfadfd157c7dcb73a3ff1f6295416a2ab04e
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 22 20:19:37 2017 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sun Oct 22 21:51:28 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=acd5dfad

dev-libs/openssl: add Fedora Hobbled-EC for 1.0.

As resolved in the Foundation Trustees meeting 2017/10/22, and the
Licensing team, Fedora's Hobbled-EC patchset is added for USE=bindist in
OpenSSL 1.0 series.

This provides the subset of Elliptic Curve Cryptography that Fedora &
RedHat believe to be free of patent concerns at this time, and use for
their RPMs.

The patch disables or modifies:
- some Elliptic Curves
- some EC methods
- code that interacts the above

This code passes the upstream testsuite with:
FEATURES=test RESTRICT=bindist USE=test emerge =openssl-1.0.2l-r1

See-Also bdd5c9e7d6a375e99b3ae89afd4517a3a5786df2
Upstream: https://src.fedoraproject.org/cgit/rpms/openssl.git
Bug: https://bugs.gentoo.org/531540
Package-Manager: Portage-2.3.8, Repoman-2.3.3
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 dev-libs/openssl/Manifest                 |   3 +
 dev-libs/openssl/openssl-1.0.2l-r1.ebuild | 296 ++++++++++++++++++++++++++++++
 2 files changed, 299 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index a5c66ede427..732d1736742 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,6 +1,9 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
 DIST openssl-1.0.2k.tar.gz 5309236 SHA256 6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 SHA512 0d314b42352f4b1df2c40ca1094abc7e9ad684c5c35ea997efdd58204c70f22a1abcb17291820f0fff3769620a4e06906034203d31eb1a4d540df3e0db294016 WHIRLPOOL ffa3d89a078db6829f1fff21779a19c87e059600162e6d7d3114b8440ba5fa7d1a08e04594b6ed8ab47e148782de299d7ec338f2ba2d466bf7737b0749f590cd
 DIST openssl-1.0.2l.tar.gz 5365054 SHA256 ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c SHA512 047d964508ad6025c79caabd8965efd2416dc026a56183d0ef4de7a0a6769ce8e0b4608a3f8393d326f6d03b26a2b067e6e0c750f35b20be190e595e8290c0e3 WHIRLPOOL fa5b303fd7007eb2b7afe0b6a7d90a6676b738bf39addc1005f15a4664e61e72f9465d5020477abcf6b3e420d46a618e44751ad9e21671c70e5dbe8cdc768bfc
+DIST openssl-1.0.2l_ec_curve.c 17254 SHA256 43ad99527a9f494c97c1efd4a87b49508455437da5de1b9ecd89b0d36fb764c8 SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15 WHIRLPOOL 5a43777a2886a2e7bd41eeb3a96c90c62b0eaa771249a50eb5996993f43384dca5f24993ed6a6deede2c4f119f896fb11dbc26b72650c909c856bd8c313501f0
+DIST openssl-1.0.2l_ectest.c 30735 SHA256 14f12b1db5121f3f58466f52ad10555c038c281e90e53c0a2f7940a754bb4d80 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19 WHIRLPOOL 0d708b382d97e1f20a03e695f0a990fb9fd6cd8ab8ced29e072d52ca3f09f87d18c287d6134fd5ac2243ca541982f4d9eaa2fa8964d62b6b8f1a4b879e8fd997
+DIST openssl-1.0.2l_hobble-openssl 1302 SHA256 7ec32aab6a1db2124de52c3918cc7f7e487972581e30235447eed15d59415384 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e WHIRLPOOL b9630ce76492bff481d0bd48b72449d1e1d4fbb98c2387c4824d84833796adaba716e10976b3130eed9fd9442511a71604d9944600ba6be5253087f865cefe8c
 DIST openssl-1.1.0-build.patch 3028 SHA256 c626ac8b34df5d55a7272a741f87f06dc06cc20ac80085048788a2c76c08c25f SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0 WHIRLPOOL 950febb159139b145eb7de5bda1115465fa8551234182e6d15459ab5519213f515b4c3e3a3136d05c440d3eec04a7247461d36c2d45136a6f1963613d5896b3e
 DIST openssl-1.1.0-ec-curves.patch 2967 SHA256 da60dfa01ed244cd3f77f60cc2ef479a36e64a58fa5e242aa03647c698cc1a42 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2 WHIRLPOOL e7293ef84f6c36e8e5f5ec8158023fdca484bc9082e73956bd0cc74a17c880350a49799146c855a37f116d743e7c93e54cbe4aa7f70483e235d03687a15a46a5
 DIST openssl-1.1.0f.tar.gz 5278176 SHA256 12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765 SHA512 340ab3f38c90dea346e543b58bc0eff0adede15be212ad20b7cf38718a7f94fab51996da414855c180540f7488b8bd31d8b9a0d04bb19159f735c46d8f6df22c WHIRLPOOL bb4ce1d100c5eb567de0139e4a1c0a2bb1cd308bd014704d6bb796d3fcfc16b91fe69839068944831746e0b937a6ccb234b5cea3b4911fab4283500ed380f0b6

diff --git a/dev-libs/openssl/openssl-1.0.2l-r1.ebuild b/dev-libs/openssl/openssl-1.0.2l-r1.ebuild
new file mode 100644
index 00000000000..4c78a177bf6
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2l-r1.ebuild
@@ -0,0 +1,296 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+#PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f25'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
+		for i in "${FEDORA_PATCH[@]}" ; do
+			epatch "${DISTDIR}"/"${i}"
+		done
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+		# $(use_ssl !bindist srp) \
+
+	fi
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
+		epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
+
+		epatch_user #332661
+	fi
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist srp) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake INSTALL_PREFIX="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
+	dohtml -r doc/*
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Robin H. Johnson]

commit:     bdd5c9e7d6a375e99b3ae89afd4517a3a5786df2
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 22 20:19:37 2017 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sun Oct 22 21:16:29 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bdd5c9e7

dev-libs/openssl: add Fedora Hobbled-EC.

As resolved in the Foundation Trustees meeting 2017/10/22, and the
Licensing team, Fedora's Hobbled-EC patchset is added for USE=bindist in
OpenSSL 1.1 series.

This provides the subset of Elliptic Curve Cryptography that Fedora &
RedHat believe to be free of patent concerns at this time, and use for
their RPMs.

The patch disables or modifies:
- some Elliptic Curves
- some EC methods
- code that interacts the above

OpenSSL 1.1 is still in package.mask at this time, and a 1.0 version of
this patch will follow soon.

Upstream: https://src.fedoraproject.org/cgit/rpms/openssl.git
Bug: https://bugs.gentoo.org/531540
Package-Manager: Portage-2.3.8, Repoman-2.3.3
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 dev-libs/openssl/Manifest                 |   5 +
 dev-libs/openssl/metadata.xml             |   2 +-
 dev-libs/openssl/openssl-1.1.0f-r1.ebuild | 282 ++++++++++++++++++++++++++++++
 3 files changed, 288 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 75b606b388c..a5c66ede427 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,4 +1,9 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
 DIST openssl-1.0.2k.tar.gz 5309236 SHA256 6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 SHA512 0d314b42352f4b1df2c40ca1094abc7e9ad684c5c35ea997efdd58204c70f22a1abcb17291820f0fff3769620a4e06906034203d31eb1a4d540df3e0db294016 WHIRLPOOL ffa3d89a078db6829f1fff21779a19c87e059600162e6d7d3114b8440ba5fa7d1a08e04594b6ed8ab47e148782de299d7ec338f2ba2d466bf7737b0749f590cd
 DIST openssl-1.0.2l.tar.gz 5365054 SHA256 ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c SHA512 047d964508ad6025c79caabd8965efd2416dc026a56183d0ef4de7a0a6769ce8e0b4608a3f8393d326f6d03b26a2b067e6e0c750f35b20be190e595e8290c0e3 WHIRLPOOL fa5b303fd7007eb2b7afe0b6a7d90a6676b738bf39addc1005f15a4664e61e72f9465d5020477abcf6b3e420d46a618e44751ad9e21671c70e5dbe8cdc768bfc
+DIST openssl-1.1.0-build.patch 3028 SHA256 c626ac8b34df5d55a7272a741f87f06dc06cc20ac80085048788a2c76c08c25f SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0 WHIRLPOOL 950febb159139b145eb7de5bda1115465fa8551234182e6d15459ab5519213f515b4c3e3a3136d05c440d3eec04a7247461d36c2d45136a6f1963613d5896b3e
+DIST openssl-1.1.0-ec-curves.patch 2967 SHA256 da60dfa01ed244cd3f77f60cc2ef479a36e64a58fa5e242aa03647c698cc1a42 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2 WHIRLPOOL e7293ef84f6c36e8e5f5ec8158023fdca484bc9082e73956bd0cc74a17c880350a49799146c855a37f116d743e7c93e54cbe4aa7f70483e235d03687a15a46a5
 DIST openssl-1.1.0f.tar.gz 5278176 SHA256 12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765 SHA512 340ab3f38c90dea346e543b58bc0eff0adede15be212ad20b7cf38718a7f94fab51996da414855c180540f7488b8bd31d8b9a0d04bb19159f735c46d8f6df22c WHIRLPOOL bb4ce1d100c5eb567de0139e4a1c0a2bb1cd308bd014704d6bb796d3fcfc16b91fe69839068944831746e0b937a6ccb234b5cea3b4911fab4283500ed380f0b6
+DIST openssl-1.1.0f_ec_curve.c 18393 SHA256 9dd0e1f422116da45eb16936fbbbe4e4e05e7a8fc0f359594af76e935c37716e SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879 WHIRLPOOL 6f43f3b8037f5edf323ea865d1150eaa63ee60f60b512b52e37b752b328855e57eae70c812071caba0f91eeeb379c4dd9574806ba50d5bee38ad3b0e3fe03f55
+DIST openssl-1.1.0f_ectest.c 29907 SHA256 37682adb07ba260339fad3fead87b186fc8c26321a0aad45deefed4c25ad87cb SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae WHIRLPOOL f39da1830f5a6492add40f460af9d85b2fbfac0d5d8ff4eb4ba3cb16e6ff50a030aee38c518d7a06d1167f59030ded5496000793ad4cf2de7ff36f22eeefe7c7
+DIST openssl-1.1.0f_hobble-openssl 1117 SHA256 ab168bd8bf578f7361524f9a12eecbbaf41fd7e2c852a0158aafd3bce9cac569 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 WHIRLPOOL 94537166ad8f5cacba2d30d0b6e4676d896cab157be5891fbeecdb2efa10a322d77e2b35a44ff1d474e860dcece63a8688f9df5edf8fe859bf67b410148ea64a

diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml
index 0ee764ebd0e..5ca8d93d2f6 100644
--- a/dev-libs/openssl/metadata.xml
+++ b/dev-libs/openssl/metadata.xml
@@ -7,7 +7,7 @@
 </maintainer>
 <use>
  <flag name="asm">Support assembly hand optimized crypto functions (i.e. faster run time)</flag>
- <flag name="bindist">Disable EC algorithms (as they seem to be patented) -- note: changes the ABI</flag>
+ <flag name="bindist">Disable/Restrict EC algorithms (as they seem to be patented) -- note: changes the ABI</flag>
  <flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
  <flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag>
  <flag name="sslv3">Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https</flag>

diff --git a/dev-libs/openssl/openssl-1.1.0f-r1.ebuild b/dev-libs/openssl/openssl-1.1.0f-r1.ebuild
new file mode 100644
index 00000000000..151632bbbcb
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.0f-r1.ebuild
@@ -0,0 +1,282 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f27'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
+		for i in "${FEDORA_PATCH[@]}" ; do
+			epatch "${DISTDIR}"/"${i}"
+		done
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+
+	fi
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		epatch "${PATCHES[@]}"
+		epatch_user #332661
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# show the actual commands in the log
+	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	echoit \
+	./${config} \
+		${sslout} \
+		--api=1.0.0 \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		disable-deprecated \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	# Fix quoting for sed
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+		-e 's:\\:\\\\:g' \
+	)
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+	dohtml -r doc/*
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     e1a1921cde5479612bd8cc07f45fabfade0c1e27
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Fri Oct  6 10:30:27 2017 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Oct  6 10:30:27 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1a1921c

dev-libs/openssl: stable 1.0.2l for ppc, bug #628476

Package-Manager: Portage-2.3.10, Repoman-2.3.3
RepoMan-Options: --include-arches="ppc"

 dev-libs/openssl/openssl-1.0.2l.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2l.ebuild b/dev-libs/openssl/openssl-1.0.2l.ebuild
index 80124099548..32431370450 100644
--- a/dev-libs/openssl/openssl-1.0.2l.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2l.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     b1ee135f77e29b15e1523c338b4a79c2825231f3
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 24 10:59:28 2017 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Sep 24 11:00:13 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1ee135f

dev-libs/openssl: stable 1.0.2l for ppc64, bug #628476

Package-Manager: Portage-2.3.10, Repoman-2.3.3
RepoMan-Options: --include-arches="ppc64"

 dev-libs/openssl/openssl-1.0.2l.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2l.ebuild b/dev-libs/openssl/openssl-1.0.2l.ebuild
index e3d87c77090..80124099548 100644
--- a/dev-libs/openssl/openssl-1.0.2l.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2l.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     9ad9dafe004d49dce1c32f6b93e8560d4b372c5c
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 11 19:36:30 2017 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Mon Sep 11 19:36:34 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ad9dafe

dev-libs/openssl: stable 1.0.2l for hppa/sparc, bug #628476 (thanks to Dakon)

Package-Manager: Portage-2.3.8, Repoman-2.3.3
RepoMan-Options: --include-arches="hppa sparc"

 dev-libs/openssl/openssl-1.0.2l.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2l.ebuild b/dev-libs/openssl/openssl-1.0.2l.ebuild
index 214d9df0c75..e3d87c77090 100644
--- a/dev-libs/openssl/openssl-1.0.2l.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2l.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Markus Meier]

commit:     0b8ea1ab863cd9cf4e50183484d4518f0f5237e9
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Fri Sep  8 05:05:19 2017 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Fri Sep  8 05:05:19 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b8ea1ab

dev-libs/openssl: arm stable, bug #628476

Package-Manager: Portage-2.3.6, Repoman-2.3.1
RepoMan-Options: --include-arches="arm"

 dev-libs/openssl/openssl-1.0.2l.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2l.ebuild b/dev-libs/openssl/openssl-1.0.2l.ebuild
index 70649c3302a..214d9df0c75 100644
--- a/dev-libs/openssl/openssl-1.0.2l.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2l.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Thomas Deutschmann]

commit:     6513dcd31c7f60248b62479f3b37603576c75f60
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 29 21:34:46 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Aug 29 21:39:06 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6513dcd3

dev-libs/openssl: x86 stable (bug #628476)

Package-Manager: Portage-2.3.8, Repoman-2.3.3

 dev-libs/openssl/openssl-1.0.2l.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2l.ebuild b/dev-libs/openssl/openssl-1.0.2l.ebuild
index 5f926e43c5e..70649c3302a 100644
--- a/dev-libs/openssl/openssl-1.0.2l.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2l.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Robin H. Johnson]

commit:     afff3103d8b81f06058e0b0028bd19f8decca724
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 28 19:08:03 2017 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Mon Aug 28 19:08:38 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afff3103

dev-libs/openssl: bug 629224: fix global tr.

