mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-22 06:51:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

dev-libs/openssl: Sync with the Gentoo 1.0.2n ebuild

Browse Source
This commit is contained in:
David Michael 2017-12-15 10:35:38 -05:00
parent 806d08dd9c
commit 7d355ae741
11 changed files with 33 additions and 1234 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest vendored
View File

@ -1 +1,2 @@
DIST openssl-1.0.2m.tar.gz 5373776 SHA256 8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f SHA512 7619aa223ee50d0f5e270ac9090e95b2b1ba5dfc656c98f625a9a277dda472fb960a4e89a7ba300044cb401b2072b2ca6a6fcce8206d927bf373d1c981806a93 WHIRLPOOL 0fa5ab02eb3ca8507b45c408739027f8632a77183a7355f8c31bcc5fedc507222e5cc44a4aff88b22fba87b69188f90465980c4a84bad1133287442ebd136a23 DIST openssl-1.0.2-patches-1.0.tar.xz 11572 SHA256 374df2ca88df2ff6c0726ed4c5a36d1f212948d30071cce29446e8a6ddb61a3f SHA512 15234ade359a0acf001cf10c7a7fc05f54603a44c67831529c2a6eda03342f9ba1cf40664ac782b5b73c50b23ec5649fb48ccff2aea8f0df2ef634959c47e3e9 WHIRLPOOL fcb1aaa0aff25044e3af29b469302881ca7943c98700163c17840e4052eab8e30cf40af41ce602bfb8c0eb7c7ec0e109d6be1dba307e7b204e18e06a778f59a4
DIST openssl-1.0.2n.tar.gz 5375802 SHA256 370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe SHA512 144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687 WHIRLPOOL a0034add5bb37616389fe1a1cca90622fadf1cc3e648e574dce0010d7a38a84e07d705cbc0fcbd28fd7c120c4852e9f5a419f42a6a55b33a06e2591bc1697d03

2
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/gentoo.config-1.0.2 vendored Executable file → Normal file
View File

@ -1,5 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Copyright 1999-2014 Gentoo Foundation # Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
# #
# Openssl doesn't play along nicely with cross-compiling # Openssl doesn't play along nicely with cross-compiling

29
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch vendored
View File

@ -1,29 +0,0 @@
http://bugs.gentoo.org/181438
http://bugs.gentoo.org/327421
https://rt.openssl.org/Ticket/Display.html?id=3331&user=guest&pass=guest
make sure we respect LDFLAGS
also make sure we don't add useless -rpath flags to the system libdir
--- Makefile.org
+++ Makefile.org
@@ -189,6 +189,7 @@
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
MAKEDEPPROG='$(MAKEDEPPROG)' \
+ LDFLAGS='${LDFLAGS}' \
SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
--- Makefile.shared
+++ Makefile.shared
@@ -153,7 +153,7 @@
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
+DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)"
#This is rather special. It's a special target with which one can link
#applications without bothering with any features that have anything to

30
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch vendored
View File

@ -1,30 +0,0 @@
https://bugs.gentoo.org/554338
https://rt.openssl.org/Ticket/Display.html?id=3934&user=guest&pass=guest
From 7c2e97f8bbae517496fdc11f475b4ae54b2534f5 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Fri, 10 Jul 2015 01:50:52 -0400
Subject: [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions
The _BSD_SOURCE macro is replaced by the _DEFAULT_SOURCE macro. Using
just the former with newer versions leads to a build time warning, so
make sure to use the new macro too.
---
ssl/ssltest.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 26cf96c..b36f667 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -141,6 +141,7 @@
*/
/* Or gethostname won't be declared properly on Linux and GNU platforms. */
+#define _DEFAULT_SOURCE 1
#define _BSD_SOURCE 1
#include <assert.h>
--
2.4.4

