dev-libs/openssl: delete old
authorMike Frysinger <vapier@gentoo.org>
Wed, 2 Sep 2015 05:04:23 +0000 (01:04 -0400)
committerMike Frysinger <vapier@gentoo.org>
Wed, 2 Sep 2015 05:04:23 +0000 (01:04 -0400)
24 files changed:
dev-libs/openssl/Manifest
dev-libs/openssl/files/gentoo.config-1.0.0 [deleted file]
dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch [deleted file]
dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch [deleted file]
dev-libs/openssl/files/openssl-1.0.0r-x32.patch [deleted file]
dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch [deleted file]
dev-libs/openssl/files/openssl-1.0.1-x32.patch [deleted file]
dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch [deleted file]
dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch [deleted file]
dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch [deleted file]
dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch [deleted file]
dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch [deleted file]
dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch [deleted file]
dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch [deleted file]
dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch [deleted file]
dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch [deleted file]
dev-libs/openssl/openssl-0.9.8z_p5-r1.ebuild [deleted file]
dev-libs/openssl/openssl-0.9.8z_p6.ebuild [deleted file]
dev-libs/openssl/openssl-1.0.0r.ebuild [deleted file]
dev-libs/openssl/openssl-1.0.1l-r1.ebuild [deleted file]
dev-libs/openssl/openssl-1.0.1m.ebuild [deleted file]
dev-libs/openssl/openssl-1.0.1n.ebuild [deleted file]
dev-libs/openssl/openssl-1.0.1o.ebuild [deleted file]
dev-libs/openssl/openssl-1.0.2-r3.ebuild [deleted file]

index 458ddc5751fc730859316bcc9cf1c4fc62c20bc4..d78f82af9e7c30a92b728e5ec9a0716c7ce65dda 100644 (file)
@@ -1,13 +1,5 @@
-DIST openssl-0.9.8ze.tar.gz 3734873 SHA256 ee3da602826e975b47e4d7af8a27be8258c160876194898c58881eab814b55b8 SHA512 6ab08065ab2cdf6699e462e2a082e6d4c21f027383e12d4dd1d0dce2a4073ae52230494215b3fe24b8a8d73f5f5dd3a1fe53c66acd8db6e162e4bf3636e229c3 WHIRLPOOL 8a5de0aed7b48007b3b8092726c9c8eb6771c49d388baaff4d7ba3591be0b1856cb17842db5bc608994b38f5d87a8b07a441c874523e577b786a4612bba7789f
-DIST openssl-0.9.8zf.tar.gz 3822386 SHA256 d5245a29128984192acc5b1fc01e37429b7a01c53cadcb2645e546718b300edb SHA512 8a68f024c31b7de25e19732ad556a27d69cface8e7a546ca4221873053a270e5e36336626f7fe857bbbec5427204bddbb5fc9dea8d7a187a8db6719d970431ab WHIRLPOOL 842e5bc71a12bf363fe797e95faf988ae949aa15f8faee935ee8861e4093e9d4e0b766b24dda8d415f29d2ee2821050cfc3ce095d265d59574e7fe0af4024c66
 DIST openssl-0.9.8zg.tar.gz 3826891 SHA256 06500060639930e471050474f537fcd28ec934af92ee282d78b52460fbe8f580 SHA512 c757454de321d168ac6d89fe2859966a9f07a8b28305bf697af9018db13fc457e0883346b3d35977461ab058442375563554ecb2a8756a687ff9fc2fdd9103c9 WHIRLPOOL 55ecf50a264a2ddd9b5755b5d90b9b736d2f27e0ba2fd529ccff3b68bbd726d1f60460182a0d215ae6712dbc4d3ef2df11339fb2d8424e049f54c3e904fcfab0
-DIST openssl-1.0.0r.tar.gz 4095201 SHA256 6538b33a1b95681c86ac8c5cc54d22835f0f0a5bf42ee6df4138c672d7e75f17 SHA512 a65292a7b43f7d0637952476356a95908b5843ca17f717158dd4d2171113192f04c92f4f9133bb4750172f06367dae64733aa239b90c52d4d9323f467012428f WHIRLPOOL 71c7d726a3a5d70735d4b34c3e00c15fa2ef8640801f8a265e4e92cf01db4a517630084dd7632850f3df6f4dbd848a3a7ec908a71db996a45c29f1ac53ac7877
-DIST openssl-1.0.1l.tar.gz 4429979 SHA256 b2cf4d48fe5d49f240c61c9e624193a6f232b5ed0baf010681e725963c40d1d4 SHA512 27fe42f33815a3aafff75f2b9a5604c328fe5945c5cecaca74e5d2c2a1e066d64ddcc1fdb14b54fc7523cc730ab8a57d7d56b2879c289e86673f91fee0cca65e WHIRLPOOL 79f5698585c68ba647fcdfc4b342a43d06d69230658ca1bc265dd10d8da939c3e27b9a4125bd2adfbf50002b1dddef18be086dfc23a5050e69fb77350131909f
-DIST openssl-1.0.1m.tar.gz 4533406 SHA256 095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74 SHA512 f37b60cb4449674d5c06a4056acc3d11f1c9773da6111148fa3fbf8d14362ba1ff5eb5e0c0e06c2b5c84543b2b974584617e393ca83de2230cbbe69b52975afc WHIRLPOOL c33cc05debc31d5044be4de58267e1a07281f28f9d68f4288d3da1c3cdfcff6939a47abe1f50b377272d0dbd9475ae5fec84919b0c53d37e0bd3d94c44f68c91
-DIST openssl-1.0.1n.tar.gz 4545564 SHA256 3581a405ccbe0fd1f6f17ea41773f77cdd51db55c01e1b4d8549e519882c6caf SHA512 439e37879e379b77ae0e912222771ac54c0dcc4ad187b8e2eb6771df6cf71d56c4369931f4e16b8922b9d4a22e8f0aa9802c6828b8406fba7481426eade628aa WHIRLPOOL 8c08fc98863c444db3c1fee6970d1866123b7a525f4fe303016c0cf040351f7cb71f49a00ac1f1948ae9b7edaf9a4e5664814415447c8a88d4c49fe9014411d5
-DIST openssl-1.0.1o.tar.gz 4546659 SHA256 16e678c6a05f2502811e075f2c4059ac01c878d091c9c585afc49ebc541f7b13 SHA512 dc05fc6f47239330ad0c36f27049f02752bb168b7b1234b12760e42a920d41dd47d1e652dfee897b4c99729308fbb59cab80b93c8614acf498215a8b80607fbf WHIRLPOOL af7505625730ea6e59517289fcc6044b24e0826b2538463f36e876ae96ca7d591627ca09386e6a69e8234df88fec11fb9e2a098c2f6996592a0f74cecbf4af30
 DIST openssl-1.0.1p.tar.gz 4560208 SHA256 bd5ee6803165c0fb60bbecbacacf244f1f90d2aa0d71353af610c29121e9b2f1 SHA512 64e475c53a85b78de7c5aa71a22d4bb3a456142842373ebf8f22e9857cb0352b646e591b21af866933baecdbdb5ac4a22aeb64914440c53a0f30cd25914029e5 WHIRLPOOL 2a81f3b9274e3fef37a2a88e3084d8283159b3a61db08e7805879905c87a74faa85bc6e570d18525741bd5c27c34fe09eeb58b2bfe500545d0f304716e14f819
-DIST openssl-1.0.2.tar.gz 5265809 SHA256 8c48baf3babe0d505d16cfc0cf272589c66d3624264098213db0fb00034728e9 SHA512 dea46225a5445edc4986b02b99fbc90153819374b9a9bfdd892b60cd18ac7fefaf21a7e9d2bb05d0e3bfa4d2704e0ee24b06cc8e7081a542d7598cc9e73c67c5 WHIRLPOOL fe628a38125390deb75728b31427c308efbf65637a569fd1f139f6313fea533514ef05bf3d01bbdc793f77eb259400c95c53074a294d32d73576939d16f22e25
 DIST openssl-1.0.2a.tar.gz 5262089 SHA256 15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a SHA512 02d228578824add52b73433d64697706e6503c2334933fe8dd6b477f59c430977012c3c34da207096229a425e1dcb6f3ae806043894b5ac98c27bbcddb794dd4 WHIRLPOOL a590c71794f5d29b80afa28b18621b7535e96b714b3690d793c1422a90b09a89cbcb912841d400c5982a8197bb02c13051190e96ba0e4d530509b48b43067cd7
 DIST openssl-1.0.2b.tar.gz 5281009 SHA256 d5d488cc9f0a07974195a7427094ea3cab9800a4e90178b989aa621fbc238e3f SHA512 563eb662113668bb9ccf17a6e36697ad6392321ac1a32aa2cada9d8f4047651c2fa4da61f508ee3e1834fea343dbba189e09c1d6cabe5d1de5e3e6d022c31f4f WHIRLPOOL d828dc76842d25f02f211031b3ab9a2a8fd44975e9aaf87d0fd5fca9935a27b61c3e4f896a2186194f1a7b4d668fc48cafc5be9f7c670017ba342ce40113935f
 DIST openssl-1.0.2c.tar.gz 5280670 SHA256 0038ba37f35a6367c58f17a7a7f687953ef8ce4f9684bbdec63e62515ed36a83 SHA512 2a68e8b017d0d3e34e4f9d33b77abd960b3d04e418f106e852684a2ff247dc8ea390b7d6a42d130fd84d821a15e84e77b68b3677433433ef5c10d156333b9dae WHIRLPOOL c59878c3bd5e8904913b97d71a15ef1eaafcfb4eb58c691ba4fb38bf81752308d0ef4a902e53aec4c6e7585677f2404d29cdea0832d14206fabf28d744af2622
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.0 b/dev-libs/openssl/files/gentoo.config-1.0.0
deleted file mode 100644 (file)
index 475bda3..0000000
+++ /dev/null
@@ -1,159 +0,0 @@
-#!/usr/bin/env bash
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-#
-# Openssl doesn't play along nicely with cross-compiling
-# like autotools based projects, so let's teach it new tricks.
-#
-# Review the bundled 'config' script to see why kind of targets
-# we can pass to the 'Configure' script.
-
-
-# Testing routines
-if [[ $1 == "test" ]] ; then
-       for c in \
-               "arm-gentoo-linux-uclibc      |linux-generic32 -DL_ENDIAN" \
-               "armv5b-linux-gnu             |linux-armv4 -DB_ENDIAN" \
-               "x86_64-pc-linux-gnu          |linux-x86_64" \
-               "alphaev56-unknown-linux-gnu  |linux-alpha+bwx-gcc" \
-               "i686-pc-linux-gnu            |linux-elf" \
-               "whatever-gentoo-freebsdX.Y   |BSD-generic32" \
-               "i686-gentoo-freebsdX.Y       |BSD-x86-elf" \
-               "sparc64-alpha-freebsdX.Y     |BSD-sparc64" \
-               "ia64-gentoo-freebsd5.99234   |BSD-ia64" \
-               "x86_64-gentoo-freebsdX.Y     |BSD-x86_64" \
-               "hppa64-aldsF-linux-gnu5.3    |linux-generic32 -DB_ENDIAN" \
-               "powerpc-gentOO-linux-uclibc  |linux-ppc" \
-               "powerpc64-unk-linux-gnu      |linux-ppc64" \
-               "x86_64-apple-darwinX         |darwin64-x86_64-cc" \
-               "powerpc64-apple-darwinX      |darwin64-ppc-cc" \
-               "i686-apple-darwinX           |darwin-i386-cc" \
-               "i386-apple-darwinX           |darwin-i386-cc" \
-               "powerpc-apple-darwinX        |darwin-ppc-cc" \
-               "i586-pc-winnt                |winnt-parity" \
-               "s390-ibm-linux-gnu           |linux-generic32 -DB_ENDIAN" \
-               "s390x-linux-gnu              |linux-s390x" \
-       ;do
-               CHOST=${c/|*}
-               ret_want=${c/*|}
-               ret_got=$(CHOST=${CHOST} "$0")
-
-               if [[ ${ret_want} == "${ret_got}" ]] ; then
-                       echo "PASS: ${CHOST}"
-               else
-                       echo "FAIL: ${CHOST}"
-                       echo -e "\twanted: ${ret_want}"
-                       echo -e "\twe got: ${ret_got}"
-               fi
-       done
-       exit 0
-fi
-[[ -z ${CHOST} && -n $1 ]] && CHOST=$1
-
-
-# Detect the operating system
-case ${CHOST} in
-       *-aix*)          system="aix";;
-       *-darwin*)       system="darwin";;
-       *-freebsd*)      system="BSD";;
-       *-hpux*)         system="hpux";;
-       *-linux*)        system="linux";;
-       *-solaris*)      system="solaris";;
-       *-winnt*)        system="winnt";;
-       x86_64-*-mingw*) system="mingw64";;
-       *mingw*)         system="mingw";;
-       *)               exit 0;;
-esac
-
-
-# Compiler munging
-compiler="gcc"
-if [[ ${CC} == "ccc" ]] ; then
-       compiler=${CC}
-fi
-
-
-# Detect target arch
-machine=""
-chost_machine=${CHOST%%-*}
-case ${system} in
-linux)
-       case ${chost_machine}:${ABI} in
-               alphaev56*)   machine=alpha+bwx-${compiler};;
-               alphaev[678]*)machine=alpha+bwx-${compiler};;
-               alpha*)       machine=alpha-${compiler};;
-               armv[4-9]*b*) machine="armv4 -DB_ENDIAN";;
-               armv[4-9]*)   machine="armv4 -DL_ENDIAN";;
-               arm*b*)       machine="generic32 -DB_ENDIAN";;
-               arm*)         machine="generic32 -DL_ENDIAN";;
-               avr*)         machine="generic32 -DL_ENDIAN";;
-               bfin*)        machine="generic32 -DL_ENDIAN";;
-       #       hppa64*)      machine=parisc64;;
-               hppa*)        machine="generic32 -DB_ENDIAN";;
-               i[0-9]86*|\
-               x86_64*:x86)  machine=elf;;
-               ia64*)        machine=ia64;;
-               m68*)         machine="generic32 -DB_ENDIAN";;
-               mips*el*)     machine="generic32 -DL_ENDIAN";;
-               mips*)        machine="generic32 -DB_ENDIAN";;
-               powerpc64*)   machine=ppc64;;
-               powerpc*)     machine=ppc;;
-       #       sh64*)        machine=elf;;
-               sh*b*)        machine="generic32 -DB_ENDIAN";;
-               sh*)          machine="generic32 -DL_ENDIAN";;
-               sparc*v7*)    machine="generic32 -DB_ENDIAN";;
-               sparc64*)     machine=sparcv9;;
-               sparc*)       machine=sparcv8;;
-               s390x*)       machine=s390x;;
-               s390*)        machine="generic32 -DB_ENDIAN";;
-               x86_64*:x32)  machine=x32;;
-               x86_64*)      machine=x86_64;;
-       esac
-       ;;
-BSD)
-       case ${chost_machine} in
-               alpha*)       machine=generic64;;
-               i[6-9]86*)    machine=x86-elf;;
-               ia64*)        machine=ia64;;
-               sparc64*)     machine=sparc64;;
-               x86_64*)      machine=x86_64;;
-               *)            machine=generic32;;
-       esac
-       ;;
-aix)
-       machine=${compiler}
-       ;;
-darwin)
-       case ${chost_machine} in
-               powerpc64)    machine=ppc-cc; system=${system}64;;
-               powerpc)      machine=ppc-cc;;
-               i?86*)        machine=i386-cc;;
-               x86_64)       machine=x86_64-cc; system=${system}64;;
-       esac
-       ;;
-hpux)
-       case ${chost_machine} in
-               ia64)   machine=ia64-${compiler} ;;
-       esac
-       ;;
-solaris)
-       case ${chost_machine} in
-               i386)         machine=x86-${compiler} ;;
-               x86_64*)      machine=x86_64-${compiler}; system=${system}64;;
-               sparcv9*)     machine=sparcv9-${compiler}; system=${system}64;;
-               sparc*)       machine=sparcv8-${compiler};;
-       esac
-       ;;
-winnt)
-       machine=parity
-       ;;
-mingw*)
-       # special case ... no xxx-yyy style name
-       echo ${system}
-       ;;
-esac
-
-
-# If we have something, show it
-[[ -n ${machine} ]] && echo ${system}-${machine}
diff --git a/dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch b/dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch
deleted file mode 100644 (file)
index facb77d..0000000
+++ /dev/null
@@ -1,326 +0,0 @@
---- openssl-0.9.8ze/crypto/asn1/a_type.c
-+++ openssl-0.9.8ze/crypto/asn1/a_type.c
-@@ -121,6 +121,9 @@
-       case V_ASN1_OBJECT:
-               result = OBJ_cmp(a->value.object, b->value.object);
-               break;
-+      case V_ASN1_BOOLEAN:
-+              result = a->value.boolean - b->value.boolean;
-+              break;
-       case V_ASN1_NULL:
-               result = 0;     /* They do not have content. */
-               break;
---- openssl-0.9.8ze/crypto/asn1/tasn_dec.c
-+++ openssl-0.9.8ze/crypto/asn1/tasn_dec.c
-@@ -128,11 +128,17 @@
-       {
-       ASN1_TLC c;
-       ASN1_VALUE *ptmpval = NULL;
--      if (!pval)
--              pval = &ptmpval;
-       c.valid = 0;
--      if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
--              return *pval;
-+      if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
-+          ptmpval = *pval;
-+      if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
-+          if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
-+              if (*pval)
-+                  ASN1_item_free(*pval, it);
-+              *pval = ptmpval;
-+          }
-+          return ptmpval;
-+      }
-       return NULL;
-       }
-@@ -309,9 +315,16 @@
-               if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
-                               goto auxerr;
--              /* Allocate structure */
--              if (!*pval && !ASN1_item_ex_new(pval, it))
--                      {
-+              if (*pval) {
-+                  /* Free up and zero CHOICE value if initialised */
-+                  i = asn1_get_choice_selector(pval, it);
-+                  if ((i >= 0) && (i < it->tcount)) {
-+                      tt = it->templates + i;
-+                      pchptr = asn1_get_field_ptr(pval, tt);
-+                      ASN1_template_free(pchptr, tt);
-+                      asn1_set_choice_selector(pval, -1, it);
-+                  }
-+              } else if (!ASN1_item_ex_new(pval, it)) {
-                       ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                                               ERR_R_NESTED_ASN1_ERROR);
-                       goto err;
-@@ -405,6 +418,17 @@
-               if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
-                               goto auxerr;
-+              /* Free up and zero any ADB found */
-+              for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-+                  if (tt->flags & ASN1_TFLG_ADB_MASK) {
-+                      const ASN1_TEMPLATE *seqtt;
-+                      ASN1_VALUE **pseqval;
-+                      seqtt = asn1_do_adb(pval, tt, 1);
-+                      pseqval = asn1_get_field_ptr(pval, seqtt);
-+                      ASN1_template_free(pseqval, seqtt);
-+                  }
-+              }
-+
-               /* Get each field entry */
-               for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
-                       {
---- openssl-0.9.8ze/crypto/pkcs7/pk7_doit.c
-+++ openssl-0.9.8ze/crypto/pkcs7/pk7_doit.c
-@@ -151,6 +151,25 @@
-       EVP_PKEY *pkey;
-       ASN1_OCTET_STRING *os=NULL;
-+    if (p7 == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
-+      return NULL;
-+    }
-+    /*
-+     * The content field in the PKCS7 ContentInfo is optional, but that really
-+     * only applies to inner content (precisely, detached signatures).
-+     *
-+     * When reading content, missing outer content is therefore treated as an
-+     * error.
-+     *
-+     * When creating content, PKCS7_content_new() must be called before
-+     * calling this method, so a NULL p7->d is always an error.
-+     */
-+    if (p7->d.ptr == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
-+      return NULL;
-+    }
-+
-       i=OBJ_obj2nid(p7->type);
-       p7->state=PKCS7_S_HEADER;
-@@ -344,6 +363,16 @@
-       STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
-       PKCS7_RECIP_INFO *ri=NULL;
-+    if (p7 == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
-+      return NULL;
-+    }
-+    
-+    if (p7->d.ptr == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
-+      return NULL;
-+    }
-+
-       i=OBJ_obj2nid(p7->type);
-       p7->state=PKCS7_S_HEADER;
-@@ -637,6 +666,16 @@
-       STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
-       ASN1_OCTET_STRING *os=NULL;
-+    if (p7 == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
-+      return 0;
-+    }
-+
-+    if (p7->d.ptr == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
-+      return 0;
-+    }
-+
-       EVP_MD_CTX_init(&ctx_tmp);
-       i=OBJ_obj2nid(p7->type);
-       p7->state=PKCS7_S_HEADER;
-@@ -668,6 +707,7 @@
-               /* If detached data then the content is excluded */
-               if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
-                       M_ASN1_OCTET_STRING_free(os);
-+                      os = NULL;
-                       p7->d.sign->contents->d.data = NULL;
-               }
-               break;
-@@ -678,6 +718,7 @@
-               if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
-                       {
-                       M_ASN1_OCTET_STRING_free(os);
-+                      os = NULL;
-                       p7->d.digest->contents->d.data = NULL;
-                       }
-               break;
-@@ -815,6 +856,11 @@
-       if (!PKCS7_is_detached(p7))
-               {
-+              /*
-+               * NOTE(emilia): I think we only reach os == NULL here because detached
-+               */
-+              if (os == NULL)
-+                  goto err;
-               btmp=BIO_find_type(bio,BIO_TYPE_MEM);
-               if (btmp == NULL)
-                       {
-@@ -849,6 +895,16 @@
-       STACK_OF(X509) *cert;
-       X509 *x509;
-+    if (p7 == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
-+      return 0;
-+    }
-+
-+    if (p7->d.ptr == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
-+      return 0;
-+    }
-+
-       if (PKCS7_type_is_signed(p7))
-               {
-               cert=p7->d.sign->cert;
---- openssl-0.9.8ze/crypto/pkcs7/pk7_lib.c
-+++ openssl-0.9.8ze/crypto/pkcs7/pk7_lib.c
-@@ -70,6 +70,7 @@
-       switch (cmd)
-               {
-+      /* NOTE(emilia): does not support detached digested data. */
-       case PKCS7_OP_SET_DETACHED_SIGNATURE:
-               if (nid == NID_pkcs7_signed)
-                       {
-@@ -473,6 +474,8 @@
- STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
-       {
-+      if (p7 == NULL || p7->d.ptr == NULL)
-+              return NULL;
-       if (PKCS7_type_is_signed(p7))
-               {
-               return(p7->d.sign->signer_info);
---- openssl-0.9.8ze/doc/crypto/d2i_X509.pod
-+++ openssl-0.9.8ze/doc/crypto/d2i_X509.pod
-@@ -199,6 +199,12 @@
- persist if they are not present in the new one. As a result the use
- of this "reuse" behaviour is strongly discouraged.