Package-Manager: Portage-2.3.6, Repoman-2.3.3
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 dev-libs/openssl/openssl-0.9.8z_p8.ebuild | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild b/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
index cc1b39afb2c..f6a3c0025f1 100644
--- a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
+++ b/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 # this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
@@ -7,7 +7,8 @@ EAPI="5"
 
 inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
 
-PLEVEL=$(echo "${PV##*_p}" | tr '[1-9]' '[a-i]')
+#PLEVEL=$(printf "\\$(printf '%03o' $((${PV##*_p} + 96)))")
+PLEVEL='h' # _p8 -> tr '[1-9]' '[a-i]' -> 'h'
 MY_PV=${PV/_p*/${PLEVEL}}
 MY_P=${PN}-${MY_PV}
 S="${WORKDIR}/${MY_P}"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Matt Turner]

commit:     90b4b5d2cde9a4b49efe7f161fa738b96e811754
Author:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 27 00:47:14 2017 +0000
Commit:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Sun Aug 27 00:47:38 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90b4b5d2

dev-libs/openssl: alpha stable, bug 628476

 dev-libs/openssl/openssl-1.0.2l.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2l.ebuild b/dev-libs/openssl/openssl-1.0.2l.ebuild
index f701aa188a5..5f926e43c5e 100644
--- a/dev-libs/openssl/openssl-1.0.2l.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2l.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     00329b520a769cb57cf5d28418d1a233e10572ec
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 25 21:09:27 2017 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Fri Aug 25 21:09:27 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=00329b52

dev-libs/openssl: amd64 stable wrt bug #628476

Package-Manager: Portage-2.3.6, Repoman-2.3.1

 dev-libs/openssl/openssl-1.0.2l.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2l.ebuild b/dev-libs/openssl/openssl-1.0.2l.ebuild
index 6849a49a2f6..f701aa188a5 100644
--- a/dev-libs/openssl/openssl-1.0.2l.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2l.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Sergei Trofimovich]

commit:     499a2aa327ff2351e116fe213a6ed4a958227db2
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 21 22:25:05 2017 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Mon Aug 21 22:25:05 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=499a2aa3

dev-libs/openssl: stable 1.0.2l for ia64, bug #628476

Package-Manager: Portage-2.3.8, Repoman-2.3.3
RepoMan-Options: --include-arches="ia64"

 dev-libs/openssl/openssl-1.0.2l.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2l.ebuild b/dev-libs/openssl/openssl-1.0.2l.ebuild
index a52a1ca971b..6849a49a2f6 100644
--- a/dev-libs/openssl/openssl-1.0.2l.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2l.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     d631ecbcf12b5b2e5ac0efcfd24c51c1d0890ec1
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu May 25 21:22:08 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu May 25 21:22:50 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d631ecbc

dev-libs/openssl: Bump to versions 1.0.2l and 1.1.0f

Package-Manager: Portage-2.3.6, Repoman-2.3.2

 dev-libs/openssl/Manifest                          |  3 +-
 ...openssl-1.1.0e.ebuild => openssl-1.0.2l.ebuild} | 84 +++++++++++++---------
 ...openssl-1.1.0e.ebuild => openssl-1.1.0f.ebuild} |  2 +-
 3 files changed, 52 insertions(+), 37 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 43e25f0e3ef..75b606b388c 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,3 +1,4 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
 DIST openssl-1.0.2k.tar.gz 5309236 SHA256 6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 SHA512 0d314b42352f4b1df2c40ca1094abc7e9ad684c5c35ea997efdd58204c70f22a1abcb17291820f0fff3769620a4e06906034203d31eb1a4d540df3e0db294016 WHIRLPOOL ffa3d89a078db6829f1fff21779a19c87e059600162e6d7d3114b8440ba5fa7d1a08e04594b6ed8ab47e148782de299d7ec338f2ba2d466bf7737b0749f590cd
-DIST openssl-1.1.0e.tar.gz 5202247 SHA256 57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6ebdee8975ad3874c SHA512 4b75e925323703d4a31ade90ea687e027742b7bf4f0f6cb4476e7bb9e31dcaf60eb40d925bc768ff1c28ffa71b8f9639dd83662d49ad80100a388947e75647a0 WHIRLPOOL 9463505e35f34a2b4389a8fa6f487338078d0ffc7974e5e7f37a97723a8cf34d42ec8bd369cc28e79a54b4c96cd343142dd7492f347960a602fb8da76e7d4eea
+DIST openssl-1.0.2l.tar.gz 5365054 SHA256 ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c SHA512 047d964508ad6025c79caabd8965efd2416dc026a56183d0ef4de7a0a6769ce8e0b4608a3f8393d326f6d03b26a2b067e6e0c750f35b20be190e595e8290c0e3 WHIRLPOOL fa5b303fd7007eb2b7afe0b6a7d90a6676b738bf39addc1005f15a4664e61e72f9465d5020477abcf6b3e420d46a618e44751ad9e21671c70e5dbe8cdc768bfc
+DIST openssl-1.1.0f.tar.gz 5278176 SHA256 12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765 SHA512 340ab3f38c90dea346e543b58bc0eff0adede15be212ad20b7cf38718a7f94fab51996da414855c180540f7488b8bd31d8b9a0d04bb19159f735c46d8f6df22c WHIRLPOOL bb4ce1d100c5eb567de0139e4a1c0a2bb1cd308bd014704d6bb796d3fcfc16b91fe69839068944831746e0b937a6ccb234b5cea3b4911fab4283500ed380f0b6

diff --git a/dev-libs/openssl/openssl-1.1.0e.ebuild b/dev-libs/openssl/openssl-1.0.2l.ebuild
similarity index 76%
copy from dev-libs/openssl/openssl-1.1.0e.ebuild
copy to dev-libs/openssl/openssl-1.0.2l.ebuild
index 5be82119670..a52a1ca971b 100644
--- a/dev-libs/openssl/openssl-1.1.0e.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2l.ebuild
@@ -1,7 +1,7 @@
 # Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=5
+EAPI="5"
 
 inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
 
@@ -11,13 +11,15 @@ HOMEPAGE="http://www.openssl.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
+SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
 DEPEND="${RDEPEND}
 	>=dev-lang/perl-5
 	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
@@ -33,10 +35,6 @@ MULTILIB_WRAPPED_HEADERS=(
 	usr/include/openssl/opensslconf.h
 )
 
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-)
-
 src_prepare() {
 	# keep this in sync with app-misc/c_rehash
 	SSL_CNF_DIR="/etc/ssl"
@@ -46,25 +44,37 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		epatch "${PATCHES[@]}"
+		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
+		epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
+
 		epatch_user #332661
 	fi
 
+	# disable fips in the build
 	# make sure the man pages are suffixed #302165
 	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
 	sed -i \
+		-e '/DIRS/s: fips : :g' \
 		-e '/^MANSUFFIX/s:=.*:=ssl:' \
 		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
 		-e $(has noman FEATURES \
 			&& echo '/^install:/s:install_docs::' \
 			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
-		Configurations/unix-Makefile.tmpl \
+		Makefile.org \
 		|| die
-
 	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
 
 	# quiet out unknown driver argument warnings since openssl
 	# doesn't have well-split CFLAGS and we're making it even worse
@@ -79,16 +89,7 @@ src_prepare() {
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
 
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
 	# The config script does stupid stuff to prompt the user.  Kill it.
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
 	./config --test-sanity || die "I AM NOT SANE"
@@ -126,6 +127,12 @@ multilib_src_configure() {
 	#	fi
 	#fi
 
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
 	local sslout=$(./gentoo.config)
 	einfo "Use configuration ${sslout:-(openssl knows best)}"
 	local config="Configure"
@@ -134,18 +141,21 @@ multilib_src_configure() {
 	echoit \
 	./${config} \
 		${sslout} \
-		--api=1.1.0 \
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
-		disable-deprecated \
 		$(use_ssl !bindist ec) \
 		${ec_nistp_64_gcc_128} \
 		enable-idea \
 		enable-mdc2 \
 		enable-rc5 \
+		enable-tlsext \
 		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
 		$(use_ssl rfc3779) \
 		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
 		$(use_ssl tls-heartbeat heartbeats) \
 		$(use_ssl zlib) \
 		--prefix="${EPREFIX}"/usr \
@@ -155,19 +165,17 @@ multilib_src_configure() {
 		|| die
 
 	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
 		-e 's:-fomit-frame-pointer ::g' \
 		-e 's:-O[0-9] ::g' \
 		-e 's:-march=[-a-z0-9]* ::g' \
 		-e 's:-mcpu=[-a-z0-9]* ::g' \
 		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
 	)
 	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
 		Makefile || die
 }
 
@@ -176,6 +184,9 @@ multilib_src_compile() {
 	# that it's -j1 as the code itself serializes subdirs
 	emake -j1 depend
 	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
 }
 
 multilib_src_test() {
@@ -183,7 +194,7 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake DESTDIR="${D}" install
+	emake INSTALL_PREFIX="${D}" install
 }
 
 multilib_src_install_all() {
@@ -191,8 +202,9 @@ multilib_src_install_all() {
 	# we provide a shell version via app-misc/c_rehash
 	rm "${ED}"/usr/bin/c_rehash || die
 
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
 	dohtml -r doc/*
+	use rfc3779 && dodoc engines/ccgost/README.gost
 
 	# This is crappy in that the static archives are still built even
 	# when USE=static-libs.  But this is due to a failing in the openssl
@@ -202,7 +214,9 @@ multilib_src_install_all() {
 	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
 
 	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
 
 	# Namespace openssl programs to prevent conflicts with other man pages
 	cd "${ED}"/usr/share/man

diff --git a/dev-libs/openssl/openssl-1.1.0e.ebuild b/dev-libs/openssl/openssl-1.1.0f.ebuild
similarity index 99%
rename from dev-libs/openssl/openssl-1.1.0e.ebuild
rename to dev-libs/openssl/openssl-1.1.0f.ebuild
index 5be82119670..c8df4c14330 100644
--- a/dev-libs/openssl/openssl-1.1.0e.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0f.ebuild
@@ -134,7 +134,7 @@ multilib_src_configure() {
 	echoit \
 	./${config} \
 		${sslout} \
-		--api=1.1.0 \
+		--api=1.0.0 \
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
 		disable-deprecated \

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     a9964d9ed27ad30312a1fd26d8a4f56b67b9f876
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 18 16:46:27 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Feb 18 16:46:43 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a9964d9e

dev-libs/openssl: Security cleanup (bug #607318).

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 dev-libs/openssl/Manifest              |   1 -
 dev-libs/openssl/openssl-1.0.2j.ebuild | 249 ---------------------------------
 2 files changed, 250 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index e4ddd471c6..43e25f0e3e 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,4 +1,3 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
-DIST openssl-1.0.2j.tar.gz 5307912 SHA256 e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 SHA512 7d6ccae4aa3ccec3a5d128da29c68401cdb1210cba6d212d55235fc3bc63d7085e2f119e2bbee7ddff6b7b5eef07c6196156791724cd2caf313a4c2fef724edd WHIRLPOOL 1f17e80bc10da2eab9d4c1c3a662b0e2b4f7e8bc448aabb44cd98a96ba3d6cd0ef6cf9a3371d44b39a4d11b1a4087c8f0d056272ace6eba5bd2417f7ab9503b7
 DIST openssl-1.0.2k.tar.gz 5309236 SHA256 6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 SHA512 0d314b42352f4b1df2c40ca1094abc7e9ad684c5c35ea997efdd58204c70f22a1abcb17291820f0fff3769620a4e06906034203d31eb1a4d540df3e0db294016 WHIRLPOOL ffa3d89a078db6829f1fff21779a19c87e059600162e6d7d3114b8440ba5fa7d1a08e04594b6ed8ab47e148782de299d7ec338f2ba2d466bf7737b0749f590cd
 DIST openssl-1.1.0e.tar.gz 5202247 SHA256 57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6ebdee8975ad3874c SHA512 4b75e925323703d4a31ade90ea687e027742b7bf4f0f6cb4476e7bb9e31dcaf60eb40d925bc768ff1c28ffa71b8f9639dd83662d49ad80100a388947e75647a0 WHIRLPOOL 9463505e35f34a2b4389a8fa6f487338078d0ffc7974e5e7f37a97723a8cf34d42ec8bd369cc28e79a54b4c96cd343142dd7492f347960a602fb8da76e7d4eea

diff --git a/dev-libs/openssl/openssl-1.0.2j.ebuild b/dev-libs/openssl/openssl-1.0.2j.ebuild
deleted file mode 100644
index db6a0e316b..0000000000
--- a/dev-libs/openssl/openssl-1.0.2j.ebuild
+++ /dev/null
@@ -1,249 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-		epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
-		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
-
-		epatch_user #332661
-	fi
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-	dohtml -r doc/*
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     6eb10feedeb1b6e1bf271708f10218904eb35616
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 16 15:05:35 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Feb 16 15:05:50 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6eb10fee

dev-libs/openssl: Security bump to version 1.1.0e. Removed old.

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 dev-libs/openssl/Manifest                                         | 2 +-
 dev-libs/openssl/{openssl-1.1.0d.ebuild => openssl-1.1.0e.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 428810b623..e4ddd471c6 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,4 +1,4 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
 DIST openssl-1.0.2j.tar.gz 5307912 SHA256 e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 SHA512 7d6ccae4aa3ccec3a5d128da29c68401cdb1210cba6d212d55235fc3bc63d7085e2f119e2bbee7ddff6b7b5eef07c6196156791724cd2caf313a4c2fef724edd WHIRLPOOL 1f17e80bc10da2eab9d4c1c3a662b0e2b4f7e8bc448aabb44cd98a96ba3d6cd0ef6cf9a3371d44b39a4d11b1a4087c8f0d056272ace6eba5bd2417f7ab9503b7
 DIST openssl-1.0.2k.tar.gz 5309236 SHA256 6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 SHA512 0d314b42352f4b1df2c40ca1094abc7e9ad684c5c35ea997efdd58204c70f22a1abcb17291820f0fff3769620a4e06906034203d31eb1a4d540df3e0db294016 WHIRLPOOL ffa3d89a078db6829f1fff21779a19c87e059600162e6d7d3114b8440ba5fa7d1a08e04594b6ed8ab47e148782de299d7ec338f2ba2d466bf7737b0749f590cd
-DIST openssl-1.1.0d.tar.gz 5201626 SHA256 7d5ebb9e89756545c156ff9c13cf2aa6214193b010a468a3bc789c3c28fe60df SHA512 9f84b3a584df4058f70da6a6ee26a788cc321df218dcabc60ae82913b85af932ed6470e881cd369ead904e5cbc3e4bb0d44e4871b7ba687fe1dba027505363ed WHIRLPOOL 7e27a34f65d6fb1f3be16e2948264d4befd0d35ec674f4d52e6d89b7506e51c09c18ae26c6b25a5f9a3a7186900fb8dffa3e17181a2d33db46875ccb593f3d8f
+DIST openssl-1.1.0e.tar.gz 5202247 SHA256 57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6ebdee8975ad3874c SHA512 4b75e925323703d4a31ade90ea687e027742b7bf4f0f6cb4476e7bb9e31dcaf60eb40d925bc768ff1c28ffa71b8f9639dd83662d49ad80100a388947e75647a0 WHIRLPOOL 9463505e35f34a2b4389a8fa6f487338078d0ffc7974e5e7f37a97723a8cf34d42ec8bd369cc28e79a54b4c96cd343142dd7492f347960a602fb8da76e7d4eea

diff --git a/dev-libs/openssl/openssl-1.1.0d.ebuild b/dev-libs/openssl/openssl-1.1.0e.ebuild
similarity index 100%
rename from dev-libs/openssl/openssl-1.1.0d.ebuild
rename to dev-libs/openssl/openssl-1.1.0e.ebuild

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Frysinger]

commit:     742d84ece308d3c90ba55cf4467ebae3367bcf94
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 14 18:17:18 2017 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Feb 14 20:03:05 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=742d84ec

dev-libs/openssl: mark 1.0.2k arm64/m68k/s390/sh stable

 dev-libs/openssl/openssl-1.0.2k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2k.ebuild b/dev-libs/openssl/openssl-1.0.2k.ebuild
index 769613c8a1..280924dc16 100644
--- a/dev-libs/openssl/openssl-1.0.2k.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2k.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ~ia64 m68k ~mips ppc ppc64 s390 sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Markus Meier]

commit:     c512ac255cb52463a7c377f4a3a70a3d55e71a61
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 12 20:09:57 2017 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Sun Feb 12 20:09:57 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c512ac25

dev-libs/openssl: arm stable, bug #607318

Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --include-arches="arm"

 dev-libs/openssl/openssl-1.0.2k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2k.ebuild b/dev-libs/openssl/openssl-1.0.2k.ebuild
index 26f3c2d4f2..769613c8a1 100644
--- a/dev-libs/openssl/openssl-1.0.2k.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2k.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Michael Weber]

commit:     865f26bcbc291942f502acfbe77b1a5be80befde
Author:     Michael Weber <xmw <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  8 01:23:55 2017 +0000
Commit:     Michael Weber <xmw <AT> gentoo <DOT> org>
CommitDate: Wed Feb  8 01:23:55 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=865f26bc

dev-libs/openssl: ppc and ppc64 stable (bug 607318).

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 dev-libs/openssl/openssl-1.0.2k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2k.ebuild b/dev-libs/openssl/openssl-1.0.2k.ebuild
index 97354e9..26f3c2d 100644
--- a/dev-libs/openssl/openssl-1.0.2k.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2k.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Tobias Klausmann]

commit:     77802d8f50107c5fa715766cc5a9e2267c54176f
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 27 11:43:25 2017 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Fri Jan 27 13:23:41 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77802d8f

dev-libs/openssl-1.0.2k-r0: stable on alpha

Gentoo-Bug: 607318

 dev-libs/openssl/openssl-1.0.2k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2k.ebuild b/dev-libs/openssl/openssl-1.0.2k.ebuild
index d6ebc9e..97354e9 100644
--- a/dev-libs/openssl/openssl-1.0.2k.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2k.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     65012c8303f9200036b6ca9b6a01c2b3fb39012e
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 27 09:07:08 2017 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Jan 27 09:07:08 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65012c83

dev-libs/openssl: x86 stable wrt bug #607318

Package-Manager: portage-2.3.0
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2k.ebuild b/dev-libs/openssl/openssl-1.0.2k.ebuild
index c9393ae..d6ebc9e 100644
--- a/dev-libs/openssl/openssl-1.0.2k.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2k.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     d5ac0fa51d32612283bc7da70073ade8ba703e4c
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 27 09:01:52 2017 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Jan 27 09:01:52 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5ac0fa5

dev-libs/openssl: amd64 stable wrt bug #607318

Package-Manager: portage-2.3.0
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2k.ebuild b/dev-libs/openssl/openssl-1.0.2k.ebuild
index fee3683..c9393ae 100644
--- a/dev-libs/openssl/openssl-1.0.2k.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2k.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     96eab57f4c15b963c0404dc2a90521cf751cb669
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 26 17:36:45 2017 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Thu Jan 26 17:39:29 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96eab57f

dev-libs/openssl: Stable for HPPA (bug #607318).

Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --ignore-arches

 dev-libs/openssl/openssl-1.0.2k.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2k.ebuild b/dev-libs/openssl/openssl-1.0.2k.ebuild
index f302a11..fee3683 100644
--- a/dev-libs/openssl/openssl-1.0.2k.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2k.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     991b5e96ae8be46aeb97d0a0adf67c1acd323259
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 26 17:19:34 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Jan 26 17:19:34 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=991b5e96

dev-libs/openssl: Don't filter but replace the flags.

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 dev-libs/openssl/openssl-1.0.2k.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2k.ebuild b/dev-libs/openssl/openssl-1.0.2k.ebuild
index a0e013a..f302a11 100644
--- a/dev-libs/openssl/openssl-1.0.2k.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2k.ebuild
@@ -130,8 +130,8 @@ multilib_src_configure() {
 
 	# https://github.com/openssl/openssl/issues/2286
 	if use ia64 ; then
-		filter-flags -g3
-		filter-flags -ggdb3
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
 	fi
 
 	local sslout=$(./gentoo.config)

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     650d51610dad0002d1c003681f91c82b6eb5e522
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 26 17:09:50 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Jan 26 17:10:46 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=650d5161

dev-libs/openssl: Filter some flags on ia64 as requested by ago.

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 dev-libs/openssl/openssl-1.0.2k.ebuild | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dev-libs/openssl/openssl-1.0.2k.ebuild b/dev-libs/openssl/openssl-1.0.2k.ebuild
index 0a3838f..a0e013a 100644
--- a/dev-libs/openssl/openssl-1.0.2k.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2k.ebuild
@@ -128,6 +128,12 @@ multilib_src_configure() {
 	#	fi
 	#fi
 
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		filter-flags -g3
+		filter-flags -ggdb3
+	fi
+
 	local sslout=$(./gentoo.config)
 	einfo "Use configuration ${sslout:-(openssl knows best)}"
 	local config="Configure"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     8607ecd9f9693a05df6f8ef5f0e2b49076998079
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 26 16:11:08 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Jan 26 16:11:25 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8607ecd9

dev-libs/openssl: Sec bump to versions 1.0.2k and 1.1.0d (bug #607318).

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 dev-libs/openssl/Manifest                          |  3 +-
 ...openssl-1.1.0c.ebuild => openssl-1.0.2k.ebuild} | 80 ++++++++++++----------
 ...openssl-1.1.0c.ebuild => openssl-1.1.0d.ebuild} |  2 +-
 3 files changed, 47 insertions(+), 38 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index a42a05f..428810b 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,3 +1,4 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
 DIST openssl-1.0.2j.tar.gz 5307912 SHA256 e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 SHA512 7d6ccae4aa3ccec3a5d128da29c68401cdb1210cba6d212d55235fc3bc63d7085e2f119e2bbee7ddff6b7b5eef07c6196156791724cd2caf313a4c2fef724edd WHIRLPOOL 1f17e80bc10da2eab9d4c1c3a662b0e2b4f7e8bc448aabb44cd98a96ba3d6cd0ef6cf9a3371d44b39a4d11b1a4087c8f0d056272ace6eba5bd2417f7ab9503b7
-DIST openssl-1.1.0c.tar.gz 5179668 SHA256 fc436441a2e05752d31b4e46115eb89709a28aef96d4fe786abe92409b2fd6f5 SHA512 e3cfba6c682e5edd6f678df7c1da9c9713880f7dca248e6d62f095185c22ce8fd7571d53a54a119fb5d4422578637746ad2809bb2ba324a5c54564f532307ad9 WHIRLPOOL d6ee4610a6ce5c8d2593bcd9f8a2fc55910006d3f466d0d27409f92b4f60880f96979ccbbdf9da5cf110c59a86e1a906bf20a8eb93338efa9e197bd4755ce4d8
+DIST openssl-1.0.2k.tar.gz 5309236 SHA256 6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 SHA512 0d314b42352f4b1df2c40ca1094abc7e9ad684c5c35ea997efdd58204c70f22a1abcb17291820f0fff3769620a4e06906034203d31eb1a4d540df3e0db294016 WHIRLPOOL ffa3d89a078db6829f1fff21779a19c87e059600162e6d7d3114b8440ba5fa7d1a08e04594b6ed8ab47e148782de299d7ec338f2ba2d466bf7737b0749f590cd
+DIST openssl-1.1.0d.tar.gz 5201626 SHA256 7d5ebb9e89756545c156ff9c13cf2aa6214193b010a468a3bc789c3c28fe60df SHA512 9f84b3a584df4058f70da6a6ee26a788cc321df218dcabc60ae82913b85af932ed6470e881cd369ead904e5cbc3e4bb0d44e4871b7ba687fe1dba027505363ed WHIRLPOOL 7e27a34f65d6fb1f3be16e2948264d4befd0d35ec674f4d52e6d89b7506e51c09c18ae26c6b25a5f9a3a7186900fb8dffa3e17181a2d33db46875ccb593f3d8f

diff --git a/dev-libs/openssl/openssl-1.1.0c.ebuild b/dev-libs/openssl/openssl-1.0.2k.ebuild
similarity index 76%
copy from dev-libs/openssl/openssl-1.1.0c.ebuild
copy to dev-libs/openssl/openssl-1.0.2k.ebuild
index 069cf97..0a3838f 100644
--- a/dev-libs/openssl/openssl-1.1.0c.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2k.ebuild
@@ -1,8 +1,8 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
-EAPI=5
+EAPI="5"
 
 inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
 
@@ -12,13 +12,15 @@ HOMEPAGE="http://www.openssl.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
+SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
 DEPEND="${RDEPEND}
 	>=dev-lang/perl-5
 	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
@@ -34,10 +36,6 @@ MULTILIB_WRAPPED_HEADERS=(
 	usr/include/openssl/opensslconf.h
 )
 
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-)
-
 src_prepare() {
 	# keep this in sync with app-misc/c_rehash
 	SSL_CNF_DIR="/etc/ssl"
@@ -47,25 +45,37 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		epatch "${PATCHES[@]}"
+		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
+		epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
+
 		epatch_user #332661
 	fi
 
+	# disable fips in the build
 	# make sure the man pages are suffixed #302165
 	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
 	sed -i \
+		-e '/DIRS/s: fips : :g' \
 		-e '/^MANSUFFIX/s:=.*:=ssl:' \
 		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
 		-e $(has noman FEATURES \
 			&& echo '/^install:/s:install_docs::' \
 			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
-		Configurations/unix-Makefile.tmpl \
+		Makefile.org \
 		|| die
-
 	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
 
 	# quiet out unknown driver argument warnings since openssl
 	# doesn't have well-split CFLAGS and we're making it even worse
@@ -80,16 +90,7 @@ src_prepare() {
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
 
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
 	# The config script does stupid stuff to prompt the user.  Kill it.
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
 	./config --test-sanity || die "I AM NOT SANE"
@@ -135,18 +136,21 @@ multilib_src_configure() {
 	echoit \
 	./${config} \
 		${sslout} \
-		--api=1.1.0 \
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
-		disable-deprecated \
 		$(use_ssl !bindist ec) \
 		${ec_nistp_64_gcc_128} \
 		enable-idea \
 		enable-mdc2 \
 		enable-rc5 \
+		enable-tlsext \
 		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
 		$(use_ssl rfc3779) \
 		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
 		$(use_ssl tls-heartbeat heartbeats) \
 		$(use_ssl zlib) \
 		--prefix="${EPREFIX}"/usr \
@@ -156,19 +160,17 @@ multilib_src_configure() {
 		|| die
 
 	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
 		-e 's:-fomit-frame-pointer ::g' \
 		-e 's:-O[0-9] ::g' \
 		-e 's:-march=[-a-z0-9]* ::g' \
 		-e 's:-mcpu=[-a-z0-9]* ::g' \
 		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
 	)
 	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
 		Makefile || die
 }
 
@@ -177,6 +179,9 @@ multilib_src_compile() {
 	# that it's -j1 as the code itself serializes subdirs
 	emake -j1 depend
 	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
 }
 
 multilib_src_test() {
@@ -184,7 +189,7 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake DESTDIR="${D}" install
+	emake INSTALL_PREFIX="${D}" install
 }
 
 multilib_src_install_all() {
@@ -192,8 +197,9 @@ multilib_src_install_all() {
 	# we provide a shell version via app-misc/c_rehash
 	rm "${ED}"/usr/bin/c_rehash || die
 
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
 	dohtml -r doc/*
+	use rfc3779 && dodoc engines/ccgost/README.gost
 
 	# This is crappy in that the static archives are still built even
 	# when USE=static-libs.  But this is due to a failing in the openssl
@@ -203,7 +209,9 @@ multilib_src_install_all() {
 	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
 
