From 4c10439ee3bae573fe8381b2cf417fb14ede2d30 Mon Sep 17 00:00:00 2001
From: Chih-Hsuan Yen <yan12125@macports.org>
Date: Tue, 14 May 2019 23:31:02 +0800
Subject: [PATCH 1/4] old_openssl: new port group for easing usage of the older
 openssl ports

This is a step in OpenSSL 1.1 migration.

Ref: https://github.com/macports/macports-ports/pull/3822
Ref: https://trac.macports.org/ticket/52101
---
 _resources/port1.0/group/old_openssl-1.0.tcl | 49 ++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 _resources/port1.0/group/old_openssl-1.0.tcl

diff --git a/_resources/port1.0/group/old_openssl-1.0.tcl b/_resources/port1.0/group/old_openssl-1.0.tcl
new file mode 100644
index 0000000000000..3786acb29af55
--- /dev/null
+++ b/_resources/port1.0/group/old_openssl-1.0.tcl
@@ -0,0 +1,49 @@
+# -*- coding: utf-8; mode: tcl; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 4; truncate-lines: t -*- vim:fenc=utf-8:et:sw=4:ts=4:sts=4
+#
+# Usage:
+# PortGroup     old_openssl 1.0
+#
+# This port group is for ports that are incompatible with the latest OpenSSL.
+# It's not needed for most ports.
+#
+# options:
+# openssl.branch: the OpenSSL branch to use (e.g. 1.0 for the latest OpenSSL on the 1.0.x branch).
+#   Currently only 1.0 is available.
+
+options openssl.branch
+option_proc openssl.branch openssl_set_branch
+options openssl.includedir
+default openssl.includedir      {${prefix}/include/openssl-${openssl.branch}}
+options openssl.libdir
+default openssl.libdir          {${prefix}/lib/openssl-${openssl.branch}}
+
+proc openssl_set_branch {option action args} {
+    if {$action ne "set"} {
+        return
+    }
+
+    global openssl.branch
+
+    set branch_no_dot [string map {. ""} ${openssl.branch}]
+
+    depends_lib-delete      path:lib/libssl.dylib:openssl
+    depends_lib-append      port:openssl${branch_no_dot}
+}
+
+proc openssl.configure {method} {
+    global prefix openssl.branch openssl.includedir openssl.libdir
+
+    switch ${method} {
+        pkgconfig {
+            configure.env-append PKG_CONFIG_PATH=${prefix}/lib/openssl-${openssl.branch}/pkgconfig
+            depends_build-append port:pkgconfig
+        }
+        build_flags {
+            configure.cppflags-prepend -I${openssl.includedir}
+            configure.ldflags-prepend -L${openssl.libdir}
+        }
+        default {
+            return -code error "invalid method \"${method}\" for openssl.configure"
+        }
+    } 
+}

From 2314d1689d0ef77f5d94140d587de9fd214a904b Mon Sep 17 00:00:00 2001
From: Chih-Hsuan Yen <yan12125@macports.org>
Date: Tue, 14 May 2019 23:29:48 +0800
Subject: [PATCH 2/4] php5{2,3,4,5,6}-openssl: use openssl 1.0 via the
 old_openssl port group

They are not compatible with OpenSSL 1.1. For example, php56-openssl
fails with:

/opt/local/var/macports/build/_Users_yen_var_syncthing_Projects_macports-ports_lang_php/php56-openssl/work/php-5.6.40/ext/openssl.c:1904:15: error: incomplete definition of type 'struct X509_extension_st'
        p = extension->value->data;
            ~~~~~~~~~^

All ports tested with the following PHP script:

<?php
echo file_get_contents('https://httpbin.org/ip');
?>

Closes: https://trac.macports.org/ticket/58464
---
 lang/php/Portfile                             | 26 +++++++++++++++----
 .../patch-php52-ext-openssl-config.m4.diff    | 13 ++++++++++
 .../patch-php53-ext-openssl-config.m4.diff    | 13 ++++++++++
 .../patch-php54-ext-openssl-config.m4.diff    | 13 ++++++++++
 .../patch-php55-ext-openssl-config.m4.diff    | 13 ++++++++++
 .../patch-php56-ext-openssl-config.m4.diff    | 13 ++++++++++
 6 files changed, 86 insertions(+), 5 deletions(-)
 create mode 100644 lang/php/files/patch-php52-ext-openssl-config.m4.diff
 create mode 100644 lang/php/files/patch-php53-ext-openssl-config.m4.diff
 create mode 100644 lang/php/files/patch-php54-ext-openssl-config.m4.diff
 create mode 100644 lang/php/files/patch-php55-ext-openssl-config.m4.diff
 create mode 100644 lang/php/files/patch-php56-ext-openssl-config.m4.diff

diff --git a/lang/php/Portfile b/lang/php/Portfile
index ef838a2427d98..e75f6c61d075f 100644
--- a/lang/php/Portfile
+++ b/lang/php/Portfile
@@ -3,6 +3,7 @@
 PortSystem              1.0
 PortGroup               php 1.1
 PortGroup               compiler_blacklist_versions 1.0
+PortGroup               old_openssl 1.0
 
 name                    php
 platforms               darwin freebsd
@@ -1327,11 +1328,11 @@ if {[vercmp ${branch} 5.5] >= 0} {
 
 subport ${php}-openssl {
     switch -- ${version} {
-        5.2.17              {revision 0}
-        5.3.29              {revision 0}
-        5.4.45              {revision 0}
-        5.5.38              {revision 0}
-        5.6.40              {revision 0}
+        5.2.17              {revision 1}
+        5.3.29              {revision 1}
+        5.4.45              {revision 1}
+        5.5.38              {revision 1}
+        5.6.40              {revision 1}
         7.0.33              {revision 0}
         7.1.29              {revision 0}
         7.2.18              {revision 0}
@@ -1356,6 +1357,21 @@ subport ${php}-openssl {
     
     configure.args-append   --with-kerberos=${prefix} \
                             --with-openssl=${prefix}
+
+    if {[vercmp ${branch} 5.6] <= 0} {
+        openssl.branch 1.0
+        openssl.configure pkgconfig
+
+        # This patch is for reordering -I and -L flags during the build to make
+        # openssl-1.0 directories appear before others
+        patchfiles-append       patch-${php}-ext-openssl-config.m4.diff
+
+        post-patch {
+            reinplace "s|@PREFIX@|${prefix}|g" ${worksrcpath}/ext/openssl/config.m4
+        }
+
+        configure.args-replace  --with-openssl=${prefix} --with-openssl=shared
+    }
 }
 