-+Current versions of OpenSSL will not modify B<*px> if an error occurs.
-+If parsing succeeds then B<*px> is freed (if it is not NULL) and then
-+set to the value of the newly decoded structure. As a result B<*px>
-+B<must not> be allocated on the stack or an attempt will be made to
-+free an invalid pointer.
-+
- i2d_X509() will not return an error in many versions of OpenSSL,
- if mandatory fields are not initialized due to a programming error
- then the encoded structure may contain invalid data or omit the
-@@ -210,7 +216,9 @@
- d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
- or B<NULL> if an error occurs. The error code that can be obtained by
--L<ERR_get_error(3)|ERR_get_error(3)>. 
-+L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
-+with a valid X509 structure being passed in via B<px> then the object is not
-+modified in the event of error.
- i2d_X509() returns the number of bytes successfully encoded or a negative
- value if an error occurs. The error code can be obtained by
---- openssl-0.9.8ze/ssl/s2_lib.c
-+++ openssl-0.9.8ze/ssl/s2_lib.c
-@@ -410,7 +410,7 @@
-               OPENSSL_assert(s->session->master_key_length >= 0
-                   && s->session->master_key_length
--                  < (int)sizeof(s->session->master_key));
-+                  <= (int)sizeof(s->session->master_key));
-               EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
-               EVP_DigestUpdate(&ctx,&c,1);
-               c++;
---- openssl-0.9.8ze/ssl/s2_srvr.c
-+++ openssl-0.9.8ze/ssl/s2_srvr.c
-@@ -446,10 +446,6 @@
-               SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
-               return(-1);
-               }
--      i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
--              &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
--              (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
--
-       is_export=SSL_C_IS_EXPORT(s->session->cipher);
-       
-       if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
-@@ -467,21 +463,59 @@
-       else
-               ek=5;
-+      /*
-+       * The format of the CLIENT-MASTER-KEY message is
-+       * 1 byte message type
-+       * 3 bytes cipher
-+       * 2-byte clear key length (stored in s->s2->tmp.clear)
-+       * 2-byte encrypted key length (stored in s->s2->tmp.enc)
-+       * 2-byte key args length (IV etc)
-+       * clear key
-+       * encrypted key
-+       * key args
-+       *
-+       * If the cipher is an export cipher, then the encrypted key bytes
-+       * are a fixed portion of the total key (5 or 8 bytes). The size of
-+       * this portion is in |ek|. If the cipher is not an export cipher,
-+       * then the entire key material is encrypted (i.e., clear key length
-+       * must be zero).
-+       */
-+      if ((!is_export && s->s2->tmp.clear != 0) ||
-+          (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
-+          ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-+          SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
-+          return -1;
-+      }
-+      /*
-+       * The encrypted blob must decrypt to the encrypted portion of the key.
-+       * Decryption can't be expanding, so if we don't have enough encrypted
-+       * bytes to fit the key in the buffer, stop now.
-+       */
-+      if ((is_export && s->s2->tmp.enc < ek) ||
-+          (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
-+          ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-+          SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
-+          return -1;
-+      }
-+
-+      i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
-+                                  &(p[s->s2->tmp.clear]),
-+                                  &(p[s->s2->tmp.clear]),
-+                                  (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
-+                                  RSA_PKCS1_PADDING);
-+
-       /* bad decrypt */
- #if 1
-       /* If a bad decrypt, continue with protocol but with a
-        * random master secret (Bleichenbacher attack) */
--      if ((i < 0) ||
--              ((!is_export && (i != EVP_CIPHER_key_length(c)))
--              || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
--                      (unsigned int)EVP_CIPHER_key_length(c))))))
--              {
-+      if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
-+                      || (is_export && i != ek))) {
-               ERR_clear_error();
-               if (is_export)
-                       i=ek;
-               else
-                       i=EVP_CIPHER_key_length(c);
--              if (RAND_pseudo_bytes(p,i) <= 0)
-+              if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
-                       return 0;
-               }
- #else
-@@ -505,7 +539,8 @@
-               }
- #endif
--      if (is_export) i+=s->s2->tmp.clear;
-+      if (is_export)
-+              i = EVP_CIPHER_key_length(c);
-       if (i > SSL_MAX_MASTER_KEY_LENGTH)
-               {
diff --git a/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch
deleted file mode 100644 (file)
index e1a030f..0000000
+++ /dev/null
@@ -1,315 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2084
-
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -247,17 +247,17 @@
- build_libs: build_crypto build_ssl build_engines
- build_crypto:
--      @dir=crypto; target=all; $(BUILD_ONE_CMD)
-+      +@dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
-+build_ssl: build_crypto
--      @dir=ssl; target=all; $(BUILD_ONE_CMD)
-+      +@dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-+build_engines: build_crypto
--      @dir=engines; target=all; $(BUILD_ONE_CMD)
-+      +@dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-+build_apps: build_libs
--      @dir=apps; target=all; $(BUILD_ONE_CMD)
-+      +@dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-+build_tests: build_libs
--      @dir=test; target=all; $(BUILD_ONE_CMD)
-+      +@dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
-+build_tools: build_libs
--      @dir=tools; target=all; $(BUILD_ONE_CMD)
-+      +@dir=tools; target=all; $(BUILD_ONE_CMD)
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -497,9 +497,9 @@
- dist_pem_h:
-       (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
--install: all install_docs install_sw
-+install: install_docs install_sw
--install_sw:
-+install_dirs:
-       @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
-               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -508,6 +508,13 @@
-               $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-               $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-               $(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+      @$(PERL) $(TOP)/util/mkdir-p.pl \
-+              $(INSTALL_PREFIX)$(MANDIR)/man1 \
-+              $(INSTALL_PREFIX)$(MANDIR)/man3 \
-+              $(INSTALL_PREFIX)$(MANDIR)/man5 \
-+              $(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
-       @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
-       do \
-       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-@@ -511,7 +511,7 @@
-       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done;
--      @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+      +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-       @set -e; for i in $(LIBS) ;\
-       do \
-               if [ -f "$$i" ]; then \
-@@ -593,12 +600,7 @@
-               done; \
-       done
--install_docs:
--      @$(PERL) $(TOP)/util/mkdir-p.pl \
--              $(INSTALL_PREFIX)$(MANDIR)/man1 \
--              $(INSTALL_PREFIX)$(MANDIR)/man3 \
--              $(INSTALL_PREFIX)$(MANDIR)/man5 \
--              $(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
-       @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
-       here="`pwd`"; \
-       filecase=; \
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -85,11 +85,11 @@
-       @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- subdirs:
--      @target=all; $(RECURSIVE_MAKE)
-+      +@target=all; $(RECURSIVE_MAKE)
- files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
--      @target=files; $(RECURSIVE_MAKE)
-+      +@target=files; $(RECURSIVE_MAKE)
- links:
-       @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:  $(LIB)
-       @touch lib
--$(LIB):       $(LIBOBJ)
-+$(LIB):       $(LIBOBJ) | subdirs
-       $(AR) $(LIB) $(LIBOBJ)
-       $(RANLIB) $(LIB) || echo Never mind.
-@@ -110,7 +110,7 @@
-       fi
- libs:
--      @target=lib; $(RECURSIVE_MAKE)
-+      +@target=lib; $(RECURSIVE_MAKE)
- install:
-       @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -119,7 +119,7 @@
-       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done;
--      @target=install; $(RECURSIVE_MAKE)
-+      +@target=install; $(RECURSIVE_MAKE)
- lint:
-       @target=lint; $(RECURSIVE_MAKE)
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -72,7 +72,7 @@
- all:  lib subdirs
--lib:  $(LIBOBJ)
-+lib:  $(LIBOBJ) | subdirs
-       @if [ -n "$(SHARED_LIBS)" ]; then \
-               set -e; \
-               for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
- subdirs:
-       echo $(EDIRS)
--      @target=all; $(RECURSIVE_MAKE)
-+      +@target=all; $(RECURSIVE_MAKE)
- files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
-                         mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
-               done; \
-       fi
--      @target=install; $(RECURSIVE_MAKE)
-+      +@target=install; $(RECURSIVE_MAKE)
- tags:
-       ctags $(SRC)
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -123,7 +123,7 @@
- tags:
-       ctags $(SRC)
--tests:        exe apps $(TESTS)
-+tests:        exe $(TESTS)
- apps:
-       @(cd ..; $(MAKE) DIRS=apps all)
-@@ -345,106 +345,106 @@
-               link_app.$${shlib_target}
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--      @target=$(RSATEST); $(BUILD_CMD)
-+      +@target=$(RSATEST); $(BUILD_CMD)
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--      @target=$(BNTEST); $(BUILD_CMD)
-+      +@target=$(BNTEST); $(BUILD_CMD)
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--      @target=$(ECTEST); $(BUILD_CMD)
-+      +@target=$(ECTEST); $(BUILD_CMD)
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--      @target=$(EXPTEST); $(BUILD_CMD)
-+      +@target=$(EXPTEST); $(BUILD_CMD)
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--      @target=$(IDEATEST); $(BUILD_CMD)
-+      +@target=$(IDEATEST); $(BUILD_CMD)
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--      @target=$(MD2TEST); $(BUILD_CMD)
-+      +@target=$(MD2TEST); $(BUILD_CMD)
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--      @target=$(SHATEST); $(BUILD_CMD)
-+      +@target=$(SHATEST); $(BUILD_CMD)
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--      @target=$(SHA1TEST); $(BUILD_CMD)
-+      +@target=$(SHA1TEST); $(BUILD_CMD)
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--      @target=$(SHA256TEST); $(BUILD_CMD)
-+      +@target=$(SHA256TEST); $(BUILD_CMD)
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--      @target=$(SHA512TEST); $(BUILD_CMD)
-+      +@target=$(SHA512TEST); $(BUILD_CMD)
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--      @target=$(RMDTEST); $(BUILD_CMD)
-+      +@target=$(RMDTEST); $(BUILD_CMD)
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--      @target=$(MDC2TEST); $(BUILD_CMD)
-+      +@target=$(MDC2TEST); $(BUILD_CMD)
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--      @target=$(MD4TEST); $(BUILD_CMD)
-+      +@target=$(MD4TEST); $(BUILD_CMD)
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--      @target=$(MD5TEST); $(BUILD_CMD)
-+      +@target=$(MD5TEST); $(BUILD_CMD)
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--      @target=$(HMACTEST); $(BUILD_CMD)
-+      +@target=$(HMACTEST); $(BUILD_CMD)
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--      @target=$(WPTEST); $(BUILD_CMD)
-+      +@target=$(WPTEST); $(BUILD_CMD)
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--      @target=$(RC2TEST); $(BUILD_CMD)
-+      +@target=$(RC2TEST); $(BUILD_CMD)
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--      @target=$(BFTEST); $(BUILD_CMD)
-+      +@target=$(BFTEST); $(BUILD_CMD)
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--      @target=$(CASTTEST); $(BUILD_CMD)
-+      +@target=$(CASTTEST); $(BUILD_CMD)
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--      @target=$(RC4TEST); $(BUILD_CMD)
-+      +@target=$(RC4TEST); $(BUILD_CMD)
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--      @target=$(RC5TEST); $(BUILD_CMD)
-+      +@target=$(RC5TEST); $(BUILD_CMD)
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--      @target=$(DESTEST); $(BUILD_CMD)
-+      +@target=$(DESTEST); $(BUILD_CMD)
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--      @target=$(RANDTEST); $(BUILD_CMD)
-+      +@target=$(RANDTEST); $(BUILD_CMD)
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--      @target=$(DHTEST); $(BUILD_CMD)
-+      +@target=$(DHTEST); $(BUILD_CMD)
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--      @target=$(DSATEST); $(BUILD_CMD)
-+      +@target=$(DSATEST); $(BUILD_CMD)
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--      @target=$(METHTEST); $(BUILD_CMD)
-+      +@target=$(METHTEST); $(BUILD_CMD)
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--      @target=$(SSLTEST); $(BUILD_CMD)
-+      +@target=$(SSLTEST); $(BUILD_CMD)
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--      @target=$(ENGINETEST); $(BUILD_CMD)
-+      +@target=$(ENGINETEST); $(BUILD_CMD)
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--      @target=$(EVPTEST); $(BUILD_CMD)
-+      +@target=$(EVPTEST); $(BUILD_CMD)
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--      @target=$(ECDSATEST); $(BUILD_CMD)
-+      +@target=$(ECDSATEST); $(BUILD_CMD)
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--      @target=$(ECDHTEST); $(BUILD_CMD)
-+      +@target=$(ECDHTEST); $(BUILD_CMD)
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--      @target=$(IGETEST); $(BUILD_CMD)
-+      +@target=$(IGETEST); $(BUILD_CMD)
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--      @target=$(JPAKETEST); $(BUILD_CMD)
-+      +@target=$(JPAKETEST); $(BUILD_CMD)
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--      @target=$(ASN1TEST); $(BUILD_CMD)
-+      +@target=$(ASN1TEST); $(BUILD_CMD)
- #$(AESTEST).o: $(AESTEST).c
- #     $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -457,7 +457,7 @@
- #     fi
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--      @target=dummytest; $(BUILD_CMD)
-+      +@target=dummytest; $(BUILD_CMD)
- # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/dev-libs/openssl/files/openssl-1.0.0r-x32.patch b/dev-libs/openssl/files/openssl-1.0.0r-x32.patch
deleted file mode 100644 (file)
index 2d715eb..0000000
+++ /dev/null
@@ -1,76 +0,0 @@
---- openssl-1.0.0r/Configure
-+++ openssl-1.0.0r/Configure
-@@ -353,6 +353,7 @@ my %table=(
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-x86_64",       "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x32",  "gcc:-DL_ENDIAN         -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-s390x",        "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- #### SPARC Linux setups
- # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
---- openssl-1.0.0r/crypto/bn/asm/x86_64-gcc.c
-+++ openssl-1.0.0r/crypto/bn/asm/x86_64-gcc.c
-@@ -55,7 +55,7 @@
-  *    machine.
-  */
--# ifdef _WIN64
-+# if defined _WIN64 || !defined __LP64__
- #  define BN_ULONG unsigned long long
- # else
- #  define BN_ULONG unsigned long
-@@ -211,9 +211,9 @@ BN_ULONG bn_add_words(BN_ULONG *rp, cons
-     asm volatile ("       subq    %2,%2           \n"
-                   ".p2align 4                     \n"
--                  "1:     movq    (%4,%2,8),%0    \n"
--                  "       adcq    (%5,%2,8),%0    \n"
--                  "       movq    %0,(%3,%2,8)    \n"
-+                  "1:     movq    (%q4,%2,8),%0   \n"
-+                  "       adcq    (%q5,%2,8),%0   \n"
-+                  "       movq    %0,(%q3,%2,8)   \n"
-                   "       leaq    1(%2),%2        \n"
-                   "       loop    1b              \n"
-                   "       sbbq    %0,%0           \n":"=&a" (ret), "+c"(n),
-@@ -235,9 +235,9 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, cons
-     asm volatile ("       subq    %2,%2           \n"
-                   ".p2align 4                     \n"
--                  "1:     movq    (%4,%2,8),%0    \n"
--                  "       sbbq    (%5,%2,8),%0    \n"
--                  "       movq    %0,(%3,%2,8)    \n"
-+                  "1:     movq    (%q4,%2,8),%0   \n"
-+                  "       sbbq    (%q5,%2,8),%0   \n"
-+                  "       movq    %0,(%q3,%2,8)   \n"
-                   "       leaq    1(%2),%2        \n"
-                   "       loop    1b              \n"
-                   "       sbbq    %0,%0           \n":"=&a" (ret), "+c"(n),
---- openssl-1.0.0r/crypto/bn/bn_exp.c
-+++ openssl-1.0.0r/crypto/bn/bn_exp.c
-@@ -564,7 +564,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
-  * multiple.
-  */
- #define MOD_EXP_CTIME_ALIGN(x_) \
--        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-+        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
- /*
-  * This variant of BN_mod_exp_mont() uses fixed windows and the special
---- openssl-1.0.0r/crypto/bn/bn.h
-+++ openssl-1.0.0r/crypto/bn/bn.h
-@@ -174,6 +174,15 @@ extern "C" {
- # endif
- /*
-+ * Address type.
-+ */
-+#ifdef _WIN64
-+#define BN_ADDR unsigned long long
-+#else
-+#define BN_ADDR unsigned long
-+#endif
-+
-+/*
-  * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
-  * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
-  */
diff --git a/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch
deleted file mode 100644 (file)
index 19f859a..0000000
+++ /dev/null
@@ -1,354 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2084
-
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -247,17 +247,17 @@
- build_libs: build_crypto build_ssl build_engines
- build_crypto:
--      @dir=crypto; target=all; $(BUILD_ONE_CMD)
-+      +@dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
-+build_ssl: build_crypto
--      @dir=ssl; target=all; $(BUILD_ONE_CMD)
-+      +@dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-+build_engines: build_crypto
--      @dir=engines; target=all; $(BUILD_ONE_CMD)
-+      +@dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-+build_apps: build_libs
--      @dir=apps; target=all; $(BUILD_ONE_CMD)
-+      +@dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-+build_tests: build_libs
--      @dir=test; target=all; $(BUILD_ONE_CMD)
-+      +@dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
-+build_tools: build_libs
--      @dir=tools; target=all; $(BUILD_ONE_CMD)
-+      +@dir=tools; target=all; $(BUILD_ONE_CMD)
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -497,9 +497,9 @@
- dist_pem_h:
-       (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
--install: all install_docs install_sw
-+install: install_docs install_sw
--install_sw:
-+install_dirs:
-       @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
-               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -508,6 +508,13 @@
-               $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-               $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-               $(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+      @$(PERL) $(TOP)/util/mkdir-p.pl \
-+              $(INSTALL_PREFIX)$(MANDIR)/man1 \
-+              $(INSTALL_PREFIX)$(MANDIR)/man3 \
-+              $(INSTALL_PREFIX)$(MANDIR)/man5 \
-+              $(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
-       @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
-       do \
-       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-@@ -511,7 +511,7 @@
-       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done;
--      @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+      +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-       @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
-       do \
-               if [ -f "$$i" ]; then \
-@@ -593,12 +600,7 @@
-               done; \
-       done
--install_docs:
--      @$(PERL) $(TOP)/util/mkdir-p.pl \
--              $(INSTALL_PREFIX)$(MANDIR)/man1 \
--              $(INSTALL_PREFIX)$(MANDIR)/man3 \
--              $(INSTALL_PREFIX)$(MANDIR)/man5 \
--              $(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
-       @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
-       here="`pwd`"; \
-       filecase=; \
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -105,6 +105,7 @@ LINK_SO=   \
-     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
-       -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +124,7 @@ SYMLINK_SO=        \
-                       done; \
-               fi; \
-               if [ -n "$$SHLIB_SOVER" ]; then \
-+                      [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
-                       ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
-                         ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
-               fi; \
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -85,11 +85,11 @@
-       @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- subdirs:
--      @target=all; $(RECURSIVE_MAKE)
-+      +@target=all; $(RECURSIVE_MAKE)
- files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
--      @target=files; $(RECURSIVE_MAKE)
-+      +@target=files; $(RECURSIVE_MAKE)
- links:
-       @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:  $(LIB)
-       @touch lib
--$(LIB):       $(LIBOBJ)
-+$(LIB):       $(LIBOBJ) | subdirs
-       $(AR) $(LIB) $(LIBOBJ)
-       $(RANLIB) $(LIB) || echo Never mind.
-@@ -110,7 +110,7 @@
-       fi
- libs:
--      @target=lib; $(RECURSIVE_MAKE)
-+      +@target=lib; $(RECURSIVE_MAKE)
- install:
-       @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -119,7 +119,7 @@
-       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done;
--      @target=install; $(RECURSIVE_MAKE)
-+      +@target=install; $(RECURSIVE_MAKE)
- lint:
-       @target=lint; $(RECURSIVE_MAKE)
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -72,7 +72,7 @@
- all:  lib subdirs
--lib:  $(LIBOBJ)
-+lib:  $(LIBOBJ) | subdirs
-       @if [ -n "$(SHARED_LIBS)" ]; then \
-               set -e; \
-               for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
- subdirs:
-       echo $(EDIRS)
--      @target=all; $(RECURSIVE_MAKE)
-+      +@target=all; $(RECURSIVE_MAKE)
- files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
-                         mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
-               done; \
-       fi
--      @target=install; $(RECURSIVE_MAKE)
-+      +@target=install; $(RECURSIVE_MAKE)
- tags:
-       ctags $(SRC)
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -123,7 +123,7 @@
- tags:
-       ctags $(SRC)
--tests:        exe apps $(TESTS)
-+tests:        exe $(TESTS)
- apps:
-       @(cd ..; $(MAKE) DIRS=apps all)
-@@ -365,109 +365,109 @@
-               link_app.$${shlib_target}
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--      @target=$(RSATEST); $(BUILD_CMD)
-+      +@target=$(RSATEST); $(BUILD_CMD)
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--      @target=$(BNTEST); $(BUILD_CMD)
-+      +@target=$(BNTEST); $(BUILD_CMD)
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--      @target=$(ECTEST); $(BUILD_CMD)
-+      +@target=$(ECTEST); $(BUILD_CMD)
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--      @target=$(EXPTEST); $(BUILD_CMD)
-+      +@target=$(EXPTEST); $(BUILD_CMD)
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--      @target=$(IDEATEST); $(BUILD_CMD)
-+      +@target=$(IDEATEST); $(BUILD_CMD)
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--      @target=$(MD2TEST); $(BUILD_CMD)
-+      +@target=$(MD2TEST); $(BUILD_CMD)
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--      @target=$(SHATEST); $(BUILD_CMD)
-+      +@target=$(SHATEST); $(BUILD_CMD)
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--      @target=$(SHA1TEST); $(BUILD_CMD)
-+      +@target=$(SHA1TEST); $(BUILD_CMD)
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--      @target=$(SHA256TEST); $(BUILD_CMD)
-+      +@target=$(SHA256TEST); $(BUILD_CMD)
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--      @target=$(SHA512TEST); $(BUILD_CMD)
-+      +@target=$(SHA512TEST); $(BUILD_CMD)
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--      @target=$(RMDTEST); $(BUILD_CMD)
-+      +@target=$(RMDTEST); $(BUILD_CMD)
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--      @target=$(MDC2TEST); $(BUILD_CMD)
-+      +@target=$(MDC2TEST); $(BUILD_CMD)
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--      @target=$(MD4TEST); $(BUILD_CMD)
-+      +@target=$(MD4TEST); $(BUILD_CMD)
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--      @target=$(MD5TEST); $(BUILD_CMD)
-+      +@target=$(MD5TEST); $(BUILD_CMD)
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--      @target=$(HMACTEST); $(BUILD_CMD)
-+      +@target=$(HMACTEST); $(BUILD_CMD)
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--      @target=$(WPTEST); $(BUILD_CMD)
-+      +@target=$(WPTEST); $(BUILD_CMD)
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--      @target=$(RC2TEST); $(BUILD_CMD)
-+      +@target=$(RC2TEST); $(BUILD_CMD)
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--      @target=$(BFTEST); $(BUILD_CMD)
-+      +@target=$(BFTEST); $(BUILD_CMD)
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--      @target=$(CASTTEST); $(BUILD_CMD)
-+      +@target=$(CASTTEST); $(BUILD_CMD)
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--      @target=$(RC4TEST); $(BUILD_CMD)
-+      +@target=$(RC4TEST); $(BUILD_CMD)
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--      @target=$(RC5TEST); $(BUILD_CMD)
-+      +@target=$(RC5TEST); $(BUILD_CMD)
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--      @target=$(DESTEST); $(BUILD_CMD)
-+      +@target=$(DESTEST); $(BUILD_CMD)
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--      @target=$(RANDTEST); $(BUILD_CMD)
-+      +@target=$(RANDTEST); $(BUILD_CMD)
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--      @target=$(DHTEST); $(BUILD_CMD)
-+      +@target=$(DHTEST); $(BUILD_CMD)
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--      @target=$(DSATEST); $(BUILD_CMD)
-+      +@target=$(DSATEST); $(BUILD_CMD)
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--      @target=$(METHTEST); $(BUILD_CMD)
-+      +@target=$(METHTEST); $(BUILD_CMD)
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--      @target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+      +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--      @target=$(ENGINETEST); $(BUILD_CMD)
-+      +@target=$(ENGINETEST); $(BUILD_CMD)
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--      @target=$(EVPTEST); $(BUILD_CMD)
-+      +@target=$(EVPTEST); $(BUILD_CMD)
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--      @target=$(ECDSATEST); $(BUILD_CMD)
-+      +@target=$(ECDSATEST); $(BUILD_CMD)
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--      @target=$(ECDHTEST); $(BUILD_CMD)
-+      +@target=$(ECDHTEST); $(BUILD_CMD)
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--      @target=$(IGETEST); $(BUILD_CMD)
-+      +@target=$(IGETEST); $(BUILD_CMD)
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--      @target=$(JPAKETEST); $(BUILD_CMD)
-+      +@target=$(JPAKETEST); $(BUILD_CMD)
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--      @target=$(ASN1TEST); $(BUILD_CMD)
-+      +@target=$(ASN1TEST); $(BUILD_CMD)
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
--      @target=$(SRPTEST); $(BUILD_CMD)
-+      +@target=$(SRPTEST); $(BUILD_CMD)
- #$(AESTEST).o: $(AESTEST).c
- #     $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -480,7 +480,7 @@
- #     fi
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--      @target=dummytest; $(BUILD_CMD)
-+      +@target=dummytest; $(BUILD_CMD)
- # DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/objects/Makefile
-+++ b/crypto/objects/Makefile
-@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h
- # objects.pl both reads and writes obj_mac.num
- obj_mac.h: objects.pl objects.txt obj_mac.num
-       $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
--      @sleep 1; touch obj_mac.h; sleep 1
--obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
-+# This doesn't really need obj_mac.h, but since that rule reads & writes
-+# obj_mac.num, we can't run in parallel with it.
-+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
-       $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
--      @sleep 1; touch obj_xref.h; sleep 1
- files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
diff --git a/dev-libs/openssl/files/openssl-1.0.1-x32.patch b/dev-libs/openssl/files/openssl-1.0.1-x32.patch
deleted file mode 100644 (file)
index 5106cb6..0000000
+++ /dev/null
@@ -1,79 +0,0 @@
-http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=51bfed2e26fc13a66e8b5710aa2ce1d7a04af721
-
-UpstreamStatus: Pending
-
-Received from H J Liu @ Intel
-Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
-
-ported the patch to the 1.0.0e version
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
-Index: openssl-1.0.0e/Configure
-===================================================================
---- openssl-1.0.0e.orig/Configure
-+++ openssl-1.0.0e/Configure
-@@ -393,6 +393,7 @@ my %table=(
- "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x32",  "gcc:-DL_ENDIAN         -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "dist",               "cc:-O::(unknown)::::::",
- # Basic configs that should work on any (32 and less bit) box
-Index: openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
-===================================================================
---- openssl-1.0.0e.orig/crypto/bn/asm/x86_64-gcc.c
-+++ openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
-@@ -55,7 +55,7 @@
-  *    machine.
-  */
--#ifdef _WIN64
-+#if defined _WIN64 || !defined __LP64__
- #define BN_ULONG unsigned long long
- #else
- #define BN_ULONG unsigned long
-@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
-       asm (
-       "       subq    %2,%2           \n"
-       ".p2align 4                     \n"
--      "1:     movq    (%4,%2,8),%0    \n"
--      "       adcq    (%5,%2,8),%0    \n"
--      "       movq    %0,(%3,%2,8)    \n"
-+      "1:     movq    (%q4,%2,8),%0   \n"
-+      "       adcq    (%q5,%2,8),%0   \n"
-+      "       movq    %0,(%q3,%2,8)   \n"
-       "       leaq    1(%2),%2        \n"
-       "       loop    1b              \n"
-       "       sbbq    %0,%0           \n"
-@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
-       asm (
-       "       subq    %2,%2           \n"
-       ".p2align 4                     \n"
--      "1:     movq    (%4,%2,8),%0    \n"
--      "       sbbq    (%5,%2,8),%0    \n"
--      "       movq    %0,(%3,%2,8)    \n"
-+      "1:     movq    (%q4,%2,8),%0   \n"
-+      "       sbbq    (%q5,%2,8),%0   \n"
-+      "       movq    %0,(%q3,%2,8)   \n"
-       "       leaq    1(%2),%2        \n"
-       "       loop    1b              \n"
-       "       sbbq    %0,%0           \n"
-Index: openssl-1.0.0e/crypto/bn/bn.h
-===================================================================
---- openssl-1.0.0e.orig/crypto/bn/bn.h
-+++ openssl-1.0.0e/crypto/bn/bn.h
-@@ -172,6 +172,13 @@ extern "C" {
- # endif
- #endif
-+/* Address type.  */
-+#ifdef _WIN64
-+#define BN_ADDR unsigned long long
-+#else
-+#define BN_ADDR unsigned long
-+#endif
-+
- /* assuming long is 64bit - this is the DEC Alpha
-  * unsigned long long is only 64 bits :-(, don't define
-  * BN_LLONG for the DEC Alpha */
diff --git a/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch b/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch
deleted file mode 100644 (file)
index 03e4f59..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
-https://bugs.gentoo.org/472584
-http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest
-
-fix verification handling in s_client.  when loading paths, make sure
-we properly fallback to setting the default paths.
-
---- a/apps/s_client.c
-+++ b/apps/s_client.c
-@@ -899,7 +899,7 @@
-       if (!set_cert_key_stuff(ctx,cert,key))
-               goto end;
--      if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
-+      if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) &&
-               (!SSL_CTX_set_default_verify_paths(ctx)))
-               {
-               /* BIO_printf(bio_err,"error setting default verify locations\n"); */
-
diff --git a/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch
deleted file mode 100644 (file)
index 10c1ba2..0000000
+++ /dev/null
@@ -1,642 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
-
-Forward ported from openssl-1.0.1e-ipv6.patch
-
-Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
-
---- openssl-1.0.1h/apps/s_apps.h
-+++ openssl-1.0.1h/apps/s_apps.h
-@@ -148,7 +148,7 @@
- #define PORT_STR        "4433"
- #define PROTOCOL        "tcp"
--int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
-+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6);
- #ifdef HEADER_X509_H
- int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
- #endif
-@@ -156,7 +156,7 @@
- int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
- int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
- #endif
--int init_client(int *sock, char *server, int port, int type);
-+int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6);
- int should_retry(int i);
- int extract_port(char *str, short *port_ptr);
- int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
---- openssl-1.0.1h/apps/s_client.c
-+++ openssl-1.0.1h/apps/s_client.c
-@@ -285,6 +285,10 @@
-       {
-       BIO_printf(bio_err,"usage: s_client args\n");
-       BIO_printf(bio_err,"\n");
-+      BIO_printf(bio_err," -4             - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+      BIO_printf(bio_err," -6             - use IPv6 only\n");
-+#endif
-       BIO_printf(bio_err," -host host     - use -connect instead\n");
-       BIO_printf(bio_err," -port port     - use -connect instead\n");
-       BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-@@ -568,6 +572,7 @@
-       int sbuf_len,sbuf_off;
-       fd_set readfds,writefds;
-       short port=PORT;
-+      int use_ipv4, use_ipv6;
-       int full_log=1;
-       char *host=SSL_HOST_NAME;
-       char *cert_file=NULL,*key_file=NULL;
-@@ -613,7 +618,11 @@
- #endif
-       char *sess_in = NULL;
-       char *sess_out = NULL;
--      struct sockaddr peer;
-+#if OPENSSL_USE_IPV6
-+      struct sockaddr_storage peer;
-+#else
-+      struct sockaddr_in peer;
-+#endif
-       int peerlen = sizeof(peer);
-       int enable_timeouts = 0 ;
-       long socket_mtu = 0;
-@@ -628,6 +637,12 @@
-       meth=SSLv23_client_method();
-+      use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+      use_ipv6 = 1;
-+#else
-+      use_ipv6 = 0;
-+#endif
-       apps_startup();
-       c_Pause=0;
-       c_quiet=0;
-@@ -949,6 +964,18 @@
-                       jpake_secret = *++argv;
-                       }
- #endif
-+              else if (strcmp(*argv,"-4") == 0)
-+                      {
-+                      use_ipv4 = 1;
-+                      use_ipv6 = 0;
-+                      }
-+#if OPENSSL_USE_IPV6
-+              else if (strcmp(*argv,"-6") == 0)
-+                      {
-+                      use_ipv4 = 0;
-+                      use_ipv6 = 1;
-+                      }
-+#endif
- #ifndef OPENSSL_NO_SRTP
-               else if (strcmp(*argv,"-use_srtp") == 0)
-                       {
-@@ -1260,7 +1287,7 @@
- re_start:
--      if (init_client(&s,host,port,socket_type) == 0)
-+      if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0)
-               {
-               BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
-               SHUTDOWN(s);
-@@ -1286,7 +1313,7 @@
-               {
-               sbio=BIO_new_dgram(s,BIO_NOCLOSE);
--              if (getsockname(s, &peer, (void *)&peerlen) < 0)
-+              if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0)
-                       {
-                       BIO_printf(bio_err, "getsockname:errno=%d\n",
-                               get_last_socket_error());
---- openssl-1.0.1h/apps/s_server.c
-+++ openssl-1.0.1h/apps/s_server.c
-@@ -560,6 +560,10 @@
-         BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
- # endif
- #endif
-+      BIO_printf(bio_err," -4            - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+      BIO_printf(bio_err," -6            - use IPv6 only\n");
-+#endif
-       BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
-       BIO_printf(bio_err," -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
-       }
-@@ -947,6 +951,7 @@
-       int state=0;
-       const SSL_METHOD *meth=NULL;
-       int socket_type=SOCK_STREAM;
-+      int use_ipv4, use_ipv6;
-       ENGINE *e=NULL;
-       char *inrand=NULL;
-       int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
-@@ -975,6 +980,12 @@
- #endif
-       meth=SSLv23_server_method();
-+      use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+      use_ipv6 = 1;
-+#else
-+      use_ipv6 = 0;
-+#endif
-       local_argc=argc;
-       local_argv=argv;
-@@ -1323,6 +1334,18 @@
-                       jpake_secret = *(++argv);
-                       }
- #endif
-+              else if (strcmp(*argv,"-4") == 0)
-+                      {
-+                      use_ipv4 = 1;
-+                      use_ipv6 = 0;
-+                      }
-+#if OPENSSL_USE_IPV6
-+              else if (strcmp(*argv,"-6") == 0)
-+                      {
-+                      use_ipv4 = 0;
-+                      use_ipv6 = 1;
-+                      }
-+#endif
- #ifndef OPENSSL_NO_SRTP
-               else if (strcmp(*argv,"-use_srtp") == 0)
-                       {
-@@ -1881,9 +1904,9 @@
-       BIO_printf(bio_s_out,"ACCEPT\n");
-       (void)BIO_flush(bio_s_out);
-       if (www)
--              do_server(port,socket_type,&accept_socket,www_body, context);
-+              do_server(port,socket_type,&accept_socket,www_body, context, use_ipv4, use_ipv6);
-       else
--              do_server(port,socket_type,&accept_socket,sv_body, context);
-+              do_server(port,socket_type,&accept_socket,sv_body, context, use_ipv4, use_ipv6);
-       print_stats(bio_s_out,ctx);
-       ret=0;
- end:
---- openssl-1.0.1h/apps/s_socket.c
-+++ openssl-1.0.1h/apps/s_socket.c
-@@ -97,16 +97,16 @@
- #include "netdb.h"
- #endif
--static struct hostent *GetHostByName(char *name);
-+static struct hostent *GetHostByName(char *name, int domain);
- #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
- static void ssl_sock_cleanup(void);
- #endif
- static int ssl_sock_init(void);
--static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
--static int init_server(int *sock, int port, int type);
--static int init_server_long(int *sock, int port,char *ip, int type);
-+static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain);
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
-+static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6);
- static int do_accept(int acc_sock, int *sock, char **host);
--static int host_ip(char *str, unsigned char ip[4]);
-+static int host_ip(char *str, unsigned char *ip, int domain);
- #ifdef OPENSSL_SYS_WIN16
- #define SOCKET_PROTOCOL       0 /* more microsoft stupidity */
-@@ -234,38 +234,68 @@
-       return(1);
-       }
--int init_client(int *sock, char *host, int port, int type)
-+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
-       {
-+#if OPENSSL_USE_IPV6
-+      unsigned char ip[16];
-+#else
-       unsigned char ip[4];
-+#endif
--      memset(ip, '\0', sizeof ip);
--      if (!host_ip(host,&(ip[0])))
--              return 0;
--      return init_client_ip(sock,ip,port,type);
--      }
--
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
--      {
--      unsigned long addr;
-+      if (use_ipv4)
-+              if (host_ip(host,ip,AF_INET))
-+                      return(init_client_ip(sock,ip,port,type,AF_INET));
-+#if OPENSSL_USE_IPV6
-+      if (use_ipv6)
-+              if (host_ip(host,ip,AF_INET6))
-+                      return(init_client_ip(sock,ip,port,type,AF_INET6));
-+#endif
-+      return 0;
-+      }
-+
-+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
-+      {
-+#if OPENSSL_USE_IPV6
-+      struct sockaddr_storage them;
-+      struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
-+      struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
-+#else
-       struct sockaddr_in them;
-+      struct sockaddr_in *them_in = &them;
-+#endif
-+      socklen_t addr_len;
-       int s,i;
-       if (!ssl_sock_init()) return(0);
-       memset((char *)&them,0,sizeof(them));
--      them.sin_family=AF_INET;
--      them.sin_port=htons((unsigned short)port);
--      addr=(unsigned long)
--              ((unsigned long)ip[0]<<24L)|
--              ((unsigned long)ip[1]<<16L)|
--              ((unsigned long)ip[2]<< 8L)|
--              ((unsigned long)ip[3]);
--      them.sin_addr.s_addr=htonl(addr);
-+      if (domain == AF_INET)
-+              {
-+              addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+              them_in->sin_family=AF_INET;
-+              them_in->sin_port=htons((unsigned short)port);
-+#ifndef BIT_FIELD_LIMITS
-+              memcpy(&them_in->sin_addr.s_addr, ip, 4);
-+#else
-+              memcpy(&them_in->sin_addr, ip, 4);
-+#endif
-+              }
-+      else
-+#if OPENSSL_USE_IPV6
-+              {
-+              addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+              them_in6->sin6_family=AF_INET6;
-+              them_in6->sin6_port=htons((unsigned short)port);
-+              memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
-+              }
-+#else
-+              return(0);
-+#endif
-       if (type == SOCK_STREAM)
--              s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-+              s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
-       else /* ( type == SOCK_DGRAM) */
--              s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-+              s=socket(domain,SOCK_DGRAM,IPPROTO_UDP);
-                       
-       if (s == INVALID_SOCKET) { perror("socket"); return(0); }
-@@ -277,29 +307,27 @@
-               if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
-               }
- #endif
--
--      if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
-+      if (connect(s,(struct sockaddr *)&them,addr_len) == -1)
-               { closesocket(s); perror("connect"); return(0); }
-       *sock=s;
-       return(1);
-       }
--int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
-+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6)
-       {
-       int sock;
-       char *name = NULL;
-       int accept_socket = 0;
-       int i;
--      if (!init_server(&accept_socket,port,type)) return(0);
--
-+      if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0);
-       if (ret != NULL)
-               {
-               *ret=accept_socket;
-               /* return(1);*/
-               }
--      for (;;)
--              {
-+      for (;;)
-+              {
-               if (type==SOCK_STREAM)
-                       {
-                       if (do_accept(accept_socket,&sock,&name) == 0)
-@@ -322,41 +350,88 @@
-               }
-       }
--static int init_server_long(int *sock, int port, char *ip, int type)
-+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
-       {
-       int ret=0;
-+      int domain;
-+#if OPENSSL_USE_IPV6
-+      struct sockaddr_storage server;
-+      struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
-+      struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
-+#else
-       struct sockaddr_in server;
-+      struct sockaddr_in *server_in = &server;
-+#endif
-+      socklen_t addr_len;
-       int s= -1;
-+      if (!use_ipv4 && !use_ipv6)
-+              goto err;
-+#if OPENSSL_USE_IPV6
-+      /* we are fine here */
-+#else
-+      if (use_ipv6)
-+              goto err;
-+#endif
-       if (!ssl_sock_init()) return(0);
--      memset((char *)&server,0,sizeof(server));
--      server.sin_family=AF_INET;
--      server.sin_port=htons((unsigned short)port);
--      if (ip == NULL)
--              server.sin_addr.s_addr=INADDR_ANY;
--      else
--/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
--#ifndef BIT_FIELD_LIMITS
--              memcpy(&server.sin_addr.s_addr,ip,4);
-+#if OPENSSL_USE_IPV6
-+      domain = use_ipv6 ? AF_INET6 : AF_INET;
- #else
--              memcpy(&server.sin_addr,ip,4);
-+      domain = AF_INET;
- #endif
--      
--              if (type == SOCK_STREAM)
--                      s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
--              else /* type == SOCK_DGRAM */
--                      s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
-+      if (type == SOCK_STREAM)
-+              s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
-+      else /* type == SOCK_DGRAM */
-+              s=socket(domain, SOCK_DGRAM,IPPROTO_UDP);
-       if (s == INVALID_SOCKET) goto err;
- #if defined SOL_SOCKET && defined SO_REUSEADDR
-+      {
-+      int j = 1;
-+      setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-+                 (void *) &j, sizeof j);
-+      }
-+#endif
-+#if OPENSSL_USE_IPV6
-+      if ((use_ipv4 == 0) && (use_ipv6 == 1))
-+              {
-+              const int on = 1;