611
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch vendored
View File

@ -1,611 +0,0 @@
http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
--- openssl-1.0.2/apps/s_apps.h
+++ openssl-1.0.2/apps/s_apps.h
@@ -154,7 +154,7 @@
int do_server(int port, int type, int *ret,
int (*cb) (char *hostname, int s, int stype,
unsigned char *context), unsigned char *context,
- int naccept);
+ int naccept, int use_ipv4, int use_ipv6);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
@@ -167,7 +167,8 @@
int ssl_print_curves(BIO *out, SSL *s, int noshared);
#endif
int ssl_print_tmp_key(BIO *out, SSL *s);
-int init_client(int *sock, char *server, int port, int type);
+int init_client(int *sock, char *server, int port, int type,
+ int use_ipv4, int use_ipv6);
int should_retry(int i);
int extract_port(char *str, short *port_ptr);
int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
--- openssl-1.0.2/apps/s_client.c
+++ openssl-1.0.2/apps/s_client.c
@@ -302,6 +302,10 @@
{
BIO_printf(bio_err, "usage: s_client args\n");
BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err, " -4 - use IPv4 only\n");
+#if OPENSSL_USE_IPV6
+ BIO_printf(bio_err, " -6 - use IPv6 only\n");
+#endif
BIO_printf(bio_err, " -host host - use -connect instead\n");
BIO_printf(bio_err, " -port port - use -connect instead\n");
BIO_printf(bio_err,
@@ -658,6 +662,7 @@
int sbuf_len, sbuf_off;
fd_set readfds, writefds;
short port = PORT;
+ int use_ipv4, use_ipv6;
int full_log = 1;
char *host = SSL_HOST_NAME;
char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
@@ -709,7 +714,11 @@
#endif
char *sess_in = NULL;
char *sess_out = NULL;
- struct sockaddr peer;
+#if OPENSSL_USE_IPV6
+ struct sockaddr_storage peer;
+#else
+ struct sockaddr_in peer;
+#endif
int peerlen = sizeof(peer);
int fallback_scsv = 0;
int enable_timeouts = 0;
@@ -737,6 +746,12 @@
meth = SSLv23_client_method();
+ use_ipv4 = 1;
+#if OPENSSL_USE_IPV6
+ use_ipv6 = 1;
+#else
+ use_ipv6 = 0;
+#endif
apps_startup();
c_Pause = 0;
c_quiet = 0;
@@ -1096,6 +1111,16 @@
jpake_secret = *++argv;
}
#endif
+ else if (strcmp(*argv,"-4") == 0) {
+ use_ipv4 = 1;
+ use_ipv6 = 0;
+ }
+#if OPENSSL_USE_IPV6
+ else if (strcmp(*argv,"-6") == 0) {
+ use_ipv4 = 0;
+ use_ipv6 = 1;
+ }
+#endif
#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv, "-use_srtp") == 0) {
if (--argc < 1)
@@ -1421,7 +1446,7 @@
re_start:
- if (init_client(&s, host, port, socket_type) == 0) {
+ if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) {
BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
SHUTDOWN(s);
goto end;
@@ -1444,7 +1469,7 @@
if (socket_type == SOCK_DGRAM) {
sbio = BIO_new_dgram(s, BIO_NOCLOSE);
- if (getsockname(s, &peer, (void *)&peerlen) < 0) {
+ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) {
BIO_printf(bio_err, "getsockname:errno=%d\n",
get_last_socket_error());
SHUTDOWN(s);
--- openssl-1.0.2/apps/s_server.c
+++ openssl-1.0.2/apps/s_server.c
@@ -643,6 +643,10 @@
BIO_printf(bio_err,
" -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n");
#endif
+ BIO_printf(bio_err, " -4 - use IPv4 only\n");
+#if OPENSSL_USE_IPV6
+ BIO_printf(bio_err, " -6 - use IPv6 only\n");
+#endif
BIO_printf(bio_err,
" -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err,
@@ -1070,6 +1074,7 @@
int state = 0;
const SSL_METHOD *meth = NULL;
int socket_type = SOCK_STREAM;
+ int use_ipv4, use_ipv6;
ENGINE *e = NULL;
char *inrand = NULL;
int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
@@ -1111,6 +1116,12 @@
meth = SSLv23_server_method();
+ use_ipv4 = 1;
+#if OPENSSL_USE_IPV6
+ use_ipv6 = 1;
+#else
+ use_ipv6 = 0;
+#endif
local_argc = argc;
local_argv = argv;
@@ -1503,6 +1514,16 @@
jpake_secret = *(++argv);
}
#endif
+ else if (strcmp(*argv,"-4") == 0) {
+ use_ipv4 = 1;
+ use_ipv6 = 0;
+ }
+#if OPENSSL_USE_IPV6
+ else if (strcmp(*argv,"-6") == 0) {
+ use_ipv4 = 0;
+ use_ipv6 = 1;
+ }
+#endif
#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv, "-use_srtp") == 0) {
if (--argc < 1)
@@ -2023,13 +2044,13 @@
(void)BIO_flush(bio_s_out);
if (rev)
do_server(port, socket_type, &accept_socket, rev_body, context,
- naccept);
+ naccept, use_ipv4, use_ipv6);
else if (www)
do_server(port, socket_type, &accept_socket, www_body, context,
- naccept);
+ naccept, use_ipv4, use_ipv6);
else
do_server(port, socket_type, &accept_socket, sv_body, context,
- naccept);
+ naccept, use_ipv4, use_ipv6);
print_stats(bio_s_out, ctx);
ret = 0;
end:
--- openssl-1.0.2/apps/s_socket.c
+++ openssl-1.0.2/apps/s_socket.c
@@ -101,16 +101,16 @@
# include "netdb.h"
# endif
-static struct hostent *GetHostByName(char *name);
+static struct hostent *GetHostByName(char *name, int domain);
# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
static void ssl_sock_cleanup(void);
# endif
static int ssl_sock_init(void);
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
-static int init_server(int *sock, int port, int type);
-static int init_server_long(int *sock, int port, char *ip, int type);
+static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain);
+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6);
static int do_accept(int acc_sock, int *sock, char **host);
-static int host_ip(char *str, unsigned char ip[4]);
+static int host_ip(char *str, unsigned char *ip, int domain);