 subport ${php}-oracle {
diff --git a/lang/php/files/patch-php52-ext-openssl-config.m4.diff b/lang/php/files/patch-php52-ext-openssl-config.m4.diff
new file mode 100644
index 0000000000000..eaa5d1c04f873
--- /dev/null
+++ b/lang/php/files/patch-php52-ext-openssl-config.m4.diff
@@ -0,0 +1,13 @@
+--- ext/openssl/config.m4.orig	2019-01-09 17:54:13.000000000 +0800
++++ ext/openssl/config.m4	2019-05-11 16:52:27.000000000 +0800
+@@ -32,4 +32,10 @@
+   ], [
+     AC_MSG_ERROR([OpenSSL check failed. Please check config.log for more information.])
+   ])
++
++  INCLUDES=`echo "$INCLUDES" | sed "s|-I@PREFIX@/include ||g"`
++  INCLUDES="$INCLUDES -I@PREFIX@/include"
++
++  LDFLAGS=`echo "$LDFLAGS" | sed "s|-L@PREFIX@/lib ||g"`
++  OPENSSL_SHARED_LIBADD="$OPENSSL_SHARED_LIBADD -L@PREFIX@/lib"
+ fi
diff --git a/lang/php/files/patch-php53-ext-openssl-config.m4.diff b/lang/php/files/patch-php53-ext-openssl-config.m4.diff
new file mode 100644
index 0000000000000..eaa5d1c04f873
--- /dev/null
+++ b/lang/php/files/patch-php53-ext-openssl-config.m4.diff
@@ -0,0 +1,13 @@
+--- ext/openssl/config.m4.orig	2019-01-09 17:54:13.000000000 +0800
++++ ext/openssl/config.m4	2019-05-11 16:52:27.000000000 +0800
+@@ -32,4 +32,10 @@
+   ], [
+     AC_MSG_ERROR([OpenSSL check failed. Please check config.log for more information.])
+   ])
++
++  INCLUDES=`echo "$INCLUDES" | sed "s|-I@PREFIX@/include ||g"`
++  INCLUDES="$INCLUDES -I@PREFIX@/include"
++
++  LDFLAGS=`echo "$LDFLAGS" | sed "s|-L@PREFIX@/lib ||g"`
++  OPENSSL_SHARED_LIBADD="$OPENSSL_SHARED_LIBADD -L@PREFIX@/lib"
+ fi
diff --git a/lang/php/files/patch-php54-ext-openssl-config.m4.diff b/lang/php/files/patch-php54-ext-openssl-config.m4.diff
new file mode 100644
index 0000000000000..eaa5d1c04f873
--- /dev/null
+++ b/lang/php/files/patch-php54-ext-openssl-config.m4.diff
@@ -0,0 +1,13 @@
+--- ext/openssl/config.m4.orig	2019-01-09 17:54:13.000000000 +0800
++++ ext/openssl/config.m4	2019-05-11 16:52:27.000000000 +0800
+@@ -32,4 +32,10 @@
+   ], [
+     AC_MSG_ERROR([OpenSSL check failed. Please check config.log for more information.])
+   ])
++
++  INCLUDES=`echo "$INCLUDES" | sed "s|-I@PREFIX@/include ||g"`
++  INCLUDES="$INCLUDES -I@PREFIX@/include"
++
++  LDFLAGS=`echo "$LDFLAGS" | sed "s|-L@PREFIX@/lib ||g"`
++  OPENSSL_SHARED_LIBADD="$OPENSSL_SHARED_LIBADD -L@PREFIX@/lib"
+ fi
diff --git a/lang/php/files/patch-php55-ext-openssl-config.m4.diff b/lang/php/files/patch-php55-ext-openssl-config.m4.diff
new file mode 100644
index 0000000000000..eaa5d1c04f873
--- /dev/null
+++ b/lang/php/files/patch-php55-ext-openssl-config.m4.diff
@@ -0,0 +1,13 @@
+--- ext/openssl/config.m4.orig	2019-01-09 17:54:13.000000000 +0800
++++ ext/openssl/config.m4	2019-05-11 16:52:27.000000000 +0800
+@@ -32,4 +32,10 @@
+   ], [
+     AC_MSG_ERROR([OpenSSL check failed. Please check config.log for more information.])
+   ])
++
++  INCLUDES=`echo "$INCLUDES" | sed "s|-I@PREFIX@/include ||g"`
++  INCLUDES="$INCLUDES -I@PREFIX@/include"
++
++  LDFLAGS=`echo "$LDFLAGS" | sed "s|-L@PREFIX@/lib ||g"`
++  OPENSSL_SHARED_LIBADD="$OPENSSL_SHARED_LIBADD -L@PREFIX@/lib"
+ fi
diff --git a/lang/php/files/patch-php56-ext-openssl-config.m4.diff b/lang/php/files/patch-php56-ext-openssl-config.m4.diff
new file mode 100644
index 0000000000000..b88cdd8704fa5
--- /dev/null
+++ b/lang/php/files/patch-php56-ext-openssl-config.m4.diff
@@ -0,0 +1,13 @@
+--- ext/openssl/config.m4.orig	2019-01-09 17:54:13.000000000 +0800
++++ ext/openssl/config.m4	2019-05-11 16:52:27.000000000 +0800
+@@ -32,4 +32,10 @@
+   if test "$PHP_SYSTEM_CIPHERS" != "no"; then
+     AC_DEFINE(USE_OPENSSL_SYSTEM_CIPHERS,1,[ Use system default cipher list instead of hardcoded value ])
+   fi
++
++  INCLUDES=`echo "$INCLUDES" | sed "s|-I@PREFIX@/include ||g"`
++  INCLUDES="$INCLUDES -I@PREFIX@/include"
++
++  LDFLAGS=`echo "$LDFLAGS" | sed "s|-L@PREFIX@/lib ||g"`
++  OPENSSL_SHARED_LIBADD="$OPENSSL_SHARED_LIBADD -L@PREFIX@/lib"
+ fi

