[gentoo-commits] gentoo-x86 commit in dev-libs/openssl: ChangeLog openssl-0.9.8e-r3.ebuild - gentoo-commits

From:	"Mike Frysinger (vapier)" <vapier@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in dev-libs/openssl: ChangeLog openssl-0.9.8e-r3.ebuild
Date:	Sun, 30 Sep 2007 01:29:48
Message-Id:	`E1IbnUT-0006Ln-1f@stork.gentoo.org`

1

vapier      07/09/30 01:21:01

2

3

  Modified:             ChangeLog

4

  Added:                openssl-0.9.8e-r3.ebuild

5

  Log:

6

  Add fix from upstream for CVE-2007-5135 #194039.

7

  (Portage version: 2.1.3.9)

8

9

Revision  Changes    Path

10

1.222                dev-libs/openssl/ChangeLog

11

12

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/ChangeLog?rev=1.222&view=markup

13

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/ChangeLog?rev=1.222&content-type=text/plain

14

diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/ChangeLog?r1=1.221&r2=1.222

15

16

Index: ChangeLog

17

===================================================================

18

RCS file: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v

19

retrieving revision 1.221

20

retrieving revision 1.222

21

diff -u -r1.221 -r1.222

22

--- ChangeLog	29 Aug 2007 10:14:17 -0000	1.221

23

+++ ChangeLog	30 Sep 2007 01:21:00 -0000	1.222

24

@@ -1,6 +1,12 @@

25

 # ChangeLog for dev-libs/openssl

26

 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2

27

-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.221 2007/08/29 10:14:17 corsair Exp $

28

+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.222 2007/09/30 01:21:00 vapier Exp $

29

+

30

+*openssl-0.9.8e-r3 (30 Sep 2007)

31

+

32

+  30 Sep 2007; Mike Frysinger <vapier@g.o>

33

+  +files/openssl-0.9.8e-CVE-2007-5135.patch, +openssl-0.9.8e-r3.ebuild:

34

+  Add fix from upstream for CVE-2007-5135 #194039.

35

36

   29 Aug 2007; Markus Rothe <corsair@g.o> openssl-0.9.8e-r2.ebuild:

37

   Stable on ppc64; bug #188799

1.1                  dev-libs/openssl/openssl-0.9.8e-r3.ebuild

42

43

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/openssl-0.9.8e-r3.ebuild?rev=1.1&view=markup

44

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/openssl-0.9.8e-r3.ebuild?rev=1.1&content-type=text/plain

45

46

Index: openssl-0.9.8e-r3.ebuild

47

===================================================================

48

# Copyright 1999-2007 Gentoo Foundation

49

# Distributed under the terms of the GNU General Public License v2

50

# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8e-r3.ebuild,v 1.1 2007/09/30 01:21:00 vapier Exp $

51

52

inherit eutils flag-o-matic toolchain-funcs

53

54

DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"

55

HOMEPAGE="http://www.openssl.org/"

56

SRC_URI="mirror://openssl/source/${P}.tar.gz"

57

58

LICENSE="openssl"

59

SLOT="0"

60

KEYWORDS="-* ~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"

61

IUSE="bindist emacs sse2 test zlib"

62

63

RDEPEND=""

64

DEPEND="${RDEPEND}

65

	sys-apps/diffutils

66

	>=dev-lang/perl-5

67

	test? ( sys-devel/bc )"

68

PDEPEND="app-misc/ca-certificates"

69

70

src_unpack() {

71

	unpack ${A}

72

73

	cd "${S}"

74

75

	epatch "${FILESDIR}"/${PN}-0.9.8-ppc64.patch

76

	epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch

77

	epatch "${FILESDIR}"/${PN}-0.9.8-hppa-fix-detection.patch

78

	epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch

79

	epatch "${FILESDIR}"/${PN}-0.9.8b-parallel-build.patch

80

	epatch "${FILESDIR}"/${PN}-0.9.8-make-engines-dir.patch

81

	epatch "${FILESDIR}"/${PN}-0.9.8-toolchain.patch

82

	epatch "${FILESDIR}"/${PN}-0.9.8b-doc-updates.patch

83

	epatch "${FILESDIR}"/${PN}-0.9.8-makedepend.patch #149583

84

	epatch "${FILESDIR}"/${PN}-0.9.8-evp-key-len.patch #168750

85

	epatch "${FILESDIR}"/${PN}-0.9.8e-CVE-2007-3108.patch #188799

86

	epatch "${FILESDIR}"/${PN}-0.9.8e-CVE-2007-5135.patch #194039

87

	[[ $(gcc-version) == "4.2" ]] && epatch "${FILESDIR}"/${PN}-0.9.8-gcc42.patch #158324

88

89

	# allow openssl to be cross-compiled

90

	cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"

