diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2015-09-02 01:04:23 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2015-09-02 01:04:23 -0400 |
| commit | d93bba52f83fea4e6393988686e10fb2da64a64b (patch) | |
| tree | ccf9952870fc5d84a6b9a0a417d60b23549fec68 /dev-libs/openssl | |
| parent | net-libs/nghttp2: mark 1.0.5 arm64/ia64/m68k/s390/sh stable #558734 (diff) | |
| download | gentoo-d93bba52f83fea4e6393988686e10fb2da64a64b.tar.gz gentoo-d93bba52f83fea4e6393988686e10fb2da64a64b.tar.bz2 gentoo-d93bba52f83fea4e6393988686e10fb2da64a64b.zip | |
dev-libs/openssl: delete old
Diffstat (limited to 'dev-libs/openssl')
24 files changed, 0 insertions, 5444 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index 458ddc5751fc..d78f82af9e7c 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -1,13 +1,5 @@ -DIST openssl-0.9.8ze.tar.gz 3734873 SHA256 ee3da602826e975b47e4d7af8a27be8258c160876194898c58881eab814b55b8 SHA512 6ab08065ab2cdf6699e462e2a082e6d4c21f027383e12d4dd1d0dce2a4073ae52230494215b3fe24b8a8d73f5f5dd3a1fe53c66acd8db6e162e4bf3636e229c3 WHIRLPOOL 8a5de0aed7b48007b3b8092726c9c8eb6771c49d388baaff4d7ba3591be0b1856cb17842db5bc608994b38f5d87a8b07a441c874523e577b786a4612bba7789f -DIST openssl-0.9.8zf.tar.gz 3822386 SHA256 d5245a29128984192acc5b1fc01e37429b7a01c53cadcb2645e546718b300edb SHA512 8a68f024c31b7de25e19732ad556a27d69cface8e7a546ca4221873053a270e5e36336626f7fe857bbbec5427204bddbb5fc9dea8d7a187a8db6719d970431ab WHIRLPOOL 842e5bc71a12bf363fe797e95faf988ae949aa15f8faee935ee8861e4093e9d4e0b766b24dda8d415f29d2ee2821050cfc3ce095d265d59574e7fe0af4024c66 DIST openssl-0.9.8zg.tar.gz 3826891 SHA256 06500060639930e471050474f537fcd28ec934af92ee282d78b52460fbe8f580 SHA512 c757454de321d168ac6d89fe2859966a9f07a8b28305bf697af9018db13fc457e0883346b3d35977461ab058442375563554ecb2a8756a687ff9fc2fdd9103c9 WHIRLPOOL 55ecf50a264a2ddd9b5755b5d90b9b736d2f27e0ba2fd529ccff3b68bbd726d1f60460182a0d215ae6712dbc4d3ef2df11339fb2d8424e049f54c3e904fcfab0 -DIST openssl-1.0.0r.tar.gz 4095201 SHA256 6538b33a1b95681c86ac8c5cc54d22835f0f0a5bf42ee6df4138c672d7e75f17 SHA512 a65292a7b43f7d0637952476356a95908b5843ca17f717158dd4d2171113192f04c92f4f9133bb4750172f06367dae64733aa239b90c52d4d9323f467012428f WHIRLPOOL 71c7d726a3a5d70735d4b34c3e00c15fa2ef8640801f8a265e4e92cf01db4a517630084dd7632850f3df6f4dbd848a3a7ec908a71db996a45c29f1ac53ac7877 -DIST openssl-1.0.1l.tar.gz 4429979 SHA256 b2cf4d48fe5d49f240c61c9e624193a6f232b5ed0baf010681e725963c40d1d4 SHA512 27fe42f33815a3aafff75f2b9a5604c328fe5945c5cecaca74e5d2c2a1e066d64ddcc1fdb14b54fc7523cc730ab8a57d7d56b2879c289e86673f91fee0cca65e WHIRLPOOL 79f5698585c68ba647fcdfc4b342a43d06d69230658ca1bc265dd10d8da939c3e27b9a4125bd2adfbf50002b1dddef18be086dfc23a5050e69fb77350131909f -DIST openssl-1.0.1m.tar.gz 4533406 SHA256 095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74 SHA512 f37b60cb4449674d5c06a4056acc3d11f1c9773da6111148fa3fbf8d14362ba1ff5eb5e0c0e06c2b5c84543b2b974584617e393ca83de2230cbbe69b52975afc WHIRLPOOL c33cc05debc31d5044be4de58267e1a07281f28f9d68f4288d3da1c3cdfcff6939a47abe1f50b377272d0dbd9475ae5fec84919b0c53d37e0bd3d94c44f68c91 -DIST openssl-1.0.1n.tar.gz 4545564 SHA256 3581a405ccbe0fd1f6f17ea41773f77cdd51db55c01e1b4d8549e519882c6caf SHA512 439e37879e379b77ae0e912222771ac54c0dcc4ad187b8e2eb6771df6cf71d56c4369931f4e16b8922b9d4a22e8f0aa9802c6828b8406fba7481426eade628aa WHIRLPOOL 8c08fc98863c444db3c1fee6970d1866123b7a525f4fe303016c0cf040351f7cb71f49a00ac1f1948ae9b7edaf9a4e5664814415447c8a88d4c49fe9014411d5 -DIST openssl-1.0.1o.tar.gz 4546659 SHA256 16e678c6a05f2502811e075f2c4059ac01c878d091c9c585afc49ebc541f7b13 SHA512 dc05fc6f47239330ad0c36f27049f02752bb168b7b1234b12760e42a920d41dd47d1e652dfee897b4c99729308fbb59cab80b93c8614acf498215a8b80607fbf WHIRLPOOL af7505625730ea6e59517289fcc6044b24e0826b2538463f36e876ae96ca7d591627ca09386e6a69e8234df88fec11fb9e2a098c2f6996592a0f74cecbf4af30 DIST openssl-1.0.1p.tar.gz 4560208 SHA256 bd5ee6803165c0fb60bbecbacacf244f1f90d2aa0d71353af610c29121e9b2f1 SHA512 64e475c53a85b78de7c5aa71a22d4bb3a456142842373ebf8f22e9857cb0352b646e591b21af866933baecdbdb5ac4a22aeb64914440c53a0f30cd25914029e5 WHIRLPOOL 2a81f3b9274e3fef37a2a88e3084d8283159b3a61db08e7805879905c87a74faa85bc6e570d18525741bd5c27c34fe09eeb58b2bfe500545d0f304716e14f819 -DIST openssl-1.0.2.tar.gz 5265809 SHA256 8c48baf3babe0d505d16cfc0cf272589c66d3624264098213db0fb00034728e9 SHA512 dea46225a5445edc4986b02b99fbc90153819374b9a9bfdd892b60cd18ac7fefaf21a7e9d2bb05d0e3bfa4d2704e0ee24b06cc8e7081a542d7598cc9e73c67c5 WHIRLPOOL fe628a38125390deb75728b31427c308efbf65637a569fd1f139f6313fea533514ef05bf3d01bbdc793f77eb259400c95c53074a294d32d73576939d16f22e25 DIST openssl-1.0.2a.tar.gz 5262089 SHA256 15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a SHA512 02d228578824add52b73433d64697706e6503c2334933fe8dd6b477f59c430977012c3c34da207096229a425e1dcb6f3ae806043894b5ac98c27bbcddb794dd4 WHIRLPOOL a590c71794f5d29b80afa28b18621b7535e96b714b3690d793c1422a90b09a89cbcb912841d400c5982a8197bb02c13051190e96ba0e4d530509b48b43067cd7 DIST openssl-1.0.2b.tar.gz 5281009 SHA256 d5d488cc9f0a07974195a7427094ea3cab9800a4e90178b989aa621fbc238e3f SHA512 563eb662113668bb9ccf17a6e36697ad6392321ac1a32aa2cada9d8f4047651c2fa4da61f508ee3e1834fea343dbba189e09c1d6cabe5d1de5e3e6d022c31f4f WHIRLPOOL d828dc76842d25f02f211031b3ab9a2a8fd44975e9aaf87d0fd5fca9935a27b61c3e4f896a2186194f1a7b4d668fc48cafc5be9f7c670017ba342ce40113935f DIST openssl-1.0.2c.tar.gz 5280670 SHA256 0038ba37f35a6367c58f17a7a7f687953ef8ce4f9684bbdec63e62515ed36a83 SHA512 2a68e8b017d0d3e34e4f9d33b77abd960b3d04e418f106e852684a2ff247dc8ea390b7d6a42d130fd84d821a15e84e77b68b3677433433ef5c10d156333b9dae WHIRLPOOL c59878c3bd5e8904913b97d71a15ef1eaafcfb4eb58c691ba4fb38bf81752308d0ef4a902e53aec4c6e7585677f2404d29cdea0832d14206fabf28d744af2622 diff --git a/dev-libs/openssl/files/gentoo.config-1.0.0 b/dev-libs/openssl/files/gentoo.config-1.0.0 deleted file mode 100644 index 475bda37925a..000000000000 --- a/dev-libs/openssl/files/gentoo.config-1.0.0 +++ /dev/null @@ -1,159 +0,0 @@ -#!/usr/bin/env bash -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ -# -# Openssl doesn't play along nicely with cross-compiling -# like autotools based projects, so let's teach it new tricks. -# -# Review the bundled 'config' script to see why kind of targets -# we can pass to the 'Configure' script. - - -# Testing routines -if [[ $1 == "test" ]] ; then - for c in \ - "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \ - "armv5b-linux-gnu |linux-armv4 -DB_ENDIAN" \ - "x86_64-pc-linux-gnu |linux-x86_64" \ - "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \ - "i686-pc-linux-gnu |linux-elf" \ - "whatever-gentoo-freebsdX.Y |BSD-generic32" \ - "i686-gentoo-freebsdX.Y |BSD-x86-elf" \ - "sparc64-alpha-freebsdX.Y |BSD-sparc64" \ - "ia64-gentoo-freebsd5.99234 |BSD-ia64" \ - "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \ - "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \ - "powerpc-gentOO-linux-uclibc |linux-ppc" \ - "powerpc64-unk-linux-gnu |linux-ppc64" \ - "x86_64-apple-darwinX |darwin64-x86_64-cc" \ - "powerpc64-apple-darwinX |darwin64-ppc-cc" \ - "i686-apple-darwinX |darwin-i386-cc" \ - "i386-apple-darwinX |darwin-i386-cc" \ - "powerpc-apple-darwinX |darwin-ppc-cc" \ - "i586-pc-winnt |winnt-parity" \ - "s390-ibm-linux-gnu |linux-generic32 -DB_ENDIAN" \ - "s390x-linux-gnu |linux-s390x" \ - ;do - CHOST=${c/|*} - ret_want=${c/*|} - ret_got=$(CHOST=${CHOST} "$0") - - if [[ ${ret_want} == "${ret_got}" ]] ; then - echo "PASS: ${CHOST}" - else - echo "FAIL: ${CHOST}" - echo -e "\twanted: ${ret_want}" - echo -e "\twe got: ${ret_got}" - fi - done - exit 0 -fi -[[ -z ${CHOST} && -n $1 ]] && CHOST=$1 - - -# Detect the operating system -case ${CHOST} in - *-aix*) system="aix";; - *-darwin*) system="darwin";; - *-freebsd*) system="BSD";; - *-hpux*) system="hpux";; - *-linux*) system="linux";; - *-solaris*) system="solaris";; - *-winnt*) system="winnt";; - x86_64-*-mingw*) system="mingw64";; - *mingw*) system="mingw";; - *) exit 0;; -esac - - -# Compiler munging -compiler="gcc" -if [[ ${CC} == "ccc" ]] ; then - compiler=${CC} -fi - - -# Detect target arch -machine="" -chost_machine=${CHOST%%-*} -case ${system} in -linux) - case ${chost_machine}:${ABI} in - alphaev56*) machine=alpha+bwx-${compiler};; - alphaev[678]*)machine=alpha+bwx-${compiler};; - alpha*) machine=alpha-${compiler};; - armv[4-9]*b*) machine="armv4 -DB_ENDIAN";; - armv[4-9]*) machine="armv4 -DL_ENDIAN";; - arm*b*) machine="generic32 -DB_ENDIAN";; - arm*) machine="generic32 -DL_ENDIAN";; - avr*) machine="generic32 -DL_ENDIAN";; - bfin*) machine="generic32 -DL_ENDIAN";; - # hppa64*) machine=parisc64;; - hppa*) machine="generic32 -DB_ENDIAN";; - i[0-9]86*|\ - x86_64*:x86) machine=elf;; - ia64*) machine=ia64;; - m68*) machine="generic32 -DB_ENDIAN";; - mips*el*) machine="generic32 -DL_ENDIAN";; - mips*) machine="generic32 -DB_ENDIAN";; - powerpc64*) machine=ppc64;; - powerpc*) machine=ppc;; - # sh64*) machine=elf;; - sh*b*) machine="generic32 -DB_ENDIAN";; - sh*) machine="generic32 -DL_ENDIAN";; - sparc*v7*) machine="generic32 -DB_ENDIAN";; - sparc64*) machine=sparcv9;; - sparc*) machine=sparcv8;; - s390x*) machine=s390x;; - s390*) machine="generic32 -DB_ENDIAN";; - x86_64*:x32) machine=x32;; - x86_64*) machine=x86_64;; - esac - ;; -BSD) - case ${chost_machine} in - alpha*) machine=generic64;; - i[6-9]86*) machine=x86-elf;; - ia64*) machine=ia64;; - sparc64*) machine=sparc64;; - x86_64*) machine=x86_64;; - *) machine=generic32;; - esac - ;; -aix) - machine=${compiler} - ;; -darwin) - case ${chost_machine} in - powerpc64) machine=ppc-cc; system=${system}64;; - powerpc) machine=ppc-cc;; - i?86*) machine=i386-cc;; - x86_64) machine=x86_64-cc; system=${system}64;; - esac - ;; -hpux) - case ${chost_machine} in - ia64) machine=ia64-${compiler} ;; - esac - ;; -solaris) - case ${chost_machine} in - i386) machine=x86-${compiler} ;; - x86_64*) machine=x86_64-${compiler}; system=${system}64;; - sparcv9*) machine=sparcv9-${compiler}; system=${system}64;; - sparc*) machine=sparcv8-${compiler};; - esac - ;; -winnt) - machine=parity - ;; -mingw*) - # special case ... no xxx-yyy style name - echo ${system} - ;; -esac - - -# If we have something, show it -[[ -n ${machine} ]] && echo ${system}-${machine} diff --git a/dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch b/dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch deleted file mode 100644 index facb77d203a1..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch +++ /dev/null @@ -1,326 +0,0 @@ ---- openssl-0.9.8ze/crypto/asn1/a_type.c -+++ openssl-0.9.8ze/crypto/asn1/a_type.c -@@ -121,6 +121,9 @@ - case V_ASN1_OBJECT: - result = OBJ_cmp(a->value.object, b->value.object); - break; -+ case V_ASN1_BOOLEAN: -+ result = a->value.boolean - b->value.boolean; -+ break; - case V_ASN1_NULL: - result = 0; /* They do not have content. */ - break; ---- openssl-0.9.8ze/crypto/asn1/tasn_dec.c -+++ openssl-0.9.8ze/crypto/asn1/tasn_dec.c -@@ -128,11 +128,17 @@ - { - ASN1_TLC c; - ASN1_VALUE *ptmpval = NULL; -- if (!pval) -- pval = &ptmpval; - c.valid = 0; -- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) -- return *pval; -+ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) -+ ptmpval = *pval; -+ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { -+ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { -+ if (*pval) -+ ASN1_item_free(*pval, it); -+ *pval = ptmpval; -+ } -+ return ptmpval; -+ } - return NULL; - } - -@@ -309,9 +315,16 @@ - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) - goto auxerr; - -- /* Allocate structure */ -- if (!*pval && !ASN1_item_ex_new(pval, it)) -- { -+ if (*pval) { -+ /* Free up and zero CHOICE value if initialised */ -+ i = asn1_get_choice_selector(pval, it); -+ if ((i >= 0) && (i < it->tcount)) { -+ tt = it->templates + i; -+ pchptr = asn1_get_field_ptr(pval, tt); -+ ASN1_template_free(pchptr, tt); -+ asn1_set_choice_selector(pval, -1, it); -+ } -+ } else if (!ASN1_item_ex_new(pval, it)) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, - ERR_R_NESTED_ASN1_ERROR); - goto err; -@@ -405,6 +418,17 @@ - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) - goto auxerr; - -+ /* Free up and zero any ADB found */ -+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { -+ if (tt->flags & ASN1_TFLG_ADB_MASK) { -+ const ASN1_TEMPLATE *seqtt; -+ ASN1_VALUE **pseqval; -+ seqtt = asn1_do_adb(pval, tt, 1); -+ pseqval = asn1_get_field_ptr(pval, seqtt); -+ ASN1_template_free(pseqval, seqtt); -+ } -+ } -+ - /* Get each field entry */ - for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) - { ---- openssl-0.9.8ze/crypto/pkcs7/pk7_doit.c -+++ openssl-0.9.8ze/crypto/pkcs7/pk7_doit.c -@@ -151,6 +151,25 @@ - EVP_PKEY *pkey; - ASN1_OCTET_STRING *os=NULL; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER); -+ return NULL; -+ } -+ /* -+ * The content field in the PKCS7 ContentInfo is optional, but that really -+ * only applies to inner content (precisely, detached signatures). -+ * -+ * When reading content, missing outer content is therefore treated as an -+ * error. -+ * -+ * When creating content, PKCS7_content_new() must be called before -+ * calling this method, so a NULL p7->d is always an error. -+ */ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); -+ return NULL; -+ } -+ - i=OBJ_obj2nid(p7->type); - p7->state=PKCS7_S_HEADER; - -@@ -344,6 +363,16 @@ - STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; - PKCS7_RECIP_INFO *ri=NULL; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER); -+ return NULL; -+ } -+ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); -+ return NULL; -+ } -+ - i=OBJ_obj2nid(p7->type); - p7->state=PKCS7_S_HEADER; - -@@ -637,6 +666,16 @@ - STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; - ASN1_OCTET_STRING *os=NULL; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER); -+ return 0; -+ } -+ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT); -+ return 0; -+ } -+ - EVP_MD_CTX_init(&ctx_tmp); - i=OBJ_obj2nid(p7->type); - p7->state=PKCS7_S_HEADER; -@@ -668,6 +707,7 @@ - /* If detached data then the content is excluded */ - if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { - M_ASN1_OCTET_STRING_free(os); -+ os = NULL; - p7->d.sign->contents->d.data = NULL; - } - break; -@@ -678,6 +718,7 @@ - if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) - { - M_ASN1_OCTET_STRING_free(os); -+ os = NULL; - p7->d.digest->contents->d.data = NULL; - } - break; -@@ -815,6 +856,11 @@ - - if (!PKCS7_is_detached(p7)) - { -+ /* -+ * NOTE(emilia): I think we only reach os == NULL here because detached -+ */ -+ if (os == NULL) -+ goto err; - btmp=BIO_find_type(bio,BIO_TYPE_MEM); - if (btmp == NULL) - { -@@ -849,6 +895,16 @@ - STACK_OF(X509) *cert; - X509 *x509; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER); -+ return 0; -+ } -+ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT); -+ return 0; -+ } -+ - if (PKCS7_type_is_signed(p7)) - { - cert=p7->d.sign->cert; ---- openssl-0.9.8ze/crypto/pkcs7/pk7_lib.c -+++ openssl-0.9.8ze/crypto/pkcs7/pk7_lib.c -@@ -70,6 +70,7 @@ - - switch (cmd) - { -+ /* NOTE(emilia): does not support detached digested data. */ - case PKCS7_OP_SET_DETACHED_SIGNATURE: - if (nid == NID_pkcs7_signed) - { -@@ -473,6 +474,8 @@ - - STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) - { -+ if (p7 == NULL || p7->d.ptr == NULL) -+ return NULL; - if (PKCS7_type_is_signed(p7)) - { - return(p7->d.sign->signer_info); ---- openssl-0.9.8ze/doc/crypto/d2i_X509.pod -+++ openssl-0.9.8ze/doc/crypto/d2i_X509.pod -@@ -199,6 +199,12 @@ - persist if they are not present in the new one. As a result the use - of this "reuse" behaviour is strongly discouraged. - -+Current versions of OpenSSL will not modify B<*px> if an error occurs. -+If parsing succeeds then B<*px> is freed (if it is not NULL) and