From 2f210c93c08515a806199783aabe37d12a0197cb Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 30 May 2023 21:21:38 +0100 Subject: gentoo auto-resync : 30:05:2023 - 21:21:38 --- dev-libs/Manifest.gz | Bin 97400 -> 97386 bytes dev-libs/jsoncpp/Manifest | 2 +- dev-libs/jsoncpp/jsoncpp-1.9.5.ebuild | 2 +- dev-libs/libuv/Manifest | 2 +- dev-libs/libuv/libuv-1.45.0.ebuild | 2 +- dev-libs/libyaml/Manifest | 2 +- dev-libs/libyaml/libyaml-0.2.5.ebuild | 2 +- dev-libs/openssl-compat/Manifest | 3 + .../openssl-compat/openssl-compat-1.1.1u.ebuild | 221 +++++++++++++++++ dev-libs/openssl/Manifest | 9 + dev-libs/openssl/openssl-1.1.1u.ebuild | 265 ++++++++++++++++++++ dev-libs/openssl/openssl-3.0.9.ebuild | 273 ++++++++++++++++++++ dev-libs/openssl/openssl-3.1.1.ebuild | 276 +++++++++++++++++++++ 13 files changed, 1053 insertions(+), 6 deletions(-) create mode 100644 dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild create mode 100644 dev-libs/openssl/openssl-1.1.1u.ebuild create mode 100644 dev-libs/openssl/openssl-3.0.9.ebuild create mode 100644 dev-libs/openssl/openssl-3.1.1.ebuild (limited to 'dev-libs') diff --git a/dev-libs/Manifest.gz b/dev-libs/Manifest.gz index c8800fd18894..35c8b90905cc 100644 Binary files a/dev-libs/Manifest.gz and b/dev-libs/Manifest.gz differ diff --git a/dev-libs/jsoncpp/Manifest b/dev-libs/jsoncpp/Manifest index 42cd8862f75d..1a2e1b2e2e63 100644 --- a/dev-libs/jsoncpp/Manifest +++ b/dev-libs/jsoncpp/Manifest @@ -1,3 +1,3 @@ DIST jsoncpp-1.9.5.tar.gz 216055 BLAKE2B 744275297647be8f1ac7bbf6c818e5106fc122591b3fb68c37cf33f5b3b7d6666e8429bb7ca2ae693202a5a83c274303804e21ebb27f05ba235568bf75a9b375 SHA512 1d06e044759b1e1a4cc4960189dd7e001a0a4389d7239a6d59295af995a553518e4e0337b4b4b817e70da5d9731a4c98655af90791b6287870b5ff8d73ad8873 -EBUILD jsoncpp-1.9.5.ebuild 1185 BLAKE2B 94516a04b20a25c6302f15c04c3fafa461ac412cd2b8de9d239ee5c144c5bddb9a4c34e43664c8dee04a2fcef5d95d99041934480d46db02391243b13e5d6bf1 SHA512 27742023f1d3a8cff078872cfd3d1ddd5c17e789825da85722e1922600ff6d298ab39bae2e9b401dcb922ea769d78857d0ab2dc00c461fc853635528fc8a0d99 +EBUILD jsoncpp-1.9.5.ebuild 1198 BLAKE2B cb5f505b556a65b6586173d0e94743d9b1a31c8a5178603472acb66004498f37af5c355d7931bbfbfcea51e515a903fc16e84887bdbbbd468ae899c110ac2f7f SHA512 cc185bc116c080c7c3fec167e28e02162ec124b36406926ed5abf171716ebb04767b9fdbce038d8acc91723691b8b69d9ac1efced2bda6238a224115bdd111b7 MISC metadata.xml 473 BLAKE2B cee9ea6f824489bf51f6c293faff24e62bb8c3457d49638b9547d104bfbed8b5c566e429b4d597dfa9b556955450c758261231ce83ea28216c1386a2d645176b SHA512 f7e2f0a82c5370802072e94a727bcb19d138979ab46670f01bdb17ed19b59f8e79bd28d37a8d939917f108fd4a64f53f67153ceaa9dad393840e9eb0247538e1 diff --git a/dev-libs/jsoncpp/jsoncpp-1.9.5.ebuild b/dev-libs/jsoncpp/jsoncpp-1.9.5.ebuild index eeb0819ba61c..ba865aa3d9e4 100644 --- a/dev-libs/jsoncpp/jsoncpp-1.9.5.ebuild +++ b/dev-libs/jsoncpp/jsoncpp-1.9.5.ebuild @@ -14,7 +14,7 @@ SRC_URI=" LICENSE="|| ( public-domain MIT )" SLOT="0/25" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~ppc-macos ~x64-macos ~x64-solaris" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" IUSE="doc test" RESTRICT="!test? ( test )" diff --git a/dev-libs/libuv/Manifest b/dev-libs/libuv/Manifest index d2b071500cd1..c2fdefee64a1 100644 --- a/dev-libs/libuv/Manifest +++ b/dev-libs/libuv/Manifest @@ -2,6 +2,6 @@ AUX libuv-1.41.0-darwin.patch 1747 BLAKE2B a5a2d3ac70468515e395f69c9a80748d6db26 DIST libuv-1.44.2.tar.gz 1309062 BLAKE2B 883a1fbffcd8f55bf28ea5a79ed18aa3e2f2fac126285e8aca2ef9370eafc62f69f95ddb8bf27d4159e038bfb0a01abafdf0dadbc4309e5d31f0e77057ee84ac SHA512 d21c890787b0b364fafa5fc0cbbff296bc2ca269e1991d2f7f35fcb37b8634da377466f5af5a4245425fcf876ae6870d100ab32b12bce64f8e0b01fd25a1bc83 DIST libuv-1.45.0.tar.gz 1307245 BLAKE2B fcd9aad052cf641e5e974b1e3c47bef7968474f4b0e38363559719a164867ce6e67630c1d0fd0386da22ba5b82e35c6ca946b7509a8a08f08f972388e70a40b9 SHA512 a156dd0ed06bc7c50515f46ef6e5636d870288636f442ce9ec46716e22fdaa664ce49e432f4737c81e9c6013b34ed150e7420ab9fc316ed23281096954359774 EBUILD libuv-1.44.2-r1.ebuild 1132 BLAKE2B 462d64f325ae12da881d7124038f6ada382f5a688222bb2d33d850b7f9004b29df10585eef22c2af61a996f3dd34577d2630e238367206394d9d5679f80efd93 SHA512 0d267c46d2df33bf8f273116c4b621819e19dc5b513c424532efb69f317c9b21d0831e1ab173ca5df5a3e640928726f580b50050d4519643be07c6ca9ace3cb7 -EBUILD libuv-1.45.0.ebuild 1140 BLAKE2B 96ada45e5171ef195eb98ae2caa799f107e10c5c431fe4b4976c1e01063742892ebbdc7524caf1d670b3a536ba3daa7f8b9920734b6d67578dde3213c323e11a SHA512 f176ebc2801e14b8fa9651a5cdc7da587cf55ff896d906210214f3e7dabce2d09fcfe6274480e164e622e2b5897c9ef806a57ef464cbe2b421fcb4d07fa6e322 +EBUILD libuv-1.45.0.ebuild 1153 BLAKE2B d58136a4794a0bcef8bbfdc79711d3e62349d26fd962476eb62f03f132c57088610f858a5e1a8369ead40ef1e8d9a9ea686bf91d95076d4a72c67c708a893fe5 SHA512 5b5294522131084de0ada306eaac10291e5a6c30fd774aa03d3e632f98cd80af0e839936656cdabec65562b8e82865494b91bd6f71ee6d88333e9966aa046ca0 EBUILD libuv-9999.ebuild 1140 BLAKE2B