 	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
 
 	# Namespace openssl programs to prevent conflicts with other man pages
 	cd "${ED}"/usr/share/man

diff --git a/dev-libs/openssl/openssl-1.1.0c.ebuild b/dev-libs/openssl/openssl-1.1.0d.ebuild
similarity index 99%
rename from dev-libs/openssl/openssl-1.1.0c.ebuild
rename to dev-libs/openssl/openssl-1.1.0d.ebuild
index 069cf97..b3b0723 100644
--- a/dev-libs/openssl/openssl-1.1.0c.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0d.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Frysinger]

commit:     923596b404fee80e8fae97d415236e356ad0e158
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 12 04:17:37 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Nov 12 04:17:48 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=923596b4

dev-libs/openssl: mark 1.0.2j arm64/m68k/s390/sh stable

 dev-libs/openssl/openssl-1.0.2j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2j.ebuild b/dev-libs/openssl/openssl-1.0.2j.ebuild
index 36ccc5f..db6a0e3 100644
--- a/dev-libs/openssl/openssl-1.0.2j.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2j.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     0cfcf7b59bede3d0bcba3743e18a84d144bf9646
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 29 13:28:15 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Sep 29 13:28:25 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0cfcf7b5

dev-libs/openssl: ia64 stable wrt bug #595186

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="ia64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2j.ebuild b/dev-libs/openssl/openssl-1.0.2j.ebuild
index 00f7e99..36ccc5f 100644
--- a/dev-libs/openssl/openssl-1.0.2j.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2j.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     5760ae60e813837bbbe001700df7579f488bbdd4
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 29 13:14:45 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Sep 29 13:14:45 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5760ae60

dev-libs/openssl: arm stable wrt bug #595186

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="arm"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2j.ebuild b/dev-libs/openssl/openssl-1.0.2j.ebuild
index 3a34b44..00f7e99 100644
--- a/dev-libs/openssl/openssl-1.0.2j.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2j.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     8d8c46e8d5507968266cb0ec810adfc5c44956ed
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 29 12:35:26 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Sep 29 12:35:26 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d8c46e8

dev-libs/openssl: ppc stable wrt bug #595186

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2j.ebuild b/dev-libs/openssl/openssl-1.0.2j.ebuild
index bf306f1..3a34b44 100644
--- a/dev-libs/openssl/openssl-1.0.2j.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2j.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     c24dada78b83e9656e36b240cbbdbd812fda2899
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 29 09:41:44 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Sep 29 09:41:44 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c24dada7

dev-libs/openssl: sparc stable wrt bug #595186

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2j.ebuild b/dev-libs/openssl/openssl-1.0.2j.ebuild
index 6dda087..bf306f1 100644
--- a/dev-libs/openssl/openssl-1.0.2j.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2j.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Tobias Klausmann]

commit:     52c23a1772fe1bb6417992c146b7b1ae08e920ff
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 27 08:24:36 2016 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Tue Sep 27 08:24:36 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=52c23a17

dev-libs/openssl-1.0.2j-r0: stable on alpha

Gentoo-Bug: 595186

 dev-libs/openssl/openssl-1.0.2j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2j.ebuild b/dev-libs/openssl/openssl-1.0.2j.ebuild
index ce2aa66..6dda087 100644
--- a/dev-libs/openssl/openssl-1.0.2j.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2j.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     cd5c896c73da6a7aa6e9a14982f88cbdb24bdb45
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 27 03:25:23 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Tue Sep 27 03:25:23 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd5c896c

dev-libs/openssl: Stable for HPPA PPC64 (bug #595186).

Package-Manager: portage-2.3.1
RepoMan-Options: --ignore-arches

 dev-libs/openssl/openssl-1.0.2j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2j.ebuild b/dev-libs/openssl/openssl-1.0.2j.ebuild
index 743cd09..ce2aa66 100644
--- a/dev-libs/openssl/openssl-1.0.2j.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2j.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     37f555d9e9befa64d3037a2389f9359fe809d4ee
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 26 18:58:02 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Sep 26 18:58:02 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=37f555d9

dev-libs/openssl: x86 stable wrt bug #595186

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2j.ebuild b/dev-libs/openssl/openssl-1.0.2j.ebuild
index 2096b59..743cd09 100644
--- a/dev-libs/openssl/openssl-1.0.2j.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2j.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     f72fab99ccacd6aab72937f26ea6e99834045ab9
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 26 18:56:39 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Sep 26 18:56:39 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f72fab99

dev-libs/openssl: amd64 stable wrt bug #595186

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2j.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2j.ebuild b/dev-libs/openssl/openssl-1.0.2j.ebuild
index f026079..2096b59 100644
--- a/dev-libs/openssl/openssl-1.0.2j.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2j.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     ded8cff386884ada7760078bd10d42cb58c73bc2
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 26 11:44:41 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Sep 26 11:45:06 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ded8cff3

dev-libs/openssl: Sec bump to versions 1.0.2j and 1.1.0b (bug #595186).

Removed old.

Package-Manager: portage-2.3.1
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl/Manifest                          |  3 +-
 ...openssl-1.1.0a.ebuild => openssl-1.0.2j.ebuild} | 79 ++++++++++++----------
 ...openssl-1.1.0a.ebuild => openssl-1.1.0b.ebuild} |  0
 3 files changed, 45 insertions(+), 37 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index a5c5f39..4d20371 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,4 +1,5 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
 DIST openssl-1.0.2h.tar.gz 5274412 SHA256 1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919 SHA512 780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303 WHIRLPOOL 41b6cf0c08b547f1432dc8167a4c7835da0b6907f8932969e0a352fab8bdbb4d8f612a5bf431e415d93ff1c8238652b2ee3ce0bd935cc2f59e8ea4f40fe6b5d6
 DIST openssl-1.0.2i.tar.gz 5308232 SHA256 9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f SHA512 41764debd5d64e4e770945f30d682e2c887d9cefb39b358c5c7f9d2cdce34393ed28d49b24e95c4639db2df01c278cbcde71bed2b03f9aafafc76766b03850e3 WHIRLPOOL ba1a4513aaa1de81e36912acfe0b6cf8e0acf7cc71d32b127b5e54eb2f6fc6ce63f4f61e9fc99fecc9e037cdccc496b9d15ea75b594b0fd8721b4478eab1f31d
-DIST openssl-1.1.0a.tar.gz 5161414 SHA256 c2e696e34296cde2c9ec5dcdad9e4f042cd703932591d395c389de488302442b SHA512 80d6cf795decc923b0ea6a005805993d2a4133a1d41f0208982f4b147471e24782227c77611cc4c6d1e61849ce66c57987ea7a26ea66cd0b0adc66c200b96c21 WHIRLPOOL 7cc2dd31dcfc7a34f982dde16a0954b7158ddc8d787e9c8838905c19527d31f4049a31891f33e72bbf142a9062f99bf61874a11a143e4dd3de3b039d7f572f02
+DIST openssl-1.0.2j.tar.gz 5307912 SHA256 e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 SHA512 7d6ccae4aa3ccec3a5d128da29c68401cdb1210cba6d212d55235fc3bc63d7085e2f119e2bbee7ddff6b7b5eef07c6196156791724cd2caf313a4c2fef724edd WHIRLPOOL 1f17e80bc10da2eab9d4c1c3a662b0e2b4f7e8bc448aabb44cd98a96ba3d6cd0ef6cf9a3371d44b39a4d11b1a4087c8f0d056272ace6eba5bd2417f7ab9503b7
+DIST openssl-1.1.0b.tar.gz 5162355 SHA256 a45de072bf9be4dea437230aaf036000f0e68c6a665931c57e76b5b036cef6f7 SHA512 b6d66261427f1acc049bf5469a0dc668490e752c2ba4802481809e7e35367213eca17ac9fdc3f23ed5f7a53d303abca78b13a48b169f154043199f2680ccf1a4 WHIRLPOOL bc926b2839f2e85751480ac0a6306bd37ca1ac12759b78654fba6861517bb9979245b95676a60900eab9257334ecf2e1b7d9e406c39a6075054a93ffc1f7a76a

diff --git a/dev-libs/openssl/openssl-1.1.0a.ebuild b/dev-libs/openssl/openssl-1.0.2j.ebuild
similarity index 77%
copy from dev-libs/openssl/openssl-1.1.0a.ebuild
copy to dev-libs/openssl/openssl-1.0.2j.ebuild
index 0aea4eb..f026079 100644
--- a/dev-libs/openssl/openssl-1.1.0a.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2j.ebuild
@@ -2,7 +2,7 @@
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
-EAPI=5
+EAPI="5"
 
 inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
 
@@ -12,13 +12,15 @@ HOMEPAGE="http://www.openssl.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
+SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
 DEPEND="${RDEPEND}
 	>=dev-lang/perl-5
 	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
@@ -34,11 +36,6 @@ MULTILIB_WRAPPED_HEADERS=(
 	usr/include/openssl/opensslconf.h
 )
 
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.1.0-ldflags.patch #327421
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-)
-
 src_prepare() {
 	# keep this in sync with app-misc/c_rehash
 	SSL_CNF_DIR="/etc/ssl"
@@ -48,25 +45,37 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		epatch "${PATCHES[@]}"
+		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
+		epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
+
 		epatch_user #332661
 	fi
 
+	# disable fips in the build
 	# make sure the man pages are suffixed #302165
 	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
 	sed -i \
+		-e '/DIRS/s: fips : :g' \
 		-e '/^MANSUFFIX/s:=.*:=ssl:' \
 		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
 		-e $(has noman FEATURES \
 			&& echo '/^install:/s:install_docs::' \
 			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
-		Configurations/unix-Makefile.tmpl \
+		Makefile.org \
 		|| die
-
 	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
 
 	# quiet out unknown driver argument warnings since openssl
 	# doesn't have well-split CFLAGS and we're making it even worse
@@ -81,16 +90,7 @@ src_prepare() {
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
 
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
 	# The config script does stupid stuff to prompt the user.  Kill it.
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
 	./config --test-sanity || die "I AM NOT SANE"
@@ -136,18 +136,21 @@ multilib_src_configure() {
 	echoit \
 	./${config} \
 		${sslout} \
-		--api=1.1.0 \
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
-		disable-deprecated \
 		$(use_ssl !bindist ec) \
 		${ec_nistp_64_gcc_128} \
 		enable-idea \
 		enable-mdc2 \
 		enable-rc5 \
+		enable-tlsext \
 		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
 		$(use_ssl rfc3779) \
 		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
 		$(use_ssl tls-heartbeat heartbeats) \
 		$(use_ssl zlib) \
 		--prefix="${EPREFIX}"/usr \
@@ -157,19 +160,17 @@ multilib_src_configure() {
 		|| die
 
 	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
 		-e 's:-fomit-frame-pointer ::g' \
 		-e 's:-O[0-9] ::g' \
 		-e 's:-march=[-a-z0-9]* ::g' \
 		-e 's:-mcpu=[-a-z0-9]* ::g' \
 		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
 	)
 	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
 		Makefile || die
 }
 
@@ -178,6 +179,9 @@ multilib_src_compile() {
 	# that it's -j1 as the code itself serializes subdirs
 	emake -j1 depend
 	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
 }
 
 multilib_src_test() {
@@ -185,7 +189,7 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake DESTDIR="${D}" install
+	emake INSTALL_PREFIX="${D}" install
 }
 
 multilib_src_install_all() {
@@ -193,8 +197,9 @@ multilib_src_install_all() {
 	# we provide a shell version via app-misc/c_rehash
 	rm "${ED}"/usr/bin/c_rehash || die
 
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
 	dohtml -r doc/*
+	use rfc3779 && dodoc engines/ccgost/README.gost
 
 	# This is crappy in that the static archives are still built even
 	# when USE=static-libs.  But this is due to a failing in the openssl
@@ -204,7 +209,9 @@ multilib_src_install_all() {
 	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
 
 	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
 
 	# Namespace openssl programs to prevent conflicts with other man pages
 	cd "${ED}"/usr/share/man

diff --git a/dev-libs/openssl/openssl-1.1.0a.ebuild b/dev-libs/openssl/openssl-1.1.0b.ebuild
similarity index 100%
rename from dev-libs/openssl/openssl-1.1.0a.ebuild
rename to dev-libs/openssl/openssl-1.1.0b.ebuild

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     77092036b1f5058b6fa4dabe3ac6fe0af5155af6
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 23 04:40:40 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Fri Sep 23 04:40:40 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77092036

dev-libs/openssl: Stable for HPPA PPC64 (bug #594500).

Package-Manager: portage-2.3.1
RepoMan-Options: --ignore-arches

 dev-libs/openssl/openssl-1.0.2i.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2i.ebuild b/dev-libs/openssl/openssl-1.0.2i.ebuild
index 743cd09..ce2aa66 100644
--- a/dev-libs/openssl/openssl-1.0.2i.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2i.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     f929b69b7538394da33709eb805fb661c02f500d
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 22 13:42:31 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Sep 22 13:42:31 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f929b69b

dev-libs/openssl: x86 stable wrt bug #594500

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2i.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2i.ebuild b/dev-libs/openssl/openssl-1.0.2i.ebuild
index 2096b59..743cd09 100644
--- a/dev-libs/openssl/openssl-1.0.2i.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2i.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     2a70bbc6f4390b60f8d0b9cf98f3aea6cb3144d8
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 22 13:42:04 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Sep 22 13:42:04 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a70bbc6

dev-libs/openssl: amd64 stable wrt bug #594500

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2i.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2i.ebuild b/dev-libs/openssl/openssl-1.0.2i.ebuild
index f026079..2096b59 100644
--- a/dev-libs/openssl/openssl-1.0.2i.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2i.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     33f48e56748dc9d6c40326f7654653b6dc49dab5
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 22 13:15:40 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Sep 22 13:15:55 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33f48e56

dev-libs/openssl: Removed old.

