Backup_Repos/pentoo-overlay
1
0
Fork 0
mirror of https://github.com/pentoo/pentoo-overlay synced 2025-12-06 08:25:01 +01:00
Code Issues Projects Releases Wiki Activity

openssl-bad-1.0.2_p20250104.ebuild

Browse source
This commit is contained in:
Anton Bolshakov 2025-01-19 00:03:45 +08:00
parent 4f382b7573
commit e3b1cf744a
No known key found for this signature in database
GPG key ID: 32BDCED870788F04
16 changed files with 466 additions and 614 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
dev-libs/openssl-bad/Manifest
View file

@ -1 +1,2 @@
DIST openssl-bad-1.0.2_p20220901.tar.gz 5530282 BLAKE2B 4e5311392596e40f491e36dbb79d41b20c7fc55d11396a828af23e76eb436e4eb5395cc5285f10dc14dab0be732db0eefe80beba15ecbec814da310526ce9285 SHA512 41b4e3d48e5ad090466ca90b4c6b1be1b166cd2978011f65b67502ca1b9fd0130796cc0d8c87908f0eaf342c9a1fb29f7c9f84c6f1fded8d2999099c12c227ed
DIST openssl-bad-1.0.2_p20250104.gh.tar.gz 5529207 BLAKE2B 8187086c1b566da364ffbb7d39816750445328d33a7c93d21a62219191e2de4ab3c4fa85493d421de36ef802dff540b567a22c47e0a8a176847fcdbca13cfa92 SHA512 ceaf16082f8e14bd24c6910c8d8a5f48361f02d9f9a5a471b456a91e06fabc08c81ffe71a4c5605fa9f62e927fd66626268ae49e8eb4bc5b72ae14361305934c
DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9

27
dev-libs/openssl-bad/files/openssl-1.0.0a-ldflags.patch → dev-libs/openssl-bad/files/patch/010_all_openssl-1.0.2-respect-ldflags.patch
View file

@ -1,14 +1,22 @@
http://bugs.gentoo.org/181438
http://bugs.gentoo.org/327421
https://rt.openssl.org/Ticket/Display.html?id=3331&user=guest&pass=guest
make sure we respect LDFLAGS
From: Mike Frysinger <vapier@gentoo.org>
Date: Sun, 27 Apr 2014 11:04:20 +0200
Subject: make sure we respect LDFLAGS
also make sure we don't add useless -rpath flags to the system libdir
Bug: http://bugs.gentoo.org/181438
Bug: http://bugs.gentoo.org/327421
Upstream-Bug: https://rt.openssl.org/Ticket/Display.html?id=3331&user=guest&pass=guest
---
Makefile.org | 1 +
Makefile.shared | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/Makefile.org b/Makefile.org
index f51f0a7..19ebd38 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -189,6 +189,7 @@
@@ -220,6 +220,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
MAKEDEPPROG='$(MAKEDEPPROG)' \
@ -16,9 +24,11 @@ also make sure we don't add useless -rpath flags to the system libdir
SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
diff --git a/Makefile.shared b/Makefile.shared
index e8d222a..72c0144 100644
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -153,7 +153,7 @@
@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
@ -27,3 +37,6 @@ also make sure we don't add useless -rpath flags to the system libdir
#This is rather special. It's a special target with which one can link
#applications without bothering with any features that have anything to
--
2.15.1

13
dev-libs/openssl-bad/files/openssl-1.0.2a-parallel-obj-headers.patch → dev-libs/openssl-bad/files/patch/012_all_openssl-1.0.2-fix-parallel-obj-headers.patch
View file

@ -1,23 +1,22 @@
https://rt.openssl.org/Ticket/Display.html?id=3737&user=guest&pass=guest
From ce279d4361e07e9af9ceca8a6e326e661758ad53 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sun, 8 Mar 2015 01:34:48 -0500
Subject: [PATCH] fix parallel generation of obj headers
Subject: fix parallel generation of obj headers
The current code has dummy sleep/touch commands to try and work
around the parallel issue, but that is obviously racy. Instead
lets force one of the files to depend on the other so we know
they'll never run in parallel.
Upstream-Bug: https://rt.openssl.org/Ticket/Display.html?id=3737&user=guest&pass=guest
---
crypto/objects/Makefile | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile
index ad2db1e..7d32504 100644
index f93d2f9..383c5bc 100644
--- a/crypto/objects/Makefile
+++ b/crypto/objects/Makefile
@@ -44,11 +44,11 @@
@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h
# objects.pl both reads and writes obj_mac.num
obj_mac.h: objects.pl objects.txt obj_mac.num
$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
@ -33,5 +32,5 @@ index ad2db1e..7d32504 100644
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
--
2.3.4
2.15.1

25
dev-libs/openssl-bad/files/openssl-1.0.2a-parallel-install-dirs.patch → dev-libs/openssl-bad/files/patch/013_all_openssl-1.0.2-fix-parallel-install-dirs.patch
View file

@ -1,9 +1,6 @@
https://rt.openssl.org/Ticket/Display.html?id=3736&user=guest&pass=guest
From aba899f2eca21e11e5e9797bf8258e7265dea9f5 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sun, 8 Mar 2015 01:32:01 -0500
Subject: [PATCH] fix parallel install with dir creation
Subject: fix parallel install with dir creation
The mkdir-p.pl does not handle parallel creation of directories.
This comes up when the install_sw and install_docs rules run and
@ -11,17 +8,19 @@ both call mkdir-p.pl on sibling directory trees.
Instead, lets create a single install_dirs rule that makes all of
the dirs we need, and have these two install steps depend on that.
Upstream-Bug: https://rt.openssl.org/Ticket/Display.html?id=3736&user=guest&pass=guest
---
Makefile.org | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
Makefile.org | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/Makefile.org b/Makefile.org
index a6d9471..78e6143 100644
index 1ba910c..5ca5127 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -536,9 +536,9 @@
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
@@ -541,9 +541,9 @@ dist:
@$(MAKE) SDIRS='$(SDIRS)' clean
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
-install: all install_docs install_sw
+install: install_docs install_sw
@ -31,7 +30,7 @@ index a6d9471..78e6143 100644
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
@@ -547,6 +547,13 @@
@@ -552,6 +552,13 @@ install_sw:
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
@ -45,7 +44,7 @@ index a6d9471..78e6143 100644
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
@@ -636,12 +643,7 @@
@@ -641,12 +648,7 @@ install_html_docs:
done; \
done
@ -60,5 +59,5 @@ index a6d9471..78e6143 100644
here="`pwd`"; \
filecase=; \
--
2.3.4
2.15.1

