From e3b1cf744af596d3408f4fa4010ead3b5971250b Mon Sep 17 00:00:00 2001 From: Anton Bolshakov Date: Sun, 19 Jan 2025 00:03:45 +0800 Subject: [PATCH] openssl-bad-1.0.2_p20250104.ebuild --- dev-libs/openssl-bad/Manifest | 3 +- ...0_all_openssl-1.0.2-respect-ldflags.patch} | 27 ++- ...nssl-1.0.2-fix-parallel-obj-headers.patch} | 13 +- ...ssl-1.0.2-fix-parallel-install-dirs.patch} | 25 +- ...enssl-1.0.2-fix-parallel-symlinking.patch} | 36 ++- ...ssl-1.0.2-fix-parallel-install-dirs2.patch | 42 ++++ .../040_all_openssl-1.0.2-x32-asm.patch} | 22 +- ...41_all_openssl-1.0.2-default-source.patch} | 15 +- ...enssl-1.0.2o-pc-no_kerberos_includes.patch | 25 ++ .../files/patch/README.Gentoo.patches | 59 +++++ .../openssl-bad/files/patch/README.history | 22 ++ ...ll_openssl-1.0.2-fix-parallel-build.patch} | 188 ++++++++------- ...-ipv6-support-in-s-client-server-r1.patch} | 208 ++++++----------- ...openssl-1.0.2p-revert-osx-makedepend.patch | 35 +++ .../openssl-bad-1.0.2_p20220901-r1.ebuild | 214 ------------------ ...ild => openssl-bad-1.0.2_p20250104.ebuild} | 146 +++--------- 16 files changed, 466 insertions(+), 614 deletions(-) rename dev-libs/openssl-bad/files/{openssl-1.0.0a-ldflags.patch => patch/010_all_openssl-1.0.2-respect-ldflags.patch} (57%) rename dev-libs/openssl-bad/files/{openssl-1.0.2a-parallel-obj-headers.patch => patch/012_all_openssl-1.0.2-fix-parallel-obj-headers.patch} (81%) rename dev-libs/openssl-bad/files/{openssl-1.0.2a-parallel-install-dirs.patch => patch/013_all_openssl-1.0.2-fix-parallel-install-dirs.patch} (77%) rename dev-libs/openssl-bad/files/{openssl-1.0.2a-parallel-symlinking.patch => patch/014_all_openssl-1.0.2-fix-parallel-symlinking.patch} (71%) create mode 100644 dev-libs/openssl-bad/files/patch/015_all_openssl-1.0.2-fix-parallel-install-dirs2.patch rename dev-libs/openssl-bad/files/{openssl-1.0.2a-x32-asm.patch => patch/040_all_openssl-1.0.2-x32-asm.patch} (72%) rename dev-libs/openssl-bad/files/{openssl-1.0.1p-default-source.patch => patch/041_all_openssl-1.0.2-default-source.patch} (65%) create mode 100644 dev-libs/openssl-bad/files/patch/042_all_openssl-1.0.2o-pc-no_kerberos_includes.patch create mode 100644 dev-libs/openssl-bad/files/patch/README.Gentoo.patches create mode 100644 dev-libs/openssl-bad/files/patch/README.history rename dev-libs/openssl-bad/files/{openssl-1.0.2i-parallel-build.patch => patch/excluded/011_all_openssl-1.0.2-fix-parallel-build.patch} (86%) rename dev-libs/openssl-bad/files/{openssl-1.0.2-ipv6.patch => patch/excluded/030_all_openssl-1.0.2-add-ipv6-support-in-s-client-server-r1.patch} (78%) create mode 100644 dev-libs/openssl-bad/files/patch/excluded/099_all_openssl-1.0.2p-revert-osx-makedepend.patch delete mode 100644 dev-libs/openssl-bad/openssl-bad-1.0.2_p20220901-r1.ebuild rename dev-libs/openssl-bad/{openssl-bad-1.0.2_p20220901-r2.ebuild => openssl-bad-1.0.2_p20250104.ebuild} (60%) diff --git a/dev-libs/openssl-bad/Manifest b/dev-libs/openssl-bad/Manifest index 3677c9cdb..1fa9d27e7 100644 --- a/dev-libs/openssl-bad/Manifest +++ b/dev-libs/openssl-bad/Manifest @@ -1 +1,2 @@ -DIST openssl-bad-1.0.2_p20220901.tar.gz 5530282 BLAKE2B 4e5311392596e40f491e36dbb79d41b20c7fc55d11396a828af23e76eb436e4eb5395cc5285f10dc14dab0be732db0eefe80beba15ecbec814da310526ce9285 SHA512 41b4e3d48e5ad090466ca90b4c6b1be1b166cd2978011f65b67502ca1b9fd0130796cc0d8c87908f0eaf342c9a1fb29f7c9f84c6f1fded8d2999099c12c227ed +DIST openssl-bad-1.0.2_p20250104.gh.tar.gz 5529207 BLAKE2B 8187086c1b566da364ffbb7d39816750445328d33a7c93d21a62219191e2de4ab3c4fa85493d421de36ef802dff540b567a22c47e0a8a176847fcdbca13cfa92 SHA512 ceaf16082f8e14bd24c6910c8d8a5f48361f02d9f9a5a471b456a91e06fabc08c81ffe71a4c5605fa9f62e927fd66626268ae49e8eb4bc5b72ae14361305934c +DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9 diff --git a/dev-libs/openssl-bad/files/openssl-1.0.0a-ldflags.patch b/dev-libs/openssl-bad/files/patch/010_all_openssl-1.0.2-respect-ldflags.patch similarity index 57% rename from dev-libs/openssl-bad/files/openssl-1.0.0a-ldflags.patch rename to dev-libs/openssl-bad/files/patch/010_all_openssl-1.0.2-respect-ldflags.patch index ca1dbf376..8edf39006 100644 --- a/dev-libs/openssl-bad/files/openssl-1.0.0a-ldflags.patch +++ b/dev-libs/openssl-bad/files/patch/010_all_openssl-1.0.2-respect-ldflags.patch @@ -1,14 +1,22 @@ -http://bugs.gentoo.org/181438 -http://bugs.gentoo.org/327421 -https://rt.openssl.org/Ticket/Display.html?id=3331&user=guest&pass=guest - -make sure we respect LDFLAGS +From: Mike Frysinger +Date: Sun, 27 Apr 2014 11:04:20 +0200 +Subject: make sure we respect LDFLAGS also make sure we don't add useless -rpath flags to the system libdir +Bug: http://bugs.gentoo.org/181438 +Bug: http://bugs.gentoo.org/327421 +Upstream-Bug: https://rt.openssl.org/Ticket/Display.html?id=3331&user=guest&pass=guest +--- + Makefile.org | 1 + + Makefile.shared | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/Makefile.org b/Makefile.org +index f51f0a7..19ebd38 100644 --- a/Makefile.org +++ b/Makefile.org -@@ -189,6 +189,7 @@ +@@ -220,6 +220,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\ MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \ DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \ MAKEDEPPROG='$(MAKEDEPPROG)' \ @@ -16,9 +24,11 @@ also make sure we don't add useless -rpath flags to the system libdir SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \ KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \ ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \ +diff --git a/Makefile.shared b/Makefile.shared +index e8d222a..72c0144 100644 --- a/Makefile.shared +++ b/Makefile.shared -@@ -153,7 +153,7 @@ +@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" @@ -27,3 +37,6 @@ also make sure we don't add useless -rpath flags to the system libdir #This is rather special. It's a special target with which one can link #applications without bothering with any features that have anything to +-- +2.15.1 + diff --git a/dev-libs/openssl-bad/files/openssl-1.0.2a-parallel-obj-headers.patch b/dev-libs/openssl-bad/files/patch/012_all_openssl-1.0.2-fix-parallel-obj-headers.patch similarity index 81% rename from dev-libs/openssl-bad/files/openssl-1.0.2a-parallel-obj-headers.patch rename to dev-libs/openssl-bad/files/patch/012_all_openssl-1.0.2-fix-parallel-obj-headers.patch index a7d6f4eff..d4a54ca5f 100644 --- a/dev-libs/openssl-bad/files/openssl-1.0.2a-parallel-obj-headers.patch +++ b/dev-libs/openssl-bad/files/patch/012_all_openssl-1.0.2-fix-parallel-obj-headers.patch @@ -1,23 +1,22 @@ -https://rt.openssl.org/Ticket/Display.html?id=3737&user=guest&pass=guest - -From ce279d4361e07e9af9ceca8a6e326e661758ad53 