91

	chmod a+rx gentoo.config

92

93

	# Don't build manpages if we don't want them

94

	has noman FEATURES \

95

		&& sed -i '/^install:/s:install_docs::' Makefile.org \

96

		|| sed -i '/^MANDIR=/s:=.*:=/usr/share/man:' Makefile.org

97

98

	# Try to derice users and work around broken ass toolchains

99

	if [[ $(gcc-major-version) == "3" ]] ; then

100

		filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops

101

		[[ $(tc-arch) == "ppc64" ]] && replace-flags -O? -O

102

fi

103

	[[ $(tc-arch) == ppc* ]] && append-flags -fno-strict-aliasing

104

	append-flags -Wa,--noexecstack

105

106

	# using a library directory other than lib requires some magic

107

	sed -i \

108

		-e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \

109

		-e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \

110

		Makefile.org engines/Makefile \

111

		|| die "sed failed"

112

	./config --test-sanity || die "I AM NOT SANE"

113

}

114

115

src_compile() {

116

	tc-export CC AR RANLIB

117

118

	# Clean out patent-or-otherwise-encumbered code

119

	# IDEA:  5,214,703 25/05/2010

120

	# RC5:   5,724,428 03/03/2015

121

	# EC:    ????????? ??/??/2015

122

	local confopts=""

123

	if use bindist ; then

124

		confopts="no-idea no-rc5 no-ec"

125

	else

126

		confopts="enable-idea enable-rc5 enable-mdc2 enable-ec"

127

fi

128

	use zlib && confopts="${confopts} zlib-dynamic"

129

	use sse2 || confopts="${confopts} no-sse2"

130

131

	local sslout=$(./gentoo.config)

132

	einfo "Use configuration ${sslout:-(openssl knows best)}"

133

	local config="Configure"

134

	[[ -z ${sslout} ]] && config="config"

135

	./${config} \

136

		${sslout} \

137

		${confopts} \

138

		--prefix=/usr \

139

		--openssldir=/etc/ssl \

140

		shared threads \

141

		|| die "Configure failed"

142

143

	# Clean out hardcoded flags that openssl uses

144

	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \

145

		-e 's:^CFLAG=::' \

146

		-e 's:-fomit-frame-pointer ::g' \

147

		-e 's:-O[0-9] ::g' \

148

		-e 's:-march=[-a-z0-9]* ::g' \

149

		-e 's:-mcpu=[-a-z0-9]* ::g' \

150

		-e 's:-m[a-z0-9]* ::g' \

151

)

152

	sed -i \

153

		-e "/^CFLAG/s:=.*:=${CFLAG} ${CFLAGS}:" \

154

		-e "/^SHARED_LDFLAGS=/s:$: ${LDFLAGS}:" \

155

		Makefile || die

156

157

	# depend is needed to use $confopts

158

	# rehash is needed to prep the certs/ dir

159

	emake -j1 depend || die "depend failed"

160

	emake all rehash || die "make all failed"

161

162

	# force until we get all the gentoo.config kinks worked out

163

	if has test ${FEATURES} && ! tc-is-cross-compiler ; then

164

		src_test

165

fi

166

}

167

168

src_test() {

169

	# make sure sandbox doesnt die on *BSD

170

	addpredict /dev/crypto

171

172

	make test || die "make test failed"

173

}

174

175

src_install() {

176

	emake -j1 INSTALL_PREFIX="${D}" install || die

177

	dodoc CHANGES* FAQ NEWS README doc/*.txt

178

	dohtml doc/*

179

180

	if use emacs ; then

181

		insinto /usr/share/emacs/site-lisp

182

		doins doc/c-indentation.el

183

fi

184

185

	# create the certs directory

186

	dodir /etc/ssl/certs

187

	cp -RP certs/* "${D}"/etc/ssl/certs/ || die "failed to install certs"

188

	rm -r "${D}"/etc/ssl/certs/{demo,expired}

189

190

	# Namespace openssl programs to prevent conflicts with other man pages

191

	cd "${D}"/usr/share/man

192

	local m d s

193

	for m in $(find . -type f | xargs grep -L '#include') ; do

194

		d=${m%/*} ; d=${d#./} ; m=${m##*/}

195

		[[ ${m} == openssl.1* ]] && continue

196

		mv ${d}/{,ssl-}${m}

197

		ln -s ssl-${m} ${d}/openssl-${m}

198

		# locate any symlinks that point to this man page

199

		for s in $(find ${d} -lname ${m}) ; do

200

			s=${s##*/}

201

			rm -f ${d}/${s}

202

			ln -s ssl-${m} ${d}/ssl-${s}

203

			ln -s ssl-${s} ${d}/openssl-${s}

204

		done

205

	done

206

207

	diropts -m0700

208

	keepdir /etc/ssl/private

209

}

210

211

pkg_preinst() {

212

	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7}

213

}

214

215

pkg_postinst() {

216

	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7}

217

218

	if [[ ${CHOST} == i686* ]] ; then

219

		ewarn "Due to the way openssl is architected, you cannot"

220

		ewarn "switch between optimized versions without breaking"

221

		ewarn "ABI.  The default i686 0.9.8 ABI was an unoptimized"

222

		ewarn "version with horrible performance.  This version uses"

223

		ewarn "the optimized ABI.  If you experience segfaults when"

224

		ewarn "using ssl apps (like openssh), just re-emerge the"

225

		ewarn "offending package."