Package-Manager: portage-2.3.1
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl/Manifest                 |   2 -
 dev-libs/openssl/openssl-1.0.2g-r2.ebuild | 259 ------------------------------
 dev-libs/openssl/openssl-1.0.2h-r1.ebuild | 250 ----------------------------
 dev-libs/openssl/openssl-1.0.2h.ebuild    | 259 ------------------------------
 dev-libs/openssl/openssl-1.1.0.ebuild     | 242 ----------------------------
 5 files changed, 1012 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 467e5d3..a5c5f39 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,6 +1,4 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
-DIST openssl-1.0.2g.tar.gz 5266102 SHA256 b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33 SHA512 4d96b6c8a232203483d6e8bee81da01ba10977bfbac92f25304a36dec9ea584b7ef917bc45e097cc7dbe681d71a4570d649c22244c178393ae91fab48323f735 WHIRLPOOL aedbd82af0a550e8329a84312fae492f3bb3cb04af763fc9ef532099b2b2e61a55e4a7cfb06085f045740e2b692bbdb3ecb8bf5ca82f46325c3caf22d2317ffb
 DIST openssl-1.0.2h.tar.gz 5274412 SHA256 1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919 SHA512 780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303 WHIRLPOOL 41b6cf0c08b547f1432dc8167a4c7835da0b6907f8932969e0a352fab8bdbb4d8f612a5bf431e415d93ff1c8238652b2ee3ce0bd935cc2f59e8ea4f40fe6b5d6
 DIST openssl-1.0.2i.tar.gz 5308232 SHA256 9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f SHA512 41764debd5d64e4e770945f30d682e2c887d9cefb39b358c5c7f9d2cdce34393ed28d49b24e95c4639db2df01c278cbcde71bed2b03f9aafafc76766b03850e3 WHIRLPOOL ba1a4513aaa1de81e36912acfe0b6cf8e0acf7cc71d32b127b5e54eb2f6fc6ce63f4f61e9fc99fecc9e037cdccc496b9d15ea75b594b0fd8721b4478eab1f31d
-DIST openssl-1.1.0.tar.gz 5146831 SHA256 f5c69ff9ac1472c80b868efc1c1c0d8dcfc746d29ebe563de2365dd56dbd8c82 SHA512 6a99d391be7708fdc4eb097d27cea4ce79dc83cc7f52d353af1e222773e586405c0848557d7404716b92b23b775abed45e73c66fe9128f4bd7c09864e79317b0 WHIRLPOOL 9d38954c65073a8d02caa6aa00b1efc197391b38b341662f0d9967ce883f52eed8c3be84ebd6ecc89c494f725218bfd2bef395891a20b40c8dcdf6b31fba2131
 DIST openssl-1.1.0a.tar.gz 5161414 SHA256 c2e696e34296cde2c9ec5dcdad9e4f042cd703932591d395c389de488302442b SHA512 80d6cf795decc923b0ea6a005805993d2a4133a1d41f0208982f4b147471e24782227c77611cc4c6d1e61849ce66c57987ea7a26ea66cd0b0adc66c200b96c21 WHIRLPOOL 7cc2dd31dcfc7a34f982dde16a0954b7158ddc8d787e9c8838905c19527d31f4049a31891f33e72bbf142a9062f99bf61874a11a143e4dd3de3b039d7f572f02

diff --git a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
deleted file mode 100644
index a69dae4..00000000
--- a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
+++ /dev/null
@@ -1,259 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-# subslot set to 1.0.2g version as this is the first release without SSLv2
-# support and thus breaks nearly every openssl consumer (see bug #575548)
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
-		epatch "${FILESDIR}"/${PN}-1.0.2g-parallel-build.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
-		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
-
-		epatch_user #332661
-	fi
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		enable-ssl2 \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-	dohtml -r doc/*
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-
-	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}

diff --git a/dev-libs/openssl/openssl-1.0.2h-r1.ebuild b/dev-libs/openssl/openssl-1.0.2h-r1.ebuild
deleted file mode 100644
index 157ebe8..00000000
--- a/dev-libs/openssl/openssl-1.0.2h-r1.ebuild
+++ /dev/null
@@ -1,250 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
-		epatch "${FILESDIR}"/${PN}-1.0.2g-parallel-build.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
-		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
-
-		epatch_user #332661
-	fi
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-	dohtml -r doc/*
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.0.2h.ebuild b/dev-libs/openssl/openssl-1.0.2h.ebuild
deleted file mode 100644
index a69dae4..00000000
--- a/dev-libs/openssl/openssl-1.0.2h.ebuild
+++ /dev/null
@@ -1,259 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-# subslot set to 1.0.2g version as this is the first release without SSLv2
-# support and thus breaks nearly every openssl consumer (see bug #575548)
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
-		epatch "${FILESDIR}"/${PN}-1.0.2g-parallel-build.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
-		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
-
-		epatch_user #332661
-	fi
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		enable-ssl2 \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-	dohtml -r doc/*
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-
-	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}

diff --git a/dev-libs/openssl/openssl-1.1.0.ebuild b/dev-libs/openssl/openssl-1.1.0.ebuild
deleted file mode 100644
index 0aea4eb..00000000
--- a/dev-libs/openssl/openssl-1.1.0.ebuild
+++ /dev/null
@@ -1,242 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.1.0-ldflags.patch #327421
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${PATCHES[@]}"
-		epatch_user #332661
-	fi
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,${EPREFIX}&," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		--api=1.1.0 \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		disable-deprecated \
-		$(use_ssl !bindist ec) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
-	)
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-	dohtml -r doc/*
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Andrew Savchenko]

commit:     5d4adc656a32a0033acbb987a2f1686cc9d7df7d
Author:     Andrew Savchenko <bircoph <AT> gentoo <DOT> org>
AuthorDate: Mon Aug  8 08:22:12 2016 +0000
Commit:     Andrew Savchenko <bircoph <AT> gentoo <DOT> org>
CommitDate: Mon Aug  8 08:38:34 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d4adc65

dev-libs/openssl: USE=sctp is now global

Removing local sctp USE flag description, as flag is global now,
see [1] for details.

[1] https://archives.gentoo.org/gentoo-dev/message/427fac41fbe21ec98dfba63b1d68efe5

Package-Manager: portage-2.3.0
Signed-off-by: Andrew Savchenko <bircoph <AT> gentoo.org>

 dev-libs/openssl/metadata.xml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml
index 10c22cf..0ee764e 100644
--- a/dev-libs/openssl/metadata.xml
+++ b/dev-libs/openssl/metadata.xml
@@ -9,7 +9,6 @@
  <flag name="asm">Support assembly hand optimized crypto functions (i.e. faster run time)</flag>
  <flag name="bindist">Disable EC algorithms (as they seem to be patented) -- note: changes the ABI</flag>
  <flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
- <flag name="sctp">Support for Stream Control Transmission Protocol</flag>
  <flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag>
  <flag name="sslv3">Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https</flag>
  <flag name="tls-heartbeat">Enable the Heartbeat Extension in TLS and DTLS</flag>

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Frysinger]

commit:     98c92f173e12ce2a29fd0a5eec0a06b71ae5c591
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 19 14:35:20 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jul 19 14:35:20 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98c92f17

dev-libs/openssl: mark 1.0.2h-r2 m68k/s390/sh stable #585276

 dev-libs/openssl/openssl-1.0.2h-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
index 31a4f72..333ae66 100644
--- a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     5a81590dc2e2669999763f10548d0f5c84a0ece2
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Jul  8 12:02:24 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Jul  8 12:02:24 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a81590d

dev-libs/openssl: ia64 stable wrt bug #585276

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="ia64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2h-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
index ee6970f..31a4f72 100644
--- a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     e44cf1879a561f9e4c9c2ec84fb1b72f5713344a
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Jul  8 10:01:40 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Jul  8 10:01:45 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e44cf187

dev-libs/openssl: sparc stable wrt bug #585276

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2h-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
index 41605ab..ee6970f 100644
--- a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     0732b1b112c826a8a90d9a134724b95ac1e4153f
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Jul  8 07:53:43 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Jul  8 07:53:43 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0732b1b1

dev-libs/openssl: ppc stable wrt bug #585276

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2h-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
index 6e3cb85..41605ab 100644
--- a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Stephen Klimaszewski]

commit:     e649b2328378449e60336d27a2be9d794df93e34
Author:     Steev Klimaszewski <steev <AT> gentoo <DOT> org>
AuthorDate: Thu Jul  7 02:28:53 2016 +0000
Commit:     Stephen Klimaszewski <steev <AT> gentoo <DOT> org>
CommitDate: Thu Jul  7 02:28:53 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e649b232

dev-libs/openssl: arm64 stable wrt bug 585276

Package-Manager: portage-2.3.0

 dev-libs/openssl/openssl-1.0.2h-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
index b4ed28f..6e3cb85 100644
--- a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Markus Meier]

commit:     891bfda7472c8faf59a47c494b64bcba27100c1a
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Tue Jul  5 20:55:40 2016 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Tue Jul  5 20:55:40 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=891bfda7

dev-libs/openssl: arm stable, bug #585276

Package-Manager: portage-2.3.0
RepoMan-Options: --include-arches="arm"

 dev-libs/openssl/openssl-1.0.2h-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
index 6bd5aaf..b4ed28f 100644
--- a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     6b2d85c3ca95f19e58629035a195053f30857a4f
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Sat Jul  2 11:06:00 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Sat Jul  2 11:08:27 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b2d85c3

dev-libs/openssl: Stable for PPC64 (bug #585276).

Package-Manager: portage-2.3.0
RepoMan-Options: --ignore-arches

 dev-libs/openssl/openssl-1.0.2h-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
index d080f61..6bd5aaf 100644
--- a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Michael Palimaka]

commit:     f33e410c6990624ef4b38b792412ef06b1cb1e7d
Author:     Michael Palimaka <kensington <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 30 20:06:36 2016 +0000
Commit:     Michael Palimaka <kensington <AT> gentoo <DOT> org>
CommitDate: Thu Jun 30 20:07:12 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f33e410c

dev-libs/openssl: add subslot description

As discussed with Cardoe in #gentoo-dev.

Package-Manager: portage-2.3.0

 dev-libs/openssl/metadata.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml
index 34ea2ce..10c22cf 100644
--- a/dev-libs/openssl/metadata.xml
+++ b/dev-libs/openssl/metadata.xml
@@ -22,5 +22,6 @@
   that provides headers and command line tools.</slot>
  <slot name="0.9.8">For binary compatibility, provides libcrypto.so.0.9.8
   and libssl.so.0.9.8 only.</slot>
+ <subslots>Reflect ABI of libcrypto.so and libssl.so.</subslots>
 </slots>
 </pkgmetadata>

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Tobias Klausmann]

commit:     a4a618fd41ffc6693eb7d75caf420898727cac73
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 30 09:28:28 2016 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Thu Jun 30 09:28:38 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a4a618fd

dev-libs/openssl-1.0.2h-r2: add alpha keyword

Gentoo-Bug: 585276

Package-Manager: portage-2.3.0

 dev-libs/openssl/openssl-1.0.2h-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
index 7ebb17e..d080f61 100644
--- a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     889df84319dc1fa2d4217f0e610d9a9521133766
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 30 07:41:24 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Thu Jun 30 07:41:24 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=889df843

dev-libs/openssl: Stable for HPPA (bug #585276).

Package-Manager: portage-2.3.0
RepoMan-Options: --ignore-arches

 dev-libs/openssl/openssl-1.0.2h-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
index 6c7fea8..7ebb17e 100644
--- a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     2ed9b8c33b2b36d7bb5f9b1b81d408edefcb7f02
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 27 08:47:44 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Jun 27 08:47:44 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ed9b8c3

dev-libs/openssl: x86 stable wrt bug #585276

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2h-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
index ca9530b..6c7fea8 100644
--- a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     9ac220b9228f5f369c13e4b9676c195350b1e5a2
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 27 08:23:25 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Jun 27 08:23:25 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ac220b9

dev-libs/openssl: amd64 stable wrt bug #585276

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2h-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
index 2a2a0dd..ca9530b 100644
--- a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     d8f7a5d3c82c793e0aeafaaad25908ebcc45faf7
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri May 27 06:44:22 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri May 27 06:44:36 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8f7a5d3

dev-libs/openssl: Added missing $Id$ header line.

Package-Manager: portage-2.2.28
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2h-r1.ebuild | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dev-libs/openssl/openssl-1.0.2h-r1.ebuild b/dev-libs/openssl/openssl-1.0.2h-r1.ebuild
index 3687b85..157ebe8 100644
--- a/dev-libs/openssl/openssl-1.0.2h-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h-r1.ebuild
@@ -1,5 +1,6 @@
 # Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
+# $Id$
 
 EAPI="5"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Frysinger]

commit:     0c368fb17a68819926e0c7175be13b22c561b037
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue May 24 20:12:28 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue May 24 20:14:33 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0c368fb1

dev-libs/openssl: add USE=sslv2 #576128 and USE=sslv3 #577504

 dev-libs/openssl/metadata.xml             |   4 +-
 dev-libs/openssl/openssl-1.0.2h-r1.ebuild | 249 ++++++++++++++++++++++++++++++
 2 files changed, 252 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml
index 34ef368..34ea2ce 100644
--- a/dev-libs/openssl/metadata.xml
+++ b/dev-libs/openssl/metadata.xml
@@ -8,8 +8,10 @@
 <use>
  <flag name="asm">Support assembly hand optimized crypto functions (i.e. faster run time)</flag>
  <flag name="bindist">Disable EC algorithms (as they seem to be patented) -- note: changes the ABI</flag>
- <flag name="sctp">Support for Stream Control Transmission Protocol</flag>
  <flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
+ <flag name="sctp">Support for Stream Control Transmission Protocol</flag>
+ <flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag>
+ <flag name="sslv3">Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https</flag>
  <flag name="tls-heartbeat">Enable the Heartbeat Extension in TLS and DTLS</flag>
 </use>
 <upstream>

diff --git a/dev-libs/openssl/openssl-1.0.2h-r1.ebuild b/dev-libs/openssl/openssl-1.0.2h-r1.ebuild
new file mode 100644
index 0000000..3687b85
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2h-r1.ebuild
@@ -0,0 +1,249 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
+		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
+		epatch "${FILESDIR}"/${PN}-1.0.2g-parallel-build.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
+
+		epatch_user #332661
+	fi
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		$(use_ssl !bindist ec) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake INSTALL_PREFIX="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
+	dohtml -r doc/*
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Frysinger]

commit:     d010b6e6268031cf645df32bd52a2a786fa2b1e0
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue May 24 19:29:09 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue May 24 19:29:34 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d010b6e6

dev-libs/openssl: mark 1.0.2h arm64/ia64/m68k/ppc/s390/sh/sparc stable #581234

 dev-libs/openssl/openssl-1.0.2h.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h.ebuild b/dev-libs/openssl/openssl-1.0.2h.ebuild
index 494bbe9..a69dae4 100644
--- a/dev-libs/openssl/openssl-1.0.2h.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h.ebuild
@@ -15,7 +15,7 @@ LICENSE="openssl"
 # subslot set to 1.0.2g version as this is the first release without SSLv2
 # support and thus breaks nearly every openssl consumer (see bug #575548)
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Tobias Klausmann]

commit:     7078858819f4d43deddc1e2c801dc46586f70c30
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Fri May 20 18:45:17 2016 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Fri May 20 18:45:17 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70788588

dev-libs/openssl-1.0.2h-r0: add alpha keyword

Gentoo-Bug: 581234

Package-Manager: portage-2.3.0_rc1

 dev-libs/openssl/openssl-1.0.2h.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h.ebuild b/dev-libs/openssl/openssl-1.0.2h.ebuild
index b7e7901..494bbe9 100644
--- a/dev-libs/openssl/openssl-1.0.2h.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h.ebuild
@@ -15,7 +15,7 @@ LICENSE="openssl"
 # subslot set to 1.0.2g version as this is the first release without SSLv2
 # support and thus breaks nearly every openssl consumer (see bug #575548)
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Markus Meier]

commit:     d42316d8c448291af48131c5db69cf6528dcd284
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Thu May 12 17:15:39 2016 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Thu May 12 17:15:39 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d42316d8

dev-libs/openssl: arm stable, bug #581234

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="arm"

 dev-libs/openssl/openssl-1.0.2h.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h.ebuild b/dev-libs/openssl/openssl-1.0.2h.ebuild
index 1a09d5e..b7e7901 100644
--- a/dev-libs/openssl/openssl-1.0.2h.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h.ebuild
@@ -15,7 +15,7 @@ LICENSE="openssl"
 # subslot set to 1.0.2g version as this is the first release without SSLv2
 # support and thus breaks nearly every openssl consumer (see bug #575548)
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     5246a7ffbb18b421cde86db8e5cf2ea4e83f430b
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed May  4 07:37:15 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed May  4 07:37:39 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5246a7ff

dev-libs/openssl: Stable for x86 (bug #581234).

