diff options
author | Karel Kočí <cynerd@email.cz> | 2020-01-20 21:00:57 +0100 |
---|---|---|
committer | Karel Kočí <cynerd@email.cz> | 2020-01-20 21:00:57 +0100 |
commit | 9d1f1ee2148466f9264266b32cbad6f9f56ab97c (patch) | |
tree | 6c91277e5a679a5fb1a423faf1aab3d911ab9c9b | |
parent | 77c3ac9eaa64c82509fa1591a12878bb08cb87c5 (diff) | |
download | gentoo-personal-overlay-9d1f1ee2148466f9264266b32cbad6f9f56ab97c.tar.gz gentoo-personal-overlay-9d1f1ee2148466f9264266b32cbad6f9f56ab97c.tar.bz2 gentoo-personal-overlay-9d1f1ee2148466f9264266b32cbad6f9f56ab97c.zip |
dev-libs/openssl-compat: update to 1.0.2u
-rw-r--r-- | dev-libs/openssl-compat/Manifest | 2 | ||||
-rw-r--r-- | dev-libs/openssl-compat/files/openssl-1.0.2-version-script.patch (renamed from dev-libs/openssl-compat/files/openssl-1.0.2g-version-script.patch) | 28 | ||||
-rw-r--r-- | dev-libs/openssl-compat/files/openssl-1.0.2p-hobble-ecc.patch | 283 | ||||
-rw-r--r-- | dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild (renamed from dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild) | 15 |
4 files changed, 19 insertions, 309 deletions
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest index 9ff2f37..00fa559 100644 --- a/dev-libs/openssl-compat/Manifest +++ b/dev-libs/openssl-compat/Manifest @@ -1,3 +1,3 @@ DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6 -DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71 +DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 diff --git a/dev-libs/openssl-compat/files/openssl-1.0.2g-version-script.patch b/dev-libs/openssl-compat/files/openssl-1.0.2-version-script.patch index 454f862..d2723b8 100644 --- a/dev-libs/openssl-compat/files/openssl-1.0.2g-version-script.patch +++ b/dev-libs/openssl-compat/files/openssl-1.0.2-version-script.patch @@ -26,39 +26,33 @@ Subject: version-script open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; --- /dev/null +++ b/engines/ccgost/openssl.ld -@@ -0,0 +1,13 @@ +@@ -0,0 +1,10 @@ +OPENSSL_1.0.0 { + global: + bind_engine; + v_check; + OPENSSL_init; + OPENSSL_finish; -+}; -+ -+OPENSSL { -+ global: ++ local: + *; -+} OPENSSL_1.0.0; ++}; + --- /dev/null +++ b/engines/openssl.ld -@@ -0,0 +1,13 @@ +@@ -0,0 +1,10 @@ +OPENSSL_1.0.0 { + global: + bind_engine; + v_check; + OPENSSL_init; + OPENSSL_finish; -+}; -+ -+OPENSSL { -+ global: ++ local: + *; -+} OPENSSL_1.0.0; ++}; + --- /dev/null +++ b/openssl.ld -@@ -0,0 +1,4623 @@ +@@ -0,0 +1,4621 @@ +OPENSSL_1.0.0 { + global: + BIO_f_ssl; @@ -4357,6 +4351,9 @@ Subject: version-script + CRYPTO_cbc128_decrypt; + CRYPTO_cfb128_encrypt; + CRYPTO_cfb128_8_encrypt; ++ ++ local: ++ *; +}; + + @@ -4677,8 +4674,3 @@ Subject: version-script + SRP_user_pwd_free; +} OPENSSL_1.0.2; + -+OPENSSL { -+ global: -+ *; -+} OPENSSL_1.0.2g; -+ diff --git a/dev-libs/openssl-compat/files/openssl-1.0.2p-hobble-ecc.patch b/dev-libs/openssl-compat/files/openssl-1.0.2p-hobble-ecc.patch deleted file mode 100644 index 3a458a7..0000000 --- a/dev-libs/openssl-compat/files/openssl-1.0.2p-hobble-ecc.patch +++ /dev/null @@ -1,283 +0,0 @@ -Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series. - -From https://src.fedoraproject.org/git/rpms/openssl.git - -Contains parts of the following