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Sun, 8 Mar 2015 01:34:48 -0500 -Subject: [PATCH] fix parallel generation of obj headers +Subject: fix parallel generation of obj headers The current code has dummy sleep/touch commands to try and work around the parallel issue, but that is obviously racy. Instead lets force one of the files to depend on the other so we know they'll never run in parallel. + +Upstream-Bug: https://rt.openssl.org/Ticket/Display.html?id=3737&user=guest&pass=guest --- crypto/objects/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile -index ad2db1e..7d32504 100644 +index f93d2f9..383c5bc 100644 --- a/crypto/objects/Makefile +++ b/crypto/objects/Makefile -@@ -44,11 +44,11 @@ +@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h # objects.pl both reads and writes obj_mac.num obj_mac.h: objects.pl objects.txt obj_mac.num $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h @@ -33,5 +32,5 @@ index ad2db1e..7d32504 100644 files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -- -2.3.4 +2.15.1 diff --git a/dev-libs/openssl-bad/files/openssl-1.0.2a-parallel-install-dirs.patch b/dev-libs/openssl-bad/files/patch/013_all_openssl-1.0.2-fix-parallel-install-dirs.patch similarity index 77% rename from dev-libs/openssl-bad/files/openssl-1.0.2a-parallel-install-dirs.patch rename to dev-libs/openssl-bad/files/patch/013_all_openssl-1.0.2-fix-parallel-install-dirs.patch index 0198818c5..79e825b02 100644 --- a/dev-libs/openssl-bad/files/openssl-1.0.2a-parallel-install-dirs.patch +++ b/dev-libs/openssl-bad/files/patch/013_all_openssl-1.0.2-fix-parallel-install-dirs.patch @@ -1,9 +1,6 @@ -https://rt.openssl.org/Ticket/Display.html?id=3736&user=guest&pass=guest - -From aba899f2eca21e11e5e9797bf8258e7265dea9f5 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Sun, 8 Mar 2015 01:32:01 -0500 -Subject: [PATCH] fix parallel install with dir creation +Subject: fix parallel install with dir creation The mkdir-p.pl does not handle parallel creation of directories. This comes up when the install_sw and install_docs rules run and @@ -11,17 +8,19 @@ both call mkdir-p.pl on sibling directory trees. Instead, lets create a single install_dirs rule that makes all of the dirs we need, and have these two install steps depend on that. + +Upstream-Bug: https://rt.openssl.org/Ticket/Display.html?id=3736&user=guest&pass=guest --- - Makefile.org | 17 +++++++++-------- - 1 file changed, 9 insertions(+), 8 deletions(-) + Makefile.org | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/Makefile.org b/Makefile.org -index a6d9471..78e6143 100644 +index 1ba910c..5ca5127 100644 --- a/Makefile.org +++ b/Makefile.org -@@ -536,9 +536,9 @@ - dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) +@@ -541,9 +541,9 @@ dist: + @$(MAKE) SDIRS='$(SDIRS)' clean + @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar -install: all install_docs install_sw +install: install_docs install_sw @@ -31,7 +30,7 @@ index a6d9471..78e6143 100644 @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -@@ -547,6 +547,13 @@ +@@ -552,6 +552,13 @@ install_sw: $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ $(INSTALL_PREFIX)$(OPENSSLDIR)/private @@ -45,7 +44,7 @@ index a6d9471..78e6143 100644 @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ -@@ -636,12 +643,7 @@ +@@ -641,12 +648,7 @@ install_html_docs: done; \ done @@ -60,5 +59,5 @@ index a6d9471..78e6143 100644 here="`pwd`"; \ filecase=; \ -- -2.3.4 +2.15.1 diff --git a/dev-libs/openssl-bad/files/openssl-1.0.2a-parallel-symlinking.patch b/dev-libs/openssl-bad/files/patch/014_all_openssl-1.0.2-fix-parallel-symlinking.patch similarity index 71% rename from dev-libs/openssl-bad/files/openssl-1.0.2a-parallel-symlinking.patch rename to dev-libs/openssl-bad/files/patch/014_all_openssl-1.0.2-fix-parallel-symlinking.patch index f2be696b1..aa89b167d 100644 --- a/dev-libs/openssl-bad/files/openssl-1.0.2a-parallel-symlinking.patch +++ b/dev-libs/openssl-bad/files/patch/014_all_openssl-1.0.2-fix-parallel-symlinking.patch @@ -1,49 +1,47 @@ -https://rt.openssl.org/Ticket/Display.html?id=3780&user=guest&pass=guest - -From cc81af135bda47eaa6956a0329cbbc55bf993ac1 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Fri, 3 Apr 2015 01:16:23 -0400 -Subject: [PATCH] fix race when symlink shareds libs +Subject: fix race when symlink shareds libs When the crypto/ssl targets attempt to build their shared libs, they run: - cd ..; make libcrypto.so.1.0.0 + cd ..; make libcrypto.so.1.0.0 The top level Makefile in turn runs the build-shared target for that lib. The build-shared target depends on both do_$(SHLIB_TARGET) & link-shared. When building in parallel, make is allowed to run both of these. They both run Makefile.shared for their respective targets: do_$(SHLIB_TARGET) -> - link_a.linux-shared -> - link_a.gnu -> - ...; $(LINK_SO_A) -> - $(LINK_SO) -> - $(SYMLINK_SO) + link_a.linux-shared -> + link_a.gnu -> + ...; $(LINK_SO_A) -> + $(LINK_SO) -> + $(SYMLINK_SO) link-shared -> - symlink.linux-shared -> - symlink.gnu -> - ...; $(SYMLINK_SO) + symlink.linux-shared -> + symlink.gnu -> + ...; $(SYMLINK_SO) The shell code for SYMLINK_SO attempts to do a [ -e lib ] check, but fails basic TOCTOU semantics. Depending on the load, that means two processes will run the sequence: - rm -f libcrypto.so - ln -s libcrypto.so.1.0.0 libcrypto.so + rm -f libcrypto.so + ln -s libcrypto.so.1.0.0 libcrypto.so Which obviously fails: - ln: failed to create symbolic link 'libcrypto.so': File exists + ln: failed to create symbolic link 'libcrypto.so': File exists Since we know do_$(SHLIB_TARGET) will create the symlink for us, don't bother depending on link-shared at all in the top level Makefile when building things. Reported-by: Martin von Gagern -URL: https://bugs.gentoo.org/545028 +Bug: https://bugs.gentoo.org/545028 +Upstream-Bug: https://rt.openssl.org/Ticket/Display.html?id=3780&user=guest&pass=guest --- Makefile.org | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org -index 890bfe4..576c60e 100644 +index 5ca5127..d413743 100644 --- a/Makefile.org +++ b/Makefile.org @@ -350,7 +350,10 @@ link-shared: @@ -59,5 +57,5 @@ index 890bfe4..576c60e 100644 do_$(SHLIB_TARGET): @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \ -- -2.3.4 +2.15.1 diff --git a/dev-libs/openssl-bad/files/patch/015_all_openssl-1.0.2-fix-parallel-install-dirs2.patch b/dev-libs/openssl-bad/files/patch/015_all_openssl-1.0.2-fix-parallel-install-dirs2.patch new file mode 100644 index 000000000..cea88b18e --- /dev/null +++ b/dev-libs/openssl-bad/files/patch/015_all_openssl-1.0.2-fix-parallel-install-dirs2.patch @@ -0,0 +1,42 @@ +From: Sebastian Andrzej Siewior +Date: Fri, 10 Jun 2016 20:04:51 +0200 +Subject: utils/mkdir-p: check if dir exists also after mkdir failed + +Commit 70a56b914772e6b21cda2a5742817ae4bb7290f1 upstream. + +With "make install -j8" it happens very often that two or more make +instances are creating the same directory in parallel. As a result one +instace creates the directory and second mkdir fails because the +directory exists already (but it did not while testing for it earlier). + +Signed-off-by: Sebastian Andrzej Siewior + +Reviewed-by: Matt Caswell +Reviewed-by: Rich Salz +(Merged from https://github.com/openssl/openssl/pull/1204) +Bug: https://bugs.gentoo.org/651880 +--- + util/mkdir-p.pl | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/util/mkdir-p.pl b/util/mkdir-p.pl +index e73d02b073..78bada3f99 100755 +--- a/util/mkdir-p.pl ++++ b/util/mkdir-p.pl +@@ -29,6 +29,12 @@ sub do_mkdir_p { + do_mkdir_p($parent); + } + +- mkdir($dir, 0777) || die "Cannot create directory $dir: $!\n"; ++ unless (mkdir($dir, 0777)) { ++ if (-d $dir) { ++ # We raced against another instance doing the same thing. ++ return; ++ } ++ die "Cannot create directory $dir: $!\n"; ++ } + print "created directory `$dir'\n"; + } +-- +2.16.3 + diff --git a/dev-libs/openssl-bad/files/openssl-1.0.2a-x32-asm.patch b/dev-libs/openssl-bad/files/patch/040_all_openssl-1.0.2-x32-asm.patch similarity index 72% rename from dev-libs/openssl-bad/files/openssl-1.0.2a-x32-asm.patch rename to dev-libs/openssl-bad/files/patch/040_all_openssl-1.0.2-x32-asm.patch index 3a005c9b0..c29e6b7a6 100644 --- a/dev-libs/openssl-bad/files/openssl-1.0.2a-x32-asm.patch +++ b/dev-libs/openssl-bad/files/patch/040_all_openssl-1.0.2-x32-asm.patch @@ -1,9 +1,6 @@ -https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest - -From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Sat, 21 Mar 2015 06:01:25 -0400 -Subject: [PATCH] crypto: use bigint in x86-64 perl +Subject: crypto: use bigint in x86-64 perl When building on x32 systems where the default type is 32bit, make sure we can transparently represent 64bit integers. Otherwise we end up with @@ -18,26 +15,27 @@ We don't enable this globally as there are some cases where we'd get 32bit values interpreted as unsigned when we need them as signed. Reported-by: Bertrand Jacquin -URL: https://bugs.gentoo.org/542618 +Bug: https://bugs.gentoo.org/542618 +Upstream-Bug: https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest --- crypto/perlasm/x86_64-xlate.pl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl -index aae8288..0bf9774 100755 +index d19195e..96d9edd 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl -@@ -195,6 +195,10 @@ my %globals; - sub out { - my $self = shift; +@@ -269,6 +269,10 @@ my %globals; + $self->{base} = $self->{index}; $self->{index} = $1; + } + # When building on x32 ABIs, the expanded hex value might be too + # big to fit into 32bits. Enable transparent 64bit support here + # so we can safely print it out. + use bigint; if ($gas) { - # Solaris /usr/ccs/bin/as can't handle multiplications - # in $self->{value} + $self->{label} =~ s/^___imp_/__imp__/ if ($flavour eq "mingw64"); + -- -2.3.3 +2.15.1 diff --git a/dev-libs/openssl-bad/files/openssl-1.0.1p-default-source.patch b/dev-libs/openssl-bad/files/patch/041_all_openssl-1.0.2-default-source.patch similarity index 65% rename from dev-libs/openssl-bad/files/openssl-1.0.1p-default-source.patch rename to dev-libs/openssl-bad/files/patch/041_all_openssl-1.0.2-default-source.patch index 73029985a..6fc66f0e7 100644 --- a/dev-libs/openssl-bad/files/openssl-1.0.1p-default-source.patch +++ b/dev-libs/openssl-bad/files/patch/041_all_openssl-1.0.2-default-source.patch @@ -1,20 +1,19 @@ -https://bugs.gentoo.org/554338 -https://rt.openssl.org/Ticket/Display.html?id=3934&user=guest&pass=guest - -From 7c2e97f8bbae517496fdc11f475b4ae54b2534f5 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Fri, 10 Jul 2015 01:50:52 -0400 -Subject: [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions +Subject: test: use _DEFAULT_SOURCE with newer glibc versions The _BSD_SOURCE macro is replaced by the _DEFAULT_SOURCE macro. Using just the former with newer versions leads to a build time warning, so make sure to use the new macro too. + +Bug: https://bugs.gentoo.org/554338 +Upstream-Bug: https://rt.openssl.org/Ticket/Display.html?id=3934&user=guest&pass=guest --- ssl/ssltest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/ssltest.c b/ssl/ssltest.c -index 26cf96c..b36f667 100644 +index f6a8f19..97ef221 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -141,6 +141,7 @@ @@ -23,8 +22,8 @@ index 26cf96c..b36f667 100644 /* Or gethostname won't be declared properly on Linux and GNU platforms. */ +#define _DEFAULT_SOURCE 1 #define _BSD_SOURCE 1 + #define _DEFAULT_SOURCE 1 - #include -- -2.4.4 +2.15.1 diff --git a/dev-libs/openssl-bad/files/patch/042_all_openssl-1.0.2o-pc-no_kerberos_includes.patch b/dev-libs/openssl-bad/files/patch/042_all_openssl-1.0.2o-pc-no_kerberos_includes.patch new file mode 100644 index 000000000..4f9223b48 --- /dev/null +++ b/dev-libs/openssl-bad/files/patch/042_all_openssl-1.0.2o-pc-no_kerberos_includes.patch @@ -0,0 +1,25 @@ +Don't include kerberos dir into pkgconfig files. + +https://bugs.gentoo.org/401665 +Thanks-to: Arfrever Frehtes Taifersar Arahesis + +--- a/Makefile.org ++++ b/Makefile.org +@@ -377,7 +377,7 @@ + echo 'Requires: '; \ + echo 'Libs: -L$${libdir} -lcrypto'; \ + echo 'Libs.private: $(EX_LIBS)'; \ +- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc ++ echo 'Cflags: -I$${includedir}' ) > libcrypto.pc + + libssl.pc: Makefile + @ ( echo 'prefix=$(INSTALLTOP)'; \ +@@ -391,7 +391,7 @@ + echo 'Requires.private: libcrypto'; \ + echo 'Libs: -L$${libdir} -lssl'; \ + echo 'Libs.private: $(EX_LIBS)'; \ +- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc ++ echo 'Cflags: -I$${includedir}' ) > libssl.pc + + openssl.pc: Makefile + @ ( echo 'prefix=$(INSTALLTOP)'; \ diff --git a/dev-libs/openssl-bad/files/patch/README.Gentoo.patches b/dev-libs/openssl-bad/files/patch/README.Gentoo.patches new file mode 100644 index 000000000..615f729a3 --- /dev/null +++ b/dev-libs/openssl-bad/files/patch/README.Gentoo.patches @@ -0,0 +1,59 @@ + ================ + === W[hat]TF === + ================ + +Gentoo patchsets that have grown too large to keep on the rsync mirrors have +been moved to our cvs tree. From there, we bundle up all the whee little +patches into a tarball and distribute it via our public mirroring system. + +If you want specific info about a patch (like wtf it does or whose great idea +it was to change the code), read