36
dev-libs/openssl-bad/files/openssl-1.0.2a-parallel-symlinking.patch → dev-libs/openssl-bad/files/patch/014_all_openssl-1.0.2-fix-parallel-symlinking.patch
View file

@ -1,49 +1,47 @@
https://rt.openssl.org/Ticket/Display.html?id=3780&user=guest&pass=guest
From cc81af135bda47eaa6956a0329cbbc55bf993ac1 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Fri, 3 Apr 2015 01:16:23 -0400
Subject: [PATCH] fix race when symlink shareds libs
Subject: fix race when symlink shareds libs
When the crypto/ssl targets attempt to build their shared libs, they run:
cd ..; make libcrypto.so.1.0.0
cd ..; make libcrypto.so.1.0.0
The top level Makefile in turn runs the build-shared target for that lib.
The build-shared target depends on both do_$(SHLIB_TARGET) & link-shared.
When building in parallel, make is allowed to run both of these. They
both run Makefile.shared for their respective targets:
do_$(SHLIB_TARGET) ->
link_a.linux-shared ->
link_a.gnu ->
...; $(LINK_SO_A) ->
$(LINK_SO) ->
$(SYMLINK_SO)
link_a.linux-shared ->
link_a.gnu ->
...; $(LINK_SO_A) ->
$(LINK_SO) ->
$(SYMLINK_SO)
link-shared ->
symlink.linux-shared ->
symlink.gnu ->
...; $(SYMLINK_SO)
symlink.linux-shared ->
symlink.gnu ->
...; $(SYMLINK_SO)
The shell code for SYMLINK_SO attempts to do a [ -e lib ] check, but fails
basic TOCTOU semantics. Depending on the load, that means two processes
will run the sequence:
rm -f libcrypto.so
ln -s libcrypto.so.1.0.0 libcrypto.so
rm -f libcrypto.so
ln -s libcrypto.so.1.0.0 libcrypto.so
Which obviously fails:
ln: failed to create symbolic link 'libcrypto.so': File exists
ln: failed to create symbolic link 'libcrypto.so': File exists
Since we know do_$(SHLIB_TARGET) will create the symlink for us, don't
bother depending on link-shared at all in the top level Makefile when
building things.
Reported-by: Martin von Gagern <Martin.vGagern@gmx.net>
URL: https://bugs.gentoo.org/545028
Bug: https://bugs.gentoo.org/545028
Upstream-Bug: https://rt.openssl.org/Ticket/Display.html?id=3780&user=guest&pass=guest
---
Makefile.org | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/Makefile.org b/Makefile.org
index 890bfe4..576c60e 100644
index 5ca5127..d413743 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -350,7 +350,10 @@ link-shared:
@ -59,5 +57,5 @@ index 890bfe4..576c60e 100644
do_$(SHLIB_TARGET):
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
--
2.3.4
2.15.1

42
dev-libs/openssl-bad/files/patch/015_all_openssl-1.0.2-fix-parallel-install-dirs2.patch Normal file
View file

@ -0,0 +1,42 @@
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Fri, 10 Jun 2016 20:04:51 +0200
Subject: utils/mkdir-p: check if dir exists also after mkdir failed
Commit 70a56b914772e6b21cda2a5742817ae4bb7290f1 upstream.
With "make install -j8" it happens very often that two or more make
instances are creating the same directory in parallel. As a result one
instace creates the directory and second mkdir fails because the
directory exists already (but it did not while testing for it earlier).
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1204)
Bug: https://bugs.gentoo.org/651880
---
util/mkdir-p.pl | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/util/mkdir-p.pl b/util/mkdir-p.pl
index e73d02b073..78bada3f99 100755
--- a/util/mkdir-p.pl
+++ b/util/mkdir-p.pl
@@ -29,6 +29,12 @@ sub do_mkdir_p {
do_mkdir_p($parent);
}
- mkdir($dir, 0777) || die "Cannot create directory $dir: $!\n";
+ unless (mkdir($dir, 0777)) {
+ if (-d $dir) {
+ # We raced against another instance doing the same thing.
+ return;
+ }
+ die "Cannot create directory $dir: $!\n";
+ }
print "created directory `$dir'\n";
}
--
2.16.3

22
dev-libs/openssl-bad/files/openssl-1.0.2a-x32-asm.patch → dev-libs/openssl-bad/files/patch/040_all_openssl-1.0.2-x32-asm.patch
View file

@ -1,9 +1,6 @@
https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sat, 21 Mar 2015 06:01:25 -0400
Subject: [PATCH] crypto: use bigint in x86-64 perl
Subject: crypto: use bigint in x86-64 perl
When building on x32 systems where the default type is 32bit, make sure
we can transparently represent 64bit integers. Otherwise we end up with
@ -18,26 +15,27 @@ We don't enable this globally as there are some cases where we'd get
32bit values interpreted as unsigned when we need them as signed.
Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
URL: https://bugs.gentoo.org/542618
Bug: https://bugs.gentoo.org/542618
Upstream-Bug: https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
---
crypto/perlasm/x86_64-xlate.pl | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index aae8288..0bf9774 100755
index d19195e..96d9edd 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -195,6 +195,10 @@ my %globals;
sub out {
my $self = shift;
@@ -269,6 +269,10 @@ my %globals;
$self->{base} = $self->{index}; $self->{index} = $1;
}
+ # When building on x32 ABIs, the expanded hex value might be too
+ # big to fit into 32bits. Enable transparent 64bit support here
+ # so we can safely print it out.
+ use bigint;
if ($gas) {
# Solaris /usr/ccs/bin/as can't handle multiplications
# in $self->{value}
$self->{label} =~ s/^___imp_/__imp__/ if ($flavour eq "mingw64");
--
2.3.3
2.15.1

15
dev-libs/openssl-bad/files/openssl-1.0.1p-default-source.patch → dev-libs/openssl-bad/files/patch/041_all_openssl-1.0.2-default-source.patch
View file