patches, rediffed. The patches are on various -different branches. -f23 openssl-1.0.2c-ecc-suiteb.patch -f23 openssl-1.0.2a-fips-ec.patch -f28 openssl-1.1.0-ec-curves.patch - -Signed-off-By: Robin H. Johnson <robbat2@gentoo.org> - ---- a/apps/speed.c -+++ b/apps/speed.c -@@ -989,10 +989,7 @@ int MAIN(int argc, char **argv) - } else - # endif - # ifndef OPENSSL_NO_ECDSA -- if (strcmp(*argv, "ecdsap160") == 0) -- ecdsa_doit[R_EC_P160] = 2; -- else if (strcmp(*argv, "ecdsap192") == 0) -- ecdsa_doit[R_EC_P192] = 2; -+ if (0) {} - else if (strcmp(*argv, "ecdsap224") == 0) - ecdsa_doit[R_EC_P224] = 2; - else if (strcmp(*argv, "ecdsap256") == 0) -@@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv) - ecdsa_doit[R_EC_P384] = 2; - else if (strcmp(*argv, "ecdsap521") == 0) - ecdsa_doit[R_EC_P521] = 2; -- else if (strcmp(*argv, "ecdsak163") == 0) -- ecdsa_doit[R_EC_K163] = 2; -- else if (strcmp(*argv, "ecdsak233") == 0) -- ecdsa_doit[R_EC_K233] = 2; -- else if (strcmp(*argv, "ecdsak283") == 0) -- ecdsa_doit[R_EC_K283] = 2; -- else if (strcmp(*argv, "ecdsak409") == 0) -- ecdsa_doit[R_EC_K409] = 2; -- else if (strcmp(*argv, "ecdsak571") == 0) -- ecdsa_doit[R_EC_K571] = 2; -- else if (strcmp(*argv, "ecdsab163") == 0) -- ecdsa_doit[R_EC_B163] = 2; -- else if (strcmp(*argv, "ecdsab233") == 0) -- ecdsa_doit[R_EC_B233] = 2; -- else if (strcmp(*argv, "ecdsab283") == 0) -- ecdsa_doit[R_EC_B283] = 2; -- else if (strcmp(*argv, "ecdsab409") == 0) -- ecdsa_doit[R_EC_B409] = 2; -- else if (strcmp(*argv, "ecdsab571") == 0) -- ecdsa_doit[R_EC_B571] = 2; - else if (strcmp(*argv, "ecdsa") == 0) { -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i < R_EC_P521; i++) - ecdsa_doit[i] = 1; - } else - # endif - # ifndef OPENSSL_NO_ECDH -- if (strcmp(*argv, "ecdhp160") == 0) -- ecdh_doit[R_EC_P160] = 2; -- else if (strcmp(*argv, "ecdhp192") == 0) -- ecdh_doit[R_EC_P192] = 2; -+ if (0) {} - else if (strcmp(*argv, "ecdhp224") == 0) - ecdh_doit[R_EC_P224] = 2; - else if (strcmp(*argv, "ecdhp256") == 0) -@@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv) - ecdh_doit[R_EC_P384] = 2; - else if (strcmp(*argv, "ecdhp521") == 0) - ecdh_doit[R_EC_P521] = 2; -- else if (strcmp(*argv, "ecdhk163") == 0) -- ecdh_doit[R_EC_K163] = 2; -- else if (strcmp(*argv, "ecdhk233") == 0) -- ecdh_doit[R_EC_K233] = 2; -- else if (strcmp(*argv, "ecdhk283") == 0) -- ecdh_doit[R_EC_K283] = 2; -- else if (strcmp(*argv, "ecdhk409") == 0) -- ecdh_doit[R_EC_K409] = 2; -- else if (strcmp(*argv, "ecdhk571") == 0) -- ecdh_doit[R_EC_K571] = 2; -- else if (strcmp(*argv, "ecdhb163") == 0) -- ecdh_doit[R_EC_B163] = 2; -- else if (strcmp(*argv, "ecdhb233") == 0) -- ecdh_doit[R_EC_B233] = 2; -- else if (strcmp(*argv, "ecdhb283") == 0) -- ecdh_doit[R_EC_B283] = 2; -- else if (strcmp(*argv, "ecdhb409") == 0) -- ecdh_doit[R_EC_B409] = 2; -- else if (strcmp(*argv, "ecdhb571") == 0) -- ecdh_doit[R_EC_B571] = 2; - else if (strcmp(*argv, "ecdh") == 0) { -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i <= R_EC_P521; i++) - ecdh_doit[i] = 1; - } else - # endif -@@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv) - BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n"); - # endif - # ifndef OPENSSL_NO_ECDSA -- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 " -+ BIO_printf(bio_err, "ecdsap224 " - "ecdsap256 ecdsap384 ecdsap521\n"); -- BIO_printf(bio_err, -- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n"); -- BIO_printf(bio_err, -- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); - BIO_printf(bio_err, "ecdsa\n"); - # endif - # ifndef OPENSSL_NO_ECDH -- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 " -+ BIO_printf(bio_err, "ecdhp224 " - "ecdhp256 ecdhp384 ecdhp521\n"); -- BIO_printf(bio_err, -- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n"); -- BIO_printf(bio_err, -- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n"); - BIO_printf(bio_err, "ecdh\n"); - # endif - -@@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv) - for (i = 0; i < DSA_NUM; i++) - dsa_doit[i] = 1; - # ifndef OPENSSL_NO_ECDSA -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i <= R_EC_P521; i++) - ecdsa_doit[i] = 1; - # endif - # ifndef OPENSSL_NO_ECDH -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i <= R_EC_P521; i++) - ecdh_doit[i] = 1; - # endif - } ---- a/crypto/ec/ecp_smpl.c -+++ b/crypto/ec/ecp_smpl.c -@@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group, - return 0; - } - -+ if (BN_num_bits(p) < 224) { -+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); -+ return 0; -+ } -+ - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) ---- a/crypto/ecdh/ecdhtest.c -+++ b/crypto/ecdh/ecdhtest.c -@@ -501,11 +501,13 @@ int main(int argc, char *argv[]) - goto err; - - /* NIST PRIME CURVES TESTS */ -+# if 0 - if (!test_ecdh_curve - (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) - goto err; - if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) - goto err; -+# endif - if (!test_ecdh_curve - (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) - goto err; -@@ -536,13 +538,14 @@ int main(int argc, char *argv[]) - if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) - goto err; - # endif -+# if 0 - if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256)) - goto err; - if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384)) - goto err; - if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512)) - goto err; -- -+# endif - ret = 0; - - err: ---- a/crypto/ecdsa/ecdsatest.c -+++ b/crypto/ecdsa/ecdsatest.c -@@ -138,9 +138,12 @@ int restore_rand(void) - } - - static int fbytes_counter = 0, use_fake = 0; --static const char *numbers[8] = { -+static const char *numbers[10] = { -+ "651056770906015076056810763456358567190100156695615665659", - "651056770906015076056810763456358567190100156695615665659", - "6140507067065001063065065565667405560006161556565665656654", -+ "8763001015071075675010661307616710783570106710677817767166" -+ "71676178726717", - "8763001015071075675010661307616710783570106710677817767166" - "71676178726717", - "7000000175690566466555057817571571075705015757757057795755" -@@ -163,7 +166,7 @@ int fbytes(unsigned char *buf, int num) - - use_fake = 0; - -- if (fbytes_counter >= 8) -+ if (fbytes_counter >= 10) - return 0; - tmp = BN_new(); - if (!tmp) -@@ -539,8 +542,10 @@ int main(void) - RAND_seed(rnd_seed, sizeof(rnd_seed)); - - /* the tests */ -+# if 0 - if (!x9_62_tests(out)) - goto err; -+# endif - if (!test_builtin(out)) - goto err; - ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -271,10 +271,7 @@ static const unsigned char eccurves_auto[] = { - 0, 23, /* secp256r1 (23) */ - /* Other >= 256-bit prime curves. */ - 0, 25, /* secp521r1 (25) */ -- 0, 28, /* brainpool512r1 (28) */ -- 0, 27, /* brainpoolP384r1 (27) */ - 0, 24, /* secp384r1 (24) */ -- 0, 26, /* brainpoolP256r1 (26) */ - 0, 22, /* secp256k1 (22) */ - # ifndef OPENSSL_NO_EC2M - /* >= 256-bit binary curves. */ -@@ -292,10 +289,7 @@ static const unsigned char eccurves_all[] = { - 0, 23, /* secp256r1 (23) */ - /* Other >= 256-bit prime curves. */ - 0, 25, /* secp521r1 (25) */ -- 0, 28, /* brainpool512r1 (28) */ -- 0, 27, /* brainpoolP384r1 (27) */ - 0, 24, /* secp384r1 (24) */ -- 0, 26, /* brainpoolP256r1 (26) */ - 0, 22, /* secp256k1 (22) */ - # ifndef OPENSSL_NO_EC2M - /* >= 256-bit binary curves. */ -@@ -310,13 +304,6 @@ static const unsigned char eccurves_all[] = { - * Remaining curves disabled by default but still permitted if set - * via an explicit callback or parameters. - */ -- 0, 20, /* secp224k1 (20) */ -- 0, 21, /* secp224r1 (21) */ -- 0, 18, /* secp192k1 (18) */ -- 0, 19, /* secp192r1 (19) */ -- 0, 15, /* secp160k1 (15) */ -- 0, 16, /* secp160r1 (16) */ -- 0, 17, /* secp160r2 (17) */ - # ifndef OPENSSL_NO_EC2M - 0, 8, /* sect239k1 (8) */ - 0, 6, /* sect233k1 (6) */ -@@ -351,29 +338,21 @@ static const unsigned char fips_curves_default[] = { - 0, 9, /* sect283k1 (9) */ - 0, 10, /* sect283r1 (10) */ - # endif -- 0, 22, /* secp256k1 (22) */ - 0, 23, /* secp256r1 (23) */ - # ifndef OPENSSL_NO_EC2M - 0, 8, /* sect239k1 (8) */ - 0, 6, /* sect233k1 (6) */ - 0, 7, /* sect233r1 (7) */ - # endif -- 0, 20, /* secp224k1 (20) */ -- 0, 21, /* secp224r1 (21) */ - # ifndef OPENSSL_NO_EC2M - 0, 4, /* sect193r1 (4) */ - 0, 5, /* sect193r2 (5) */ - # endif -- 0, 18, /* secp192k1 (18) */ -- 0, 19, /* secp192r1 (19) */ - # ifndef OPENSSL_NO_EC2M - 0, 1, /* sect163k1 (1) */ - 0, 2, /* sect163r1 (2) */ - 0, 3, /* sect163r2 (3) */ - # endif -- 0, 15, /* secp160k1 (15) */ -- 0, 16, /* secp160r1 (16) */ -- 0, 17, /* secp160r2 (17) */ - }; - # endif - diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild index b17f3c0..2255639 100644 --- a/dev-libs/openssl-compat/openssl-compat-1.0.2t-r1.ebuild +++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="7" @@ -37,14 +37,17 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz LICENSE="openssl" SLOT="1.0.0" -KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux" +KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~x86-linux" IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla versioned zlib" -RESTRICT="!bindist? ( bindist )" + +RESTRICT="!bindist? ( bindist ) + test" RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - !=dev-libs/openssl-1.0.2*:0" + !=dev-libs/openssl-1.0.2*:0 + !dev-libs/openssl:1.0.0" DEPEND="${RDEPEND}" BDEPEND=" >=dev-lang/perl-5 @@ -54,8 +57,6 @@ BDEPEND=" sys-devel/bc )" -RESTRICT="test" - # Do not install any docs DOCS=() @@ -99,7 +100,7 @@ src_prepare() { fi if use versioned ; then - eapply "${FILESDIR}"/openssl-1.0.2g-version-script.patch + eapply "${FILESDIR}"/openssl-1.0.2-version-script.patch fi eapply_user |