diff options
author | V3n3RiX <venerix@koprulu.sector> | 2023-10-03 05:47:57 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2023-10-03 05:47:57 +0100 |
commit | b2b21ac05f4c298db348c97a3566bcf712492610 (patch) | |
tree | 6002165b4787305d52495256b01ea7e5573d34e2 /dev-libs/openssl | |
parent | d0855bf65db64f2452deea64fe76e06eaac9987c (diff) |
gentoo auto-resync : 03:10:2023 - 05:47:56
Diffstat (limited to 'dev-libs/openssl')
-rw-r--r-- | dev-libs/openssl/Manifest | 23 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-1.1.1u.ebuild | 2 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-1.1.1v.ebuild | 265 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-1.1.1w.ebuild | 2 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-3.0.10.ebuild | 2 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-3.0.11.ebuild | 2 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-3.0.9-r1.ebuild | 2 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-3.0.9-r2.ebuild | 2 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-3.1.1-r1.ebuild | 288 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-3.1.1-r2.ebuild | 293 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-3.1.2.ebuild | 2 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-3.1.3.ebuild | 2 |
12 files changed, 16 insertions, 869 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index d1b5c7a6b88c..45221acdb647 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -11,8 +11,6 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919 DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28 -DIST openssl-1.1.1v.tar.gz 9893443 BLAKE2B 9b3066d1911466dec909052667aafe9b974d2fa0a9798105b7501d62300e5a61a154fb94e633e46918303e9fcc1afc077e6efb5727eb967b75a795d8e2ed60a7 SHA512 1a67340d99026aa62bf50ff89165d9f77fe4a6690fe30d1751b5021dd3f238391afd581b41724687c322c4e3af1770c44a63766a06e9b8cab6425101153e0c7e -DIST openssl-1.1.1v.tar.gz.asc 833 BLAKE2B a851629231591679c37a53342a7da565879fe626ce56ee586184c6e3694ee9cb15cf10b52e6ef17eac6cb25b66e3d50d1a703d42a5056a51f1567178956bfb11 SHA512 3e188f60d57f844fda6e6382623cb082e18d7caec38f9e6ab13d8d101ca0b0d234cfd7aba041ab975d5cd168c1ec0f147ff8a77e515a416461bfd108cb4244e0 DIST openssl-1.1.1w.tar.gz 9893384 BLAKE2B 2fdba6ca0188928ab2f74e606136afca66cfa0467170fa6298ef160b64ac6fdcad1e81e5dd14013ce0e9921d0f7417edec531cd0beaf1196fec704c2c6d48395 SHA512 b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d DIST openssl-1.1.1w.tar.gz.asc 833 BLAKE2B d990be69ed913509d52b78e7473668429d4485adb29ef03e4612dd0cadbac4f04c7289d8e5baf6f397bcedeaac9f802f18fc719964d882ae0514ed1ca16ae277 SHA512 0f3d7aa48b1cabf8dd43e8108aeed10a4dffb4f5a244d4da9c86ea358b0c8b90c46da561d21e01c567c2f5035d824ed82ec104aad1776b7f33a1be85990e98ef DIST openssl-3.0.10.tar.gz 15194904 BLAKE2B 8bb3bd02b8dc64441ebfea98c4778d3ee0794540186904371a5aed81cb4f6d6903809bf97faafbc2a719617353234484f0d610f2806621229131fdad343f7231 SHA512 fc12f3beed5e2d2f4767aeb772ceb6ba26f6cbfabc247765854108266b27a1223134f0e81735867a9069bc9c07a14b9816e85903cef91bd1b90f781f0b98b61a @@ -21,22 +19,17 @@ DIST openssl-3.0.11.tar.gz 15198318 BLAKE2B e522573aa72c8f6ffef82f20de36178fc6f9 DIST openssl-3.0.11.tar.gz.asc 833 BLAKE2B e6e2636d5bb5fffb86833e64437fb440bbfd1c4e2bfbfdd72280cf1ce388b70d30eeea56ef6f3bb673e7dcd12020d993ef95f96bf099ded38e8cde4b549b38fa SHA512 3c1fe94fc46861870d99d1edcfe3c151272f7864dde36b66e87a0c79d2289e9ed5cfc48bfa65ba0e88eadcb3cc8307d702e01155f48af8ffc2d4f8fbbf3aa03c DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9dab5eab2e1c8f74e6a74fa2c38207817921b65d7293cb241c190a910191c7163600bb75243adde0e2f9ec31cc885 SHA512 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf -DIST openssl-3.1.1.tar.gz 15544757 BLAKE2B 094f7e28f16de6528016fcd21df1d7382b0dbdcd80ec469d37add9c37f638c059dda3ffb4415eba890a33d146ddc9016bcc7192df101c73be5e70faf6e3b1097 SHA512 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9 -DIST openssl-3.1.1.tar.gz.asc 833 BLAKE2B 5a2a9aeb475b843862e133d53bc5bb3c8e12e8e03b1e2da41d0eaa0eade1ae03c4318ad1f5c490c5e1ed7e6ac6275a6d7c881d99993911722b043b15d1622b25 SHA512 83349020c67e5b956f3ef37604a03a1970ea393f862691f5fd5d85930c01e559e25db17d397d8fd230c3862a8b2fba2d5c7df883d56d7472f4c01dab3a661cb2 DIST openssl-3.1.2.tar.gz 15560427 BLAKE2B 7b4ba35df7d5680c5f13a1986e4c6abaf4592690647dcfa84d7f14c196326355e8ad0ea62f81f8269f0605f0d29f18e9def9c2158fcbe00baefabf819f82374d SHA512 9f41113e5537aee4c3f92711ff85fa12da080363fef0c8b8b34e5b3fc608473c6e4cadd9d8c78f2fcbe97462e51f26a0bb6781656a69ad40226e68af2cf2c762 DIST openssl-3.1.2.tar.gz.asc 833 BLAKE2B aba3207c5eafaafc34bea078a9684612f7d9b4c5a888a27781cfe2421d27de6c2af3539abfc6efdac81ab0b923b7044a9b764902aa76edfd44ce5979f871a8b9 SHA512 fe143d2d90de1d3d30590ef9801185f8d2837668474ef3879d409bd4eb9417a127dee6c2a4e45076aa3ae3e443bfedd24de434ba4cf3ea0589c113990345a9ce DIST openssl-3.1.3.tar.gz 15561739 BLAKE2B a279a5c80191b95ca735aed20beb56ab899ee302258ce3529c377820739bf55075537cd900b06b3ca07b85efdce95cb081bcad1dfd4d33f81695c7ef0cefdf03 SHA512 2388eaa8e99acf1e8af4691a645b9b9af456900c74959e82d4cb02808301e11dcfecc86954a922262b16fa4b664b459894d133ab7d35ec82e1633a33194b7b20 DIST openssl-3.1.3.tar.gz.asc 833 BLAKE2B 27427a4523c9fa9f9ffc0e00d6492e4bab4cd0d24ebf903fee05197c5089c4d201a76ef0073e856bedd86abf54ae01491e78d259eedf21a4797eee6c9cbd8fcf SHA512 0b8f12dd8623160f7358c24a8f36edb5d8c3460d1f7d711e1367051b172d9ac90c2c7c4980da1aa9f9c89d72384a034fe888b109650156fa197c363a14337127 EBUILD openssl-1.0.2u-r1.ebuild 9993 BLAKE2B 2128588b25f90830c4b9120a0e5aa079b127c28aaa590a65900d735999ce777bd8a5f04de75ba476cf5062f3d862021654a2e41a800a0f06359aaa9947269d5b SHA512 e37897b8262f7365aa6484252cbd6b56567552ec90fb299518479cb91f9b88490324c426716cc2ae4facb8d479753d8dacce56a6676adb3afd66558ce693543a -EBUILD openssl-1.1.1u.ebuild 8043 BLAKE2B 6c19ba4e37ff0942992c2fd639840301900ff3c68dfb8f3c0ce295e58aa1717c4ed68f620e7fb29ec4fdc8f05c3ae8ff36bdb4e41ad55a19d8ca1de018e7401f SHA512 db2d39ab22c9a2e35497b74cde43c656c78e3e8015eaff5598b2a56100d8ba236a05d98945253ebcdd90b56a93fd2895d96f205bfc66f3b7c89a6b26f4b16a28 -EBUILD openssl-1.1.1v.ebuild 8051 BLAKE2B 27fa7e805f68c0e8e0c4e50df1f5a4097c08af675b0456ef2852816a665eebbcac37533fa1044093d0712efd93cd2b156cc51232397d44ba4462e4068f9c642e SHA512 70c85b6028ea7ee19227527379e5ec91ef47390faaedf6b06165634b00742d42ae6961786056dd557da98f2b4cae5e879a3331b4846b14eed4528885eec20bca -EBUILD openssl-1.1.1w.ebuild 8051 BLAKE2B 27fa7e805f68c0e8e0c4e50df1f5a4097c08af675b0456ef2852816a665eebbcac37533fa1044093d0712efd93cd2b156cc51232397d44ba4462e4068f9c642e SHA512 70c85b6028ea7ee19227527379e5ec91ef47390faaedf6b06165634b00742d42ae6961786056dd557da98f2b4cae5e879a3331b4846b14eed4528885eec20bca -EBUILD openssl-3.0.10.ebuild 8525 BLAKE2B 236e32172e0f4e3eb7b6c4b98b7ff34ae98dc79a39f4d13c165b545947b54524ed735b5d2bb591917c3d9fcbfc2277d428e6984636189e007b2916a8220128ad SHA512 0836ed537a6398c6b10c6007b62f05c312301955803e22ebe4b36c6039283021ed688bbd8d2f33c52aaeccecc52aefcf19493941ef7fb72dc9dac12e964b74f3 -EBUILD openssl-3.0.11.ebuild 8533 BLAKE2B 