@ -1,20 +1,19 @@
https://bugs.gentoo.org/554338
https://rt.openssl.org/Ticket/Display.html?id=3934&user=guest&pass=guest
From 7c2e97f8bbae517496fdc11f475b4ae54b2534f5 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Fri, 10 Jul 2015 01:50:52 -0400
Subject: [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions
Subject: test: use _DEFAULT_SOURCE with newer glibc versions
The _BSD_SOURCE macro is replaced by the _DEFAULT_SOURCE macro. Using
just the former with newer versions leads to a build time warning, so
make sure to use the new macro too.
Bug: https://bugs.gentoo.org/554338
Upstream-Bug: https://rt.openssl.org/Ticket/Display.html?id=3934&user=guest&pass=guest
---
ssl/ssltest.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 26cf96c..b36f667 100644
index f6a8f19..97ef221 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -141,6 +141,7 @@
@ -23,8 +22,8 @@ index 26cf96c..b36f667 100644
/* Or gethostname won't be declared properly on Linux and GNU platforms. */
+#define _DEFAULT_SOURCE 1
#define _BSD_SOURCE 1
#define _DEFAULT_SOURCE 1
#include <assert.h>
--
2.4.4
2.15.1

25
dev-libs/openssl-bad/files/patch/042_all_openssl-1.0.2o-pc-no_kerberos_includes.patch Normal file
View file

@ -0,0 +1,25 @@
Don't include kerberos dir into pkgconfig files.
https://bugs.gentoo.org/401665
Thanks-to: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org>
--- a/Makefile.org
+++ b/Makefile.org
@@ -377,7 +377,7 @@
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
+ echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
@@ -391,7 +391,7 @@
echo 'Requires.private: libcrypto'; \
echo 'Libs: -L$${libdir} -lssl'; \
echo 'Libs.private: $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
+ echo 'Cflags: -I$${includedir}' ) > libssl.pc
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \

59
dev-libs/openssl-bad/files/patch/README.Gentoo.patches Normal file
View file

@ -0,0 +1,59 @@
================
=== W[hat]TF ===
================
Gentoo patchsets that have grown too large to keep on the rsync mirrors have
been moved to our cvs tree. From there, we bundle up all the whee little
patches into a tarball and distribute it via our public mirroring system.
If you want specific info about a patch (like wtf it does or whose great idea
it was to change the code), read the patch ! We try to fill out the top of
them with useful info such as what it does, why it's needed, bug reports,
original creators, etc... For simple patches, we reserve the right to assume
your IQ is greater than absolute 0 and figure out what it does w/out an
explanation. If, by some miracle of science, it falls below the absolute 0
mark, you should help mankind by finding some scientists and letting them
probe you with their ... erm ... probes.
=================
=== W[here]TF ===
=================
For those with CVS access, you want the 'src/patchsets' dir inside of the
'gentoo' cvs module.
For those w/out CVS access, this URL should help you:
http://sources.gentoo.org/gentoo/src/patchsets/
(you can also find anon cvs access there too)
It should be pretty easy to find your way around, you're a big boy after all.
===============
=== H[ow]TF ===
===============
The patch naming/applying convention might be a little confusing to the Gentoo
outsider, so here's a quick rundown. Patch tarballs are applied in Gentoo via
a helper command called "epatch". This command is pretty forgiving when it
comes to applying patches.
For example, it will autodetect the required -p# by starting at 0 and counting
up until things apply. So do not expect a patch series to all be at the same -p
level even if they all apply from the same source directory. Typically however,
people will use -p0 or -p1.
The epatch command will also use the -E option by default as the `patch` command
can be pretty picky about removing files. We just force the issue. If you
really need to empty out a file but leave it behind, people can use `touch` in
the ebuild.
The patch naming convention is part rigorous and part open ended. By default,
the patch should follow:
#_<arch>_<desc>.patch
The number field is to provide strict numerical ordering and has no limit (well,
except for your IMAGINATION). The <arch> field corresponds to the Gentoo arch
naming convention (so expect to see "amd64" instead of "x86_64"). If you see
"all" (which is how we strongly encourage people to manage things), then the
patch should be applied for all arches, and any arch-specific issues can then
be handled at build time (configure detection or something). The <desc> is a
free form field where people can stick whatever they want.

22
dev-libs/openssl-bad/files/patch/README.history Normal file
View file

@ -0,0 +1,22 @@
1.0 07 Dec 2017
+ 010_all_openssl-1.0.2-respect-ldflags.patch
+ 011_all_openssl-1.0.2-fix-parallel-build.patch
+ 012_all_openssl-1.0.2-fix-parallel-obj-headers.patch
+ 013_all_openssl-1.0.2-fix-parallel-install-dirs.patch
+ 014_all_openssl-1.0.2-fix-parallel-symlinking.patch
+ 030_all_openssl-1.0.2-add-ipv6-support-in-s-client-server.patch
+ 040_all_openssl-1.0.2-x32-asm.patch
+ 041_all_openssl-1.0.2-default-source.patch
1.1 27 Mar 2018
- 030_all_openssl-1.0.2-add-ipv6-support-in-s-client-server.patch
+ 030_all_openssl-1.0.2-add-ipv6-support-in-s-client-server-r1.patch
1.2 29 Mar 2018
+ 015_all_openssl-1.0.2-fix-parallel-install-dirs2.patch
1.3 17 Apr 2018
+ 099_all_openssl-1.0.2-CVE-2018-0737.patch
1.4 02 Jun 2018
+ 042_all_openssl-1.0.2o-pc-no_kerberos_includes.patch

188
dev-libs/openssl-bad/files/openssl-1.0.2i-parallel-build.patch → dev-libs/openssl-bad/files/patch/excluded/011_all_openssl-1.0.2-fix-parallel-build.patch
View file

@ -1,78 +1,8 @@
--- openssl-1.0.2i/crypto/Makefile
+++ openssl-1.0.2i/crypto/Makefile
@@ -85,11 +85,11 @@
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
subdirs:
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
- @target=files; $(RECURSIVE_MAKE)
+ +@target=files; $(RECURSIVE_MAKE)
links:
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
@@ -100,7 +100,7 @@
# lib: $(LIB): are splitted to avoid end-less loop
lib: $(LIB)
@touch lib
-$(LIB): $(LIBOBJ)
+$(LIB): $(LIBOBJ) | subdirs
$(AR) $(LIB) $(LIBOBJ)
test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
$(RANLIB) $(LIB) || echo Never mind.
@@ -111,7 +111,7 @@
fi
libs:
- @target=lib; $(RECURSIVE_MAKE)
+ +@target=lib; $(RECURSIVE_MAKE)
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@@ -120,7 +120,7 @@
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
lint:
@target=lint; $(RECURSIVE_MAKE)
--- openssl-1.0.2i/engines/Makefile
+++ openssl-1.0.2i/engines/Makefile
@@ -72,7 +72,7 @@
all: lib subdirs
-lib: $(LIBOBJ)
+lib: $(LIBOBJ) | subdirs
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
for l in $(LIBNAMES); do \
@@ -89,7 +89,7 @@
subdirs:
echo $(EDIRS)
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -128,7 +128,7 @@
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
done; \
fi
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
tags:
ctags $(SRC)
--- openssl-1.0.2i/Makefile.org
+++ openssl-1.0.2i/Makefile.org
@@ -281,17 +281,17 @@
diff --git a/Makefile.org b/Makefile.org
index 19ebd38535..1ba910c6e7 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -283,17 +283,17 @@ build_libcrypto: build_crypto build_engines libcrypto.pc
build_libssl: build_ssl libssl.pc
build_crypto:
@ -96,7 +26,7 @@
all_testapps: build_libs build_testapps
build_testapps:
@@ -547,7 +547,7 @@
@@ -557,7 +557,7 @@ install_sw:
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@ -105,9 +35,11 @@
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
do \
if [ -f "$$i" ]; then \
--- openssl-1.0.2i/Makefile.shared
+++ openssl-1.0.2i/Makefile.shared
@@ -105,6 +105,7 @@
diff --git a/Makefile.shared b/Makefile.shared
index 72c0144ead..9bbdc901c3 100644
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -105,6 +105,7 @@ LINK_SO= \
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
@ -115,7 +47,7 @@
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
@@ -122,6 +123,7 @@
@@ -122,6 +123,7 @@ SYMLINK_SO= \
done; \
fi; \
if [ -n "$$SHLIB_SOVER" ]; then \
@ -123,9 +55,87 @@
( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
fi; \
--- openssl-1.0.2i/test/Makefile
+++ openssl-1.0.2i/test/Makefile
@@ -144,7 +144,7 @@
diff --git a/crypto/Makefile b/crypto/Makefile
index ad1b9f018b..42e0e7e40a 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -85,11 +85,11 @@ testapps:
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
subdirs:
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
- @target=files; $(RECURSIVE_MAKE)
+ +@target=files; $(RECURSIVE_MAKE)
links:
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
@@ -100,7 +100,7 @@ links:
# lib: $(LIB): are splitted to avoid end-less loop
lib: $(LIB)
@touch lib
-$(LIB): $(LIBOBJ)
+$(LIB): $(LIBOBJ) | subdirs
$(AR) $(LIB) $(LIBOBJ)
test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
$(RANLIB) $(LIB) || echo Never mind.
@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs
fi
libs:
- @target=lib; $(RECURSIVE_MAKE)
+ +@target=lib; $(RECURSIVE_MAKE)
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@@ -120,7 +120,7 @@ install:
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
lint:
@target=lint; $(RECURSIVE_MAKE)
diff --git a/engines/Makefile b/engines/Makefile
index 2058ff405a..896cfbf9ae 100644
--- a/engines/Makefile
+++ b/engines/Makefile
@@ -72,7 +72,7 @@ top:
all: lib subdirs
-lib: $(LIBOBJ)
+lib: $(LIBOBJ) | subdirs
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
for l in $(LIBNAMES); do \
@@ -89,7 +89,7 @@ lib: $(LIBOBJ)
subdirs:
echo $(EDIRS)
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -128,7 +128,7 @@ install:
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
done; \
fi
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
tags:
ctags $(SRC)
diff --git a/test/Makefile b/test/Makefile
index 55a6b50799..5d951d4237 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -145,7 +145,7 @@ install:
tags:
ctags $(SRC)
@ -134,7 +144,7 @@
apps:
@(cd ..; $(MAKE) DIRS=apps all)
@@ -435,136 +435,136 @@
@@ -445,142 +445,142 @@ BUILD_CMD_STATIC=shlib_target=; \
link_app.$${shlib_target}
$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
@ -305,6 +315,14 @@
- @target=$(BADDTLSTEST) $(BUILD_CMD)
+ +@target=$(BADDTLSTEST) $(BUILD_CMD)
$(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
- @target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD)
+ +@target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD)
$(X509TIMETEST)$(EXE_EXT): $(X509TIMETEST).o
- @target=$(X509TIMETEST) $(BUILD_CMD)
+ +@target=$(X509TIMETEST) $(BUILD_CMD)
$(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
- @target=$(SSLV2CONFTEST) $(BUILD_CMD)
+ +@target=$(SSLV2CONFTEST) $(BUILD_CMD)
@ -315,7 +333,7 @@
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
@@ -577,7 +577,7 @@
@@ -593,7 +593,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
# fi
dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)

208
dev-libs/openssl-bad/files/openssl-1.0.2-ipv6.patch → dev-libs/openssl-bad/files/patch/excluded/030_all_openssl-1.0.2-add-ipv6-support-in-s-client-server-r1.patch
View file

