diff options
author | Thomas Deutschmann <whissi@gentoo.org> | 2019-08-23 19:39:44 +0200 |
---|---|---|
committer | Thomas Deutschmann <whissi@gentoo.org> | 2019-08-23 20:10:19 +0200 |
commit | 4e35a9430566547f4abd646a92718325311ba5c3 (patch) | |
tree | 76964fcac39b45add892e6f88928791f52eb06b1 | |
parent | dev-libs/openssl: fix fuzz test (diff) | |
download | gentoo-4e35a943.tar.gz gentoo-4e35a943.tar.bz2 gentoo-4e35a943.zip |
dev-libs/openssl: synchronize v1.1.0x with v1.1.1x
Backport commit 604d5b3e0de296fc6fa6f05007b196f9860974e6.
Package-Manager: Portage-2.3.72, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
-rw-r--r-- | dev-libs/openssl/Manifest | 4 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-1.1.0k-r1.ebuild | 78 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-1.1.1c-r1.ebuild (renamed from dev-libs/openssl/openssl-1.1.1c.ebuild) | 7 |
3 files changed, 36 insertions, 53 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index 321134adc244..5f6b9b906021 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -13,10 +13,8 @@ DIST openssl-1.1.0j.tar.gz 5411919 BLAKE2B 0fbd936f38d30b64bea717a67cd59704c5ce4 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 +DIST openssl-1.1.0k-bindist-1.0.tar.xz 11716 BLAKE2B c491ba0899c44dbcc63f85b255548c439c965a20a04ac2a6324a4122c4691b7c95ec18e62be6d708a7ea62ea197d32e5091987cb5043969878f89e5bc26243d4 SHA512 1d5bc9d7b24cf55d32d996e2421d43a1218b605720293f00d07814afb481387856f0dc000ad3c3e4cba2361055668cfe79a945be44ab85a249555f37e683a909 DIST openssl-1.1.0k.tar.gz 5287321 BLAKE2B fce40a399f5a08d5fe183dfcaab11b211d982885fb9888b25fa41bdd9919ecd203fca6f573363cfb42c9a0776ae69ea50b0f144227a3f28ca0dbadf878d396bc SHA512 65f41a240a97d79504c0e1391fde8ac8692f0993437cdc35e4bc964ecc36e5ef75a62499c4c6cb4ce63f892135e06dba2d3594c8869d935554296fa3c6ccd822 -DIST openssl-1.1.0k_d2ede125556ac99aa0faa7744c703af3f559094e_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457 -DIST openssl-1.1.0k_d2ede125556ac99aa0faa7744c703af3f559094e_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b -DIST openssl-1.1.0k_d2ede125556ac99aa0faa7744c703af3f559094e_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 DIST openssl-1.1.1-ec-curves.patch 7265 BLAKE2B 04725d226c430132cf54afbfaa30a82f8f8bbfd3608823d1d0cd42c3c13f417e90762759da3134d7b0c4373e531925db337b681340f2f284cb2f16a4caef22e3 SHA512 de4d0f1635740c57217836a476c420141c0d34a5f90cbf7957aed7a80e7ac9ca036de2d8448e6bf4c122999e308730575899f61cea6e51ab6825dd04890d75a1 DIST openssl-1.1.1b.tar.gz 8213737 BLAKE2B 7ad9da9548052e2a033a684038f97c420cfffd57994604bcb3fa12640796c8c0aea3d24fb05648ee4940fbec40b81462e81c353da5a41a2575c0585d9718eae8 SHA512 b54025fbb4fe264466f3b0d762aad4be45bd23cd48bdb26d901d4c41a40bfd776177e02230995ab181a695435039dbad313f4b9a563239a70807a2e19ecf045d DIST openssl-1.1.1b_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415 diff --git a/dev-libs/openssl/openssl-1.1.0k-r1.ebuild b/dev-libs/openssl/openssl-1.1.0k-r1.ebuild index f8ee7f735875..937d3b7ed11f 100644 --- a/dev-libs/openssl/openssl-1.1.0k-r1.ebuild +++ b/dev-libs/openssl/openssl-1.1.0k-r1.ebuild @@ -6,14 +6,25 @@ EAPI="7" inherit flag-o-matic toolchain-funcs multilib multilib-minimal MY_P=${P/_/-} + +# This patch set is based on the following files from Fedora 31, +# see https://src.fedoraproject.org/rpms/openssl/blob/f28/f/openssl.spec +# for more details: +# - hobble-openssl (SOURCE1) +# - ec_curve.c (SOURCE12) +# - ectest.c (SOURCE13) +# - openssl-1.1.0-ec-curves.patch (PATCH37) -- MODIFIED +BINDIST_PATCH_SET="openssl-1.1.0k-bindist-1.0.tar.xz" + DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )" LICENSE="openssl" SLOT="0/1.1" # .so version of libssl/libcrypto KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux" -IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib" +IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib" RESTRICT="!bindist? ( bindist )" RDEPEND=">=app-misc/c_rehash-1.7-r1 @@ -28,28 +39,6 @@ BDEPEND=" )" PDEPEND="app-misc/ca-certificates" -# This does not copy the entire Fedora patchset, but JUST the parts that -# are needed to make it safe to use EC with RESTRICT=bindist. -# See openssl.spec for the matching numbering of SourceNNN, PatchNNN -SOURCE1=hobble-openssl -SOURCE12=ec_curve.c -SOURCE13=ectest.c -PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC -PATCH37=openssl-1.1.0-ec-curves.patch -FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/' -FEDORA_GIT_BRANCH='f28' -FEDORA_GIT_COMMIT="d2ede125556ac99aa0faa7744c703af3f559094e" -FEDORA_SRC_URI=() -FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 ) -FEDORA_PATCH=( $PATCH1 $PATCH37 ) -for i in "${FEDORA_SOURCE[@]}" ; do - FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${P}_${FEDORA_GIT_COMMIT}_${i}" ) -done -for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix - FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${i%.patch}_${FEDORA_GIT_COMMIT}.patch" ) -done -SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )" - PATCHES=( "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 @@ -64,34 +53,29 @@ MULTILIB_WRAPPED_HEADERS=( src_prepare() { if use bindist; then - # we need to patch the patch but we cannot patch in DISTDIR... - mkdir "${WORKDIR}"/fedora_patches || die - for i in "${FEDORA_PATCH[@]}" ; do - cp "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch" "${WORKDIR}"/fedora_patches || die + mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die + bash "${WORKDIR}"/hobble-openssl || die + + cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die + cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die + + eapply "${WORKDIR}"/bindist-patches/ec-curves.patch + + local known_failing_test + for known_failing_test in \ + 30-test_evp_extra.t \ + 80-test_ssl_new.t \ + ; do + ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist" + rm test/recipes/${known_failing_test} || die + eend $? done - # now patch the path, due to OpenSSL change cb193560e0da17a41b40ce574a2349f1d4d59ed1 - sed -i -e 's#test/evptests.txt#test/recipes/30-test_evp_data/evppkey.txt#g' \ - "${WORKDIR}"/fedora_patches/openssl-1.1.0-build_d2ede125556ac99aa0faa7744c703af3f559094e.patch || \ - die - - # This just removes the prefix, and puts it into WORKDIR like the RPM. - for i in "${FEDORA_SOURCE[@]}" ; do - cp -f "${DISTDIR}"/"${P}_${FEDORA_GIT_COMMIT}_${i}" "${WORKDIR}"/"${i}" || die - done - # .spec %prep - bash "${WORKDIR}"/"${SOURCE1}" || die - cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die - cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die - for i in "${FEDORA_PATCH[@]}" ; do - #eapply "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch" - eapply "${WORKDIR}/fedora_patches/${i%.patch}_${FEDORA_GIT_COMMIT}.patch" - done # Also see the configure parts below: # enable-ec \ # $(use_ssl !bindist ec2m) \ - fi + # keep this in sync with app-misc/c_rehash SSL_CNF_DIR="/etc/ssl" @@ -205,6 +189,8 @@ multilib_src_configure() { enable-idea \ enable-mdc2 \ enable-rc5 \ + $(use_ssl sslv3 ssl3) \ + $(use_ssl sslv3 ssl3-method) \ $(use_ssl asm) \ $(use_ssl rfc3779) \ $(use_ssl sctp) \ diff --git a/dev-libs/openssl/openssl-1.1.1c.ebuild b/dev-libs/openssl/openssl-1.1.1c-r1.ebuild index 1071017accec..683c57075663 100644 --- a/dev-libs/openssl/openssl-1.1.1c.ebuild +++ b/dev-libs/openssl/openssl-1.1.1c-r1.ebuild @@ -1,7 +1,7 @@ # Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI="7" inherit flag-o-matic toolchain-funcs multilib multilib-minimal @@ -18,7 +18,8 @@ BINDIST_PATCH_SET="openssl-1.1.1c-bindist-1.0.tar.xz" DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )" LICENSE="openssl" SLOT="0/1.1" # .so version of libssl/libcrypto @@ -43,8 +44,6 @@ PATCHES=( "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 ) -SRC_URI+=" bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )" - S="${WORKDIR}/${MY_P}" MULTILIB_WRAPPED_HEADERS=( |