then -+set to the value of the newly decoded structure. As a result B<*px> -+B<must not> be allocated on the stack or an attempt will be made to -+free an invalid pointer. -+ - i2d_X509() will not return an error in many versions of OpenSSL, - if mandatory fields are not initialized due to a programming error - then the encoded structure may contain invalid data or omit the -@@ -210,7 +216,9 @@ - - d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure - or B<NULL> if an error occurs. The error code that can be obtained by --L<ERR_get_error(3)|ERR_get_error(3)>. -+L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used -+with a valid X509 structure being passed in via B<px> then the object is not -+modified in the event of error. - - i2d_X509() returns the number of bytes successfully encoded or a negative - value if an error occurs. The error code can be obtained by ---- openssl-0.9.8ze/ssl/s2_lib.c -+++ openssl-0.9.8ze/ssl/s2_lib.c -@@ -410,7 +410,7 @@ - - OPENSSL_assert(s->session->master_key_length >= 0 - && s->session->master_key_length -- < (int)sizeof(s->session->master_key)); -+ <= (int)sizeof(s->session->master_key)); - EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); - EVP_DigestUpdate(&ctx,&c,1); - c++; ---- openssl-0.9.8ze/ssl/s2_srvr.c -+++ openssl-0.9.8ze/ssl/s2_srvr.c -@@ -446,10 +446,6 @@ - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY); - return(-1); - } -- i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc, -- &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]), -- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); -- - is_export=SSL_C_IS_EXPORT(s->session->cipher); - - if (!ssl_cipher_get_evp(s->session,&c,&md,NULL)) -@@ -467,21 +463,59 @@ - else - ek=5; - -+ /* -+ * The format of the CLIENT-MASTER-KEY message is -+ * 1 byte message type -+ * 3 bytes cipher -+ * 2-byte clear key length (stored in s->s2->tmp.clear) -+ * 2-byte encrypted key length (stored in s->s2->tmp.enc) -+ * 2-byte key args length (IV etc) -+ * clear key -+ * encrypted key -+ * key args -+ * -+ * If the cipher is an export cipher, then the encrypted key bytes -+ * are a fixed portion of the total key (5 or 8 bytes). The size of -+ * this portion is in |ek|. If the cipher is not an export cipher, -+ * then the entire key material is encrypted (i.e., clear key length -+ * must be zero). -+ */ -+ if ((!is_export && s->s2->tmp.clear != 0) || -+ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) { -+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); -+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH); -+ return -1; -+ } -+ /* -+ * The encrypted blob must decrypt to the encrypted portion of the key. -+ * Decryption can't be expanding, so if we don't have enough encrypted -+ * bytes to fit the key in the buffer, stop now. -+ */ -+ if ((is_export && s->s2->tmp.enc < ek) || -+ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) { -+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); -+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT); -+ return -1; -+ } -+ -+ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc, -+ &(p[s->s2->tmp.clear]), -+ &(p[s->s2->tmp.clear]), -+ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : -+ RSA_PKCS1_PADDING); -+ - /* bad decrypt */ - #if 1 - /* If a bad decrypt, continue with protocol but with a - * random master secret (Bleichenbacher attack) */ -- if ((i < 0) || -- ((!is_export && (i != EVP_CIPHER_key_length(c))) -- || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i != -- (unsigned int)EVP_CIPHER_key_length(c)))))) -- { -+ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c)) -+ || (is_export && i != ek))) { - ERR_clear_error(); - if (is_export) - i=ek; - else - i=EVP_CIPHER_key_length(c); -- if (RAND_pseudo_bytes(p,i) <= 0) -+ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0) - return 0; - } - #else -@@ -505,7 +539,8 @@ - } - #endif - -- if (is_export) i+=s->s2->tmp.clear; -+ if (is_export) -+ i = EVP_CIPHER_key_length(c); - - if (i > SSL_MAX_MASTER_KEY_LENGTH) - { diff --git a/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch deleted file mode 100644 index e1a030f9ebf9..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch +++ /dev/null @@ -1,315 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=2084 - ---- a/Makefile.org -+++ b/Makefile.org -@@ -247,17 +247,17 @@ - build_libs: build_crypto build_ssl build_engines - - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) --build_ssl: -+build_ssl: build_crypto -- @dir=ssl; target=all; $(BUILD_ONE_CMD) -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) --build_engines: -+build_engines: build_crypto -- @dir=engines; target=all; $(BUILD_ONE_CMD) -+ +@dir=engines; target=all; $(BUILD_ONE_CMD) --build_apps: -+build_apps: build_libs -- @dir=apps; target=all; $(BUILD_ONE_CMD) -+ +@dir=apps; target=all; $(BUILD_ONE_CMD) --build_tests: -+build_tests: build_libs -- @dir=test; target=all; $(BUILD_ONE_CMD) -+ +@dir=test; target=all; $(BUILD_ONE_CMD) --build_tools: -+build_tools: build_libs -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ +@dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -@@ -497,9 +497,9 @@ - dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) - --install: all install_docs install_sw -+install: install_docs install_sw - --install_sw: -+install_dirs: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -@@ -508,6 +508,13 @@ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private -+ @$(PERL) $(TOP)/util/mkdir-p.pl \ -+ $(INSTALL_PREFIX)$(MANDIR)/man1 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man3 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man5 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man7 -+ -+install_sw: install_dirs - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ -@@ -511,7 +511,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @set -e; target=install; $(RECURSIVE_BUILD_CMD) -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; for i in $(LIBS) ;\ - do \ - if [ -f "$$i" ]; then \ -@@ -593,12 +600,7 @@ - done; \ - done - --install_docs: -- @$(PERL) $(TOP)/util/mkdir-p.pl \ -- $(INSTALL_PREFIX)$(MANDIR)/man1 \ -- $(INSTALL_PREFIX)$(MANDIR)/man3 \ -- $(INSTALL_PREFIX)$(MANDIR)/man5 \ -- $(INSTALL_PREFIX)$(MANDIR)/man7 -+install_docs: install_dirs - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ - here="`pwd`"; \ - filecase=; \ ---- a/crypto/Makefile -+++ b/crypto/Makefile -@@ -85,11 +85,11 @@ - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - - subdirs: -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -- @target=files; $(RECURSIVE_MAKE) -+ +@target=files; $(RECURSIVE_MAKE) - - links: - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -100,7 +100,7 @@ - # lib: $(LIB): are splitted to avoid end-less loop - lib: $(LIB) - @touch lib --$(LIB): $(LIBOBJ) -+$(LIB): $(LIBOBJ) | subdirs - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - -@@ -110,7 +110,7 @@ - fi - - libs: -- @target=lib; $(RECURSIVE_MAKE) -+ +@target=lib; $(RECURSIVE_MAKE) - - install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -119,7 +119,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - lint: - @target=lint; $(RECURSIVE_MAKE) ---- a/engines/Makefile -+++ b/engines/Makefile -@@ -72,7 +72,7 @@ - - all: lib subdirs - --lib: $(LIBOBJ) -+lib: $(LIBOBJ) | subdirs - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ - - subdirs: - echo $(EDIRS) -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -@@ -128,7 +128,7 @@ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - tags: - ctags $(SRC) ---- a/test/Makefile -+++ b/test/Makefile -@@ -123,7 +123,7 @@ - tags: - ctags $(SRC) - --tests: exe apps $(TESTS) -+tests: exe $(TESTS) - - apps: - @(cd ..; $(MAKE) DIRS=apps all) -@@ -345,106 +345,106 @@ - link_app.$${shlib_target} - - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) -- @target=$(RSATEST); $(BUILD_CMD) -+ +@target=$(RSATEST); $(BUILD_CMD) - - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) -- @target=$(BNTEST); $(BUILD_CMD) -+ +@target=$(BNTEST); $(BUILD_CMD) - - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) -- @target=$(ECTEST); $(BUILD_CMD) -+ +@target=$(ECTEST); $(BUILD_CMD) - - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) -- @target=$(EXPTEST); $(BUILD_CMD) -+ +@target=$(EXPTEST); $(BUILD_CMD) - - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) -- @target=$(IDEATEST); $(BUILD_CMD) -+ +@target=$(IDEATEST); $(BUILD_CMD) - - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) -- @target=$(MD2TEST); $(BUILD_CMD) -+ +@target=$(MD2TEST); $(BUILD_CMD) - - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) -- @target=$(SHATEST); $(BUILD_CMD) -+ +@target=$(SHATEST); $(BUILD_CMD) - - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) -- @target=$(SHA1TEST); $(BUILD_CMD) -+ +@target=$(SHA1TEST); $(BUILD_CMD) - - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) -- @target=$(SHA256TEST); $(BUILD_CMD) -+ +@target=$(SHA256TEST); $(BUILD_CMD) - - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) -- @target=$(SHA512TEST); $(BUILD_CMD) -+ +@target=$(SHA512TEST); $(BUILD_CMD) - - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) -- @target=$(RMDTEST); $(BUILD_CMD) -+ +@target=$(RMDTEST); $(BUILD_CMD) - - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) -- @target=$(MDC2TEST); $(BUILD_CMD) -+ +@target=$(MDC2TEST); $(BUILD_CMD) - - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) -- @target=$(MD4TEST); $(BUILD_CMD) -+ +@target=$(MD4TEST); $(BUILD_CMD) - - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) -- @target=$(MD5TEST); $(BUILD_CMD) -+ +@target=$(MD5TEST); $(BUILD_CMD) - - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) -- @target=$(HMACTEST); $(BUILD_CMD) -+ +@target=$(HMACTEST); $(BUILD_CMD) - - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) -- @target=$(WPTEST); $(BUILD_CMD) -+ +@target=$(WPTEST); $(BUILD_CMD) - - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) -- @target=$(RC2TEST); $(BUILD_CMD) -+ +@target=$(RC2TEST); $(BUILD_CMD) - - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) -- @target=$(BFTEST); $(BUILD_CMD) -+ +@target=$(BFTEST); $(BUILD_CMD) - - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) -- @target=$(CASTTEST); $(BUILD_CMD) -+ +@target=$(CASTTEST); $(BUILD_CMD) - - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) -- @target=$(RC4TEST); $(BUILD_CMD) -+ +@target=$(RC4TEST); $(BUILD_CMD) - - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) -- @target=$(RC5TEST); $(BUILD_CMD) -+ +@target=$(RC5TEST); $(BUILD_CMD) - - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) -- @target=$(DESTEST); $(BUILD_CMD) -+ +@target=$(DESTEST); $(BUILD_CMD) - - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) -- @target=$(RANDTEST); $(BUILD_CMD) -+ +@target=$(RANDTEST); $(BUILD_CMD) - - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) -- @target=$(DHTEST); $(BUILD_CMD) -+ +@target=$(DHTEST); $(BUILD_CMD) - - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) -- @target=$(DSATEST); $(BUILD_CMD) -+ +@target=$(DSATEST); $(BUILD_CMD) - - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) -- @target=$(METHTEST); $(BUILD_CMD) -+ +@target=$(METHTEST); $(BUILD_CMD) - - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) -- @target=$(SSLTEST); $(BUILD_CMD) -+ +@target=$(SSLTEST); $(BUILD_CMD) - - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) -- @target=$(ENGINETEST); $(BUILD_CMD) -+ +@target=$(ENGINETEST); $(BUILD_CMD) - - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) -- @target=$(EVPTEST); $(BUILD_CMD) -+ +@target=$(EVPTEST); $(BUILD_CMD) - - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) -- @target=$(ECDSATEST); $(BUILD_CMD) -+ +@target=$(ECDSATEST); $(BUILD_CMD) - - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) -- @target=$(ECDHTEST); $(BUILD_CMD) -+ +@target=$(ECDHTEST); $(BUILD_CMD) - - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) -- @target=$(IGETEST); $(BUILD_CMD) -+ +@target=$(IGETEST); $(BUILD_CMD) - - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) -- @target=$(JPAKETEST); $(BUILD_CMD) -+ +@target=$(JPAKETEST); $(BUILD_CMD) - - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) -- @target=$(ASN1TEST); $(BUILD_CMD) -+ +@target=$(ASN1TEST); $(BUILD_CMD) - - #$(AESTEST).o: $(AESTEST).c - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -457,7 +457,7 @@ - # fi - - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) -- @target=dummytest; $(BUILD_CMD) -+ +@target=dummytest; $(BUILD_CMD) - - # DO NOT DELETE THIS LINE -- make depend depends on it. - diff --git a/dev-libs/openssl/files/openssl-1.0.0r-x32.patch b/dev-libs/openssl/files/openssl-1.0.0r-x32.patch deleted file mode 100644 index 2d715eb5af0e..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.0r-x32.patch +++ /dev/null @@ -1,76 +0,0 @@ ---- openssl-1.0.0r/Configure -+++ openssl-1.0.0r/Configure -@@ -353,6 +353,7 @@ my %table=( - "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-x32", "gcc:-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - #### SPARC Linux setups - # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently ---- openssl-1.0.0r/crypto/bn/asm/x86_64-gcc.c -+++ openssl-1.0.0r/crypto/bn/asm/x86_64-gcc.c -@@ -55,7 +55,7 @@ - * machine. - */ - --# ifdef _WIN64 -+# if defined _WIN64 || !defined __LP64__ - # define BN_ULONG unsigned long long - # else - # define BN_ULONG unsigned long -@@ -211,9 +211,9 @@ BN_ULONG bn_add_words(BN_ULONG *rp, cons - - asm volatile (" subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " adcq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " adcq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n":"=&a" (ret), "+c"(n), -@@ -235,9 +235,9 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, cons - - asm volatile (" subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " sbbq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " sbbq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n":"=&a" (ret), "+c"(n), ---- openssl-1.0.0r/crypto/bn/bn_exp.c -+++ openssl-1.0.0r/crypto/bn/bn_exp.c -@@ -564,7 +564,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU - * multiple. - */ - #define MOD_EXP_CTIME_ALIGN(x_) \ -- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) -+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) - - /* - * This variant of BN_mod_exp_mont() uses fixed windows and the special ---- openssl-1.0.0r/crypto/bn/bn.h -+++ openssl-1.0.0r/crypto/bn/bn.h -@@ -174,6 +174,15 @@ extern "C" { - # endif - - /* -+ * Address type. -+ */ -+#ifdef _WIN64 -+#define BN_ADDR unsigned long long -+#else -+#define BN_ADDR unsigned long -+#endif -+ -+/* - * assuming long is 64bit - this is the DEC Alpha unsigned long long is only - * 64 bits :-(, don't define BN_LLONG for the DEC Alpha - */ diff --git a/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch deleted file mode 100644 index 19f859abb210..