Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-libs/openssl
diff options
context:
space:
mode:
authorLars Wendler <polynomial-c@gentoo.org>2016-10-31 08:10:08 +0100
committerLars Wendler <polynomial-c@gentoo.org>2016-10-31 08:10:08 +0100
commit246f6b0590667adffa8967d9ba41bc993119a553 (patch)
treee854f2924b2f8d2d7ce591f8cbe2b8b695e23096 /dev-libs/openssl
parentapp-admin/puppet: add ruby22 (diff)
downloadgentoo-246f6b0590667adffa8967d9ba41bc993119a553.tar.gz
gentoo-246f6b0590667adffa8967d9ba41bc993119a553.tar.bz2
gentoo-246f6b0590667adffa8967d9ba41bc993119a553.zip
dev-libs/openssl: Removed vulnerable versions.
Package-Manager: portage-2.3.2 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'dev-libs/openssl')
-rw-r--r--dev-libs/openssl/Manifest2
-rw-r--r--dev-libs/openssl/files/openssl-1.0.0d-windres.patch76
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch318
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch279
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch28
-rw-r--r--dev-libs/openssl/openssl-1.0.2h-r2.ebuild254
-rw-r--r--dev-libs/openssl/openssl-1.0.2i.ebuild249
7 files changed, 0 insertions, 1206 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 4d20371e13b6..3e6411ea8f0c 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,5 +1,3 @@
DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
-DIST openssl-1.0.2h.tar.gz 5274412 SHA256 1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919 SHA512 780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303 WHIRLPOOL 41b6cf0c08b547f1432dc8167a4c7835da0b6907f8932969e0a352fab8bdbb4d8f612a5bf431e415d93ff1c8238652b2ee3ce0bd935cc2f59e8ea4f40fe6b5d6
-DIST openssl-1.0.2i.tar.gz 5308232 SHA256 9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f SHA512 41764debd5d64e4e770945f30d682e2c887d9cefb39b358c5c7f9d2cdce34393ed28d49b24e95c4639db2df01c278cbcde71bed2b03f9aafafc76766b03850e3 WHIRLPOOL ba1a4513aaa1de81e36912acfe0b6cf8e0acf7cc71d32b127b5e54eb2f6fc6ce63f4f61e9fc99fecc9e037cdccc496b9d15ea75b594b0fd8721b4478eab1f31d
DIST openssl-1.0.2j.tar.gz 5307912 SHA256 e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 SHA512 7d6ccae4aa3ccec3a5d128da29c68401cdb1210cba6d212d55235fc3bc63d7085e2f119e2bbee7ddff6b7b5eef07c6196156791724cd2caf313a4c2fef724edd WHIRLPOOL 1f17e80bc10da2eab9d4c1c3a662b0e2b4f7e8bc448aabb44cd98a96ba3d6cd0ef6cf9a3371d44b39a4d11b1a4087c8f0d056272ace6eba5bd2417f7ab9503b7
DIST openssl-1.1.0b.tar.gz 5162355 SHA256 a45de072bf9be4dea437230aaf036000f0e68c6a665931c57e76b5b036cef6f7 SHA512 b6d66261427f1acc049bf5469a0dc668490e752c2ba4802481809e7e35367213eca17ac9fdc3f23ed5f7a53d303abca78b13a48b169f154043199f2680ccf1a4 WHIRLPOOL bc926b2839f2e85751480ac0a6306bd37ca1ac12759b78654fba6861517bb9979245b95676a60900eab9257334ecf2e1b7d9e406c39a6075054a93ffc1f7a76a
diff --git a/dev-libs/openssl/files/openssl-1.0.0d-windres.patch b/dev-libs/openssl/files/openssl-1.0.0d-windres.patch
deleted file mode 100644
index 0b360d2b3bea..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.0d-windres.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-URL: http://rt.openssl.org/Ticket/Display.html?id=2558&user=guest&pass=guest
-Subject: make windres controllable via build env var settings
-
-atm, the windres code in openssl is only usable via the cross-compile prefix
-option unlike all the other build tools. so add support for the standard $RC
-/ $WINDRES env vars as well.