-+
-+              setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
-+                         (const void *) &on, sizeof(int));
-+              }
-+#endif
-+      if (domain == AF_INET)
-+              {
-+              addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+              memset(server_in, 0, sizeof(struct sockaddr_in));
-+              server_in->sin_family=AF_INET;
-+              server_in->sin_port = htons((unsigned short)port);
-+              if (ip == NULL)
-+                      server_in->sin_addr.s_addr = htonl(INADDR_ANY);
-+              else
-+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-+#ifndef BIT_FIELD_LIMITS
-+                      memcpy(&server_in->sin_addr.s_addr, ip, 4);
-+#else
-+                      memcpy(&server_in->sin_addr, ip, 4);
-+#endif
-+              }
-+#if OPENSSL_USE_IPV6
-+      else
-               {
--              int j = 1;
--              setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
--                         (void *) &j, sizeof j);
-+              addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+              memset(server_in6, 0, sizeof(struct sockaddr_in6));
-+              server_in6->sin6_family = AF_INET6;
-+              server_in6->sin6_port = htons((unsigned short)port);
-+              if (ip == NULL)
-+                      server_in6->sin6_addr = in6addr_any;
-+              else
-+                      memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
-               }
- #endif
--      if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
-+      if (bind(s, (struct sockaddr *)&server, addr_len) == -1)
-               {
- #ifndef OPENSSL_SYS_WINDOWS
-               perror("bind");
-@@ -375,16 +450,23 @@
-       return(ret);
-       }
--static int init_server(int *sock, int port, int type)
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
-       {
--      return(init_server_long(sock, port, NULL, type));
-+      return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
-       }
- static int do_accept(int acc_sock, int *sock, char **host)
-       {
-       int ret;
-       struct hostent *h1,*h2;
--      static struct sockaddr_in from;
-+#if OPENSSL_USE_IPV6
-+      struct sockaddr_storage from;
-+      struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
-+      struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
-+#else
-+      struct sockaddr_in from;
-+      struct sockaddr_in *from_in = &from;
-+#endif
-       int len;
- /*    struct linger ling; */
-@@ -431,13 +513,23 @@
- */
-       if (host == NULL) goto end;
-+#if OPENSSL_USE_IPV6
-+      if (from.ss_family == AF_INET)
-+#else
-+      if (from.sin_family == AF_INET)
-+#endif
- #ifndef BIT_FIELD_LIMITS
--      /* I should use WSAAsyncGetHostByName() under windows */
--      h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
--              sizeof(from.sin_addr.s_addr),AF_INET);
-+              /* I should use WSAAsyncGetHostByName() under windows */
-+              h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr,
-+                               sizeof(from_in->sin_addr.s_addr), AF_INET);
- #else
--      h1=gethostbyaddr((char *)&from.sin_addr,
--              sizeof(struct in_addr),AF_INET);
-+              h1=gethostbyaddr((char *)&from_in->sin_addr,
-+                               sizeof(struct in_addr), AF_INET);
-+#endif
-+#if OPENSSL_USE_IPV6
-+      else
-+              h1=gethostbyaddr((char *)&from_in6->sin6_addr,
-+                               sizeof(struct in6_addr), AF_INET6);
- #endif
-       if (h1 == NULL)
-               {
-@@ -455,16 +547,25 @@
-                       }
-               BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
--              h2=GetHostByName(*host);
-+#if OPENSSL_USE_IPV6          
-+              h2=GetHostByName(*host, from.ss_family);
-+#else
-+              h2=GetHostByName(*host, from.sin_family);
-+#endif
-+
-               if (h2 == NULL)
-                       {
-                       BIO_printf(bio_err,"gethostbyname failure\n");
-                       closesocket(ret);
-                       return(0);
-                       }
--              if (h2->h_addrtype != AF_INET)
-+#if OPENSSL_USE_IPV6
-+              if (h2->h_addrtype != from.ss_family)
-+#else
-+              if (h2->h_addrtype != from.sin_family)
-+#endif
-                       {
--                      BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+                      BIO_printf(bio_err,"gethostbyname addr address is not correct\n");
-                       closesocket(ret);
-                       return(0);
-                       }
-@@ -480,7 +581,7 @@
-       char *h,*p;
-       h=str;
--      p=strchr(str,':');
-+      p=strrchr(str,':');
-       if (p == NULL)
-               {
-               BIO_printf(bio_err,"no port defined\n");
-@@ -488,7 +589,7 @@
-               }
-       *(p++)='\0';
--      if ((ip != NULL) && !host_ip(str,ip))
-+      if ((ip != NULL) && !host_ip(str,ip,AF_INET))
-               goto err;
-       if (host_ptr != NULL) *host_ptr=h;
-@@ -499,48 +600,58 @@
-       return(0);
-       }
--static int host_ip(char *str, unsigned char ip[4])
-+static int host_ip(char *str, unsigned char *ip, int domain)
-       {
--      unsigned int in[4]; 
-+      unsigned int in[4];
-+      unsigned long l;
-       int i;
--      if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
-+      if ((domain == AF_INET) &&
-+          (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4))
-               {
-+              
-               for (i=0; i<4; i++)
-                       if (in[i] > 255)
-                               {
-                               BIO_printf(bio_err,"invalid IP address\n");
-                               goto err;
-                               }
--              ip[0]=in[0];
--              ip[1]=in[1];
--              ip[2]=in[2];
--              ip[3]=in[3];
--              }
-+              l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
-+              memcpy(ip, &l, 4);
-+              return 1;
-+              }
-+#if OPENSSL_USE_IPV6
-+      else if ((domain == AF_INET6) &&
-+               (inet_pton(AF_INET6, str, ip) == 1))
-+               return 1;
-+#endif
-       else
-               { /* do a gethostbyname */
-               struct hostent *he;
-               if (!ssl_sock_init()) return(0);
--              he=GetHostByName(str);
-+              he=GetHostByName(str,domain);
-               if (he == NULL)
-                       {
-                       BIO_printf(bio_err,"gethostbyname failure\n");
-                       goto err;
-                       }
-               /* cast to short because of win16 winsock definition */
--              if ((short)he->h_addrtype != AF_INET)
-+              if ((short)he->h_addrtype != domain)
-                       {
--                      BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+                      BIO_printf(bio_err,"gethostbyname addr family is not correct\n");
-                       return(0);
-                       }
--              ip[0]=he->h_addr_list[0][0];
--              ip[1]=he->h_addr_list[0][1];
--              ip[2]=he->h_addr_list[0][2];
--              ip[3]=he->h_addr_list[0][3];
-+              if (domain == AF_INET)
-+                      memset(ip, 0, 4);
-+#if OPENSSL_USE_IPV6
-+              else
-+                      memset(ip, 0, 16);
-+#endif
-+              memcpy(ip, he->h_addr_list[0], he->h_length);
-+              return 1;
-               }
--      return(1);
- err:
-       return(0);
-       }
-@@ -577,7 +688,7 @@
- static unsigned long ghbn_hits=0L;
- static unsigned long ghbn_miss=0L;
--static struct hostent *GetHostByName(char *name)
-+static struct hostent *GetHostByName(char *name, int domain)
-       {
-       struct hostent *ret;
-       int i,lowi=0;
-@@ -592,14 +703,20 @@
-                       }
-               if (ghbn_cache[i].order > 0)
-                       {
--                      if (strncmp(name,ghbn_cache[i].name,128) == 0)
-+                      if ((strncmp(name,ghbn_cache[i].name,128) == 0) &&
-+                          (ghbn_cache[i].ent.h_addrtype == domain))
-                               break;
-                       }
-               }
-       if (i == GHBN_NUM) /* no hit*/
-               {
-               ghbn_miss++;
--              ret=gethostbyname(name);
-+              if (domain == AF_INET)
-+                      ret=gethostbyname(name);
-+#if OPENSSL_USE_IPV6
-+              else
-+                      ret=gethostbyname2(name, AF_INET6);
-+#endif
-               if (ret == NULL) return(NULL);
-               /* else add to cache */
-               if(strlen(name) < sizeof ghbn_cache[0].name)
diff --git a/dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch b/dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch
deleted file mode 100644 (file)
index 811f573..0000000
+++ /dev/null
@@ -1,356 +0,0 @@
---- openssl-1.0.1l/crypto/asn1/a_type.c
-+++ openssl-1.0.1l/crypto/asn1/a_type.c
-@@ -124,6 +124,9 @@
-       case V_ASN1_OBJECT:
-               result = OBJ_cmp(a->value.object, b->value.object);
-               break;
-+      case V_ASN1_BOOLEAN:
-+              result = a->value.boolean - b->value.boolean;
-+              break;
-       case V_ASN1_NULL:
-               result = 0;     /* They do not have content. */
-               break;
---- openssl-1.0.1l/crypto/asn1/tasn_dec.c
-+++ openssl-1.0.1l/crypto/asn1/tasn_dec.c
-@@ -130,11 +130,17 @@
-       {
-       ASN1_TLC c;
-       ASN1_VALUE *ptmpval = NULL;
--      if (!pval)
--              pval = &ptmpval;
-       asn1_tlc_clear_nc(&c);
--      if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
--              return *pval;
-+      if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
-+          ptmpval = *pval;
-+      if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
-+          if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
-+              if (*pval)
-+                  ASN1_item_free(*pval, it);
-+              *pval = ptmpval;
-+          }
-+          return ptmpval;
-+      }
-       return NULL;
-       }
-@@ -311,9 +317,16 @@
-               if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
-                               goto auxerr;
--              /* Allocate structure */
--              if (!*pval && !ASN1_item_ex_new(pval, it))
--                      {
-+              if (*pval) {
-+                  /* Free up and zero CHOICE value if initialised */
-+                  i = asn1_get_choice_selector(pval, it);
-+                  if ((i >= 0) && (i < it->tcount)) {
-+                      tt = it->templates + i;
-+                      pchptr = asn1_get_field_ptr(pval, tt);
-+                      ASN1_template_free(pchptr, tt);
-+                      asn1_set_choice_selector(pval, -1, it);
-+                  }
-+              } else if (!ASN1_item_ex_new(pval, it)) {
-                       ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                                               ERR_R_NESTED_ASN1_ERROR);
-                       goto err;
-@@ -407,6 +420,17 @@
-               if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
-                               goto auxerr;
-+              /* Free up and zero any ADB found */
-+              for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-+                  if (tt->flags & ASN1_TFLG_ADB_MASK) {
-+                      const ASN1_TEMPLATE *seqtt;
-+                      ASN1_VALUE **pseqval;
-+                      seqtt = asn1_do_adb(pval, tt, 1);
-+                      pseqval = asn1_get_field_ptr(pval, seqtt);
-+                      ASN1_template_free(pseqval, seqtt);
-+                  }
-+              }
-+
-               /* Get each field entry */
-               for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
-                       {
---- openssl-1.0.1l/crypto/pkcs7/pk7_doit.c
-+++ openssl-1.0.1l/crypto/pkcs7/pk7_doit.c
-@@ -272,6 +272,25 @@
-       PKCS7_RECIP_INFO *ri=NULL;
-       ASN1_OCTET_STRING *os=NULL;
-+    if (p7 == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
-+      return NULL;
-+    }
-+    /*
-+     * The content field in the PKCS7 ContentInfo is optional, but that really
-+     * only applies to inner content (precisely, detached signatures).
-+     *
-+     * When reading content, missing outer content is therefore treated as an
-+     * error.
-+     *
-+     * When creating content, PKCS7_content_new() must be called before
-+     * calling this method, so a NULL p7->d is always an error.
-+     */
-+    if (p7->d.ptr == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
-+      return NULL;
-+    }
-+
-       i=OBJ_obj2nid(p7->type);
-       p7->state=PKCS7_S_HEADER;
-@@ -433,6 +452,16 @@
-        unsigned char *ek = NULL, *tkey = NULL;
-        int eklen = 0, tkeylen = 0;
-+    if (p7 == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
-+      return NULL;
-+    }
-+    
-+    if (p7->d.ptr == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
-+      return NULL;
-+    }
-+
-       i=OBJ_obj2nid(p7->type);
-       p7->state=PKCS7_S_HEADER;
-@@ -752,6 +781,16 @@
-       STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
-       ASN1_OCTET_STRING *os=NULL;
-+    if (p7 == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
-+      return 0;
-+    }
-+
-+    if (p7->d.ptr == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
-+      return 0;
-+    }
-+
-       EVP_MD_CTX_init(&ctx_tmp);
-       i=OBJ_obj2nid(p7->type);
-       p7->state=PKCS7_S_HEADER;
-@@ -796,6 +835,7 @@
-               /* If detached data then the content is excluded */
-               if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
-                       M_ASN1_OCTET_STRING_free(os);
-+                      os = NULL;
-                       p7->d.sign->contents->d.data = NULL;
-               }
-               break;
-@@ -806,6 +846,7 @@
-               if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
-                       {
-                       M_ASN1_OCTET_STRING_free(os);
-+                      os = NULL;
-                       p7->d.digest->contents->d.data = NULL;
-                       }
-               break;
-@@ -878,24 +919,31 @@
-               M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
-               }
--      if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
--              {
-+      if (!PKCS7_is_detached(p7)) {
-+          /*
-+           * NOTE(emilia): I think we only reach os == NULL here because detached
-+           * digested data support is broken.
-+           */
-+          if (os == NULL)
-+              goto err;
-+          if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
-               char *cont;
-               long contlen;
--              btmp=BIO_find_type(bio,BIO_TYPE_MEM);
--              if (btmp == NULL)
--                      {
--                      PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
--                      goto err;
--                      }
-+              btmp = BIO_find_type(bio, BIO_TYPE_MEM);
-+              if (btmp == NULL) {
-+                  PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
-+                  goto err;
-+              }
-               contlen = BIO_get_mem_data(btmp, &cont);
--              /* Mark the BIO read only then we can use its copy of the data
-+              /*
-+               * Mark the BIO read only then we can use its copy of the data
-                * instead of making an extra copy.
-                */
-               BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
-               BIO_set_mem_eof_return(btmp, 0);
-               ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
--              }
-+          }
-+      }
-       ret=1;
- err:
-       EVP_MD_CTX_cleanup(&ctx_tmp);
-@@ -971,6 +1019,16 @@
-       STACK_OF(X509) *cert;
-       X509 *x509;
-+    if (p7 == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
-+      return 0;
-+    }
-+
-+    if (p7->d.ptr == NULL) {
-+      PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
-+      return 0;
-+    }
-+
-       if (PKCS7_type_is_signed(p7))
-               {
-               cert=p7->d.sign->cert;
---- openssl-1.0.1l/crypto/pkcs7/pk7_lib.c
-+++ openssl-1.0.1l/crypto/pkcs7/pk7_lib.c
-@@ -71,6 +71,7 @@
-       switch (cmd)
-               {
-+      /* NOTE(emilia): does not support detached digested data. */
-       case PKCS7_OP_SET_DETACHED_SIGNATURE:
-               if (nid == NID_pkcs7_signed)
-                       {
-@@ -459,6 +460,8 @@
- STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
-       {
-+      if (p7 == NULL || p7->d.ptr == NULL)
-+              return NULL;
-       if (PKCS7_type_is_signed(p7))
-               {
-               return(p7->d.sign->signer_info);
---- openssl-1.0.1l/doc/crypto/d2i_X509.pod
-+++ openssl-1.0.1l/doc/crypto/d2i_X509.pod
-@@ -199,6 +199,12 @@
- persist if they are not present in the new one. As a result the use
- of this "reuse" behaviour is strongly discouraged.
-+Current versions of OpenSSL will not modify B<*px> if an error occurs.
-+If parsing succeeds then B<*px> is freed (if it is not NULL) and then
-+set to the value of the newly decoded structure. As a result B<*px>
-+B<must not> be allocated on the stack or an attempt will be made to
-+free an invalid pointer.
-+
- i2d_X509() will not return an error in many versions of OpenSSL,
- if mandatory fields are not initialized due to a programming error
- then the encoded structure may contain invalid data or omit the
-@@ -210,7 +216,9 @@
- d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
- or B<NULL> if an error occurs. The error code that can be obtained by
--L<ERR_get_error(3)|ERR_get_error(3)>. 
-+L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
-+with a valid X509 structure being passed in via B<px> then the object is not
-+modified in the event of error.
- i2d_X509() returns the number of bytes successfully encoded or a negative
- value if an error occurs. The error code can be obtained by
---- openssl-1.0.1l/ssl/s2_lib.c
-+++ openssl-1.0.1l/ssl/s2_lib.c
-@@ -488,7 +488,7 @@
-               OPENSSL_assert(s->session->master_key_length >= 0
-                   && s->session->master_key_length
--                  < (int)sizeof(s->session->master_key));
-+                  <= (int)sizeof(s->session->master_key));
-               EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
-               EVP_DigestUpdate(&ctx,&c,1);
-               c++;
---- openssl-1.0.1l/ssl/s2_srvr.c
-+++ openssl-1.0.1l/ssl/s2_srvr.c
-@@ -454,10 +454,6 @@
-               SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
-               return(-1);
-               }
--      i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
--              &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
--              (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
--
-       is_export=SSL_C_IS_EXPORT(s->session->cipher);
-       
-       if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
-@@ -475,21 +471,59 @@
-       else
-               ek=5;
-+      /*
-+       * The format of the CLIENT-MASTER-KEY message is
-+       * 1 byte message type
-+       * 3 bytes cipher
-+       * 2-byte clear key length (stored in s->s2->tmp.clear)
-+       * 2-byte encrypted key length (stored in s->s2->tmp.enc)
-+       * 2-byte key args length (IV etc)
-+       * clear key
-+       * encrypted key
-+       * key args
-+       *
-+       * If the cipher is an export cipher, then the encrypted key bytes
-+       * are a fixed portion of the total key (5 or 8 bytes). The size of
-+       * this portion is in |ek|. If the cipher is not an export cipher,
-+       * then the entire key material is encrypted (i.e., clear key length
-+       * must be zero).
-+       */
-+      if ((!is_export && s->s2->tmp.clear != 0) ||
-+          (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
-+          ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-+          SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
-+          return -1;
-+      }
-+      /*
-+       * The encrypted blob must decrypt to the encrypted portion of the key.
-+       * Decryption can't be expanding, so if we don't have enough encrypted
-+       * bytes to fit the key in the buffer, stop now.
-+       */
-+      if ((is_export && s->s2->tmp.enc < ek) ||
-+          (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
-+          ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-+          SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
-+          return -1;
-+      }
-+
-+      i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
-+                                  &(p[s->s2->tmp.clear]),
-+                                  &(p[s->s2->tmp.clear]),
-+                                  (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
-+                                  RSA_PKCS1_PADDING);
-+
-       /* bad decrypt */
- #if 1
-       /* If a bad decrypt, continue with protocol but with a
-        * random master secret (Bleichenbacher attack) */
--      if ((i < 0) ||
--              ((!is_export && (i != EVP_CIPHER_key_length(c)))
--              || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
--                      (unsigned int)EVP_CIPHER_key_length(c))))))
--              {
-+      if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
-+                      || (is_export && i != ek))) {
-               ERR_clear_error();
-               if (is_export)
-                       i=ek;
-               else
-                       i=EVP_CIPHER_key_length(c);
--              if (RAND_pseudo_bytes(p,i) <= 0)
-+              if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
-                       return 0;
-               }
- #else
-@@ -513,7 +547,8 @@
-               }
- #endif
--      if (is_export) i+=s->s2->tmp.clear;
-+      if (is_export)
-+              i = EVP_CIPHER_key_length(c);
-       if (i > SSL_MAX_MASTER_KEY_LENGTH)
-               {
diff --git a/dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch
deleted file mode 100644 (file)
index db92b79..0000000
+++ /dev/null
@@ -1,364 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2084
-
---- openssl-1.0.1m/crypto/Makefile
-+++ openssl-1.0.1m/crypto/Makefile
-@@ -85,11 +85,11 @@
-       @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- subdirs:
--      @target=all; $(RECURSIVE_MAKE)
-+      +@target=all; $(RECURSIVE_MAKE)
- files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
--      @target=files; $(RECURSIVE_MAKE)
-+      +@target=files; $(RECURSIVE_MAKE)
- links:
-       @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:  $(LIB)
-       @touch lib
--$(LIB):       $(LIBOBJ)
-+$(LIB):       $(LIBOBJ) | subdirs
-       $(AR) $(LIB) $(LIBOBJ)
-       [ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
-       $(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@
-       fi
- libs:
--      @target=lib; $(RECURSIVE_MAKE)
-+      +@target=lib; $(RECURSIVE_MAKE)
- install:
-       @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@
-       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done;
--      @target=install; $(RECURSIVE_MAKE)
-+      +@target=install; $(RECURSIVE_MAKE)
- lint:
-       @target=lint; $(RECURSIVE_MAKE)
---- openssl-1.0.1m/crypto/objects/Makefile
-+++ openssl-1.0.1m/crypto/objects/Makefile
-@@ -44,11 +44,11 @@
- # objects.pl both reads and writes obj_mac.num
- obj_mac.h: objects.pl objects.txt obj_mac.num
-       $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
--      @sleep 1; touch obj_mac.h; sleep 1
--obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
-+# This doesn't really need obj_mac.h, but since that rule reads & writes
-+# obj_mac.num, we can't run in parallel with it.