@ -1,17 +1,17 @@
http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
--- openssl-1.0.2/apps/s_apps.h
+++ openssl-1.0.2/apps/s_apps.h
@@ -154,7 +154,7 @@
diff --git a/apps/s_apps.h b/apps/s_apps.h
index cbb61baf77..d31050f89e 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -153,7 +153,7 @@ typedef fd_mask fd_set;
int do_server(int port, int type, int *ret,
int (*cb) (char *hostname, int s, int stype,
unsigned char *context), unsigned char *context,
- int naccept);
+ int naccept, int use_ipv4, int use_ipv6);
int (*cb) (int s, int stype, unsigned char *context),
- unsigned char *context, int naccept);
+ unsigned char *context, int naccept, int use_ipv4, int use_ipv6);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
@@ -167,7 +167,8 @@
@@ -166,7 +166,8 @@ int ssl_print_point_formats(BIO *out, SSL *s);
int ssl_print_curves(BIO *out, SSL *s, int noshared);
#endif
int ssl_print_tmp_key(BIO *out, SSL *s);
@ -21,9 +21,11 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
int should_retry(int i);
int extract_port(char *str, short *port_ptr);
int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
--- openssl-1.0.2/apps/s_client.c
+++ openssl-1.0.2/apps/s_client.c
@@ -302,6 +302,10 @@
diff --git a/apps/s_client.c b/apps/s_client.c
index b455d9012d..893698dc9d 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -299,6 +299,10 @@ static void sc_usage(void)
{
BIO_printf(bio_err, "usage: s_client args\n");
BIO_printf(bio_err, "\n");
@ -34,7 +36,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
BIO_printf(bio_err, " -host host - use -connect instead\n");
BIO_printf(bio_err, " -port port - use -connect instead\n");
BIO_printf(bio_err,
@@ -658,6 +662,7 @@
@@ -669,6 +673,7 @@ int MAIN(int argc, char **argv)
int sbuf_len, sbuf_off;
fd_set readfds, writefds;
short port = PORT;
@ -42,7 +44,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
int full_log = 1;
char *host = SSL_HOST_NAME;
char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
@@ -709,7 +714,11 @@
@@ -720,7 +725,11 @@ int MAIN(int argc, char **argv)
#endif
char *sess_in = NULL;
char *sess_out = NULL;
@ -55,7 +57,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
int peerlen = sizeof(peer);
int fallback_scsv = 0;
int enable_timeouts = 0;
@@ -737,6 +746,12 @@
@@ -749,6 +758,12 @@ int MAIN(int argc, char **argv)
meth = SSLv23_client_method();
@ -68,10 +70,11 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
apps_startup();
c_Pause = 0;
c_quiet = 0;
@@ -1096,6 +1111,16 @@
@@ -1119,6 +1134,16 @@ int MAIN(int argc, char **argv)
goto bad;
jpake_secret = *++argv;
}
#endif
+#endif
+ else if (strcmp(*argv,"-4") == 0) {
+ use_ipv4 = 1;
+ use_ipv6 = 0;
@ -81,11 +84,10 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
+ use_ipv4 = 0;
+ use_ipv6 = 1;
+ }
+#endif
#endif
#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv, "-use_srtp") == 0) {
if (--argc < 1)
@@ -1421,7 +1446,7 @@
@@ -1449,7 +1474,7 @@ int MAIN(int argc, char **argv)
re_start:
@ -94,7 +96,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
SHUTDOWN(s);
goto end;
@@ -1444,7 +1469,7 @@
@@ -1472,7 +1497,7 @@ int MAIN(int argc, char **argv)
if (socket_type == SOCK_DGRAM) {
sbio = BIO_new_dgram(s, BIO_NOCLOSE);
@ -103,20 +105,22 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
BIO_printf(bio_err, "getsockname:errno=%d\n",
get_last_socket_error());
SHUTDOWN(s);
--- openssl-1.0.2/apps/s_server.c
+++ openssl-1.0.2/apps/s_server.c
@@ -643,6 +643,10 @@
diff --git a/apps/s_server.c b/apps/s_server.c
index ce7a1d64b6..19956815f1 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -663,6 +663,10 @@ static void sv_usage(void)
# endif
BIO_printf(bio_err,
" -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n");
#endif
+#endif
+ BIO_printf(bio_err, " -4 - use IPv4 only\n");
+#if OPENSSL_USE_IPV6
+ BIO_printf(bio_err, " -6 - use IPv6 only\n");
+#endif
#endif
BIO_printf(bio_err,
" -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err,
@@ -1070,6 +1074,7 @@
@@ -1098,6 +1102,7 @@ int MAIN(int argc, char *argv[])
int state = 0;
const SSL_METHOD *meth = NULL;
int socket_type = SOCK_STREAM;
@ -124,7 +128,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
ENGINE *e = NULL;
char *inrand = NULL;
int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
@@ -1111,6 +1116,12 @@
@@ -1140,6 +1145,12 @@ int MAIN(int argc, char *argv[])
meth = SSLv23_server_method();
@ -137,10 +141,11 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
local_argc = argc;
local_argv = argv;
@@ -1503,6 +1514,16 @@
@@ -1548,6 +1559,16 @@ int MAIN(int argc, char *argv[])
goto bad;
jpake_secret = *(++argv);
}
#endif
+#endif
+ else if (strcmp(*argv,"-4") == 0) {
+ use_ipv4 = 1;
+ use_ipv6 = 0;
@ -150,11 +155,10 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
+ use_ipv4 = 0;
+ use_ipv6 = 1;
+ }
+#endif
#endif
#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv, "-use_srtp") == 0) {
if (--argc < 1)
@@ -2023,13 +2044,13 @@
@@ -2070,13 +2091,13 @@ int MAIN(int argc, char *argv[])
(void)BIO_flush(bio_s_out);
if (rev)
do_server(port, socket_type, &accept_socket, rev_body, context,
@ -171,9 +175,11 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
print_stats(bio_s_out, ctx);
ret = 0;
end:
--- openssl-1.0.2/apps/s_socket.c
+++ openssl-1.0.2/apps/s_socket.c
@@ -101,16 +101,16 @@
diff --git a/apps/s_socket.c b/apps/s_socket.c
index b3848dd156..941ff30af3 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -101,16 +101,16 @@ typedef unsigned int u_int;
# include "netdb.h"
# endif
@ -186,16 +192,16 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
-static int init_server(int *sock, int port, int type);
-static int init_server_long(int *sock, int port, char *ip, int type);
+static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain);
+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain);
+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6);