the patch ! We try to fill out the top of +them with useful info such as what it does, why it's needed, bug reports, +original creators, etc... For simple patches, we reserve the right to assume +your IQ is greater than absolute 0 and figure out what it does w/out an +explanation. If, by some miracle of science, it falls below the absolute 0 +mark, you should help mankind by finding some scientists and letting them +probe you with their ... erm ... probes. + + ================= + === W[here]TF === + ================= + +For those with CVS access, you want the 'src/patchsets' dir inside of the +'gentoo' cvs module. + +For those w/out CVS access, this URL should help you: +http://sources.gentoo.org/gentoo/src/patchsets/ + (you can also find anon cvs access there too) + +It should be pretty easy to find your way around, you're a big boy after all. + + =============== + === H[ow]TF === + =============== + +The patch naming/applying convention might be a little confusing to the Gentoo +outsider, so here's a quick rundown. Patch tarballs are applied in Gentoo via +a helper command called "epatch". This command is pretty forgiving when it +comes to applying patches. + +For example, it will autodetect the required -p# by starting at 0 and counting +up until things apply. So do not expect a patch series to all be at the same -p +level even if they all apply from the same source directory. Typically however, +people will use -p0 or -p1. + +The epatch command will also use the -E option by default as the `patch` command +can be pretty picky about removing files. We just force the issue. If you +really need to empty out a file but leave it behind, people can use `touch` in +the ebuild. + +The patch naming convention is part rigorous and part open ended. By default, +the patch should follow: + #__.patch +The number field is to provide strict numerical ordering and has no limit (well, +except for your IMAGINATION). The field corresponds to the Gentoo arch +naming convention (so expect to see "amd64" instead of "x86_64"). If you see +"all" (which is how we strongly encourage people to manage things), then the +patch should be applied for all arches, and any arch-specific issues can then +be handled at build time (configure detection or something). The is a +free form field where people can stick whatever they want. diff --git a/dev-libs/openssl-bad/files/patch/README.history b/dev-libs/openssl-bad/files/patch/README.history new file mode 100644 index 000000000..689c6148e --- /dev/null +++ b/dev-libs/openssl-bad/files/patch/README.history @@ -0,0 +1,22 @@ +1.0 07 Dec 2017 + + 010_all_openssl-1.0.2-respect-ldflags.patch + + 011_all_openssl-1.0.2-fix-parallel-build.patch + + 012_all_openssl-1.0.2-fix-parallel-obj-headers.patch + + 013_all_openssl-1.0.2-fix-parallel-install-dirs.patch + + 014_all_openssl-1.0.2-fix-parallel-symlinking.patch + + 030_all_openssl-1.0.2-add-ipv6-support-in-s-client-server.patch + + 040_all_openssl-1.0.2-x32-asm.patch + + 041_all_openssl-1.0.2-default-source.patch + +1.1 27 Mar 2018 + - 030_all_openssl-1.0.2-add-ipv6-support-in-s-client-server.patch + + 030_all_openssl-1.0.2-add-ipv6-support-in-s-client-server-r1.patch + +1.2 29 Mar 2018 + + 015_all_openssl-1.0.2-fix-parallel-install-dirs2.patch + +1.3 17 Apr 2018 + + 099_all_openssl-1.0.2-CVE-2018-0737.patch + +1.4 02 Jun 2018 + + 042_all_openssl-1.0.2o-pc-no_kerberos_includes.patch diff --git a/dev-libs/openssl-bad/files/openssl-1.0.2i-parallel-build.patch b/dev-libs/openssl-bad/files/patch/excluded/011_all_openssl-1.0.2-fix-parallel-build.patch similarity index 86% rename from dev-libs/openssl-bad/files/openssl-1.0.2i-parallel-build.patch rename to dev-libs/openssl-bad/files/patch/excluded/011_all_openssl-1.0.2-fix-parallel-build.patch index 387a077da..4a2bb46b4 100644 --- a/dev-libs/openssl-bad/files/openssl-1.0.2i-parallel-build.patch +++ b/dev-libs/openssl-bad/files/patch/excluded/011_all_openssl-1.0.2-fix-parallel-build.patch @@ -1,78 +1,8 @@ ---- openssl-1.0.2i/crypto/Makefile -+++ openssl-1.0.2i/crypto/Makefile -@@ -85,11 +85,11 @@ - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - - subdirs: -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO -- @target=files; $(RECURSIVE_MAKE) -+ +@target=files; $(RECURSIVE_MAKE) - - links: - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -100,7 +100,7 @@ - # lib: $(LIB): are splitted to avoid end-less loop - lib: $(LIB) - @touch lib --$(LIB): $(LIBOBJ) -+$(LIB): $(LIBOBJ) | subdirs - $(AR) $(LIB) $(LIBOBJ) - test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o - $(RANLIB) $(LIB) || echo Never mind. -@@ -111,7 +111,7 @@ - fi - - libs: -- @target=lib; $(RECURSIVE_MAKE) -+ +@target=lib; $(RECURSIVE_MAKE) - - install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -120,7 +120,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - lint: - @target=lint; $(RECURSIVE_MAKE) ---- openssl-1.0.2i/engines/Makefile -+++ openssl-1.0.2i/engines/Makefile -@@ -72,7 +72,7 @@ - - all: lib subdirs - --lib: $(LIBOBJ) -+lib: $(LIBOBJ) | subdirs - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ - - subdirs: - echo $(EDIRS) -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -@@ -128,7 +128,7 @@ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - tags: - ctags $(SRC) ---- openssl-1.0.2i/Makefile.org -+++ openssl-1.0.2i/Makefile.org -@@ -281,17 +281,17 @@ +diff --git a/Makefile.org b/Makefile.org +index 19ebd38535..1ba910c6e7 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -283,17 +283,17 @@ build_libcrypto: build_crypto build_engines libcrypto.pc build_libssl: build_ssl libssl.pc build_crypto: @@ -96,7 +26,7 @@ all_testapps: build_libs build_testapps build_testapps: -@@ -547,7 +547,7 @@ +@@ -557,7 +557,7 @@ install_sw: (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; @@ -105,9 +35,11 @@ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ do \ if [ -f "$$i" ]; then \ ---- openssl-1.0.2i/Makefile.shared -+++ openssl-1.0.2i/Makefile.shared -@@ -105,6 +105,7 @@ +diff --git a/Makefile.shared b/Makefile.shared +index 72c0144ead..9bbdc901c3 100644 +--- a/Makefile.shared ++++ b/Makefile.shared +@@ -105,6 +105,7 @@ LINK_SO= \ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ @@ -115,7 +47,7 @@ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $${SHAREDCMD} $${SHAREDFLAGS} \ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -@@ -122,6 +123,7 @@ +@@ -122,6 +123,7 @@ SYMLINK_SO= \ done; \ fi; \ if [ -n "$$SHLIB_SOVER" ]; then \ @@ -123,9 +55,87 @@ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ fi; \ ---- openssl-1.0.2i/test/Makefile -+++ openssl-1.0.2i/test/Makefile -@@ -144,7 +144,7 @@ +diff --git a/crypto/Makefile b/crypto/Makefile +index ad1b9f018b..42e0e7e40a 100644 +--- a/crypto/Makefile ++++ b/crypto/Makefile +@@ -85,11 +85,11 @@ testapps: + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + + subdirs: +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO +- @target=files; $(RECURSIVE_MAKE) ++ +@target=files; $(RECURSIVE_MAKE) + + links: + @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) +@@ -100,7 +100,7 @@ links: + # lib: $(LIB): are splitted to avoid end-less loop + lib: $(LIB) + @touch lib +-$(LIB): $(LIBOBJ) ++$(LIB): $(LIBOBJ) | subdirs + $(AR) $(LIB) $(LIBOBJ) + test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o + $(RANLIB) $(LIB) || echo Never mind. +@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs + fi + + libs: +- @target=lib; $(RECURSIVE_MAKE) ++ +@target=lib; $(RECURSIVE_MAKE) + + install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... +@@ -120,7 +120,7 @@ install: + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + lint: + @target=lint; $(RECURSIVE_MAKE) +diff --git a/engines/Makefile b/engines/Makefile +index 2058ff405a..896cfbf9ae 100644 +--- a/engines/Makefile ++++ b/engines/Makefile +@@ -72,7 +72,7 @@ top: + + all: lib subdirs + +-lib: $(LIBOBJ) ++lib: $(LIBOBJ) | subdirs + @if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ + for l in $(LIBNAMES); do \ +@@ -89,7 +89,7 @@ lib: $(LIBOBJ) + + subdirs: + echo $(EDIRS) +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +@@ -128,7 +128,7 @@ install: + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ + done; \ + fi +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + tags: + ctags $(SRC) +diff --git a/test/Makefile b/test/Makefile +index 55a6b50799..5d951d4237 100644 +--- a/test/Makefile ++++ b/test/Makefile +@@ -145,7 +145,7 @@ install: tags: ctags $(SRC) @@ -134,7 +144,7 @@ apps: @(cd ..; $(MAKE) DIRS=apps all) -@@ -435,136 +435,136 @@ +@@ -445,142 +445,142 @@ BUILD_CMD_STATIC=shlib_target=; \ link_app.$${shlib_target} $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) @@ -305,6 +315,14 @@ - @target=$(BADDTLSTEST) $(BUILD_CMD) + +@target=$(BADDTLSTEST) $(BUILD_CMD) + $(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) +- @target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD) ++ +@target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD) + + $(X509TIMETEST)$(EXE_EXT): $(X509TIMETEST).o +- @target=$(X509TIMETEST) $(BUILD_CMD) ++ +@target=$(X509TIMETEST) $(BUILD_CMD) + $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o - @target=$(SSLV2CONFTEST) $(BUILD_CMD) + +@target=$(SSLV2CONFTEST) $(BUILD_CMD) @@ -315,7 +333,7 @@ #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -577,7 +577,7 @@ +@@ -593,7 +593,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) # fi dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) diff --git a/dev-libs/openssl-bad/files/openssl-1.0.2-ipv6.patch b/dev-libs/openssl-bad/files/patch/excluded/030_all_openssl-1.0.2-add-ipv6-support-in-s-client-server-r1.patch similarity index 78% rename from dev-libs/openssl-bad/files/openssl-1.0.2-ipv6.patch rename to dev-libs/openssl-bad/files/patch/excluded/030_all_openssl-1.0.2-add-ipv6-support-in-s-client-server-r1.patch index 27574ea61..911b00df0 100644 --- a/dev-libs/openssl-bad/files/openssl-1.0.2-ipv6.patch +++ b/dev-libs/openssl-bad/files/patch/excluded/030_all_openssl-1.0.2-add-ipv6-support-in-s-client-server-r1.patch @@ -1,17 +1,17 @@ -http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest - ---- openssl-1.0.2/apps/s_apps.h -+++ openssl-1.0.2/apps/s_apps.h -@@ -154,7 +154,7 @@ +diff --git a/apps/s_apps.h b/apps/s_apps.h +index cbb61baf77..d31050f89e 100644 +--- a/apps/s_apps.h ++++ b/apps/s_apps.h +@@ -153,7 +153,7 @@ typedef fd_mask fd_set; + int do_server(int port, int type, int *ret, - int (*cb) (char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, -- int naccept); -+ int naccept, int use_ipv4, int use_ipv6); + int (*cb) (int s, int stype, unsigned char *context), +- unsigned char *context, int naccept); ++ unsigned char *context, int naccept, int use_ipv4, int use_ipv6); #ifdef HEADER_X509_H int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); #endif -@@ -167,7 +167,8 @@ +@@ -166,7 +166,8 @@ int ssl_print_point_formats(BIO *out, SSL *s); int ssl_print_curves(BIO *out, SSL *s, int noshared); #endif int ssl_print_tmp_key(BIO *out, SSL *s); @@ -21,9 +21,11 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest int should_retry(int i); int extract_port(char *str, short *port_ptr); int extract_host_port(char *str, char **host_ptr, unsigned char *ip, ---- openssl-1.0.2/apps/s_client.c -+++ openssl-1.0.2/apps/s_client.c -@@ -302,6 +302,10 @@ +diff --git a/apps/s_client.c b/apps/s_client.c +index b455d9012d..893698dc9d 100644 +--- a/apps/s_client.c ++++ b/apps/s_client.c +@@ -299,6 +299,10 @@ static void sc_usage(void) { BIO_printf(bio_err, "usage: s_client args\n"); BIO_printf(bio_err, "\n"); @@ -34,7 +36,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest BIO_printf(bio_err, " -host host - use -connect instead\n"); BIO_printf(bio_err, " -port port - use -connect instead\n"); BIO_printf(bio_err, -@@ -658,6 +662,7 @@ +@@ -669,6 +673,7 @@ int MAIN(int argc, char **argv) int sbuf_len, sbuf_off; fd_set readfds, writefds; short port = PORT; @@ -42,7 +44,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest int full_log = 1; char *host = SSL_HOST_NAME; char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; -@@ -709,7 +714,11 @@ +@@ -720,7 +725,11 @@ int MAIN(int argc, char **argv) #endif char *sess_in = NULL; char *sess_out = NULL; @@ -55,7 +57,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest int peerlen = sizeof(peer); int fallback_scsv = 0; int enable_timeouts = 0; -@@ -737,6 +746,12 @@ +@@ -749,6 +758,12 @@ int MAIN(int argc, char **argv) meth = SSLv23_client_method(); @@ -68,10 +70,11 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest apps_startup(); c_Pause = 0; c_quiet = 0; -@@ -1096,6 +1111,16 @@ +@@ -1119,6 +1134,16 @@ int MAIN(int argc, char **argv) + goto bad; jpake_secret = *++argv; } - #endif ++#endif + else if (strcmp(*argv,"-4") == 0) { + use_ipv4 = 1; + use_ipv6 = 0; @@ -81,11 +84,10 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest + use_ipv4 = 0; + use_ipv6 = 1; + } -+#endif + #endif #ifndef OPENSSL_NO_SRTP else if (strcmp(*argv, "-use_srtp") == 0) { - if (--argc < 1) -@@ -1421,7 +1446,7 @@ +@@ -1449,7 +1474,7 @@ int MAIN(int argc, char **argv) re_start: @@ -94,7 +96,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); SHUTDOWN(s); goto end; -@@ -1444,7 +1469,7 @@ +@@ -1472,7 +1497,7 @@ int MAIN(int argc, char **argv) if (socket_type == SOCK_DGRAM) { sbio = BIO_new_dgram(s, BIO_NOCLOSE); @@ -103,20 +105,22 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest BIO_printf(bio_err, "getsockname:errno=%d\n", get_last_socket_error()); SHUTDOWN(s); ---- openssl-1.0.2/apps/s_server.c -+++ openssl-1.0.2/apps/s_server.c -@@ -643,6 +643,10 @@ +diff --git a/apps/s_server.c b/apps/s_server.c +index ce7a1d64b6..19956815f1 100644 +--- a/apps/s_server.c ++++ b/apps/s_server.c +@@ -663,6 +663,10 @@ static void sv_usage(void) + # endif BIO_printf(bio_err, " -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); - #endif ++#endif + BIO_printf(bio_err, " -4 - use IPv4 only\n"); +#if OPENSSL_USE_IPV6 + BIO_printf(bio_err, " -6 - use IPv6 only\n"); -+#endif + #endif BIO_printf(bio_err, " -keymatexport label - Export keying material using label\n"); - BIO_printf(bio_err, -@@ -1070,6 +1074,7 @@ +@@ -1098,6 +1102,7 @@ int MAIN(int argc, char *argv[]) int state = 0; const SSL_METHOD *meth = NULL; int socket_type = SOCK_STREAM; @@ -124,7 +128,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest ENGINE *e = NULL; char *inrand = NULL; int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; -@@ -1111,6 +1116,12 @@ +@@ -1140,6 +1145,12 @@ int MAIN(int argc, char *argv[]) meth = SSLv23_server_method(); @@ -137,10 +141,11 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest local_argc = argc; local_argv = argv; -@@ -1503,6 +1514,16 @@ +@@ -1548,6 +1559,16 @@ int MAIN(int argc, char *argv[]) + goto bad; jpake_secret = *(++argv); } - #endif ++#endif + else if (strcmp(*argv,"-4") == 0) { + use_ipv4 = 1; + use_ipv6 = 0; @@ -150,11 +155,10 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest + use_ipv4 = 0; + use_ipv6 = 1; + } -+#endif + #endif #ifndef OPENSSL_NO_SRTP else if (strcmp(*argv, "-use_srtp") == 0) { - if (--argc < 1) -@@ -2023,13 +2044,13 @@ +@@ -2070,13 +2091,13 @@ int MAIN(int argc, char *argv[]) (void)BIO_flush(bio_s_out); if (rev) do_server(port, socket_type, &accept_socket, rev_body, context, @@ -171,9 +175,11 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest print_stats(bio_s_out, ctx); ret = 0; end: ---- openssl-1.0.2/apps/s_socket.c -+++ openssl-1.0.2/apps/s_socket.c -@@ -101,16 +101,16 @@ +diff --git a/apps/s_socket.c b/apps/s_socket.c +index b3848dd156..941ff30af3 100644 +--- a/apps/s_socket.c ++++ b/apps/s_socket.c +@@ -101,16 +101,16 @@ typedef unsigned int u_int; # include "netdb.h" # endif @@ -186,16 +192,16 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest -static int init_client_ip(int *sock, unsigned char ip[4], int port, int type); -static int init_server(int *sock, int port, int type); -static int init_server_long(int *sock, int port, char *ip, int type); -+static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain); ++static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain); +static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6); +static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6); - static int do_accept(int acc_sock, int *sock, char **host); + static int do_accept(int acc_sock, int *sock); -static int host_ip(char *str, unsigned char ip[4]); -+static int host_ip(char *str, unsigned char *ip, int domain); ++static int host_ip(char *str, unsigned char ip[4], int domain); # ifdef OPENSSL_SYS_WIN16 # define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ -@@ -231,38 +231,68 @@ +@@ -231,38 +231,69 @@ static int ssl_sock_init(void) return (1); } @@ -208,15 +214,10 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest unsigned char ip[4]; +# endif -- memset(ip, '\0', sizeof ip); + memset(ip, '\0', sizeof(ip)); - if (!host_ip(host, &(ip[0]))) - return 0; - return init_client_ip(sock, ip, port, type); --} -- --static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) --{ -- unsigned long addr; + if (use_ipv4) + if (host_ip(host, ip, AF_INET)) + return(init_client_ip(sock, ip, port, type, AF_INET)); @@ -226,10 +227,12 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest + return(init_client_ip(sock, ip, port, type, AF_INET6)); +# endif + return 0; -+} -+ + } + +-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) +static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain) -+{ + { +- unsigned long addr; +# if OPENSSL_USE_IPV6 + struct sockaddr_storage them; + struct sockaddr_in *them_in = (struct sockaddr_in *)&them; @@ -283,7 +286,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest if (s == INVALID_SOCKET) { perror("socket"); -@@ -280,7 +310,7 @@ +@@ -280,7 +311,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) } # endif @@ -292,15 +295,14 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest closesocket(s); perror("connect"); return (0); -@@ -292,14 +322,14 @@ +@@ -291,13 +322,13 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) + int do_server(int port, int type, int *ret, - int (*cb) (char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, -- int naccept) -+ int naccept, int use_ipv4, int use_ipv6) + int (*cb) (int s, int stype, unsigned char *context), +- unsigned char *context, int naccept) ++ unsigned char *context, int naccept, int use_ipv4, int use_ipv6) { int sock; - char *name = NULL; int accept_socket = 0; int i; @@ -309,7 +311,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest return (0); if (ret != NULL) { -@@ -328,32 +358,41 @@ +@@ -324,32 +355,41 @@ int do_server(int port, int type, int *ret, } } @@ -366,8 +368,8 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest if (s == INVALID_SOCKET) goto err; -@@ -363,7 +402,42 @@ - setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); +@@ -359,7 +399,42 @@ static int init_server_long(int *sock, int port, char *ip, int type) + setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j)); } # endif - if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { @@ -410,7 +412,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest # ifndef OPENSSL_SYS_WINDOWS perror("bind"); # endif -@@ -381,16 +455,23 @@ +@@ -377,9 +452,9 @@ static int init_server_long(int *sock, int port, char *ip, int type) return (ret); } @@ -421,80 +423,8 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest + return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6)); } - static int do_accept(int acc_sock, int *sock, char **host) - { - int ret; - struct hostent *h1, *h2; -- static struct sockaddr_in from; -+#if OPENSSL_USE_IPV6 -+ struct sockaddr_storage from; -+ struct sockaddr_in *from_in = (struct sockaddr_in *)&from; -+ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from; -+#else -+ struct sockaddr_in from; -+ struct sockaddr_in *from_in = &from; -+#endif - int len; - /* struct