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch +++ /dev/null @@ -1,354 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=2084 - ---- a/Makefile.org -+++ b/Makefile.org -@@ -247,17 +247,17 @@ - build_libs: build_crypto build_ssl build_engines - - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) --build_ssl: -+build_ssl: build_crypto -- @dir=ssl; target=all; $(BUILD_ONE_CMD) -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) --build_engines: -+build_engines: build_crypto -- @dir=engines; target=all; $(BUILD_ONE_CMD) -+ +@dir=engines; target=all; $(BUILD_ONE_CMD) --build_apps: -+build_apps: build_libs -- @dir=apps; target=all; $(BUILD_ONE_CMD) -+ +@dir=apps; target=all; $(BUILD_ONE_CMD) --build_tests: -+build_tests: build_libs -- @dir=test; target=all; $(BUILD_ONE_CMD) -+ +@dir=test; target=all; $(BUILD_ONE_CMD) --build_tools: -+build_tools: build_libs -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ +@dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -@@ -497,9 +497,9 @@ - dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) - --install: all install_docs install_sw -+install: install_docs install_sw - --install_sw: -+install_dirs: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -@@ -508,6 +508,13 @@ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private -+ @$(PERL) $(TOP)/util/mkdir-p.pl \ -+ $(INSTALL_PREFIX)$(MANDIR)/man1 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man3 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man5 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man7 -+ -+install_sw: install_dirs - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ -@@ -511,7 +511,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @set -e; target=install; $(RECURSIVE_BUILD_CMD) -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ -@@ -593,12 +600,7 @@ - done; \ - done - --install_docs: -- @$(PERL) $(TOP)/util/mkdir-p.pl \ -- $(INSTALL_PREFIX)$(MANDIR)/man1 \ -- $(INSTALL_PREFIX)$(MANDIR)/man3 \ -- $(INSTALL_PREFIX)$(MANDIR)/man5 \ -- $(INSTALL_PREFIX)$(MANDIR)/man7 -+install_docs: install_dirs - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ - here="`pwd`"; \ - filecase=; \ ---- a/Makefile.shared -+++ b/Makefile.shared -@@ -105,6 +105,7 @@ LINK_SO= \ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -@@ -122,6 +124,7 @@ SYMLINK_SO= \ - done; \ - fi; \ - if [ -n "$$SHLIB_SOVER" ]; then \ -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ - fi; \ ---- a/crypto/Makefile -+++ b/crypto/Makefile -@@ -85,11 +85,11 @@ - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - - subdirs: -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -- @target=files; $(RECURSIVE_MAKE) -+ +@target=files; $(RECURSIVE_MAKE) - - links: - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -100,7 +100,7 @@ - # lib: $(LIB): are splitted to avoid end-less loop - lib: $(LIB) - @touch lib --$(LIB): $(LIBOBJ) -+$(LIB): $(LIBOBJ) | subdirs - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - -@@ -110,7 +110,7 @@ - fi - - libs: -- @target=lib; $(RECURSIVE_MAKE) -+ +@target=lib; $(RECURSIVE_MAKE) - - install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -119,7 +119,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - lint: - @target=lint; $(RECURSIVE_MAKE) ---- a/engines/Makefile -+++ b/engines/Makefile -@@ -72,7 +72,7 @@ - - all: lib subdirs - --lib: $(LIBOBJ) -+lib: $(LIBOBJ) | subdirs - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ - - subdirs: - echo $(EDIRS) -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -@@ -128,7 +128,7 @@ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - tags: - ctags $(SRC) ---- a/test/Makefile -+++ b/test/Makefile -@@ -123,7 +123,7 @@ - tags: - ctags $(SRC) - --tests: exe apps $(TESTS) -+tests: exe $(TESTS) - - apps: - @(cd ..; $(MAKE) DIRS=apps all) -@@ -365,109 +365,109 @@ - link_app.$${shlib_target} - - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) -- @target=$(RSATEST); $(BUILD_CMD) -+ +@target=$(RSATEST); $(BUILD_CMD) - - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) -- @target=$(BNTEST); $(BUILD_CMD) -+ +@target=$(BNTEST); $(BUILD_CMD) - - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) -- @target=$(ECTEST); $(BUILD_CMD) -+ +@target=$(ECTEST); $(BUILD_CMD) - - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) -- @target=$(EXPTEST); $(BUILD_CMD) -+ +@target=$(EXPTEST); $(BUILD_CMD) - - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) -- @target=$(IDEATEST); $(BUILD_CMD) -+ +@target=$(IDEATEST); $(BUILD_CMD) - - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) -- @target=$(MD2TEST); $(BUILD_CMD) -+ +@target=$(MD2TEST); $(BUILD_CMD) - - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) -- @target=$(SHATEST); $(BUILD_CMD) -+ +@target=$(SHATEST); $(BUILD_CMD) - - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) -- @target=$(SHA1TEST); $(BUILD_CMD) -+ +@target=$(SHA1TEST); $(BUILD_CMD) - - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) -- @target=$(SHA256TEST); $(BUILD_CMD) -+ +@target=$(SHA256TEST); $(BUILD_CMD) - - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) -- @target=$(SHA512TEST); $(BUILD_CMD) -+ +@target=$(SHA512TEST); $(BUILD_CMD) - - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) -- @target=$(RMDTEST); $(BUILD_CMD) -+ +@target=$(RMDTEST); $(BUILD_CMD) - - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) -- @target=$(MDC2TEST); $(BUILD_CMD) -+ +@target=$(MDC2TEST); $(BUILD_CMD) - - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) -- @target=$(MD4TEST); $(BUILD_CMD) -+ +@target=$(MD4TEST); $(BUILD_CMD) - - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) -- @target=$(MD5TEST); $(BUILD_CMD) -+ +@target=$(MD5TEST); $(BUILD_CMD) - - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) -- @target=$(HMACTEST); $(BUILD_CMD) -+ +@target=$(HMACTEST); $(BUILD_CMD) - - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) -- @target=$(WPTEST); $(BUILD_CMD) -+ +@target=$(WPTEST); $(BUILD_CMD) - - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) -- @target=$(RC2TEST); $(BUILD_CMD) -+ +@target=$(RC2TEST); $(BUILD_CMD) - - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) -- @target=$(BFTEST); $(BUILD_CMD) -+ +@target=$(BFTEST); $(BUILD_CMD) - - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) -- @target=$(CASTTEST); $(BUILD_CMD) -+ +@target=$(CASTTEST); $(BUILD_CMD) - - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) -- @target=$(RC4TEST); $(BUILD_CMD) -+ +@target=$(RC4TEST); $(BUILD_CMD) - - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) -- @target=$(RC5TEST); $(BUILD_CMD) -+ +@target=$(RC5TEST); $(BUILD_CMD) - - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) -- @target=$(DESTEST); $(BUILD_CMD) -+ +@target=$(DESTEST); $(BUILD_CMD) - - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) -- @target=$(RANDTEST); $(BUILD_CMD) -+ +@target=$(RANDTEST); $(BUILD_CMD) - - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) -- @target=$(DHTEST); $(BUILD_CMD) -+ +@target=$(DHTEST); $(BUILD_CMD) - - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) -- @target=$(DSATEST); $(BUILD_CMD) -+ +@target=$(DSATEST); $(BUILD_CMD) - - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) -- @target=$(METHTEST); $(BUILD_CMD) -+ +@target=$(METHTEST); $(BUILD_CMD) - - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) -- @target=$(SSLTEST); $(FIPS_BUILD_CMD) -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) - - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) -- @target=$(ENGINETEST); $(BUILD_CMD) -+ +@target=$(ENGINETEST); $(BUILD_CMD) - - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) -- @target=$(EVPTEST); $(BUILD_CMD) -+ +@target=$(EVPTEST); $(BUILD_CMD) - - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) -- @target=$(ECDSATEST); $(BUILD_CMD) -+ +@target=$(ECDSATEST); $(BUILD_CMD) - - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) -- @target=$(ECDHTEST); $(BUILD_CMD) -+ +@target=$(ECDHTEST); $(BUILD_CMD) - - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) -- @target=$(IGETEST); $(BUILD_CMD) -+ +@target=$(IGETEST); $(BUILD_CMD) - - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) -- @target=$(JPAKETEST); $(BUILD_CMD) -+ +@target=$(JPAKETEST); $(BUILD_CMD) - - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) -- @target=$(ASN1TEST); $(BUILD_CMD) -+ +@target=$(ASN1TEST); $(BUILD_CMD) - - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) -- @target=$(SRPTEST); $(BUILD_CMD) -+ +@target=$(SRPTEST); $(BUILD_CMD) - - #$(AESTEST).o: $(AESTEST).c - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -480,7 +480,7 @@ - # fi - - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) -- @target=dummytest; $(BUILD_CMD) -+ +@target=dummytest; $(BUILD_CMD) - - # DO NOT DELETE THIS LINE -- make depend depends on it. - ---- a/crypto/objects/Makefile -+++ b/crypto/objects/Makefile -@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h - # objects.pl both reads and writes obj_mac.num - obj_mac.h: objects.pl objects.txt obj_mac.num - $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h -- @sleep 1; touch obj_mac.h; sleep 1 - --obj_xref.h: objxref.pl obj_xref.txt obj_mac.num -+# This doesn't really need obj_mac.h, but since that rule reads & writes -+# obj_mac.num, we can't run in parallel with it. -+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h - $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h -- @sleep 1; touch obj_xref.h; sleep 1 - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/dev-libs/openssl/files/openssl-1.0.1-x32.patch b/dev-libs/openssl/files/openssl-1.0.1-x32.patch deleted file mode 100644 index 5106cb6e82a3..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.1-x32.patch +++ /dev/null @@ -1,79 +0,0 @@ -http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=51bfed2e26fc13a66e8b5710aa2ce1d7a04af721 - -UpstreamStatus: Pending - -Received from H J Liu @ Intel -Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors. -Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13 - -ported the patch to the 1.0.0e version -Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01 -Index: openssl-1.0.0e/Configure -=================================================================== ---- openssl-1.0.0e.orig/Configure -+++ openssl-1.0.0e/Configure -@@ -393,6 +393,7 @@ my %table=( - "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-x32", "gcc:-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "dist", "cc:-O::(unknown)::::::", - - # Basic configs that should work on any (32 and less bit) box -Index: openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c -=================================================================== ---- openssl-1.0.0e.orig/crypto/bn/asm/x86_64-gcc.c -+++ openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c -@@ -55,7 +55,7 @@ - * machine. - */ - --#ifdef _WIN64 -+#if defined _WIN64 || !defined __LP64__ - #define BN_ULONG unsigned long long - #else - #define BN_ULONG unsigned long -@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con - asm ( - " subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " adcq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " adcq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n" -@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con - asm ( - " subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " sbbq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " sbbq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n" -Index: openssl-1.0.0e/crypto/bn/bn.h -=================================================================== ---- openssl-1.0.0e.orig/crypto/bn/bn.h -+++ openssl-1.0.0e/crypto/bn/bn.h -@@ -172,6 +172,13 @@ extern "C" { - # endif - #endif - -+/* Address type. */ -+#ifdef _WIN64 -+#define BN_ADDR unsigned long long -+#else -+#define BN_ADDR unsigned long -+#endif -+ - /* assuming long is 64bit - this is the DEC Alpha - * unsigned long long is only 64 bits :-(, don't define - * BN_LLONG for the DEC Alpha */ diff --git a/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch b/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch deleted file mode 100644 index 03e4f59989cb..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch +++ /dev/null @@ -1,18 +0,0 @@ -https://bugs.gentoo.org/472584 -http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest - -fix verification handling in s_client. when loading paths, make sure -we properly fallback to setting the default paths. - ---- a/apps/s_client.c -+++ b/apps/s_client.c -@@ -899,7 +899,7 @@ - if (!set_cert_key_stuff(ctx,cert,key)) - goto end; - -- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || -+ if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) && - (!SSL_CTX_set_default_verify_paths(ctx))) - { - /* BIO_printf(bio_err,"error setting default verify locations\n"); */ - diff --git a/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch deleted file mode 100644 index 10c1ba222f1c..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch +++ /dev/null @@ -1,642 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest - -Forward ported from openssl-1.0.1e-ipv6.patch - -Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> - ---- openssl-1.0.1h/apps/s_apps.h -+++ openssl-1.0.1h/apps/s_apps.h -@@ -148,7 +148,7 @@ - #define PORT_STR "4433" - #define PROTOCOL "tcp" - --int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); -+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6); - #ifdef HEADER_X509_H - int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); - #endif -@@ -156,7 +156,7 @@ - int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); - int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); - #endif --int init_client(int *sock, char *server, int port, int type); -+int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6); - int should_retry(int i); - int extract_port(char *str, short *port_ptr); - int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); ---- openssl-1.0.1h/apps/s_client.c -+++ openssl-1.0.1h/apps/s_client.c -@@ -285,6 +285,10 @@ - { - BIO_printf(bio_err,"usage: s_client args\n"); - BIO_printf(bio_err,"\n"); -+ BIO_printf(bio_err," -4 - use IPv4 only\n"); -+#if OPENSSL_USE_IPV6 -+ BIO_printf(bio_err," -6 - use IPv6 only\n"); -+#endif - BIO_printf(bio_err," -host host - use -connect instead\n"); - BIO_printf(bio_err," -port port - use -connect instead\n"); - BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); -@@ -568,6 +572,7 @@ - int sbuf_len,sbuf_off; - fd_set readfds,writefds; - short port=PORT; -+ int use_ipv4, use_ipv6; - int full_log=1; - char *host=SSL_HOST_NAME; - char *cert_file=NULL,*key_file=NULL; -@@ -613,7 +618,11 @@ - #endif - char *sess_in = NULL; - char *sess_out = NULL; -- struct sockaddr peer; -+#if OPENSSL_USE_IPV6 -+ struct sockaddr_storage peer; -+#else -+ struct sockaddr_in peer; -+#endif - int peerlen = sizeof(peer); - int enable_timeouts = 0 ; - long socket_mtu = 0; -@@ -628,6 +637,12 @@ - - meth=SSLv23_client_method(); - -+ use_ipv4 = 1; -+#if OPENSSL_USE_IPV6 -+ use_ipv6 = 1; -+#else -+ use_ipv6 = 0; -+#endif - apps_startup(); - c_Pause=0; - c_quiet=0; -@@ -949,6 +964,18 @@ - jpake_secret = *++argv; - } - #endif -+ else if (strcmp(*argv,"-4") == 0) -+ { -+ use_ipv4 = 1; -+ use_ipv6 = 0; -+ } -+#if OPENSSL_USE_IPV6 -+ else if (strcmp(*argv,"-6") == 0) -+ { -+ use_ipv4 = 0; -+ use_ipv6 = 1; -+ } -+#endif - #ifndef OPENSSL_NO_SRTP - else if (strcmp(*argv,"-use_srtp") == 0) - { -@@ -1260,7 +1287,7 @@ - - re_start: - -- if (init_client(&s,host,port,socket_type) == 0) -+ if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0) - { - BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); - SHUTDOWN(s); -@@ -1286,7 +1313,7 @@ - { - - sbio=BIO_new_dgram(s,BIO_NOCLOSE); -- if (getsockname(s, &peer, (void *)&peerlen) < 0) -+ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) - { - BIO_printf(bio_err, "getsockname:errno=%d\n", - get_last_socket_error()); ---- openssl-1.0.1h/apps/s_server.c -+++ openssl-1.0.1h/apps/s_server.c -@@ -560,6 +560,10 @@ - BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); - # endif - #endif -+ BIO_printf(bio_err," -4 - use IPv4 only\n"); -+#if OPENSSL_USE_IPV6 -+ BIO_printf(bio_err," -6 - use IPv6 only\n"); -+#endif - BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); - BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); - } -@@ -947,6 +951,7 @@ - int state=0; - const SSL_METHOD *meth=NULL; - int socket_type=SOCK_STREAM; -+ int use_ipv4, use_ipv6; - ENGINE *e=NULL; - char *inrand=NULL; - int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; -@@ -975,6 +980,12 @@ - #endif - meth=SSLv23_server_method(); - -+ use_ipv4 = 1; -+#if OPENSSL_USE_IPV6 -+ use_ipv6 = 1; -+#else -+ use_ipv6 = 0; -+#endif - local_argc=argc; - local_argv=argv; - -@@ -1323,6 +1334,18 @@ - jpake_secret = *(++argv); - } - #endif -+ else if (strcmp(*argv,"-4") == 0) -+ { -+ use_ipv4 = 1; -+ use_ipv6 = 0; -+ } -+#if OPENSSL_USE_IPV6 -+ else if (strcmp(*argv,"-6") == 0) -+ { -+ use_ipv4 = 0; -+ use_ipv6 = 1; -+ } -+#endif - #ifndef OPENSSL_NO_SRTP - else if (strcmp(*argv,"-use_srtp") == 0) - { -@@ -1881,9 +1904,9 @@ - BIO_printf(bio_s_out,"ACCEPT\n"); - (void)BIO_flush(bio_s_out); - if (www) -- do_server(port,socket_type,&accept_socket,www_body, context); -+ do_server(port,socket_type,&accept_socket,www_body, context, use_ipv4, use_ipv6); - else -- do_server(port,socket_type,&accept_socket,sv_body, context); -+ do_server(port,socket_type,&accept_socket,sv_body, context, use_ipv4, use_ipv6); - print_stats(bio_s_out,ctx); - ret=0; - end: ---- openssl-1.0.1h/apps/s_socket.c -+++ openssl-1.0.1h/apps/s_socket.c -@@ -97,16 +97,16 @@ - #include "netdb.h" - #endif - --static struct hostent *GetHostByName(char *name); -+static struct hostent *GetHostByName(char *name, int domain); - #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) - static void ssl_sock_cleanup(void); - #endif - static int ssl_sock_init(void); --static int init_client_ip(int *sock,unsigned char ip[4], int port, int type); --static int init_server(int *sock, int port, int type); --static int init_server_long(int *sock, int port,char *ip, int type); -+static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain); -+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6); -+static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6); - static int do_accept(int acc_sock, int *sock, char **host); --static int host_ip(char *str, unsigned char ip[4]); -+static int host_ip(char *str, unsigned char *ip, int domain); - - #ifdef OPENSSL_SYS_WIN16 - #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ -@@ -234,38 +234,68 @@ - return(1); - } - --int init_client(int *sock, char *host, int port, int type) -+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6) - { -+#if OPENSSL_USE_IPV6 -+ unsigned char ip[16]; -+#else - unsigned char ip[4]; -+#endif - -- memset(ip, '\0', sizeof ip); -- if (!host_ip(host,&(ip[0]))) -- return 0; -- return init_client_ip(sock,ip,port,type); -- } -- --static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) -- { -- unsigned long addr; -+ if (use_ipv4) -+ if (host_ip(host,ip,AF_INET)) -+ return(init_client_ip(sock,ip,port,type,AF_INET)); -+#if OPENSSL_USE_IPV6 -+ if (use_ipv6) -+ if (host_ip(host,ip,AF_INET6)) -+ return(init_client_ip(sock,ip,port,type,AF_INET6)); -+#endif -+ return 0; -+ } -+ -+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain) -+ { -+#if OPENSSL_USE_IPV6 -+ struct sockaddr_storage them; -+ struct sockaddr_in *them_in = (struct sockaddr_in *)&them; -+ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them; -+#else - struct sockaddr_in them; -+ struct sockaddr_in *them_in = &them; -+#endif -+ socklen_t addr_len; - int s,i; - - if (!ssl_sock_init()) return(0); - - memset((char *)&them,0,sizeof(them)); -- them.sin_family=AF_INET; -- them.sin_port=htons((unsigned short)port); -- addr=(unsigned long) -- ((unsigned long)ip[0]<<24L)| -- ((unsigned long)ip[1]<<16L)| -- ((unsigned long)ip[2]<< 8L)| -- ((unsigned long)ip[3]); -- them.sin_addr.s_addr=htonl(addr); -+ if (domain == AF_INET) -+ { -+ addr_len = (socklen_t)sizeof(struct sockaddr_in); -+ them_in->sin_family=AF_INET; -+ them_in->sin_port=htons((unsigned short)port); -+#ifndef BIT_FIELD_LIMITS -+ memcpy(&them_in->sin_addr.s_addr, ip, 4); -+#else -+ memcpy(&them_in->sin_addr, ip, 4); -+#endif -+ } -+ else -+#if OPENSSL_USE_IPV6 -+ { -+ addr_len = (socklen_t)sizeof(struct sockaddr_in6); -+ them_in6->sin6_family=AF_INET6; -+ them_in6->sin6_port=htons((unsigned short)port); -+ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr)); -+ } -+#else -+ return(0); -+#endif - - if (type == SOCK_STREAM) -- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); -+ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL); - else /* ( type == SOCK_DGRAM) */ -- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP); -+ s=socket(domain,SOCK_DGRAM,IPPROTO_UDP); - - if (s == INVALID_SOCKET) { perror("socket"); return(0); } - -@@ -277,29 +307,27 @@ - if (i < 0) { closesocket(s); perror("keepalive"); return(0); } - } - #endif -- -- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) -+ if (connect(s,(struct sockaddr *)&them,addr_len) == -1) - { closesocket(s); perror("connect"); return(0); } - *sock=s; - return(1); - } - --int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) -+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6) - { - int sock; - char *name = NULL; - int accept_socket = 0; - int i; - -- if (!init_server(&accept_socket,port,type)) return(0); -- -+ if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0); - if (ret != NULL) - { - *ret=accept_socket; - /* return(1);*/ - } -- for (;;) -- { -+ for (;;) -+ { - if (type==SOCK_STREAM) - { - if (do_accept(accept_socket,&sock,&name) == 0) -@@ -322,41 +350,88 @@ - } - } - --static int init_server_long(int *sock, int port, char *ip, int type) -+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6) - { - int ret=0; -+ int domain; -+#if OPENSSL_USE_IPV6 -+ struct sockaddr_storage server; -+ struct sockaddr_in *server_in = (struct sockaddr_in *)&server; -+ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server; -+#else - struct sockaddr_in server; -+ struct sockaddr_in *server_in = &server; -+#endif -+ socklen_t addr_len; - int s= -1; - -+ if (!use_ipv4 && !use_ipv6) -+ goto err; -+#if OPENSSL_USE_IPV6 -+ /* we are fine here */ -+#else -+ if (use_ipv6) -+ goto err; -+#endif - if (!ssl_sock_init()) return(0); - -- memset((char *)&server,0,sizeof(server)); -- server.sin_family=AF_INET; -- server.sin_port=htons((unsigned short)port); -- if (ip == NULL) -- server.sin_addr.s_addr=INADDR_ANY; -- else --/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ --#ifndef BIT_FIELD_LIMITS -- memcpy(&server.sin_addr.s_addr,ip,4); -+#if OPENSSL_USE_IPV6 -+ domain = use_ipv6 ? AF_INET6 : AF_INET; - #else -- memcpy(&server.sin_addr,ip,4); -+ domain = AF_INET; - #endif -- -- if (type == SOCK_STREAM) -- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); -- else /* type == SOCK_DGRAM */ -- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); -+ if (type == SOCK_STREAM) -+ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL); -+ else /* type == SOCK_DGRAM */ -+ s=socket(domain, SOCK_DGRAM,IPPROTO_UDP); - - if (s == INVALID_SOCKET) goto err; - #if defined SOL_SOCKET && defined SO_REUSEADDR -+ { -+ int j = 1; -+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, -+ (void *) &j, sizeof j); -+ } -+#endif -+#if OPENSSL_USE_IPV6 -+ if ((use_ipv4 == 0) && (use_ipv6 == 1)) -+ { -+ const int on = 1; -+ -+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, -+ (const void *) &on, sizeof(int)); -+ } -+#endif -+ if (domain == AF_INET) -+ { -+ addr_len = (socklen_t)sizeof(struct sockaddr_in); -+ memset(server_in, 0, sizeof(struct sockaddr_in)); -+ server_in->sin_family=AF_INET; -+ server_in->sin_port = htons((unsigned short)port); -+ if (ip == NULL) -+ server_in->sin_addr.s_addr = htonl(INADDR_ANY); -+ else -+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ -+#ifndef BIT_FIELD_LIMITS -+ memcpy(&server_in->sin_addr.s_addr, ip, 4); -+#else -+ memcpy(&server_in->sin_addr, ip, 4); -+#endif -+ } -+#if OPENSSL_USE_IPV6 -+ else - { -- int j = 1; -- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, -- (void *) &j, sizeof j); -+ addr_len = (socklen_t)sizeof(struct sockaddr_in6); -+ memset(server_in6, 0, sizeof(struct sockaddr_in6)); -+ server_in6->sin6_family = AF_INET6; -+ server_in6->sin6_port = htons((unsigned short)port); -+ if (ip == NULL) -+ server_in6->sin6_addr = in6addr_any; -+ else -+ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr)); - } - #endif -- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) -+ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) - { - #ifndef OPENSSL_SYS_WINDOWS - perror("bind"); -@@ -375,16 +450,23 @@ - return(ret); - } - --static int init_server(int *sock, int port, int type) -+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6) - { -- return(init_server_long(sock, port, NULL, type)); -+ return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6)); - } - - static int do_accept(int acc_sock, int *sock, char **host) - { - int ret; - struct hostent *h1,*h2; -- static struct sockaddr_in from; -+#if OPENSSL_USE_IPV6 -+ struct sockaddr_storage from; -+ struct sockaddr_in *from_in = (struct sockaddr_in *)&from; -+ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from; -+#else -+ struct sockaddr_in from; -+ struct sockaddr_in *from_in = &from; -+#endif - int len; - /* struct linger ling; */ - -@@ -431,13 +513,23 @@ - */ - - if (host == NULL) goto end; -+#if OPENSSL_USE_IPV6 -+ if (from.ss_family == AF_INET) -+#else -+ if (from.sin_family == AF_INET) -+#endif - #ifndef BIT_FIELD_LIMITS -- /* I should use WSAAsyncGetHostByName() under windows */ -- h1=gethostbyaddr((char *)&from.sin_addr.s_addr, -- sizeof(from.sin_addr.s_addr),AF_INET); -+ /* I should use WSAAsyncGetHostByName() under windows */ -+ h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr, -+ sizeof(from_in->sin_addr.s_addr), AF_INET); - #else -- h1=gethostbyaddr((char *)&from.sin_addr, -- sizeof(struct in_addr),AF_INET); -+ h1=gethostbyaddr((char *)&from_in->sin_addr, -+ sizeof(struct in_addr), AF_INET); -+#endif -+#if OPENSSL_USE_IPV6 -+ else -+ h1=gethostbyaddr((char *)&from_in6->sin6_addr, -+ sizeof(struct in6_addr), AF_INET6); - #endif - if (h1 == NULL) - { -@@ -455,16 +547,25 @@ - } - BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); - -- h2=GetHostByName(*host); -+#if OPENSSL_USE_IPV6 -+ h2=GetHostByName(*host, from.ss_family); -+#else -+ h2=GetHostByName(*host, from.sin_family); -+#endif -+ - if (h2 == NULL) - { - BIO_printf(bio_err,"gethostbyname failure\n"); - closesocket(ret); - return(0); - } -- if (h2->h_addrtype != AF_INET) -+#if OPENSSL_USE_IPV6 -+ if (h2->h_addrtype != from.ss_family) -+#else -+ if (h2->h_addrtype != from.sin_family) -+#endif - { -- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); -+ BIO_printf(bio_err,"gethostbyname addr address is not correct\n"); - closesocket(ret); - return(0); - } -@@ -480,7 +581,7 @@ - char *h,*p; - - h=str; -- p=strchr(str,':'); -+ p=strrchr(str,':'); - if (p == NULL) - { - BIO_printf(bio_err,"no port defined\n"); -@@ -488,7 +589,7 @@ - } - *(p++)='\0'; - -- if ((ip != NULL) && !host_ip(str,ip)) -+ if ((ip != NULL) && !host_ip(str,ip,AF_INET)) - goto err; - if (host_ptr != NULL) *host_ptr=h; - -@@ -499,48 +600,58 @@ - return(0); - } - --static int host_ip(char *str, unsigned char ip[4]) -+static int host_ip(char *str, unsigned char *ip, int domain) - { -- unsigned int in[4]; -+ unsigned int in[4]; -+ unsigned long l; - int i; - -- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4) -+ if ((domain == AF_INET) && -+ (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)) - { -+ - for (i=0; i<4; i++) - if (in[i] > 255) - { - BIO_printf(bio_err,"invalid IP address\n"); - goto err; - } -- ip[0]=in[0]; -- ip[1]=in[1]; -- ip[2]=in[2]; -- ip[3]=in[3]; -- } -+ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]); -+ memcpy(ip, &l, 4); -+ return 1; -+ } -+#if OPENSSL_USE_IPV6 -+ else if ((domain == AF_INET6) && -+ (inet_pton(AF_INET6, str, ip) == 1)) -+ return 1; -+#endif - else - { /* do a gethostbyname */ - struct hostent *he; - - if (!ssl_sock_init()) return(0); - -- he=GetHostByName(str); -+ he=GetHostByName(str,domain); - if (he == NULL) - { - BIO_printf(bio_err,"gethostbyname failure\n"); - goto err; - } - /* cast to short because of win16 winsock definition */ -- if ((short)he->h_addrtype != AF_INET) -+ if ((short)he->h_addrtype != domain) - { -- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); -+ BIO_printf(bio_err,"gethostbyname addr family is not correct\n"); - return(0); - } -- ip[0]=he->h_addr_list[0][0]; -- ip[1]=he->h_addr_list[0][1]; -- ip[2]=he->h_addr_list[0][2]; -- ip[3]=he->h_addr_list[0][3]; -+ if (domain == AF_INET) -+ memset(ip, 0, 4); -+#if OPENSSL_USE_IPV6 -+ else -+ memset(ip, 0, 16); -+#endif -+ memcpy(ip, he->h_addr_list[0], he->h_length); -+ return 1; - } -- return(1); - err: - return(0); - } -@@ -577,7 +688,7 @@ - static unsigned long ghbn_hits=0L; - static unsigned long ghbn_miss=0L; - --static struct hostent *GetHostByName(char *name) -+static struct hostent *GetHostByName(char *name, int domain) - { - struct hostent *ret; - int i,lowi=0; -@@ -592,14 +703,20 @@ - } - if (ghbn_cache[i].order > 0) - { -- if (strncmp(name,ghbn_cache[i].name,128) == 0) -+ if ((strncmp(name,ghbn_cache[i].name,128) == 0) && -+ (ghbn_cache[i].ent.h_addrtype == domain)) - break; - } - } - if (i == GHBN_NUM) /* no hit*/ - { - ghbn_miss++; -- ret=gethostbyname(name); -+ if (domain == AF_INET) -+ ret=gethostbyname(name); -+#if OPENSSL_USE_IPV6 -+ else -+ ret=gethostbyname2(name, AF_INET6); -+#endif - if (ret == NULL) return(NULL); - /* else add to cache */ - if(strlen(name) < sizeof ghbn_cache[0].name) diff --git a/dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch b/dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch deleted file mode 100644 index 811f573a1107..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch +++ /dev/null @@ -1,356 +0,0 @@ ---- openssl-1.0.1l/crypto/asn1/a_type.c -+++ openssl-1.0.1l/crypto/asn1/a_type.c -@@ -124,6 +124,9 @@ - case V_ASN1_OBJECT: - result = OBJ_cmp(a->value.object, b->value.object); - break; -+ case V_ASN1_BOOLEAN: -+ result = a->value.boolean - b->value.boolean; -+ break; - case V_ASN1_NULL: - result = 0; /* They do not have content. */ - break; ---- openssl-1.0.1l/crypto/asn1/tasn_dec.c -+++ openssl-1.0.1l/crypto/asn1/tasn_dec.c -@@ -130,11 +130,17 @@ - { - ASN1_TLC c; - ASN1_VALUE *ptmpval = NULL; -- if (!pval) -- pval = &ptmpval; - asn1_tlc_clear_nc(&c); -- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) -- return *pval; -+ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) -+ ptmpval = *pval; -+ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { -+ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { -+ if (*pval) -+ ASN1_item_free(*pval, it); -+ *pval = ptmpval; -+ } -+ return ptmpval; -+ } - return NULL; - } - -@@ -311,9 +317,16 @@ - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) - goto auxerr; - -- /* Allocate structure */ -- if (!*pval && !ASN1_item_ex_new(pval, it)) -- { -+ if (*pval) { -+ /* Free up and zero CHOICE value if initialised */ -+ i = asn1_get_choice_selector(pval, it); -+ if ((i >= 0) && (i < it->tcount)) { -+ tt = it->templates + i; -+ pchptr = asn1_get_field_ptr(pval, tt); -+ ASN1_template_free(pchptr, tt); -+ asn1_set_choice_selector(pval, -1, it); -+ } -+ } else if (!ASN1_item_ex_new(pval, it)) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, - ERR_R_NESTED_ASN1_ERROR); - goto err; -@@ -407,6 +420,17 @@ - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) - goto auxerr; - -+ /* Free up and zero any ADB found */ -+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { -+ if (tt->flags & ASN1_TFLG_ADB_MASK) { -+ const ASN1_TEMPLATE *seqtt; -+ ASN1_VALUE **pseqval; -+ seqtt = asn1_do_adb(pval, tt, 1); -+ pseqval = asn1_get_field_ptr(pval, seqtt); -+ ASN1_template_free(pseqval, seqtt); -+ } -+ } -+ - /* Get each field entry */ - for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) - { ---- openssl-1.0.1l/crypto/pkcs7/pk7_doit.c -+++ openssl-1.0.1l/crypto/pkcs7/pk7_doit.c -@@ -272,6 +272,25 @@ - PKCS7_RECIP_INFO *ri=NULL; - ASN1_OCTET_STRING *os=NULL; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER); -+ return NULL; -+ } -+ /* -+ * The content field in the PKCS7 ContentInfo is optional, but that really -+ * only applies to inner content (precisely, detached signatures). -+ * -+ * When reading content, missing outer content is therefore treated as an -+ * error. -+ * -+ * When creating content, PKCS7_content_new() must be called before -+ * calling this method, so a NULL p7->d is always an error. -+ */ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); -+ return NULL; -+ } -+ - i=OBJ_obj2nid(p7->type); - p7->state=PKCS7_S_HEADER; - -@@ -433,6 +452,16 @@ - unsigned char *ek = NULL, *tkey = NULL; - int eklen = 0, tkeylen = 0; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER); -+ return NULL; -+ } -+ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); -+ return NULL; -+ } -+ - i=OBJ_obj2nid(p7->type); - p7->state=PKCS7_S_HEADER; - -@@ -752,6 +781,16 @@ - STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; - ASN1_OCTET_STRING *os=NULL; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER); -+ return 0; -+ } -+ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT); -+ return 0; -+ } -+ - EVP_MD_CTX_init(&ctx_tmp); - i=OBJ_obj2nid(p7->type); - p7->state=PKCS7_S_HEADER; -@@ -796,6 +835,7 @@ - /* If detached data then the content is excluded */ - if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { - M_ASN1_OCTET_STRING_free(os); -+ os = NULL; - p7->d.sign->contents->d.data = NULL; - } - break; -@@ -806,6 +846,7 @@ - if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) - { - M_ASN1_OCTET_STRING_free(os); -+ os = NULL; - p7->d.digest->contents->d.data = NULL; - } - break; -@@ -878,24 +919,31 @@ - M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); - } - -- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) -- { -+ if (!PKCS7_is_detached(p7)) { -+ /* -+ * NOTE(emilia): I think we only reach os == NULL here because detached -+ * digested data support is broken. -+ */ -+ if (os == NULL) -+ goto err; -+ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) { - char *cont; - long contlen; -- btmp=BIO_find_type(bio,BIO_TYPE_MEM); -- if (btmp == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); -- goto err; -- } -+ btmp = BIO_find_type(bio, BIO_TYPE_MEM); -+ if (btmp == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); -+ goto err; -+ } - contlen = BIO_get_mem_data(btmp, &cont); -- /* Mark the BIO read only then we can use its copy of the data -+ /* -+ * Mark the BIO read only then we can use its copy of the data - * instead of making an extra copy. - */ - BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); - BIO_set_mem_eof_return(btmp, 0); - ASN1_STRING_set0(os, (unsigned char *)cont, contlen); -- } -+ } -+ } - ret=1; - err: - EVP_MD_CTX_cleanup(&ctx_tmp); -@@ -971,6 +1019,16 @@ - STACK_OF(X509) *cert; - X509 *x509; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER); -+ return 0; -+ } -+ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT); -+ return 0; -+ } -+ - if (PKCS7_type_is_signed(p7)) - { - cert=p7->d.sign->cert; ---- openssl-1.0.1l/crypto/pkcs7/pk7_lib.c -+++ openssl-1.0.1l/crypto/pkcs7/pk7_lib.c -@@ -71,6 +71,7 @@ - - switch (cmd) - { -+ /* NOTE(emilia): does not support detached digested data. */ - case PKCS7_OP_SET_DETACHED_SIGNATURE: - if (nid == NID_pkcs7_signed) - { -@@ -459,6 +460,8 @@ - - STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) - { -+ if (p7 == NULL || p7->d.ptr == NULL) -+ return NULL; - if (PKCS7_type_is_signed(p7)) - { - return(p7->d.sign->signer_info); ---- openssl-1.0.1l/doc/crypto/d2i_X509.pod -+++ openssl-1.0.1l/doc/crypto/d2i_X509.pod -@@ -199,6 +199,12 @@ - persist if they are not present in the new one. As a result the use - of this "reuse" behaviour is strongly discouraged. - -+Current versions of OpenSSL will not modify B<*px> if an error occurs. -+If parsing succeeds then B<*px> is freed (if it is not NULL) and then -+set to the value of the newly decoded structure. As a result B<*px> -+B<must not> be allocated on the stack or an attempt will be made to -+free an invalid pointer. -+ - i2d_X509() will not return an error in many versions of OpenSSL, - if mandatory fields are not initialized due to a programming error - then the encoded structure may contain invalid data or omit the -@@ -210,7 +216,9 @@ - - d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure - or B<NULL> if an error occurs. The error code that can be obtained by --L<ERR_get_error(3)|ERR_get_error(3)>. -+L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used -+with a valid X509 structure being passed in via B<px> then the object is not -+modified in the event of error. - - i2d_X509() returns the number of bytes successfully encoded or a negative - value if an error occurs. The error code can be obtained by ---- openssl-1.0.1l/ssl/s2_lib.c -+++ openssl-1.0.1l/ssl/s2_lib.c -@@ -488,7 +488,7 @@ - - OPENSSL_assert(s->session->master_key_length >= 0 - && s->session->master_key_length -- < (int)sizeof(s->session->master_key)); -+ <= (int)sizeof(s->session->master_key)); - EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); - EVP_DigestUpdate(&ctx,&c,1); - c++; ---- openssl-1.0.1l/ssl/s2_srvr.c -+++ openssl-1.0.1l/ssl/s2_srvr.c -@@ -454,10 +454,6 @@ - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY); - return(-1); - } -- i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc, -- &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]), -- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); -- - is_export=SSL_C_IS_EXPORT(s->session->cipher); - - if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL)) -@@ -475,21 +471,59 @@ - else - ek=5; - -+ /* -+ * The format of the CLIENT-MASTER-KEY message is -+ * 1 byte message type -+ * 3 bytes cipher -+ * 2-byte clear key length (stored in s->s2->tmp.clear) -+ * 2-byte encrypted key length (stored in s->s2->tmp.enc) -+ * 2-byte key args length (IV etc) -+ * clear key -+ * encrypted key -+ * key args -+ * -+ * If the cipher is an export cipher, then the encrypted key bytes -+ * are a fixed portion of the total key (5 or 8 bytes). The size of -+ * this portion is in |ek|. If the cipher is not an export cipher, -+ * then the entire key material is encrypted (i.e., clear key length -+ * must be zero). -+ */ -+ if ((!is_export && s->s2->tmp.clear != 0) || -+ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) { -+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); -+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH); -+ return -1; -+ } -+ /* -+ * The encrypted blob must decrypt to the encrypted portion of the key. -+ * Decryption can't be expanding, so if we don't have enough encrypted -+ * bytes to fit the key in the buffer, stop now. -+ */ -+ if ((is_export && s->s2->tmp.enc < ek) || -+ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) { -+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); -+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT); -+ return -1; -+ } -+ -+ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc, -+ &(p[s->s2->tmp.clear]), -+ &(p[s->s2->tmp.clear]), -+ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : -+ RSA_PKCS1_PADDING); -+ - /* bad decrypt */ - #if 1 - /* If a bad decrypt, continue with protocol but with a - * random master secret (Bleichenbacher attack) */ -- if ((i < 0) || -- ((!is_export && (i != EVP_CIPHER_key_length(c))) -- || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i != -- (unsigned int)EVP_CIPHER_key_length(c)))))) -- { -+ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c)) -+ || (is_export && i != ek))) { - ERR_clear_error(); - if (is_export) - i=ek; - else - i=EVP_CIPHER_key_length(c); -- if (RAND_pseudo_bytes(p,i) <= 0) -+ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0) - return 0; - } - #else -@@ -513,7 +547,8 @@ - } - #endif - -- if (is_export) i+=s->s2->tmp.clear; -+ if (is_export) -+ i = EVP_CIPHER_key_length(c); - - if (i > SSL_MAX_MASTER_KEY_LENGTH) - { diff --git a/dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch deleted file mode 100644 index db92b79f6ae8..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch +++ /dev/null @@ -1,364 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=2084 - ---- openssl-1.0.1m/crypto/Makefile -+++ openssl-1.0.1m/crypto/Makefile -@@ -85,11 +85,11 @@ - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - - subdirs: -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -- @target=files; $(RECURSIVE_MAKE) -+ +@target=files; $(RECURSIVE_MAKE) - - links: - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -100,7 +100,7 @@ - # lib: $(LIB): are splitted to avoid end-less loop - lib: $(LIB) - @touch lib --$(LIB): $(LIBOBJ) -+$(LIB): $(LIBOBJ) | subdirs - $(AR) $(LIB) $(LIBOBJ) - [ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o - $(RANLIB) $(LIB) || echo Never mind. -@@ -111,7 +111,7 @@ - fi - - libs: -- @target=lib; $(RECURSIVE_MAKE) -+ +@target=lib; $(RECURSIVE_MAKE) - - install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -120,7 +120,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - lint: - @target=lint; $(RECURSIVE_MAKE) ---- openssl-1.0.1m/crypto/objects/Makefile -+++ openssl-1.0.1m/crypto/objects/Makefile -@@ -44,11 +44,11 @@ - # objects.pl both reads and writes obj_mac.num - obj_mac.h: objects.pl objects.txt obj_mac.num - $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h -- @sleep 1; touch obj_mac.h; sleep 1 - --obj_xref.h: objxref.pl obj_xref.txt obj_mac.num -+# This doesn't really need obj_mac.h, but since that rule reads & writes -+# obj_mac.num, we can't run in parallel with it. -+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h - $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h -- @sleep 1; touch obj_xref.h; sleep 1 - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO ---- openssl-1.0.1m/engines/Makefile -+++ openssl-1.0.1m/engines/Makefile -@@ -72,7 +72,7 @@ - - all: lib subdirs - --lib: $(LIBOBJ) -+lib: $(LIBOBJ) | subdirs - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ - - subdirs: - echo $(EDIRS) -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -@@ -128,7 +128,7 @@ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - tags: - ctags $(SRC) ---- openssl-1.0.1m/Makefile.org -+++ openssl-1.0.1m/Makefile.org -@@ -273,17 +273,17 @@ - build_libs: build_crypto build_ssl build_engines - - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) --build_ssl: -- @dir=ssl; target=all; $(BUILD_ONE_CMD) --build_engines: -- @dir=engines; target=all; $(BUILD_ONE_CMD) --build_apps: -- @dir=apps; target=all; $(BUILD_ONE_CMD) --build_tests: -- @dir=test; target=all; $(BUILD_ONE_CMD) --build_tools: -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) -+build_ssl: build_crypto -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) -+build_engines: build_crypto -+ +@dir=engines; target=all; $(BUILD_ONE_CMD) -+build_apps: build_libs -+ +@dir=apps; target=all; $(BUILD_ONE_CMD) -+build_tests: build_libs -+ +@dir=test; target=all; $(BUILD_ONE_CMD) -+build_tools: build_libs -+ +@dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -@@ -538,9 +538,9 @@ - dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) - --install: all install_docs install_sw -+install: install_docs install_sw - --install_sw: -+install_dirs: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -@@ -549,12 +549,19 @@ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private -+ @$(PERL) $(TOP)/util/mkdir-p.pl \ -+ $(INSTALL_PREFIX)$(MANDIR)/man1 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man3 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man5 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man7 -+ -+install_sw: install_dirs - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @set -e; target=install; $(RECURSIVE_BUILD_CMD) -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ -@@ -634,12 +641,7 @@ - done; \ - done - --install_docs: -- @$(PERL) $(TOP)/util/mkdir-p.pl \ -- $(INSTALL_PREFIX)$(MANDIR)/man1 \ -- $(INSTALL_PREFIX)$(MANDIR)/man3 \ -- $(INSTALL_PREFIX)$(MANDIR)/man5 \ -- $(INSTALL_PREFIX)$(MANDIR)/man7 -+install_docs: install_dirs - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ - here="`pwd`"; \ - filecase=; \ ---- openssl-1.0.1m/Makefile.shared -+++ openssl-1.0.1m/Makefile.shared -@@ -105,6 +105,7 @@ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -@@ -122,6 +123,7 @@ - done; \ - fi; \ - if [ -n "$$SHLIB_SOVER" ]; then \ -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ - fi; \ ---- openssl-1.0.1m/test/Makefile -+++ openssl-1.0.1m/test/Makefile -@@ -130,7 +130,7 @@ - tags: - ctags $(SRC) - --tests: exe apps $(TESTS) -+tests: exe $(TESTS) - - apps: - @(cd ..; $(MAKE) DIRS=apps all) -@@ -388,118 +388,118 @@ - link_app.$${shlib_target} - - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) -- @target=$(RSATEST); $(BUILD_CMD) -+ +@target=$(RSATEST); $(BUILD_CMD) - - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) -- @target=$(BNTEST); $(BUILD_CMD) -+ +@target=$(BNTEST); $(BUILD_CMD) - - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) -- @target=$(ECTEST); $(BUILD_CMD) -+ +@target=$(ECTEST); $(BUILD_CMD) - - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) -- @target=$(EXPTEST); $(BUILD_CMD) -+ +@target=$(EXPTEST); $(BUILD_CMD) - - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) -- @target=$(IDEATEST); $(BUILD_CMD) -+ +@target=$(IDEATEST); $(BUILD_CMD) - - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) -- @target=$(MD2TEST); $(BUILD_CMD) -+ +@target=$(MD2TEST); $(BUILD_CMD) - - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) -- @target=$(SHATEST); $(BUILD_CMD) -+ +@target=$(SHATEST); $(BUILD_CMD) - - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) -- @target=$(SHA1TEST); $(BUILD_CMD) -+ +@target=$(SHA1TEST); $(BUILD_CMD) - - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) -- @target=$(SHA256TEST); $(BUILD_CMD) -+ +@target=$(SHA256TEST); $(BUILD_CMD) - - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) -- @target=$(SHA512TEST); $(BUILD_CMD) -+ +@target=$(SHA512TEST); $(BUILD_CMD) - - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) -- @target=$(RMDTEST); $(BUILD_CMD) -+ +@target=$(RMDTEST); $(BUILD_CMD) - - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) -- @target=$(MDC2TEST); $(BUILD_CMD) -+ +@target=$(MDC2TEST); $(BUILD_CMD) - - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) -- @target=$(MD4TEST); $(BUILD_CMD) -+ +@target=$(MD4TEST); $(BUILD_CMD) - - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) -- @target=$(MD5TEST); $(BUILD_CMD) -+ +@target=$(MD5TEST); $(BUILD_CMD) - - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) -- @target=$(HMACTEST); $(BUILD_CMD) -+ +@target=$(HMACTEST); $(BUILD_CMD) - - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) -- @target=$(WPTEST); $(BUILD_CMD) -+ +@target=$(WPTEST); $(BUILD_CMD) - - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) -- @target=$(RC2TEST); $(BUILD_CMD) -+ +@target=$(RC2TEST); $(BUILD_CMD) - - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) -- @target=$(BFTEST); $(BUILD_CMD) -+ +@target=$(BFTEST); $(BUILD_CMD) - - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) -- @target=$(CASTTEST); $(BUILD_CMD) -+ +@target=$(CASTTEST); $(BUILD_CMD) - - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) -- @target=$(RC4TEST); $(BUILD_CMD) -+ +@target=$(RC4TEST); $(BUILD_CMD) - - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) -- @target=$(RC5TEST); $(BUILD_CMD) -+ +@target=$(RC5TEST); $(BUILD_CMD) - - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) -- @target=$(DESTEST); $(BUILD_CMD) -+ +@target=$(DESTEST); $(BUILD_CMD) - - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) -- @target=$(RANDTEST); $(BUILD_CMD) -+ +@target=$(RANDTEST); $(BUILD_CMD) - - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) -- @target=$(DHTEST); $(BUILD_CMD) -+ +@target=$(DHTEST); $(BUILD_CMD) - - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) -- @target=$(DSATEST); $(BUILD_CMD) -+ +@target=$(DSATEST); $(BUILD_CMD) - - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) -- @target=$(METHTEST); $(BUILD_CMD) -+ +@target=$(METHTEST); $(BUILD_CMD) - - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) -- @target=$(SSLTEST); $(FIPS_BUILD_CMD) -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) - - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) -- @target=$(ENGINETEST); $(BUILD_CMD) -+ +@target=$(ENGINETEST); $(BUILD_CMD) - - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) -- @target=$(EVPTEST); $(BUILD_CMD) -+ +@target=$(EVPTEST); $(BUILD_CMD) - - $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) -- @target=$(EVPEXTRATEST); $(BUILD_CMD) -+ +@target=$(EVPEXTRATEST); $(BUILD_CMD) - - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) -- @target=$(ECDSATEST); $(BUILD_CMD) -+ +@target=$(ECDSATEST); $(BUILD_CMD) - - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) -- @target=$(ECDHTEST); $(BUILD_CMD) -+ +@target=$(ECDHTEST); $(BUILD_CMD) - - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) -- @target=$(IGETEST); $(BUILD_CMD) -+ +@target=$(IGETEST); $(BUILD_CMD) - - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) -- @target=$(JPAKETEST); $(BUILD_CMD) -+ +@target=$(JPAKETEST); $(BUILD_CMD) - - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) -- @target=$(ASN1TEST); $(BUILD_CMD) -+ +@target=$(ASN1TEST); $(BUILD_CMD) - - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) -- @target=$(SRPTEST); $(BUILD_CMD) -+ +@target=$(SRPTEST); $(BUILD_CMD) - - $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) -- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) -+ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) - - $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o -- @target=$(CONSTTIMETEST) $(BUILD_CMD) -+ +@target=$(CONSTTIMETEST) $(BUILD_CMD) - - #$(AESTEST).o: $(AESTEST).c - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -512,7 +512,7 @@ - # fi - - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) -- @target=dummytest; $(BUILD_CMD) -+ +@target=dummytest; $(BUILD_CMD) - - # DO NOT DELETE THIS LINE -- make depend depends on it. - diff --git a/dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch b/dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch deleted file mode 100644 index 8aa29e488f52..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch +++ /dev/null @@ -1,21 +0,0 @@ -https://bugs.gentoo.org/472584 -http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest - -fix verification handling in s_client. when loading paths, make sure -we properly fallback to setting the default paths. - -Forward-ported from openssl-1.0.1e-s_client-verify.patch - -Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> - ---- openssl-1.0.1m/apps/s_client.c -+++ openssl-1.0.1m/apps/s_client.c -@@ -1177,7 +1177,7 @@ int MAIN(int argc, char **argv) - if (!set_cert_key_stuff(ctx, cert, key)) - goto end; - -- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || -+ if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) && - (!SSL_CTX_set_default_verify_paths(ctx))) { - /* - * BIO_printf(bio_err,"error setting default verify locations\n"); diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch deleted file mode 100644 index 6d396b42bef5..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch +++ /dev/null @@ -1,49 +0,0 @@ -https://bugs.gentoo.org/541502 - -From 1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Mon, 9 Feb 2015 11:38:41 +0000 -Subject: [PATCH] Fix a failure to NULL a pointer freed on error. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org> - -CVE-2015-0209 - -Reviewed-by: Emilia Käsper <emilia@openssl.org> ---- - crypto/ec/ec_asn1.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c -index 30b7df4..d3e8316 100644 ---- a/crypto/ec/ec_asn1.c -+++ b/crypto/ec/ec_asn1.c -@@ -1014,8 +1014,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) - ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); - goto err; - } -- if (a) -- *a = ret; - } else - ret = *a; - -@@ -1067,10 +1065,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) - } - } - -+ if (a) -+ *a = ret; - ok = 1; - err: - if (!ok) { -- if (ret) -+ if (ret && (a == NULL || *a != ret)) - EC_KEY_free(ret); - ret = NULL; - } --- -2.3.1 - diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch deleted file mode 100644 index a6a10b0a2ca1..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch +++ /dev/null @@ -1,31 +0,0 @@ -https://bugs.gentoo.org/542038 - -From 28a00bcd8e318da18031b2ac8778c64147cd54f9 Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" <steve@openssl.org> -Date: Wed, 18 Feb 2015 00:34:59 +0000 -Subject: [PATCH] Check public key is not NULL. - -CVE-2015-0288 -PR#3708 - -Reviewed-by: Matt Caswell <matt@openssl.org> ---- - crypto/x509/x509_req.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c -index bc6e566..01795f4 100644 ---- a/crypto/x509/x509_req.c -+++ b/crypto/x509/x509_req.c -@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) - goto err; - - pktmp = X509_get_pubkey(x); -+ if (pktmp == NULL) -+ goto err; - i = X509_REQ_set_pubkey(ret, pktmp); - EVP_PKEY_free(pktmp); - if (!i) --- -2.3.1 - diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch deleted file mode 100644 index 852d06e9181a..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch +++ /dev/null @@ -1,459 +0,0 @@ ---- openssl-1.0.2/crypto/asn1/a_type.c -+++ openssl-1.0.2/crypto/asn1/a_type.c -@@ -119,6 +119,9 @@ - case V_ASN1_OBJECT: - result = OBJ_cmp(a->value.object, b->value.object); - break; -+ case V_ASN1_BOOLEAN: -+ result = a->value.boolean - b->value.boolean; -+ break; - case V_ASN1_NULL: - result = 0; /* They do not have content. */ - break; ---- openssl-1.0.2/crypto/asn1/tasn_dec.c -+++ openssl-1.0.2/crypto/asn1/tasn_dec.c -@@ -140,11 +140,17 @@ - { - ASN1_TLC c; - ASN1_VALUE *ptmpval = NULL; -- if (!pval) -- pval = &ptmpval; - asn1_tlc_clear_nc(&c); -- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) -- return *pval; -+ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) -+ ptmpval = *pval; -+ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { -+ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { -+ if (*pval) -+ ASN1_item_free(*pval, it); -+ *pval = ptmpval; -+ } -+ return ptmpval; -+ } - return NULL; - } - -@@ -304,9 +310,16 @@ - case ASN1_ITYPE_CHOICE: - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) - goto auxerr; -- -- /* Allocate structure */ -- if (!*pval && !ASN1_item_ex_new(pval, it)) { -+ if (*pval) { -+ /* Free up and zero CHOICE value if initialised */ -+ i = asn1_get_choice_selector(pval, it); -+ if ((i >= 0) && (i < it->tcount)) { -+ tt = it->templates + i; -+ pchptr = asn1_get_field_ptr(pval, tt); -+ ASN1_template_free(pchptr, tt); -+ asn1_set_choice_selector(pval, -1, it); -+ } -+ } else if (!ASN1_item_ex_new(pval, it)) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; - } -@@ -386,6 +399,17 @@ - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) - goto auxerr; - -+ /* Free up and zero any ADB found */ -+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { -+ if (tt->flags & ASN1_TFLG_ADB_MASK) { -+ const ASN1_TEMPLATE *seqtt; -+ ASN1_VALUE **pseqval; -+ seqtt = asn1_do_adb(pval, tt, 1); -+ pseqval = asn1_get_field_ptr(pval, seqtt); -+ ASN1_template_free(pseqval, seqtt); -+ } -+ } -+ - /* Get each field entry */ - for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { - const ASN1_TEMPLATE *seqtt; ---- openssl-1.0.2/crypto/pkcs7/pk7_doit.c -+++ openssl-1.0.2/crypto/pkcs7/pk7_doit.c -@@ -261,6 +261,25 @@ - PKCS7_RECIP_INFO *ri = NULL; - ASN1_OCTET_STRING *os = NULL; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER); -+ return NULL; -+ } -+ /* -+ * The content field in the PKCS7 ContentInfo is optional, but that really -+ * only applies to inner content (precisely, detached signatures). -+ * -+ * When reading content, missing outer content is therefore treated as an -+ * error. -+ * -+ * When creating content, PKCS7_content_new() must be called before -+ * calling this method, so a NULL p7->d is always an error. -+ */ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); -+ return NULL; -+ } -+ - i = OBJ_obj2nid(p7->type); - p7->state = PKCS7_S_HEADER; - -@@ -411,6 +430,16 @@ - unsigned char *ek = NULL, *tkey = NULL; - int eklen = 0, tkeylen = 0; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER); -+ return NULL; -+ } -+ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); -+ return NULL; -+ } -+ - i = OBJ_obj2nid(p7->type); - p7->state = PKCS7_S_HEADER; - -@@ -707,6 +736,16 @@ - STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; - ASN1_OCTET_STRING *os = NULL; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER); -+ return 0; -+ } -+ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT); -+ return 0; -+ } -+ - EVP_MD_CTX_init(&ctx_tmp); - i = OBJ_obj2nid(p7->type); - p7->state = PKCS7_S_HEADER; -@@ -746,6 +785,7 @@ - /* If detached data then the content is excluded */ - if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { - M_ASN1_OCTET_STRING_free(os); -+ os = NULL; - p7->d.sign->contents->d.data = NULL; - } - break; -@@ -755,6 +795,7 @@ - /* If detached data then the content is excluded */ - if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { - M_ASN1_OCTET_STRING_free(os); -+ os = NULL; - p7->d.digest->contents->d.data = NULL; - } - break; -@@ -820,22 +861,30 @@ - M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); - } - -- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) { -- char *cont; -- long contlen; -- btmp = BIO_find_type(bio, BIO_TYPE_MEM); -- if (btmp == NULL) { -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); -- goto err; -- } -- contlen = BIO_get_mem_data(btmp, &cont); -+ if (!PKCS7_is_detached(p7)) { - /* -- * Mark the BIO read only then we can use its copy of the data -- * instead of making an extra copy. -+ * NOTE(emilia): I think we only reach os == NULL here because detached -+ * digested data support is broken. - */ -- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); -- BIO_set_mem_eof_return(btmp, 0); -- ASN1_STRING_set0(os, (unsigned char *)cont, contlen); -+ if (os == NULL) -+ goto err; -+ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) { -+ char *cont; -+ long contlen; -+ btmp = BIO_find_type(bio, BIO_TYPE_MEM); -+ if (btmp == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); -+ goto err; -+ } -+ contlen = BIO_get_mem_data(btmp, &cont); -+ /* -+ * Mark the BIO read only then we can use its copy of the data -+ * instead of making an extra copy. -+ */ -+ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); -+ BIO_set_mem_eof_return(btmp, 0); -+ ASN1_STRING_set0(os, (unsigned char *)cont, contlen); -+ } - } - ret = 1; - err: -@@ -910,6 +959,16 @@ - STACK_OF(X509) *cert; - X509 *x509; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER); -+ return 0; -+ } -+ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT); -+ return 0; -+ } -+ - if (PKCS7_type_is_signed(p7)) { - cert = p7->d.sign->cert; - } else if (PKCS7_type_is_signedAndEnveloped(p7)) { ---- openssl-1.0.2/crypto/pkcs7/pk7_lib.c -+++ openssl-1.0.2/crypto/pkcs7/pk7_lib.c -@@ -70,6 +70,7 @@ - nid = OBJ_obj2nid(p7->type); - - switch (cmd) { -+ /* NOTE(emilia): does not support detached digested data. */ - case PKCS7_OP_SET_DETACHED_SIGNATURE: - if (nid == NID_pkcs7_signed) { - ret = p7->detached = (int)larg; -@@ -444,6 +445,8 @@ - - STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) - { -+ if (p7 == NULL || p7->d.ptr == NULL) -+ return NULL; - if (PKCS7_type_is_signed(p7)) { - return (p7->d.sign->signer_info); - } else if (PKCS7_type_is_signedAndEnveloped(p7)) { ---- openssl-1.0.2/crypto/rsa/rsa_ameth.c -+++ openssl-1.0.2/crypto/rsa/rsa_ameth.c -@@ -698,9 +698,10 @@ - RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); - return -1; - } -- if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey)) -+ if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) { - /* Carry on */ - return 2; -+ } - return -1; - } - ---- openssl-1.0.2/doc/crypto/d2i_X509.pod -+++ openssl-1.0.2/doc/crypto/d2i_X509.pod -@@ -207,6 +207,12 @@ - persist if they are not present in the new one. As a result the use - of this "reuse" behaviour is strongly discouraged. - -+Current versions of OpenSSL will not modify B<*px> if an error occurs. -+If parsing succeeds then B<*px> is freed (if it is not NULL) and then -+set to the value of the newly decoded structure. As a result B<*px> -+B<must not> be allocated on the stack or an attempt will be made to -+free an invalid pointer. -+ - i2d_X509() will not return an error in many versions of OpenSSL, - if mandatory fields are not initialized due to a programming error - then the encoded structure may contain invalid data or omit the -@@ -233,7 +239,9 @@ - - d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure - or B<NULL> if an error occurs. The error code that can be obtained by --L<ERR_get_error(3)|ERR_get_error(3)>. -+L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used -+with a valid X509 structure being passed in via B<px> then the object is not -+modified in the event of error. - - i2d_X509() returns the number of bytes successfully encoded or a negative - value if an error occurs. The error code can be obtained by ---- openssl-1.0.2/ssl/d1_lib.c -+++ openssl-1.0.2/ssl/d1_lib.c -@@ -543,6 +543,9 @@ - { - int ret; - -+ /* Ensure there is no state left over from a previous invocation */ -+ SSL_clear(s); -+ - SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); - s->d1->listen = 1; - ---- openssl-1.0.2/ssl/s2_lib.c -+++ openssl-1.0.2/ssl/s2_lib.c -@@ -493,7 +493,7 @@ - - OPENSSL_assert(s->session->master_key_length >= 0 - && s->session->master_key_length -- < (int)sizeof(s->session->master_key)); -+ <= (int)sizeof(s->session->master_key)); - EVP_DigestUpdate(&ctx, s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&ctx, &c, 1); ---- openssl-1.0.2/ssl/s2_srvr.c -+++ openssl-1.0.2/ssl/s2_srvr.c -@@ -454,11 +454,6 @@ - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY); - return (-1); - } -- i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc, -- &(p[s->s2->tmp.clear]), -- &(p[s->s2->tmp.clear]), -- (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : -- RSA_PKCS1_PADDING); - - is_export = SSL_C_IS_EXPORT(s->session->cipher); - -@@ -475,23 +470,61 @@ - } else - ek = 5; - -+ /* -+ * The format of the CLIENT-MASTER-KEY message is -+ * 1 byte message type -+ * 3 bytes cipher -+ * 2-byte clear key length (stored in s->s2->tmp.clear) -+ * 2-byte encrypted key length (stored in s->s2->tmp.enc) -+ * 2-byte key args length (IV etc) -+ * clear key -+ * encrypted key -+ * key args -+ * -+ * If the cipher is an export cipher, then the encrypted key bytes -+ * are a fixed portion of the total key (5 or 8 bytes). The size of -+ * this portion is in |ek|. If the cipher is not an export cipher, -+ * then the entire key material is encrypted (i.e., clear key length -+ * must be zero). -+ */ -+ if ((!is_export && s->s2->tmp.clear != 0) || -+ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) { -+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); -+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH); -+ return -1; -+ } -+ /* -+ * The encrypted blob must decrypt to the encrypted portion of the key. -+ * Decryption can't be expanding, so if we don't have enough encrypted -+ * bytes to fit the key in the buffer, stop now. -+ */ -+ if ((is_export && s->s2->tmp.enc < ek) || -+ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) { -+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); -+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT); -+ return -1; -+ } -+ -+ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc, -+ &(p[s->s2->tmp.clear]), -+ &(p[s->s2->tmp.clear]), -+ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : -+ RSA_PKCS1_PADDING); -+ - /* bad decrypt */ - # if 