-
-Index: Configure
-===================================================================
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/Configure,v
-retrieving revision 1.621.2.40
-diff -u -p -r1.621.2.40 Configure
---- Configure 30 Nov 2010 22:19:26 -0000 1.621.2.40
-+++ Configure 4 Jul 2011 23:12:32 -0000
-@@ -1094,6 +1094,7 @@ my $shared_extension = $fields[$idx_shar
- my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
- my $ar = $ENV{'AR'} || "ar";
- my $arflags = $fields[$idx_arflags];
-+my $windres = $ENV{'RC'} || $ENV{'WINDRES'} || "windres";
- my $multilib = $fields[$idx_multilib];
-
- # if $prefix/lib$multilib is not an existing directory, then
-@@ -1511,12 +1512,14 @@ while (<IN>)
- s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
- s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
- s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
-+ s/^WINDRES=\s*/WINDRES= \$\(CROSS_COMPILE\)/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
- }
- else {
- s/^CC=.*$/CC= $cc/;
- s/^AR=\s*ar/AR= $ar/;
- s/^RANLIB=.*/RANLIB= $ranlib/;
-+ s/^WINDRES=.*/WINDRES= $windres/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
- }
- s/^CFLAG=.*$/CFLAG= $cflags/;
-Index: Makefile.org
-===================================================================
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.org,v
-retrieving revision 1.295.2.10
-diff -u -p -r1.295.2.10 Makefile.org
---- Makefile.org 27 Jan 2010 16:06:58 -0000 1.295.2.10
-+++ Makefile.org 4 Jul 2011 23:13:08 -0000
-@@ -66,6 +66,7 @@ EXE_EXT=
- ARFLAGS=
- AR=ar $(ARFLAGS) r
- RANLIB= ranlib
-+WINDRES= windres
- NM= nm
- PERL= perl
- TAR= tar
-@@ -180,6 +181,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS
- CC='$(CC)' CFLAG='$(CFLAG)' \
- AS='$(CC)' ASFLAG='$(CFLAG) -c' \
- AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
-+ WINDRES='$(WINDRES)' \
- CROSS_COMPILE='$(CROSS_COMPILE)' \
- PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
- SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
-Index: Makefile.shared
-===================================================================
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.shared,v
-retrieving revision 1.72.2.4
-diff -u -p -r1.72.2.4 Makefile.shared
---- Makefile.shared 21 Aug 2010 11:36:49 -0000 1.72.2.4
-+++ Makefile.shared 4 Jul 2011 23:13:52 -0000
-@@ -293,7 +293,7 @@ link_a.cygwin:
- fi; \
- dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
- $(PERL) util/mkrc.pl $$dll_name | \
-- $(CROSS_COMPILE)windres -o rc.o; \
-+ $(WINDRES) -o rc.o; \
- extras="$$extras rc.o"; \
- ALLSYMSFLAGS='-Wl,--whole-archive'; \
- NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
diff --git a/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
deleted file mode 100644
index 3582810da2bf..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
+++ /dev/null
@@ -1,318 +0,0 @@
---- openssl-1.0.2g/crypto/Makefile
-+++ openssl-1.0.2g/crypto/Makefile
-@@ -85,11 +85,11 @@
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
- subdirs:
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
-- @target=files; $(RECURSIVE_MAKE)
-+ +@target=files; $(RECURSIVE_MAKE)
-
- links:
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib: $(LIB)
- @touch lib
--$(LIB): $(LIBOBJ)
-+$(LIB): $(LIBOBJ) | subdirs
- $(AR) $(LIB) $(LIBOBJ)
- test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- $(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@
- fi
-
- libs:
-- @target=lib; $(RECURSIVE_MAKE)
-+ +@target=lib; $(RECURSIVE_MAKE)
-
- install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- lint:
- @target=lint; $(RECURSIVE_MAKE)
---- openssl-1.0.2g/engines/Makefile
-+++ openssl-1.0.2g/engines/Makefile
-@@ -72,7 +72,7 @@
-
- all: lib subdirs
-
--lib: $(LIBOBJ)
-+lib: $(LIBOBJ) | subdirs
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
- for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
-
- subdirs:
- echo $(EDIRS)
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- done; \
- fi
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- tags:
- ctags $(SRC)
---- openssl-1.0.2g/Makefile.org
-+++ openssl-1.0.2g/Makefile.org
-@@ -279,17 +279,17 @@
- build_libssl: build_ssl libssl.pc
-