linger ling; */ - -@@ -440,14 +521,25 @@ - - if (host == NULL) - goto end; -+# if OPENSSL_USE_IPV6 -+ if (from.ss_family == AF_INET) -+# else -+ if (from.sin_family == AF_INET) -+# endif - # ifndef BIT_FIELD_LIMITS -- /* I should use WSAAsyncGetHostByName() under windows */ -- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr, -- sizeof(from.sin_addr.s_addr), AF_INET); -+ /* I should use WSAAsyncGetHostByName() under windows */ -+ h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr, -+ sizeof(from_in->sin_addr.s_addr), AF_INET); - # else -- h1 = gethostbyaddr((char *)&from.sin_addr, -- sizeof(struct in_addr), AF_INET); -+ h1 = gethostbyaddr((char *)&from_in->sin_addr, -+ sizeof(struct in_addr), AF_INET); -+# endif -+# if OPENSSL_USE_IPV6 -+ else -+ h1 = gethostbyaddr((char *)&from_in6->sin6_addr, -+ sizeof(struct in6_addr), AF_INET6); - # endif -+ - if (h1 == NULL) { - BIO_printf(bio_err, "bad gethostbyaddr\n"); - *host = NULL; -@@ -460,14 +552,22 @@ - } - BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1); - -- h2 = GetHostByName(*host); -+# if OPENSSL_USE_IPV6 -+ h2=GetHostByName(*host, from.ss_family); -+# else -+ h2=GetHostByName(*host, from.sin_family); -+# endif - if (h2 == NULL) { - BIO_printf(bio_err, "gethostbyname failure\n"); - closesocket(ret); - return (0); - } -- if (h2->h_addrtype != AF_INET) { -- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); -+# if OPENSSL_USE_IPV6 -+ if (h2->h_addrtype != from.ss_family) { -+# else -+ if (h2->h_addrtype != from.sin_family) { -+# endif -+ BIO_printf(bio_err, "gethostbyname addr is not correct\n"); - closesocket(ret); - return (0); - } -@@ -483,14 +583,14 @@ + static int do_accept(int acc_sock, int *sock) +@@ -428,14 +503,14 @@ int extract_host_port(char *str, char **host_ptr, unsigned char *ip, char *h, *p; h = str; @@ -511,7 +441,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest goto err; if (host_ptr != NULL) *host_ptr = h; -@@ -502,44 +602,51 @@ +@@ -447,44 +522,51 @@ int extract_host_port(char *str, char **host_ptr, unsigned char *ip, return (0); } @@ -579,7 +509,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest err: return (0); } -@@ -573,7 +680,7 @@ +@@ -518,7 +600,7 @@ static struct ghbn_cache_st { static unsigned long ghbn_hits = 0L; static unsigned long ghbn_miss = 0L; @@ -588,7 +518,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest { struct hostent *ret; int i, lowi = 0; -@@ -585,13 +692,18 @@ +@@ -530,13 +612,18 @@ static struct hostent *GetHostByName(char *name) lowi = i; } if (ghbn_cache[i].order > 0) { diff --git a/dev-libs/openssl-bad/files/patch/excluded/099_all_openssl-1.0.2p-revert-osx-makedepend.patch b/dev-libs/openssl-bad/files/patch/excluded/099_all_openssl-1.0.2p-revert-osx-makedepend.patch new file mode 100644 index 000000000..16998c822 --- /dev/null +++ b/dev-libs/openssl-bad/files/patch/excluded/099_all_openssl-1.0.2p-revert-osx-makedepend.patch @@ -0,0 +1,35 @@ +diff --git a/Configure b/Configure +index c7066dc97c..01d07074de 100755 +--- a/Configure ++++ b/Configure +@@ -1672,13 +1672,6 @@ while () { + } + close(PIPE); + +-# Xcode did not handle $cc -M before clang support +-my $cc_as_makedepend = 0; +-if ($predefined{__GNUC__} >= 3 && !(defined($predefined{__APPLE_CC__}) +- && !defined($predefined{__clang__}))) { +- $cc_as_makedepend = 1; +-} +- + if ($strict_warnings) + { + my $wopt; +@@ -1738,14 +1731,14 @@ while () + s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/; + s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; + s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/; +- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc_as_makedepend; ++ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3; + } + else { + s/^CC=.*$/CC= $cc/; + s/^AR=\s*ar/AR= $ar/; + s/^RANLIB=.*/RANLIB= $ranlib/; + s/^RC=.*/RC= $windres/; +- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc_as_makedepend; ++ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3; + } + s/^CFLAG=.*$/CFLAG= $cflags/; + s/^DEPFLAG=.*$/DEPFLAG=$depflags/; diff --git a/dev-libs/openssl-bad/openssl-bad-1.0.2_p20220901-r1.ebuild b/dev-libs/openssl-bad/openssl-bad-1.0.2_p20220901-r1.ebuild deleted file mode 100644 index a393572ad..000000000 --- a/dev-libs/openssl-bad/openssl-bad-1.0.2_p20220901-r1.ebuild +++ /dev/null @@ -1,214 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit flag-o-matic toolchain-funcs multilib-minimal - -DESCRIPTION="Snapshot for testssl.sh >2.8 from PM's fork, ready to compile" -HOMEPAGE="https://github.com/drwetter/openssl-1.0.2.bad" -#EGIT_BRANCH="1.0.2-chacha" - -MY_COMMIT="698be5f5b6d0d150fb45182824864016389f1868" -SRC_URI="https://github.com/drwetter/openssl-1.0.2.bad/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" - -S="${WORKDIR}/openssl-1.0.2.bad-${MY_COMMIT}" -LICENSE="openssl" -SLOT="0" -#KEYWORDS="alpha amd64 arm arm64 hppa m68k ~mips ppc ppc64 sparc x86 ~arm-linux ~x86-linux" -IUSE="+asm bindist gmp +kerberos rfc3779 sctp cpu_flags_x86_sse2 +sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist ) - !test? ( test )" - -RDEPEND=">=app-misc/c_rehash-1.7-r1 - gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )" -DEPEND="${RDEPEND} - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - )" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -src_prepare() { - # keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - eapply "${FILESDIR}"/openssl-1.0.0a-ldflags.patch #327421 -# eapply "${FILESDIR}"/openssl-1.0.2i-parallel-build.patch - eapply "${FILESDIR}"/openssl-1.0.2a-parallel-obj-headers.patch - eapply "${FILESDIR}"/openssl-1.0.2a-parallel-install-dirs.patch - eapply "${FILESDIR}"/openssl-1.0.2a-parallel-symlinking.patch #545028 -# eapply "${FILESDIR}"/openssl-1.0.2-ipv6.patch - eapply "${FILESDIR}"/openssl-1.0.2a-x32-asm.patch #542618 - eapply "${FILESDIR}"/openssl-1.0.1p-default-source.patch #554338 - fi - - eapply_user - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - # this breaks build with 1.0.2p, not sure if it is needed anymore - #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die - chmod a+rx gentoo.config || die - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - append-cppflags -DOPENSSL_NO_BUF_FREELISTS - - sed -i '1s,^:$,#!'"