-+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
-       $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
--      @sleep 1; touch obj_xref.h; sleep 1
- files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
---- openssl-1.0.1m/engines/Makefile
-+++ openssl-1.0.1m/engines/Makefile
-@@ -72,7 +72,7 @@
- all:  lib subdirs
--lib:  $(LIBOBJ)
-+lib:  $(LIBOBJ) | subdirs
-       @if [ -n "$(SHARED_LIBS)" ]; then \
-               set -e; \
-               for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
- subdirs:
-       echo $(EDIRS)
--      @target=all; $(RECURSIVE_MAKE)
-+      +@target=all; $(RECURSIVE_MAKE)
- files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
-                         mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
-               done; \
-       fi
--      @target=install; $(RECURSIVE_MAKE)
-+      +@target=install; $(RECURSIVE_MAKE)
- tags:
-       ctags $(SRC)
---- openssl-1.0.1m/Makefile.org
-+++ openssl-1.0.1m/Makefile.org
-@@ -273,17 +273,17 @@
- build_libs: build_crypto build_ssl build_engines
- build_crypto:
--      @dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
--      @dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
--      @dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
--      @dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
--      @dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
--      @dir=tools; target=all; $(BUILD_ONE_CMD)
-+      +@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+build_ssl: build_crypto
-+      +@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+build_engines: build_crypto
-+      +@dir=engines; target=all; $(BUILD_ONE_CMD)
-+build_apps: build_libs
-+      +@dir=apps; target=all; $(BUILD_ONE_CMD)
-+build_tests: build_libs
-+      +@dir=test; target=all; $(BUILD_ONE_CMD)
-+build_tools: build_libs
-+      +@dir=tools; target=all; $(BUILD_ONE_CMD)
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -538,9 +538,9 @@
- dist_pem_h:
-       (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
--install: all install_docs install_sw
-+install: install_docs install_sw
--install_sw:
-+install_dirs:
-       @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
-               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -549,12 +549,19 @@
-               $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-               $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-               $(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+      @$(PERL) $(TOP)/util/mkdir-p.pl \
-+              $(INSTALL_PREFIX)$(MANDIR)/man1 \
-+              $(INSTALL_PREFIX)$(MANDIR)/man3 \
-+              $(INSTALL_PREFIX)$(MANDIR)/man5 \
-+              $(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
-       @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
-       do \
-       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done;
--      @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+      +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-       @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
-       do \
-               if [ -f "$$i" ]; then \
-@@ -634,12 +641,7 @@
-               done; \
-       done
--install_docs:
--      @$(PERL) $(TOP)/util/mkdir-p.pl \
--              $(INSTALL_PREFIX)$(MANDIR)/man1 \
--              $(INSTALL_PREFIX)$(MANDIR)/man3 \
--              $(INSTALL_PREFIX)$(MANDIR)/man5 \
--              $(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
-       @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
-       here="`pwd`"; \
-       filecase=; \
---- openssl-1.0.1m/Makefile.shared
-+++ openssl-1.0.1m/Makefile.shared
-@@ -105,6 +105,7 @@
-     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
-       -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +123,7 @@
-                       done; \
-               fi; \
-               if [ -n "$$SHLIB_SOVER" ]; then \
-+                      [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
-                       ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
-                         ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
-               fi; \
---- openssl-1.0.1m/test/Makefile
-+++ openssl-1.0.1m/test/Makefile
-@@ -130,7 +130,7 @@
- tags:
-       ctags $(SRC)
--tests:        exe apps $(TESTS)
-+tests:        exe $(TESTS)
- apps:
-       @(cd ..; $(MAKE) DIRS=apps all)
-@@ -388,118 +388,118 @@
-               link_app.$${shlib_target}
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--      @target=$(RSATEST); $(BUILD_CMD)
-+      +@target=$(RSATEST); $(BUILD_CMD)
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--      @target=$(BNTEST); $(BUILD_CMD)
-+      +@target=$(BNTEST); $(BUILD_CMD)
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--      @target=$(ECTEST); $(BUILD_CMD)
-+      +@target=$(ECTEST); $(BUILD_CMD)
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--      @target=$(EXPTEST); $(BUILD_CMD)
-+      +@target=$(EXPTEST); $(BUILD_CMD)
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--      @target=$(IDEATEST); $(BUILD_CMD)
-+      +@target=$(IDEATEST); $(BUILD_CMD)
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--      @target=$(MD2TEST); $(BUILD_CMD)
-+      +@target=$(MD2TEST); $(BUILD_CMD)
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--      @target=$(SHATEST); $(BUILD_CMD)
-+      +@target=$(SHATEST); $(BUILD_CMD)
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--      @target=$(SHA1TEST); $(BUILD_CMD)
-+      +@target=$(SHA1TEST); $(BUILD_CMD)
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--      @target=$(SHA256TEST); $(BUILD_CMD)
-+      +@target=$(SHA256TEST); $(BUILD_CMD)
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--      @target=$(SHA512TEST); $(BUILD_CMD)
-+      +@target=$(SHA512TEST); $(BUILD_CMD)
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--      @target=$(RMDTEST); $(BUILD_CMD)
-+      +@target=$(RMDTEST); $(BUILD_CMD)
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--      @target=$(MDC2TEST); $(BUILD_CMD)
-+      +@target=$(MDC2TEST); $(BUILD_CMD)
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--      @target=$(MD4TEST); $(BUILD_CMD)
-+      +@target=$(MD4TEST); $(BUILD_CMD)
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--      @target=$(MD5TEST); $(BUILD_CMD)
-+      +@target=$(MD5TEST); $(BUILD_CMD)
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--      @target=$(HMACTEST); $(BUILD_CMD)
-+      +@target=$(HMACTEST); $(BUILD_CMD)
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--      @target=$(WPTEST); $(BUILD_CMD)
-+      +@target=$(WPTEST); $(BUILD_CMD)
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--      @target=$(RC2TEST); $(BUILD_CMD)
-+      +@target=$(RC2TEST); $(BUILD_CMD)
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--      @target=$(BFTEST); $(BUILD_CMD)
-+      +@target=$(BFTEST); $(BUILD_CMD)
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--      @target=$(CASTTEST); $(BUILD_CMD)
-+      +@target=$(CASTTEST); $(BUILD_CMD)
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--      @target=$(RC4TEST); $(BUILD_CMD)
-+      +@target=$(RC4TEST); $(BUILD_CMD)
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--      @target=$(RC5TEST); $(BUILD_CMD)
-+      +@target=$(RC5TEST); $(BUILD_CMD)
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--      @target=$(DESTEST); $(BUILD_CMD)
-+      +@target=$(DESTEST); $(BUILD_CMD)
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--      @target=$(RANDTEST); $(BUILD_CMD)
-+      +@target=$(RANDTEST); $(BUILD_CMD)
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--      @target=$(DHTEST); $(BUILD_CMD)
-+      +@target=$(DHTEST); $(BUILD_CMD)
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--      @target=$(DSATEST); $(BUILD_CMD)
-+      +@target=$(DSATEST); $(BUILD_CMD)
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--      @target=$(METHTEST); $(BUILD_CMD)
-+      +@target=$(METHTEST); $(BUILD_CMD)
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--      @target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+      +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--      @target=$(ENGINETEST); $(BUILD_CMD)
-+      +@target=$(ENGINETEST); $(BUILD_CMD)
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--      @target=$(EVPTEST); $(BUILD_CMD)
-+      +@target=$(EVPTEST); $(BUILD_CMD)
- $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
--      @target=$(EVPEXTRATEST); $(BUILD_CMD)
-+      +@target=$(EVPEXTRATEST); $(BUILD_CMD)
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--      @target=$(ECDSATEST); $(BUILD_CMD)
-+      +@target=$(ECDSATEST); $(BUILD_CMD)
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--      @target=$(ECDHTEST); $(BUILD_CMD)
-+      +@target=$(ECDHTEST); $(BUILD_CMD)
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--      @target=$(IGETEST); $(BUILD_CMD)
-+      +@target=$(IGETEST); $(BUILD_CMD)
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--      @target=$(JPAKETEST); $(BUILD_CMD)
-+      +@target=$(JPAKETEST); $(BUILD_CMD)
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--      @target=$(ASN1TEST); $(BUILD_CMD)
-+      +@target=$(ASN1TEST); $(BUILD_CMD)
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
--      @target=$(SRPTEST); $(BUILD_CMD)
-+      +@target=$(SRPTEST); $(BUILD_CMD)
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
--      @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-+      +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
- $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
--      @target=$(CONSTTIMETEST) $(BUILD_CMD)
-+      +@target=$(CONSTTIMETEST) $(BUILD_CMD)
- #$(AESTEST).o: $(AESTEST).c
- #     $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -512,7 +512,7 @@
- #     fi
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--      @target=dummytest; $(BUILD_CMD)
-+      +@target=dummytest; $(BUILD_CMD)
- # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch b/dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch
deleted file mode 100644 (file)
index 8aa29e4..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-https://bugs.gentoo.org/472584
-http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest
-
-fix verification handling in s_client.  when loading paths, make sure
-we properly fallback to setting the default paths.
-
-Forward-ported from openssl-1.0.1e-s_client-verify.patch
-
-Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
-
---- openssl-1.0.1m/apps/s_client.c
-+++ openssl-1.0.1m/apps/s_client.c
-@@ -1177,7 +1177,7 @@ int MAIN(int argc, char **argv)
-     if (!set_cert_key_stuff(ctx, cert, key))
-         goto end;
--    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
-+    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) &&
-         (!SSL_CTX_set_default_verify_paths(ctx))) {
-         /*
-          * BIO_printf(bio_err,"error setting default verify locations\n");
diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch
deleted file mode 100644 (file)
index 6d396b4..0000000
+++ /dev/null
@@ -1,49 +0,0 @@
-https://bugs.gentoo.org/541502
-
-From 1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Mon, 9 Feb 2015 11:38:41 +0000
-Subject: [PATCH] Fix a failure to NULL a pointer freed on error.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
-
-CVE-2015-0209
-
-Reviewed-by: Emilia Käsper <emilia@openssl.org>
----
- crypto/ec/ec_asn1.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
-index 30b7df4..d3e8316 100644
---- a/crypto/ec/ec_asn1.c
-+++ b/crypto/ec/ec_asn1.c
-@@ -1014,8 +1014,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
-             ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
-             goto err;
-         }
--        if (a)
--            *a = ret;
-     } else
-         ret = *a;
-@@ -1067,10 +1065,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
-         }
-     }
-+    if (a)
-+        *a = ret;
-     ok = 1;
-  err:
-     if (!ok) {
--        if (ret)
-+        if (ret && (a == NULL || *a != ret))
-             EC_KEY_free(ret);
-         ret = NULL;
-     }
--- 
-2.3.1
-
diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch
deleted file mode 100644 (file)
index a6a10b0..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-https://bugs.gentoo.org/542038
-
-From 28a00bcd8e318da18031b2ac8778c64147cd54f9 Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Wed, 18 Feb 2015 00:34:59 +0000
-Subject: [PATCH] Check public key is not NULL.
-
-CVE-2015-0288
-PR#3708
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
----
- crypto/x509/x509_req.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
-index bc6e566..01795f4 100644
---- a/crypto/x509/x509_req.c
-+++ b/crypto/x509/x509_req.c
-@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
-         goto err;
-     pktmp = X509_get_pubkey(x);
-+    if (pktmp == NULL)
-+        goto err;
-     i = X509_REQ_set_pubkey(ret, pktmp);
-     EVP_PKEY_free(pktmp);
-     if (!i)
--- 
-2.3.1
-
diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch
deleted file mode 100644 (file)
index 852d06e..0000000
+++ /dev/null
@@ -1,459 +0,0 @@
---- openssl-1.0.2/crypto/asn1/a_type.c
-+++ openssl-1.0.2/crypto/asn1/a_type.c
-@@ -119,6 +119,9 @@
-     case V_ASN1_OBJECT:
-         result = OBJ_cmp(a->value.object, b->value.object);
-         break;
-+    case V_ASN1_BOOLEAN:
-+        result = a->value.boolean - b->value.boolean;
-+        break;
-     case V_ASN1_NULL:
-         result = 0;             /* They do not have content. */
-         break;
---- openssl-1.0.2/crypto/asn1/tasn_dec.c
-+++ openssl-1.0.2/crypto/asn1/tasn_dec.c
-@@ -140,11 +140,17 @@
- {
-     ASN1_TLC c;
-     ASN1_VALUE *ptmpval = NULL;
--    if (!pval)
--        pval = &ptmpval;
-     asn1_tlc_clear_nc(&c);
--    if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
--        return *pval;
-+    if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
-+        ptmpval = *pval;
-+    if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
-+        if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
-+            if (*pval)
-+                ASN1_item_free(*pval, it);
-+            *pval = ptmpval;
-+        }
-+        return ptmpval;
-+    }
-     return NULL;
- }
-@@ -304,9 +310,16 @@
-     case ASN1_ITYPE_CHOICE:
-         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
-             goto auxerr;
--
--        /* Allocate structure */
--        if (!*pval && !ASN1_item_ex_new(pval, it)) {
-+        if (*pval) {
-+            /* Free up and zero CHOICE value if initialised */
-+            i = asn1_get_choice_selector(pval, it);
-+            if ((i >= 0) && (i < it->tcount)) {
-+                tt = it->templates + i;
-+                pchptr = asn1_get_field_ptr(pval, tt);
-+                ASN1_template_free(pchptr, tt);
-+                asn1_set_choice_selector(pval, -1, it);
-+            }
-+        } else if (!ASN1_item_ex_new(pval, it)) {
-             ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-             goto err;
-         }
-@@ -386,6 +399,17 @@
-         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
-             goto auxerr;
-+        /* Free up and zero any ADB found */
-+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-+            if (tt->flags & ASN1_TFLG_ADB_MASK) {
-+                const ASN1_TEMPLATE *seqtt;
-+                ASN1_VALUE **pseqval;
-+                seqtt = asn1_do_adb(pval, tt, 1);
-+                pseqval = asn1_get_field_ptr(pval, seqtt);
-+                ASN1_template_free(pseqval, seqtt);
-+            }
-+        }
-+
-         /* Get each field entry */
-         for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-             const ASN1_TEMPLATE *seqtt;
---- openssl-1.0.2/crypto/pkcs7/pk7_doit.c
-+++ openssl-1.0.2/crypto/pkcs7/pk7_doit.c
-@@ -261,6 +261,25 @@
-     PKCS7_RECIP_INFO *ri = NULL;
-     ASN1_OCTET_STRING *os = NULL;
-+    if (p7 == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
-+        return NULL;
-+    }
-+    /*
-+     * The content field in the PKCS7 ContentInfo is optional, but that really
-+     * only applies to inner content (precisely, detached signatures).
-+     *
-+     * When reading content, missing outer content is therefore treated as an
-+     * error.
-+     *
-+     * When creating content, PKCS7_content_new() must be called before
-+     * calling this method, so a NULL p7->d is always an error.
-+     */
-+    if (p7->d.ptr == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
-+        return NULL;
-+    }
-+
-     i = OBJ_obj2nid(p7->type);
-     p7->state = PKCS7_S_HEADER;
-@@ -411,6 +430,16 @@
-     unsigned char *ek = NULL, *tkey = NULL;
-     int eklen = 0, tkeylen = 0;
-+    if (p7 == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
-+        return NULL;
-+    }
-+
-+    if (p7->d.ptr == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
-+        return NULL;
-+    }
-+
-     i = OBJ_obj2nid(p7->type);
-     p7->state = PKCS7_S_HEADER;
-@@ -707,6 +736,16 @@
-     STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
-     ASN1_OCTET_STRING *os = NULL;
-+    if (p7 == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
-+        return 0;
-+    }
-+
-+    if (p7->d.ptr == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
-+        return 0;
-+    }
-+
-     EVP_MD_CTX_init(&ctx_tmp);
-     i = OBJ_obj2nid(p7->type);
-     p7->state = PKCS7_S_HEADER;
-@@ -746,6 +785,7 @@
-         /* If detached data then the content is excluded */
-         if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
-             M_ASN1_OCTET_STRING_free(os);
-+            os = NULL;
-             p7->d.sign->contents->d.data = NULL;
-         }
-         break;
-@@ -755,6 +795,7 @@
-         /* If detached data then the content is excluded */
-         if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
-             M_ASN1_OCTET_STRING_free(os);
-+            os = NULL;
-             p7->d.digest->contents->d.data = NULL;
-         }
-         break;
-@@ -820,22 +861,30 @@
-         M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
-     }
--    if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) {
--        char *cont;
--        long contlen;
--        btmp = BIO_find_type(bio, BIO_TYPE_MEM);
--        if (btmp == NULL) {
--            PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
--            goto err;
--        }
--        contlen = BIO_get_mem_data(btmp, &cont);
-+    if (!PKCS7_is_detached(p7)) {
-         /*
--         * Mark the BIO read only then we can use its copy of the data
--         * instead of making an extra copy.
-+         * NOTE(emilia): I think we only reach os == NULL here because detached
-+         * digested data support is broken.
-          */
--        BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
--        BIO_set_mem_eof_return(btmp, 0);
--        ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
-+        if (os == NULL)
-+            goto err;
-+        if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
-+            char *cont;
-+            long contlen;
-+            btmp = BIO_find_type(bio, BIO_TYPE_MEM);
-+            if (btmp == NULL) {
-+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
-+                goto err;
-+            }
-+            contlen = BIO_get_mem_data(btmp, &cont);
-+            /*
-+             * Mark the BIO read only then we can use its copy of the data
-+             * instead of making an extra copy.
-+             */
-+            BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
-+            BIO_set_mem_eof_return(btmp, 0);
-+            ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
-+        }
-     }
-     ret = 1;
-  err:
-@@ -910,6 +959,16 @@
-     STACK_OF(X509) *cert;
-     X509 *x509;
-+    if (p7 == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
-+        return 0;
-+    }
-+
-+    if (p7->d.ptr == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
-+        return 0;
-+    }
-+
-     if (PKCS7_type_is_signed(p7)) {
-         cert = p7->d.sign->cert;
-     } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
---- openssl-1.0.2/crypto/pkcs7/pk7_lib.c
-+++ openssl-1.0.2/crypto/pkcs7/pk7_lib.c
-@@ -70,6 +70,7 @@
-     nid = OBJ_obj2nid(p7->type);
-     switch (cmd) {
-+    /* NOTE(emilia): does not support detached digested data. */
-     case PKCS7_OP_SET_DETACHED_SIGNATURE:
-         if (nid == NID_pkcs7_signed) {
-             ret = p7->detached = (int)larg;
-@@ -444,6 +445,8 @@
- STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
- {
-+    if (p7 == NULL || p7->d.ptr == NULL)
-+        return NULL;
-     if (PKCS7_type_is_signed(p7)) {
-         return (p7->d.sign->signer_info);
-     } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
---- openssl-1.0.2/crypto/rsa/rsa_ameth.c
-+++ openssl-1.0.2/crypto/rsa/rsa_ameth.c
-@@ -698,9 +698,10 @@
-         RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
-         return -1;
-     }
--    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey))
-+    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
-         /* Carry on */
-         return 2;
-+    }
-     return -1;
- }
---- openssl-1.0.2/doc/crypto/d2i_X509.pod
-+++ openssl-1.0.2/doc/crypto/d2i_X509.pod
-@@ -207,6 +207,12 @@
- persist if they are not present in the new one. As a result the use
- of this "reuse" behaviour is strongly discouraged.
-+Current versions of OpenSSL will not modify B<*px> if an error occurs.
-+If parsing succeeds then B<*px> is freed (if it is not NULL) and then
-+set to the value of the newly decoded structure. As a result B<*px>
-+B<must not> be allocated on the stack or an attempt will be made to
-+free an invalid pointer.
-+
- i2d_X509() will not return an error in many versions of OpenSSL,
- if mandatory fields are not initialized due to a programming error
- then the encoded structure may contain invalid data or omit the
-@@ -233,7 +239,9 @@
- d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
- or B<NULL> if an error occurs. The error code that can be obtained by
--L<ERR_get_error(3)|ERR_get_error(3)>. 
-+L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
-+with a valid X509 structure being passed in via B<px> then the object is not
-+modified in the event of error.
- i2d_X509() returns the number of bytes successfully encoded or a negative
- value if an error occurs. The error code can be obtained by
---- openssl-1.0.2/ssl/d1_lib.c
-+++ openssl-1.0.2/ssl/d1_lib.c
-@@ -543,6 +543,9 @@
- {
-     int ret;
-+    /* Ensure there is no state left over from a previous invocation */
-+    SSL_clear(s);
-+
-     SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
-     s->d1->listen = 1;
---- openssl-1.0.2/ssl/s2_lib.c
-+++ openssl-1.0.2/ssl/s2_lib.c
-@@ -493,7 +493,7 @@
-         OPENSSL_assert(s->session->master_key_length >= 0
-                        && s->session->master_key_length
--                       < (int)sizeof(s->session->master_key));
-+                       <= (int)sizeof(s->session->master_key));
-         EVP_DigestUpdate(&ctx, s->session->master_key,
-                          s->session->master_key_length);
-         EVP_DigestUpdate(&ctx, &c, 1);
---- openssl-1.0.2/ssl/s2_srvr.c
-+++ openssl-1.0.2/ssl/s2_srvr.c
-@@ -454,11 +454,6 @@
-         SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY);
-         return (-1);
-     }
--    i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
--                                &(p[s->s2->tmp.clear]),
--                                &(p[s->s2->tmp.clear]),
--                                (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
--                                RSA_PKCS1_PADDING);
-     is_export = SSL_C_IS_EXPORT(s->session->cipher);
-@@ -475,23 +470,61 @@
-     } else
-         ek = 5;
-+    /*
-+     * The format of the CLIENT-MASTER-KEY message is
-+     * 1 byte message type
-+     * 3 bytes cipher
-+     * 2-byte clear key length (stored in s->s2->tmp.clear)
-+     * 2-byte encrypted key length (stored in s->s2->tmp.enc)
-+     * 2-byte key args length (IV etc)
-+     * clear key
-+     * encrypted key
-+     * key args
-+     *
-+     * If the cipher is an export cipher, then the encrypted key bytes
-+     * are a fixed portion of the total key (5 or 8 bytes). The size of
-+     * this portion is in |ek|. If the cipher is not an export cipher,
-+     * then the entire key material is encrypted (i.e., clear key length
-+     * must be zero).