static int do_accept(int acc_sock, int *sock, char **host);
static int do_accept(int acc_sock, int *sock);
-static int host_ip(char *str, unsigned char ip[4]);
+static int host_ip(char *str, unsigned char *ip, int domain);
+static int host_ip(char *str, unsigned char ip[4], int domain);
# ifdef OPENSSL_SYS_WIN16
# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
@@ -231,38 +231,68 @@
@@ -231,38 +231,69 @@ static int ssl_sock_init(void)
return (1);
}
@ -208,15 +214,10 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
unsigned char ip[4];
+# endif
- memset(ip, '\0', sizeof ip);
memset(ip, '\0', sizeof(ip));
- if (!host_ip(host, &(ip[0])))
- return 0;
- return init_client_ip(sock, ip, port, type);
-}
-
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
-{
- unsigned long addr;
+ if (use_ipv4)
+ if (host_ip(host, ip, AF_INET))
+ return(init_client_ip(sock, ip, port, type, AF_INET));
@ -226,10 +227,12 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
+ return(init_client_ip(sock, ip, port, type, AF_INET6));
+# endif
+ return 0;
+}
+
}
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
+{
{
- unsigned long addr;
+# if OPENSSL_USE_IPV6
+ struct sockaddr_storage them;
+ struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
@ -283,7 +286,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
if (s == INVALID_SOCKET) {
perror("socket");
@@ -280,7 +310,7 @@
@@ -280,7 +311,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
}
# endif
@ -292,15 +295,14 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
closesocket(s);
perror("connect");
return (0);
@@ -292,14 +322,14 @@
@@ -291,13 +322,13 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
int do_server(int port, int type, int *ret,
int (*cb) (char *hostname, int s, int stype,
unsigned char *context), unsigned char *context,
- int naccept)
+ int naccept, int use_ipv4, int use_ipv6)
int (*cb) (int s, int stype, unsigned char *context),
- unsigned char *context, int naccept)
+ unsigned char *context, int naccept, int use_ipv4, int use_ipv6)
{
int sock;
char *name = NULL;
int accept_socket = 0;
int i;
@ -309,7 +311,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
return (0);
if (ret != NULL) {
@@ -328,32 +358,41 @@
@@ -324,32 +355,41 @@ int do_server(int port, int type, int *ret,
}
}
@ -366,8 +368,8 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
if (s == INVALID_SOCKET)
goto err;
@@ -363,7 +402,42 @@
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
@@ -359,7 +399,42 @@ static int init_server_long(int *sock, int port, char *ip, int type)
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j));
}
# endif
- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
@ -410,7 +412,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
# ifndef OPENSSL_SYS_WINDOWS
perror("bind");
# endif
@@ -381,16 +455,23 @@
@@ -377,9 +452,9 @@ static int init_server_long(int *sock, int port, char *ip, int type)
return (ret);
}
@ -421,80 +423,8 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
+ return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
}
static int do_accept(int acc_sock, int *sock, char **host)
{
int ret;
struct hostent *h1, *h2;
- static struct sockaddr_in from;
+#if OPENSSL_USE_IPV6
+ struct sockaddr_storage from;
+ struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
+ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
+#else
+ struct sockaddr_in from;
+ struct sockaddr_in *from_in = &from;
+#endif
int len;
/* struct linger ling; */
@@ -440,14 +521,25 @@
if (host == NULL)
goto end;
+# if OPENSSL_USE_IPV6
+ if (from.ss_family == AF_INET)
+# else
+ if (from.sin_family == AF_INET)
+# endif
# ifndef BIT_FIELD_LIMITS
- /* I should use WSAAsyncGetHostByName() under windows */
- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
- sizeof(from.sin_addr.s_addr), AF_INET);
+ /* I should use WSAAsyncGetHostByName() under windows */
+ h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr,
+ sizeof(from_in->sin_addr.s_addr), AF_INET);
# else
- h1 = gethostbyaddr((char *)&from.sin_addr,
- sizeof(struct in_addr), AF_INET);
+ h1 = gethostbyaddr((char *)&from_in->sin_addr,
+ sizeof(struct in_addr), AF_INET);
+# endif
+# if OPENSSL_USE_IPV6
+ else
+ h1 = gethostbyaddr((char *)&from_in6->sin6_addr,
+ sizeof(struct in6_addr), AF_INET6);
# endif
+
if (h1 == NULL) {
BIO_printf(bio_err, "bad gethostbyaddr\n");
*host = NULL;
@@ -460,14 +552,22 @@
}
BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
- h2 = GetHostByName(*host);
+# if OPENSSL_USE_IPV6
+ h2=GetHostByName(*host, from.ss_family);
+# else
+ h2=GetHostByName(*host, from.sin_family);
+# endif
if (h2 == NULL) {
BIO_printf(bio_err, "gethostbyname failure\n");
closesocket(ret);
return (0);
}
- if (h2->h_addrtype != AF_INET) {
- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
+# if OPENSSL_USE_IPV6
+ if (h2->h_addrtype != from.ss_family) {
+# else
+ if (h2->h_addrtype != from.sin_family) {
+# endif
+ BIO_printf(bio_err, "gethostbyname addr is not correct\n");
closesocket(ret);
return (0);
}
@@ -483,14 +583,14 @@
static int do_accept(int acc_sock, int *sock)
@@ -428,14 +503,14 @@ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
char *h, *p;
h = str;
@ -511,7 +441,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
goto err;
if (host_ptr != NULL)
*host_ptr = h;
@@ -502,44 +602,51 @@
@@ -447,44 +522,51 @@ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
return (0);
}
@ -579,7 +509,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
err:
return (0);
}
@@ -573,7 +680,7 @@
@@ -518,7 +600,7 @@ static struct ghbn_cache_st {
static unsigned long ghbn_hits = 0L;
static unsigned long ghbn_miss = 0L;
@ -588,7 +518,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
{
struct hostent *ret;
int i, lowi = 0;
@@ -585,13 +692,18 @@
@@ -530,13 +612,18 @@ static struct hostent *GetHostByName(char *name)
lowi = i;
}
if (ghbn_cache[i].order > 0) {

