diff options
| author | Alex Xu (Hello71) <alex_y_xu@yahoo.ca> | 2022-06-07 15:25:57 -0400 |
|---|---|---|
| committer | Alex Xu (Hello71) <alex_y_xu@yahoo.ca> | 2022-06-07 15:25:57 -0400 |
| commit | efd2070ee35c4500fb32fb523273a1956e435720 (patch) | |
| tree | 5e4bbd80d4df9568a36ad9d7b06d3ecf7fa881e8 | |
| parent | 364a0e5e79fb1b5da1c0c58d6c16a393340072b6 (diff) | |
| download | gentoo-overlay-efd2070ee35c4500fb32fb523273a1956e435720.tar.xz gentoo-overlay-efd2070ee35c4500fb32fb523273a1956e435720.zip | |
dev-libs/openssl-compat: upgrade to 1.1.1o, sync ::gentoo
| -rw-r--r-- | dev-libs/openssl-compat/Manifest | 4 | ||||
| -rw-r--r-- | dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild (renamed from dev-libs/openssl-compat/openssl-compat-1.1.1m.ebuild) | 52 |
2 files changed, 42 insertions, 14 deletions
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest index ee7d87c..48f58ae 100644 --- a/dev-libs/openssl-compat/Manifest +++ b/dev-libs/openssl-compat/Manifest @@ -1 +1,3 @@ -DIST openssl-1.1.1m.tar.gz 9847315 BLAKE2B 163262933df11afdb7b0c58fbbf0454b05e02951d28ed24e2c530affa18dee884d86555f7314506852ebfcc092bb509b6f9cd33893e30dab67bfb6f5713946eb SHA512 ba0ef99b321546c13385966e4a607734df38b96f6ed45c4c67063a5f8d1482986855279797a6920d9f86c2ec31ce3e104dcc62c37328caacdd78aec59aa66156 +DIST openssl-1.1.1o-test-fixes-expiry.patch.xz 6180 BLAKE2B 23ef36d7bd05c98f7fab6de25681a53fa7a558d114548836b6cd90a57c4f4e45dc9fb622936053608b463320605b7df60db2d2caf3811b249f6ead3791a1c081 SHA512 577aec97fb31cd9efe3b30d82c560d3e7da57ae52c4de0f86e951b777a673830baaadcc5eb366c523024d37405531c6d32de26bbbc1e77df15c7822c72e937e6 +DIST openssl-1.1.1o.tar.gz 9856386 BLAKE2B 5bd355fd17adf43ba4e3bf1a8036ceb724edd4f4ab80dc25aecc3d2647372e9db2bc12e2b89791fc4b6f7fd95a7b68e00490d09ca6518d25ab990ee27798e641 SHA512 75b2f1499cb4640229eb6cd35d85cbff2e19db17b959ac4d04b60f1b395b73567f9003521452a0fcfeea9b31b26de0a7bccf476ecf9caae02298f3647cfb7e23 +DIST openssl-1.1.1o.tar.gz.asc 488 BLAKE2B a03a967e7e2124d1a76ad7765e2f48065f40d32ba102a433be603ee8f86b26a2d246dcb97a95bd694ef3005889ce4f1951f76d39fe1d683f92da1aa3023e9c2d SHA512 da6d88de7c1cd807b6089d50f8bb102c317c0b45ca26e517e3e400c5c65f787d94a1ee522af76279e93790a7fb491348cf25ffcfd66ecb9a9d35209328cb221e diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1m.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild index 253b70f..6e17618 100644 --- a/dev-libs/openssl-compat/openssl-compat-1.1.1m.ebuild +++ b/dev-libs/openssl-compat/openssl-compat-1.1.1o.ebuild @@ -1,21 +1,25 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="7" -inherit flag-o-matic toolchain-funcs multilib-minimal +inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig MY_P=openssl-${PV/_/-} DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${MY_P}-test-fixes-expiry.patch.xz + verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" +VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc LICENSE="openssl" SLOT="1.1" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" -IUSE="+asm elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 test tls-compression tls-heartbeat vanilla" -RESTRICT="test" +[[ "${PV}" = *_pre* ]] || \ +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" +RESTRICT="!test? ( test )" RDEPEND=">=app-misc/c_rehash-1.7-r1 tls-compression? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) @@ -28,7 +32,9 @@ BDEPEND=" sys-apps/diffutils sys-devel/bc kernel_linux? ( sys-process/procps ) - )" + ) + verify-sig? ( sec-keys/openpgp-keys-openssl )" +PDEPEND="app-misc/ca-certificates" # Do not install any docs DOCS=() @@ -36,6 +42,7 @@ DOCS=() PATCHES=( "${FILESDIR}"/openssl-1.1.0j-parallel_install_fix.patch #671602 "${FILESDIR}"/openssl-1.1.1i-riscv32.patch + "${WORKDIR}"/${MY_P}-test-fixes-expiry.patch ) S="${WORKDIR}/${MY_P}" @@ -58,6 +65,16 @@ pkg_setup() { fi } +src_unpack() { + # Can delete this once test fix patch is dropped + if use verify-sig ; then + # Needed for downloaded patch (which is unsigned, which is fine) + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + fi + + default +} + src_prepare() { # allow openssl to be cross-compiled cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die @@ -102,10 +119,20 @@ src_prepare() { # and 'make depend' uses -Werror for added fun (#417795 again) [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/18225 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) + append-cppflags -DOPENSSL_NO_BUF_FREELISTS + append-flags $(test-flags-CC -Wa,--noexecstack) + # Prefixify Configure shebang (#141906) sed \ -e "1s,/usr/bin/env,${EPREFIX}&," \ @@ -146,7 +173,6 @@ multilib_src_configure() { tc-export CC AR RANLIB RC use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") @@ -159,8 +185,7 @@ multilib_src_configure() { # Don't set it without thorough revdeps testing. # Make sure user flags don't get added *yet* to avoid duplicated # flags. - CFLAGS= LDFLAGS= echoit \ - ./${config} \ + CFLAGS= LDFLAGS= edo ./${config} \ ${sslout} \ $(use cpu_flags_x86_sse2 || echo "no-sse2") \ enable-camellia \ @@ -178,13 +203,14 @@ multilib_src_configure() { $(use_ssl asm) \ $(use_ssl rfc3779) \ $(use_ssl sctp) \ + $(use test || echo "no-tests") \ $(use_ssl tls-compression zlib) \ $(use_ssl tls-heartbeat heartbeats) \ + $(use_ssl weak-ssl-ciphers) \ --prefix="${EPREFIX}"/usr \ --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ --libdir=$(get_libdir) \ - shared threads \ - || die + shared threads # Clean out hardcoded flags that openssl uses local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ |