commit: e47b9611f34d6141b0e389e94e0b84135afa25ba Author: Doug Goldstein <cardoe <AT> gentoo <DOT> org> AuthorDate: Fri Feb 26 22:45:58 2016 +0000 Commit: Doug Goldstein <cardoe <AT> gentoo <DOT> org> CommitDate: Fri Feb 26 22:45:58 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e47b9611
dev-libs/openssl: remove vulnerable versions Due to multiple vulnerabilities remove outdated versions of OpenSSL. Gentoo-Bug: 567476 Package-Manager: portage-2.2.26 Signed-off-by: Doug Goldstein <cardoe <AT> gentoo.org> dev-libs/openssl/Manifest | 4 - .../openssl/files/openssl-1.0.0h-pkg-config.patch | 34 -- ...enssl-1.0.1f-revert-alpha-perl-generation.patch | 84 --- dev-libs/openssl/files/openssl-1.0.1m-ipv6.patch | 618 --------------------- dev-libs/openssl/files/openssl-1.0.1m-x32.patch | 66 --- .../files/openssl-1.0.1p-parallel-build.patch | 359 ------------ dev-libs/openssl/files/openssl-1.0.1r-x32.patch | 66 --- dev-libs/openssl/openssl-1.0.1p.ebuild | 259 --------- dev-libs/openssl/openssl-1.0.1r.ebuild | 256 --------- dev-libs/openssl/openssl-1.0.2e.ebuild | 265 --------- 10 files changed, 2011 deletions(-) diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index ddc4c31..5decc0a 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -1,7 +1,3 @@ DIST openssl-0.9.8zg.tar.gz 3826891 SHA256 06500060639930e471050474f537fcd28ec934af92ee282d78b52460fbe8f580 SHA512 c757454de321d168ac6d89fe2859966a9f07a8b28305bf697af9018db13fc457e0883346b3d35977461ab058442375563554ecb2a8756a687ff9fc2fdd9103c9 WHIRLPOOL 55ecf50a264a2ddd9b5755b5d90b9b736d2f27e0ba2fd529ccff3b68bbd726d1f60460182a0d215ae6712dbc4d3ef2df11339fb2d8424e049f54c3e904fcfab0 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf -DIST openssl-1.0.1p.tar.gz 4560208 SHA256 bd5ee6803165c0fb60bbecbacacf244f1f90d2aa0d71353af610c29121e9b2f1 SHA512 64e475c53a85b78de7c5aa71a22d4bb3a456142842373ebf8f22e9857cb0352b646e591b21af866933baecdbdb5ac4a22aeb64914440c53a0f30cd25914029e5 WHIRLPOOL 2a81f3b9274e3fef37a2a88e3084d8283159b3a61db08e7805879905c87a74faa85bc6e570d18525741bd5c27c34fe09eeb58b2bfe500545d0f304716e14f819 -DIST openssl-1.0.1r.tar.gz 4547786 SHA256 784bd8d355ed01ce98b812f873f8b2313da61df7c7b5677fcf2e57b0863a3346 SHA512 7a5a2efe5d9421ea6f4f86f75ed40b4459b3825355ad18da3bdba28393bc50a6f457b2e1f11a31828f1af0d62a716d258ac7868fb719c9997f3bc750a1723e86 WHIRLPOOL de9c92f5ddb9bcaac967ac735696e739f5762b7d3a0b2430dbfa0c6cd7ac021fdf3c3257255a2fe995f24aa3550d59ce3067f030f09acc5d43b61dfda627686a -DIST openssl-1.0.2e.tar.gz 5256555 SHA256 e23ccafdb75cfcde782da0151731aa2185195ac745eea3846133f2e05c0e0bff SHA512 b73f114a117ccab284cf5891dac050e3016d28e0b1fc71639442cdb42accef676115af90a12deff4bcc1f599cc0cbdeb38142cbf4570bd7d03634786ad32c95f WHIRLPOOL 8e1c1800a66f57fa78dc391e717e4b2bdf0e6e37a837c5ac033d7a4b1a6437451c7e7540c4ec2f75f936a2d2ef4f9293b42c76f51b0c9c93706639589612f196 DIST openssl-1.0.2f.tar.gz 5258384 SHA256 932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c SHA512 50abf6dc94cafd06e7fd20770808bdc675c88daa369e4f752bd584ab17f72a57357c1ca1eca3c83e6745b5a3c9c73c99dce70adaa904d73f6df4c75bc7138351 WHIRLPOOL 179e1b5ad38c50a4c8110024aa7b33c53634c39690917e3bf5c2099548430beef96132ae9f9588ff0cedd6e08bb216a8d36835baaaa04e506fb3fbaed37d31c9 -DIST openssl-c_rehash.sh.1.7 4167 SHA256 4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0 SHA512 55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da WHIRLPOOL c88f06a3b8651f76b6289552cccceb64e13f6697c5f0ce3ff114c781ce1c218912b8ee308af9d087cd76a9600fdacda1953175bff07d7d3eb21b0c0b7f4f1ce1 diff --git a/dev-libs/openssl/files/openssl-1.0.0h-pkg-config.patch b/dev-libs/openssl/files/openssl-1.0.0h-pkg-config.patch deleted file mode 100644 index 66fd822..0000000 --- a/dev-libs/openssl/files/openssl-1.0.0h-pkg-config.patch +++ /dev/null @@ -1,34 +0,0 @@ -https://rt.openssl.org/Ticket/Display.html?id=3332&user=guest&pass=guest - -depend on other pc files rather than encoding library info directly in -every pkg-config file - ---- a/Makefile.org -+++ b/Makefile.org -@@ -335,11 +335,11 @@ libssl.pc: Makefile - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ - echo 'includedir=$${prefix}/include'; \ - echo ''; \ -- echo 'Name: OpenSSL'; \ -+ echo 'Name: OpenSSL-libssl'; \ - echo 'Description: Secure Sockets Layer and cryptography libraries'; \ - echo 'Version: '$(VERSION); \ -- echo 'Requires: '; \ -- echo 'Libs: -L$${libdir} -lssl -lcrypto'; \ -+ echo 'Requires.private: libcrypto'; \ -+ echo 'Libs: -L$${libdir} -lssl'; \ - echo 'Libs.private: $(EX_LIBS)'; \ - echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc - -@@ -352,10 +353,7 @@ openssl.pc: Makefile - echo 'Name: OpenSSL'; \ - echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ - echo 'Version: '$(VERSION); \ -- echo 'Requires: '; \ -- echo 'Libs: -L$${libdir} -lssl -lcrypto'; \ -- echo 'Libs.private: $(EX_LIBS)'; \ -- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc -+ echo 'Requires: libssl libcrypto' ) > openssl.pc - - Makefile: Makefile.org Configure config - @echo "Makefile is older than Makefile.org, Configure or config." diff --git a/dev-libs/openssl/files/openssl-1.0.1f-revert-alpha-perl-generation.patch b/dev-libs/openssl/files/openssl-1.0.1f-revert-alpha-perl-generation.patch deleted file mode 100644 index 1a942d2..0000000 --- a/dev-libs/openssl/files/openssl-1.0.1f-revert-alpha-perl-generation.patch +++ /dev/null @@ -1,84 +0,0 @@ -https://bugs.gentoo.org/499086 -https://rt.openssl.org/Ticket/Display.html?id=3333&user=guest&pass=guest - -when gcc is given a .s file and told to preprocess it, it outputs nothing - -From a2976461784ce463fc7f336cd0dce607d21c2fad Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vap...