-+     */
-+    if ((!is_export && s->s2->tmp.clear != 0) ||
-+        (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
-+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-+        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
-+        return -1;
-+    }
-+    /*
-+     * The encrypted blob must decrypt to the encrypted portion of the key.
-+     * Decryption can't be expanding, so if we don't have enough encrypted
-+     * bytes to fit the key in the buffer, stop now.
-+     */
-+    if ((is_export && s->s2->tmp.enc < ek) ||
-+        (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
-+        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-+        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
-+        return -1;
-+    }
-+
-+    i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
-+                                &(p[s->s2->tmp.clear]),
-+                                &(p[s->s2->tmp.clear]),
-+                                (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
-+                                RSA_PKCS1_PADDING);
-+
-     /* bad decrypt */
- # if 1
-     /*
-      * If a bad decrypt, continue with protocol but with a random master
-      * secret (Bleichenbacher attack)
-      */
--    if ((i < 0) || ((!is_export && (i != EVP_CIPHER_key_length(c)))
--                    || (is_export && ((i != ek)
--                                      || (s->s2->tmp.clear +
--                                          (unsigned int)i != (unsigned int)
--                                          EVP_CIPHER_key_length(c)))))) {
-+    if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
-+                    || (is_export && i != ek))) {
-         ERR_clear_error();
-         if (is_export)
-             i = ek;
-         else
-             i = EVP_CIPHER_key_length(c);
--        if (RAND_pseudo_bytes(p, i) <= 0)
-+        if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
-             return 0;
-     }
- # else
-@@ -513,7 +546,7 @@
- # endif
-     if (is_export)
--        i += s->s2->tmp.clear;
-+        i = EVP_CIPHER_key_length(c);
-     if (i > SSL_MAX_MASTER_KEY_LENGTH) {
-         ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
---- openssl-1.0.2/ssl/s3_pkt.c
-+++ openssl-1.0.2/ssl/s3_pkt.c
-@@ -780,7 +780,7 @@
-             i = ssl3_write_pending(s, type, &buf[tot], nw);
-             if (i <= 0) {
--                if (i < 0) {
-+                if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
-                     OPENSSL_free(wb->buf);
-                     wb->buf = NULL;
-                 }
---- openssl-1.0.2/ssl/s3_srvr.c
-+++ openssl-1.0.2/ssl/s3_srvr.c
-@@ -2251,10 +2251,17 @@
-     if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
-         int idx = -1;
-         EVP_PKEY *skey = NULL;
--        if (n)
-+        if (n) {
-             n2s(p, i);
--        else
-+        } else {
-+            if (alg_k & SSL_kDHE) {
-+                al = SSL_AD_HANDSHAKE_FAILURE;
-+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-+                       SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-+                goto f_err;
-+            }
-             i = 0;
-+        }
-         if (n && n != i + 2) {
-             if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
-                 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
---- openssl-1.0.2/ssl/t1_lib.c
-+++ openssl-1.0.2/ssl/t1_lib.c
-@@ -2965,6 +2965,7 @@
-     if (s->cert->shared_sigalgs) {
-         OPENSSL_free(s->cert->shared_sigalgs);
-         s->cert->shared_sigalgs = NULL;
-+        s->cert->shared_sigalgslen = 0;
-     }
-     /* Clear certificate digests and validity flags */
-     for (i = 0; i < SSL_PKEY_NUM; i++) {
-@@ -3618,6 +3619,7 @@
-     if (c->shared_sigalgs) {
-         OPENSSL_free(c->shared_sigalgs);
-         c->shared_sigalgs = NULL;
-+        c->shared_sigalgslen = 0;
-     }
-     /* If client use client signature algorithms if not NULL */
-     if (!s->server && c->client_sigalgs && !is_suiteb) {
-@@ -3640,12 +3642,14 @@
-         preflen = c->peer_sigalgslen;
-     }
-     nmatch = tls12_do_shared_sigalgs(NULL, pref, preflen, allow, allowlen);
--    if (!nmatch)
--        return 1;
--    salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
--    if (!salgs)
--        return 0;
--    nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
-+    if (nmatch) {
-+        salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
-+        if (!salgs)
-+            return 0;
-+        nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
-+    } else {
-+        salgs = NULL;
-+    }
-     c->shared_sigalgs = salgs;
-     c->shared_sigalgslen = nmatch;
-     return 1;
diff --git a/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch
deleted file mode 100644 (file)
index 31d3f1d..0000000
+++ /dev/null
@@ -1,354 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2084&user=guest&pass=guest
-
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -247,17 +247,17 @@
- build_libs: build_crypto build_ssl build_engines
- build_crypto:
--      @dir=crypto; target=all; $(BUILD_ONE_CMD)
-+      +@dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
-+build_ssl: build_crypto
--      @dir=ssl; target=all; $(BUILD_ONE_CMD)
-+      +@dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-+build_engines: build_crypto
--      @dir=engines; target=all; $(BUILD_ONE_CMD)
-+      +@dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-+build_apps: build_libs
--      @dir=apps; target=all; $(BUILD_ONE_CMD)
-+      +@dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-+build_tests: build_libs
--      @dir=test; target=all; $(BUILD_ONE_CMD)
-+      +@dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
-+build_tools: build_libs
--      @dir=tools; target=all; $(BUILD_ONE_CMD)
-+      +@dir=tools; target=all; $(BUILD_ONE_CMD)
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -497,9 +497,9 @@
- dist_pem_h:
-       (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
--install: all install_docs install_sw
-+install: install_docs install_sw
--install_sw:
-+install_dirs:
-       @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
-               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -508,6 +508,13 @@
-               $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-               $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-               $(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+      @$(PERL) $(TOP)/util/mkdir-p.pl \
-+              $(INSTALL_PREFIX)$(MANDIR)/man1 \
-+              $(INSTALL_PREFIX)$(MANDIR)/man3 \
-+              $(INSTALL_PREFIX)$(MANDIR)/man5 \
-+              $(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
-       @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
-       do \
-       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-@@ -511,7 +511,7 @@
-       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done;
--      @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+      +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-       @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
-       do \
-               if [ -f "$$i" ]; then \
-@@ -593,12 +600,7 @@
-               done; \
-       done
--install_docs:
--      @$(PERL) $(TOP)/util/mkdir-p.pl \
--              $(INSTALL_PREFIX)$(MANDIR)/man1 \
--              $(INSTALL_PREFIX)$(MANDIR)/man3 \
--              $(INSTALL_PREFIX)$(MANDIR)/man5 \
--              $(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
-       @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
-       here="`pwd`"; \
-       filecase=; \
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -105,6 +105,7 @@ LINK_SO=   \
-     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
-       -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +124,7 @@ SYMLINK_SO=        \
-                       done; \
-               fi; \
-               if [ -n "$$SHLIB_SOVER" ]; then \
-+                      [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
-                       ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
-                         ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
-               fi; \
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -85,11 +85,11 @@
-       @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- subdirs:
--      @target=all; $(RECURSIVE_MAKE)
-+      +@target=all; $(RECURSIVE_MAKE)
- files:
-       $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
--      @target=files; $(RECURSIVE_MAKE)
-+      +@target=files; $(RECURSIVE_MAKE)
- links:
-       @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:  $(LIB)
-       @touch lib
--$(LIB):       $(LIBOBJ)
-+$(LIB):       $(LIBOBJ) | subdirs
-       $(AR) $(LIB) $(LIBOBJ)
-       $(RANLIB) $(LIB) || echo Never mind.
-@@ -110,7 +110,7 @@
-       fi
- libs:
--      @target=lib; $(RECURSIVE_MAKE)
-+      +@target=lib; $(RECURSIVE_MAKE)
- install:
-       @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -119,7 +119,7 @@
-       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done;
--      @target=install; $(RECURSIVE_MAKE)
-+      +@target=install; $(RECURSIVE_MAKE)
- lint:
-       @target=lint; $(RECURSIVE_MAKE)
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -72,7 +72,7 @@
- all:  lib subdirs
--lib:  $(LIBOBJ)
-+lib:  $(LIBOBJ) | subdirs
-       @if [ -n "$(SHARED_LIBS)" ]; then \
-               set -e; \
-               for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
- subdirs:
-       echo $(EDIRS)
--      @target=all; $(RECURSIVE_MAKE)
-+      +@target=all; $(RECURSIVE_MAKE)
- files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
-                         mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
-               done; \
-       fi
--      @target=install; $(RECURSIVE_MAKE)
-+      +@target=install; $(RECURSIVE_MAKE)
- tags:
-       ctags $(SRC)
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -123,7 +123,7 @@
- tags:
-       ctags $(SRC)
--tests:        exe apps $(TESTS)
-+tests:        exe $(TESTS)
- apps:
-       @(cd ..; $(MAKE) DIRS=apps all)
-@@ -365,109 +365,109 @@
-               link_app.$${shlib_target}
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--      @target=$(RSATEST); $(BUILD_CMD)
-+      +@target=$(RSATEST); $(BUILD_CMD)
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--      @target=$(BNTEST); $(BUILD_CMD)
-+      +@target=$(BNTEST); $(BUILD_CMD)
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--      @target=$(ECTEST); $(BUILD_CMD)
-+      +@target=$(ECTEST); $(BUILD_CMD)
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--      @target=$(EXPTEST); $(BUILD_CMD)
-+      +@target=$(EXPTEST); $(BUILD_CMD)
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--      @target=$(IDEATEST); $(BUILD_CMD)
-+      +@target=$(IDEATEST); $(BUILD_CMD)
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--      @target=$(MD2TEST); $(BUILD_CMD)
-+      +@target=$(MD2TEST); $(BUILD_CMD)
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--      @target=$(SHATEST); $(BUILD_CMD)
-+      +@target=$(SHATEST); $(BUILD_CMD)
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--      @target=$(SHA1TEST); $(BUILD_CMD)
-+      +@target=$(SHA1TEST); $(BUILD_CMD)
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--      @target=$(SHA256TEST); $(BUILD_CMD)
-+      +@target=$(SHA256TEST); $(BUILD_CMD)
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--      @target=$(SHA512TEST); $(BUILD_CMD)
-+      +@target=$(SHA512TEST); $(BUILD_CMD)
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--      @target=$(RMDTEST); $(BUILD_CMD)
-+      +@target=$(RMDTEST); $(BUILD_CMD)
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--      @target=$(MDC2TEST); $(BUILD_CMD)
-+      +@target=$(MDC2TEST); $(BUILD_CMD)
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--      @target=$(MD4TEST); $(BUILD_CMD)
-+      +@target=$(MD4TEST); $(BUILD_CMD)
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--      @target=$(MD5TEST); $(BUILD_CMD)
-+      +@target=$(MD5TEST); $(BUILD_CMD)
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--      @target=$(HMACTEST); $(BUILD_CMD)
-+      +@target=$(HMACTEST); $(BUILD_CMD)
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--      @target=$(WPTEST); $(BUILD_CMD)
-+      +@target=$(WPTEST); $(BUILD_CMD)
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--      @target=$(RC2TEST); $(BUILD_CMD)
-+      +@target=$(RC2TEST); $(BUILD_CMD)
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--      @target=$(BFTEST); $(BUILD_CMD)
-+      +@target=$(BFTEST); $(BUILD_CMD)
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--      @target=$(CASTTEST); $(BUILD_CMD)
-+      +@target=$(CASTTEST); $(BUILD_CMD)
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--      @target=$(RC4TEST); $(BUILD_CMD)
-+      +@target=$(RC4TEST); $(BUILD_CMD)
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--      @target=$(RC5TEST); $(BUILD_CMD)
-+      +@target=$(RC5TEST); $(BUILD_CMD)
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--      @target=$(DESTEST); $(BUILD_CMD)
-+      +@target=$(DESTEST); $(BUILD_CMD)
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--      @target=$(RANDTEST); $(BUILD_CMD)
-+      +@target=$(RANDTEST); $(BUILD_CMD)
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--      @target=$(DHTEST); $(BUILD_CMD)
-+      +@target=$(DHTEST); $(BUILD_CMD)
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--      @target=$(DSATEST); $(BUILD_CMD)
-+      +@target=$(DSATEST); $(BUILD_CMD)
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--      @target=$(METHTEST); $(BUILD_CMD)
-+      +@target=$(METHTEST); $(BUILD_CMD)
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--      @target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+      +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--      @target=$(ENGINETEST); $(BUILD_CMD)
-+      +@target=$(ENGINETEST); $(BUILD_CMD)
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--      @target=$(EVPTEST); $(BUILD_CMD)
-+      +@target=$(EVPTEST); $(BUILD_CMD)
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--      @target=$(ECDSATEST); $(BUILD_CMD)
-+      +@target=$(ECDSATEST); $(BUILD_CMD)
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--      @target=$(ECDHTEST); $(BUILD_CMD)
-+      +@target=$(ECDHTEST); $(BUILD_CMD)
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--      @target=$(IGETEST); $(BUILD_CMD)
-+      +@target=$(IGETEST); $(BUILD_CMD)
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--      @target=$(JPAKETEST); $(BUILD_CMD)
-+      +@target=$(JPAKETEST); $(BUILD_CMD)
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--      @target=$(ASN1TEST); $(BUILD_CMD)
-+      +@target=$(ASN1TEST); $(BUILD_CMD)
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
--      @target=$(SRPTEST); $(BUILD_CMD)
-+      +@target=$(SRPTEST); $(BUILD_CMD)
- #$(AESTEST).o: $(AESTEST).c
- #     $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -480,7 +480,7 @@
- #     fi
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--      @target=dummytest; $(BUILD_CMD)
-+      +@target=dummytest; $(BUILD_CMD)
- # DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/objects/Makefile
-+++ b/crypto/objects/Makefile
-@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h
- # objects.pl both reads and writes obj_mac.num
- obj_mac.h: objects.pl objects.txt obj_mac.num
-       $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
--      @sleep 1; touch obj_mac.h; sleep 1
--obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
-+# This doesn't really need obj_mac.h, but since that rule reads & writes
-+# obj_mac.num, we can't run in parallel with it.
-+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
-       $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
--      @sleep 1; touch obj_xref.h; sleep 1
- files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
diff --git a/dev-libs/openssl/openssl-0.9.8z_p5-r1.ebuild b/dev-libs/openssl/openssl-0.9.8z_p5-r1.ebuild
deleted file mode 100644 (file)
index 12eb16d..0000000
+++ /dev/null
@@ -1,161 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-PLEVEL=$(echo "${PV##*_p}" | tr '[1-9]' '[a-i]')
-MY_PV=${PV/_p*/${PLEVEL}}
-MY_P=${PN}-${MY_PV}
-S="${WORKDIR}/${MY_P}"
-DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0.9.8"
-KEYWORDS="alpha amd64 arm ~hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
-       zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
-       kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-       abi_x86_32? (
-               !<=app-emulation/emul-linux-x86-baselibs-20140508-r4
-               !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-       )
-       !=dev-libs/openssl-0.9.8*:0"
-DEPEND="${RDEPEND}
-       sys-apps/diffutils
-       >=dev-lang/perl-5
-       test? ( sys-devel/bc )"
-
-# Do not install any docs
-DOCS=()
-
-src_prepare() {
-       epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
-       epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
-       epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130
-       epatch "${FILESDIR}"/${PN}-0.9.8ze-CVE-2015-0286.patch #543552
-
-       # disable fips in the build
-       # make sure the man pages are suffixed #302165
-       # don't bother building man pages if they're disabled
-       sed -i \
-               -e '/DIRS/s: fips : :g' \
-               -e '/^MANSUFFIX/s:=.*:=ssl:' \
-               -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-               -e $(has noman FEATURES \
-                       && echo '/^install:/s:install_docs::' \
-                       || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
-               Makefile{,.org} \
-               || die
-       # show the actual commands in the log
-       sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-       # update the enginedir path.
-       # punt broken config we don't care about as it fails sanity check.
-       sed -i \
-               -e '/^"debug-ben-debug-64"/d' \
-               -e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \
-               Configure || die
-
-       # since we're forcing $(CC) as makedep anyway, just fix
-       # the conditional as always-on
-       # helps clang (#417795), and versioned gcc (#499818)
-       sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-       # quiet out unknown driver argument warnings since openssl
-       # doesn't have well-split CFLAGS and we're making it even worse
-       # and 'make depend' uses -Werror for added fun (#417795 again)
-       [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-       # allow openssl to be cross-compiled
-       cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
-       chmod a+rx gentoo.config
-
-       append-flags -fno-strict-aliasing
-       append-flags -Wa,--noexecstack
-
-       sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
-       sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken
-       ./config --test-sanity || die "I AM NOT SANE"
-
-       multilib_copy_sources
-}
-
-multilib_src_configure() {
-       unset APPS #197996
-       unset SCRIPTS #312551
-
-       tc-export CC AR RANLIB
-
-       # Clean out patent-or-otherwise-encumbered code
-       # Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-       # IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-       # EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-       # MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-       # RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
-
-       use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
-       echoit() { echo "$@" ; "$@" ; }
-
-       local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-       local sslout=$(./gentoo.config)
-       einfo "Use configuration ${sslout:-(openssl knows best)}"
-       local config="Configure"
-       [[ -z ${sslout} ]] && config="config"
-
-       echoit \
-       ./${config} \
-               ${sslout} \
-               $(use cpu_flags_x86_sse2 || echo "no-sse2") \
-               enable-camellia \
-               $(use_ssl !bindist ec) \
-               enable-idea \
-               enable-mdc2 \
-               $(use_ssl !bindist rc5) \
-               enable-tlsext \
-               $(use_ssl gmp gmp -lgmp) \
-               $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-               $(use_ssl zlib) \
-               --prefix=/usr \
-               --openssldir=/etc/ssl \
-               shared threads \
-               || die "Configure failed"
-
-       # Clean out hardcoded flags that openssl uses
-       local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-               -e 's:^CFLAG=::' \
-               -e 's:-fomit-frame-pointer ::g' \
-               -e 's:-O[0-9] ::g' \
-               -e 's:-march=[-a-z0-9]* ::g' \
-               -e 's:-mcpu=[-a-z0-9]* ::g' \
-               -e 's:-m[a-z0-9]* ::g' \
-       )
-       sed -i \
-               -e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \
-               -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-               -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-               Makefile || die
-}
-
-multilib_src_compile() {
-       # depend is needed to use $confopts
-       emake -j1 depend
-       emake -j1 build_libs
-}
-
-multilib_src_test() {
-       emake -j1 test
-}
-
-multilib_src_install() {
-       dolib.so lib{crypto,ssl}.so.0.9.8
-}
diff --git a/dev-libs/openssl/openssl-0.9.8z_p6.ebuild b/dev-libs/openssl/openssl-0.9.8z_p6.ebuild
deleted file mode 100644 (file)
index b2d9ea9..0000000
+++ /dev/null
@@ -1,160 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-PLEVEL=$(echo "${PV##*_p}" | tr '[1-9]' '[a-i]')
-MY_PV=${PV/_p*/${PLEVEL}}
-MY_P=${PN}-${MY_PV}
-S="${WORKDIR}/${MY_P}"
-DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0.9.8"
-KEYWORDS="alpha amd64 arm ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh ~sparc x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
-       zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
-       kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-       abi_x86_32? (
-               !<=app-emulation/emul-linux-x86-baselibs-20140508-r4
-               !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-       )
-       !=dev-libs/openssl-0.9.8*:0"
-DEPEND="${RDEPEND}
-       sys-apps/diffutils
-       >=dev-lang/perl-5
-       test? ( sys-devel/bc )"
-
-# Do not install any docs
-DOCS=()
-
-src_prepare() {
-       epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
-       epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
-       epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130
-
-       # disable fips in the build
-       # make sure the man pages are suffixed #302165
-       # don't bother building man pages if they're disabled
-       sed -i \
-               -e '/DIRS/s: fips : :g' \
-               -e '/^MANSUFFIX/s:=.*:=ssl:' \
-               -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-               -e $(has noman FEATURES \
-                       && echo '/^install:/s:install_docs::' \
-                       || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
-               Makefile{,.org} \
-               || die
-       # show the actual commands in the log
-       sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-       # update the enginedir path.
-       # punt broken config we don't care about as it fails sanity check.
-       sed -i \
-               -e '/^"debug-ben-debug-64"/d' \
-               -e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \
-               Configure || die
-
-       # since we're forcing $(CC) as makedep anyway, just fix
-       # the conditional as always-on
-       # helps clang (#417795), and versioned gcc (#499818)
-       sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-       # quiet out unknown driver argument warnings since openssl
-       # doesn't have well-split CFLAGS and we're making it even worse
-       # and 'make depend' uses -Werror for added fun (#417795 again)
-       [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-       # allow openssl to be cross-compiled
-       cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
-       chmod a+rx gentoo.config
-
-       append-flags -fno-strict-aliasing
-       append-flags -Wa,--noexecstack
-
-       sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
-       sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken
-       ./config --test-sanity || die "I AM NOT SANE"
-
-       multilib_copy_sources
-}
-
-multilib_src_configure() {
-       unset APPS #197996
-       unset SCRIPTS #312551
-
-       tc-export CC AR RANLIB
-
-       # Clean out patent-or-otherwise-encumbered code
-       # Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-       # IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-       # EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-       # MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-       # RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
-
-       use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
-       echoit() { echo "$@" ; "$@" ; }
-
-       local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-       local sslout=$(./gentoo.config)
-       einfo "Use configuration ${sslout:-(openssl knows best)}"
-       local config="Configure"
-       [[ -z ${sslout} ]] && config="config"
-
-       echoit \
-       ./${config} \
-               ${sslout} \
-               $(use cpu_flags_x86_sse2 || echo "no-sse2") \
-               enable-camellia \
-               $(use_ssl !bindist ec) \
-               enable-idea \
-               enable-mdc2 \
-               $(use_ssl !bindist rc5) \
-               enable-tlsext \
-               $(use_ssl gmp gmp -lgmp) \
-               $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-               $(use_ssl zlib) \
-               --prefix=/usr \
-               --openssldir=/etc/ssl \
-               shared threads \
-               || die "Configure failed"
-
-       # Clean out hardcoded flags that openssl uses
-       local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-               -e 's:^CFLAG=::' \
-               -e 's:-fomit-frame-pointer ::g' \
-               -e 's:-O[0-9] ::g' \
-               -e 's:-march=[-a-z0-9]* ::g' \
-               -e 's:-mcpu=[-a-z0-9]* ::g' \
-               -e 's:-m[a-z0-9]* ::g' \
-       )
-       sed -i \
-               -e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \
-               -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-               -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-               Makefile || die
-}
-
-multilib_src_compile() {
-       # depend is needed to use $confopts
-       emake -j1 depend
-       emake -j1 build_libs
-}
-
-multilib_src_test() {
-       emake -j1 test
-}
-
-multilib_src_install() {
-       dolib.so lib{crypto,ssl}.so.0.9.8
-}
diff --git a/dev-libs/openssl/openssl-1.0.0r.ebuild b/dev-libs/openssl/openssl-1.0.0r.ebuild
deleted file mode 100644 (file)
index e719253..0000000
+++ /dev/null
@@ -1,214 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-inherit eutils flag-o-matic toolchain-funcs multilib
-
-REV="1.7"
-DESCRIPTION="full-strength general purpose cryptography library (including SSL v2/v3 and TLS v1)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${P}.tar.gz
-       http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test zlib"
-RESTRICT="!bindist? ( bindist )"
-
-# Have the sub-libs in RDEPEND with [static-libs] since, logically,
-# our libssl.a depends on libz.a/etc... at runtime.
-LIB_DEPEND="gmp? ( dev-libs/gmp[static-libs(+)] )
-       zlib? ( sys-libs/zlib[static-libs(+)] )
-       kerberos? ( app-crypt/mit-krb5 )"
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
-       !static-libs? ( ${LIB_DEPEND//\[static-libs(+)]} )"
-DEPEND="${RDEPEND}
-       sys-apps/diffutils
-       >=dev-lang/perl-5
-       test? ( sys-devel/bc )"
-PDEPEND="app-misc/ca-certificates"
-
-src_unpack() {
-       unpack ${P}.tar.gz
-       SSL_CNF_DIR="/etc/ssl"
-       sed \
-               -e "/^DIR=/s:=.*:=${SSL_CNF_DIR}:" \
-               "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
-               > "${WORKDIR}"/c_rehash || die #416717
-}
-
-src_prepare() {
-       # Make sure we only ever touch Makefile.org and avoid patching a file
-       # that gets blown away anyways by the Configure script in src_configure
-       rm -f Makefile
-
-       epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-       #epatch "${FILESDIR}"/${PN}-1.0.0d-fbsd-amd64.patch #363089
-       epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
-       epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
-       epatch "${FILESDIR}"/${PN}-1.0.0e-parallel-build.patch
-       epatch "${FILESDIR}"/${PN}-1.0.0r-x32.patch
-       epatch_user #332661
-
-       # disable fips in the build
-       # make sure the man pages are suffixed #302165
-       # don't bother building man pages if they're disabled
-       sed -i \
-               -e '/DIRS/s: fips : :g' \
-               -e '/^MANSUFFIX/s:=.*:=ssl:' \
-               -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-               -e $(has noman FEATURES \
-                       && echo '/^install:/s:install_docs::' \
-                       || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
-               Makefile.org \
-               || die
-       # show the actual commands in the log
-       sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-       # allow openssl to be cross-compiled
-       cp "${FILESDIR}"/gentoo.config-1.0.0 gentoo.config || die
-       chmod a+rx gentoo.config
-
-       append-flags -fno-strict-aliasing
-       append-flags $(test-flags-CC -Wa,--noexecstack)
-
-       sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
-       ./config --test-sanity || die "I AM NOT SANE"
-}
-
-src_configure() {
-       unset APPS #197996
-       unset SCRIPTS #312551
-       unset CROSS_COMPILE #311473
-
-       tc-export CC AR RANLIB RC
-
-       # Clean out patent-or-otherwise-encumbered code
-       # Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-       # IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-       # EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-       # MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-       # RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
-
-       use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-       echoit() { echo "$@" ; "$@" ; }
-
-       local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-       local sslout=$(./gentoo.config)
-       einfo "Use configuration ${sslout:-(openssl knows best)}"
-       local config="Configure"
-       [[ -z ${sslout} ]] && config="config"
-       echoit \
-       ./${config} \
-               ${sslout} \
-               $(use cpu_flags_x86_sse2 || echo "no-sse2") \
-               enable-camellia \
-               $(use_ssl !bindist ec) \
-               enable-idea \
-               enable-mdc2 \
-               $(use_ssl !bindist rc5) \
-               enable-tlsext \
-               $(use_ssl gmp gmp -lgmp) \
-               $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-               $(use_ssl rfc3779) \
-               $(use_ssl zlib) \
-               --prefix=/usr \
-               --openssldir=${SSL_CNF_DIR} \
-               --libdir=$(get_libdir) \
-               shared threads \
-               || die
-
-       # Clean out hardcoded flags that openssl uses
-       local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-               -e 's:^CFLAG=::' \
-               -e 's:-fomit-frame-pointer ::g' \
-               -e 's:-O[0-9] ::g' \
-               -e 's:-march=[-a-z0-9]* ::g' \
-               -e 's:-mcpu=[-a-z0-9]* ::g' \
-               -e 's:-m[a-z0-9]* ::g' \
-       )
-       sed -i \
-               -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-               -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-               Makefile || die
-}
-
-src_compile() {
-       # depend is needed to use $confopts; it also doesn't matter
-       # that it's -j1 as the code itself serializes subdirs
-       emake -j1 depend || die
-       emake all || die
-       # rehash is needed to prep the certs/ dir; do this
-       # separately to avoid parallel build issues.
-       emake rehash || die
-}
-
-src_test() {
-       emake -j1 test || die
-}
-
-src_install() {
-       emake INSTALL_PREFIX="${D}" install || die
-       dobin "${WORKDIR}"/c_rehash || die #333117
-       dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-       dohtml -r doc/*
-       use rfc3779 && dodoc engines/ccgost/README.gost
-
-       # This is crappy in that the static archives are still built even
-       # when USE=static-libs.  But this is due to a failing in the openssl
-       # build system: the static archives are built as PIC all the time.
-       # Only way around this would be to manually configure+compile openssl
-       # twice; once with shared lib support enabled and once without.
-       use static-libs || rm -f "${D}"/usr/lib*/lib*.a
-
-       # create the certs directory
-       dodir ${SSL_CNF_DIR}/certs
-       cp -RP certs/* "${D}"${SSL_CNF_DIR}/certs/ || die
-       rm -r "${D}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-       # Namespace openssl programs to prevent conflicts with other man pages
-       cd "${D}"/usr/share/man
-       local m d s
-       for m in $(find . -type f | xargs grep -L '#include') ; do
-               d=${m%/*} ; d=${d#./} ; m=${m##*/}
-               [[ ${m} == openssl.1* ]] && continue
-               [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-               mv ${d}/{,ssl-}${m}
-               # fix up references to renamed man pages
-               sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-               ln -s ssl-${m} ${d}/openssl-${m}
-               # locate any symlinks that point to this man page ... we assume
-               # that any broken links are due to the above renaming
-               for s in $(find -L ${d} -type l) ; do
-                       s=${s##*/}
-                       rm -f ${d}/${s}
-                       ln -s ssl-${m} ${d}/ssl-${s}
-                       ln -s ssl-${s} ${d}/openssl-${s}
-               done
-       done
-       [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-       dodir /etc/sandbox.d #254521
-       echo 'SANDBOX_PREDICT="/dev/crypto"' > "${D}"/etc/sandbox.d/10openssl
-
-       diropts -m0700
-       keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-       has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-       preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
-
-pkg_postinst() {
-       ebegin "Running 'c_rehash ${ROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-       c_rehash "${ROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-       eend $?
-
-       has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-       preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
diff --git a/dev-libs/openssl/openssl-1.0.1l-r1.ebuild b/dev-libs/openssl/openssl-1.0.1l-r1.ebuild
deleted file mode 100644 (file)
index 8f063dc..0000000
+++ /dev/null
@@ -1,260 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-REV="1.7"
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${P}.tar.gz
-       http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-# The blocks are temporary just to make sure people upgrade to a
-# version that lack runtime version checking.  We'll drop them in
-# the future.
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-       zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-       kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-       abi_x86_32? (
-               !<=app-emulation/emul-linux-x86-baselibs-20140406-r3
-               !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-       )
-       !<net-misc/openssh-5.9_p1-r4
-       !<net-libs/neon-0.29.6-r1"
-DEPEND="${RDEPEND}
-       sys-apps/diffutils
-       >=dev-lang/perl-5
-       test? ( sys-devel/bc )"
-PDEPEND="app-misc/ca-certificates"
-
-src_unpack() {
-       unpack ${P}.tar.gz
-       SSL_CNF_DIR="/etc/ssl"
-       sed \
-               -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
-               -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \
-               "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
-               > "${WORKDIR}"/c_rehash || die #416717
-}
-
-MULTILIB_WRAPPED_HEADERS=(
-       usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-       # Make sure we only ever touch Makefile.org and avoid patching a file
-       # that gets blown away anyways by the Configure script in src_configure
-       rm -f Makefile
-
-       if ! use vanilla ; then
-               epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-               epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
-               epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1h-ipv6.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584
-               epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086
-               epatch "${FILESDIR}"/${PN}-1.0.1l-CVE-2015-0286.patch #543552
-               epatch_user #332661
-       fi
-
-       # disable fips in the build
-       # make sure the man pages are suffixed #302165
-       # don't bother building man pages if they're disabled
-       sed -i \
-               -e '/DIRS/s: fips : :g' \
-               -e '/^MANSUFFIX/s:=.*:=ssl:' \
-               -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-               -e $(has noman FEATURES \
-                       && echo '/^install:/s:install_docs::' \
-                       || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-               Makefile.org \
-               || die
-       # show the actual commands in the log
-       sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-       # since we're forcing $(CC) as makedep anyway, just fix
-       # the conditional as always-on
-       # helps clang (#417795), and versioned gcc (#499818)
-       sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-       # quiet out unknown driver argument warnings since openssl
-       # doesn't have well-split CFLAGS and we're making it even worse
-       # and 'make depend' uses -Werror for added fun (#417795 again)
-       [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-       # allow openssl to be cross-compiled
-       cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
-       chmod a+rx gentoo.config
-
-       append-flags -fno-strict-aliasing
-       append-flags $(test-flags-CC -Wa,--noexecstack)
-
-       sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-       # The config script does stupid stuff to prompt the user.  Kill it.
-       sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-       ./config --test-sanity || die "I AM NOT SANE"
-
-       multilib_copy_sources
-}
-
-multilib_src_configure() {
-       unset APPS #197996
-       unset SCRIPTS #312551
-       unset CROSS_COMPILE #311473
-
-       tc-export CC AR RANLIB RC
-
-       # Clean out patent-or-otherwise-encumbered code
-       # Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-       # IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-       # EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-       # MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-       # RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
-
-       use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-       echoit() { echo "$@" ; "$@" ; }
-
-       local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-       # See if our toolchain supports __uint128_t.  If so, it's 64bit
-       # friendly and can use the nicely optimized code paths. #460790
-       local ec_nistp_64_gcc_128
-       # Disable it for now though #469976
-       #if ! use bindist ; then
-       #       echo "__uint128_t i;" > "${T}"/128.c
-       #       if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-       #               ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-       #       fi
-       #fi
-
-       local sslout=$(./gentoo.config)
-       einfo "Use configuration ${sslout:-(openssl knows best)}"
-       local config="Configure"
-       [[ -z ${sslout} ]] && config="config"
-
-       echoit \
-       ./${config} \
-               ${sslout} \
-               $(use cpu_flags_x86_sse2 || echo "no-sse2") \
-               enable-camellia \
-               $(use_ssl !bindist ec) \
-               ${ec_nistp_64_gcc_128} \
-               enable-idea \
-               enable-mdc2 \
-               $(use_ssl !bindist rc5) \
-               enable-tlsext \
-               $(use_ssl gmp gmp -lgmp) \
-               $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-               $(use_ssl rfc3779) \
-               $(use_ssl tls-heartbeat heartbeats) \
-               $(use_ssl zlib) \
-               --prefix="${EPREFIX}"/usr \
-               --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-               --libdir=$(get_libdir) \
-               shared threads \
-               || die
-
-       # Clean out hardcoded flags that openssl uses
-       local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-               -e 's:^CFLAG=::' \
-               -e 's:-fomit-frame-pointer ::g' \
-               -e 's:-O[0-9] ::g' \
-               -e 's:-march=[-a-z0-9]* ::g' \
-               -e 's:-mcpu=[-a-z0-9]* ::g' \
-               -e 's:-m[a-z0-9]* ::g' \
-       )
-       sed -i \
-               -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-               -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-               Makefile || die
-}
-
-multilib_src_compile() {
-       # depend is needed to use $confopts; it also doesn't matter
-       # that it's -j1 as the code itself serializes subdirs
-       emake -j1 depend
-       emake all
-       # rehash is needed to prep the certs/ dir; do this
-       # separately to avoid parallel build issues.
-       emake rehash
-}
-
-multilib_src_test() {
-       emake -j1 test
-}
-
-multilib_src_install() {
-       emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-       dobin "${WORKDIR}"/c_rehash #333117
-       dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-       dohtml -r doc/*
-       use rfc3779 && dodoc engines/ccgost/README.gost
-
-       # This is crappy in that the static archives are still built even
-       # when USE=static-libs.  But this is due to a failing in the openssl
-       # build system: the static archives are built as PIC all the time.
-       # Only way around this would be to manually configure+compile openssl
-       # twice; once with shared lib support enabled and once without.
-       use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-       # create the certs directory
-       dodir ${SSL_CNF_DIR}/certs
-       cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-       rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-       # Namespace openssl programs to prevent conflicts with other man pages
-       cd "${ED}"/usr/share/man
-       local m d s
-       for m in $(find . -type f | xargs grep -L '#include') ; do
-               d=${m%/*} ; d=${d#./} ; m=${m##*/}
-               [[ ${m} == openssl.1* ]] && continue
-               [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-               mv ${d}/{,ssl-}${m}
-               # fix up references to renamed man pages
-               sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-               ln -s ssl-${m} ${d}/openssl-${m}
-               # locate any symlinks that point to this man page ... we assume
-               # that any broken links are due to the above renaming
-               for s in $(find -L ${d} -type l) ; do
-                       s=${s##*/}
-                       rm -f ${d}/${s}
-                       ln -s ssl-${m} ${d}/ssl-${s}
-                       ln -s ssl-${s} ${d}/openssl-${s}
-               done
-       done
-       [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-       dodir /etc/sandbox.d #254521
-       echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-       diropts -m0700
-       keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-       has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-       preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
-
-pkg_postinst() {
-       ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-       c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-       eend $?
-
-       has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-       preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
diff --git a/dev-libs/openssl/openssl-1.0.1m.ebuild b/dev-libs/openssl/openssl-1.0.1m.ebuild
deleted file mode 100644 (file)
index 7f30b56..0000000
+++ /dev/null
@@ -1,259 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-REV="1.7"
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${P}.tar.gz
-       http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-# The blocks are temporary just to make sure people upgrade to a
-# version that lack runtime version checking.  We'll drop them in
-# the future.
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-       zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-       kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-       abi_x86_32? (
-               !<=app-emulation/emul-linux-x86-baselibs-20140406-r3
-               !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-       )
-       !<net-misc/openssh-5.9_p1-r4
-       !<net-libs/neon-0.29.6-r1"
-DEPEND="${RDEPEND}
-       sys-apps/diffutils
-       >=dev-lang/perl-5
-       test? ( sys-devel/bc )"
-PDEPEND="app-misc/ca-certificates"
-
-src_unpack() {
-       unpack ${P}.tar.gz
-       SSL_CNF_DIR="/etc/ssl"
-       sed \
-               -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
-               -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \
-               "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
-               > "${WORKDIR}"/c_rehash || die #416717
-}
-
-MULTILIB_WRAPPED_HEADERS=(
-       usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-       # Make sure we only ever touch Makefile.org and avoid patching a file
-       # that gets blown away anyways by the Configure script in src_configure
-       rm -f Makefile
-
-       if ! use vanilla ; then
-               epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-               epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
-               epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1m-parallel-build.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1m-x32.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1m-ipv6.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1m-s_client-verify.patch #472584
-               epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086
-               epatch_user #332661
-       fi
-
-       # disable fips in the build
-       # make sure the man pages are suffixed #302165
-       # don't bother building man pages if they're disabled
-       sed -i \
-               -e '/DIRS/s: fips : :g' \
-               -e '/^MANSUFFIX/s:=.*:=ssl:' \
-               -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-               -e $(has noman FEATURES \
-                       && echo '/^install:/s:install_docs::' \
-                       || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-               Makefile.org \
-               || die
-       # show the actual commands in the log
-       sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-       # since we're forcing $(CC) as makedep anyway, just fix
-       # the conditional as always-on
-       # helps clang (#417795), and versioned gcc (#499818)
-       sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-       # quiet out unknown driver argument warnings since openssl
-       # doesn't have well-split CFLAGS and we're making it even worse
-       # and 'make depend' uses -Werror for added fun (#417795 again)
-       [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-       # allow openssl to be cross-compiled
-       cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
-       chmod a+rx gentoo.config
-
-       append-flags -fno-strict-aliasing
-       append-flags $(test-flags-CC -Wa,--noexecstack)
-
-       sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-       # The config script does stupid stuff to prompt the user.  Kill it.
-       sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-       ./config --test-sanity || die "I AM NOT SANE"
-
-       multilib_copy_sources
-}
-
-multilib_src_configure() {
-       unset APPS #197996
-       unset SCRIPTS #312551
-       unset CROSS_COMPILE #311473
-
-       tc-export CC AR RANLIB RC
-
-       # Clean out patent-or-otherwise-encumbered code
-       # Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-       # IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-       # EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-       # MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-       # RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
-
-       use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-       echoit() { echo "$@" ; "$@" ; }
-
-       local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-       # See if our toolchain supports __uint128_t.  If so, it's 64bit
-       # friendly and can use the nicely optimized code paths. #460790
-       local ec_nistp_64_gcc_128
-       # Disable it for now though #469976
-       #if ! use bindist ; then
-       #       echo "__uint128_t i;" > "${T}"/128.c
-       #       if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-       #               ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-       #       fi
-       #fi
-
-       local sslout=$(./gentoo.config)
-       einfo "Use configuration ${sslout:-(openssl knows best)}"
-       local config="Configure"
-       [[ -z ${sslout} ]] && config="config"
-
-       echoit \
-       ./${config} \
-               ${sslout} \
-               $(use cpu_flags_x86_sse2 || echo "no-sse2") \
-               enable-camellia \
-               $(use_ssl !bindist ec) \
-               ${ec_nistp_64_gcc_128} \
-               enable-idea \
-               enable-mdc2 \
-               $(use_ssl !bindist rc5) \
-               enable-tlsext \
-               $(use_ssl gmp gmp -lgmp) \
-               $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-               $(use_ssl rfc3779) \
-               $(use_ssl tls-heartbeat heartbeats) \
-               $(use_ssl zlib) \
-               --prefix="${EPREFIX}"/usr \
-               --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-               --libdir=$(get_libdir) \
-               shared threads \
-               || die
-
-       # Clean out hardcoded flags that openssl uses
-       local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-               -e 's:^CFLAG=::' \
-               -e 's:-fomit-frame-pointer ::g' \
-               -e 's:-O[0-9] ::g' \
-               -e 's:-march=[-a-z0-9]* ::g' \
-               -e 's:-mcpu=[-a-z0-9]* ::g' \
-               -e 's:-m[a-z0-9]* ::g' \
-       )
-       sed -i \
-               -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-               -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-               Makefile || die
-}
-
-multilib_src_compile() {
-       # depend is needed to use $confopts; it also doesn't matter
-       # that it's -j1 as the code itself serializes subdirs
-       emake -j1 depend
-       emake all
-       # rehash is needed to prep the certs/ dir; do this
-       # separately to avoid parallel build issues.
-       emake rehash
-}
-
-multilib_src_test() {
-       emake -j1 test
-}
-
-multilib_src_install() {
-       emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-       dobin "${WORKDIR}"/c_rehash #333117
-       dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-       dohtml -r doc/*
-       use rfc3779 && dodoc engines/ccgost/README.gost
-
-       # This is crappy in that the static archives are still built even
-       # when USE=static-libs.  But this is due to a failing in the openssl
-       # build system: the static archives are built as PIC all the time.
-       # Only way around this would be to manually configure+compile openssl
-       # twice; once with shared lib support enabled and once without.
-       use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-       # create the certs directory
-       dodir ${SSL_CNF_DIR}/certs
-       cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-       rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-       # Namespace openssl programs to prevent conflicts with other man pages
-       cd "${ED}"/usr/share/man
-       local m d s
-       for m in $(find . -type f | xargs grep -L '#include') ; do
-               d=${m%/*} ; d=${d#./} ; m=${m##*/}
-               [[ ${m} == openssl.1* ]] && continue
-               [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-               mv ${d}/{,ssl-}${m}
-               # fix up references to renamed man pages
-               sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-               ln -s ssl-${m} ${d}/openssl-${m}
-               # locate any symlinks that point to this man page ... we assume
-               # that any broken links are due to the above renaming
-               for s in $(find -L ${d} -type l) ; do
-                       s=${s##*/}
-                       rm -f ${d}/${s}
-                       ln -s ssl-${m} ${d}/ssl-${s}
-                       ln -s ssl-${s} ${d}/openssl-${s}
-               done
-       done
-       [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-       dodir /etc/sandbox.d #254521
-       echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-       diropts -m0700
-       keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-       has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-       preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
-
-pkg_postinst() {
-       ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-       c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-       eend $?
-
-       has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-       preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
diff --git a/dev-libs/openssl/openssl-1.0.1n.ebuild b/dev-libs/openssl/openssl-1.0.1n.ebuild
deleted file mode 100644 (file)
index 0b33ee9..0000000
+++ /dev/null
@@ -1,258 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-REV="1.7"
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${P}.tar.gz
-       http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-# The blocks are temporary just to make sure people upgrade to a
-# version that lack runtime version checking.  We'll drop them in
-# the future.
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-       zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-       kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-       abi_x86_32? (
-               !<=app-emulation/emul-linux-x86-baselibs-20140406-r3
-               !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-       )
-       !<net-misc/openssh-5.9_p1-r4
-       !<net-libs/neon-0.29.6-r1"
-DEPEND="${RDEPEND}
-       sys-apps/diffutils
-       >=dev-lang/perl-5
-       test? ( sys-devel/bc )"
-PDEPEND="app-misc/ca-certificates"
-
-src_unpack() {
-       unpack ${P}.tar.gz
-       SSL_CNF_DIR="/etc/ssl"
-       sed \
-               -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
-               -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \
-               "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
-               > "${WORKDIR}"/c_rehash || die #416717
-}
-
-MULTILIB_WRAPPED_HEADERS=(
-       usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-       # Make sure we only ever touch Makefile.org and avoid patching a file
-       # that gets blown away anyways by the Configure script in src_configure
-       rm -f Makefile
-
-       if ! use vanilla ; then
-               epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-               epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
-               epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1m-parallel-build.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1m-x32.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1m-ipv6.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086
-               epatch_user #332661
-       fi
-
-       # disable fips in the build
-       # make sure the man pages are suffixed #302165
-       # don't bother building man pages if they're disabled
-       sed -i \
-               -e '/DIRS/s: fips : :g' \
-               -e '/^MANSUFFIX/s:=.*:=ssl:' \
-               -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-               -e $(has noman FEATURES \
-                       && echo '/^install:/s:install_docs::' \
-                       || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-               Makefile.org \
-               || die
-       # show the actual commands in the log
-       sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-       # since we're forcing $(CC) as makedep anyway, just fix
-       # the conditional as always-on
-       # helps clang (#417795), and versioned gcc (#499818)
-       sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-       # quiet out unknown driver argument warnings since openssl
-       # doesn't have well-split CFLAGS and we're making it even worse
-       # and 'make depend' uses -Werror for added fun (#417795 again)
-       [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-       # allow openssl to be cross-compiled
-       cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
-       chmod a+rx gentoo.config
-
-       append-flags -fno-strict-aliasing
-       append-flags $(test-flags-CC -Wa,--noexecstack)
-
-       sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-       # The config script does stupid stuff to prompt the user.  Kill it.
-       sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-       ./config --test-sanity || die "I AM NOT SANE"
-
-       multilib_copy_sources
-}
-
-multilib_src_configure() {
-       unset APPS #197996
-       unset SCRIPTS #312551
-       unset CROSS_COMPILE #311473
-
-       tc-export CC AR RANLIB RC
-
-       # Clean out patent-or-otherwise-encumbered code
-       # Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-       # IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-       # EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-       # MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-       # RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
-
-       use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-       echoit() { echo "$@" ; "$@" ; }
-
-       local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-       # See if our toolchain supports __uint128_t.  If so, it's 64bit
-       # friendly and can use the nicely optimized code paths. #460790
-       local ec_nistp_64_gcc_128
-       # Disable it for now though #469976
-       #if ! use bindist ; then
-       #       echo "__uint128_t i;" > "${T}"/128.c
-       #       if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-       #               ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-       #       fi
-       #fi
-
-       local sslout=$(./gentoo.config)
-       einfo "Use configuration ${sslout:-(openssl knows best)}"
-       local config="Configure"
-       [[ -z ${sslout} ]] && config="config"
-
-       echoit \
-       ./${config} \
-               ${sslout} \
-               $(use cpu_flags_x86_sse2 || echo "no-sse2") \
-               enable-camellia \
-               $(use_ssl !bindist ec) \
-               ${ec_nistp_64_gcc_128} \
-               enable-idea \
-               enable-mdc2 \
-               $(use_ssl !bindist rc5) \
-               enable-tlsext \
-               $(use_ssl gmp gmp -lgmp) \
-               $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-               $(use_ssl rfc3779) \
-               $(use_ssl tls-heartbeat heartbeats) \
-               $(use_ssl zlib) \
-               --prefix="${EPREFIX}"/usr \
-               --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-               --libdir=$(get_libdir) \
-               shared threads \
-               || die
-
-       # Clean out hardcoded flags that openssl uses
-       local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-               -e 's:^CFLAG=::' \
-               -e 's:-fomit-frame-pointer ::g' \
-               -e 's:-O[0-9] ::g' \
-               -e 's:-march=[-a-z0-9]* ::g' \
-               -e 's:-mcpu=[-a-z0-9]* ::g' \
-               -e 's:-m[a-z0-9]* ::g' \
-       )
-       sed -i \
-               -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-               -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-               Makefile || die
-}
-
-multilib_src_compile() {
-       # depend is needed to use $confopts; it also doesn't matter
-       # that it's -j1 as the code itself serializes subdirs
-       emake -j1 depend
-       emake all
-       # rehash is needed to prep the certs/ dir; do this
-       # separately to avoid parallel build issues.
-       emake rehash
-}
-
-multilib_src_test() {
-       emake -j1 test
-}
-
-multilib_src_install() {
-       emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-       dobin "${WORKDIR}"/c_rehash #333117
-       dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-       dohtml -r doc/*
-       use rfc3779 && dodoc engines/ccgost/README.gost
-
-       # This is crappy in that the static archives are still built even
-       # when USE=static-libs.  But this is due to a failing in the openssl
-       # build system: the static archives are built as PIC all the time.
-       # Only way around this would be to manually configure+compile openssl
-       # twice; once with shared lib support enabled and once without.
-       use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-       # create the certs directory
-       dodir ${SSL_CNF_DIR}/certs
-       cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-       rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-       # Namespace openssl programs to prevent conflicts with other man pages
-       cd "${ED}"/usr/share/man
-       local m d s
-       for m in $(find . -type f | xargs grep -L '#include') ; do
-               d=${m%/*} ; d=${d#./} ; m=${m##*/}
-               [[ ${m} == openssl.1* ]] && continue
-               [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-               mv ${d}/{,ssl-}${m}
-               # fix up references to renamed man pages
-               sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-               ln -s ssl-${m} ${d}/openssl-${m}
-               # locate any symlinks that point to this man page ... we assume
-               # that any broken links are due to the above renaming
-               for s in $(find -L ${d} -type l) ; do
-                       s=${s##*/}
-                       rm -f ${d}/${s}
-                       ln -s ssl-${m} ${d}/ssl-${s}
-                       ln -s ssl-${s} ${d}/openssl-${s}
-               done
-       done
-       [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-       dodir /etc/sandbox.d #254521
-       echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-       diropts -m0700
-       keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-       has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-       preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
-
-pkg_postinst() {
-       ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-       c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-       eend $?
-
-       has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-       preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
diff --git a/dev-libs/openssl/openssl-1.0.1o.ebuild b/dev-libs/openssl/openssl-1.0.1o.ebuild
deleted file mode 100644 (file)
index f6c6c16..0000000
+++ /dev/null
@@ -1,258 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-REV="1.7"
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${P}.tar.gz
-       http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-# The blocks are temporary just to make sure people upgrade to a
-# version that lack runtime version checking.  We'll drop them in
-# the future.
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-       zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-       kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-       abi_x86_32? (
-               !<=app-emulation/emul-linux-x86-baselibs-20140406-r3
-               !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-       )
-       !<net-misc/openssh-5.9_p1-r4
-       !<net-libs/neon-0.29.6-r1"
-DEPEND="${RDEPEND}
-       sys-apps/diffutils
-       >=dev-lang/perl-5
-       test? ( sys-devel/bc )"
-PDEPEND="app-misc/ca-certificates"
-
-src_unpack() {
-       unpack ${P}.tar.gz
-       SSL_CNF_DIR="/etc/ssl"
-       sed \
-               -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
-               -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \
-               "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
-               > "${WORKDIR}"/c_rehash || die #416717
-}
-
-MULTILIB_WRAPPED_HEADERS=(
-       usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-       # Make sure we only ever touch Makefile.org and avoid patching a file
-       # that gets blown away anyways by the Configure script in src_configure
-       rm -f Makefile
-
-       if ! use vanilla ; then
-               epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-               epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
-               epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1m-parallel-build.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1m-x32.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1m-ipv6.patch
-               epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086
-               epatch_user #332661
-       fi
-
-       # disable fips in the build
-       # make sure the man pages are suffixed #302165
-       # don't bother building man pages if they're disabled
-       sed -i \
-               -e '/DIRS/s: fips : :g' \
-               -e '/^MANSUFFIX/s:=.*:=ssl:' \
-               -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-               -e $(has noman FEATURES \
-                       && echo '/^install:/s:install_docs::' \
-                       || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-               Makefile.org \
-               || die
-       # show the actual commands in the log
-       sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-       # since we're forcing $(CC) as makedep anyway, just fix
-       # the conditional as always-on
-       # helps clang (#417795), and versioned gcc (#499818)
-       sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-       # quiet out unknown driver argument warnings since openssl
-       # doesn't have well-split CFLAGS and we're making it even worse
-       # and 'make depend' uses -Werror for added fun (#417795 again)
-       [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-       # allow openssl to be cross-compiled
-       cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
-       chmod a+rx gentoo.config
-
-       append-flags -fno-strict-aliasing
-       append-flags $(test-flags-CC -Wa,--noexecstack)
-
-       sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-       # The config script does stupid stuff to prompt the user.  Kill it.
-       sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-       ./config --test-sanity || die "I AM NOT SANE"
-
-       multilib_copy_sources
-}
-
-multilib_src_configure() {
-       unset APPS #197996
-       unset SCRIPTS #312551
-       unset CROSS_COMPILE #311473
-
-       tc-export CC AR RANLIB RC
-
-       # Clean out patent-or-otherwise-encumbered code
-       # Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-       # IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-       # EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-       # MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-       # RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
-
-       use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-       echoit() { echo "$@" ; "$@" ; }
-
-       local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-       # See if our toolchain supports __uint128_t.  If so, it's 64bit
-       # friendly and can use the nicely optimized code paths. #460790
-       local ec_nistp_64_gcc_128
-       # Disable it for now though #469976
-       #if ! use bindist ; then
-       #       echo "__uint128_t i;" > "${T}"/128.c
-       #       if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-       #               ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-       #       fi
-       #fi
-
-       local sslout=$(./gentoo.config)
-       einfo "Use configuration ${sslout:-(openssl knows best)}"
-       local config="Configure"
-       [[ -z ${sslout} ]] && config="config"
-
-       echoit \
-       ./${config} \
-               ${sslout} \
-               $(use cpu_flags_x86_sse2 || echo "no-sse2") \
-               enable-camellia \
-               $(use_ssl !bindist ec) \
-               ${ec_nistp_64_gcc_128} \
-               enable-idea \
-               enable-mdc2 \
-               $(use_ssl !bindist rc5) \
-               enable-tlsext \
-               $(use_ssl gmp gmp -lgmp) \
-               $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-               $(use_ssl rfc3779) \
-               $(use_ssl tls-heartbeat heartbeats) \
-               $(use_ssl zlib) \
-               --prefix="${EPREFIX}"/usr \
-               --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-               --libdir=$(get_libdir) \
-               shared threads \
-               || die
-
-       # Clean out hardcoded flags that openssl uses
-       local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-               -e 's:^CFLAG=::' \
-               -e 's:-fomit-frame-pointer ::g' \
-               -e 's:-O[0-9] ::g' \
-               -e 's:-march=[-a-z0-9]* ::g' \
-               -e 's:-mcpu=[-a-z0-9]* ::g' \
-               -e 's:-m[a-z0-9]* ::g' \
-       )
-       sed -i \
-               -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-               -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-               Makefile || die
-}
-
-multilib_src_compile() {
-       # depend is needed to use $confopts; it also doesn't matter
-       # that it's -j1 as the code itself serializes subdirs
-       emake -j1 depend
-       emake all
-       # rehash is needed to prep the certs/ dir; do this
-       # separately to avoid parallel build issues.
-       emake rehash
-}
-
-multilib_src_test() {
-       emake -j1 test
-}
-
-multilib_src_install() {
-       emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-       dobin "${WORKDIR}"/c_rehash #333117
-       dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-       dohtml -r doc/*
-       use rfc3779 && dodoc engines/ccgost/README.gost
-
-       # This is crappy in that the static archives are still built even
-       # when USE=static-libs.  But this is due to a failing in the openssl
-       # build system: the static archives are built as PIC all the time.
-       # Only way around this would be to manually configure+compile openssl
-       # twice; once with shared lib support enabled and once without.
-       use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-       # create the certs directory
-       dodir ${SSL_CNF_DIR}/certs
-       cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-       rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-       # Namespace openssl programs to prevent conflicts with other man pages
-       cd "${ED}"/usr/share/man
-       local m d s
-       for m in $(find . -type f | xargs grep -L '#include') ; do
-               d=${m%/*} ; d=${d#./} ; m=${m##*/}
-               [[ ${m} == openssl.1* ]] && continue
-               [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-               mv ${d}/{,ssl-}${m}
-               # fix up references to renamed man pages
-               sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-               ln -s ssl-${m} ${d}/openssl-${m}
-               # locate any symlinks that point to this man page ... we assume
-               # that any broken links are due to the above renaming
-               for s in $(find -L ${d} -type l) ; do
-                       s=${s##*/}
-                       rm -f ${d}/${s}
-                       ln -s ssl-${m} ${d}/ssl-${s}
-                       ln -s ssl-${s} ${d}/openssl-${s}
-               done
-       done
-       [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-       dodir /etc/sandbox.d #254521
-       echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-       diropts -m0700
-       keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-       has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-       preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
-
-pkg_postinst() {
-       ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-       c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-       eend $?
-
-       has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-       preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
diff --git a/dev-libs/openssl/openssl-1.0.2-r3.ebuild b/dev-libs/openssl/openssl-1.0.2-r3.ebuild
deleted file mode 100644 (file)
index 231155d..0000000
+++ /dev/null
@@ -1,263 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-REV="1.7"
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-       http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-# The blocks are temporary just to make sure people upgrade to a
-# version that lack runtime version checking.  We'll drop them in
-# the future.
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-       zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-       kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-       abi_x86_32? (
-               !<=app-emulation/emul-linux-x86-baselibs-20140508
-               !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-       )
-       !<net-misc/openssh-5.9_p1-r4
-       !<net-libs/neon-0.29.6-r1"
-DEPEND="${RDEPEND}
-       sys-apps/diffutils
-       >=dev-lang/perl-5
-       sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-       test? ( sys-devel/bc )"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-       usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-       SSL_CNF_DIR="/etc/ssl"
-       sed \
-               -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
-               -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \
-               "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
-               > "${WORKDIR}"/c_rehash || die #416717
-
-       # Make sure we only ever touch Makefile.org and avoid patching a file
-       # that gets blown away anyways by the Configure script in src_configure
-       rm -f Makefile
-
-       epatch "${FILESDIR}"/${P}-CVE-2015-0209.patch #541502
-       epatch "${FILESDIR}"/${P}-CVE-2015-0288.patch #542038
-       if ! use vanilla ; then
-               epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-               epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
-               epatch "${FILESDIR}"/${PN}-1.0.2-parallel-build.patch
-               epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
-               epatch "${FILESDIR}"/${PN}-1.0.2-s_client-verify.patch #472584
-               epatch "${FILESDIR}"/${PN}-1.0.2-CVE-2015-0291.patch
-
-               epatch_user #332661
-       fi
-
-       # disable fips in the build
-       # make sure the man pages are suffixed #302165
-       # don't bother building man pages if they're disabled
-       sed -i \
-               -e '/DIRS/s: fips : :g' \
-               -e '/^MANSUFFIX/s:=.*:=ssl:' \
-               -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-               -e $(has noman FEATURES \
-                       && echo '/^install:/s:install_docs::' \
-                       || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-               Makefile.org \
-               || die
-       # show the actual commands in the log
-       sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-       # since we're forcing $(CC) as makedep anyway, just fix
-       # the conditional as always-on
-       # helps clang (#417795), and versioned gcc (#499818)
-       sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-       # quiet out unknown driver argument warnings since openssl
-       # doesn't have well-split CFLAGS and we're making it even worse
-       # and 'make depend' uses -Werror for added fun (#417795 again)
-       [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-       # allow openssl to be cross-compiled
-       cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
-       chmod a+rx gentoo.config
-
-       append-flags -fno-strict-aliasing
-       append-flags $(test-flags-CC -Wa,--noexecstack)
-       append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-       sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-       # The config script does stupid stuff to prompt the user.  Kill it.
-       sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-       ./config --test-sanity || die "I AM NOT SANE"
-
-       multilib_copy_sources
-}
-
-multilib_src_configure() {
-       unset APPS #197996
-       unset SCRIPTS #312551
-       unset CROSS_COMPILE #311473
-
-       tc-export CC AR RANLIB RC
-
-       # Clean out patent-or-otherwise-encumbered code
-       # Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-       # IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-       # EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-       # MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-       # RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
-
-       use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-       echoit() { echo "$@" ; "$@" ; }
-
-       local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-       # See if our toolchain supports __uint128_t.  If so, it's 64bit
-       # friendly and can use the nicely optimized code paths. #460790
-       local ec_nistp_64_gcc_128
-       # Disable it for now though #469976
-       #if ! use bindist ; then
-       #       echo "__uint128_t i;" > "${T}"/128.c
-       #       if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-       #               ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-       #       fi
-       #fi
-
-       local sslout=$(./gentoo.config)
-       einfo "Use configuration ${sslout:-(openssl knows best)}"
-       local config="Configure"
-       [[ -z ${sslout} ]] && config="config"
-
-       echoit \
-       ./${config} \
-               ${sslout} \
-               $(use sctp && echo "sctp") \
-               $(use cpu_flags_x86_sse2 || echo "no-sse2") \
-               enable-camellia \
-               $(use_ssl !bindist ec) \
-               ${ec_nistp_64_gcc_128} \
-               enable-idea \
-               enable-mdc2 \
-               enable-rc5 \
-               enable-tlsext \
-               $(use_ssl gmp gmp -lgmp) \
-               $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-               $(use_ssl rfc3779) \
-               $(use_ssl tls-heartbeat heartbeats) \
-               $(use_ssl zlib) \
-               --prefix="${EPREFIX}"/usr \
-               --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-               --libdir=$(get_libdir) \
-               shared threads \
-               || die
-
-       # Clean out hardcoded flags that openssl uses
-       local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-               -e 's:^CFLAG=::' \
-               -e 's:-fomit-frame-pointer ::g' \
-               -e 's:-O[0-9] ::g' \
-               -e 's:-march=[-a-z0-9]* ::g' \
-               -e 's:-mcpu=[-a-z0-9]* ::g' \
-               -e 's:-m[a-z0-9]* ::g' \
-       )
-       sed -i \
-               -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-               -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-               Makefile || die
-}
-
-multilib_src_compile() {
-       # depend is needed to use $confopts; it also doesn't matter
-       # that it's -j1 as the code itself serializes subdirs
-       emake -j1 depend
-       emake all
-       # rehash is needed to prep the certs/ dir; do this
-       # separately to avoid parallel build issues.
-       emake rehash
-}
-
-multilib_src_test() {
-       emake -j1 test
-}
-
-multilib_src_install() {
-       emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-       dobin "${WORKDIR}"/c_rehash #333117
-       dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-       dohtml -r doc/*
-       use rfc3779 && dodoc engines/ccgost/README.gost
-
-       # This is crappy in that the static archives are still built even
-       # when USE=static-libs.  But this is due to a failing in the openssl
-       # build system: the static archives are built as PIC all the time.
-       # Only way around this would be to manually configure+compile openssl
-       # twice; once with shared lib support enabled and once without.
-       use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-       # create the certs directory
-       dodir ${SSL_CNF_DIR}/certs
-       cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-       rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-       # Namespace openssl programs to prevent conflicts with other man pages
-       cd "${ED}"/usr/share/man
-       local m d s
-       for m in $(find . -type f | xargs grep -L '#include') ; do
-               d=${m%/*} ; d=${d#./} ; m=${m##*/}
-               [[ ${m} == openssl.1* ]] && continue
-               [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-               mv ${d}/{,ssl-}${m}
-               # fix up references to renamed man pages
-               sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-               ln -s ssl-${m} ${d}/openssl-${m}
-               # locate any symlinks that point to this man page ... we assume
-               # that any broken links are due to the above renaming
-               for s in $(find -L ${d} -type l) ; do
-                       s=${s##*/}
-                       rm -f ${d}/${s}
-                       ln -s ssl-${m} ${d}/ssl-${s}
-                       ln -s ssl-${s} ${d}/openssl-${s}
-               done
-       done
-       [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-       dodir /etc/sandbox.d #254521
-       echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-       diropts -m0700
-       keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-       has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-       preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
-
-pkg_postinst() {
-       ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-       c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-       eend $?
-
-       has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-       preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}