- build_crypto:
-- @dir=crypto; target=all; $(BUILD_ONE_CMD)
-+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
- build_ssl: build_crypto
-- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
- build_engines: build_crypto
-- @dir=engines; target=all; $(BUILD_ONE_CMD)
-+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
- build_apps: build_libs
-- @dir=apps; target=all; $(BUILD_ONE_CMD)
-+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
- build_tests: build_libs
-- @dir=test; target=all; $(BUILD_ONE_CMD)
-+ +@dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools: build_libs
-- @dir=tools; target=all; $(BUILD_ONE_CMD)
-+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
-
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -544,7 +544,7 @@
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- do \
- if [ -f "$$i" ]; then \
---- openssl-1.0.2g/Makefile.shared
-+++ openssl-1.0.2g/Makefile.shared
-@@ -105,6 +105,7 @@
- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
- LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
- LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
- $${SHAREDCMD} $${SHAREDFLAGS} \
- -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +123,7 @@
- done; \
- fi; \
- if [ -n "$$SHLIB_SOVER" ]; then \
-+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- fi; \
---- openssl-1.0.2g/test/Makefile
-+++ openssl-1.0.2g/test/Makefile
-@@ -139,7 +139,7 @@
- tags:
- ctags $(SRC)
-
--tests: exe apps $(TESTS)
-+tests: exe $(TESTS)
-
- apps:
- @(cd ..; $(MAKE) DIRS=apps all)
-@@ -421,130 +421,130 @@
- link_app.$${shlib_target}
-
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
-- @target=$(RSATEST); $(BUILD_CMD)
-+ +@target=$(RSATEST); $(BUILD_CMD)
-
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
-- @target=$(BNTEST); $(BUILD_CMD)
-+ +@target=$(BNTEST); $(BUILD_CMD)
-
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
-- @target=$(ECTEST); $(BUILD_CMD)
-+ +@target=$(ECTEST); $(BUILD_CMD)
-
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
-- @target=$(EXPTEST); $(BUILD_CMD)
-+ +@target=$(EXPTEST); $(BUILD_CMD)
-
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
-- @target=$(IDEATEST); $(BUILD_CMD)
-+ +@target=$(IDEATEST); $(BUILD_CMD)
-
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
-- @target=$(MD2TEST); $(BUILD_CMD)
-+ +@target=$(MD2TEST); $(BUILD_CMD)
-
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
-- @target=$(SHATEST); $(BUILD_CMD)
-+ +@target=$(SHATEST); $(BUILD_CMD)
-
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
-- @target=$(SHA1TEST); $(BUILD_CMD)
-+ +@target=$(SHA1TEST); $(BUILD_CMD)
-
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
-- @target=$(SHA256TEST); $(BUILD_CMD)
-+ +@target=$(SHA256TEST); $(BUILD_CMD)
-
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
-- @target=$(SHA512TEST); $(BUILD_CMD)
-+ +@target=$(SHA512TEST); $(BUILD_CMD)
-
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
-- @target=$(RMDTEST); $(BUILD_CMD)
-+ +@target=$(RMDTEST); $(BUILD_CMD)
-
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
-- @target=$(MDC2TEST); $(BUILD_CMD)
-+ +@target=$(MDC2TEST); $(BUILD_CMD)
-
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
-- @target=$(MD4TEST); $(BUILD_CMD)
-+ +@target=$(MD4TEST); $(BUILD_CMD)
-
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
-- @target=$(MD5TEST); $(BUILD_CMD)
-+ +@target=$(MD5TEST); $(BUILD_CMD)
-
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
-- @target=$(HMACTEST); $(BUILD_CMD)
-+ +@target=$(HMACTEST); $(BUILD_CMD)
-
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
-- @target=$(WPTEST); $(BUILD_CMD)
-+ +@target=$(WPTEST); $(BUILD_CMD)
-
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
-- @target=$(RC2TEST); $(BUILD_CMD)
-+ +@target=$(RC2TEST); $(BUILD_CMD)
-
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
-- @target=$(BFTEST); $(BUILD_CMD)
-+ +@target=$(BFTEST); $(BUILD_CMD)
-
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
-- @target=$(CASTTEST); $(BUILD_CMD)
-+ +@target=$(CASTTEST); $(BUILD_CMD)
-
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
-- @target=$(RC4TEST); $(BUILD_CMD)
-+ +@target=$(RC4TEST); $(BUILD_CMD)
-
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