# ifdef OPENSSL_SYS_WIN16
# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
@@ -231,38 +231,68 @@
return (1);
}
-int init_client(int *sock, char *host, int port, int type)
+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
{
+# if OPENSSL_USE_IPV6
+ unsigned char ip[16];
+# else
unsigned char ip[4];
+# endif
- memset(ip, '\0', sizeof ip);
- if (!host_ip(host, &(ip[0])))
- return 0;
- return init_client_ip(sock, ip, port, type);
-}
-
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
-{
- unsigned long addr;
+ if (use_ipv4)
+ if (host_ip(host, ip, AF_INET))
+ return(init_client_ip(sock, ip, port, type, AF_INET));
+# if OPENSSL_USE_IPV6
+ if (use_ipv6)
+ if (host_ip(host, ip, AF_INET6))
+ return(init_client_ip(sock, ip, port, type, AF_INET6));
+# endif
+ return 0;
+}
+
+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
+{
+# if OPENSSL_USE_IPV6
+ struct sockaddr_storage them;
+ struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
+ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
+# else
struct sockaddr_in them;
+ struct sockaddr_in *them_in = &them;
+# endif
+ socklen_t addr_len;
int s, i;
if (!ssl_sock_init())
return (0);
memset((char *)&them, 0, sizeof(them));
- them.sin_family = AF_INET;
- them.sin_port = htons((unsigned short)port);
- addr = (unsigned long)
- ((unsigned long)ip[0] << 24L) |
- ((unsigned long)ip[1] << 16L) |
- ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
- them.sin_addr.s_addr = htonl(addr);
+ if (domain == AF_INET) {
+ addr_len = (socklen_t)sizeof(struct sockaddr_in);
+ them_in->sin_family=AF_INET;
+ them_in->sin_port=htons((unsigned short)port);
+# ifndef BIT_FIELD_LIMITS
+ memcpy(&them_in->sin_addr.s_addr, ip, 4);
+# else
+ memcpy(&them_in->sin_addr, ip, 4);
+# endif
+ }
+ else
+# if OPENSSL_USE_IPV6
+ {
+ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
+ them_in6->sin6_family=AF_INET6;
+ them_in6->sin6_port=htons((unsigned short)port);
+ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
+ }
+# else
+ return(0);
+# endif
if (type == SOCK_STREAM)
- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
+ s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
else /* ( type == SOCK_DGRAM) */
- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ s = socket(domain, SOCK_DGRAM, IPPROTO_UDP);
if (s == INVALID_SOCKET) {
perror("socket");
@@ -280,7 +310,7 @@
}
# endif
- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
+ if (connect(s, (struct sockaddr *)&them, addr_len) == -1) {
closesocket(s);
perror("connect");
return (0);
@@ -292,14 +322,14 @@
int do_server(int port, int type, int *ret,
int (*cb) (char *hostname, int s, int stype,
unsigned char *context), unsigned char *context,
- int naccept)
+ int naccept, int use_ipv4, int use_ipv6)
{
int sock;
char *name = NULL;
int accept_socket = 0;
int i;
- if (!init_server(&accept_socket, port, type))
+ if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6))
return (0);
if (ret != NULL) {
@@ -328,32 +358,41 @@
}
}
-static int init_server_long(int *sock, int port, char *ip, int type)
+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
{
int ret = 0;
+ int domain;
+# if OPENSSL_USE_IPV6
+ struct sockaddr_storage server;
+ struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
+ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
+# else
struct sockaddr_in server;
+ struct sockaddr_in *server_in = &server;
+# endif
+ socklen_t addr_len;
int s = -1;
+ if (!use_ipv4 && !use_ipv6)
+ goto err;
+# if OPENSSL_USE_IPV6
+ /* we are fine here */
+# else
+ if (use_ipv6)
+ goto err;
+# endif
if (!ssl_sock_init())
return (0);
- memset((char *)&server, 0, sizeof(server));
- server.sin_family = AF_INET;
- server.sin_port = htons((unsigned short)port);
- if (ip == NULL)
- server.sin_addr.s_addr = INADDR_ANY;
- else
-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-# ifndef BIT_FIELD_LIMITS
- memcpy(&server.sin_addr.s_addr, ip, 4);
+#if OPENSSL_USE_IPV6
+ domain = use_ipv6 ? AF_INET6 : AF_INET;
# else
- memcpy(&server.sin_addr, ip, 4);
+ domain = AF_INET;
# endif
-
if (type == SOCK_STREAM)
- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
- else /* type == SOCK_DGRAM */
- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ s=socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
+ else /* type == SOCK_DGRAM */
+ s=socket(domain, SOCK_DGRAM, IPPROTO_UDP);
if (s == INVALID_SOCKET)
goto err;
@@ -363,7 +402,42 @@
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
}
# endif
- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
+# if OPENSSL_USE_IPV6
+ if ((use_ipv4 == 0) && (use_ipv6 == 1)) {
+ const int on = 1;
+
+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
+ (const void *) &on, sizeof(int));
+ }
+# endif
+ if (domain == AF_INET) {
+ addr_len = (socklen_t)sizeof(struct sockaddr_in);
+ memset(server_in, 0, sizeof(struct sockaddr_in));
+ server_in->sin_family=AF_INET;
+ server_in->sin_port = htons((unsigned short)port);
+ if (ip == NULL)
+ server_in->sin_addr.s_addr = htonl(INADDR_ANY);
+ else
+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+# ifndef BIT_FIELD_LIMITS
+ memcpy(&server_in->sin_addr.s_addr, ip, 4);
+# else
+ memcpy(&server_in->sin_addr, ip, 4);
+# endif
+ }
+# if OPENSSL_USE_IPV6
+ else {
+ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