35
dev-libs/openssl-bad/files/patch/excluded/099_all_openssl-1.0.2p-revert-osx-makedepend.patch Normal file
View file

@ -0,0 +1,35 @@
diff --git a/Configure b/Configure
index c7066dc97c..01d07074de 100755
--- a/Configure
+++ b/Configure
@@ -1672,13 +1672,6 @@ while (<PIPE>) {
}
close(PIPE);
-# Xcode did not handle $cc -M before clang support
-my $cc_as_makedepend = 0;
-if ($predefined{__GNUC__} >= 3 && !(defined($predefined{__APPLE_CC__})
- && !defined($predefined{__clang__}))) {
- $cc_as_makedepend = 1;
-}
-
if ($strict_warnings)
{
my $wopt;
@@ -1738,14 +1731,14 @@ while (<IN>)
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc_as_makedepend;
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3;
}
else {
s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^RC=.*/RC= $windres/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc_as_makedepend;
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3;
}
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG=$depflags/;

214
dev-libs/openssl-bad/openssl-bad-1.0.2_p20220901-r1.ebuild
View file

@ -1,214 +0,0 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit flag-o-matic toolchain-funcs multilib-minimal
DESCRIPTION="Snapshot for testssl.sh >2.8 from PM's fork, ready to compile"
HOMEPAGE="https://github.com/drwetter/openssl-1.0.2.bad"
#EGIT_BRANCH="1.0.2-chacha"
MY_COMMIT="698be5f5b6d0d150fb45182824864016389f1868"
SRC_URI="https://github.com/drwetter/openssl-1.0.2.bad/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}/openssl-1.0.2.bad-${MY_COMMIT}"
LICENSE="openssl"
SLOT="0"
#KEYWORDS="alpha amd64 arm arm64 hppa m68k ~mips ppc ppc64 sparc x86 ~arm-linux ~x86-linux"
IUSE="+asm bindist gmp +kerberos rfc3779 sctp cpu_flags_x86_sse2 +sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
RESTRICT="!bindist? ( bindist )
!test? ( test )"
RDEPEND=">=app-misc/c_rehash-1.7-r1
gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
DEPEND="${RDEPEND}
>=dev-lang/perl-5
sctp? ( >=net-misc/lksctp-tools-1.0.12 )
test? (
sys-apps/diffutils
sys-devel/bc
)"
PDEPEND="app-misc/ca-certificates"
MULTILIB_WRAPPED_HEADERS=(
usr/include/openssl/opensslconf.h
)
src_prepare() {
# keep this in sync with app-misc/c_rehash
SSL_CNF_DIR="/etc/ssl"
# Make sure we only ever touch Makefile.org and avoid patching a file
# that gets blown away anyways by the Configure script in src_configure
rm -f Makefile
if ! use vanilla ; then
eapply "${FILESDIR}"/openssl-1.0.0a-ldflags.patch #327421
# eapply "${FILESDIR}"/openssl-1.0.2i-parallel-build.patch
eapply "${FILESDIR}"/openssl-1.0.2a-parallel-obj-headers.patch
eapply "${FILESDIR}"/openssl-1.0.2a-parallel-install-dirs.patch
eapply "${FILESDIR}"/openssl-1.0.2a-parallel-symlinking.patch #545028
# eapply "${FILESDIR}"/openssl-1.0.2-ipv6.patch
eapply "${FILESDIR}"/openssl-1.0.2a-x32-asm.patch #542618
eapply "${FILESDIR}"/openssl-1.0.1p-default-source.patch #554338
fi
eapply_user
# disable fips in the build
# make sure the man pages are suffixed #302165
# don't bother building man pages if they're disabled
sed -i \
-e '/^MANSUFFIX/s:=.*:=ssl:' \
-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-e $(has noman FEATURES \
&& echo '/^install:/s:install_docs::' \
|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
Makefile.org \
|| die
# show the actual commands in the log
sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
# since we're forcing $(CC) as makedep anyway, just fix
# the conditional as always-on
# helps clang (#417795), and versioned gcc (#499818)
# this breaks build with 1.0.2p, not sure if it is needed anymore
#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
# quiet out unknown driver argument warnings since openssl
# doesn't have well-split CFLAGS and we're making it even worse
# and 'make depend' uses -Werror for added fun (#417795 again)
[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
# allow openssl to be cross-compiled
cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
chmod a+rx gentoo.config || die
append-flags -fno-strict-aliasing
append-flags $(test-flags-CC -Wa,--noexecstack)
append-cppflags -DOPENSSL_NO_BUF_FREELISTS
sed -i '1s,^:$,#!'"${EPREFIX}"'/usr/bin/perl,' Configure #141906
# The config script does stupid stuff to prompt the user. Kill it.
sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
./config --test-sanity || die "I AM NOT SANE"
multilib_copy_sources
}
multilib_src_configure() {
unset APPS #197996
unset SCRIPTS #312551
unset CROSS_COMPILE #311473
tc-export CC AR RANLIB RC
# Clean out patent-or-otherwise-encumbered code
# Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
# IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
# EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
# MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
# RC5: Expired https://en.wikipedia.org/wiki/RC5
use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
echoit() { echo "$@" ; "$@" ; }
local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
# See if our toolchain supports __uint128_t. If so, it's 64bit
# friendly and can use the nicely optimized code paths. #460790
local ec_nistp_64_gcc_128
# Disable it for now though #469976
#if ! use bindist ; then
# echo "__uint128_t i;" > "${T}"/128.c
# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
# ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
# fi
#fi
# https://github.com/openssl/openssl/issues/2286
# if use ia64 ; then
# replace-flags -g3 -g2
# replace-flags -ggdb3 -ggdb2
# fi
local sslout=$(./gentoo.config)
einfo "Use configuration ${sslout:-(openssl knows best)}"
local config="Configure"
[[ -z ${sslout} ]] && config="config"
STDOPTIONS="--prefix=/usr/ --openssldir=/etc/ssl -DOPENSSL_USE_BUILD_DATE enable-zlib \
enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc5 enable-rc2 \
enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake"
# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
echoit \
./${config} \
${sslout} \
$(use cpu_flags_x86_sse2 || echo "no-sse2") \
enable-camellia \
enable-ec \
$(use_ssl !bindist ec2m) \
$(use_ssl !bindist srp) \
${ec_nistp_64_gcc_128} \
enable-idea \
enable-mdc2 \
enable-rc5 \
enable-tlsext \
enable-cast \
enable-ripemd \
$(use_ssl asm) \
$(use_ssl gmp gmp -lgmp) \
$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
$(use_ssl rfc3779) \
$(use_ssl sctp) \
$(use_ssl sslv2 ssl2) \
$(use_ssl sslv3 ssl3) \
$(use_ssl tls-heartbeat heartbeats) \
$(use_ssl zlib) \
--prefix="${EPREFIX}"/usr \
--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
--libdir=$(get_libdir) \
-static threads $STDOPTIONS \
|| die
# Clean out hardcoded flags that openssl uses
local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-e 's:^CFLAG=::' \
-e 's:-fomit-frame-pointer ::g' \
-e 's:-O[0-9] ::g' \
-e 's:-march=[-a-z0-9]* ::g' \
-e 's:-mcpu=[-a-z0-9]* ::g' \
-e 's:-m[a-z0-9]* ::g' \
)
sed -i \
-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
Makefile || die
einfo "config is completed ==========="
#why is this run in src_configure and src_compile?
emake -j1 depend
}
multilib_src_compile() {
# depend is needed to use $confopts; it also doesn't matter
# that it's -j1 as the code itself serializes subdirs
emake -j1 V=1 depend
emake all
# rehash is needed to prep the certs/ dir; do this
# separately to avoid parallel build issues.
#emake rehash
}
multilib_src_test() {
emake -j1 test
}
multilib_src_install() {
newbin apps/openssl openssl-bad
}

146
dev-libs/openssl-bad/openssl-bad-1.0.2_p20220901-r2.ebuild → dev-libs/openssl-bad/openssl-bad-1.0.2_p20250104.ebuild
View file