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="x86"
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2h.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h.ebuild b/dev-libs/openssl/openssl-1.0.2h.ebuild
index 37061a3..1a09d5e 100644
--- a/dev-libs/openssl/openssl-1.0.2h.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h.ebuild
@@ -15,7 +15,7 @@ LICENSE="openssl"
 # subslot set to 1.0.2g version as this is the first release without SSLv2
 # support and thus breaks nearly every openssl consumer (see bug #575548)
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     4a10a40c184baf55907db21f75a7e7b6969c1760
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed May  4 06:32:18 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed May  4 06:32:18 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a10a40c

dev-libs/openssl: Stable for amd64 (bug #581234)

Package-Manager: portage-2.2.28
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2h.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h.ebuild b/dev-libs/openssl/openssl-1.0.2h.ebuild
index 648f199..37061a3 100644
--- a/dev-libs/openssl/openssl-1.0.2h.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h.ebuild
@@ -15,7 +15,7 @@ LICENSE="openssl"
 # subslot set to 1.0.2g version as this is the first release without SSLv2
 # support and thus breaks nearly every openssl consumer (see bug #575548)
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     9c0df93f758bcca0a034837fa6ed5ee1128389f3
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Wed May  4 05:33:08 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Wed May  4 05:33:08 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c0df93f

dev-libs/openssl: Stable for HPPA (bug #581234).

Package-Manager: portage-2.2.28
RepoMan-Options: --ignore-arches

 dev-libs/openssl/openssl-1.0.2h.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h.ebuild b/dev-libs/openssl/openssl-1.0.2h.ebuild
index 9412cb3..648f199 100644
--- a/dev-libs/openssl/openssl-1.0.2h.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h.ebuild
@@ -15,7 +15,7 @@ LICENSE="openssl"
 # subslot set to 1.0.2g version as this is the first release without SSLv2
 # support and thus breaks nearly every openssl consumer (see bug #575548)
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     948b813eb16ee250e8df8e99fc8cf1c4bc32c44e
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Wed May  4 05:16:47 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Wed May  4 05:17:03 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=948b813e

dev-libs/openssl: Stable for PPC64 (bug #581234).

Package-Manager: portage-2.2.28
RepoMan-Options: --ignore-arches

 dev-libs/openssl/openssl-1.0.2h.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2h.ebuild b/dev-libs/openssl/openssl-1.0.2h.ebuild
index d50d0af..9412cb3 100644
--- a/dev-libs/openssl/openssl-1.0.2h.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2h.ebuild
@@ -15,7 +15,7 @@ LICENSE="openssl"
 # subslot set to 1.0.2g version as this is the first release without SSLv2
 # support and thus breaks nearly every openssl consumer (see bug #575548)
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     0fc41733455bf6bb5b5154804c39d5ab2cb68974
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue May  3 14:17:34 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue May  3 14:18:07 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0fc41733

dev-libs/openssl: Security bump to version 1.0.2h

Package-Manager: portage-2.2.28
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl/Manifest              |   1 +
 dev-libs/openssl/openssl-1.0.2h.ebuild | 259 +++++++++++++++++++++++++++++++++
 2 files changed, 260 insertions(+)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 6eb6a35..e2c25ea 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,3 +1,4 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
 DIST openssl-1.0.2f.tar.gz 5258384 SHA256 932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c SHA512 50abf6dc94cafd06e7fd20770808bdc675c88daa369e4f752bd584ab17f72a57357c1ca1eca3c83e6745b5a3c9c73c99dce70adaa904d73f6df4c75bc7138351 WHIRLPOOL 179e1b5ad38c50a4c8110024aa7b33c53634c39690917e3bf5c2099548430beef96132ae9f9588ff0cedd6e08bb216a8d36835baaaa04e506fb3fbaed37d31c9
 DIST openssl-1.0.2g.tar.gz 5266102 SHA256 b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33 SHA512 4d96b6c8a232203483d6e8bee81da01ba10977bfbac92f25304a36dec9ea584b7ef917bc45e097cc7dbe681d71a4570d649c22244c178393ae91fab48323f735 WHIRLPOOL aedbd82af0a550e8329a84312fae492f3bb3cb04af763fc9ef532099b2b2e61a55e4a7cfb06085f045740e2b692bbdb3ecb8bf5ca82f46325c3caf22d2317ffb
+DIST openssl-1.0.2h.tar.gz 5274412 SHA256 1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919 SHA512 780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303 WHIRLPOOL 41b6cf0c08b547f1432dc8167a4c7835da0b6907f8932969e0a352fab8bdbb4d8f612a5bf431e415d93ff1c8238652b2ee3ce0bd935cc2f59e8ea4f40fe6b5d6

diff --git a/dev-libs/openssl/openssl-1.0.2h.ebuild b/dev-libs/openssl/openssl-1.0.2h.ebuild
new file mode 100644
index 0000000..d50d0af
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2h.ebuild
@@ -0,0 +1,259 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+# subslot set to 1.0.2g version as this is the first release without SSLv2
+# support and thus breaks nearly every openssl consumer (see bug #575548)
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
+		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
+		epatch "${FILESDIR}"/${PN}-1.0.2g-parallel-build.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
+
+		epatch_user #332661
+	fi
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		$(use_ssl !bindist ec) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		enable-ssl2 \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake INSTALL_PREFIX="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
+	dohtml -r doc/*
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+
+	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Frysinger]

commit:     351e1a669b120a30ef3f10e3d8c80272ec1d975d
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 21 00:07:32 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Mar 21 02:38:59 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=351e1a66

dev-libs/openssl: mark 1.0.2g-r2 arm64/m68k/s390/sh stable

 dev-libs/openssl/openssl-1.0.2g-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
index 1252bf9..9a85916 100644
--- a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
@@ -15,7 +15,7 @@ LICENSE="openssl"
 # subslot set to 1.0.2g version as this is the first release without SSLv2
 # support and thus breaks nearly every openssl consumer (see bug #575548)
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Frysinger]

commit:     d5aed5b0e46304e6962797239db5cafcd75f0b21
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 21 00:13:45 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Mar 21 02:38:59 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5aed5b0

dev-libs/openssl: drop really old blockers

 dev-libs/openssl/openssl-1.0.2g-r2.ebuild | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
index 9a85916..a69dae4 100644
--- a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
@@ -19,19 +19,10 @@ KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 
-# The blocks are temporary just to make sure people upgrade to a
-# version that lack runtime version checking.  We'll drop them in
-# the future.
 RDEPEND=">=app-misc/c_rehash-1.7-r1
 	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)
-	!<net-misc/openssh-5.9_p1-r4
-	!<net-libs/neon-0.29.6-r1"
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
 DEPEND="${RDEPEND}
 	>=dev-lang/perl-5
 	sctp? ( >=net-misc/lksctp-tools-1.0.12 )

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     eede6c8fae97483c4b250920cbe80fc2cd102aad
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 20 11:52:00 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sun Mar 20 11:52:00 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eede6c8f

dev-libs/openssl: ia64 stable wrt bug #575548

Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="ia64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2g-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
index ed0e70d..1252bf9 100644
--- a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
@@ -15,7 +15,7 @@ LICENSE="openssl"
 # subslot set to 1.0.2g version as this is the first release without SSLv2
 # support and thus breaks nearly every openssl consumer (see bug #575548)
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Tobias Klausmann]

commit:     76511dc909f3285e25b81c43513c6c4837bec571
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 15 20:49:27 2016 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Tue Mar 15 20:49:27 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76511dc9

dev-libs/openssl-1.0.2g-r2: add alpha keyword

Gentoo-Bug: 575548

Package-Manager: portage-2.2.28

 dev-libs/openssl/openssl-1.0.2g-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
index 8da7927..44cf17f 100644
--- a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
@@ -15,7 +15,7 @@ LICENSE="openssl"
 # subslot set to 1.0.2g version as this is the first release without SSLv2
 # support and thus breaks nearly every openssl consumer (see bug #575548)
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Markus Meier]

commit:     80a1ab7b63e8073336e18e52187bfe4a7c480c9d
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 10 20:23:15 2016 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Thu Mar 10 20:23:15 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=80a1ab7b

dev-libs/openssl: arm/x86 stable, bug #575548

Package-Manager: portage-2.2.27
RepoMan-Options: --include-arches="arm x86"

 dev-libs/openssl/openssl-1.0.2g-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
index 60e974f..8da7927 100644
--- a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
@@ -15,7 +15,7 @@ LICENSE="openssl"
 # subslot set to 1.0.2g version as this is the first release without SSLv2
 # support and thus breaks nearly every openssl consumer (see bug #575548)
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     1fc214ab6061dc4ba0c50e91fd5bd34705266e14
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Tue Mar  8 13:41:27 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Tue Mar  8 13:41:49 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1fc214ab

dev-libs/openssl: Stable for HPPA PPC64 (bug #575548).

Package-Manager: portage-2.2.27
RepoMan-Options: --ignore-arches

 dev-libs/openssl/openssl-1.0.2g-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
index b4d874e..60e974f 100644
--- a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
@@ -15,7 +15,7 @@ LICENSE="openssl"
 # subslot set to 1.0.2g version as this is the first release without SSLv2
 # support and thus breaks nearly every openssl consumer (see bug #575548)
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     c61ce634057e89cbe4cc4e5e5d4e84ced8e65c05
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Mar  7 08:04:16 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Mar  7 08:04:16 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c61ce634

dev-libs/openssl: amd64 stable wrt bug #575548

Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2g-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
index 3928f2f..b4d874e 100644
--- a/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
@@ -15,7 +15,7 @@ LICENSE="openssl"
 # subslot set to 1.0.2g version as this is the first release without SSLv2
 # support and thus breaks nearly every openssl consumer (see bug #575548)
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Doug Goldstein]

commit:     15eb910faba4df68ce400a463db5c2a989279360
Author:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
AuthorDate: Thu Mar  3 15:15:11 2016 +0000
Commit:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
CommitDate: Thu Mar  3 15:40:15 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15eb910f

dev-libs/openssl: re-enable SSLv2

Re-enable SSLv2 since disabling it changes the ABI without a SONAME change
causing a lot of breakage.

Gentoo-Bug: 576128
Gentoo-Bug: 575548

Package-Manager: portage-2.2.26
Signed-off-by: Doug Goldstein <cardoe <AT> gentoo.org>

 .../openssl/{openssl-1.0.2g-r1.ebuild => openssl-1.0.2g-r2.ebuild}     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2g-r1.ebuild b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
similarity index 99%
rename from dev-libs/openssl/openssl-1.0.2g-r1.ebuild
rename to dev-libs/openssl/openssl-1.0.2g-r2.ebuild
index e4fd22c..3928f2f 100644
--- a/dev-libs/openssl/openssl-1.0.2g-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2g-r2.ebuild
@@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 # subslot set to 1.0.2g version as this is the first release without SSLv2
 # support and thus breaks nearly every openssl consumer (see bug #575548)
-SLOT="0/1.0.2g"
+SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
@@ -156,6 +156,7 @@ multilib_src_configure() {
 		enable-mdc2 \
 		enable-rc5 \
 		enable-tlsext \
+		enable-ssl2 \
 		$(use_ssl asm) \
 		$(use_ssl gmp gmp -lgmp) \
 		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Lars Wendler]

commit:     31d636b9d535bf0de1758eab41348b88f9730871
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Mar  1 21:53:44 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Mar  1 21:55:46 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31d636b9

dev-libs/openssl: Revbump to add subslot that reflects lack of SSLv2 (#575548).

Package-Manager: portage-2.2.27
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl/{openssl-1.0.2g.ebuild => openssl-1.0.2g-r1.ebuild} | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2g.ebuild b/dev-libs/openssl/openssl-1.0.2g-r1.ebuild
similarity index 98%
rename from dev-libs/openssl/openssl-1.0.2g.ebuild
rename to dev-libs/openssl/openssl-1.0.2g-r1.ebuild
index 9fc51c4..e4fd22c 100644
--- a/dev-libs/openssl/openssl-1.0.2g.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2g-r1.ebuild
@@ -12,7 +12,9 @@ HOMEPAGE="http://www.openssl.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
-SLOT="0"
+# subslot set to 1.0.2g version as this is the first release without SSLv2
+# support and thus breaks nearly every openssl consumer (see bug #575548)
+SLOT="0/1.0.2g"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Doug Goldstein]

commit:     47f53172d2f6e2beaddb1c072d62e51de3884111
Author:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 26 22:49:18 2016 +0000
Commit:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
CommitDate: Fri Feb 26 22:50:04 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47f53172

dev-libs/openssl: remove vulnerable version

Due to multiple vulnerabilities remove outdated version of OpenSSL.