a0e16164a1713792bfd186132f9d981d7554aabc5c5e57dcdbe66e1add0b0dcd60691dc8583a3fa4a952a9946f3a35bb16b94de08b6dc9a2179ecfb2d38c512a SHA512 28e1f90876c2880b7b450205d6441705c11c57c79eb93cc4a4291351a1fef8844a8d49a5877d4af623d61da278912c9019740cd391568203b443818c110d00a5 MISC metadata.xml 1426 BLAKE2B 79a040706bd2e88560fdf7cdd75226c51384f1b27f8f86798f3a694d1d4b02ce309edef4f1921f73e498533e37deff9051ebdaa6ae565defabe9d4546aa33bd4 SHA512 a6fa2c3217de06d7d324b37b00e0cb19e8d0b192cd10736d32f5d459c701c14a6aa296d7d4d292f7c56120953423df0068f3f71495941295c97e86c283b084d3 diff --git a/dev-libs/libuv/libuv-1.45.0.ebuild b/dev-libs/libuv/libuv-1.45.0.ebuild index dc42dde02dd6..0028ef084a43 100644 --- a/dev-libs/libuv/libuv-1.45.0.ebuild +++ b/dev-libs/libuv/libuv-1.45.0.ebuild @@ -13,7 +13,7 @@ if [[ ${PV} = 9999* ]]; then inherit git-r3 else SRC_URI="https://github.com/libuv/libuv/archive/v${PV}.tar.gz -> ${P}.tar.gz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" fi LICENSE="BSD BSD-2 ISC MIT" diff --git a/dev-libs/libyaml/Manifest b/dev-libs/libyaml/Manifest index e79185a1c1fb..7636c0627522 100644 --- a/dev-libs/libyaml/Manifest +++ b/dev-libs/libyaml/Manifest @@ -1,5 +1,5 @@ DIST libyaml-0.2.2.tar.gz 79465 BLAKE2B fd37cac256b40b0c5daa32584d271448e5e1c196a7fa7eeda753fb962c7d916b3c415425170d70db67c3f114b27d03fdd67fb4e380c04027198a601e1bd5a094 SHA512 455494591014a97c4371a1f372ad09f0d6e487e4f1d3419c98e9cd2f16d43a0cf9a0787d7250bebee8b8d400df4626f5acd81e90139e54fa574a66ec84964c06 DIST libyaml-0.2.5.tar.gz 85055 BLAKE2B 71d1a002b8969db96af9e942bf67944acfdf2e740744b1abceacfd1c3bc54d8936d7048760aa81f1cf22518241e9f45ecf95c76d6ac41eefbdf04eb40e16a618 SHA512 a0f01e3fc616b65b18a4aa17692ee8ea1a84dc6387d1cf02ac7ef7ab7f46b9744c2aac0a047ff69d6c2da1d2a2d7b355c877da0db57e34d95cd4f37213ab6e7e EBUILD libyaml-0.2.2.ebuild 948 BLAKE2B bd4a13b058c6cb6b5e10dc8b028be67eb129158e7c421d89e09105ab48527e594321590ad94ceca0e5c22ef79259763bfa1742d60b5fe8d55a4183f906576495 SHA512 74a09e5fef5543b5d959ee2247aed5c2225b63f3e530c8eb816ce8179c668da581af2e24b94225476886caa4f338f36b1e51e1e29e9e3ce65b6e8553d5c724d1 -EBUILD libyaml-0.2.5.ebuild 955 BLAKE2B d48fea71e87027ac7aa1b583d3e7c964bb8d0495eb3925942268e66cbe4cf183f13648703e91cd9c77d7cad793de02fed2e3b4a3acc1cabb734499fc0907b1f2 SHA512 7ae102b183449b9cd44315d60303b1734576343412e1fbc02ff98bbbc3adb56fe020c902a362352fc7d1f12fe0d1a473ab82ad13b8dfe2208433a009cd12ba5f +EBUILD libyaml-0.2.5.ebuild 968 BLAKE2B 973831d74c1b61b3f417037ef2b1df09763627332dfca58ef12604c8d31ff82eb69ac79347e8b7bd10582946b4b49e57c6c5694c45bf9aeeaf46bd68807564a3 SHA512 d9b5e476f372b1fcd77376c3afb4bfb195bd34ad02bea55e0767d764c600b2e39fcc0a7831429f53b43c48bd9fd10536a39f180d7e7831bb51bc173b374b6da5 MISC metadata.xml 327 BLAKE2B 5c2bc536fb78af0fda352538a7ec9f7e6b28bf3378966f0d4e01923867952e46ce7d92eaccbf65d07f0609e2f0f340662fe827ba3f05623a6c6ca2248999fc26 SHA512 9941c37aa7fee1d15c888e2a051f31029dbd14222ad224b6117e91c7a11cfe9e01bf83b0a7ac64405ecfab8cfba5b09018f6cbc3d364125905f796501c2d45ae diff --git a/dev-libs/libyaml/libyaml-0.2.5.ebuild b/dev-libs/libyaml/libyaml-0.2.5.ebuild index c5ea5b579584..966371f62b97 100644 --- a/dev-libs/libyaml/libyaml-0.2.5.ebuild +++ b/dev-libs/libyaml/libyaml-0.2.5.ebuild @@ -11,7 +11,7 @@ SRC_URI="https://github.com/yaml/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" LICENSE="MIT" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" IUSE="doc static-libs test" RESTRICT="!test? ( test )" diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest index d245afabf69f..d87bb3e8362c 100644 --- a/dev-libs/openssl-compat/Manifest +++ b/dev-libs/openssl-compat/Manifest @@ -7,7 +7,10 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b +DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919 +DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28 DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9 EBUILD openssl-compat-1.0.2u-r2.ebuild 7794 BLAKE2B 292aa0999be2c173b86b9324a8e1e73fd536b38af5106d09d776931c8a170808ddf976536d7f88398260e1cda58945fe747255a8f3c2d4432ab4e8ca139e83a4 SHA512 271767ff717c9324a34c3ae1964a6a428f83e97d002be6df797cadc809768a198ab090cb313e5aa3bc9fd22d029f2cf17c3612f51e154e140a552bfdf9cb55f2 EBUILD openssl-compat-1.1.1t.ebuild 6556 BLAKE2B 8fc47dd1300fcb5558c7dce745700d7306893d817c83177598bfc3d5e80467359688e42688c4f0b29393058c264a7641e3cfe3e2e439ba55dd410d93346e8b7b SHA512 7ebac003cf144379663c92ad98a8d9fc362a564d4b6b2983dc855ce759f694c23c870e062fe6083c701251245248d2ff9d26dada83d214a42cda3050c5222749 +EBUILD openssl-compat-1.1.1u.ebuild 6556 BLAKE2B 8fc47dd1300fcb5558c7dce745700d7306893d817c83177598bfc3d5e80467359688e42688c4f0b29393058c264a7641e3cfe3e2e439ba55dd410d93346e8b7b SHA512 7ebac003cf144379663c92ad98a8d9fc362a564d4b6b2983dc855ce759f694c23c870e062fe6083c701251245248d2ff9d26dada83d214a42cda3050c5222749 MISC metadata.xml 1223 BLAKE2B db6fe704a4a09590821cd011556759cfd60543fd531fef3bd233378f396ac5e67c7d834eee4e544995c3af02dc9f222ac787e0b8a1c48a6cadd06541c81372fb SHA512 