${EPREFIX}"'/usr/bin/perl,' Configure #141906 - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2 - # RC5: Expired https://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - # Disable it for now though #469976 - #if ! use bindist ; then - # echo "__uint128_t i;" > "${T}"/128.c - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - # fi - #fi - - # https://github.com/openssl/openssl/issues/2286 -# if use ia64 ; then -# replace-flags -g3 -g2 -# replace-flags -ggdb3 -ggdb2 -# fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - STDOPTIONS="--prefix=/usr/ --openssldir=/etc/ssl -DOPENSSL_USE_BUILD_DATE enable-zlib \ - enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc5 enable-rc2 \ - enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \ - enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake" - - # Fedora hobbled-EC needs 'no-ec2m', 'no-srp' - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - enable-ec \ - $(use_ssl !bindist ec2m) \ - $(use_ssl !bindist srp) \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - enable-rc5 \ - enable-tlsext \ - enable-cast \ - enable-ripemd \ - $(use_ssl asm) \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl sctp) \ - $(use_ssl sslv2 ssl2) \ - $(use_ssl sslv3 ssl3) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - -static threads $STDOPTIONS \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die - - einfo "config is completed ===========" - #why is this run in src_configure and src_compile? - emake -j1 depend -} - -multilib_src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 V=1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - #emake rehash -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - newbin apps/openssl openssl-bad -} diff --git a/dev-libs/openssl-bad/openssl-bad-1.0.2_p20220901-r2.ebuild b/dev-libs/openssl-bad/openssl-bad-1.0.2_p20250104.ebuild similarity index 60% rename from dev-libs/openssl-bad/openssl-bad-1.0.2_p20220901-r2.ebuild rename to dev-libs/openssl-bad/openssl-bad-1.0.2_p20250104.ebuild index 4262944f8..767dfe378 100644 --- a/dev-libs/openssl-bad/openssl-bad-1.0.2_p20220901-r2.ebuild +++ b/dev-libs/openssl-bad/openssl-bad-1.0.2_p20250104.ebuild @@ -1,6 +1,8 @@ # Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 +# openssl-compat as a templated + EAPI=8 inherit flag-o-matic toolchain-funcs multilib-minimal @@ -10,7 +12,7 @@ inherit flag-o-matic toolchain-funcs multilib-minimal # Please use 1.7 version number when rolling a new tarball! PATCH_SET="openssl-1.0.2-patches-1.5" -MY_P=${P/_/-} +#MY_P=openssl-bad-${PV/_/-} # This patch set is based on the following files from Fedora 25, # see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec @@ -22,36 +24,29 @@ MY_P=${P/_/-} BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz" DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="https://openssl-library.org/" -#SRC_URI="mirror://openssl/source/${MY_P}.tar.gz -# bindist? ( -# mirror://gentoo/bb/${BINDIST_PATCH_SET} -# ) -# !vanilla? ( -# https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz -# )" +HOMEPAGE="https://github.com/testssl/openssl-1.0.2.bad" +MY_COMMIT="a9c866be14959b8b213a66ee47736be16db968fd" +SRC_URI="https://github.com/drwetter/openssl-1.0.2.bad/archive/${MY_COMMIT}.tar.gz -> ${P}.gh.tar.gz + mirror://gentoo/ec/openssl-compat-1.0.2u-versioned-symbols.patch.gz + " +# https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz -#http://distfiles.gentoo.org/distfiles/b0/openssl-1.0.2u.tar.gz -#https://artfiles.org/openssl.org/source/openssl-1.0.2u.tar.gz -#https://www.mirrorservice.org/sites/ftp.openssl.org/source/openssl-1.0.2u.tar.gz -#https://www.openssl.org/source/openssl-1.0.2u.tar.gz -#http://distfiles.gentoo.org/distfiles/b0/openssl-1.0.2-patches-1.5.tar.xz -#https://dev.gentoo.org/~chutzpah/dist/openssl/openssl-1.0.2-patches-1.5.tar.xz - -S="${WORKDIR}/${MY_P}" +S="${WORKDIR}/openssl-1.0.2.bad-${MY_COMMIT}" LICENSE="openssl" -SLOT="0" +SLOT="1.0.2" #WIP: convert to openssl-bad if possible -#KEYWORDS="~alpha amd64 arm arm64 hppa ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux ~arm64-macos" -IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test tls-compression +tls-heartbeat vanilla" -RESTRICT="!bindist? ( bindist ) - !test? ( test )" +#KEYWORDS="~alpha amd64 arm arm64 ~hppa ~m68k ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x86-linux" +IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla tls-compression" -RDEPEND=">=app-misc/c_rehash-1.7-r1 - gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) +RESTRICT="!bindist? ( bindist ) + test" + +RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" + tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) + !=dev-libs/openssl-1.0.2*:0 + !dev-libs/openssl:1.0.0" DEPEND="${RDEPEND}" BDEPEND=" >=dev-lang/perl-5 @@ -60,13 +55,17 @@ BDEPEND=" sys-apps/diffutils app-alternatives/bc )" -PDEPEND="app-misc/ca-certificates" + +# Do not install any docs +DOCS=() MULTILIB_WRAPPED_HEADERS=( usr/include/openssl/opensslconf.h ) src_prepare() { + #mv "${WORKDIR}"/openssl-compat-1.0.2u-versioned-symbols.patch "${WORKDIR}"/patch || die + if use bindist; then mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die bash "${WORKDIR}"/hobble-openssl || die @@ -90,7 +89,7 @@ src_prepare() { rm -f Makefile if ! use vanilla ; then - eapply "${WORKDIR}"/patch/*.patch + eapply "${FILESDIR}"/patch/*.patch fi eapply_user @@ -157,15 +156,14 @@ multilib_src_configure() { local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + # friendly and can use the nicely optimized code paths. #460790 + local ec_nistp_64_gcc_128 + # Disable it for now though #469976 + #if ! use bindist ; then + # echo "__uint128_t i;" > "${T}"/128.c + # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + # fi #fi local sslout=$(./gentoo.config) @@ -196,8 +194,8 @@ multilib_src_configure() { $(use_ssl sctp) \ $(use_ssl sslv2 ssl2) \ $(use_ssl sslv3 ssl3) \ - $(use_ssl tls-compression zlib) \ $(use_ssl tls-heartbeat heartbeats) \ + $(use_ssl tls-compression zlib) \ --prefix="${EPREFIX}"/usr \ --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ --libdir=$(get_libdir) \ @@ -229,10 +227,7 @@ multilib_src_compile() { # depend is needed to use $confopts; it also doesn't matter # that it's -j1 as the code itself serializes subdirs emake -j1 V=1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash + emake build_libs } multilib_src_test() { @@ -240,72 +235,5 @@ multilib_src_test() { } multilib_src_install() { - # We need to create $ED/usr on our own to avoid a race condition #665130 - if [[ ! -d "${ED}/usr" ]]; then - # We can only create this directory once - mkdir "${ED}"/usr || die - fi - - # Only -j1 is supported for the install targets: - # https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 - emake INSTALL_PREFIX="${D}" -j1 install - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el ) - einstalldocs - - use rfc3779 && dodoc engines/ccgost/README.gost - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null - eend $? + dolib.so lib{crypto,ssl}.so.${SLOT} }