38a0bee55a6cdd1f6eae0f8288df82fa66a857846d85c88670872a78b2fa1bd01c380c828dc5bdf0a892f41f6ae5ddd95eb0731374eda5fab59348cd8a80a200 SHA512 c08fb6671c9c1bc58480291843a70d37b908eb9e8664eeae1a0a29b4c592e9e7b95dc11f29ff9ca6eefa8b8e74c88cd2de3ae6745591b00b3974b58397702343 -EBUILD openssl-3.0.9-r1.ebuild 8490 BLAKE2B ba9e5ee5633b3c1bb2b9129142757cff35eaf28183d118a0339c617e520f0c86fca9cd6f4f2696c9bd35c860e10b7e6e56d91d4d43e5e1fdb91a2b0fff8a3afd SHA512 67401d7cbffd2c2b53dcf9e3ac076fa15f4c3051f7d4be1d914220b79d1818eb860e136c96b4a3c742dcd27df8ec21ec52b3658efb91c17732e6e7a6248ddaad -EBUILD openssl-3.0.9-r2.ebuild 8583 BLAKE2B 8d1ced5dffdabbe0f63ac79b4e3739a61e7c7f534d3f2d7d26f9818ee3dadd87fa26ec4c81066af3f9128e8ee6d4b802844a5c3f641a1eea546c92712f9c2aa3 SHA512 5bca3c8df0d3d2f36fca349fa2901990ba6e5a120aded696093afa5cadcdfb3e550512b9bd58b2ac014508c80dff2464fbcb74659e997c3eabac7d0c8da5bfbb -EBUILD openssl-3.1.1-r1.ebuild 8531 BLAKE2B 67643a995e293072f9c30787d95dd4f67a28a5d96c7e771b94c58df59cc6d1bbedd1c982bf6dfa27394a8285f1d5d854ac49d5c39f86127d52e620fa03a58b7b SHA512 7cbab87a59866ee6dc0f3660ddecf62d149e707ca8ea0c7627c40ceda02260cbe4ca63ff169f88c3070278d8d79be2b117910ef27bff2293dab076853a8667b9 -EBUILD openssl-3.1.1-r2.ebuild 8624 BLAKE2B 09de30addbfc7655aa4897a2d3cd84c400d018fc249fdd45e9aa0a8efa29a58c78f55a458777f7a9939e70e310e806cb3c3e84f52a6c6945ca98ead8a86b386f SHA512 75d2bb956155ea22fce102309cbdc60e1fccfcb8746ea042a88dfcd3f59e295b4cd066177a5e0c7ab4dcab507ec8c1fae5060402e0622d75a4ae6e10a7b8d759 -EBUILD openssl-3.1.2.ebuild 8579 BLAKE2B aa919a057031f3176ad0cd479e90ca05b26b26597676a6836395d254c1ec16e18d14751d6072f9ed106fd060c1ba8b6a46c2ae2ac2cc664b98af04ddbd71d2ca SHA512 d5f719d36a296797e0354267c7d02e23ed89ba9a1d488d9147d2c9fa80fd9145185e7197a550d6669a82e8b3670fc3fb583e2f02d968fb114190b9ddee0aad3d -EBUILD openssl-3.1.3.ebuild 8579 BLAKE2B aa919a057031f3176ad0cd479e90ca05b26b26597676a6836395d254c1ec16e18d14751d6072f9ed106fd060c1ba8b6a46c2ae2ac2cc664b98af04ddbd71d2ca SHA512 d5f719d36a296797e0354267c7d02e23ed89ba9a1d488d9147d2c9fa80fd9145185e7197a550d6669a82e8b3670fc3fb583e2f02d968fb114190b9ddee0aad3d +EBUILD openssl-1.1.1u.ebuild 8046 BLAKE2B ce0b11e91b2b901675f8651c741207c0f26291a84f4dfc9e8f5916bc5e82415e8bb4dab057e416ef5e4c79f01551c63bff12ca39dc8d36a71abe891334a732fe SHA512 c36ae6f86830ce41b699277faabb662684b4ae70f223a7dad7f925353b1b5190e531dfdcf42d29f4edb6e0b4ea40177c66d8c2c8405111774d9a127431c4742a +EBUILD openssl-1.1.1w.ebuild 8054 BLAKE2B 20c1fed9799369fde0813ba1be90353ffb4983eb5235125cf1871d6b3849b6cc8f50f146e0987d1e6e5c9500416b66aee7908a2ea78dbc11b14b534e994d3274 SHA512 4639f887eb41fa838e7c4f623e599bbffdc0cb003860c97ee3755f89b07d6c032d1ff4ab457427829eef79dfc8675d0843f5aeffc0e07f28c9690e4f06566a8a +EBUILD openssl-3.0.10.ebuild 8528 BLAKE2B a4195c916d91f1074946899c35e07f064f56e74f2de05b47681a3e4f7568a5cb485d34f229afb7c715927952c70ed069561ece17a654a309e21f5b8d6d29f77f SHA512 9d760d8249e935e47d66d8336c494edd2cbbf0166703bfd98952592f40bcc6616340ae43eb874b2241b36dd07ab695f6f386c8065c429b6abb2ec63743044c46 +EBUILD openssl-3.0.11.ebuild 8536 BLAKE2B 72b03f892402785131ef8e4e65ce706e4b4de764ccc05034b77ded23f320dbc260e408793b90268e3b02330bf18b355dad2866e8f09ade59b039a1a943024ed9 SHA512 caeede0e828d3f4ad00d86c7a117b691c19edd8c91b1ffd2ffb10ec034cf8cdd1670842319203e30c672ffd1d0dfc0ba1a8f39055edacfa7829196870735c32c +EBUILD openssl-3.0.9-r1.ebuild 8493 BLAKE2B 851fac7d928f0f9cde96ac4a3fa1cd6002e501ee8070def2869cb68280c70bb9e393a9edae4391a1a3e0649d8fdc8066c46eedfbe0c7ec028b2a312798f368ba SHA512 579257ff9e960c42f91f407ced21cd44eef33f171e7e9d726a4e8b3d6e7f46e2afdd94edbd6d0514dac1927d660abef180d68126b3c26a0ff05df6ecdc65ac72 +EBUILD openssl-3.0.9-r2.ebuild 8586 BLAKE2B 958142587d7f69df7ba8d6cb4ae36537e51b5edad32156141587b4367ae0e49c00f797b80ffc0731901dedeaf211a4c5282712e86fb25e0ebc590d791139acc4 SHA512 c2c1840cc0fe24a49ecf206fd3e37c28e8654d205092d4d6232164d908349d8f52955781918da2560fa9ce8c73f0371cca8def0915f21c064199eb8a8f8872ba +EBUILD openssl-3.1.2.ebuild 8582 BLAKE2B 1ce521d304575b61b85ceb8a416f393bbea1d2d254d055a3820c3b61d829a6f51617d381ed9ab12651fe96fe432ad10575f2ba2d48c3f40546cb7ac4c974d791 SHA512 1693b8566af7ff16543188af28fbb86ddf4f274ea6f9e5d787e7e02afe1a3561c4801a2012de46d2c5a3bc48f655f65d6550553fb9582d4e60cc6667a7b9deb3 +EBUILD openssl-3.1.3.ebuild 8582 BLAKE2B 1ce521d304575b61b85ceb8a416f393bbea1d2d254d055a3820c3b61d829a6f51617d381ed9ab12651fe96fe432ad10575f2ba2d48c3f40546cb7ac4c974d791 SHA512 1693b8566af7ff16543188af28fbb86ddf4f274ea6f9e5d787e7e02afe1a3561c4801a2012de46d2c5a3bc48f655f65d6550553fb9582d4e60cc6667a7b9deb3 MISC metadata.xml 1664 BLAKE2B cf9d4613e5387e7ec0787b1a6c137baa71effb8458fa63b5dea0be4d5cf7c8607257262dbf89dcc0c3db7b17b10232d32902b7569827bd4f2717b3ef7dffaaa9 SHA512 01deef1de981201c14101630d2a4ae270abcac9a4b27b068359d76f63aeb6075aceb33db60175c105294cb7045aae389168f4cf1edf0f6e3656ccc2fe92e9c92 diff --git a/dev-libs/openssl/openssl-1.1.1u.ebuild b/dev-libs/openssl/openssl-1.1.1u.ebuild index 90cdec1ab00b..c90541dca291 100644 --- a/dev-libs/openssl/openssl-1.1.1u.ebuild +++ b/dev-libs/openssl/openssl-1.1.1u.ebuild @@ -67,7 +67,7 @@ src_unpack() { # Can delete this once test fix patch is dropped if use verify-sig ; then # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc} fi default diff --git a/dev-libs/openssl/openssl-1.1.1v.ebuild b/dev-libs/openssl/openssl-1.1.1v.ebuild deleted file mode 100644 index 6a237499b429..000000000000 --- a/dev-libs/openssl/openssl-1.1.1v.ebuild +++ /dev/null @@ -1,265 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig - -MY_P=${P/_/-} -DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" -S="${WORKDIR}/${MY_P}" - -LICENSE="openssl" -SLOT="0/1.1" # .so version of libssl/libcrypto -if [[ ${PV} != *_pre* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" -fi -IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -RDEPEND=" - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" -DEPEND="${RDEPEND}" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - kernel_linux? ( sys-process/procps ) - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )" -PDEPEND="app-misc/ca-certificates" - -# force upgrade to prevent broken login, bug #696950 -RDEPEND+=" !<net-misc/openssh-8.0_p1-r3" - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -PATCHES=( - # General patches which are suitable to always apply - # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare! - "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602 - "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch -) - -pkg_setup() { - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES}; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Test fails depending on kernel configuration, bug #699134 - rm test/recipes/30-test_afalg.t || die - - # Remove test target when FEATURES=test isn't set - if ! use test ; then - sed \ - -e '/^$config{dirs}/s@ "test",@@' \ - -i Configure || die - fi - - if use prefix && [[ ${CHOST} == *-solaris* ]] ; then - # use GNU ld full option, not to confuse it on Solaris - sed -i \ - -e 's/-Wl,-M,/-Wl,--version-script=/' \ - -e 's/-Wl,-h,/-Wl,--soname=/' \ - Configurations/10-main.conf || die - fi - - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - # The OpenSSL developers don't test with LTO right now, it leads to various - # warnings/errors (which may or may not be false positives), it's considered - # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. - filter-lto - - append-cppflags -DOPENSSL_NO_BUF_FREELISTS - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config=( perl "${S}/Configure" ) - [[ -z ${sslout} ]] && config=( sh "${S}/config" -v ) - - # "disable-deprecated" option breaks too many consumers. - # Don't set it without thorough revdeps testing. - # Make sure user flags don't get added *yet* to avoid duplicated - # flags. - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - ${ec_nistp_64_gcc_128} - enable-idea - enable-mdc2 - enable-rc5 - $(use_ssl sslv3 ssl3) - $(use_ssl sslv3 ssl3-method) - $(use_ssl asm) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl tls-heartbeat heartbeats) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo "${config[@]}" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake all -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake DESTDIR="${D}" install_sw - - if multilib_is_native_abi; then - emake DESTDIR="${D}" install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? -} diff --git a/dev-libs/openssl/openssl-1.1.1w.ebuild b/dev-libs/openssl/openssl-1.1.1w.ebuild index 6a237499b429..7440cf3d3dcc 100644 --- a/dev-libs/openssl/openssl-1.1.1w.ebuild +++ b/dev-libs/openssl/openssl-1.1.1w.ebuild @@ -67,7 +67,7 @@ src_unpack() { # Can delete this once test fix patch is dropped if use verify-sig ; then # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc} fi default diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild index 4251a16a6dea..b469b0b55dc6 100644 --- a/dev-libs/openssl/openssl-3.0.10.ebuild +++ b/dev-libs/openssl/openssl-3.0.10.ebuild @@ -81,7 +81,7 @@ src_unpack() { # Can delete this once test fix patch is dropped if use verify-sig ; then # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc} fi default diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild index 5d69a16c495e..9d573d00feeb 100644 --- a/dev-libs/openssl/openssl-3.0.11.ebuild +++ b/dev-libs/openssl/openssl-3.0.11.ebuild @@ -81,7 +81,7 @@ src_unpack() { # Can delete this once test fix patch is dropped if use verify-sig ; then # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc} fi default diff --git a/dev-libs/openssl/openssl-3.0.9-r1.ebuild b/dev-libs/openssl/openssl-3.0.9-r1.ebuild index 7f042b6d39c0..766737ef1a4b 100644 --- a/dev-libs/openssl/openssl-3.0.9-r1.ebuild +++ b/dev-libs/openssl/openssl-3.0.9-r1.ebuild @@ -81,7 +81,7 @@ src_unpack() { # Can delete this once test fix patch is dropped if use verify-sig ; then # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc} fi default diff --git a/dev-libs/openssl/openssl-3.0.9-r2.ebuild b/dev-libs/openssl/openssl-3.0.9-r2.ebuild index e4516c8a708f..72845dd2599a 100644 --- a/dev-libs/openssl/openssl-3.0.9-r2.ebuild +++ b/dev-libs/openssl/openssl-3.0.9-r2.ebuild @@ -86,7 +86,7 @@ src_unpack() { # Can delete this once test fix patch is dropped if use verify-sig ; then # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc} fi default diff --git a/dev-libs/openssl/openssl-3.1.1-r1.ebuild b/dev-libs/openssl/openssl-3.1.1-r1.ebuild deleted file mode 100644 index 7f787b960f44..000000000000 --- a/dev-libs/openssl/openssl-3.1.1-r1.ebuild +++ /dev/null @@ -1,288 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs -inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://www.openssl.