diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest index 4707417953..b5aae0349c 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest @@ -1 +1,2 @@ -DIST openssl-1.0.2m.tar.gz 5373776 SHA256 8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f SHA512 7619aa223ee50d0f5e270ac9090e95b2b1ba5dfc656c98f625a9a277dda472fb960a4e89a7ba300044cb401b2072b2ca6a6fcce8206d927bf373d1c981806a93 WHIRLPOOL 0fa5ab02eb3ca8507b45c408739027f8632a77183a7355f8c31bcc5fedc507222e5cc44a4aff88b22fba87b69188f90465980c4a84bad1133287442ebd136a23 +DIST openssl-1.0.2-patches-1.0.tar.xz 11572 SHA256 374df2ca88df2ff6c0726ed4c5a36d1f212948d30071cce29446e8a6ddb61a3f SHA512 15234ade359a0acf001cf10c7a7fc05f54603a44c67831529c2a6eda03342f9ba1cf40664ac782b5b73c50b23ec5649fb48ccff2aea8f0df2ef634959c47e3e9 WHIRLPOOL fcb1aaa0aff25044e3af29b469302881ca7943c98700163c17840e4052eab8e30cf40af41ce602bfb8c0eb7c7ec0e109d6be1dba307e7b204e18e06a778f59a4 +DIST openssl-1.0.2n.tar.gz 5375802 SHA256 370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe SHA512 144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687 WHIRLPOOL a0034add5bb37616389fe1a1cca90622fadf1cc3e648e574dce0010d7a38a84e07d705cbc0fcbd28fd7c120c4852e9f5a419f42a6a55b33a06e2591bc1697d03 diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/gentoo.config-1.0.2 b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/gentoo.config-1.0.2 old mode 100755 new mode 100644 index 9564452706..37b83cc2e7 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/gentoo.config-1.0.2 +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/gentoo.config-1.0.2 @@ -1,5 +1,5 @@ #!/usr/bin/env bash -# Copyright 1999-2014 Gentoo Foundation +# Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # # Openssl doesn't play along nicely with cross-compiling diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch deleted file mode 100644 index c99ef4abb8..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch +++ /dev/null @@ -1,29 +0,0 @@ -http://bugs.gentoo.org/181438 -http://bugs.gentoo.org/327421 -https://rt.openssl.org/Ticket/Display.html?id=3331&user=guest&pass=guest - -make sure we respect LDFLAGS - -also make sure we don't add useless -rpath flags to the system libdir - ---- Makefile.org -+++ Makefile.org -@@ -189,6 +189,7 @@ - MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \ - DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \ - MAKEDEPPROG='$(MAKEDEPPROG)' \ -+ LDFLAGS='${LDFLAGS}' \ - SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \ - KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \ - ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \ ---- Makefile.shared -+++ Makefile.shared -@@ -153,7 +153,7 @@ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - --DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" -+DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)" - - #This is rather special. It's a special target with which one can link - #applications without bothering with any features that have anything to diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch deleted file mode 100644 index 73029985ae..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch +++ /dev/null @@ -1,30 +0,0 @@ -https://bugs.gentoo.org/554338 -https://rt.openssl.org/Ticket/Display.html?id=3934&user=guest&pass=guest - -From 7c2e97f8bbae517496fdc11f475b4ae54b2534f5 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger -Date: Fri, 10 Jul 2015 01:50:52 -0400 -Subject: [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions - -The _BSD_SOURCE macro is replaced by the _DEFAULT_SOURCE macro. Using -just the former with newer versions leads to a build time warning, so -make sure to use the new macro too. ---- - ssl/ssltest.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/ssl/ssltest.c b/ssl/ssltest.c -index 26cf96c..b36f667 100644 ---- a/ssl/ssltest.c -+++ b/ssl/ssltest.c -@@ -141,6 +141,7 @@ - */ - - /* Or gethostname won't be declared properly on Linux and GNU platforms. */ -+#define _DEFAULT_SOURCE 1 - #define _BSD_SOURCE 1 - - #include --- -2.4.4 - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch deleted file mode 100644 index 27574ea616..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch +++ /dev/null @@ -1,611 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest - ---- openssl-1.0.2/apps/s_apps.h -+++ openssl-1.0.2/apps/s_apps.h -@@ -154,7 +154,7 @@ - int do_server(int port, int type, int *ret, - int (*cb) (char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, -- int naccept); -+ int naccept, int use_ipv4, int use_ipv6); - #ifdef HEADER_X509_H - int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); - #endif -@@ -167,7 +167,8 @@ - int ssl_print_curves(BIO *out, SSL *s, int noshared); - #endif - int ssl_print_tmp_key(BIO *out, SSL *s); --int init_client(int *sock, char *server, int port, int type); -+int init_client(int *sock, char *server, int port, int type, -+ int use_ipv4, int use_ipv6); - int should_retry(int i); - int extract_port(char *str, short *port_ptr); - int extract_host_port(char *str, char **host_ptr, unsigned char *ip, ---- openssl-1.0.2/apps/s_client.c -+++ openssl-1.0.2/apps/s_client.c -@@ -302,6 +302,10 @@ - { - BIO_printf(bio_err, "usage: s_client args\n"); - BIO_printf(bio_err, "\n"); -+ BIO_printf(bio_err, " -4 - use IPv4 only\n"); -+#if OPENSSL_USE_IPV6 -+ BIO_printf(bio_err, " -6 - use IPv6 only\n"); -+#endif - BIO_printf(bio_err, " -host host - use -connect instead\n"); - BIO_printf(bio_err, " -port port - use -connect instead\n"); - BIO_printf(bio_err, -@@ -658,6 +662,7 @@ - int sbuf_len, sbuf_off; - fd_set readfds, writefds; - short port = PORT; -+ int use_ipv4, use_ipv6; - int full_log = 1; - char *host = SSL_HOST_NAME; - char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; -@@ -709,7 +714,11 @@ - #endif - char *sess_in = NULL; - char *sess_out = NULL; -- struct sockaddr peer; -+#if OPENSSL_USE_IPV6 -+ struct sockaddr_storage peer; -+#else -+ struct sockaddr_in peer; -+#endif - int peerlen = sizeof(peer); - int fallback_scsv = 0; - int enable_timeouts = 0; -@@ -737,6 +746,12 @@ - - meth = SSLv23_client_method(); - -+ use_ipv4 = 1; -+#if OPENSSL_USE_IPV6 -+ use_ipv6 = 1; -+#else -+ use_ipv6 = 0; -+#endif - apps_startup(); - c_Pause = 0; - c_quiet = 0; -@@ -1096,6 +1111,16 @@ - jpake_secret = *++argv; - } - #endif -+ else if (strcmp(*argv,"-4") == 0) { -+ use_ipv4 = 1; -+ use_ipv6 = 0; -+ } -+#if OPENSSL_USE_IPV6 -+ else if (strcmp(*argv,"-6") == 0) { -+ use_ipv4 = 0; -+ use_ipv6 = 1; -+ } -+#endif - #ifndef OPENSSL_NO_SRTP - else if (strcmp(*argv, "-use_srtp") == 0) { - if (--argc < 1) -@@ -1421,7 +1446,7 @@ - - re_start: - -- if (init_client(&s, host, port, socket_type) == 0) { -+ if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) { - BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); - SHUTDOWN(s); - goto end; -@@ -1444,7 +1469,7 @@ - if (socket_type == SOCK_DGRAM) { - - sbio = BIO_new_dgram(s, BIO_NOCLOSE); -- if (getsockname(s, &peer, (void *)&peerlen) < 0) { -+ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) { - BIO_printf(bio_err, "getsockname:errno=%d\n", - get_last_socket_error()); - SHUTDOWN(s); ---- openssl-1.0.2/apps/s_server.c -+++ openssl-1.0.2/apps/s_server.c -@@ -643,6 +643,10 @@ - BIO_printf(bio_err, - " -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); - #endif -+ BIO_printf(bio_err, " -4 - use IPv4 only\n"); -+#if OPENSSL_USE_IPV6 -+ BIO_printf(bio_err, " -6 - use IPv6 only\n"); -+#endif - BIO_printf(bio_err, - " -keymatexport label - Export keying material using label\n"); - BIO_printf(bio_err, -@@ -1070,6 +1074,7 @@ - int state = 0; - const SSL_METHOD *meth = NULL; - int socket_type = SOCK_STREAM; -+ int use_ipv4, use_ipv6; - ENGINE *e = NULL; - char *inrand = NULL; - int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; -@@ -1111,6 +1116,12 @@ - - meth = SSLv23_server_method(); - -+ use_ipv4 = 1; -+#if OPENSSL_USE_IPV6 -+ use_ipv6 = 1; -+#else -+ use_ipv6 = 0; -+#endif - local_argc = argc; - local_argv = argv; - -@@ -1503,6 +1514,16 @@ - jpake_secret = *(++argv); - } - #endif -+ else if (strcmp(*argv,"-4") == 0) { -+ use_ipv4 = 1; -+ use_ipv6 = 0; -+ } -+#if OPENSSL_USE_IPV6 -+ else if (strcmp(*argv,"-6") == 0) { -+ use_ipv4 = 0; -+ use_ipv6 = 1; -+ } -+#endif - #ifndef OPENSSL_NO_SRTP - else if (strcmp(*argv, "-use_srtp") == 0) { - if (--argc < 1) -@@ -2023,13 +2044,13 @@ - (void)BIO_flush(bio_s_out); - if (rev) - do_server(port, socket_type, &accept_socket, rev_body, context, -- naccept); -+ naccept, use_ipv4, use_ipv6); - else if (www) - do_server(port, socket_type, &accept_socket, www_body, context, -- naccept); -+ naccept, use_ipv4, use_ipv6); - else - do_server(port, socket_type, &accept_socket, sv_body, context, -- naccept); -+ naccept, use_ipv4, use_ipv6); - print_stats(bio_s_out, ctx); - ret = 0; - end: ---- openssl-1.0.2/apps/s_socket.c -+++ openssl-1.0.2/apps/s_socket.c -@@ -101,16 +101,16 @@ - # include "netdb.h" - # endif - --static struct hostent *GetHostByName(char *name); -+static struct hostent *GetHostByName(char *name, int domain); - # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) - static void ssl_sock_cleanup(void); - # endif - static int ssl_sock_init(void); --static int init_client_ip(int *sock, unsigned char ip[4], int port, int type); --static int init_server(int *sock, int port, int type); --static int init_server_long(int *sock, int port, char *ip, int type); -+static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain); -+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6); -+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6); - static int do_accept(int acc_sock, int *sock, char **host); --static int host_ip(char *str, unsigned char ip[4]); -+static int host_ip(char *str, unsigned char *ip, int domain); - - # ifdef OPENSSL_SYS_WIN16 - # define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ -@@ -231,38 +231,68 @@ - return (1); - } - --int init_client(int *sock, char *host, int port, int type) -+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6) - { -+# if OPENSSL_USE_IPV6 -+ unsigned char ip[16]; -+# else - unsigned char ip[4]; -+# endif - -- memset(ip, '\0', sizeof ip); -- if (!host_ip(host, &(ip[0]))) -- return 0; -- return init_client_ip(sock, ip, port, type); --} -- --static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) --{ -- unsigned long addr; -+ if (use_ipv4) -+ if (host_ip(host, ip, AF_INET)) -+ return(init_client_ip(sock, ip, port, type, AF_INET)); -+# if OPENSSL_USE_IPV6 -+ if (use_ipv6) -+ if (host_ip(host, ip, AF_INET6)) -+ return(init_client_ip(sock, ip, port, type, AF_INET6)); -+# endif -+ return 0; -+} -+ -+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain) -+{ -+# if OPENSSL_USE_IPV6 -+ struct sockaddr_storage them; -+ struct sockaddr_in *them_in = (struct sockaddr_in *)&them; -+ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them; -+# else - struct sockaddr_in them; -+ struct sockaddr_in *them_in = &them; -+# endif -+ socklen_t addr_len; - int s, i; - - if (!ssl_sock_init()) - return (0); - - memset((char *)&them, 0, sizeof(them)); -- them.sin_family = AF_INET; -- them.sin_port = htons((unsigned short)port); -- addr = (unsigned long) -- ((unsigned long)ip[0] << 24L) | -- ((unsigned long)ip[1] << 16L) | -- ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]); -- them.sin_addr.s_addr = htonl(addr); -+ if (domain == AF_INET) { -+ addr_len = (socklen_t)sizeof(struct sockaddr_in); -+ them_in->sin_family=AF_INET; -+ them_in->sin_port=htons((unsigned short)port); -+# ifndef BIT_FIELD_LIMITS -+ memcpy(&them_in->sin_addr.s_addr, ip, 4); -+# else -+ memcpy(&them_in->sin_addr, ip, 4); -+# endif -+ } -+ else -+# if OPENSSL_USE_IPV6 -+ { -+ addr_len = (socklen_t)sizeof(struct sockaddr_in6); -+ them_in6->sin6_family=AF_INET6; -+ them_in6->sin6_port=htons((unsigned short)port); -+ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr)); -+ } -+# else -+ return(0); -+# endif - - if (type == SOCK_STREAM) -- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); -+ s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL); - else /* ( type == SOCK_DGRAM) */ -- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); -+ s = socket(domain, SOCK_DGRAM, IPPROTO_UDP); - - if (s == INVALID_SOCKET) { - perror("socket"); -@@ -280,7 +310,7 @@ - } - # endif - -- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) { -+ if (connect(s, (struct sockaddr *)&them, addr_len) == -1) { - closesocket(s); - perror("connect"); - return (0); -@@ -292,14 +322,14 @@ - int do_server(int port, int type, int *ret, - int (*cb) (char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, -- int naccept) -+ int naccept, int use_ipv4, int use_ipv6) - { - int sock; - char *name = NULL; - int accept_socket = 0; - int i; - -- if (!init_server(&accept_socket, port, type)) -+ if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6)) - return (0); - - if (ret != NULL) { -@@ -328,32 +358,41 @@ - } - } - --static int init_server_long(int *sock, int port, char *ip, int type) -+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6) - { - int ret = 0; -+ int domain; -+# if OPENSSL_USE_IPV6 -+ struct sockaddr_storage server; -+ struct sockaddr_in *server_in = (struct sockaddr_in *)&server; -+ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server; -+# else - struct sockaddr_in server; -+ struct sockaddr_in *server_in = &server; -+# endif -+ socklen_t addr_len; - int s = -1; - -+ if (!use_ipv4 && !use_ipv6) -+ goto err; -+# if OPENSSL_USE_IPV6 -+ /* we are fine here */ -+# else -+ if (use_ipv6) -+ goto err; -+# endif - if (!ssl_sock_init()) - return (0); - -- memset((char *)&server, 0, sizeof(server)); -- server.sin_family = AF_INET; -- server.sin_port = htons((unsigned short)port); -- if (ip == NULL) -- server.sin_addr.s_addr = INADDR_ANY; -- else --/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ --# ifndef BIT_FIELD_LIMITS -- memcpy(&server.sin_addr.s_addr, ip, 4); -+#if OPENSSL_USE_IPV6 -+ domain = use_ipv6 ? AF_INET6 : AF_INET; - # else -- memcpy(&server.sin_addr, ip, 4); -+ domain = AF_INET; - # endif -- - if (type == SOCK_STREAM) -- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); -- else /* type == SOCK_DGRAM */ -- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); -+ s=socket(domain, SOCK_STREAM, SOCKET_PROTOCOL); -+ else /* type == SOCK_DGRAM */ -+ s=socket(domain, SOCK_DGRAM, IPPROTO_UDP); - - if (s == INVALID_SOCKET) - goto err; -@@ -363,7 +402,42 @@ - setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); - } - # endif -- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { -+# if OPENSSL_USE_IPV6 -+ if ((use_ipv4 == 0) && (use_ipv6 == 1)) { -+ const int on = 1; -+ -+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, -+ (const void *) &on, sizeof(int)); -+ } -+# endif -+ if (domain == AF_INET) { -+ addr_len = (socklen_t)sizeof(struct sockaddr_in); -+ memset(server_in, 0, sizeof(struct sockaddr_in)); -+ server_in->sin_family=AF_INET; -+ server_in->sin_port = htons((unsigned short)port); -+ if (ip == NULL) -+ server_in->sin_addr.s_addr = htonl(INADDR_ANY); -+ else -+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ -+# ifndef BIT_FIELD_LIMITS -+ memcpy(&server_in->sin_addr.s_addr, ip, 4); -+# else -+ memcpy(&server_in->sin_addr, ip, 4); -+# endif -+ } -+# if OPENSSL_USE_IPV6 -+ else { -+ addr_len = (socklen_t)sizeof(struct sockaddr_in6); -+ memset(server_in6, 0, sizeof(struct sockaddr_in6)); -+ server_in6->sin6_family = AF_INET6; -+ server_in6->sin6_port = htons((unsigned short)port); -+ if (ip == NULL) -+ server_in6->sin6_addr = in6addr_any; -+ else -+ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr)); -+ } -+# endif -+ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) { - # ifndef OPENSSL_SYS_WINDOWS - perror("bind"); - # endif -@@ -381,16 +455,23 @@ - return (ret); - } - --static int init_server(int *sock, int port, int type) -+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6) - { -- return (init_server_long(sock, port, NULL, type)); -+ return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6)); - } - - static int do_accept(int acc_sock, int *sock, char **host) - { - int ret; - struct hostent *h1, *h2; -- static struct sockaddr_in from; -+#if OPENSSL_USE_IPV6 -+ struct sockaddr_storage from; -+ struct sockaddr_in *from_in = (struct sockaddr_in *)&from; -+ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from; -+#else -+ struct sockaddr_in from; -+ struct sockaddr_in *from_in = &from; -+#endif - int len; - /* struct linger ling; */ - -@@ -440,14 +521,25 @@ - - if (host == NULL) - goto end; -+# if OPENSSL_USE_IPV6 -+ if (from.ss_family == AF_INET) -+# else -+ if (from.sin_family == AF_INET) -+# endif - # ifndef BIT_FIELD_LIMITS -- /* I should use WSAAsyncGetHostByName() under windows */ -- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr, -- sizeof(from.sin_addr.s_addr), AF_INET); -+ /* I should use WSAAsyncGetHostByName() under windows */ -+ h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr, -+ sizeof(from_in->sin_addr.s_addr), AF_INET); - # else -- h1 = gethostbyaddr((char *)&from.sin_addr, -- sizeof(struct in_addr), AF_INET); -+ h1 = gethostbyaddr((char *)&from_in->sin_addr, -+ sizeof(struct in_addr), AF_INET); -+# endif -+# if OPENSSL_USE_IPV6 -+ else -+ h1 = gethostbyaddr((char *)&from_in6->sin6_addr, -+ sizeof(struct in6_addr), AF_INET6); - # endif -+ - if (h1 == NULL) { - BIO_printf(bio_err, "bad gethostbyaddr\n"); - *host = NULL; -@@ -460,14 +552,22 @@ - } - BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1); - -- h2 = GetHostByName(*host); -+# if OPENSSL_USE_IPV6 -+ h2=GetHostByName(*host, from.ss_family); -+# else -+ h2=GetHostByName(*host, from.sin_family); -+# endif - if (h2 == NULL) { - BIO_printf(bio_err, "gethostbyname failure\n"); - closesocket(ret); - return (0); - } -- if (h2->h_addrtype != AF_INET) { -- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); -+# if OPENSSL_USE_IPV6 -+ if (h2->h_addrtype != from.ss_family) { -+# else -+ if (h2->h_addrtype != from.sin_family) { -+# endif -+ BIO_printf(bio_err, "gethostbyname addr is not correct\n"); - closesocket(ret); - return (0); - } -@@ -483,14 +583,14 @@ - char *h, *p; - - h = str; -- p = strchr(str, ':'); -+ p = strrchr(str, ':'); - if (p == NULL) { - BIO_printf(bio_err, "no port defined\n"); - return (0); - } - *(p++) = '\0'; - -- if ((ip != NULL) && !host_ip(str, ip)) -+ if ((ip != NULL) && !host_ip(str, ip, AF_INET)) - goto err; - if (host_ptr != NULL) - *host_ptr = h; -@@ -502,44 +602,51 @@ - return (0); - } - --static int host_ip(char *str, unsigned char ip[4]) -+static int host_ip(char *str, unsigned char *ip, int domain) - { - unsigned int in[4]; -+ unsigned long l; - int i; - -- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == -- 4) { -+ if ((domain == AF_INET) && (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == 4)) { - for (i = 0; i < 4; i++) - if (in[i] > 255) { - BIO_printf(bio_err, "invalid IP address\n"); - goto err; - } -- ip[0] = in[0]; -- ip[1] = in[1]; -- ip[2] = in[2]; -- ip[3] = in[3]; -- } else { /* do a gethostbyname */ -+ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]); -+ memcpy(ip, &l, 4); -+ return 1; -+ } -+# if OPENSSL_USE_IPV6 -+ else if ((domain == AF_INET6) && (inet_pton(AF_INET6, str, ip) == 1)) -+ return 1; -+# endif -+ else { /* do a gethostbyname */ - struct hostent *he; - - if (!ssl_sock_init()) - return (0); - -- he = GetHostByName(str); -+ he = GetHostByName(str, domain); - if (he == NULL) { - BIO_printf(bio_err, "gethostbyname failure\n"); - goto err; - } - /* cast to short because of win16 winsock definition */ -- if ((short)he->h_addrtype != AF_INET) { -- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); -+ if ((short)he->h_addrtype != domain) { -+ BIO_printf(bio_err, "gethostbyname addr is not correct\n"); - return (0); - } -- ip[0] = he->h_addr_list[0][0]; -- ip[1] = he->h_addr_list[0][1]; -- ip[2] = he->h_addr_list[0][2]; -- ip[3] = he->h_addr_list[0][3]; -+ if (domain == AF_INET) -+ memset(ip, 0, 4); -+# if OPENSSL_USE_IPV6 -+ else -+ memset(ip, 0, 16); -+# endif -+ memcpy(ip, he->h_addr_list[0], he->h_length); -+ return 1; - } -- return (1); - err: - return (0); - } -@@ -573,7 +680,7 @@ - static unsigned long ghbn_hits = 0L; - static unsigned long ghbn_miss = 0L; - --static struct hostent *GetHostByName(char *name) -+static struct hostent *GetHostByName(char *name, int domain) - { - struct hostent *ret; - int i, lowi = 0; -@@ -585,13 +692,18 @@ - lowi = i; - } - if (ghbn_cache[i].order > 0) { -- if (strncmp(name, ghbn_cache[i].name, 128) == 0) -+ if ((strncmp(name, ghbn_cache[i].name, 128) == 0) && (ghbn_cache[i].ent.h_addrtype == domain)) - break; - } - } - if (i == GHBN_NUM) { /* no hit */ - ghbn_miss++; -- ret = gethostbyname(name); -+ if (domain == AF_INET) -+ ret = gethostbyname(name); -+# if OPENSSL_USE_IPV6 -+ else -+ ret = gethostbyname2(name, AF_INET6); -+# endif - if (ret == NULL) - return (NULL); - /* else add to cache */ diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch deleted file mode 100644 index 0198818c5f..