@gentoo.org> -Date: Sat, 25 Jan 2014 05:44:47 -0500 -Subject: [PATCH] Revert "Make Makefiles OSF-make-friendly." - -This reverts commit d1cf23ac86c05b22b8780e2c03b67230564d2d34. ---- - crypto/Makefile | 4 +--- - crypto/bn/Makefile | 4 +--- - crypto/evp/Makefile | 2 +- - crypto/modes/Makefile | 5 +---- - crypto/sha/Makefile | 4 +--- - util/shlib_wrap.sh | 6 +----- - 6 files changed, 6 insertions(+), 19 deletions(-) - -diff --git a/crypto/Makefile b/crypto/Makefile -index b253f50..1de9d5f 100644 ---- a/crypto/Makefile -+++ b/crypto/Makefile -@@ -86,9 +86,7 @@ ia64cpuid.s: ia64cpuid.S; $(CC) $(CFLAGS) -E ia64cpuid.S > $@ - ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@ - pariscid.s: pariscid.pl; $(PERL) pariscid.pl $(PERLASM_SCHEME) $@ - alphacpuid.s: alphacpuid.pl -- (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \ -- $(PERL) alphacpuid.pl > $$preproc && \ -- $(CC) -E $$preproc > $@ && rm $$preproc) -+ $(PERL) $< | $(CC) -E - | tee $@ > /dev/null - - subdirs: - @target=all; $(RECURSIVE_MAKE) -diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile -index b62b676..6c03363 100644 ---- a/crypto/bn/Makefile -+++ b/crypto/bn/Makefile -@@ -136,9 +136,7 @@ ppc-mont.s: asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@ - ppc64-mont.s: asm/ppc64-mont.pl;$(PERL) asm/ppc64-mont.pl $(PERLASM_SCHEME) $@ - - alpha-mont.s: asm/alpha-mont.pl -- (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \ -- $(PERL) asm/alpha-mont.pl > $$preproc && \ -- $(CC) -E $$preproc > $@ && rm $$preproc) -+ $(PERL) $< | $(CC) -E - | tee $@ > /dev/null - - # GNU make "catch all" - %-mont.S: asm/%-mont.pl; $(PERL) $< $(PERLASM_SCHEME) $@ -diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile -index ce0dcd6..88ac65e 100644 ---- a/crypto/modes/Makefile -+++ b/crypto/modes/Makefile -@@ -55,10 +55,7 @@ aesni-gcm-x86_64.s: asm/aesni-gcm-x86_64.pl - ghash-sparcv9.s: asm/ghash-sparcv9.pl - $(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS) - ghash-alpha.s: asm/ghash-alpha.pl -- (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \ -- $(PERL) asm/ghash-alpha.pl > $$preproc && \ -- $(CC) -E $$preproc > $@ && rm $$preproc) -- -+ $(PERL) $< | $(CC) -E - | tee $@ > /dev/null - ghash-parisc.s: asm/ghash-parisc.pl - $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@ - -diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile -index 64eab6c..63fba69 100644 ---- a/crypto/sha/Makefile -+++ b/crypto/sha/Makefile -@@ -60,9 +60,7 @@ sha256-armv4.S: asm/sha256-armv4.pl - $(PERL) $< $(PERLASM_SCHEME) $@ - - sha1-alpha.s: asm/sha1-alpha.pl -- (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \ -- $(PERL) asm/sha1-alpha.pl > $$preproc && \ -- $(CC) -E $$preproc > $@ && rm $$preproc) -+ $(PERL) $< | $(CC) -E - | tee $@ > /dev/null - - # Solaris make has to be explicitly told - sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@ --- -1.8.5.3 - diff --git a/dev-libs/openssl/files/openssl-1.0.1m-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.1m-ipv6.patch deleted file mode 100644 index 34a7e53..0000000 --- a/dev-libs/openssl/files/openssl-1.0.1m-ipv6.patch +++ /dev/null @@ -1,618 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest - -Forward ported from openssl-1.0.1h-ipv6.patch - -Signed-off-by: Lars Wendler <polynomia...@gentoo.org> - ---- openssl-1.0.1m/apps/s_apps.h -+++ openssl-1.0.1m/apps/s_apps.h -@@ -153,7 +153,7 @@ typedef fd_mask fd_set; - - int do_server(int port, int type, int *ret, - int (*cb) (char *hostname, int s, unsigned char *context), -- unsigned char *context); -+ unsigned char *context, int use_ipv4, int use_ipv6); - #ifdef HEADER_X509_H - int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); - #endif -@@ -161,7 +161,8 @@ int MS_CALLBACK verify_callback(int ok, - int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); - int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); - #endif --int init_client(int *sock, char *server, int port, int type); -+int init_client(int *sock, char *server, int port, int type, -+ int use_ipv4, int use_ipv6); - int should_retry(int i); - int extract_port(char *str, short *port_ptr); - int extract_host_port(char *str, char **host_ptr, unsigned char *ip, ---- openssl-1.0.1m/apps/s_client.c -+++ openssl-1.0.1m/apps/s_client.c -@@ -299,6 +299,10 @@ static void sc_usage(void) - { - BIO_printf(bio_err, "usage: s_client args\n"); - BIO_printf(bio_err, "\n"); -+ BIO_printf(bio_err," -4 - use IPv4 only\n"); -+#if OPENSSL_USE_IPV6 -+ BIO_printf(bio_err," -6 - use IPv6 only\n"); -+#endif - BIO_printf(bio_err, " -host host - use -connect instead\n"); - BIO_printf(bio_err, " -port port - use -connect instead\n"); - BIO_printf(bio_err, -@@ -629,6 +633,7 @@ int MAIN(int argc, char **argv) - int sbuf_len, sbuf_off; - fd_set readfds, writefds; - short port = PORT; -+ int use_ipv4, use_ipv6; - int full_log = 1; - char *host = SSL_HOST_NAME; - char *cert_file = NULL, *key_file = NULL; -@@ -673,7 +678,11 @@ int MAIN(int argc, char **argv) - #endif - char *sess_in = NULL; - char *sess_out = NULL; -- struct sockaddr peer; -+#if OPENSSL_USE_IPV6 -+ struct sockaddr_storage peer; -+#else -+ struct sockaddr_in peer; -+#endif - int peerlen = sizeof(peer); - int fallback_scsv = 0; - int enable_timeouts = 0; -@@ -689,6 +698,13 @@ int MAIN(int argc, char **argv) - - meth = SSLv23_client_method(); - -+ use_ipv4 = 1; -+#if OPENSSL_USE_IPV6 -+ use_ipv6 = 1; -+#else -+ use_ipv6 = 0; -+#endif -+ - apps_startup(); - c_Pause = 0; - c_quiet = 0; -@@ -985,6 +1001,16 @@ int MAIN(int argc, char **argv) - jpake_secret = *++argv; - } - #endif -+ else if (strcmp(*argv,"-4") == 0) { -+ use_ipv4 = 1; -+ use_ipv6 = 0; -+ } -+#if OPENSSL_USE_IPV6 -+ else if (strcmp(*argv,"-6") == 0) { -+ use_ipv4 = 0; -+ use_ipv6 = 1; -+ } -+#endif - #ifndef OPENSSL_NO_SRTP - else if (strcmp(*argv, "-use_srtp") == 0) { - if (--argc < 1) -@@ -1256,7 +1282,7 @@ int MAIN(int argc, char **argv) - - re_start: - -- if (init_client(&s, host, port, socket_type) == 0) { -+ if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) { - BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); - SHUTDOWN(s); - goto end; -@@ -1279,7 +1305,7 @@ int MAIN(int argc, char **argv) - if (SSL_version(con) == DTLS1_VERSION) { - - sbio = BIO_new_dgram(s, BIO_NOCLOSE); -- if (getsockname(s, &peer, (void *)&peerlen) < 0) { -+ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) { - BIO_printf(bio_err, "getsockname:errno=%d\n", - get_last_socket_error()); - SHUTDOWN(s); ---- openssl-1.0.1m/apps/s_server.c -+++ openssl-1.0.1m/apps/s_server.c -@@ -609,6 +609,10 @@ static void sv_usage(void) - " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); - # endif - #endif -+ BIO_printf(bio_err," -4 - use IPv4 only\n"); -+#if OPENSSL_USE_IPV6 -+ BIO_printf(bio_err," -6 - use IPv6 only\n"); -+#endif - BIO_printf(bio_err, - " -keymatexport label - Export keying material using label\n"); - BIO_printf(bio_err, -@@ -1003,6 +1007,7 @@ int MAIN(int argc, char *argv[]) - int state = 0; - const SSL_METHOD *meth = NULL; - int socket_type = SOCK_STREAM; -+ int use_ipv4, use_ipv6; - ENGINE *e = NULL; - char *inrand = NULL; - int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; -@@ -1031,6 +1036,13 @@ int MAIN(int argc, char *argv[]) - #endif - meth = SSLv23_server_method(); - -+ use_ipv4 = 1; -+#if OPENSSL_USE_IPV6 -+ use_ipv6 = 1; -+#else -+ use_ipv6 = 0; -+#endif -+ - local_argc = argc; - local_argv = argv; - -@@ -1356,6 +1368,16 @@ int MAIN(int argc, char *argv[]) - jpake_secret = *(++argv); - } - #endif -+ else if (strcmp(*argv,"-4") == 0) { -+ use_ipv4 = 1; -+ use_ipv6 = 0; -+ } -+#if OPENSSL_USE_IPV6 -+ else if (strcmp(*argv,"-6") == 0) { -+ use_ipv4 = 0; -+ use_ipv6 = 1; -+ } -+#endif - #ifndef OPENSSL_NO_SRTP - else if (strcmp(*argv, "-use_srtp") == 0) { - if (--argc < 1) -@@ -1850,9 +1872,11 @@ int MAIN(int argc, char *argv[]) - BIO_printf(bio_s_out, "ACCEPT\n"); - (void)BIO_flush(bio_s_out); - if (www) -- do_server(port, socket_type, &accept_socket, www_body, context); -+ do_server(port, socket_type, &accept_socket, www_body, context, -+ use_ipv4, use_ipv6); - else -- do_server(port, socket_type, &accept_socket, sv_body, context); -+ do_server(port, socket_type, &accept_socket, sv_body, context, -+ use_ipv4, use_ipv6); - print_stats(bio_s_out, ctx); - ret = 0; - end: ---- openssl-1.0.1m/apps/s_socket.c -+++ openssl-1.0.1m/apps/s_socket.c -@@ -101,16 +101,16 @@ typedef unsigned int u_int; - # include "netdb.h" - # endif - --static struct hostent *GetHostByName(char *name); -+static struct hostent *GetHostByName(char *name, int domain); - # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) - static void ssl_sock_cleanup(void); - # endif - static int ssl_sock_init(void); --static int init_client_ip(int *sock, unsigned char ip[4], int port, int type); --static int init_server(int *sock, int port, int type); --static int init_server_long(int *sock, int port, char *ip, int type); -+static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain); -+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6); -+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6); - static int do_accept(int acc_sock, int *sock, char **host); --static int host_ip(char *str, unsigned char ip[4]); -+static int host_ip(char *str, unsigned char *ip, int domain); - - # ifdef OPENSSL_SYS_WIN16 - # define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ -@@ -231,38 +231,66 @@ static int ssl_sock_init(void) - return (1); - } - --int init_client(int *sock, char *host, int port, int type) -+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6) - { -+#if OPENSSL_USE_IPV6 -+ unsigned char ip[16]; -+#else - unsigned char ip[4]; -+#endif - -- memset(ip, '\0', sizeof ip); -- if (!host_ip(host, &(ip[0]))) -- return 0; -- return init_client_ip(sock, ip, port, type); --} -- --static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) --{ -- unsigned long addr; -+ if (use_ipv4) -+ if (host_ip(host,ip,AF_INET)) -+ return(init_client_ip(sock,ip,port,type,AF_INET)); -+#if OPENSSL_USE_IPV6 -+ if (use_ipv6) -+ if (host_ip(host,ip,AF_INET6)) -+ return(init_client_ip(sock,ip,port,type,AF_INET6)); -+#endif -+ return 0; -+} -+ -+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain) -+{ -+#if OPENSSL_USE_IPV6 -+ struct sockaddr_storage them; -+ struct sockaddr_in *them_in = (struct sockaddr_in *)&them; -+ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them; -+#else - struct sockaddr_in them; -+ struct sockaddr_in *them_in = &them; -+#endif -+ socklen_t addr_len; - int s, i; - - if (!ssl_sock_init()) - return (0); - - memset((char *)&them, 0, sizeof(them)); -- them.sin_family = AF_INET; -- them.sin_port = htons((unsigned short)port); -- addr = (unsigned long) -- ((unsigned long)ip[0] << 24L) | -- ((unsigned long)ip[1] << 16L) | -- ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]); -- them.sin_addr.s_addr = htonl(addr); -+ if (domain == AF_INET) { -+ addr_len = (socklen_t)sizeof(struct sockaddr_in); -+ them_in->sin_family=AF_INET; -+ them_in->sin_port=htons((unsigned short)port); -+#ifndef BIT_FIELD_LIMITS -+ memcpy(&them_in->sin_addr.s_addr, ip, 4); -+#else -+ memcpy(&them_in->sin_addr, ip, 4); -+#endif -+ } else { -+#if OPENSSL_USE_IPV6 -+ addr_len = (socklen_t)sizeof(struct sockaddr_in6); -+ them_in6->sin6_family=AF_INET6; -+ them_in6->sin6_port=htons((unsigned short)port); -+ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr)); -+ } -+#else -+ return(0); -+#endif - - if (type == SOCK_STREAM) -- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); -+ s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL); - else /* ( type == SOCK_DGRAM) */ -- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); -+ s = socket(domain, SOCK_DGRAM, IPPROTO_UDP); - - if (s == INVALID_SOCKET) { - perror("socket"); -@@ -280,7 +308,7 @@ static int init_client_ip(int *sock, uns - } - # endif - -- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) { -+ if (connect(s, (struct sockaddr *)&them, addr_len) == -1) { - closesocket(s); - perror("connect"); - return (0); -@@ -291,14 +319,14 @@ static int init_client_ip(int *sock, uns - - int do_server(int port, int type, int *ret, - int (*cb) (char *hostname, int s, unsigned char *context), -- unsigned char *context) -+ unsigned char *context, int use_ipv4, int use_ipv6) - { - int sock; - char *name = NULL; - int accept_socket = 0; - int i; - -- if (!init_server(&accept_socket, port, type)) -+ if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6)) - return (0); - - if (ret != NULL) { -@@ -325,32 +353,45 @@ int do_server(int port, int type, int *r - } - } - --static int init_server_long(int *sock, int port, char *ip, int type) -+static int init_server_long(int *sock, int port, char *ip, int type, -+ int use_ipv4, int use_ipv6) - { - int ret = 0; -+ int domain; -+#if OPENSSL_USE_IPV6 -+ struct sockaddr_storage server; -+ struct sockaddr_in *server_in = (struct sockaddr_in *)&server; -+ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server; -+#else - struct sockaddr_in server; -+ struct sockaddr_in *server_in = &server; -+#endif -+ socklen_t addr_len; - int s = -1; - -+ if (!use_ipv4 && !use_ipv6) -+ goto err; -+#if OPENSSL_USE_IPV6 -+ /* -+ * we are fine here -+ */ -+#else -+ if (use_ipv6) -+ goto err; -+#endif - if (!ssl_sock_init()) - return (0); - -- memset((char *)&server, 0, sizeof(server)); -- server.sin_family = AF_INET; -- server.sin_port = htons((unsigned short)port); -- if (ip == NULL) -- server.sin_addr.s_addr = INADDR_ANY; -- else --/* Added for T3E, address-of fails on bit field (beck...@acl.lanl.gov) */ --# ifndef BIT_FIELD_LIMITS -- memcpy(&server.sin_addr.s_addr, ip, 4); -+#if OPENSSL_USE_IPV6 -+ domain = use_ipv6 ? AF_INET6 : AF_INET; - # else -- memcpy(&server.sin_addr, ip, 4); -+ domain = AF_INET; - # endif - - if (type == SOCK_STREAM) -- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); -+ s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL); - else /* type == SOCK_DGRAM */ -- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); -+ s = socket(domain, SOCK_DGRAM, IPPROTO_UDP); - - if (s == INVALID_SOCKET) - goto err; -@@ -360,7 +401,44 @@ static int init_server_long(int *sock, i - setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); - } - # endif -- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { -+#if OPENSSL_USE_IPV6 -+ if ((use_ipv4 == 0) && (use_ipv6 == 1)) { -+ const int on = 1; -+ -+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, -+ (const void *) &on, sizeof(int)); -+ } -+#endif -+ if (domain == AF_INET) { -+ addr_len = (socklen_t)sizeof(struct sockaddr_in); -+ memset(server_in, 0, sizeof(struct sockaddr_in)); -+ server_in->sin_family=AF_INET; -+ server_in->sin_port = htons((unsigned short)port); -+ if (ip == NULL) -+ server_in->sin_addr.s_addr = htonl(INADDR_ANY); -+ else -+/* -+ * Added for T3E, address-of fails on bit field (beck...@acl.lanl.gov) -+ */ -+#ifndef BIT_FIELD_LIMITS -+ memcpy(&server_in->sin_addr.s_addr, ip, 4); -+#else -+ memcpy(&server_in->sin_addr, ip, 4); -+#endif -+ } -+#if OPENSSL_USE_IPV6 -+ else { -+ addr_len = (socklen_t)sizeof(struct sockaddr_in6); -+ memset(server_in6, 0, sizeof(struct sockaddr_in6)); -+ server_in6->sin6_family = AF_INET6; -+ server_in6->sin6_port = htons((unsigned short)port); -+ if (ip == NULL) -+ server_in6->sin6_addr = in6addr_any; -+ else -+ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr)); -+ } -+#endif -+ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) { - # ifndef OPENSSL_SYS_WINDOWS - perror("bind"); - # endif -@@ -378,16 +456,24 @@ static int init_server_long(int *sock, i - return (ret); - } - --static int init_server(int *sock, int port, int type) -+static int init_server(int *sock, int port, int type, -+ int use_ipv4, int use_ipv6) - { -- return (init_server_long(sock, port, NULL, type)); -+ return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6)); - } - - static int do_accept(int acc_sock, int *sock, char **host) - { - int ret; - struct hostent *h1, *h2; -+#if OPENSSL_USE_IPV6 -+ struct sockaddr_storage from; -+ struct sockaddr_in *from_in = (struct sockaddr_in *)&from; -+ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from; -+#else - static struct sockaddr_in from; -+ struct sockaddr_in *from_in = &from; -+#endif - int len; - /* struct linger ling; */ - -@@ -437,14 +523,24 @@ static int do_accept(int acc_sock, int * - - if (host == NULL) - goto end; -+#if OPENSSL_USE_IPV6 -+ if (from.ss_family == AF_INET) -+#else -+ if (from.sin_family == AF_INET) -+#endif - # ifndef BIT_FIELD_LIMITS - /* I should use WSAAsyncGetHostByName() under windows */ -- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr, -- sizeof(from.sin_addr.s_addr), AF_INET); -+ h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr, -+ sizeof(from_in->sin_addr.s_addr), AF_INET); - # else -- h1 = gethostbyaddr((char *)&from.sin_addr, -+ h1 = gethostbyaddr((char *)&from_in->sin_addr, - sizeof(struct in_addr), AF_INET); - # endif -+#if OPENSSL_USE_IPV6 -+ else -+ h1 = gethostbyaddr((char *)&from_in6->sin6_addr, -+ sizeof(struct in6_addr), AF_INET6); -+#endif - if (h1 == NULL) { - BIO_printf(bio_err, "bad gethostbyaddr\n"); - *host = NULL; -@@ -457,14 +553,23 @@ static int do_accept(int acc_sock, int * - } - BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1); - -- h2 = GetHostByName(*host); -+#if OPENSSL_USE_IPV6 -+ h2 = GetHostByName(*host, from.ss_family); -+#else -+ h2 = GetHostByName(*host, from.sin_family); -+#endif -+ - if (h2 == NULL) { - BIO_printf(bio_err, "gethostbyname failure\n"); - closesocket(ret); - return (0); - } -- if (h2->h_addrtype != AF_INET) { -- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); -+#if OPENSSL_USE_IPV6 -+ if (h2->h_addrtype != from.ss_family) { -+#else -+ if (h2->h_addrtype != from.sin_family) { -+#endif -+ BIO_printf(bio_err, "gethostbyname addr address is not correct\n"); - closesocket(ret); - return (0); - } -@@ -480,14 +585,14 @@ int extract_host_port(char *str, char ** - char *h, *p; - - h = str; -- p = strchr(str, ':'); -+ p = strrchr(str, ':'); - if (p == NULL) { - BIO_printf(bio_err, "no port defined\n"); - return (0); - } - *(p++) = '\0'; - -- if ((ip != NULL) && !host_ip(str, ip)) -+ if ((ip != NULL) && !host_ip(str, ip, AF_INET)) - goto err; - if (host_ptr != NULL) - *host_ptr = h; -@@ -499,44 +604,54 @@ int extract_host_port(char *str, char ** - return (0); - } - --static int host_ip(char *str, unsigned char ip[4]) -+static int host_ip(char *str, unsigned char *ip, int domain) - { - unsigned int in[4]; -+ unsigned long l; - int i; - -- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == -- 4) { -+ if ((domain == AF_INET) && -+ (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == -+ 4)) { - for (i = 0; i < 4; i++) - if (in[i] > 255) { - BIO_printf(bio_err, "invalid IP address\n"); - goto err; - } -- ip[0] = in[0]; -- ip[1] = in[1]; -- ip[2] = in[2]; -- ip[3] = in[3]; -- } else { /* do a gethostbyname */ -+ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]); -+ memcpy(ip, &l, 4); -+ return 1; -+ } -+#if OPENSSL_USE_IPV6 -+ else if ((domain == AF_INET6) && -+ (inet_pton(AF_INET6, str, ip) == 1)) -+ return 1; -+#endif -+ else { /* do a gethostbyname */ - struct hostent *he; - - if (!ssl_sock_init()) - return (0); - -- he = GetHostByName(str); -+ he = GetHostByName(str, domain); - if (he == NULL) { - BIO_printf(bio_err, "gethostbyname failure\n"); - goto err; - } - /* cast to short because of win16 winsock definition */ -- if ((short)he->h_addrtype != AF_INET) { -- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); -+ if ((short)he->h_addrtype != domain) { -+ BIO_printf(bio_err, "gethostbyname addr family is not correct\n"); - return (0); - } -- ip[0] = he->h_addr_list[0][0]; -- ip[1] = he->h_addr_list[0][1]; -- ip[2] = he->h_addr_list[0][2]; -- ip[3] = he->h_addr_list[0][3]; -+ if (domain == AF_INET) -+ memset(ip, 0, 4); -+#if OPENSSL_USE_IPV6 -+ else -+ memset(ip, 0, 16); -+#endif -+ memcpy(ip, he->h_addr_list[0], he->h_length); -+ return 1; - } -- return (1); - err: - return (0); - } -@@ -570,7 +685,7 @@ static struct ghbn_cache_st { - static unsigned long ghbn_hits = 0L; - static unsigned long ghbn_miss = 0L; - --static struct hostent *GetHostByName(char *name) -+static struct hostent *GetHostByName(char *name, int domain) - { - struct hostent *ret; - int i, lowi = 0; -@@ -582,13 +697,19 @@ static struct hostent *GetHostByName(cha - lowi = i; - } - if (ghbn_cache[i].order > 0) { -- if (strncmp(name, ghbn_cache[i].name, 128) == 0) -+ if ((strncmp(name, ghbn_cache[i].name, 128) == 0) && -+ (ghbn_cache[i].ent.h_addrtype == domain)) - break; - } - } - if (i == GHBN_NUM) { /* no hit */ - ghbn_miss++; -- ret = gethostbyname(name); -+ if (domain == AF_INET) -+ ret = gethostbyname(name); -+#if OPENSSL_USE_IPV6 -+ else -+ ret=gethostbyname2(name, AF_INET6); -+#endif - if (ret == NULL) - return (NULL); - /* else add to cache */ diff --git a/dev-libs/openssl/files/openssl-1.0.1m-x32.patch b/dev-libs/openssl/files/openssl-1.0.1m-x32.patch deleted file mode 100644 index 48717a5..0000000 --- a/dev-libs/openssl/files/openssl-1.0.1m-x32.patch +++ /dev/null @@ -1,66 +0,0 @@ ---- openssl-1.0.1m/Configure -+++ openssl-1.0.1m/Configure -@@ -361,6 +361,7 @@ my %table=( - "linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-x32", "gcc:-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - #### So called "highgprs" target for z/Architecture CPUs - # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see ---- openssl-1.0.1m/crypto/bn/asm/x86_64-gcc.c -+++ openssl-1.0.1m/crypto/bn/asm/x86_64-gcc.c -@@ -55,7 +55,7 @@ - * machine. - */ - --# ifdef _WIN64 -+# if defined _WIN64 || !defined __LP64__ - # define BN_ULONG unsigned long long - # else - # define BN_ULONG unsigned long -@@ -211,9 +211,9 @@ BN_ULONG bn_add_words(BN_ULONG *rp, cons - - asm volatile (" subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " adcq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " adcq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n":"=&a" (ret), "+c"(n), -@@ -235,9 +235,9 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, cons - - asm volatile (" subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " sbbq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " sbbq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n":"=&a" (ret), "+c"(n), ---- openssl-1.0.1m/crypto/bn/bn.h -+++ openssl-1.0.1m/crypto/bn/bn.h -@@ -174,6 +174,16 @@ extern "C" { - # endif - - /* -+ * Address type. -+ */ -+#ifdef _WIN64 -+#define BN_ADDR unsigned long long -+#else -+#define BN_ADDR unsigned long -+#endif -+ -+ -+/* - * assuming long is 64bit - this is the DEC Alpha unsigned long long is only - * 64 bits :-(, don't define BN_LLONG for the DEC Alpha - */ diff --git a/dev-libs/openssl/files/openssl-1.0.1p-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.1p-parallel-build.patch deleted file mode 100644 index dfefd56..0000000 --- a/dev-libs/openssl/files/openssl-1.0.1p-parallel-build.patch +++ /dev/null @@ -1,359 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=2084 - ---- openssl-1.0.1p/crypto/Makefile -+++ openssl-1.0.1p/crypto/Makefile -@@ -85,11 +85,11 @@ - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - - subdirs: -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -- @target=files; $(RECURSIVE_MAKE) -+ +@target=files; $(RECURSIVE_MAKE) - - links: - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -100,7 +100,7 @@ - # lib: $(LIB): are splitted to avoid end-less loop - lib: $(LIB) - @touch lib --$(LIB): $(LIBOBJ) -+$(LIB): $(LIBOBJ) | subdirs - $(AR) $(LIB) $(LIBOBJ) - [ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o - $(RANLIB) $(LIB) || echo Never mind. -@@ -111,7 +111,7 @@ - fi - - libs: -- @target=lib; $(RECURSIVE_MAKE) -+ +@target=lib; $(RECURSIVE_MAKE) - - install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -120,7 +120,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - lint: - @target=lint; $(RECURSIVE_MAKE) ---- openssl-1.0.1p/crypto/objects/Makefile -+++ openssl-1.0.1p/crypto/objects/Makefile -@@ -44,11 +44,11 @@ - # objects.pl both reads and writes obj_mac.num - obj_mac.h: objects.pl objects.txt obj_mac.num - $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h -- @sleep 1; touch obj_mac.h; sleep 1 - --obj_xref.h: objxref.pl obj_xref.txt obj_mac.num -+# This doesn't really need obj_mac.h, but since that rule reads & writes -+# obj_mac.num, we can't run in parallel with it. -+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h - $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h -- @sleep 1; touch obj_xref.h; sleep 1 - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO ---- openssl-1.0.1p/engines/Makefile -+++ openssl-1.0.1p/engines/Makefile -@@ -72,7 +72,7 @@ - - all: lib subdirs - --lib: $(LIBOBJ) -+lib: $(LIBOBJ) | subdirs - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ - - subdirs: - echo $(EDIRS) -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -@@ -128,7 +128,7 @@ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - tags: - ctags $(SRC) ---- openssl-1.0.1p/Makefile.org -+++ openssl-1.0.1p/Makefile.org -@@ -273,17 +273,17 @@ - build_libs: build_crypto build_ssl build_engines - - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) - build_ssl: build_crypto -- @dir=ssl; target=all; $(BUILD_ONE_CMD) -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) - build_engines: build_crypto -- @dir=engines; target=all; $(BUILD_ONE_CMD) -+ +@dir=engines; target=all; $(BUILD_ONE_CMD) - build_apps: build_libs -- @dir=apps; target=all; $(BUILD_ONE_CMD) -+ +@dir=apps; target=all; $(BUILD_ONE_CMD) - build_tests: build_libs -- @dir=test; target=all; $(BUILD_ONE_CMD) -+ +@dir=test; target=all; $(BUILD_ONE_CMD) - build_tools: build_libs -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ +@dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -@@ -538,9 +538,9 @@ - dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) - --install: all install_docs install_sw -+install: install_docs install_sw - --install_sw: -+install_dirs: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -@@ -549,12 +549,19 @@ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private -+ @$(PERL) $(TOP)/util/mkdir-p.pl \ -+ $(INSTALL_PREFIX)$(MANDIR)/man1 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man3 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man5 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man7 -+ -+install_sw: install_dirs - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @set -e; target=install; $(RECURSIVE_BUILD_CMD) -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ -@@ -634,12 +641,7 @@ - done; \ - done - --install_docs: -- @$(PERL) $(TOP)/util/mkdir-p.pl \ -- $(INSTALL_PREFIX)$(MANDIR)/man1 \ -- $(INSTALL_PREFIX)$(MANDIR)/man3 \ -- $(INSTALL_PREFIX)$(MANDIR)/man5 \ -- $(INSTALL_PREFIX)$(MANDIR)/man7 -+install_docs: install_dirs - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ - here="`pwd`"; \ - filecase=; \ ---- openssl-1.0.1p/Makefile.shared -+++ openssl-1.0.1p/Makefile.shared -@@ -105,6 +105,7 @@ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -@@ -122,6 +123,7 @@ - done; \ - fi; \ - if [ -n "$$SHLIB_SOVER" ]; then \ -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ - fi; \ ---- openssl-1.0.1p/test/Makefile -+++ openssl-1.0.1p/test/Makefile -@@ -130,7 +130,7 @@ - tags: - ctags $(SRC) - --tests: exe apps $(TESTS) -+tests: exe $(TESTS) - - apps: - @(cd ..; $(MAKE) DIRS=apps all) -@@ -388,118 +388,118 @@ - link_app.$${shlib_target} - - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) -- @target=$(RSATEST); $(BUILD_CMD) -+ +@target=$(RSATEST); $(BUILD_CMD) - - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) -- @target=$(BNTEST); $(BUILD_CMD) -+ +@target=$(BNTEST); $(BUILD_CMD) - - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) -- @target=$(ECTEST); $(BUILD_CMD) -+ +@target=$(ECTEST); $(BUILD_CMD) - - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) -- @target=$(EXPTEST); $(BUILD_CMD) -+ +@target=$(EXPTEST); $(BUILD_CMD) - - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) -- @target=$(IDEATEST); $(BUILD_CMD) -+ +@target=$(IDEATEST); $(BUILD_CMD) - - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) -- @target=$(MD2TEST); $(BUILD_CMD) -+ +@target=$(MD2TEST); $(BUILD_CMD) - - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) -- @target=$(SHATEST); $(BUILD_CMD) -+ +@target=$(SHATEST); $(BUILD_CMD) - - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) -- @target=$(SHA1TEST); $(BUILD_CMD) -+ +@target=$(SHA1TEST); $(BUILD_CMD) - - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) -- @target=$(SHA256TEST); $(BUILD_CMD) -+ +@target=$(SHA256TEST); $(BUILD_CMD) - - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) -- @target=$(SHA512TEST); $(BUILD_CMD) -+ +@target=$(SHA512TEST); $(BUILD_CMD) - - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) -- @target=$(RMDTEST); $(BUILD_CMD) -+ +@target=$(RMDTEST); $(BUILD_CMD) - - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) -- @target=$(MDC2TEST); $(BUILD_CMD) -+ +@target=$(MDC2TEST); $(BUILD_CMD) - - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) -- @target=$(MD4TEST); $(BUILD_CMD) -+ +@target=$(MD4TEST); $(BUILD_CMD) - - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) -- @target=$(MD5TEST); $(BUILD_CMD) -+ +@target=$(MD5TEST); $(BUILD_CMD) - - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) -- @target=$(HMACTEST); $(BUILD_CMD) -+ +@target=$(HMACTEST); $(BUILD_CMD) - - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) -- @target=$(WPTEST); $(BUILD_CMD) -+ +@target=$(WPTEST); $(BUILD_CMD) - - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) -- @target=$(RC2TEST); $(BUILD_CMD) -+ +@target=$(RC2TEST); $(BUILD_CMD) - - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) -- @target=$(BFTEST); $(BUILD_CMD) -+ +@target=$(BFTEST); $(BUILD_CMD) - - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) -- @target=$(CASTTEST); $(BUILD_CMD) -+ +@target=$(CASTTEST); $(BUILD_CMD) - - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) -- @target=$(RC4TEST); $(BUILD_CMD) -+ +@target=$(RC4TEST); $(BUILD_CMD) - - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) -- @target=$(RC5TEST); $(BUILD_CMD) -+ +@target=$(RC5TEST); $(BUILD_CMD) - - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) -- @target=$(DESTEST); $(BUILD_CMD) -+ +@target=$(DESTEST); $(BUILD_CMD) - - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) -- @target=$(RANDTEST); $(BUILD_CMD) -+ +@target=$(RANDTEST); $(BUILD_CMD) - - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) -- @target=$(DHTEST); $(BUILD_CMD) -+ +@target=$(DHTEST); $(BUILD_CMD) - - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) -- @target=$(DSATEST); $(BUILD_CMD) -+ +@target=$(DSATEST); $(BUILD_CMD) - - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) -- @target=$(METHTEST); $(BUILD_CMD) -+ +@target=$(METHTEST); $(BUILD_CMD) - - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) -- @target=$(SSLTEST); $(FIPS_BUILD_CMD) -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) - - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) -- @target=$(ENGINETEST); $(BUILD_CMD) -+ +@target=$(ENGINETEST); $(BUILD_CMD) - - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) -- @target=$(EVPTEST); $(BUILD_CMD) -+ +@target=$(EVPTEST); $(BUILD_CMD) - - $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) -- @target=$(EVPEXTRATEST); $(BUILD_CMD) -+ +@target=$(EVPEXTRATEST); $(BUILD_CMD) - - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) -- @target=$(ECDSATEST); $(BUILD_CMD) -+ +@target=$(ECDSATEST); $(BUILD_CMD) - - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) -- @target=$(ECDHTEST); $(BUILD_CMD) -+ +@target=$(ECDHTEST); $(BUILD_CMD) - - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) -- @target=$(IGETEST); $(BUILD_CMD) -+ +@target=$(IGETEST); $(BUILD_CMD) - - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) -- @target=$(JPAKETEST); $(BUILD_CMD) -+ +@target=$(JPAKETEST); $(BUILD_CMD) - - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) -- @target=$(ASN1TEST); $(BUILD_CMD) -+ +@target=$(ASN1TEST); $(BUILD_CMD) - - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) -- @target=$(SRPTEST); $(BUILD_CMD) -+ +@target=$(SRPTEST); $(BUILD_CMD) - - $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) -- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) -+ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) - - $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o -- @target=$(CONSTTIMETEST) $(BUILD_CMD) -+ +@target=$(CONSTTIMETEST) $(BUILD_CMD) - - #$(AESTEST).o: $(AESTEST).c - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -512,7 +512,7 @@ - # fi - - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) -- @target=dummytest; $(BUILD_CMD) -+ +@target=dummytest; $(BUILD_CMD) - - # DO NOT DELETE THIS LINE -- make depend depends on it. - diff --git a/dev-libs/openssl/files/openssl-1.0.1r-x32.patch b/dev-libs/openssl/files/openssl-1.0.1r-x32.patch deleted file mode 100644 index 9e490fd..0000000 --- a/dev-libs/openssl/files/openssl-1.0.1r-x32.patch +++ /dev/null @@ -1,66 +0,0 @@ ---- openssl-1.0.1r/Configure -+++ openssl-1.0.1r/Configure -@@ -368,6 +368,7 @@ - "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - "linux-x86_64-clang","clang: -m64 -DL_ENDIAN -O3 -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-x32", "gcc:-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - #### So called "highgprs" target for z/Architecture CPUs - # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see ---- openssl-1.0.1r/crypto/bn/asm/x86_64-gcc.c -+++ openssl-1.0.1r/crypto/bn/asm/x86_64-gcc.c -@@ -55,7 +55,7 @@ - * machine. - */ - --# ifdef _WIN64 -+# ifdef _WIN64 || !defined __LP64__ - # define BN_ULONG unsigned long long - # else - # define BN_ULONG unsigned long -@@ -211,9 +211,9 @@ - - asm volatile (" subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " adcq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " adcq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n":"=&a" (ret), "+c"(n), -@@ -235,9 +235,9 @@ - - asm volatile (" subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " sbbq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " sbbq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n":"=&a" (ret), "+c"(n), ---- openssl-1.0.1r/crypto/bn/bn.h -+++ openssl-1.0.1r/crypto/bn/bn.h -@@ -174,6 +174,16 @@ - # endif - - /* -+ * Address type. -+ */ -+#ifdef _WIN64 -+#define BN_ADDR unsigned long long -+#else -+#define BN_ADDR unsigned long -+#endif -+ -+ -+/* - * assuming long is 64bit - this is the DEC Alpha unsigned long long is only - * 64 bits :-(, don't define BN_LLONG for the DEC Alpha - */ diff --git a/dev-libs/openssl/openssl-1.0.1p.ebuild b/dev-libs/openssl/openssl-1.0.1p.ebuild deleted file mode 100644 index 40a538f..0000000 --- a/dev-libs/openssl/openssl-1.0.1p.ebuild +++ /dev/null @@ -1,259 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI="4" - -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal - -REV="1.7" -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="http://www.openssl.org/"; -SRC_URI="mirror://openssl/source/${P}.tar.gz - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" - -# The blocks are temporary just to make sure people upgrade to a -# version that lack runtime version checking. We'll drop them in -# the future. -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20140406-r3 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - ) - !<net-misc/openssh-5.9_p1-r4 - !