1 - /* - * If a bad decrypt, continue with protocol but with a random master - * secret (Bleichenbacher attack) - */ -- if ((i < 0) || ((!is_export && (i != EVP_CIPHER_key_length(c))) -- || (is_export && ((i != ek) -- || (s->s2->tmp.clear + -- (unsigned int)i != (unsigned int) -- EVP_CIPHER_key_length(c)))))) { -+ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c)) -+ || (is_export && i != ek))) { - ERR_clear_error(); - if (is_export) - i = ek; - else - i = EVP_CIPHER_key_length(c); -- if (RAND_pseudo_bytes(p, i) <= 0) -+ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0) - return 0; - } - # else -@@ -513,7 +546,7 @@ - # endif - - if (is_export) -- i += s->s2->tmp.clear; -+ i = EVP_CIPHER_key_length(c); - - if (i > SSL_MAX_MASTER_KEY_LENGTH) { - ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); ---- openssl-1.0.2/ssl/s3_pkt.c -+++ openssl-1.0.2/ssl/s3_pkt.c -@@ -780,7 +780,7 @@ - - i = ssl3_write_pending(s, type, &buf[tot], nw); - if (i <= 0) { -- if (i < 0) { -+ if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) { - OPENSSL_free(wb->buf); - wb->buf = NULL; - } ---- openssl-1.0.2/ssl/s3_srvr.c -+++ openssl-1.0.2/ssl/s3_srvr.c -@@ -2251,10 +2251,17 @@ - if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) { - int idx = -1; - EVP_PKEY *skey = NULL; -- if (n) -+ if (n) { - n2s(p, i); -- else -+ } else { -+ if (alg_k & SSL_kDHE) { -+ al = SSL_AD_HANDSHAKE_FAILURE; -+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, -+ SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); -+ goto f_err; -+ } - i = 0; -+ } - if (n && n != i + 2) { - if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ---- openssl-1.0.2/ssl/t1_lib.c -+++ openssl-1.0.2/ssl/t1_lib.c -@@ -2965,6 +2965,7 @@ - if (s->cert->shared_sigalgs) { - OPENSSL_free(s->cert->shared_sigalgs); - s->cert->shared_sigalgs = NULL; -+ s->cert->shared_sigalgslen = 0; - } - /* Clear certificate digests and validity flags */ - for (i = 0; i < SSL_PKEY_NUM; i++) { -@@ -3618,6 +3619,7 @@ - if (c->shared_sigalgs) { - OPENSSL_free(c->shared_sigalgs); - c->shared_sigalgs = NULL; -+ c->shared_sigalgslen = 0; - } - /* If client use client signature algorithms if not NULL */ - if (!s->server && c->client_sigalgs && !is_suiteb) { -@@ -3640,12 +3642,14 @@ - preflen = c->peer_sigalgslen; - } - nmatch = tls12_do_shared_sigalgs(NULL, pref, preflen, allow, allowlen); -- if (!nmatch) -- return 1; -- salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS)); -- if (!salgs) -- return 0; -- nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen); -+ if (nmatch) { -+ salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS)); -+ if (!salgs) -+ return 0; -+ nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen); -+ } else { -+ salgs = NULL; -+ } - c->shared_sigalgs = salgs; - c->shared_sigalgslen = nmatch; - return 1; diff --git a/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch deleted file mode 100644 index 31d3f1d634de..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch +++ /dev/null @@ -1,354 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=2084&user=guest&pass=guest - ---- a/Makefile.org -+++ b/Makefile.org -@@ -247,17 +247,17 @@ - build_libs: build_crypto build_ssl build_engines - - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) --build_ssl: -+build_ssl: build_crypto -- @dir=ssl; target=all; $(BUILD_ONE_CMD) -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) --build_engines: -+build_engines: build_crypto -- @dir=engines; target=all; $(BUILD_ONE_CMD) -+ +@dir=engines; target=all; $(BUILD_ONE_CMD) --build_apps: -+build_apps: build_libs -- @dir=apps; target=all; $(BUILD_ONE_CMD) -+ +@dir=apps; target=all; $(BUILD_ONE_CMD) --build_tests: -+build_tests: build_libs -- @dir=test; target=all; $(BUILD_ONE_CMD) -+ +@dir=test; target=all; $(BUILD_ONE_CMD) --build_tools: -+build_tools: build_libs -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ +@dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -@@ -497,9 +497,9 @@ - dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) - --install: all install_docs install_sw -+install: install_docs install_sw - --install_sw: -+install_dirs: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -@@ -508,6 +508,13 @@ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private -+ @$(PERL) $(TOP)/util/mkdir-p.pl \ -+ $(INSTALL_PREFIX)$(MANDIR)/man1 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man3 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man5 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man7 -+ -+install_sw: install_dirs - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ -@@ -511,7 +511,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @set -e; target=install; $(RECURSIVE_BUILD_CMD) -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ -@@ -593,12 +600,7 @@ - done; \ - done - --install_docs: -- @$(PERL) $(TOP)/util/mkdir-p.pl \ -- $(INSTALL_PREFIX)$(MANDIR)/man1 \ -- $(INSTALL_PREFIX)$(MANDIR)/man3 \ -- $(INSTALL_PREFIX)$(MANDIR)/man5 \ -- $(INSTALL_PREFIX)$(MANDIR)/man7 -+install_docs: install_dirs - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ - here="`pwd`"; \ - filecase=; \ ---- a/Makefile.shared -+++ b/Makefile.shared -@@ -105,6 +105,7 @@ LINK_SO= \ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -@@ -122,6 +124,7 @@ SYMLINK_SO= \ - done; \ - fi; \ - if [ -n "$$SHLIB_SOVER" ]; then \ -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ - fi; \ ---- a/crypto/Makefile -+++ b/crypto/Makefile -@@ -85,11 +85,11 @@ - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - - subdirs: -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO -- @target=files; $(RECURSIVE_MAKE) -+ +@target=files; $(RECURSIVE_MAKE) - - links: - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -100,7 +100,7 @@ - # lib: $(LIB): are splitted to avoid end-less loop - lib: $(LIB) - @touch lib --$(LIB): $(LIBOBJ) -+$(LIB): $(LIBOBJ) | subdirs - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - -@@ -110,7 +110,7 @@ - fi - - libs: -- @target=lib; $(RECURSIVE_MAKE) -+ +@target=lib; $(RECURSIVE_MAKE) - - install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -119,7 +119,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - lint: - @target=lint; $(RECURSIVE_MAKE) ---- a/engines/Makefile -+++ b/engines/Makefile -@@ -72,7 +72,7 @@ - - all: lib subdirs - --lib: $(LIBOBJ) -+lib: $(LIBOBJ) | subdirs - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ - - subdirs: - echo $(EDIRS) -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -@@ -128,7 +128,7 @@ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - tags: - ctags $(SRC) ---- a/test/Makefile -+++ b/test/Makefile -@@ -123,7 +123,7 @@ - tags: - ctags $(SRC) - --tests: exe apps $(TESTS) -+tests: exe $(TESTS) - - apps: - @(cd ..; $(MAKE) DIRS=apps all) -@@ -365,109 +365,109 @@ - link_app.$${shlib_target} - - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) -- @target=$(RSATEST); $(BUILD_CMD) -+ +@target=$(RSATEST); $(BUILD_CMD) - - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) -- @target=$(BNTEST); $(BUILD_CMD) -+ +@target=$(BNTEST); $(BUILD_CMD) - - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) -- @target=$(ECTEST); $(BUILD_CMD) -+ +@target=$(ECTEST); $(BUILD_CMD) - - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) -- @target=$(EXPTEST); $(BUILD_CMD) -+ +@target=$(EXPTEST); $(BUILD_CMD) - - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) -- @target=$(IDEATEST); $(BUILD_CMD) -+ +@target=$(IDEATEST); $(BUILD_CMD) - - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) -- @target=$(MD2TEST); $(BUILD_CMD) -+ +@target=$(MD2TEST); $(BUILD_CMD) - - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) -- @target=$(SHATEST); $(BUILD_CMD) -+ +@target=$(SHATEST); $(BUILD_CMD) - - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) -- @target=$(SHA1TEST); $(BUILD_CMD) -+ +@target=$(SHA1TEST); $(BUILD_CMD) - - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) -- @target=$(SHA256TEST); $(BUILD_CMD) -+ +@target=$(SHA256TEST); $(BUILD_CMD) - - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) -- @target=$(SHA512TEST); $(BUILD_CMD) -+ +@target=$(SHA512TEST); $(BUILD_CMD) - - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) -- @target=$(RMDTEST); $(BUILD_CMD) -+ +@target=$(RMDTEST); $(BUILD_CMD) - - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) -- @target=$(MDC2TEST); $(BUILD_CMD) -+ +@target=$(MDC2TEST); $(BUILD_CMD) - - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) -- @target=$(MD4TEST); $(BUILD_CMD) -+ +@target=$(MD4TEST); $(BUILD_CMD) - - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) -- @target=$(MD5TEST); $(BUILD_CMD) -+ +@target=$(MD5TEST); $(BUILD_CMD) - - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) -- @target=$(HMACTEST); $(BUILD_CMD) -+ +@target=$(HMACTEST); $(BUILD_CMD) - - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) -- @target=$(WPTEST); $(BUILD_CMD) -+ +@target=$(WPTEST); $(BUILD_CMD) - - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) -- @target=$(RC2TEST); $(BUILD_CMD) -+ +@target=$(RC2TEST); $(BUILD_CMD) - - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) -- @target=$(BFTEST); $(BUILD_CMD) -+ +@target=$(BFTEST); $(BUILD_CMD) - - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) -- @target=$(CASTTEST); $(BUILD_CMD) -+ +@target=$(CASTTEST); $(BUILD_CMD) - - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) -- @target=$(RC4TEST); $(BUILD_CMD) -+ +@target=$(RC4TEST); $(BUILD_CMD) - - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) -- @target=$(RC5TEST); $(BUILD_CMD) -+ +@target=$(RC5TEST); $(BUILD_CMD) - - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) -- @target=$(DESTEST); $(BUILD_CMD) -+ +@target=$(DESTEST); $(BUILD_CMD) - - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) -- @target=$(RANDTEST); $(BUILD_CMD) -+ +@target=$(RANDTEST); $(BUILD_CMD) - - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) -- @target=$(DHTEST); $(BUILD_CMD) -+ +@target=$(DHTEST); $(BUILD_CMD) - - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) -- @target=$(DSATEST); $(BUILD_CMD) -+ +@target=$(DSATEST); $(BUILD_CMD) - - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) -- @target=$(METHTEST); $(BUILD_CMD) -+ +@target=$(METHTEST); $(BUILD_CMD) - - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) -- @target=$(SSLTEST); $(FIPS_BUILD_CMD) -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) - - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) -- @target=$(ENGINETEST); $(BUILD_CMD) -+ +@target=$(ENGINETEST); $(BUILD_CMD) - - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) -- @target=$(EVPTEST); $(BUILD_CMD) -+ +@target=$(EVPTEST); $(BUILD_CMD) - - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) -- @target=$(ECDSATEST); $(BUILD_CMD) -+ +@target=$(ECDSATEST); $(BUILD_CMD) - - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) -- @target=$(ECDHTEST); $(BUILD_CMD) -+ +@target=$(ECDHTEST); $(BUILD_CMD) - - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) -- @target=$(IGETEST); $(BUILD_CMD) -+ +@target=$(IGETEST); $(BUILD_CMD) - - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) -- @target=$(JPAKETEST); $(BUILD_CMD) -+ +@target=$(JPAKETEST); $(BUILD_CMD) - - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) -- @target=$(ASN1TEST); $(BUILD_CMD) -+ +@target=$(ASN1TEST); $(BUILD_CMD) - - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) -- @target=$(SRPTEST); $(BUILD_CMD) -+ +@target=$(SRPTEST); $(BUILD_CMD) - - #$(AESTEST).o: $(AESTEST).c - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -480,7 +480,7 @@ - # fi - - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) -- @target=dummytest; $(BUILD_CMD) -+ +@target=dummytest; $(BUILD_CMD) - - # DO NOT DELETE THIS LINE -- make depend depends on it. - ---- a/crypto/objects/Makefile -+++ b/crypto/objects/Makefile -@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h - # objects.pl both reads and writes obj_mac.num - obj_mac.h: objects.pl objects.txt obj_mac.num - $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h -- @sleep 1; touch obj_mac.h; sleep 1 - --obj_xref.h: objxref.pl obj_xref.txt obj_mac.num -+# This doesn't really need obj_mac.h, but since that rule reads & writes -+# obj_mac.num, we can't run in parallel with it. -+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h - $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h -- @sleep 1; touch obj_xref.h; sleep 1 - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/dev-libs/openssl/openssl-0.9.8z_p5-r1.ebuild b/dev-libs/openssl/openssl-0.9.8z_p5-r1.ebuild deleted file mode 100644 index 12eb16d8fe17..000000000000 --- a/dev-libs/openssl/openssl-0.9.8z_p5-r1.ebuild +++ /dev/null @@ -1,161 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat - -EAPI="5" - -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal - -PLEVEL=$(echo "${PV##*_p}" | tr '[1-9]' '[a-i]') -MY_PV=${PV/_p*/${PLEVEL}} -MY_P=${PN}-${MY_PV} -S="${WORKDIR}/${MY_P}" -DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" - -LICENSE="openssl" -SLOT="0.9.8" -KEYWORDS="alpha amd64 arm ~hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd" -IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib" -RESTRICT="!bindist? ( bindist )" - -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20140508-r4 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - ) - !=dev-libs/openssl-0.9.8*:0" -DEPEND="${RDEPEND} - sys-apps/diffutils - >=dev-lang/perl-5 - test? ( sys-devel/bc )" - -# Do not install any docs -DOCS=() - -src_prepare() { - epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch - epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438 - epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130 - epatch "${FILESDIR}"/${PN}-0.9.8ze-CVE-2015-0286.patch #543552 - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \ - Makefile{,.org} \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - # update the enginedir path. - # punt broken config we don't care about as it fails sanity check. - sed -i \ - -e '/^"debug-ben-debug-64"/d' \ - -e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \ - Configure || die - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed" - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags -Wa,--noexecstack - - sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906 - sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - - tc-export CC AR RANLIB - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 - - use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - enable-idea \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl zlib) \ - --prefix=/usr \ - --openssldir=/etc/ssl \ - shared threads \ - || die "Configure failed" - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts - emake -j1 depend - emake -j1 build_libs -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - dolib.so lib{crypto,ssl}.so.0.9.8 -} diff --git a/dev-libs/openssl/openssl-0.9.8z_p6.ebuild b/dev-libs/openssl/openssl-0.9.8z_p6.ebuild deleted file mode 100644 index b2d9ea92642b..000000000000 --- a/dev-libs/openssl/openssl-0.9.8z_p6.ebuild +++ /dev/null @@ -1,160 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat - -EAPI="5" - -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal - -PLEVEL=$(echo "${PV##*_p}" | tr '[1-9]' '[a-i]') -MY_PV=${PV/_p*/${PLEVEL}} -MY_P=${PN}-${MY_PV} -S="${WORKDIR}/${MY_P}" -DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" - -LICENSE="openssl" -SLOT="0.9.8" -KEYWORDS="alpha amd64 arm ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh ~sparc x86 ~sparc-fbsd ~x86-fbsd" -IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib" -RESTRICT="!bindist? ( bindist )" - -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20140508-r4 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - ) - !