+ memset(server_in6, 0, sizeof(struct sockaddr_in6));
+ server_in6->sin6_family = AF_INET6;
+ server_in6->sin6_port = htons((unsigned short)port);
+ if (ip == NULL)
+ server_in6->sin6_addr = in6addr_any;
+ else
+ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
+ }
+# endif
+ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) {
# ifndef OPENSSL_SYS_WINDOWS
perror("bind");
# endif
@@ -381,16 +455,23 @@
return (ret);
}
-static int init_server(int *sock, int port, int type)
+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
{
- return (init_server_long(sock, port, NULL, type));
+ return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
}
static int do_accept(int acc_sock, int *sock, char **host)
{
int ret;
struct hostent *h1, *h2;
- static struct sockaddr_in from;
+#if OPENSSL_USE_IPV6
+ struct sockaddr_storage from;
+ struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
+ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
+#else
+ struct sockaddr_in from;
+ struct sockaddr_in *from_in = &from;
+#endif
int len;
/* struct linger ling; */
@@ -440,14 +521,25 @@
if (host == NULL)
goto end;
+# if OPENSSL_USE_IPV6
+ if (from.ss_family == AF_INET)
+# else
+ if (from.sin_family == AF_INET)
+# endif
# ifndef BIT_FIELD_LIMITS
- /* I should use WSAAsyncGetHostByName() under windows */
- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
- sizeof(from.sin_addr.s_addr), AF_INET);
+ /* I should use WSAAsyncGetHostByName() under windows */
+ h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr,
+ sizeof(from_in->sin_addr.s_addr), AF_INET);
# else
- h1 = gethostbyaddr((char *)&from.sin_addr,
- sizeof(struct in_addr), AF_INET);
+ h1 = gethostbyaddr((char *)&from_in->sin_addr,
+ sizeof(struct in_addr), AF_INET);
+# endif
+# if OPENSSL_USE_IPV6
+ else
+ h1 = gethostbyaddr((char *)&from_in6->sin6_addr,
+ sizeof(struct in6_addr), AF_INET6);
# endif
+
if (h1 == NULL) {
BIO_printf(bio_err, "bad gethostbyaddr\n");
*host = NULL;
@@ -460,14 +552,22 @@
}
BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
- h2 = GetHostByName(*host);
+# if OPENSSL_USE_IPV6
+ h2=GetHostByName(*host, from.ss_family);
+# else
+ h2=GetHostByName(*host, from.sin_family);
+# endif
if (h2 == NULL) {
BIO_printf(bio_err, "gethostbyname failure\n");
closesocket(ret);
return (0);
}
- if (h2->h_addrtype != AF_INET) {
- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
+# if OPENSSL_USE_IPV6
+ if (h2->h_addrtype != from.ss_family) {
+# else
+ if (h2->h_addrtype != from.sin_family) {
+# endif
+ BIO_printf(bio_err, "gethostbyname addr is not correct\n");
closesocket(ret);
return (0);
}
@@ -483,14 +583,14 @@
char *h, *p;
h = str;
- p = strchr(str, ':');
+ p = strrchr(str, ':');
if (p == NULL) {
BIO_printf(bio_err, "no port defined\n");
return (0);
}
*(p++) = '\0';
- if ((ip != NULL) && !host_ip(str, ip))
+ if ((ip != NULL) && !host_ip(str, ip, AF_INET))
goto err;
if (host_ptr != NULL)
*host_ptr = h;
@@ -502,44 +602,51 @@
return (0);
}
-static int host_ip(char *str, unsigned char ip[4])
+static int host_ip(char *str, unsigned char *ip, int domain)
{
unsigned int in[4];
+ unsigned long l;
int i;
- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
- 4) {
+ if ((domain == AF_INET) && (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == 4)) {
for (i = 0; i < 4; i++)
if (in[i] > 255) {
BIO_printf(bio_err, "invalid IP address\n");
goto err;
}
- ip[0] = in[0];
- ip[1] = in[1];
- ip[2] = in[2];
- ip[3] = in[3];
- } else { /* do a gethostbyname */
+ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
+ memcpy(ip, &l, 4);
+ return 1;
+ }
+# if OPENSSL_USE_IPV6
+ else if ((domain == AF_INET6) && (inet_pton(AF_INET6, str, ip) == 1))
+ return 1;
+# endif
+ else { /* do a gethostbyname */
struct hostent *he;
if (!ssl_sock_init())
return (0);
- he = GetHostByName(str);
+ he = GetHostByName(str, domain);
if (he == NULL) {
BIO_printf(bio_err, "gethostbyname failure\n");
goto err;
}
/* cast to short because of win16 winsock definition */
- if ((short)he->h_addrtype != AF_INET) {
- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
+ if ((short)he->h_addrtype != domain) {
+ BIO_printf(bio_err, "gethostbyname addr is not correct\n");
return (0);
}
- ip[0] = he->h_addr_list[0][0];
- ip[1] = he->h_addr_list[0][1];
- ip[2] = he->h_addr_list[0][2];
- ip[3] = he->h_addr_list[0][3];
+ if (domain == AF_INET)
+ memset(ip, 0, 4);
+# if OPENSSL_USE_IPV6
+ else
+ memset(ip, 0, 16);
+# endif
+ memcpy(ip, he->h_addr_list[0], he->h_length);
+ return 1;
}
- return (1);
err:
return (0);
}
@@ -573,7 +680,7 @@
static unsigned long ghbn_hits = 0L;
static unsigned long ghbn_miss = 0L;
-static struct hostent *GetHostByName(char *name)
+static struct hostent *GetHostByName(char *name, int domain)
{
struct hostent *ret;
int i, lowi = 0;
@@ -585,13 +692,18 @@
lowi = i;
}
if (ghbn_cache[i].order > 0) {
- if (strncmp(name, ghbn_cache[i].name, 128) == 0)
+ if ((strncmp(name, ghbn_cache[i].name, 128) == 0) && (ghbn_cache[i].ent.h_addrtype == domain))
break;
}
}
if (i == GHBN_NUM) { /* no hit */
ghbn_miss++;
- ret = gethostbyname(name);
+ if (domain == AF_INET)
+ ret = gethostbyname(name);
+# if OPENSSL_USE_IPV6
+ else
+ ret = gethostbyname2(name, AF_INET6);
+# endif
if (ret == NULL)
return (NULL);
/* else add to cache */