Gentoo-Bug: 567476

Package-Manager: portage-2.2.26
Signed-off-by: Doug Goldstein <cardoe <AT> gentoo.org>

 dev-libs/openssl/Manifest                 |   1 -
 dev-libs/openssl/openssl-0.9.8z_p7.ebuild | 162 ------------------------------
 2 files changed, 163 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 5decc0a..e16c5f3 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,3 +1,2 @@
-DIST openssl-0.9.8zg.tar.gz 3826891 SHA256 06500060639930e471050474f537fcd28ec934af92ee282d78b52460fbe8f580 SHA512 c757454de321d168ac6d89fe2859966a9f07a8b28305bf697af9018db13fc457e0883346b3d35977461ab058442375563554ecb2a8756a687ff9fc2fdd9103c9 WHIRLPOOL 55ecf50a264a2ddd9b5755b5d90b9b736d2f27e0ba2fd529ccff3b68bbd726d1f60460182a0d215ae6712dbc4d3ef2df11339fb2d8424e049f54c3e904fcfab0
 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
 DIST openssl-1.0.2f.tar.gz 5258384 SHA256 932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c SHA512 50abf6dc94cafd06e7fd20770808bdc675c88daa369e4f752bd584ab17f72a57357c1ca1eca3c83e6745b5a3c9c73c99dce70adaa904d73f6df4c75bc7138351 WHIRLPOOL 179e1b5ad38c50a4c8110024aa7b33c53634c39690917e3bf5c2099548430beef96132ae9f9588ff0cedd6e08bb216a8d36835baaaa04e506fb3fbaed37d31c9

diff --git a/dev-libs/openssl/openssl-0.9.8z_p7.ebuild b/dev-libs/openssl/openssl-0.9.8z_p7.ebuild
deleted file mode 100644
index 817c1c8..0000000
--- a/dev-libs/openssl/openssl-0.9.8z_p7.ebuild
+++ /dev/null
@@ -1,162 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-PLEVEL=$(echo "${PV##*_p}" | tr '[1-9]' '[a-i]')
-MY_PV=${PV/_p*/${PLEVEL}}
-MY_P=${PN}-${MY_PV}
-S="${WORKDIR}/${MY_P}"
-DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0.9.8"
-KEYWORDS="alpha amd64 arm ~hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r4
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)
-	!=dev-libs/openssl-0.9.8*:0"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-
-# Do not install any docs
-DOCS=()
-
-src_prepare() {
-	epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
-	epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
-	epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
-		Makefile{,.org} \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-	# update the enginedir path.
-	# punt broken config we don't care about as it fails sanity check.
-	sed -i \
-		-e '/^"debug-ben-debug-64"/d' \
-		-e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \
-		Configure || die
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags -Wa,--noexecstack
-
-	sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
-	sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-
-	tc-export CC AR RANLIB
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		enable-idea \
-		enable-mdc2 \
-		$(use_ssl !bindist rc5) \
-		enable-tlsext \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl zlib) \
-		--prefix=/usr \
-		--openssldir=/etc/ssl \
-		shared threads \
-		|| die "Configure failed"
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts
-	emake -j1 depend
-	emake -j1 build_libs
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	dolib.so lib{crypto,ssl}.so.0.9.8
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jason Donenfeld]

commit:     8229e4a37b86cfc4f45e6645401e922857de3cce
Author:     Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>
AuthorDate: Tue Feb  9 19:01:01 2016 +0000
Commit:     Jason Donenfeld <zx2c4 <AT> gentoo <DOT> org>
CommitDate: Tue Feb  9 19:01:01 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8229e4a3

dev-libs/openssl: the team didn't like my chacha patch

 dev-libs/openssl/Manifest                 |   1 -
 dev-libs/openssl/openssl-1.0.2e-r1.ebuild | 267 ------------------------------
 dev-libs/openssl/openssl-1.0.2f-r1.ebuild | 267 ------------------------------
 3 files changed, 535 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 1545e93..ddc4c31 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -2,7 +2,6 @@ DIST openssl-0.9.8zg.tar.gz 3826891 SHA256 06500060639930e471050474f537fcd28ec93
 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
 DIST openssl-1.0.1p.tar.gz 4560208 SHA256 bd5ee6803165c0fb60bbecbacacf244f1f90d2aa0d71353af610c29121e9b2f1 SHA512 64e475c53a85b78de7c5aa71a22d4bb3a456142842373ebf8f22e9857cb0352b646e591b21af866933baecdbdb5ac4a22aeb64914440c53a0f30cd25914029e5 WHIRLPOOL 2a81f3b9274e3fef37a2a88e3084d8283159b3a61db08e7805879905c87a74faa85bc6e570d18525741bd5c27c34fe09eeb58b2bfe500545d0f304716e14f819
 DIST openssl-1.0.1r.tar.gz 4547786 SHA256 784bd8d355ed01ce98b812f873f8b2313da61df7c7b5677fcf2e57b0863a3346 SHA512 7a5a2efe5d9421ea6f4f86f75ed40b4459b3825355ad18da3bdba28393bc50a6f457b2e1f11a31828f1af0d62a716d258ac7868fb719c9997f3bc750a1723e86 WHIRLPOOL de9c92f5ddb9bcaac967ac735696e739f5762b7d3a0b2430dbfa0c6cd7ac021fdf3c3257255a2fe995f24aa3550d59ce3067f030f09acc5d43b61dfda627686a
-DIST openssl-1.0.2e-chacha20poly1305.patch 140487 SHA256 6a486814bfed8807089152116c2595d97ddc9f5afa9dd54276003ac4d7335adc SHA512 cbf550bd60dc8174910620d4acc6c7ce9f09584004a5833e75f02e095107b8d6b2abfc395a64b5039693e7a37e62da59cc9870bf0bcc14de3660c2e188e6ca1c WHIRLPOOL 7cbe55f498005af163158a323554b10081f1ae13107e32254a0348bed108856e120ef8340f0cd4af5ca310405c9683d1a7c70a34369c8a3359c8ea11b08b6774
 DIST openssl-1.0.2e.tar.gz 5256555 SHA256 e23ccafdb75cfcde782da0151731aa2185195ac745eea3846133f2e05c0e0bff SHA512 b73f114a117ccab284cf5891dac050e3016d28e0b1fc71639442cdb42accef676115af90a12deff4bcc1f599cc0cbdeb38142cbf4570bd7d03634786ad32c95f WHIRLPOOL 8e1c1800a66f57fa78dc391e717e4b2bdf0e6e37a837c5ac033d7a4b1a6437451c7e7540c4ec2f75f936a2d2ef4f9293b42c76f51b0c9c93706639589612f196
 DIST openssl-1.0.2f.tar.gz 5258384 SHA256 932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c SHA512 50abf6dc94cafd06e7fd20770808bdc675c88daa369e4f752bd584ab17f72a57357c1ca1eca3c83e6745b5a3c9c73c99dce70adaa904d73f6df4c75bc7138351 WHIRLPOOL 179e1b5ad38c50a4c8110024aa7b33c53634c39690917e3bf5c2099548430beef96132ae9f9588ff0cedd6e08bb216a8d36835baaaa04e506fb3fbaed37d31c9
 DIST openssl-c_rehash.sh.1.7 4167 SHA256 4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0 SHA512 55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da WHIRLPOOL c88f06a3b8651f76b6289552cccceb64e13f6697c5f0ce3ff114c781ce1c218912b8ee308af9d087cd76a9600fdacda1953175bff07d7d3eb21b0c0b7f4f1ce1

diff --git a/dev-libs/openssl/openssl-1.0.2e-r1.ebuild b/dev-libs/openssl/openssl-1.0.2e-r1.ebuild
deleted file mode 100644
index 1d16bf2..0000000
--- a/dev-libs/openssl/openssl-1.0.2e-r1.ebuild
+++ /dev/null
@@ -1,267 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-         http://dev.gentoo.org/~robbat2/distfiles/${PN}-1.0.2e-chacha20poly1305.patch"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-# The blocks are temporary just to make sure people upgrade to a
-# version that lack runtime version checking.  We'll drop them in
-# the future.
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)
-	!<net-misc/openssh-5.9_p1-r4
-	!<net-libs/neon-0.29.6-r1"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
-		epatch "${FILESDIR}"/${PN}-1.0.2e-parallel-build.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
-		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
-		epatch "${DISTDIR}"/${PN}-1.0.2e-chacha20poly1305.patch
-
-		epatch_user #332661
-	fi
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-	dohtml -r doc/*
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-
-	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}

diff --git a/dev-libs/openssl/openssl-1.0.2f-r1.ebuild b/dev-libs/openssl/openssl-1.0.2f-r1.ebuild
deleted file mode 100644
index 9725895..0000000
--- a/dev-libs/openssl/openssl-1.0.2f-r1.ebuild
+++ /dev/null
@@ -1,267 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-         http://dev.gentoo.org/~robbat2/distfiles/${PN}-1.0.2e-chacha20poly1305.patch"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-# The blocks are temporary just to make sure people upgrade to a
-# version that lack runtime version checking.  We'll drop them in
-# the future.
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)
-	!<net-misc/openssh-5.9_p1-r4
-	!<net-libs/neon-0.29.6-r1"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
-		epatch "${FILESDIR}"/${PN}-1.0.2e-parallel-build.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
-		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
-		epatch "${DISTDIR}"/${PN}-1.0.2e-chacha20poly1305.patch
-
-		epatch_user #332661
-	fi
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-	dohtml -r doc/*
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-
-	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Frysinger]

commit:     26cd68f406fbc31eaee8916150d53ba1ad84ff85
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Feb  1 18:39:50 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Feb  2 18:50:12 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26cd68f4

dev-libs/openssl: mark 1.0.2f arm64/m68k stable

 dev-libs/openssl/openssl-1.0.2f.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2f.ebuild b/dev-libs/openssl/openssl-1.0.2f.ebuild
index 2ac80d2..a7c3eb6 100644
--- a/dev-libs/openssl/openssl-1.0.2f.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2f.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     418790ba3f1bd35381283d4ac14301bb8927182e
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 30 12:57:50 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Sat Jan 30 12:58:05 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=418790ba

dev-libs/openssl: Stable for HPPA (bug #572854).

Package-Manager: portage-2.2.27
RepoMan-Options: --ignore-arches

 dev-libs/openssl/openssl-1.0.1r.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.1r.ebuild b/dev-libs/openssl/openssl-1.0.1r.ebuild
index 2b329a4..8d590fa 100644
--- a/dev-libs/openssl/openssl-1.0.1r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.1r.ebuild
@@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     0fd0704216881aa1e5d1035ec2d4d937155871bb
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 30 10:29:34 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Sat Jan 30 10:29:59 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0fd07042

dev-libs/openssl: Stable for HPPA (bug #572854).

Package-Manager: portage-2.2.27
RepoMan-Options: --ignore-arches

 dev-libs/openssl/openssl-1.0.2f.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2f.ebuild b/dev-libs/openssl/openssl-1.0.2f.ebuild
index 82389bb..2ac80d2 100644
--- a/dev-libs/openssl/openssl-1.0.2f.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2f.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     20e72eeeb4c15b7bdcb57da76d8e7d9bb3b0f112
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 29 08:34:04 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Jan 29 08:34:04 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20e72eee

dev-libs/openssl: stable for alpha/amd64/arm/ia64/ppc/ppc64/s390/sh/sparc/x86 wrt security bug #572854

Package-Manager: portage-2.2.26
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.1r.ebuild | 2 +-
 dev-libs/openssl/openssl-1.0.2f.ebuild | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-1.0.1r.ebuild b/dev-libs/openssl/openssl-1.0.1r.ebuild
index 234c6cc..2b329a4 100644
--- a/dev-libs/openssl/openssl-1.0.1r.ebuild
+++ b/dev-libs/openssl/openssl-1.0.1r.ebuild
@@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

diff --git a/dev-libs/openssl/openssl-1.0.2f.ebuild b/dev-libs/openssl/openssl-1.0.2f.ebuild
index 721dde4..82389bb 100644
--- a/dev-libs/openssl/openssl-1.0.2f.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2f.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     0d03ae871d41e256ed42dce190a6810274c3113d
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 26 12:16:02 2015 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sat Dec 26 12:16:02 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d03ae87

dev-libs/openssl: x86 stable wrt bug #567476

Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-0.9.8z_p8.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild b/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
index 5e1ae78f..8f17833 100644
--- a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
+++ b/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
@@ -18,7 +18,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0.9.8"
-KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~sparc-fbsd ~x86-fbsd"
 IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     9615cd794b5315929517acbf95c21a5067a338e5
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 26 12:02:37 2015 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sat Dec 26 12:02:37 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9615cd79

dev-libs/openssl: ppc stable wrt bug #567476

Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2e.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2e.ebuild b/dev-libs/openssl/openssl-1.0.2e.ebuild
index 5ce910c..444743d 100644
--- a/dev-libs/openssl/openssl-1.0.2e.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2e.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ~ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Frysinger]

commit:     904e494078495c00a4f8ebc0bf93d4de5b1ad69b
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 13 01:35:13 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Dec 13 01:36:28 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=904e4940

dev-libs/openssl: mark 1.0.2e arm64/m68k/s390/sh/sparc/x86 stable #567476

 dev-libs/openssl/openssl-1.0.2e.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2e.ebuild b/dev-libs/openssl/openssl-1.0.2e.ebuild
index bbffaea..5ce910c 100644
--- a/dev-libs/openssl/openssl-1.0.2e.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2e.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ~ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     d07b8d8711d7c409144af09c895bc5f2f6641585
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 11 10:58:45 2015 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Fri Dec 11 10:58:45 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d07b8d87

dev-libs/openssl: ia64 stable wrt bug #567476

Package-Manager: portage-2.2.20.1

 dev-libs/openssl/openssl-1.0.2e.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2e.ebuild b/dev-libs/openssl/openssl-1.0.2e.ebuild
index 0f67184..bbffaea 100644
--- a/dev-libs/openssl/openssl-1.0.2e.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2e.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Markus Meier]

commit:     b36bb967c987ee22f2b6738ccff8c4d26b9e5365
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Wed Dec  9 05:48:16 2015 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Wed Dec  9 05:48:16 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b36bb967

dev-libs/openssl: arm stable, bug #567476

Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="arm"

 dev-libs/openssl/openssl-1.0.2e.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2e.ebuild b/dev-libs/openssl/openssl-1.0.2e.ebuild
index 90cb5c6..0f67184 100644
--- a/dev-libs/openssl/openssl-1.0.2e.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2e.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     802fb11dcfd5a88398182c30b53a8f2e1dc894cf
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Dec  7 10:01:46 2015 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Dec  7 10:01:46 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=802fb11d

dev-libs/openssl: amd64 stable wrt bug #567476

Package-Manager: portage-2.2.20.1
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/openssl/openssl-0.9.8z_p8.ebuild | 2 +-
 dev-libs/openssl/openssl-1.0.2e.ebuild    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild b/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
index 3897edd..5e1ae78f 100644
--- a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
+++ b/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
@@ -18,7 +18,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0.9.8"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
 IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
 RESTRICT="!bindist? ( bindist )"
 

diff --git a/dev-libs/openssl/openssl-1.0.2e.ebuild b/dev-libs/openssl/openssl-1.0.2e.ebuild
index 28f8d53..90cb5c6 100644
--- a/dev-libs/openssl/openssl-1.0.2e.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2e.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Matt Turner]

commit:     6bd83a7fc3d30087c4b5054d05336d1d0c89c905
Author:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Sun Dec  6 22:18:16 2015 +0000
Commit:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Sun Dec  6 23:04:15 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6bd83a7f

dev-libs/openssl: alpha stable, bug 567476.

 dev-libs/openssl/openssl-1.0.2e.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2e.ebuild b/dev-libs/openssl/openssl-1.0.2e.ebuild
index e45937e..28f8d53 100644
--- a/dev-libs/openssl/openssl-1.0.2e.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2e.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     c9f905125822d653f30f6231acc7df4159c331ae
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Sat Dec  5 20:39:59 2015 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Sat Dec  5 20:39:59 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9f90512

dev-libs/openssl: Stable for HPPA PPC64 (bug #567476).