=dev-libs/openssl-0.9.8*:0" -DEPEND="${RDEPEND} - sys-apps/diffutils - >=dev-lang/perl-5 - test? ( sys-devel/bc )" - -# Do not install any docs -DOCS=() - -src_prepare() { - epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch - epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438 - epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130 - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \ - Makefile{,.org} \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - # update the enginedir path. - # punt broken config we don't care about as it fails sanity check. - sed -i \ - -e '/^"debug-ben-debug-64"/d' \ - -e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \ - Configure || die - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed" - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags -Wa,--noexecstack - - sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906 - sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - - tc-export CC AR RANLIB - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 - - use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - enable-idea \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl zlib) \ - --prefix=/usr \ - --openssldir=/etc/ssl \ - shared threads \ - || die "Configure failed" - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts - emake -j1 depend - emake -j1 build_libs -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - dolib.so lib{crypto,ssl}.so.0.9.8 -} diff --git a/dev-libs/openssl/openssl-1.0.0r.ebuild b/dev-libs/openssl/openssl-1.0.0r.ebuild deleted file mode 100644 index e719253062c8..000000000000 --- a/dev-libs/openssl/openssl-1.0.0r.ebuild +++ /dev/null @@ -1,214 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI="4" - -inherit eutils flag-o-matic toolchain-funcs multilib - -REV="1.7" -DESCRIPTION="full-strength general purpose cryptography library (including SSL v2/v3 and TLS v1)" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${P}.tar.gz - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" -IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test zlib" -RESTRICT="!bindist? ( bindist )" - -# Have the sub-libs in RDEPEND with [static-libs] since, logically, -# our libssl.a depends on libz.a/etc... at runtime. -LIB_DEPEND="gmp? ( dev-libs/gmp[static-libs(+)] ) - zlib? ( sys-libs/zlib[static-libs(+)] ) - kerberos? ( app-crypt/mit-krb5 )" -RDEPEND="static-libs? ( ${LIB_DEPEND} ) - !static-libs? ( ${LIB_DEPEND//\[static-libs(+)]} )" -DEPEND="${RDEPEND} - sys-apps/diffutils - >=dev-lang/perl-5 - test? ( sys-devel/bc )" -PDEPEND="app-misc/ca-certificates" - -src_unpack() { - unpack ${P}.tar.gz - SSL_CNF_DIR="/etc/ssl" - sed \ - -e "/^DIR=/s:=.*:=${SSL_CNF_DIR}:" \ - "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \ - > "${WORKDIR}"/c_rehash || die #416717 -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 - #epatch "${FILESDIR}"/${PN}-1.0.0d-fbsd-amd64.patch #363089 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch - epatch "${FILESDIR}"/${PN}-1.0.0e-parallel-build.patch - epatch "${FILESDIR}"/${PN}-1.0.0r-x32.patch - epatch_user #332661 - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.0 gentoo.config || die - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - - sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906 - ./config --test-sanity || die "I AM NOT SANE" -} - -src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - enable-idea \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl zlib) \ - --prefix=/usr \ - --openssldir=${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend || die - emake all || die - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash || die -} - -src_test() { - emake -j1 test || die -} - -src_install() { - emake INSTALL_PREFIX="${D}" install || die - dobin "${WORKDIR}"/c_rehash || die #333117 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* - use rfc3779 && dodoc engines/ccgost/README.gost - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${D}"/usr/lib*/lib*.a - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${D}"${SSL_CNF_DIR}/certs/ || die - rm -r "${D}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${D}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${D}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${ROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${ROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? - - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} diff --git a/dev-libs/openssl/openssl-1.0.1l-r1.ebuild b/dev-libs/openssl/openssl-1.0.1l-r1.ebuild deleted file mode 100644 index 8f063dc44e0d..000000000000 --- a/dev-libs/openssl/openssl-1.0.1l-r1.ebuild +++ /dev/null @@ -1,260 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI="4" - -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal - -REV="1.7" -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${P}.tar.gz - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" - -# The blocks are temporary just to make sure people upgrade to a -# version that lack runtime version checking. We'll drop them in -# the future. -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20140406-r3 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - ) - !<net-misc/openssh-5.9_p1-r4 - !<net-libs/neon-0.29.6-r1" -DEPEND="${RDEPEND} - sys-apps/diffutils - >=dev-lang/perl-5 - test? ( sys-devel/bc )" -PDEPEND="app-misc/ca-certificates" - -src_unpack() { - unpack ${P}.tar.gz - SSL_CNF_DIR="/etc/ssl" - sed \ - -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \ - -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \ - "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \ - > "${WORKDIR}"/c_rehash || die #416717 -} - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch - epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch - epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch - epatch "${FILESDIR}"/${PN}-1.0.1h-ipv6.patch - epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584 - epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086 - epatch "${FILESDIR}"/${PN}-1.0.1l-CVE-2015-0286.patch #543552 - epatch_user #332661 - fi - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - # Disable it for now though #469976 - #if ! use bindist ; then - # echo "__uint128_t i;" > "${T}"/128.c - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - # fi - #fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake INSTALL_PREFIX="${D}" install -} - -multilib_src_install_all() { - dobin "${WORKDIR}"/c_rehash #333117 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* - use rfc3779 && dodoc engines/ccgost/README.gost - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? - - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} diff --git a/dev-libs/openssl/openssl-1.0.1m.ebuild b/dev-libs/openssl/openssl-1.0.1m.ebuild deleted file mode 100644 index 7f30b56b69af..000000000000 --- a/dev-libs/openssl/openssl-1.0.1m.ebuild +++ /dev/null @@ -1,259 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI="4" - -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal - -REV="1.7" -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${P}.tar.gz - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" - -# The blocks are temporary just to make sure people upgrade to a -# version that lack runtime version checking. We'll drop them in -# the future. -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20140406-r3 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - ) - !<net-misc/openssh-5.9_p1-r4 - !<net-libs/neon-0.29.6-r1" -DEPEND="${RDEPEND} - sys-apps/diffutils - >=dev-lang/perl-5 - test? ( sys-devel/bc )" -PDEPEND="app-misc/ca-certificates" - -src_unpack() { - unpack ${P}.tar.gz - SSL_CNF_DIR="/etc/ssl" - sed \ - -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \ - -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \ - "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \ - > "${WORKDIR}"/c_rehash || die #416717 -} - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch - epatch "${FILESDIR}"/${PN}-1.0.1m-parallel-build.patch - epatch "${FILESDIR}"/${PN}-1.0.1m-x32.patch - epatch "${FILESDIR}"/${PN}-1.0.1m-ipv6.patch - epatch "${FILESDIR}"/${PN}-1.0.1m-s_client-verify.patch #472584 - epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086 - epatch_user #332661 - fi - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - # Disable it for now though #469976 - #if ! use bindist ; then - # echo "__uint128_t i;" > "${T}"/128.c - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - # fi - #fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake INSTALL_PREFIX="${D}" install -} - -multilib_src_install_all() { - dobin "${WORKDIR}"/c_rehash #333117 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* - use rfc3779 && dodoc engines/ccgost/README.gost - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? - - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} diff --git a/dev-libs/openssl/openssl-1.0.1n.ebuild b/dev-libs/openssl/openssl-1.0.1n.ebuild deleted file mode 100644 index 0b33ee926ced..000000000000 --- a/dev-libs/openssl/openssl-1.0.1n.ebuild +++ /dev/null @@ -1,258 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI="4" - -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal - -REV="1.7" -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${P}.tar.gz - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" - -# The blocks are temporary just to make sure people upgrade to a -# version that lack runtime version checking. We'll drop them in -# the future. -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20140406-r3 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - ) - !<net-misc/openssh-5.9_p1-r4 - !<net-libs/neon-0.29.6-r1" -DEPEND="${RDEPEND} - sys-apps/diffutils - >=dev-lang/perl-5 - test? ( sys-devel/bc )" -PDEPEND="app-misc/ca-certificates" - -src_unpack() { - unpack ${P}.tar.gz - SSL_CNF_DIR="/etc/ssl" - sed \ - -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \ - -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \ - "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \ - > "${WORKDIR}"/c_rehash || die #416717 -} - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch - epatch "${FILESDIR}"/${PN}-1.0.1m-parallel-build.patch - epatch "${FILESDIR}"/${PN}-1.0.1m-x32.patch - epatch "${FILESDIR}"/${PN}-1.0.1m-ipv6.patch - epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086 - epatch_user #332661 - fi - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - # Disable it for now though #469976 - #if ! use bindist ; then - # echo "__uint128_t i;" > "${T}"/128.c - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - # fi - #fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake INSTALL_PREFIX="${D}" install -} - -multilib_src_install_all() { - dobin "${WORKDIR}"/c_rehash #333117 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* - use rfc3779 && dodoc engines/ccgost/README.gost - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? - - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} diff --git a/dev-libs/openssl/openssl-1.0.1o.ebuild b/dev-libs/openssl/openssl-1.0.1o.ebuild deleted file mode 100644 index f6c6c16f556f..000000000000 --- a/dev-libs/openssl/openssl-1.0.1o.ebuild +++ /dev/null @@ -1,258 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI="4" - -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal - -REV="1.7" -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${P}.tar.gz - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" - -# The blocks are temporary just to make sure people upgrade to a -# version that lack runtime version checking. We'll drop them in -# the future. -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20140406-r3 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - ) - !<net-misc/openssh-5.9_p1-r4 - !<net-libs/neon-0.29.6-r1" -DEPEND="${RDEPEND} - sys-apps/diffutils - >=dev-lang/perl-5 - test? ( sys-devel/bc )" -PDEPEND="app-misc/ca-certificates" - -src_unpack() { - unpack ${P}.tar.gz - SSL_CNF_DIR="/etc/ssl" - sed \ - -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \ - -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \ - "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \ - > "${WORKDIR}"/c_rehash || die #416717 -} - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch - epatch "${FILESDIR}"/${PN}-1.0.1m-parallel-build.patch - epatch "${FILESDIR}"/${PN}-1.0.1m-x32.patch - epatch "${FILESDIR}"/${PN}-1.0.1m-ipv6.patch - epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086 - epatch_user #332661 - fi - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - # Disable it for now though #469976 - #if ! use bindist ; then - # echo "__uint128_t i;" > "${T}"/128.c - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - # fi - #fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake INSTALL_PREFIX="${D}" install -} - -multilib_src_install_all() { - dobin "${WORKDIR}"/c_rehash #333117 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* - use rfc3779 && dodoc engines/ccgost/README.gost - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? - - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} diff --git a/dev-libs/openssl/openssl-1.0.2-r3.ebuild b/dev-libs/openssl/openssl-1.0.2-r3.ebuild deleted file mode 100644 index 231155dac067..000000000000 --- a/dev-libs/openssl/openssl-1.0.2-r3.ebuild +++ /dev/null @@ -1,263 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI="4" - -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal - -REV="1.7" -MY_P=${P/_/-} -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" - -# The blocks are temporary just to make sure people upgrade to a -# version that lack runtime version checking. We'll drop them in -# the future. -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20140508 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - ) - !<net-misc/openssh-5.9_p1-r4 - !<net-libs/neon-0.29.6-r1" -DEPEND="${RDEPEND} - sys-apps/diffutils - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( sys-devel/bc )" -PDEPEND="app-misc/ca-certificates" - -S="${WORKDIR}/${MY_P}" - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -src_prepare() { - SSL_CNF_DIR="/etc/ssl" - sed \ - -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \ - -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \ - "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \ - > "${WORKDIR}"/c_rehash || die #416717 - - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - epatch "${FILESDIR}"/${P}-CVE-2015-0209.patch #541502 - epatch "${FILESDIR}"/${P}-CVE-2015-0288.patch #542038 - if ! use vanilla ; then - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 - epatch "${FILESDIR}"/${PN}-1.0.2-parallel-build.patch - epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch - epatch "${FILESDIR}"/${PN}-1.0.2-s_client-verify.patch #472584 - epatch "${FILESDIR}"/${PN}-1.0.2-CVE-2015-0291.patch - - epatch_user #332661 - fi - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - append-cppflags -DOPENSSL_NO_BUF_FREELISTS - - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: Expired http://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - # Disable it for now though #469976 - #if ! use bindist ; then - # echo "__uint128_t i;" > "${T}"/128.c - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - # fi - #fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - echoit \ - ./${config} \ - ${sslout} \ - $(use sctp && echo "sctp") \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - enable-rc5 \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake INSTALL_PREFIX="${D}" install -} - -multilib_src_install_all() { - dobin "${WORKDIR}"/c_rehash #333117 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* - use rfc3779 && dodoc engines/ccgost/README.gost - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? - - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} |