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch +++ /dev/null @@ -1,64 +0,0 @@ -https://rt.openssl.org/Ticket/Display.html?id=3736&user=guest&pass=guest - -From aba899f2eca21e11e5e9797bf8258e7265dea9f5 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger -Date: Sun, 8 Mar 2015 01:32:01 -0500 -Subject: [PATCH] fix parallel install with dir creation - -The mkdir-p.pl does not handle parallel creation of directories. -This comes up when the install_sw and install_docs rules run and -both call mkdir-p.pl on sibling directory trees. - -Instead, lets create a single install_dirs rule that makes all of -the dirs we need, and have these two install steps depend on that. ---- - Makefile.org | 17 +++++++++-------- - 1 file changed, 9 insertions(+), 8 deletions(-) - -diff --git a/Makefile.org b/Makefile.org -index a6d9471..78e6143 100644 ---- a/Makefile.org -+++ b/Makefile.org -@@ -536,9 +536,9 @@ - dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) - --install: all install_docs install_sw -+install: install_docs install_sw - --install_sw: -+install_dirs: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -@@ -547,6 +547,13 @@ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private -+ @$(PERL) $(TOP)/util/mkdir-p.pl \ -+ $(INSTALL_PREFIX)$(MANDIR)/man1 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man3 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man5 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man7 -+ -+install_sw: install_dirs - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ -@@ -636,12 +643,7 @@ - done; \ - done - --install_docs: -- @$(PERL) $(TOP)/util/mkdir-p.pl \ -- $(INSTALL_PREFIX)$(MANDIR)/man1 \ -- $(INSTALL_PREFIX)$(MANDIR)/man3 \ -- $(INSTALL_PREFIX)$(MANDIR)/man5 \ -- $(INSTALL_PREFIX)$(MANDIR)/man7 -+install_docs: install_dirs - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ - here="`pwd`"; \ - filecase=; \ --- -2.3.4 - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch deleted file mode 100644 index a7d6f4effe..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch +++ /dev/null @@ -1,37 +0,0 @@ -https://rt.openssl.org/Ticket/Display.html?id=3737&user=guest&pass=guest - -From ce279d4361e07e9af9ceca8a6e326e661758ad53 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger -Date: Sun, 8 Mar 2015 01:34:48 -0500 -Subject: [PATCH] fix parallel generation of obj headers - -The current code has dummy sleep/touch commands to try and work -around the parallel issue, but that is obviously racy. Instead -lets force one of the files to depend on the other so we know -they'll never run in parallel. ---- - crypto/objects/Makefile | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile -index ad2db1e..7d32504 100644 ---- a/crypto/objects/Makefile -+++ b/crypto/objects/Makefile -@@ -44,11 +44,11 @@ - # objects.pl both reads and writes obj_mac.num - obj_mac.h: objects.pl objects.txt obj_mac.num - $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h -- @sleep 1; touch obj_mac.h; sleep 1 - --obj_xref.h: objxref.pl obj_xref.txt obj_mac.num -+# This doesn't really need obj_mac.h, but since that rule reads & writes -+# obj_mac.num, we can't run in parallel with it. -+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h - $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h -- @sleep 1; touch obj_xref.h; sleep 1 - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO --- -2.3.4 - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch deleted file mode 100644 index f2be696b10..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch +++ /dev/null @@ -1,63 +0,0 @@ -https://rt.openssl.org/Ticket/Display.html?id=3780&user=guest&pass=guest - -From cc81af135bda47eaa6956a0329cbbc55bf993ac1 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger -Date: Fri, 3 Apr 2015 01:16:23 -0400 -Subject: [PATCH] fix race when symlink shareds libs - -When the crypto/ssl targets attempt to build their shared libs, they run: - cd ..; make libcrypto.so.1.0.0 -The top level Makefile in turn runs the build-shared target for that lib. - -The build-shared target depends on both do_$(SHLIB_TARGET) & link-shared. -When building in parallel, make is allowed to run both of these. They -both run Makefile.shared for their respective targets: -do_$(SHLIB_TARGET) -> - link_a.linux-shared -> - link_a.gnu -> - ...; $(LINK_SO_A) -> - $(LINK_SO) -> - $(SYMLINK_SO) -link-shared -> - symlink.linux-shared -> - symlink.gnu -> - ...; $(SYMLINK_SO) - -The shell code for SYMLINK_SO attempts to do a [ -e lib ] check, but fails -basic TOCTOU semantics. Depending on the load, that means two processes -will run the sequence: - rm -f libcrypto.so - ln -s libcrypto.so.1.0.0 libcrypto.so - -Which obviously fails: - ln: failed to create symbolic link 'libcrypto.so': File exists - -Since we know do_$(SHLIB_TARGET) will create the symlink for us, don't -bother depending on link-shared at all in the top level Makefile when -building things. - -Reported-by: Martin von Gagern -URL: https://bugs.gentoo.org/545028 ---- - Makefile.org | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/Makefile.org b/Makefile.org -index 890bfe4..576c60e 100644 ---- a/Makefile.org -+++ b/Makefile.org -@@ -350,7 +350,10 @@ link-shared: - libs="$$libs -l$$i"; \ - done - --build-shared: do_$(SHLIB_TARGET) link-shared -+# The link target in Makefile.shared will create the symlink for us, so no need -+# to call link-shared directly. Doing so will cause races with two processes -+# trying to symlink the lib. -+build-shared: do_$(SHLIB_TARGET) - - do_$(SHLIB_TARGET): - @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \ --- -2.3.4 - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch deleted file mode 100644 index 3a005c9b09..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch +++ /dev/null @@ -1,43 +0,0 @@ -https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest - -From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger -Date: Sat, 21 Mar 2015 06:01:25 -0400 -Subject: [PATCH] crypto: use bigint in x86-64 perl - -When building on x32 systems where the default type is 32bit, make sure -we can transparently represent 64bit integers. Otherwise we end up with -build errors like: -/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s -Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890. -... -ghash-x86_64.s: Assembler messages: -ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression - -We don't enable this globally as there are some cases where we'd get -32bit values interpreted as unsigned when we need them as signed. - -Reported-by: Bertrand Jacquin -URL: https://bugs.gentoo.org/542618 ---- - crypto/perlasm/x86_64-xlate.pl | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl -index aae8288..0bf9774 100755 ---- a/crypto/perlasm/x86_64-xlate.pl -+++ b/crypto/perlasm/x86_64-xlate.pl -@@ -195,6 +195,10 @@ my %globals; - sub out { - my $self = shift; - -+ # When building on x32 ABIs, the expanded hex value might be too -+ # big to fit into 32bits. Enable transparent 64bit support here -+ # so we can safely print it out. -+ use bigint; - if ($gas) { - # Solaris /usr/ccs/bin/as can't handle multiplications - # in $self->{value} --- -2.3.3 - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch deleted file mode 100644 index 387a077da2..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch +++ /dev/null @@ -1,326 +0,0 @@ ---- openssl-1.0.2i/crypto/Makefile -+++ openssl-1.0.2i/crypto/Makefile -@@ -85,11 +85,11 @@ - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - - subdirs: -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO -- @target=files; $(RECURSIVE_MAKE) -+ +@target=files; $(RECURSIVE_MAKE) - - links: - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -100,7 +100,7 @@ - # lib: $(LIB): are splitted to avoid end-less loop - lib: $(LIB) - @touch lib --$(LIB): $(LIBOBJ) -+$(LIB): $(LIBOBJ) | subdirs - $(AR) $(LIB) $(LIBOBJ) - test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o - $(RANLIB) $(LIB) || echo Never mind. -@@ -111,7 +111,7 @@ - fi - - libs: -- @target=lib; $(RECURSIVE_MAKE) -+ +@target=lib; $(RECURSIVE_MAKE) - - install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -120,7 +120,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - lint: - @target=lint; $(RECURSIVE_MAKE) ---- openssl-1.0.2i/engines/Makefile -+++ openssl-1.0.2i/engines/Makefile -@@ -72,7 +72,7 @@ - - all: lib subdirs - --lib: $(LIBOBJ) -+lib: $(LIBOBJ) | subdirs - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ - - subdirs: - echo $(EDIRS) -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -@@ -128,7 +128,7 @@ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - tags: - ctags $(SRC) ---- openssl-1.0.2i/Makefile.org -+++ openssl-1.0.2i/Makefile.org -@@ -281,17 +281,17 @@ - build_libssl: build_ssl libssl.pc - - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) - build_ssl: build_crypto -- @dir=ssl; target=all; $(BUILD_ONE_CMD) -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) - build_engines: build_crypto -- @dir=engines; target=all; $(BUILD_ONE_CMD) -+ +@dir=engines; target=all; $(BUILD_ONE_CMD) - build_apps: build_libs -- @dir=apps; target=all; $(BUILD_ONE_CMD) -+ +@dir=apps; target=all; $(BUILD_ONE_CMD) - build_tests: build_libs -- @dir=test; target=all; $(BUILD_ONE_CMD) -+ +@dir=test; target=all; $(BUILD_ONE_CMD) - build_tools: build_libs -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ +@dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -@@ -547,7 +547,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @set -e; target=install; $(RECURSIVE_BUILD_CMD) -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ ---- openssl-1.0.2i/Makefile.shared -+++ openssl-1.0.2i/Makefile.shared -@@ -105,6 +105,7 @@ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -@@ -122,6 +123,7 @@ - done; \ - fi; \ - if [ -n "$$SHLIB_SOVER" ]; then \ -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ - fi; \ ---- openssl-1.0.2i/test/Makefile -+++ openssl-1.0.2i/test/Makefile -@@ -144,7 +144,7 @@ - tags: - ctags $(SRC) - --tests: exe apps $(TESTS) -+tests: exe $(TESTS) - - apps: - @(cd ..; $(MAKE) DIRS=apps all) -@@ -435,136 +435,136 @@ - link_app.