64
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch vendored
View File

@ -1,64 +0,0 @@
https://rt.openssl.org/Ticket/Display.html?id=3736&user=guest&pass=guest
From aba899f2eca21e11e5e9797bf8258e7265dea9f5 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sun, 8 Mar 2015 01:32:01 -0500
Subject: [PATCH] fix parallel install with dir creation
The mkdir-p.pl does not handle parallel creation of directories.
This comes up when the install_sw and install_docs rules run and
both call mkdir-p.pl on sibling directory trees.
Instead, lets create a single install_dirs rule that makes all of
the dirs we need, and have these two install steps depend on that.
---
Makefile.org | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/Makefile.org b/Makefile.org
index a6d9471..78e6143 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -536,9 +536,9 @@
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-install: all install_docs install_sw
+install: install_docs install_sw
-install_sw:
+install_dirs:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
@@ -547,6 +547,13 @@
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
+ @$(PERL) $(TOP)/util/mkdir-p.pl \
+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
+ $(INSTALL_PREFIX)$(MANDIR)/man7
+
+install_sw: install_dirs
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
@@ -636,12 +643,7 @@
done; \
done
-install_docs:
- @$(PERL) $(TOP)/util/mkdir-p.pl \
- $(INSTALL_PREFIX)$(MANDIR)/man1 \
- $(INSTALL_PREFIX)$(MANDIR)/man3 \
- $(INSTALL_PREFIX)$(MANDIR)/man5 \
- $(INSTALL_PREFIX)$(MANDIR)/man7
+install_docs: install_dirs
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
--
2.3.4

37
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch vendored
View File

@ -1,37 +0,0 @@
https://rt.openssl.org/Ticket/Display.html?id=3737&user=guest&pass=guest
From ce279d4361e07e9af9ceca8a6e326e661758ad53 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sun, 8 Mar 2015 01:34:48 -0500
Subject: [PATCH] fix parallel generation of obj headers
The current code has dummy sleep/touch commands to try and work
around the parallel issue, but that is obviously racy. Instead
lets force one of the files to depend on the other so we know
they'll never run in parallel.
---
crypto/objects/Makefile | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile
index ad2db1e..7d32504 100644
--- a/crypto/objects/Makefile
+++ b/crypto/objects/Makefile
@@ -44,11 +44,11 @@
# objects.pl both reads and writes obj_mac.num
obj_mac.h: objects.pl objects.txt obj_mac.num
$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
- @sleep 1; touch obj_mac.h; sleep 1
-obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
+# This doesn't really need obj_mac.h, but since that rule reads & writes
+# obj_mac.num, we can't run in parallel with it.
+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
$(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
- @sleep 1; touch obj_xref.h; sleep 1
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
--
2.3.4