Package-Manager: portage-2.2.26
RepoMan-Options: --ignore-arches

 dev-libs/openssl/openssl-1.0.2e.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2e.ebuild b/dev-libs/openssl/openssl-1.0.2e.ebuild
index e8c229f..e45937e 100644
--- a/dev-libs/openssl/openssl-1.0.2e.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2e.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Julian Ospald]

commit:     d9c112bf8c2fc7cd6079b95f81777441bd17b733
Author:     Julian Ospald <hasufell <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 18 20:42:53 2015 +0000
Commit:     Julian Ospald <hasufell <AT> gentoo <DOT> org>
CommitDate: Tue Oct 20 23:16:31 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9c112bf

dev-libs/openssl: add SLOT description to metadata.xml

 dev-libs/openssl/metadata.xml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml
index 5e30a85..f457065 100644
--- a/dev-libs/openssl/metadata.xml
+++ b/dev-libs/openssl/metadata.xml
@@ -12,4 +12,10 @@
 <upstream>
  <remote-id type="cpe">cpe:/a:openssl:openssl</remote-id>
 </upstream>
+<slots>
+ <slot name="0">For building against. This is the only slot
+  that provides headers and command line tools.</slot>
+ <slot name="0.9.8">For binary compatibility, provides libcrypto.so.0.9.8
+  and libssl.so.0.9.8 only.</slot>
+</slots>
 </pkgmetadata>

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Frysinger]

commit:     ced302918291e52540c5489ac2b38fe50ed051ac
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Oct  5 20:47:25 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Oct  5 20:49:10 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ced30291

dev-libs/openssl: move diffutils behind USE=test #55560

The `cmp` prog is only used when running tests, so put it behind USE=test
rather than requiring it at build time all the time.

 dev-libs/openssl/openssl-0.9.8z_p7.ebuild | 6 ++++--
 dev-libs/openssl/openssl-1.0.2d-r2.ebuild | 6 ++++--
 dev-libs/openssl/openssl-1.0.2d.ebuild    | 6 ++++--
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/dev-libs/openssl/openssl-0.9.8z_p7.ebuild b/dev-libs/openssl/openssl-0.9.8z_p7.ebuild
index d3807f0..817c1c8 100644
--- a/dev-libs/openssl/openssl-0.9.8z_p7.ebuild
+++ b/dev-libs/openssl/openssl-0.9.8z_p7.ebuild
@@ -31,9 +31,11 @@ RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
 	)
 	!=dev-libs/openssl-0.9.8*:0"
 DEPEND="${RDEPEND}
-	sys-apps/diffutils
 	>=dev-lang/perl-5
-	test? ( sys-devel/bc )"
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
 
 # Do not install any docs
 DOCS=()

diff --git a/dev-libs/openssl/openssl-1.0.2d-r2.ebuild b/dev-libs/openssl/openssl-1.0.2d-r2.ebuild
index 7d2d03c..e45dd24 100644
--- a/dev-libs/openssl/openssl-1.0.2d-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2d-r2.ebuild
@@ -31,10 +31,12 @@ RDEPEND=">=app-misc/c_rehash-1.7-r1
 	!<net-misc/openssh-5.9_p1-r4
 	!<net-libs/neon-0.29.6-r1"
 DEPEND="${RDEPEND}
-	sys-apps/diffutils
 	>=dev-lang/perl-5
 	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? ( sys-devel/bc )"
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
 PDEPEND="app-misc/ca-certificates"
 
 S="${WORKDIR}/${MY_P}"

diff --git a/dev-libs/openssl/openssl-1.0.2d.ebuild b/dev-libs/openssl/openssl-1.0.2d.ebuild
index ec9fb82..98f1978 100644
--- a/dev-libs/openssl/openssl-1.0.2d.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2d.ebuild
@@ -32,10 +32,12 @@ RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 	!<net-misc/openssh-5.9_p1-r4
 	!<net-libs/neon-0.29.6-r1"
 DEPEND="${RDEPEND}
-	sys-apps/diffutils
 	>=dev-lang/perl-5
 	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? ( sys-devel/bc )"
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
 PDEPEND="app-misc/ca-certificates"
 
 S="${WORKDIR}/${MY_P}"

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Julian Ospald]

commit:     14f33223d861fe9be57186f7e625cf74f52e2273
Author:     Julian Ospald <hasufell <AT> gentoo <DOT> org>
AuthorDate: Thu Oct  1 13:48:32 2015 +0000
Commit:     Julian Ospald <hasufell <AT> gentoo <DOT> org>
CommitDate: Thu Oct  1 13:48:52 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=14f33223

dev-libs/openssl: improve error handling

 dev-libs/openssl/openssl-1.0.2d-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2d-r2.ebuild b/dev-libs/openssl/openssl-1.0.2d-r2.ebuild
index c7bf2e2..7d2d03c 100644
--- a/dev-libs/openssl/openssl-1.0.2d-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2d-r2.ebuild
@@ -201,7 +201,7 @@ multilib_src_install() {
 multilib_src_install_all() {
 	# openssl installs perl version of c_rehash by default, but
 	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
 
 	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
 	dohtml -r doc/*

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Julian Ospald]

commit:     c4c12cc9ea4ca269107df171634d8994c65db05e
Author:     Julian Ospald <hasufell <AT> gentoo <DOT> org>
AuthorDate: Thu Oct  1 11:41:38 2015 +0000
Commit:     Julian Ospald <hasufell <AT> gentoo <DOT> org>
CommitDate: Thu Oct  1 11:48:04 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4c12cc9

dev-libs/openssl: fix file collision with app-misc/c_rehash

Although we didn't install our c_rehash script, the
default install rules from the openssl build system
installs a perl version, triggering a file collision.

Gentoo-Bug: 561852

 .../openssl/{openssl-1.0.2d-r1.ebuild => openssl-1.0.2d-r2.ebuild}    | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/dev-libs/openssl/openssl-1.0.2d-r1.ebuild b/dev-libs/openssl/openssl-1.0.2d-r2.ebuild
similarity index 98%
rename from dev-libs/openssl/openssl-1.0.2d-r1.ebuild
rename to dev-libs/openssl/openssl-1.0.2d-r2.ebuild
index 29aa83c..c7bf2e2 100644
--- a/dev-libs/openssl/openssl-1.0.2d-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2d-r2.ebuild
@@ -199,6 +199,10 @@ multilib_src_install() {
 }
 
 multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash
+
 	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
 	dohtml -r doc/*
 	use rfc3779 && dodoc engines/ccgost/README.gost

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Julian Ospald]

commit:     a929c473bae301e38fee2c0515056e1ce93ced57
Author:     Julian Ospald <hasufell <AT> gentoo <DOT> org>
AuthorDate: Thu Oct  1 09:35:48 2015 +0000
Commit:     Julian Ospald <hasufell <AT> gentoo <DOT> org>
CommitDate: Thu Oct  1 09:35:48 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a929c473

dev-libs/openssl: use app-misc/c_rehash

Gentoo-Bug: 561852
Reviewed-By: SpanKY <vapier <AT> gentoo.org>

 dev-libs/openssl/openssl-1.0.2d-r1.ebuild | 259 ++++++++++++++++++++++++++++++
 1 file changed, 259 insertions(+)

diff --git a/dev-libs/openssl/openssl-1.0.2d-r1.ebuild b/dev-libs/openssl/openssl-1.0.2d-r1.ebuild
new file mode 100644
index 0000000..29aa83c
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2d-r1.ebuild
@@ -0,0 +1,259 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+# The blocks are temporary just to make sure people upgrade to a
+# version that lack runtime version checking.  We'll drop them in
+# the future.
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)
+	!<net-misc/openssh-5.9_p1-r4
+	!<net-libs/neon-0.29.6-r1"
+DEPEND="${RDEPEND}
+	sys-apps/diffutils
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? ( sys-devel/bc )"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
+		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
+		epatch "${FILESDIR}"/${PN}-1.0.2d-parallel-build.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
+
+		epatch_user #332661
+	fi
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		$(use_ssl !bindist ec) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake INSTALL_PREFIX="${D}" install
+}
+
+multilib_src_install_all() {
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
+	dohtml -r doc/*
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+
+	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Agostino Sarubbo]

commit:     f303933eae13351251bfc11779f831be282194af
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 21 11:27:08 2015 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Sep 21 11:27:08 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f303933e

dev-libs/openssl: sparc stable wrt bug #555176

Package-Manager: portage-2.2.20.1
RepoMan-Options: --include-arches="sparc"

 dev-libs/openssl/openssl-1.0.2d.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2d.ebuild b/dev-libs/openssl/openssl-1.0.2d.ebuild
index 461e714..ec9fb82 100644
--- a/dev-libs/openssl/openssl-1.0.2d.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2d.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     fd58a8799bc79b68eae61b2465f1d7dae40ba18f
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sat Sep  5 18:12:33 2015 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sat Sep  5 18:12:50 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd58a879

dev-libs/openssl: x86 stable wrt bug #555176

Package-Manager: portage-2.2.20.1

 dev-libs/openssl/openssl-1.0.2d.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2d.ebuild b/dev-libs/openssl/openssl-1.0.2d.ebuild
index 6b42774..8947be6 100644
--- a/dev-libs/openssl/openssl-1.0.2d.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2d.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Anthony G. Basile]

commit:     d692db1678bbce6b887c79f79bd25b793095a662
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Sep  3 21:36:47 2015 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Sep  3 21:36:47 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d692db16

dev-libs/openssl: stable on ppc, bug #555176

Package-Manager: portage-2.2.20.1

 dev-libs/openssl/openssl-1.0.2d.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2d.ebuild b/dev-libs/openssl/openssl-1.0.2d.ebuild
index 37fe1cd..6b42774 100644
--- a/dev-libs/openssl/openssl-1.0.2d.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2d.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ~ppc ppc64 s390 sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Markus Meier]

commit:     7540d341d27991b3d9c2cc72e968fbe939206a39
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  2 19:45:45 2015 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Wed Sep  2 19:45:45 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7540d341

dev-libs/openssl: arm stable, bug #555176

Package-Manager: portage-2.2.20.1
RepoMan-Options: --include-arches="arm"

 dev-libs/openssl/openssl-1.0.2d.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2d.ebuild b/dev-libs/openssl/openssl-1.0.2d.ebuild
index ddf8db9..37fe1cd 100644
--- a/dev-libs/openssl/openssl-1.0.2d.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2d.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 m68k ~mips ~ppc ppc64 s390 sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ~ppc ppc64 s390 sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mike Frysinger]

commit:     7db16348eb80becb86a0599aff76f29640f797d4
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  2 04:52:53 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Sep  2 04:52:53 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7db16348

dev-libs/openssl: mark 1.0.2d arm64/ia64/m68k/s390/sh stable #555176

 dev-libs/openssl/openssl-1.0.2d.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2d.ebuild b/dev-libs/openssl/openssl-1.0.2d.ebuild
index 7b74d57..ddf8db9 100644
--- a/dev-libs/openssl/openssl-1.0.2d.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2d.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 m68k ~mips ~ppc ppc64 s390 sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Jeroen Roovers]

commit:     c7d35c79a247009db0a0bc5ab8fa18c9ea4a689c
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  2 04:19:14 2015 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Wed Sep  2 04:19:14 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c7d35c79

dev-libs/openssl: Stable for HPPA PPC64 (bug #555176).

Package-Manager: portage-2.2.20.1

 dev-libs/openssl/openssl-1.0.2d.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2d.ebuild b/dev-libs/openssl/openssl-1.0.2d.ebuild
index b77acae..7b74d57 100644
--- a/dev-libs/openssl/openssl-1.0.2d.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2d.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Tobias Klausmann]

commit:     25725d8667471a103d355d22ebab0af7afbb7f5a
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 30 13:07:10 2015 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Sun Aug 30 13:07:10 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25725d86

dev-libs/openssl: add alpha keyword

Gentoo-Bug: 555176

Package-Manager: portage-2.2.20.1

 dev-libs/openssl/openssl-1.0.2d.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2d.ebuild b/dev-libs/openssl/openssl-1.0.2d.ebuild
index a0769a3..b77acae 100644
--- a/dev-libs/openssl/openssl-1.0.2d.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2d.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 

[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

[Mikle Kolyada]

commit:     ea75851795bdc93a0ab373f0fdcd20fe4f9588bc
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 26 09:51:59 2015 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Aug 26 09:51:59 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea758517

dev-libs/openssl: amd64 stable wrt bug #555176

Package-Manager: portage-2.2.20.1

 dev-libs/openssl/openssl-1.0.2d.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/openssl/openssl-1.0.2d.ebuild b/dev-libs/openssl/openssl-1.0.2d.ebuild
index 5a63f12..a0769a3 100644
--- a/dev-libs/openssl/openssl-1.0.2d.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2d.ebuild
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"