-- @target=$(RC5TEST); $(BUILD_CMD)
-+ +@target=$(RC5TEST); $(BUILD_CMD)
-
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
-- @target=$(DESTEST); $(BUILD_CMD)
-+ +@target=$(DESTEST); $(BUILD_CMD)
-
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
-- @target=$(RANDTEST); $(BUILD_CMD)
-+ +@target=$(RANDTEST); $(BUILD_CMD)
-
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
-- @target=$(DHTEST); $(BUILD_CMD)
-+ +@target=$(DHTEST); $(BUILD_CMD)
-
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
-- @target=$(DSATEST); $(BUILD_CMD)
-+ +@target=$(DSATEST); $(BUILD_CMD)
-
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
-- @target=$(METHTEST); $(BUILD_CMD)
-+ +@target=$(METHTEST); $(BUILD_CMD)
-
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
-- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
-- @target=$(ENGINETEST); $(BUILD_CMD)
-+ +@target=$(ENGINETEST); $(BUILD_CMD)
-
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
-- @target=$(EVPTEST); $(BUILD_CMD)
-+ +@target=$(EVPTEST); $(BUILD_CMD)
-
- $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
-- @target=$(EVPEXTRATEST); $(BUILD_CMD)
-+ +@target=$(EVPEXTRATEST); $(BUILD_CMD)
-
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
-- @target=$(ECDSATEST); $(BUILD_CMD)
-+ +@target=$(ECDSATEST); $(BUILD_CMD)
-
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
-- @target=$(ECDHTEST); $(BUILD_CMD)
-+ +@target=$(ECDHTEST); $(BUILD_CMD)
-
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
-- @target=$(IGETEST); $(BUILD_CMD)
-+ +@target=$(IGETEST); $(BUILD_CMD)
-
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
-- @target=$(JPAKETEST); $(BUILD_CMD)
-+ +@target=$(JPAKETEST); $(BUILD_CMD)
-
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
-- @target=$(ASN1TEST); $(BUILD_CMD)
-+ +@target=$(ASN1TEST); $(BUILD_CMD)
-
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
-- @target=$(SRPTEST); $(BUILD_CMD)
-+ +@target=$(SRPTEST); $(BUILD_CMD)
-
- $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
-- @target=$(V3NAMETEST); $(BUILD_CMD)
-+ +@target=$(V3NAMETEST); $(BUILD_CMD)
-
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
-- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-+ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-
- $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
-- @target=$(CONSTTIMETEST) $(BUILD_CMD)
-+ +@target=$(CONSTTIMETEST) $(BUILD_CMD)
-
- $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
-- @target=$(VERIFYEXTRATEST) $(BUILD_CMD)
-+ +@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
-
- $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
-- @target=$(CLIENTHELLOTEST) $(BUILD_CMD)
-+ +@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
-
- $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
-- @target=$(SSLV2CONFTEST) $(BUILD_CMD)
-+ +@target=$(SSLV2CONFTEST) $(BUILD_CMD)
-
- #$(AESTEST).o: $(AESTEST).c
- # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -557,7 +557,7 @@
- # fi
-
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
-- @target=dummytest; $(BUILD_CMD)
-+ +@target=dummytest; $(BUILD_CMD)
-
- # DO NOT DELETE THIS LINE -- make depend depends on it.
-
diff --git a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch
deleted file mode 100644
index ca934c20a674..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch
+++ /dev/null
@@ -1,279 +0,0 @@
-From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Thu, 5 May 2016 11:10:26 +0100
-Subject: [PATCH] Avoid some undefined pointer arithmetic
-
-A common idiom in the codebase is:
-
-if (p + len > limit)
-{
- return; /* Too long */
-}
-
-Where "p" points to some malloc'd data of SIZE bytes and
-limit == p + SIZE
-
-"len" here could be from some externally supplied data (e.g. from a TLS
-message).
-
-The rules of C pointer arithmetic are such that "p + len" is only well
-defined where len <= SIZE. Therefore the above idiom is actually
-undefined behaviour.
-
-For example this could cause problems if some malloc implementation
-provides an address for "p" such that "p + len" actually overflows for
-values of len that are too big and therefore p + len < limit!
-
-Issue reported by Guido Vranken.