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI=" - mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc ) - " - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - !<net-misc/openssh-9.2_p1-r3 - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Test fails depending on kernel configuration, bug #699134 - rm test/recipes/30-test_afalg.t || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - # The OpenSSL developers don't test with LTO right now, it leads to various - # warnings/errors (which may or may not be false positives), it's considered - # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. - filter-lto - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #895308 - append-atomic-flags - # Configure doesn't respect LIBS - export LDLIBS="${LIBS}" - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test -} - -multilib_src_install() { - emake DESTDIR="${D}" install_sw - if use fips; then - emake DESTDIR="${D}" install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi - - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? - - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} diff --git a/dev-libs/openssl/openssl-3.1.1-r2.ebuild b/dev-libs/openssl/openssl-3.1.1-r2.ebuild deleted file mode 100644 index cfa017e58411..000000000000 --- a/dev-libs/openssl/openssl-3.1.1-r2.ebuild +++ /dev/null @@ -1,293 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs -inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://www.openssl.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI=" - mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc ) - " - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - !<net-misc/openssh-9.2_p1-r3 - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -PATCHES=( - "${FILESDIR}"/${P}-CVE-2023-2975.patch - "${FILESDIR}"/${P}-CVE-2023-3446.patch -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Test fails depending on kernel configuration, bug #699134 - rm test/recipes/30-test_afalg.t || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - # The OpenSSL developers don't test with LTO right now, it leads to various - # warnings/errors (which may or may not be false positives), it's considered - # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. - filter-lto - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #895308 - append-atomic-flags - # Configure doesn't respect LIBS - export LDLIBS="${LIBS}" - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test -} - -multilib_src_install() { - emake DESTDIR="${D}" install_sw - if use fips; then - emake DESTDIR="${D}" install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi - - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? - - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} diff --git a/dev-libs/openssl/openssl-3.1.2.ebuild b/dev-libs/openssl/openssl-3.1.2.ebuild index cbdd13f19657..67cd58d980dc 100644 --- a/dev-libs/openssl/openssl-3.1.2.ebuild +++ b/dev-libs/openssl/openssl-3.1.2.ebuild @@ -84,7 +84,7 @@ src_unpack() { # Can delete this once test fix patch is dropped if use verify-sig ; then # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc} fi default diff --git a/dev-libs/openssl/openssl-3.1.3.ebuild b/dev-libs/openssl/openssl-3.1.3.ebuild index cbdd13f19657..67cd58d980dc 100644 --- a/dev-libs/openssl/openssl-3.1.3.ebuild +++ b/dev-libs/openssl/openssl-3.1.3.ebuild @@ -84,7 +84,7 @@ src_unpack() { # Can delete this once test fix patch is dropped if use verify-sig ; then # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc} fi default |