3cd0b3d8ba2c2c31d3240a080c0edf61a3b090adb4bb14c3b79c9cd1f0c0ac332a9c9457b218a09fb9192cc82004dba57cd4cac404fdd5ddfe4f0c7780b596cd diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild new file mode 100644 index 000000000000..f1ff4defc6a7 --- /dev/null +++ b/dev-libs/openssl-compat/openssl-compat-1.1.1u.ebuild @@ -0,0 +1,221 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc +inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig + +MY_P=openssl-${PV/_/-} +DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)" +HOMEPAGE="https://www.openssl.org/" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" +S="${WORKDIR}/${MY_P}" + +LICENSE="openssl" +SLOT="$(ver_cut 1-3)" +if [[ ${PV} != *_pre* ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" +fi +IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" +RESTRICT="!test? ( test )" + +RDEPEND=" + !=dev-libs/openssl-1.1.1*:0 + tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + sys-devel/bc + kernel_linux? ( sys-process/procps ) + ) + verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" + +# Do not install any docs +DOCS=() + +PATCHES=( + # General patches which are suitable to always apply + # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare! + "${FILESDIR}"/${PN/-compat}-1.1.0j-parallel_install_fix.patch # bug #671602 + "${FILESDIR}"/${PN/-compat}-1.1.1i-riscv32.patch +) + +pkg_setup() { + [[ ${MERGE_TYPE} == binary ]] && return + + # must check in pkg_setup; sysctl doesn't work with userpriv! + if use test && use sctp; then + # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" + # if sctp.auth_enable is not enabled. + local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) + if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then + die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" + fi + fi +} + +src_prepare() { + # Allow openssl to be cross-compiled + cp "${FILESDIR}"/gentoo.config-1.0.4 gentoo.config || die + chmod a+rx gentoo.config || die + + # Keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + PATCHES+=( + # Add patches which are Gentoo-specific customisations here + ) + fi + + default + + if use test && use sctp && has network-sandbox ${FEATURES}; then + einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." + rm test/recipes/80-test_ssl_new.t || die + fi + + # Quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (bug #417795 again) + tc-is-clang && append-flags -Qunused-arguments + + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/18225 + # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing + append-flags -fno-strict-aliasing + + append-cppflags -DOPENSSL_NO_BUF_FREELISTS + + append-flags $(test-flags-CC -Wa,--noexecstack) + + # Remove test target when FEATURES=test isn't set + if ! use test ; then + sed \ + -e '/^$config{dirs}/s@ "test",@@' \ + -i Configure || die + fi + + if use prefix && [[ ${CHOST} == *-solaris* ]] ; then + # use GNU ld full option, not to confuse it on Solaris + sed -i \ + -e 's/-Wl,-M,/-Wl,--version-script=/' \ + -e 's/-Wl,-h,/-Wl,--soname=/' \ + Configurations/10-main.conf || die + + # fix building on Solaris 10 + # https://github.com/openssl/openssl/issues/6333 + sed -i \ + -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \ + Configurations/10-main.conf || die + fi + + local sslout=$(./gentoo.config) + einfo "Using configuration: ${sslout:-(openssl knows best)}" + local config="perl Configure" + [[ -z ${sslout} ]] && config="sh config -v" + + # The config script does stupid stuff to prompt the user. Kill it. + sed -i '/stty -icanon min 0 time 50; read waste/d' config || die + edo ${config} ${sslout} --test-sanity + + multilib_copy_sources +} + +multilib_src_configure() { + # bug #197996 + unset APPS + # bug #312551 + unset SCRIPTS + # bug #311473 + unset CROSS_COMPILE + + tc-export AR CC CXX RANLIB RC + + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths, bug #460790. + #local ec_nistp_64_gcc_128 + # + # Disable it for now though (bug #469976) + # Do NOT re-enable without substantial discussion first! + # + #echo "__uint128_t i;" > "${T}"/128.c + #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + #fi + + local sslout=$(./gentoo.config) + einfo "Use configuration ${sslout:-(openssl knows best)}" + local config="perl Configure" + [[ -z ${sslout} ]] && config="sh config -v" + + # "disable-deprecated" option breaks too many consumers. + # Don't set it without thorough revdeps testing. + # Make sure user flags don't get added *yet* to avoid duplicated + # flags. + local myeconfargs=( + ${sslout} + + $(use cpu_flags_x86_sse2 || echo "no-sse2") + enable-camellia + enable-ec + enable-ec2m + enable-sm2 + enable-srp + $(use elibc_musl && echo "no-async") + ${ec_nistp_64_gcc_128} + enable-idea + enable-mdc2 + enable-rc5 + $(use_ssl sslv3 ssl3) + $(use_ssl sslv3 ssl3-method) + $(use_ssl asm) + $(use_ssl rfc3779) + $(use_ssl sctp) + $(use test || echo "no-tests") + $(use_ssl tls-compression zlib) + $(use_ssl tls-heartbeat heartbeats) + $(use_ssl weak-ssl-ciphers) + + --prefix="${EPREFIX}"/usr + --openssldir="${EPREFIX}"${SSL_CNF_DIR} + --libdir=$(get_libdir) + + shared + threads + ) + + edo ${config} "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake all +} + +multilib_src_test() { + emake -j1 test +} + +multilib_src_install() { + dolib.so lib{crypto,ssl}.so.