-
-CVE-2016-2177
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
----
- ssl/s3_srvr.c | 14 +++++++-------
- ssl/ssl_sess.c | 2 +-
- ssl/t1_lib.c | 56 ++++++++++++++++++++++++++++++--------------------------
- 3 files changed, 38 insertions(+), 34 deletions(-)
-
-diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
-index ab28702..ab7f690 100644
---- a/ssl/s3_srvr.c
-+++ b/ssl/s3_srvr.c
-@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s)
-
- session_length = *(p + SSL3_RANDOM_SIZE);
-
-- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
-+ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s)
- /* get the session-id */
- j = *(p++);
-
-- if (p + j > d + n) {
-+ if ((d + n) - p < j) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s)
-
- if (SSL_IS_DTLS(s)) {
- /* cookie stuff */
-- if (p + 1 > d + n) {
-+ if ((d + n) - p < 1) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
- cookie_len = *(p++);
-
-- if (p + cookie_len > d + n) {
-+ if ((d + n ) - p < cookie_len) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s)
- }
- }
-
-- if (p + 2 > d + n) {
-+ if ((d + n ) - p < 2) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s)
- }
-
- /* i bytes of cipher data + 1 byte for compression length later */
-- if ((p + i + 1) > (d + n)) {
-+ if ((d + n) - p < i + 1) {
- /* not enough data */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
-@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s)
-
- /* compression */
- i = *(p++);
-- if ((p + i) > (d + n)) {
-+ if ((d + n) - p < i) {
- /* not enough data */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
-diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
-index b182998..54ee783 100644
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
- int r;
- #endif
-
-- if (session_id + len > limit) {
-+ if (limit - session_id < len) {
- fatal = 1;
- goto err;
- }
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index fb64607..cdac011 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- 0x02, 0x03, /* SHA-1/ECDSA */
- };
-
-- if (data >= (limit - 2))
-+ if (limit - data <= 2)
- return;
- data += 2;
-
-- if (data > (limit - 4))
-+ if (limit - data < 4)
- return;
- n2s(data, type);
- n2s(data, size);
-@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- if (type != TLSEXT_TYPE_server_name)
- return;
-
-- if (data + size > limit)
-+ if (limit - data < size)
- return;
- data += size;
-
-@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- const size_t len1 = sizeof(kSafariExtensionsBlock);
- const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
-
-- if (data + len1 + len2 != limit)
-+ if (limit - data != (int)(len1 + len2))
- return;
- if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
- return;
-@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- } else {
- const size_t len = sizeof(kSafariExtensionsBlock);
-
-- if (data + len != limit)
-+ if (limit - data != (int)(len))
- return;
- if (memcmp(data, kSafariExtensionsBlock, len) != 0)
- return;
-@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
- if (data == limit)
- goto ri_check;
-
-- if (data > (limit - 2))
-+ if (limit - data < 2)
- goto err;
-
- n2s(data, len);
-
-- if (data + len != limit)
-+ if (limit - data != len)
- goto err;
-
-- while (data <= (limit - 4)) {
-+ while (limit - data >= 4) {
- n2s(data, type);
- n2s(data, size);
-
-- if (data + size > (limit))
-+ if (limit - data < size)
- goto err;
- # if 0
- fprintf(stderr, "Received extension type %d size %d\n", type, size);
-@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
- if (s->hit || s->cert->srv_ext.meths_count == 0)
- return 1;
-
-- if (data >= limit - 2)
-+ if (limit - data <= 2)
- return 1;
- n2s(data, len);
-
-- if (data > limit - len)
-+ if (limit - data < len)
- return 1;
-
-- while (data <= limit - 4) {
-+ while (limit - data >= 4) {
- n2s(data, type);
- n2s(data, size);
-
-- if (data + size > limit)
-+ if (limit - data < size)
- return 1;
- if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0)
- return 0;
-@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
- SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
- # endif
-
-- if (data >= (d + n - 2))
-+ if ((d + n) - data <= 2)
- goto ri_check;
-
- n2s(data, length);
-- if (data + length != d + n) {
-+ if ((d + n) - data != length) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
-
-- while (data <= (d + n - 4)) {
-+ while ((d + n) - data >= 4) {
- n2s(data, type);
- n2s(data, size);
-
-- if (data + size > (d + n))
-+ if ((d + n) - data < size)
- goto ri_check;
-
- if (s->tlsext_debug_cb)
-@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
- /* Skip past DTLS cookie */
- if (SSL_IS_DTLS(s)) {
- i = *(p++);
-- p += i;
-- if (p >= limit)
-+
-+ if (limit - p <= i)
- return -1;
-+
-+ p += i;
- }
- /* Skip past cipher list */
- n2s(p, i);
-- p += i;
-- if (p >= limit)
-+ if (limit - p <= i)
- return -1;
-+ p += i;
-+
- /* Skip past compression algorithm list */
- i = *(p++);
-- p += i;
-- if (p > limit)
-+ if (limit - p < i)
- return -1;
-+ p += i;
-+
- /* Now at start of extensions */
-- if ((p + 2) >= limit)
-+ if (limit - p <= 2)
- return 0;
- n2s(p, i);
-- while ((p + 4) <= limit) {
-+ while (limit - p >= 4) {
- unsigned short type, size;
- n2s(p, type);
- n2s(p, size);
-- if (p + size > limit)
-+ if (limit - p < size)
- return 0;
- if (type == TLSEXT_TYPE_session_ticket) {
- int r;
---
-1.9.1
-
diff --git a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch
deleted file mode 100644
index a64141f308c7..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fdsa%2Fdsa_ossl.c;h=beb62b2ff058d3e2bde0397fbddd355e11cd457b;hp=ce1da1cd6fa121f1ae0961ac2d2e9f81de4d8c9b;hb=399944622df7bd81af62e67ea967c470534090e2;hpb=0a4c87a90c6cf6628c688868cd5f13e4b9a5f19d
-
-diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
-index ce1da1c..beb62b2 100644
---- a/crypto/dsa/dsa_ossl.c
-+++ b/crypto/dsa/dsa_ossl.c
-@@ -248,9 +248,6 @@
- if (!BN_rand_range(&k, dsa->q))
- goto err;
- while (BN_is_zero(&k)) ;
-- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-- BN_set_flags(&k, BN_FLG_CONSTTIME);
-- }
-
- if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
- if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-@@ -238,6 +234,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
- } else {
- K = k;
- }
-+
-+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-+ BN_set_flags(K, BN_FLG_CONSTTIME);
-+ }
-+
- DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
- dsa->method_mont_p);
- if (!BN_mod(r, r, dsa->q, ctx))
diff --git a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
deleted file mode 100644
index 333ae66b5bfa..000000000000
--- a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
+++ /dev/null
@@ -1,254 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
- gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
- kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
- >=dev-lang/perl-5
- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
- test? (
- sys-apps/diffutils
- sys-devel/bc
- )"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
- usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
- # keep this in sync with app-misc/c_rehash
- SSL_CNF_DIR="/etc/ssl"
-
- # Make sure we only ever touch Makefile.org and avoid patching a file
- # that gets blown away anyways by the Configure script in src_configure
- rm -f Makefile
-
- # bugs 585142 and 585276
- epatch "${FILESDIR}"/${P}-CVE-2016-2177.patch
- epatch "${FILESDIR}"/${P}-CVE-2016-2178.patch
-
- if ! use vanilla ; then
- epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
- epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
- epatch "${FILESDIR}"/${PN}-1.0.2g-parallel-build.patch
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
- epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
- epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
- epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
-
- epatch_user #332661
- fi
-
- # disable fips in the build
- # make sure the man pages are suffixed #302165
- # don't bother building man pages if they're disabled
- sed -i \
- -e '/DIRS/s: fips : :g' \
- -e '/^MANSUFFIX/s:=.*:=ssl:' \
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
- -e $(has noman FEATURES \
- && echo '/^install:/s:install_docs::' \
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
- Makefile.org \
- || die
- # show the actual commands in the log
- sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
- # since we're forcing $(CC) as makedep anyway, just fix
- # the conditional as always-on
- # helps clang (#417795), and versioned gcc (#499818)
- sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
- # quiet out unknown driver argument warnings since openssl
- # doesn't have well-split CFLAGS and we're making it even worse
- # and 'make depend' uses -Werror for added fun (#417795 again)
- [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
- # allow openssl to be cross-compiled
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
- chmod a+rx gentoo.config
-
- append-flags -fno-strict-aliasing
- append-flags $(test-flags-CC -Wa,--noexecstack)
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
- sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
- # The config script does stupid stuff to prompt the user. Kill it.
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
- ./config --test-sanity || die "I AM NOT SANE"
-
- multilib_copy_sources
-}
-
-multilib_src_configure() {
- unset APPS #197996
- unset SCRIPTS #312551
- unset CROSS_COMPILE #311473
-
- tc-export CC AR RANLIB RC
-
- # Clean out patent-or-otherwise-encumbered code
- # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
- # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
- # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
- # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
- # RC5: Expired http://en.wikipedia.org/wiki/RC5
-
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
- echoit() { echo "$@" ; "$@" ; }
-
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
- # See if our toolchain supports __uint128_t. If so, it's 64bit
- # friendly and can use the nicely optimized code paths. #460790
- local ec_nistp_64_gcc_128
- # Disable it for now though #469976
- #if ! use bindist ; then
- # echo "__uint128_t i;" > "${T}"/128.c
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
- # fi
- #fi
-
- local sslout=$(./gentoo.config)
- einfo "Use configuration ${sslout:-(openssl knows best)}"
- local config="Configure"
- [[ -z ${sslout} ]] && config="config"
-
- echoit \
- ./${config} \
- ${sslout} \
- $(use cpu_flags_x86_sse2 || echo "no-sse2") \
- enable-camellia \
- $(use_ssl !bindist ec) \
- ${ec_nistp_64_gcc_128} \
- enable-idea \
- enable-mdc2 \
- enable-rc5 \
- enable-tlsext \
- $(use_ssl asm) \
- $(use_ssl gmp gmp -lgmp) \
- $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
- $(use_ssl rfc3779) \
- $(use_ssl sctp) \
- $(use_ssl sslv2 ssl2) \
- $(use_ssl sslv3 ssl3) \
- $(use_ssl tls-heartbeat heartbeats) \
- $(use_ssl zlib) \
- --prefix="${EPREFIX}"/usr \
- --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
- --libdir=$(get_libdir) \
- shared threads \
- || die
-
- # Clean out hardcoded flags that openssl uses
- local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
- -e 's:^CFLAG=::' \
- -e 's:-fomit-frame-pointer ::g' \
- -e 's:-O[0-9] ::g' \
- -e 's:-march=[-a-z0-9]* ::g' \
- -e 's:-mcpu=[-a-z0-9]* ::g' \
- -e 's:-m[a-z0-9]* ::g' \
- )
- sed -i \
- -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
- -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
- Makefile || die
-}
-
-multilib_src_compile() {
- # depend is needed to use $confopts; it also doesn't matter
- # that it's -j1 as the code itself serializes subdirs
- emake -j1 depend
- emake all
- # rehash is needed to prep the certs/ dir; do this
- # separately to avoid parallel build issues.
- emake rehash
-}
-
-multilib_src_test() {
- emake -j1 test
-}
-
-multilib_src_install() {
- emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
- # openssl installs perl version of c_rehash by default, but
- # we provide a shell version via app-misc/c_rehash
- rm "${ED}"/usr/bin/c_rehash || die
-
- dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
- dohtml -r doc/*
- use rfc3779 && dodoc engines/ccgost/README.gost
-
- # This is crappy in that the static archives are still built even
- # when USE=static-libs. But this is due to a failing in the openssl
- # build system: the static archives are built as PIC all the time.
- # Only way around this would be to manually configure+compile openssl
- # twice; once with shared lib support enabled and once without.
- use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
- # create the certs directory
- dodir ${SSL_CNF_DIR}/certs
- cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
- rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
- # Namespace openssl programs to prevent conflicts with other man pages
- cd "${ED}"/usr/share/man
- local m d s
- for m in $(find . -type f | xargs grep -L '#include') ; do
- d=${m%/*} ; d=${d#./} ; m=${m##*/}
- [[ ${m} == openssl.1* ]] && continue
- [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
- mv ${d}/{,ssl-}${m}
- # fix up references to renamed man pages
- sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
- ln -s ssl-${m} ${d}/openssl-${m}
- # locate any symlinks that point to this man page ... we assume
- # that any broken links are due to the above renaming
- for s in $(find -L ${d} -type l) ; do
- s=${s##*/}
- rm -f ${d}/${s}
- ln -s ssl-${m} ${d}/ssl-${s}
- ln -s ssl-${s} ${d}/openssl-${s}
- done
- done
- [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
- dodir /etc/sandbox.d #254521
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
- diropts -m0700
- keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
- ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
- c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
- eend $?
-}
diff --git a/dev-libs/openssl/openssl-1.0.2i.ebuild b/dev-libs/openssl/openssl-1.0.2i.ebuild
deleted file mode 100644
index ce2aa6672be3..000000000000
--- a/dev-libs/openssl/openssl-1.0.2i.ebuild
+++ /dev/null
@@ -1,249 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
- gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
- kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
- >=dev-lang/perl-5
- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
- test? (
- sys-apps/diffutils
- sys-devel/bc
- )"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
- usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
- # keep this in sync with app-misc/c_rehash
- SSL_CNF_DIR="/etc/ssl"
-
- # Make sure we only ever touch Makefile.org and avoid patching a file
- # that gets blown away anyways by the Configure script in src_configure
- rm -f Makefile
-
- if ! use vanilla ; then
- epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
- epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
- epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
- epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
- epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
-
- epatch_user #332661
- fi
-
- # disable fips in the build
- # make sure the man pages are suffixed #302165
- # don't bother building man pages if they're disabled
- sed -i \
- -e '/DIRS/s: fips : :g' \
- -e '/^MANSUFFIX/s:=.*:=ssl:' \
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
- -e $(has noman FEATURES \
- && echo '/^install:/s:install_docs::' \
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
- Makefile.org \
- || die
- # show the actual commands in the log
- sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
- # since we're forcing $(CC) as makedep anyway, just fix
- # the conditional as always-on
- # helps clang (#417795), and versioned gcc (#499818)
- sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
- # quiet out unknown driver argument warnings since openssl
- # doesn't have well-split CFLAGS and we're making it even worse
- # and 'make depend' uses -Werror for added fun (#417795 again)
- [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
- # allow openssl to be cross-compiled
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
- chmod a+rx gentoo.config
-
- append-flags -fno-strict-aliasing
- append-flags $(test-flags-CC -Wa,--noexecstack)
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
- sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
- # The config script does stupid stuff to prompt the user. Kill it.