<net-libs/neon-0.29.6-r1" -DEPEND="${RDEPEND} - sys-apps/diffutils - >=dev-lang/perl-5 - test? ( sys-devel/bc )" -PDEPEND="app-misc/ca-certificates" - -src_unpack() { - unpack ${P}.tar.gz - SSL_CNF_DIR="/etc/ssl" - sed \ - -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \ - -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \ - "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \ - > "${WORKDIR}"/c_rehash || die #416717 -} - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch - epatch "${FILESDIR}"/${PN}-1.0.1p-parallel-build.patch - epatch "${FILESDIR}"/${PN}-1.0.1m-x32.patch - epatch "${FILESDIR}"/${PN}-1.0.1m-ipv6.patch - epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086 - epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338 - epatch_user #332661 - fi - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - # Disable it for now though #469976 - #if ! use bindist ; then - # echo "__uint128_t i;" > "${T}"/128.c - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - # fi - #fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake INSTALL_PREFIX="${D}" install -} - -multilib_src_install_all() { - dobin "${WORKDIR}"/c_rehash #333117 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* - use rfc3779 && dodoc engines/ccgost/README.gost - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? - - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} diff --git a/dev-libs/openssl/openssl-1.0.1r.ebuild b/dev-libs/openssl/openssl-1.0.1r.ebuild deleted file mode 100644 index 8d590fa..0000000 --- a/dev-libs/openssl/openssl-1.0.1r.ebuild +++ /dev/null @@ -1,256 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 - -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal - -REV="1.7" -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="http://www.openssl.org/"; -SRC_URI="mirror://openssl/source/${P}.tar.gz - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" - -# The blocks are temporary just to make sure people upgrade to a -# version that lack runtime version checking. We'll drop them in -# the future. -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20140406-r3 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - ) - !<net-misc/openssh-5.9_p1-r4 - !<net-libs/neon-0.29.6-r1" -DEPEND="${RDEPEND} - sys-apps/diffutils - >=dev-lang/perl-5 - test? ( sys-devel/bc )" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -src_prepare() { - SSL_CNF_DIR="/etc/ssl" - sed \ - -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \ - -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \ - "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \ - > "${WORKDIR}"/c_rehash || die #416717 - - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch - epatch "${FILESDIR}"/${PN}-1.0.1p-parallel-build.patch - epatch "${FILESDIR}"/${PN}-1.0.1r-x32.patch - epatch "${FILESDIR}"/${PN}-1.0.1m-ipv6.patch - epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086 - epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338 - epatch_user #332661 - fi - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - # Disable it for now though #469976 - #if ! use bindist ; then - # echo "__uint128_t i;" > "${T}"/128.c - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - # fi - #fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake INSTALL_PREFIX="${D}" install -} - -multilib_src_install_all() { - dobin "${WORKDIR}"/c_rehash #333117 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* - use rfc3779 && dodoc engines/ccgost/README.gost - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? - - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} diff --git a/dev-libs/openssl/openssl-1.0.2e.ebuild b/dev-libs/openssl/openssl-1.0.2e.ebuild deleted file mode 100644 index 444743d..0000000 --- a/dev-libs/openssl/openssl-1.0.2e.ebuild +++ /dev/null @@ -1,265 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI="4" - -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal - -MY_P=${P/_/-} -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="http://www.openssl.org/"; -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" - -# The blocks are temporary just to make sure people upgrade to a -# version that lack runtime version checking. We'll drop them in -# the future. -RDEPEND=">=app-misc/c_rehash-1.7-r1 - gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20140508 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - ) - !<net-misc/openssh-5.9_p1-r4 - !<net-libs/neon-0.29.6-r1" -DEPEND="${RDEPEND} - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - )" -PDEPEND="app-misc/ca-certificates" - -S="${WORKDIR}/${MY_P}" - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -src_prepare() { - # keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 - epatch "${FILESDIR}"/${PN}-1.0.2e-parallel-build.patch - epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch - epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch - epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028 - epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch - epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 - epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338 - - epatch_user #332661 - fi - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - append-cppflags -DOPENSSL_NO_BUF_FREELISTS - - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: Expired http://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - # Disable it for now though #469976 - #if ! use bindist ; then - # echo "__uint128_t i;" > "${T}"/128.c - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - # fi - #fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - enable-rc5 \ - enable-tlsext \ - $(use_ssl asm) \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl sctp) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake INSTALL_PREFIX="${D}" install -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* - use rfc3779 && dodoc engines/ccgost/README.gost - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? - - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -}