From 529200187bbc98ad6c7740b7e9122779365991bf Mon Sep 17 00:00:00 2001
From: Chih-Hsuan Yen <yan12125@macports.org>
Date: Tue, 14 May 2019 23:33:21 +0800
Subject: [PATCH 3/4] python26: use old_openssl port group

No revbump as the result binary should remain the same
---
 lang/python26/Portfile | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lang/python26/Portfile b/lang/python26/Portfile
index 72fa17c135364..915a01a1744ff 100644
--- a/lang/python26/Portfile
+++ b/lang/python26/Portfile
@@ -2,6 +2,7 @@
 
 PortSystem 1.0
 PortGroup select 1.0
+PortGroup old_openssl 1.0
 
 name                    python26
 # Remember to keep py26-tkinter and py26-gdbm's versions sync'd with this
@@ -48,7 +49,7 @@ patchfiles              patch-Makefile.pre.in.diff \
                         yosemite.patch \
                         improve-QuickTime.h-check.patch
 
-depends_lib             port:gettext port:zlib port:openssl10 \
+depends_lib             port:gettext port:zlib \
                         port:sqlite3 port:db46 port:ncurses \
                         port:bzip2 port:libedit
 depends_run             port:python_select \
@@ -61,8 +62,8 @@ configure.ccache        no
 # signed integer overflow is normally undefined as per the C spec, but python
 # needs it to be defined as twos-complement
 configure.cflags-append -fwrapv
-configure.cppflags-prepend -I${prefix}/include/openssl-1.0
-configure.ldflags-prepend -L${prefix}/lib/openssl-1.0
+openssl.branch 1.0
+openssl.configure build_flags
 
 post-patch {
    reinplace "s|@@PREFIX@@|${prefix}|g" ${worksrcpath}/Lib/cgi.py \

From 8e8ffcdfae750dd48253a6da7b81c65c58281fa8 Mon Sep 17 00:00:00 2001
From: Chih-Hsuan Yen <yan12125@macports.org>
Date: Fri, 17 May 2019 00:37:27 +0800
Subject: [PATCH 4/4] ruby: use old_openssl port group

---
 lang/ruby/Portfile | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lang/ruby/Portfile b/lang/ruby/Portfile
index 1d2057faa3ae4..48c17f33c58e1 100644
--- a/lang/ruby/Portfile
+++ b/lang/ruby/Portfile
@@ -4,6 +4,7 @@ PortSystem		1.0
 PortGroup		muniversal 1.0
 PortGroup		compiler_blacklist_versions 1.0
 PortGroup		select 1.0
+PortGroup		old_openssl 1.0
 
 name			ruby
 version			1.8.7-p374
@@ -34,12 +35,13 @@ platforms		darwin
 
 depends_lib		port:libiconv \
 				port:readline \
-                port:openssl10 \
 				port:zlib \
 				port:ncurses \
 				port:gdbm
 depends_run		port:ruby_select
 
+openssl.branch  1.0
+
 select.group	ruby
 select.file		${filespath}/ruby18
 
@@ -97,8 +99,8 @@ configure.args	--enable-shared \
 				--without-tk \
 				--with-vendordir=${prefix}/lib/ruby/vendor_ruby \
 				--with-opt-dir=${prefix} \
-                --with-openssl-include=${prefix}/include/openssl-1.0 \
-                --with-openssl-lib=${prefix}/lib/openssl-1.0 \
+                --with-openssl-include=${openssl.includedir} \
+                --with-openssl-lib=${openssl.libdir} \
 				--program-suffix=1.8
 # ignore minor version for archdir, like i686-darwin9
 configure.env	UNAME_RELEASE=${os.major}