63
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch vendored
View File

@ -1,63 +0,0 @@
https://rt.openssl.org/Ticket/Display.html?id=3780&user=guest&pass=guest
From cc81af135bda47eaa6956a0329cbbc55bf993ac1 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Fri, 3 Apr 2015 01:16:23 -0400
Subject: [PATCH] fix race when symlink shareds libs
When the crypto/ssl targets attempt to build their shared libs, they run:
cd ..; make libcrypto.so.1.0.0
The top level Makefile in turn runs the build-shared target for that lib.
The build-shared target depends on both do_$(SHLIB_TARGET) & link-shared.
When building in parallel, make is allowed to run both of these. They
both run Makefile.shared for their respective targets:
do_$(SHLIB_TARGET) ->
link_a.linux-shared ->
link_a.gnu ->
...; $(LINK_SO_A) ->
$(LINK_SO) ->
$(SYMLINK_SO)
link-shared ->
symlink.linux-shared ->
symlink.gnu ->
...; $(SYMLINK_SO)
The shell code for SYMLINK_SO attempts to do a [ -e lib ] check, but fails
basic TOCTOU semantics. Depending on the load, that means two processes
will run the sequence:
rm -f libcrypto.so
ln -s libcrypto.so.1.0.0 libcrypto.so
Which obviously fails:
ln: failed to create symbolic link 'libcrypto.so': File exists
Since we know do_$(SHLIB_TARGET) will create the symlink for us, don't
bother depending on link-shared at all in the top level Makefile when
building things.
Reported-by: Martin von Gagern <Martin.vGagern@gmx.net>
URL: https://bugs.gentoo.org/545028
---
Makefile.org | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/Makefile.org b/Makefile.org
index 890bfe4..576c60e 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -350,7 +350,10 @@ link-shared:
libs="$$libs -l$$i"; \
done
-build-shared: do_$(SHLIB_TARGET) link-shared
+# The link target in Makefile.shared will create the symlink for us, so no need
+# to call link-shared directly. Doing so will cause races with two processes
+# trying to symlink the lib.
+build-shared: do_$(SHLIB_TARGET)
do_$(SHLIB_TARGET):
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
--
2.3.4

43
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch vendored
View File

@ -1,43 +0,0 @@
https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sat, 21 Mar 2015 06:01:25 -0400
Subject: [PATCH] crypto: use bigint in x86-64 perl
When building on x32 systems where the default type is 32bit, make sure
we can transparently represent 64bit integers. Otherwise we end up with
build errors like:
/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
...
ghash-x86_64.s: Assembler messages:
ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
We don't enable this globally as there are some cases where we'd get
32bit values interpreted as unsigned when we need them as signed.
Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
URL: https://bugs.gentoo.org/542618
---
crypto/perlasm/x86_64-xlate.pl | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index aae8288..0bf9774 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -195,6 +195,10 @@ my %globals;
sub out {
my $self = shift;
+ # When building on x32 ABIs, the expanded hex value might be too
+ # big to fit into 32bits. Enable transparent 64bit support here
+ # so we can safely print it out.
+ use bigint;
if ($gas) {
# Solaris /usr/ccs/bin/as can't handle multiplications
# in $self->{value}
--
2.3.3