@ -1,6 +1,8 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# openssl-compat as a templated
EAPI=8
inherit flag-o-matic toolchain-funcs multilib-minimal
@ -10,7 +12,7 @@ inherit flag-o-matic toolchain-funcs multilib-minimal
# Please use 1.7 version number when rolling a new tarball!
PATCH_SET="openssl-1.0.2-patches-1.5"
MY_P=${P/_/-}
#MY_P=openssl-bad-${PV/_/-}
# This patch set is based on the following files from Fedora 25,
# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
@ -22,36 +24,29 @@ MY_P=${P/_/-}
BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
HOMEPAGE="https://openssl-library.org/"
#SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
# bindist? (
# mirror://gentoo/bb/${BINDIST_PATCH_SET}
# )
# !vanilla? (
# https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
# )"
HOMEPAGE="https://github.com/testssl/openssl-1.0.2.bad"
MY_COMMIT="a9c866be14959b8b213a66ee47736be16db968fd"
SRC_URI="https://github.com/drwetter/openssl-1.0.2.bad/archive/${MY_COMMIT}.tar.gz -> ${P}.gh.tar.gz
mirror://gentoo/ec/openssl-compat-1.0.2u-versioned-symbols.patch.gz
"
# https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
#http://distfiles.gentoo.org/distfiles/b0/openssl-1.0.2u.tar.gz
#https://artfiles.org/openssl.org/source/openssl-1.0.2u.tar.gz
#https://www.mirrorservice.org/sites/ftp.openssl.org/source/openssl-1.0.2u.tar.gz
#https://www.openssl.org/source/openssl-1.0.2u.tar.gz
#http://distfiles.gentoo.org/distfiles/b0/openssl-1.0.2-patches-1.5.tar.xz
#https://dev.gentoo.org/~chutzpah/dist/openssl/openssl-1.0.2-patches-1.5.tar.xz
S="${WORKDIR}/${MY_P}"
S="${WORKDIR}/openssl-1.0.2.bad-${MY_COMMIT}"
LICENSE="openssl"
SLOT="0"
SLOT="1.0.2"
#WIP: convert to openssl-bad if possible
#KEYWORDS="~alpha amd64 arm arm64 hppa ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux ~arm64-macos"
IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test tls-compression +tls-heartbeat vanilla"
RESTRICT="!bindist? ( bindist )
!test? ( test )"
#KEYWORDS="~alpha amd64 arm arm64 ~hppa ~m68k ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux"
IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla tls-compression"
RDEPEND=">=app-misc/c_rehash-1.7-r1
gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
RESTRICT="!bindist? ( bindist )
test"
RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
!=dev-libs/openssl-1.0.2*:0
!dev-libs/openssl:1.0.0"
DEPEND="${RDEPEND}"
BDEPEND="
>=dev-lang/perl-5
@ -60,13 +55,17 @@ BDEPEND="
sys-apps/diffutils
app-alternatives/bc
)"
PDEPEND="app-misc/ca-certificates"
# Do not install any docs
DOCS=()
MULTILIB_WRAPPED_HEADERS=(
usr/include/openssl/opensslconf.h
)
src_prepare() {
#mv "${WORKDIR}"/openssl-compat-1.0.2u-versioned-symbols.patch "${WORKDIR}"/patch || die
if use bindist; then
mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
bash "${WORKDIR}"/hobble-openssl || die
@ -90,7 +89,7 @@ src_prepare() {
rm -f Makefile
if ! use vanilla ; then
eapply "${WORKDIR}"/patch/*.patch
eapply "${FILESDIR}"/patch/*.patch
fi
eapply_user
@ -157,15 +156,14 @@ multilib_src_configure() {
local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
# See if our toolchain supports __uint128_t. If so, it's 64bit
# friendly and can use the nicely optimized code paths, bug #460790.
#local ec_nistp_64_gcc_128
#
# Disable it for now though (bug #469976)
# Do NOT re-enable without substantial discussion first!
#
#echo "__uint128_t i;" > "${T}"/128.c
#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
# ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
# friendly and can use the nicely optimized code paths. #460790
local ec_nistp_64_gcc_128
# Disable it for now though #469976
#if ! use bindist ; then
# echo "__uint128_t i;" > "${T}"/128.c
# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
# ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
# fi
#fi
local sslout=$(./gentoo.config)
@ -196,8 +194,8 @@ multilib_src_configure() {
$(use_ssl sctp) \
$(use_ssl sslv2 ssl2) \
$(use_ssl sslv3 ssl3) \
$(use_ssl tls-compression zlib) \
$(use_ssl tls-heartbeat heartbeats) \
$(use_ssl tls-compression zlib) \
--prefix="${EPREFIX}"/usr \
--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
--libdir=$(get_libdir) \
@ -229,10 +227,7 @@ multilib_src_compile() {
# depend is needed to use $confopts; it also doesn't matter
# that it's -j1 as the code itself serializes subdirs
emake -j1 V=1 depend
emake all
# rehash is needed to prep the certs/ dir; do this
# separately to avoid parallel build issues.
emake rehash
emake build_libs
}
multilib_src_test() {
@ -240,72 +235,5 @@ multilib_src_test() {
}
multilib_src_install() {
# We need to create $ED/usr on our own to avoid a race condition #665130
if [[ ! -d "${ED}/usr" ]]; then
# We can only create this directory once
mkdir "${ED}"/usr || die
fi
# Only -j1 is supported for the install targets:
# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
emake INSTALL_PREFIX="${D}" -j1 install
# This is crappy in that the static archives are still built even
# when USE=static-libs. But this is due to a failing in the openssl
# build system: the static archives are built as PIC all the time.
# Only way around this would be to manually configure+compile openssl
# twice; once with shared lib support enabled and once without.
if ! use static-libs; then
rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
fi
}
multilib_src_install_all() {
# openssl installs perl version of c_rehash by default, but
# we provide a shell version via app-misc/c_rehash
rm "${ED}"/usr/bin/c_rehash || die
local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
einstalldocs
use rfc3779 && dodoc engines/ccgost/README.gost
# create the certs directory
dodir ${SSL_CNF_DIR}/certs
cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
# Namespace openssl programs to prevent conflicts with other man pages
cd "${ED}"/usr/share/man
local m d s
for m in $(find . -type f | xargs grep -L '#include') ; do
d=${m%/*} ; d=${d#./} ; m=${m##*/}
[[ ${m} == openssl.1* ]] && continue
[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
mv ${d}/{,ssl-}${m}
# fix up references to renamed man pages
sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
ln -s ssl-${m} ${d}/openssl-${m}
# locate any symlinks that point to this man page ... we assume
# that any broken links are due to the above renaming
for s in $(find -L ${d} -type l) ; do
s=${s##*/}
rm -f ${d}/${s}
ln -s ssl-${m} ${d}/ssl-${s}
ln -s ssl-${s} ${d}/openssl-${s}
done
done
[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
dodir /etc/sandbox.d #254521
echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
diropts -m0700
keepdir ${SSL_CNF_DIR}/private
}
pkg_postinst() {
ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
eend $?
dolib.so lib{crypto,ssl}.so.${SLOT}
}