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
- ./config --test-sanity || die "I AM NOT SANE"
-
- multilib_copy_sources
-}
-
-multilib_src_configure() {
- unset APPS #197996
- unset SCRIPTS #312551
- unset CROSS_COMPILE #311473
-
- tc-export CC AR RANLIB RC
-
- # Clean out patent-or-otherwise-encumbered code
- # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
- # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
- # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
- # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
- # RC5: Expired http://en.wikipedia.org/wiki/RC5
-
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
- echoit() { echo "$@" ; "$@" ; }
-
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
- # See if our toolchain supports __uint128_t. If so, it's 64bit
- # friendly and can use the nicely optimized code paths. #460790
- local ec_nistp_64_gcc_128
- # Disable it for now though #469976
- #if ! use bindist ; then
- # echo "__uint128_t i;" > "${T}"/128.c
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
- # fi
- #fi
-
- local sslout=$(./gentoo.config)
- einfo "Use configuration ${sslout:-(openssl knows best)}"
- local config="Configure"
- [[ -z ${sslout} ]] && config="config"
-
- echoit \
- ./${config} \
- ${sslout} \
- $(use cpu_flags_x86_sse2 || echo "no-sse2") \
- enable-camellia \
- $(use_ssl !bindist ec) \
- ${ec_nistp_64_gcc_128} \
- enable-idea \
- enable-mdc2 \
- enable-rc5 \
- enable-tlsext \
- $(use_ssl asm) \
- $(use_ssl gmp gmp -lgmp) \
- $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
- $(use_ssl rfc3779) \
- $(use_ssl sctp) \
- $(use_ssl sslv2 ssl2) \
- $(use_ssl sslv3 ssl3) \
- $(use_ssl tls-heartbeat heartbeats) \
- $(use_ssl zlib) \
- --prefix="${EPREFIX}"/usr \
- --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
- --libdir=$(get_libdir) \
- shared threads \
- || die
-
- # Clean out hardcoded flags that openssl uses
- local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
- -e 's:^CFLAG=::' \
- -e 's:-fomit-frame-pointer ::g' \
- -e 's:-O[0-9] ::g' \
- -e 's:-march=[-a-z0-9]* ::g' \
- -e 's:-mcpu=[-a-z0-9]* ::g' \
- -e 's:-m[a-z0-9]* ::g' \
- )
- sed -i \
- -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
- -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
- Makefile || die
-}
-
-multilib_src_compile() {
- # depend is needed to use $confopts; it also doesn't matter
- # that it's -j1 as the code itself serializes subdirs
- emake -j1 depend
- emake all
- # rehash is needed to prep the certs/ dir; do this
- # separately to avoid parallel build issues.
- emake rehash
-}
-
-multilib_src_test() {
- emake -j1 test
-}
-
-multilib_src_install() {
- emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
- # openssl installs perl version of c_rehash by default, but
- # we provide a shell version via app-misc/c_rehash
- rm "${ED}"/usr/bin/c_rehash || die
-
- dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
- dohtml -r doc/*
- use rfc3779 && dodoc engines/ccgost/README.gost
-
- # This is crappy in that the static archives are still built even
- # when USE=static-libs. But this is due to a failing in the openssl
- # build system: the static archives are built as PIC all the time.
- # Only way around this would be to manually configure+compile openssl
- # twice; once with shared lib support enabled and once without.
- use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
- # create the certs directory
- dodir ${SSL_CNF_DIR}/certs
- cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
- rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
- # Namespace openssl programs to prevent conflicts with other man pages
- cd "${ED}"/usr/share/man
- local m d s
- for m in $(find . -type f | xargs grep -L '#include') ; do
- d=${m%/*} ; d=${d#./} ; m=${m##*/}
- [[ ${m} == openssl.1* ]] && continue
- [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
- mv ${d}/{,ssl-}${m}
- # fix up references to renamed man pages
- sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
- ln -s ssl-${m} ${d}/openssl-${m}
- # locate any symlinks that point to this man page ... we assume
- # that any broken links are due to the above renaming
- for s in $(find -L ${d} -type l) ; do
- s=${s##*/}
- rm -f ${d}/${s}
- ln -s ssl-${m} ${d}/ssl-${s}
- ln -s ssl-${s} ${d}/openssl-${s}
- done
- done
- [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
- dodir /etc/sandbox.d #254521
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
- diropts -m0700
- keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
- ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
- c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
- eend $?
-}