326
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch vendored
View File

@ -1,326 +0,0 @@
--- openssl-1.0.2i/crypto/Makefile
+++ openssl-1.0.2i/crypto/Makefile
@@ -85,11 +85,11 @@
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
subdirs:
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
- @target=files; $(RECURSIVE_MAKE)
+ +@target=files; $(RECURSIVE_MAKE)
links:
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
@@ -100,7 +100,7 @@
# lib: $(LIB): are splitted to avoid end-less loop
lib: $(LIB)
@touch lib
-$(LIB): $(LIBOBJ)
+$(LIB): $(LIBOBJ) | subdirs
$(AR) $(LIB) $(LIBOBJ)
test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
$(RANLIB) $(LIB) || echo Never mind.
@@ -111,7 +111,7 @@
fi
libs:
- @target=lib; $(RECURSIVE_MAKE)
+ +@target=lib; $(RECURSIVE_MAKE)
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@@ -120,7 +120,7 @@
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
lint:
@target=lint; $(RECURSIVE_MAKE)
--- openssl-1.0.2i/engines/Makefile
+++ openssl-1.0.2i/engines/Makefile
@@ -72,7 +72,7 @@
all: lib subdirs
-lib: $(LIBOBJ)
+lib: $(LIBOBJ) | subdirs
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
for l in $(LIBNAMES); do \
@@ -89,7 +89,7 @@
subdirs:
echo $(EDIRS)
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -128,7 +128,7 @@
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
done; \
fi
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
tags:
ctags $(SRC)
--- openssl-1.0.2i/Makefile.org
+++ openssl-1.0.2i/Makefile.org
@@ -281,17 +281,17 @@
build_libssl: build_ssl libssl.pc
build_crypto:
- @dir=crypto; target=all; $(BUILD_ONE_CMD)
+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
build_ssl: build_crypto
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines: build_crypto
- @dir=engines; target=all; $(BUILD_ONE_CMD)
+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
build_apps: build_libs
- @dir=apps; target=all; $(BUILD_ONE_CMD)
+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
build_tests: build_libs
- @dir=test; target=all; $(BUILD_ONE_CMD)
+ +@dir=test; target=all; $(BUILD_ONE_CMD)
build_tools: build_libs
- @dir=tools; target=all; $(BUILD_ONE_CMD)
+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
@@ -547,7 +547,7 @@
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
do \
if [ -f "$$i" ]; then \
--- openssl-1.0.2i/Makefile.shared
+++ openssl-1.0.2i/Makefile.shared
@@ -105,6 +105,7 @@
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
@@ -122,6 +123,7 @@
done; \
fi; \
if [ -n "$$SHLIB_SOVER" ]; then \
+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
fi; \
--- openssl-1.0.2i/test/Makefile
+++ openssl-1.0.2i/test/Makefile
@@ -144,7 +144,7 @@
tags:
ctags $(SRC)
-tests: exe apps $(TESTS)
+tests: exe $(TESTS)
apps:
@(cd ..; $(MAKE) DIRS=apps all)
@@ -435,136 +435,136 @@
link_app.$${shlib_target}
$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
- @target=$(RSATEST); $(BUILD_CMD)
+ +@target=$(RSATEST); $(BUILD_CMD)
$(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
- @target=$(BNTEST); $(BUILD_CMD)
+ +@target=$(BNTEST); $(BUILD_CMD)
$(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
- @target=$(ECTEST); $(BUILD_CMD)
+ +@target=$(ECTEST); $(BUILD_CMD)
$(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
- @target=$(EXPTEST); $(BUILD_CMD)
+ +@target=$(EXPTEST); $(BUILD_CMD)
$(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
- @target=$(IDEATEST); $(BUILD_CMD)
+ +@target=$(IDEATEST); $(BUILD_CMD)
$(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
- @target=$(MD2TEST); $(BUILD_CMD)
+ +@target=$(MD2TEST); $(BUILD_CMD)
$(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
- @target=$(SHATEST); $(BUILD_CMD)
+ +@target=$(SHATEST); $(BUILD_CMD)
$(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
- @target=$(SHA1TEST); $(BUILD_CMD)
+ +@target=$(SHA1TEST); $(BUILD_CMD)
$(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
- @target=$(SHA256TEST); $(BUILD_CMD)
+ +@target=$(SHA256TEST); $(BUILD_CMD)
$(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
- @target=$(SHA512TEST); $(BUILD_CMD)
+ +@target=$(SHA512TEST); $(BUILD_CMD)
$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
- @target=$(RMDTEST); $(BUILD_CMD)
+ +@target=$(RMDTEST); $(BUILD_CMD)
$(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
- @target=$(MDC2TEST); $(BUILD_CMD)
+ +@target=$(MDC2TEST); $(BUILD_CMD)
$(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
- @target=$(MD4TEST); $(BUILD_CMD)
+ +@target=$(MD4TEST); $(BUILD_CMD)
$(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
- @target=$(MD5TEST); $(BUILD_CMD)
+ +@target=$(MD5TEST); $(BUILD_CMD)
$(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
- @target=$(HMACTEST); $(BUILD_CMD)
+ +@target=$(HMACTEST); $(BUILD_CMD)
$(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
- @target=$(WPTEST); $(BUILD_CMD)
+ +@target=$(WPTEST); $(BUILD_CMD)
$(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
- @target=$(RC2TEST); $(BUILD_CMD)
+ +@target=$(RC2TEST); $(BUILD_CMD)
$(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
- @target=$(BFTEST); $(BUILD_CMD)
+ +@target=$(BFTEST); $(BUILD_CMD)
$(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
- @target=$(CASTTEST); $(BUILD_CMD)
+ +@target=$(CASTTEST); $(BUILD_CMD)
$(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
- @target=$(RC4TEST); $(BUILD_CMD)
+ +@target=$(RC4TEST); $(BUILD_CMD)
$(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
- @target=$(RC5TEST); $(BUILD_CMD)
+ +@target=$(RC5TEST); $(BUILD_CMD)
$(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
- @target=$(DESTEST); $(BUILD_CMD)
+ +@target=$(DESTEST); $(BUILD_CMD)
$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
- @target=$(RANDTEST); $(BUILD_CMD)
+ +@target=$(RANDTEST); $(BUILD_CMD)
$(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
- @target=$(DHTEST); $(BUILD_CMD)
+ +@target=$(DHTEST); $(BUILD_CMD)
$(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
- @target=$(DSATEST); $(BUILD_CMD)
+ +@target=$(DSATEST); $(BUILD_CMD)
$(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
- @target=$(METHTEST); $(BUILD_CMD)
+ +@target=$(METHTEST); $(BUILD_CMD)
$(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
$(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
- @target=$(ENGINETEST); $(BUILD_CMD)
+ +@target=$(ENGINETEST); $(BUILD_CMD)
$(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
- @target=$(EVPTEST); $(BUILD_CMD)
+ +@target=$(EVPTEST); $(BUILD_CMD)
$(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
- @target=$(EVPEXTRATEST); $(BUILD_CMD)
+ +@target=$(EVPEXTRATEST); $(BUILD_CMD)
$(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
- @target=$(ECDSATEST); $(BUILD_CMD)
+ +@target=$(ECDSATEST); $(BUILD_CMD)
$(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
- @target=$(ECDHTEST); $(BUILD_CMD)
+ +@target=$(ECDHTEST); $(BUILD_CMD)
$(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
- @target=$(IGETEST); $(BUILD_CMD)
+ +@target=$(IGETEST); $(BUILD_CMD)
$(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
- @target=$(JPAKETEST); $(BUILD_CMD)
+ +@target=$(JPAKETEST); $(BUILD_CMD)
$(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
- @target=$(ASN1TEST); $(BUILD_CMD)
+ +@target=$(ASN1TEST); $(BUILD_CMD)
$(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
- @target=$(SRPTEST); $(BUILD_CMD)
+ +@target=$(SRPTEST); $(BUILD_CMD)
$(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
- @target=$(V3NAMETEST); $(BUILD_CMD)
+ +@target=$(V3NAMETEST); $(BUILD_CMD)
$(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
$(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
- @target=$(CONSTTIMETEST) $(BUILD_CMD)
+ +@target=$(CONSTTIMETEST) $(BUILD_CMD)
$(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
- @target=$(VERIFYEXTRATEST) $(BUILD_CMD)
+ +@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
$(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
- @target=$(CLIENTHELLOTEST) $(BUILD_CMD)
+ +@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
$(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
- @target=$(BADDTLSTEST) $(BUILD_CMD)
+ +@target=$(BADDTLSTEST) $(BUILD_CMD)
$(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
- @target=$(SSLV2CONFTEST) $(BUILD_CMD)
+ +@target=$(SSLV2CONFTEST) $(BUILD_CMD)
$(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
- @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
+ +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
@@ -577,7 +577,7 @@
# fi
dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
- @target=dummytest; $(BUILD_CMD)
+ +@target=dummytest; $(BUILD_CMD)
# DO NOT DELETE THIS LINE -- make depend depends on it.