$${shlib_target} - - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) -- @target=$(RSATEST); $(BUILD_CMD) -+ +@target=$(RSATEST); $(BUILD_CMD) - - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) -- @target=$(BNTEST); $(BUILD_CMD) -+ +@target=$(BNTEST); $(BUILD_CMD) - - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) -- @target=$(ECTEST); $(BUILD_CMD) -+ +@target=$(ECTEST); $(BUILD_CMD) - - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) -- @target=$(EXPTEST); $(BUILD_CMD) -+ +@target=$(EXPTEST); $(BUILD_CMD) - - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) -- @target=$(IDEATEST); $(BUILD_CMD) -+ +@target=$(IDEATEST); $(BUILD_CMD) - - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) -- @target=$(MD2TEST); $(BUILD_CMD) -+ +@target=$(MD2TEST); $(BUILD_CMD) - - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) -- @target=$(SHATEST); $(BUILD_CMD) -+ +@target=$(SHATEST); $(BUILD_CMD) - - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) -- @target=$(SHA1TEST); $(BUILD_CMD) -+ +@target=$(SHA1TEST); $(BUILD_CMD) - - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) -- @target=$(SHA256TEST); $(BUILD_CMD) -+ +@target=$(SHA256TEST); $(BUILD_CMD) - - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) -- @target=$(SHA512TEST); $(BUILD_CMD) -+ +@target=$(SHA512TEST); $(BUILD_CMD) - - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) -- @target=$(RMDTEST); $(BUILD_CMD) -+ +@target=$(RMDTEST); $(BUILD_CMD) - - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) -- @target=$(MDC2TEST); $(BUILD_CMD) -+ +@target=$(MDC2TEST); $(BUILD_CMD) - - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) -- @target=$(MD4TEST); $(BUILD_CMD) -+ +@target=$(MD4TEST); $(BUILD_CMD) - - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) -- @target=$(MD5TEST); $(BUILD_CMD) -+ +@target=$(MD5TEST); $(BUILD_CMD) - - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) -- @target=$(HMACTEST); $(BUILD_CMD) -+ +@target=$(HMACTEST); $(BUILD_CMD) - - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) -- @target=$(WPTEST); $(BUILD_CMD) -+ +@target=$(WPTEST); $(BUILD_CMD) - - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) -- @target=$(RC2TEST); $(BUILD_CMD) -+ +@target=$(RC2TEST); $(BUILD_CMD) - - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) -- @target=$(BFTEST); $(BUILD_CMD) -+ +@target=$(BFTEST); $(BUILD_CMD) - - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) -- @target=$(CASTTEST); $(BUILD_CMD) -+ +@target=$(CASTTEST); $(BUILD_CMD) - - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) -- @target=$(RC4TEST); $(BUILD_CMD) -+ +@target=$(RC4TEST); $(BUILD_CMD) - - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) -- @target=$(RC5TEST); $(BUILD_CMD) -+ +@target=$(RC5TEST); $(BUILD_CMD) - - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) -- @target=$(DESTEST); $(BUILD_CMD) -+ +@target=$(DESTEST); $(BUILD_CMD) - - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) -- @target=$(RANDTEST); $(BUILD_CMD) -+ +@target=$(RANDTEST); $(BUILD_CMD) - - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) -- @target=$(DHTEST); $(BUILD_CMD) -+ +@target=$(DHTEST); $(BUILD_CMD) - - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) -- @target=$(DSATEST); $(BUILD_CMD) -+ +@target=$(DSATEST); $(BUILD_CMD) - - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) -- @target=$(METHTEST); $(BUILD_CMD) -+ +@target=$(METHTEST); $(BUILD_CMD) - - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) -- @target=$(SSLTEST); $(FIPS_BUILD_CMD) -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) - - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) -- @target=$(ENGINETEST); $(BUILD_CMD) -+ +@target=$(ENGINETEST); $(BUILD_CMD) - - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) -- @target=$(EVPTEST); $(BUILD_CMD) -+ +@target=$(EVPTEST); $(BUILD_CMD) - - $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) -- @target=$(EVPEXTRATEST); $(BUILD_CMD) -+ +@target=$(EVPEXTRATEST); $(BUILD_CMD) - - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) -- @target=$(ECDSATEST); $(BUILD_CMD) -+ +@target=$(ECDSATEST); $(BUILD_CMD) - - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) -- @target=$(ECDHTEST); $(BUILD_CMD) -+ +@target=$(ECDHTEST); $(BUILD_CMD) - - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) -- @target=$(IGETEST); $(BUILD_CMD) -+ +@target=$(IGETEST); $(BUILD_CMD) - - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) -- @target=$(JPAKETEST); $(BUILD_CMD) -+ +@target=$(JPAKETEST); $(BUILD_CMD) - - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) -- @target=$(ASN1TEST); $(BUILD_CMD) -+ +@target=$(ASN1TEST); $(BUILD_CMD) - - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) -- @target=$(SRPTEST); $(BUILD_CMD) -+ +@target=$(SRPTEST); $(BUILD_CMD) - - $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO) -- @target=$(V3NAMETEST); $(BUILD_CMD) -+ +@target=$(V3NAMETEST); $(BUILD_CMD) - - $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) -- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) -+ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) - - $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o -- @target=$(CONSTTIMETEST) $(BUILD_CMD) -+ +@target=$(CONSTTIMETEST) $(BUILD_CMD) - - $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o -- @target=$(VERIFYEXTRATEST) $(BUILD_CMD) -+ +@target=$(VERIFYEXTRATEST) $(BUILD_CMD) - - $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o -- @target=$(CLIENTHELLOTEST) $(BUILD_CMD) -+ +@target=$(CLIENTHELLOTEST) $(BUILD_CMD) - - $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o -- @target=$(BADDTLSTEST) $(BUILD_CMD) -+ +@target=$(BADDTLSTEST) $(BUILD_CMD) - - $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o -- @target=$(SSLV2CONFTEST) $(BUILD_CMD) -+ +@target=$(SSLV2CONFTEST) $(BUILD_CMD) - - $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) -- @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) -+ +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) - - #$(AESTEST).o: $(AESTEST).c - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -577,7 +577,7 @@ - # fi - - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) -- @target=dummytest; $(BUILD_CMD) -+ +@target=dummytest; $(BUILD_CMD) - - # DO NOT DELETE THIS LINE -- make depend depends on it. - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2m.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2n.ebuild similarity index 83% rename from sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2m.ebuild rename to sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2n.ebuild index 98d8fe31ad..a88355e47e 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2m.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2n.ebuild @@ -1,19 +1,23 @@ # Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -EAPI="5" +EAPI="6" -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal systemd +inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal +PATCH_SET="openssl-1.0.2-patches-1.0" MY_P=${P/_/-} DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + mirror://gentoo/${PATCH_SET}.tar.xz + https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz" LICENSE="openssl" SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="+asm gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" +KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" +IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" +RESTRICT="!bindist? ( bindist )" RDEPEND=">=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) @@ -43,18 +47,11 @@ src_prepare() { rm -f Makefile if ! use vanilla ; then - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 - epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch - epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch - epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch - epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028 - epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch - epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 - epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338 - - epatch_user #332661 + eapply "${WORKDIR}"/patch/*.patch fi + eapply_user + # disable fips in the build # make sure the man pages are suffixed #302165 # don't bother building man pages if they're disabled @@ -82,7 +79,7 @@ src_prepare() { # allow openssl to be cross-compiled cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die - chmod a+rx gentoo.config + chmod a+rx gentoo.config || die append-flags -fno-strict-aliasing append-flags $(test-flags-CC -Wa,--noexecstack) @@ -142,6 +139,7 @@ multilib_src_configure() { ${sslout} \ $(use cpu_flags_x86_sse2 || echo "no-sse2") \ enable-camellia \ + $(use_ssl !bindist ec) \ ${ec_nistp_64_gcc_128} \ enable-idea \ enable-mdc2 \ @@ -200,8 +198,9 @@ multilib_src_install_all() { # we provide a shell version via app-misc/c_rehash rm "${ED}"/usr/bin/c_rehash || die - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* + local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el ) + einstalldocs + use rfc3779 && dodoc engines/ccgost/README.gost # This is crappy in that the static archives are still built even @@ -211,6 +210,11 @@ multilib_src_install_all() { # twice; once with shared lib support enabled and once without. use static-libs || rm -f "${ED}"/usr/lib*/lib*.a + # create the certs directory + dodir ${SSL_CNF_DIR}/certs + cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die + rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} + # Namespace openssl programs to prevent conflicts with other man pages cd "${ED}"/usr/share/man local m d s @@ -236,15 +240,12 @@ multilib_src_install_all() { dodir /etc/sandbox.d #254521 echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - # Don't keep the sample CA files and their ilk in /etc. - rm -r "${ED}"${SSL_CNF_DIR} - - # Save the default openssl.cnf in /usr and link it into place. - dodir /usr/share/ssl - insinto /usr/share/ssl - doins "${S}"/apps/openssl.cnf - systemd_dotmpfilesd "${FILESDIR}"/openssl.conf - - # Package the tmpfiles.d setup for SDK bootstrapping. - systemd-tmpfiles --create --root="${ED}" "${FILESDIR}"/openssl.conf + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_postinst() { + ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" + c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null + eend $? }