$(ver_cut 1-2 "${SLOT}") +} diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index 10b5b3c56d4b..165f4d2a4ae2 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -19,13 +19,22 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b +DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919 +DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28 DIST openssl-3.0.8.tar.gz 15151328 BLAKE2B e163cc9b8b458f72405a2f1bde3811c8d0eb22e8b08ff5608ec64799975f1546dcdce31466b8a1d5ed29bc90d19aa6017d711987c81b71f4b20e279828cf753a SHA512 8ce10be000d7d4092c8efc5b96b1d2f7da04c1c3a624d3a7923899c6b1de06f369016be957e36e8ab6d4c9102eaeec5d1973295d547f7893a7f11f132ae42b0d DIST openssl-3.0.8.tar.gz.asc 833 BLAKE2B 1949801150e254e9be648f33014a4a16f803b42ca5a302c3942d377013e983e0ea0cca8aed594e3f9ecde26c6e31d222581e991af5fae6cd451d7ee83541f4bb SHA512 e1c04f1179aded228b39005fd9e9f6f75aedafb938b77ac58c97a00973eb412d93b92ad1c447332a5d96850b62b01093502928e6c190bdd0234a94c4e815d2a6 +DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9dab5eab2e1c8f74e6a74fa2c38207817921b65d7293cb241c190a910191c7163600bb75243adde0e2f9ec31cc885 SHA512 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a +DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf DIST openssl-3.1.0.tar.gz 15525381 BLAKE2B 9212a7fb13f6dee7746721ee406af56ae1b48ec58974c002465d2b0205839eb5ee0483383aa9924fc3e4168ebd34e1a5819480cf10aa318994d7171e54c07108 SHA512 71cc75c7700f445c616e382b76263ad2e4072beec0232458baf3d9891b8b64a7ad0cac4b4d24b727b2b7dcd100c78606fd48eba98a67eccd5f336e3d626ca713 DIST openssl-3.1.0.tar.gz.asc 488 BLAKE2B f4a844e3db2c2bdf42b6f811d16cc2077cacf713d20474d94e2d0180a6f97eadf4f03522e9fed478d263d680d88091dc2bc48e7ebb15d049bc57ee7ed64c7fbb SHA512 8d542e6471b745822d6cd889c5b168841b4366ee9a96edc2ab5b44fa1bd1b75308422aed312f1bd6e6a3c3e306eceaa95ce9bb4d0aa3e8ff86cb0fd92a7e61ea +DIST openssl-3.1.1.tar.gz 15544757 BLAKE2B 094f7e28f16de6528016fcd21df1d7382b0dbdcd80ec469d37add9c37f638c059dda3ffb4415eba890a33d146ddc9016bcc7192df101c73be5e70faf6e3b1097 SHA512 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9 +DIST openssl-3.1.1.tar.gz.asc 833 BLAKE2B 5a2a9aeb475b843862e133d53bc5bb3c8e12e8e03b1e2da41d0eaa0eade1ae03c4318ad1f5c490c5e1ed7e6ac6275a6d7c881d99993911722b043b15d1622b25 SHA512 83349020c67e5b956f3ef37604a03a1970ea393f862691f5fd5d85930c01e559e25db17d397d8fd230c3862a8b2fba2d5c7df883d56d7472f4c01dab3a661cb2 EBUILD openssl-1.0.2u-r1.ebuild 9993 BLAKE2B 2128588b25f90830c4b9120a0e5aa079b127c28aaa590a65900d735999ce777bd8a5f04de75ba476cf5062f3d862021654a2e41a800a0f06359aaa9947269d5b SHA512 e37897b8262f7365aa6484252cbd6b56567552ec90fb299518479cb91f9b88490324c426716cc2ae4facb8d479753d8dacce56a6676adb3afd66558ce693543a EBUILD openssl-1.1.1t-r1.ebuild 7919 BLAKE2B 2cdf1786b0ec0f7efcb74e8636e2ca37a0e26cebe5db07914791ce9e612dca1ea5cb6f4a53f2c26936b0aff1141c264d328211af412e28be1a8e896de4af6e21 SHA512 364e2eab610cf6f57591956c5d52618fc103e24a55e5d0d1e73c691fffe4a4dae5189045cc892a703efccb0e981124d41e0822347f41934cf7674cf56e12145f EBUILD openssl-1.1.1t-r3.ebuild 8240 BLAKE2B 39fca6bb87a1e9ec112518fa01a2ce871daa44ff6536708ef03906dde1eadd8f53d480c69f3a6bcacbf541affeb9af3cc6719e94479c93d50c8fb2dcb565c40f SHA512 f793d361cb98ea89706ec4bd0442e30671f623efb815a846557f7ba514d25bede9ed8f7a7b62c5400ea2a8674de3659bbe276dd1138748116d9d651dd755308b +EBUILD openssl-1.1.1u.ebuild 8051 BLAKE2B 7eb925e20d9d73f269fe8bbef94492aa5f60db08713a7c9975b16de015bf6ebb3b0849c41aabff1e349fc609904a7e5bff862669eb6ccaabe42ef2387f9c4689 SHA512 e252c1e5a718751dcf8eb475f1988271ac6ff139316a1105685effcab469049cc1a0d7e0c2854d7425cb86a1fcca9bdf1ec58e14e7205db1004de52f583e9880 EBUILD openssl-3.0.8-r4.ebuild 8359 BLAKE2B bf0308b0c9a37d8cba6437cad2de049cb48482e856fc810a8cd195324561c883f31bdd3978c85e79cd08ff8dadc101946ecd020365fe4bdaa27e7131d2b91857 SHA512 92caeadf8e63479ca5a6789ac3bfdfd34359855e958644d341f4ec32ee027cd3000c938bf81d706a3ec00386e138ec2c88d1e8a98c6df3e47c2b4f0656c5ba15 +EBUILD openssl-3.0.9.ebuild 8103 BLAKE2B 033ec46a6826fc50f581b50b08b7e6b655a50680caaf4fc8e0c3f18c1a2dd3fa8852d908e26e40c43e7b63b4e099a19ff74375257b8e13cb9e74e418dea526cd SHA512 1bc180f1ce3991b5b4eca175aa62592ff5eb6808933885f263e4343fd4b1b6edce3a0edfe3dc343a46ab04464a9a98299d02e4b9f7e66810d64add280e0b1656 EBUILD openssl-3.1.0-r3.ebuild 8393 BLAKE2B 5a0b57a5272298a9d81c2f01a39e7a8cb429d4795bdc8b348c6112677085c15c14f3c7b52d55f0282b464dc60cff401d510dfad0178527eefe3fa8419ea54d46 SHA512 09d8a0db1d941bf1d20d0cf89509b1d827155089bbd4ca4d8bcf03a597c6959ecbe7a3c554bb33503588b323b28a199be908e231966241c565278a190df10f39 +EBUILD openssl-3.1.1.ebuild 8137 BLAKE2B f903d9c357211ab49424fee06f1f5cf6e44d4b52e301af7fb8d369f4e4508fe64256d4200e48bbc16a59b4dfc23ce233e673e362745693cade8f5876bbe058aa SHA512 48e85eccc77acbff6ec91181f21881e3abbc85ac845fa5d18cb7cd1fa6b85aa4d9dcce17096804aec325e768d9247c86364c297a5e6510ce76b9319342970273 MISC metadata.xml 1664 BLAKE2B cf9d4613e5387e7ec0787b1a6c137baa71effb8458fa63b5dea0be4d5cf7c8607257262dbf89dcc0c3db7b17b10232d32902b7569827bd4f2717b3ef7dffaaa9 SHA512 01deef1de981201c14101630d2a4ae270abcac9a4b27b068359d76f63aeb6075aceb33db60175c105294cb7045aae389168f4cf1edf0f6e3656ccc2fe92e9c92 diff --git a/dev-libs/openssl/openssl-1.1.1u.ebuild b/dev-libs/openssl/openssl-1.1.1u.ebuild new file mode 100644 index 000000000000..0c49ead419ee --- /dev/null +++ b/dev-libs/openssl/openssl-1.1.1u.ebuild @@ -0,0 +1,265 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc +inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig + +MY_P=${P/_/-} +DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)" +HOMEPAGE="https://www.openssl.org/" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" +S="${WORKDIR}/${MY_P}" + +LICENSE="openssl" +SLOT="0/1.1" # .so version of libssl/libcrypto +if [[ ${PV} != *_pre* ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi +IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" +RESTRICT="!test? ( test )" + +RDEPEND=" + tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND}" +BDEPEND=" + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + sys-devel/bc + kernel_linux? ( sys-process/procps ) + ) + verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" +PDEPEND="app-misc/ca-certificates" + +# force upgrade to prevent broken login, bug #696950 +RDEPEND+=" !/dev/null) + if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then + die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" + fi + fi +} + +src_unpack() { + # Can delete this once test fix patch is dropped + if use verify-sig ; then + # Needed for downloaded patch (which is unsigned, which is fine) + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + fi + + default +} + +src_prepare() { + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + PATCHES+=( + # Add patches which are Gentoo-specific customisations here + ) + fi + + default + + if use test && use sctp && has network-sandbox ${FEATURES}; then + einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." + rm test/recipes/80-test_ssl_new.t || die + fi + + # Test fails depending on kernel configuration, bug #699134 + rm test/recipes/30-test_afalg.t || die + + # Remove test target when FEATURES=test isn't set + if ! use test ; then + sed \ + -e '/^$config{dirs}/s@ "test",@@' \ + -i Configure || die + fi + + if use prefix && [[ ${CHOST} == *-solaris* ]] ; then + # use GNU ld full option, not to confuse it on Solaris + sed -i \ + -e 's/-Wl,-M,/-Wl,--version-script=/' \ + -e 's/-Wl,-h,/-Wl,--soname=/' \ + Configurations/10-main.conf || die + fi + + # The config script does stupid stuff to prompt the user. Kill it. + sed -i '/stty -icanon min 0 time 50; read waste/d' config || die +} + +src_configure() { + # Keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (bug #417795 again) + tc-is-clang && append-flags -Qunused-arguments + + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/18225 + # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing + append-flags -fno-strict-aliasing + # The OpenSSL developers don't test with LTO right now, it leads to various + # warnings/errors (which may or may not be false positives), it's considered + # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. + filter-lto + + append-cppflags -DOPENSSL_NO_BUF_FREELISTS + + append-flags $(test-flags-CC -Wa,--noexecstack) + + # bug #197996 + unset APPS + # bug #312551 + unset SCRIPTS + # bug #311473 + unset CROSS_COMPILE + + tc-export AR CC CXX RANLIB RC + + multilib-minimal_src_configure +} + +multilib_src_configure() { + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths, bug #460790. + #local ec_nistp_64_gcc_128 + # + # Disable it for now though (bug #469976) + # Do NOT re-enable without substantial discussion first! + # + #echo "__uint128_t i;" > "${T}"/128.c + #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + #fi + + local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") + einfo "Use configuration ${sslout:-(openssl knows best)}" + local config=( perl "${S}/Configure" ) + [[ -z ${sslout} ]] && config=( sh "${S}/config" -v ) + + # "disable-deprecated" option breaks too many consumers. + # Don't set it without thorough revdeps testing. + # Make sure user flags don't get added *yet* to avoid duplicated + # flags. + local myeconfargs=( + ${sslout} + + $(use cpu_flags_x86_sse2 || echo "no-sse2") + enable-camellia + enable-ec + enable-ec2m + enable-sm2 + enable-srp + $(use elibc_musl && echo "no-async") + ${ec_nistp_64_gcc_128} + enable-idea + enable-mdc2 + enable-rc5 + $(use_ssl sslv3 ssl3) + $(use_ssl sslv3 ssl3-method) + $(use_ssl asm) + $(use_ssl rfc3779) + $(use_ssl sctp) + $(use test || echo "no-tests") + $(use_ssl tls-compression zlib) + $(use_ssl tls-heartbeat heartbeats) + $(use_ssl