59
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2m.ebuild → sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2n.ebuild vendored
View File

@ -1,19 +1,23 @@
# Copyright 1999-2017 Gentoo Foundation # Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI="5" EAPI="6"
inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal systemd inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
PATCH_SET="openssl-1.0.2-patches-1.0"
MY_P=${P/_/-} MY_P=${P/_/-}
DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
HOMEPAGE="https://www.openssl.org/" HOMEPAGE="https://www.openssl.org/"
SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
mirror://gentoo/${PATCH_SET}.tar.xz
https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz"
LICENSE="openssl" LICENSE="openssl"
SLOT="0" SLOT="0"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
IUSE="+asm gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
RESTRICT="!bindist? ( bindist )"
RDEPEND=">=app-misc/c_rehash-1.7-r1 RDEPEND=">=app-misc/c_rehash-1.7-r1
gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
@ -43,18 +47,11 @@ src_prepare() {
rm -f Makefile rm -f Makefile
if ! use vanilla ; then if ! use vanilla ; then
epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 eapply "${WORKDIR}"/patch/*.patch
epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch
epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
epatch_user #332661
fi fi
eapply_user
# disable fips in the build # disable fips in the build
# make sure the man pages are suffixed #302165 # make sure the man pages are suffixed #302165
# don't bother building man pages if they're disabled # don't bother building man pages if they're disabled
@ -82,7 +79,7 @@ src_prepare() {
# allow openssl to be cross-compiled # allow openssl to be cross-compiled
cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
chmod a+rx gentoo.config chmod a+rx gentoo.config || die
append-flags -fno-strict-aliasing append-flags -fno-strict-aliasing
append-flags $(test-flags-CC -Wa,--noexecstack) append-flags $(test-flags-CC -Wa,--noexecstack)
@ -142,6 +139,7 @@ multilib_src_configure() {
${sslout} \ ${sslout} \
$(use cpu_flags_x86_sse2 || echo "no-sse2") \ $(use cpu_flags_x86_sse2 || echo "no-sse2") \
enable-camellia \ enable-camellia \
$(use_ssl !bindist ec) \
${ec_nistp_64_gcc_128} \ ${ec_nistp_64_gcc_128} \
enable-idea \ enable-idea \
enable-mdc2 \ enable-mdc2 \
@ -200,8 +198,9 @@ multilib_src_install_all() {
# we provide a shell version via app-misc/c_rehash # we provide a shell version via app-misc/c_rehash
rm "${ED}"/usr/bin/c_rehash || die rm "${ED}"/usr/bin/c_rehash || die
dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
dohtml -r doc/* einstalldocs
use rfc3779 && dodoc engines/ccgost/README.gost use rfc3779 && dodoc engines/ccgost/README.gost
# This is crappy in that the static archives are still built even # This is crappy in that the static archives are still built even
@ -211,6 +210,11 @@ multilib_src_install_all() {
# twice; once with shared lib support enabled and once without. # twice; once with shared lib support enabled and once without.
use static-libs || rm -f "${ED}"/usr/lib*/lib*.a use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
# create the certs directory
dodir ${SSL_CNF_DIR}/certs
cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
# Namespace openssl programs to prevent conflicts with other man pages # Namespace openssl programs to prevent conflicts with other man pages
cd "${ED}"/usr/share/man cd "${ED}"/usr/share/man
local m d s local m d s
@ -236,15 +240,12 @@ multilib_src_install_all() {
dodir /etc/sandbox.d #254521 dodir /etc/sandbox.d #254521
echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
# Don't keep the sample CA files and their ilk in /etc. diropts -m0700
rm -r "${ED}"${SSL_CNF_DIR} keepdir ${SSL_CNF_DIR}/private
}
# Save the default openssl.cnf in /usr and link it into place.
dodir /usr/share/ssl pkg_postinst() {
insinto /usr/share/ssl ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
doins "${S}"/apps/openssl.cnf c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
systemd_dotmpfilesd "${FILESDIR}"/openssl.conf eend $?
# Package the tmpfiles.d setup for SDK bootstrapping.
systemd-tmpfiles --create --root="${ED}" "${FILESDIR}"/openssl.conf
} }