weak-ssl-ciphers) + + --prefix="${EPREFIX}"/usr + --openssldir="${EPREFIX}"${SSL_CNF_DIR} + --libdir=$(get_libdir) + + shared + threads + ) + + edo "${config[@]}" "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake all +} + +multilib_src_test() { + emake -j1 test +} + +multilib_src_install() { + emake DESTDIR="${D}" install_sw + + if multilib_is_native_abi; then + emake DESTDIR="${D}" install_ssldirs + emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs + fi + + # This is crappy in that the static archives are still built even + # when USE=static-libs. But this is due to a failing in the openssl + # build system: the static archives are built as PIC all the time. + # Only way around this would be to manually configure+compile openssl + # twice; once with shared lib support enabled and once without. + if ! use static-libs; then + rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die + fi +} + +multilib_src_install_all() { + # openssl installs perl version of c_rehash by default, but + # we provide a shell version via app-misc/c_rehash + rm "${ED}"/usr/bin/c_rehash || die + + dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el + + # Create the certs directory + keepdir ${SSL_CNF_DIR}/certs + + # bug #254521 + dodir /etc/sandbox.d + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl + + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_postinst() { + ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" + openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" + eend $? +} diff --git a/dev-libs/openssl/openssl-3.0.9.ebuild b/dev-libs/openssl/openssl-3.0.9.ebuild new file mode 100644 index 000000000000..becca7515681 --- /dev/null +++ b/dev-libs/openssl/openssl-3.0.9.ebuild @@ -0,0 +1,273 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc +inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig + +DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" +HOMEPAGE="https://www.openssl.org/" + +MY_P=${P/_/-} + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/openssl/openssl.git" + + inherit git-r3 +else + SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos" +fi + +S="${WORKDIR}"/${MY_P} + +LICENSE="Apache-2.0" +SLOT="0/3" # .so version of libssl/libcrypto +IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" +RESTRICT="!test? ( test )" + +COMMON_DEPEND=" + tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) +" +BDEPEND=" + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + sys-devel/bc + sys-process/procps + ) + verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" + +DEPEND="${COMMON_DEPEND}" +RDEPEND="${COMMON_DEPEND}" +PDEPEND="app-misc/ca-certificates" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/openssl/configuration.h +) + +pkg_setup() { + if use ktls ; then + if kernel_is -lt 4 18 ; then + ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" + else + CONFIG_CHECK="~TLS ~TLS_DEVICE" + ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" + ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" + use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" + + linux-info_pkg_setup + fi + fi + + [[ ${MERGE_TYPE} == binary ]] && return + + # must check in pkg_setup; sysctl doesn't work with userpriv! + if use test && use sctp ; then + # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" + # if sctp.auth_enable is not enabled. + local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) + if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then + die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" + fi + fi +} + +src_unpack() { + # Can delete this once test fix patch is dropped + if use verify-sig ; then + # Needed for downloaded patch (which is unsigned, which is fine) + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + fi + + default +} + +src_prepare() { + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + PATCHES+=( + # Add patches which are Gentoo-specific customisations here + ) + fi + + default + + if use test && use sctp && has network-sandbox ${FEATURES} ; then + einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." + rm test/recipes/80-test_ssl_new.t || die + fi + + # Test fails depending on kernel configuration, bug #699134 + rm test/recipes/30-test_afalg.t || die +} + +src_configure() { + # Keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (bug #417795 again) + tc-is-clang && append-flags -Qunused-arguments + + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/18225 + # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing + append-flags -fno-strict-aliasing + # The OpenSSL developers don't test with LTO right now, it leads to various + # warnings/errors (which may or may not be false positives), it's considered + # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. + filter-lto + + append-flags $(test-flags-CC -Wa,--noexecstack) + + # bug #197996 + unset APPS + # bug #312551 + unset SCRIPTS + # bug #311473 + unset CROSS_COMPILE + + tc-export AR CC CXX RANLIB RC + + multilib-minimal_src_configure +} + +multilib_src_configure() { + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths, bug #460790. + #local ec_nistp_64_gcc_128 + # + # Disable it for now though (bug #469976) + # Do NOT re-enable without substantial discussion first! + # + #echo "__uint128_t i;" > "${T}"/128.c + #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + #fi + + local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") + einfo "Using configuration: ${sslout:-(openssl knows best)}" + + # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features + local myeconfargs=( + ${sslout} + + $(use cpu_flags_x86_sse2 || echo "no-sse2") + enable-camellia + enable-ec + enable-ec2m + enable-sm2 + enable-srp + $(use elibc_musl && echo "no-async") + enable-idea + enable-mdc2 + enable-rc5 + $(use fips && echo "enable-fips") + $(use_ssl asm) + $(use_ssl ktls) + $(use_ssl rfc3779) + $(use_ssl sctp) + $(use test || echo "no-tests") + $(use_ssl tls-compression zlib) + $(use_ssl weak-ssl-ciphers) + + --prefix="${EPREFIX}"/usr + --openssldir="${EPREFIX}"${SSL_CNF_DIR} + --libdir=$(get_libdir) + + shared + threads + ) + + edo perl "${S}/Configure" "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake build_sw + + if multilib_is_native_abi; then + emake build_docs + fi +} + +multilib_src_test() { + # VFP = show subtests verbosely and show failed tests verbosely + # Normal V=1 would show everything verbosely but this slows things down. + emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test +} + +multilib_src_install() { + emake DESTDIR="${D}" install_sw + if use fips; then + emake DESTDIR="${D}" install_fips + # Regen this in pkg_preinst, bug 900625 + rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die + fi + + if multilib_is_native_abi; then + emake DESTDIR="${D}" install_ssldirs + emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs + fi + + # This is crappy in that the static archives are still built even + # when USE=static-libs. But this is due to a failing in the openssl + # build system: the static archives are built as PIC all the time. + # Only way around this would be to manually configure+compile openssl + # twice; once with shared lib support enabled and once without. + if ! use static-libs ; then + rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die + fi +} + +multilib_src_install_all() { + # openssl installs perl version of c_rehash by default, but + # we provide a shell version via app-misc/c_rehash + rm "${ED}"/usr/bin/c_rehash || die + + dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el + + # Create the certs directory + keepdir ${SSL_CNF_DIR}/certs + + # bug #254521 + dodir /etc/sandbox.d + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl + + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_preinst() { + if use fips; then + # Regen fipsmodule.cnf, bug 900625 + ebegin "Running openssl fipsinstall" + "${ED}/usr/bin/openssl" fipsinstall -quiet \ + -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ + -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" + eend $? + fi +} + +pkg_postinst() { + ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" + openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" + eend $? +} diff --git a/dev-libs/openssl/openssl-3.1.1.ebuild b/dev-libs/openssl/openssl-3.1.1.ebuild new file mode 100644 index 000000000000..66fb41062dec --- /dev/null +++ b/dev-libs/openssl/openssl-3.1.1.ebuild @@ -0,0 +1,276 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc +inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig + +DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" +HOMEPAGE="https://www.openssl.org/" + +MY_P=${P/_/-} + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/openssl/openssl.git" + + inherit git-r3 +else + SRC_URI=" + mirror://openssl/source/${MY_P}.tar.gz + verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc ) + " + #KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi + +S="${WORKDIR}"/${MY_P} + +LICENSE="Apache-2.0" +SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto +IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" +RESTRICT="!test? ( test )" + +COMMON_DEPEND=" + !=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) +" +BDEPEND=" + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + sys-devel/bc + sys-process/procps + ) + verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" + +DEPEND="${COMMON_DEPEND}" +RDEPEND="${COMMON_DEPEND}" +PDEPEND="app-misc/ca-certificates" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/openssl/configuration.h +) + +pkg_setup() { + if use ktls ; then + if kernel_is -lt 4 18 ; then + ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" + else + CONFIG_CHECK="~TLS ~TLS_DEVICE" + ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" + ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" + use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" + + linux-info_pkg_setup + fi + fi + + [[ ${MERGE_TYPE} == binary ]] && return + + # must check in pkg_setup; sysctl doesn't work with userpriv! + if use test && use sctp ; then + # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" + # if sctp.auth_enable is not enabled. + local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) + if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then + die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" + fi + fi +} + +src_unpack() { + # Can delete this once test fix patch is dropped + if use verify-sig ; then + # Needed for downloaded patch (which is unsigned, which is fine) + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + fi + + default +} + +src_prepare() { + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + PATCHES+=( + # Add patches which are Gentoo-specific customisations here + ) + fi + + default + + if use test && use sctp && has network-sandbox ${FEATURES} ; then + einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." + rm test/recipes/80-test_ssl_new.t || die + fi + + # Test fails depending on kernel configuration, bug #699134 + rm test/recipes/30-test_afalg.t || die +} + +src_configure() { + # Keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (bug #417795 again) + tc-is-clang && append-flags -Qunused-arguments + + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/18225 + # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing + append-flags -fno-strict-aliasing + # The OpenSSL developers don't test with LTO right now, it leads to various + # warnings/errors (which may or may not be false positives), it's considered + # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. + filter-lto + + append-flags $(test-flags-CC -Wa,--noexecstack) + + # bug #197996 + unset APPS + # bug #312551 + unset SCRIPTS + # bug #311473 + unset CROSS_COMPILE + + tc-export AR CC CXX RANLIB RC + + multilib-minimal_src_configure +} + +multilib_src_configure() { + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths, bug #460790. + #local ec_nistp_64_gcc_128 + # + # Disable it for now though (bug #469976) + # Do NOT re-enable without substantial discussion first! + # + #echo "__uint128_t i;" > "${T}"/128.c + #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + #fi + + local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") + einfo "Using configuration: ${sslout:-(openssl knows best)}" + + # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features + local myeconfargs=( + ${sslout} + + $(use cpu_flags_x86_sse2 || echo "no-sse2") + enable-camellia + enable-ec + enable-ec2m + enable-sm2 + enable-srp + $(use elibc_musl && echo "no-async") + enable-idea + enable-mdc2 + enable-rc5 + $(use fips && echo "enable-fips") + $(use_ssl asm) + $(use_ssl ktls) + $(use_ssl rfc3779) + $(use_ssl sctp) + $(use test || echo "no-tests") + $(use_ssl tls-compression zlib) + $(use_ssl weak-ssl-ciphers) + + --prefix="${EPREFIX}"/usr + --openssldir="${EPREFIX}"${SSL_CNF_DIR} + --libdir=$(get_libdir) + + shared + threads + ) + + edo perl "${S}/Configure" "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake build_sw + + if multilib_is_native_abi; then + emake build_docs + fi +} + +multilib_src_test() { + # VFP = show subtests verbosely and show failed tests verbosely + # Normal V=1 would show everything verbosely but this slows things down. + emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test +} + +multilib_src_install() { + emake DESTDIR="${D}" install_sw + if use fips; then + emake DESTDIR="${D}" install_fips + # Regen this in pkg_preinst, bug 900625 + rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die + fi + + if multilib_is_native_abi; then + emake DESTDIR="${D}" install_ssldirs + emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs + fi + + # This is crappy in that the static archives are still built even + # when USE=static-libs. But this is due to a failing in the openssl + # build system: the static archives are built as PIC all the time. + # Only way around this would be to manually configure+compile openssl + # twice; once with shared lib support enabled and once without. + if ! use static-libs ; then + rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die + fi +} + +multilib_src_install_all() { + # openssl installs perl version of c_rehash by default, but + # we provide a shell version via app-misc/c_rehash + rm "${ED}"/usr/bin/c_rehash || die + + dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el + + # Create the certs directory + keepdir ${SSL_CNF_DIR}/certs + + # bug #254521 + dodir /etc/sandbox.d + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl + + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_preinst() { + if use fips; then + # Regen fipsmodule.cnf, bug 900625 + ebegin "Running openssl fipsinstall" + "${ED}/usr/bin/openssl" fipsinstall -quiet \ + -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ + -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" + eend $? + fi +} + +pkg_postinst() { + ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" + openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" + eend $? +} -- cgit v1.2.3