226

fi

227

}

--

232

gentoo-commits@g.o mailing list

1	vapier 07/09/30 01:21:01
2
3	Modified: ChangeLog
4	Added: openssl-0.9.8e-r3.ebuild
5	Log:
6	Add fix from upstream for CVE-2007-5135 #194039.
7	(Portage version: 2.1.3.9)
8
9	Revision Changes Path
10	1.222 dev-libs/openssl/ChangeLog
11
12	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/ChangeLog?rev=1.222&view=markup
13	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/ChangeLog?rev=1.222&content-type=text/plain
14	diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/ChangeLog?r1=1.221&r2=1.222
15
16	Index: ChangeLog
17	===================================================================
18	RCS file: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v
19	retrieving revision 1.221
20	retrieving revision 1.222
21	diff -u -r1.221 -r1.222
22	--- ChangeLog 29 Aug 2007 10:14:17 -0000 1.221
23	+++ ChangeLog 30 Sep 2007 01:21:00 -0000 1.222
24	@@ -1,6 +1,12 @@
25	# ChangeLog for dev-libs/openssl
26	# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
27	-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.221 2007/08/29 10:14:17 corsair Exp $
28	+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.222 2007/09/30 01:21:00 vapier Exp $
29	+
30	+*openssl-0.9.8e-r3 (30 Sep 2007)
31	+
32	+ 30 Sep 2007; Mike Frysinger <vapier@g.o>
33	+ +files/openssl-0.9.8e-CVE-2007-5135.patch, +openssl-0.9.8e-r3.ebuild:
34	+ Add fix from upstream for CVE-2007-5135 #194039.
35
36	29 Aug 2007; Markus Rothe <corsair@g.o> openssl-0.9.8e-r2.ebuild:
37	Stable on ppc64; bug #188799
38
39
40
41	1.1 dev-libs/openssl/openssl-0.9.8e-r3.ebuild
42
43	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/openssl-0.9.8e-r3.ebuild?rev=1.1&view=markup
44	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/openssl-0.9.8e-r3.ebuild?rev=1.1&content-type=text/plain
45
46	Index: openssl-0.9.8e-r3.ebuild
47	===================================================================
48	# Copyright 1999-2007 Gentoo Foundation
49	# Distributed under the terms of the GNU General Public License v2
50	# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8e-r3.ebuild,v 1.1 2007/09/30 01:21:00 vapier Exp $
51
52	inherit eutils flag-o-matic toolchain-funcs
53
54	DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
55	HOMEPAGE="http://www.openssl.org/"
56	SRC_URI="mirror://openssl/source/${P}.tar.gz"
57
58	LICENSE="openssl"
59	SLOT="0"
60	KEYWORDS="-* ~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
61	IUSE="bindist emacs sse2 test zlib"
62
63	RDEPEND=""
64	DEPEND="${RDEPEND}
65	sys-apps/diffutils
66	>=dev-lang/perl-5
67	test? ( sys-devel/bc )"
68	PDEPEND="app-misc/ca-certificates"
69
70	src_unpack() {
71	unpack ${A}
72
73	cd "${S}"
74
75	epatch "${FILESDIR}"/${PN}-0.9.8-ppc64.patch
76	epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch
77	epatch "${FILESDIR}"/${PN}-0.9.8-hppa-fix-detection.patch
78	epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch
79	epatch "${FILESDIR}"/${PN}-0.9.8b-parallel-build.patch
80	epatch "${FILESDIR}"/${PN}-0.9.8-make-engines-dir.patch
81	epatch "${FILESDIR}"/${PN}-0.9.8-toolchain.patch
82	epatch "${FILESDIR}"/${PN}-0.9.8b-doc-updates.patch
83	epatch "${FILESDIR}"/${PN}-0.9.8-makedepend.patch #149583
84	epatch "${FILESDIR}"/${PN}-0.9.8-evp-key-len.patch #168750
85	epatch "${FILESDIR}"/${PN}-0.9.8e-CVE-2007-3108.patch #188799
86	epatch "${FILESDIR}"/${PN}-0.9.8e-CVE-2007-5135.patch #194039
87	[[ $(gcc-version) == "4.2" ]] && epatch "${FILESDIR}"/${PN}-0.9.8-gcc42.patch #158324
88
89	# allow openssl to be cross-compiled
90	cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config \|\| die "cp cross-compile failed"
91	chmod a+rx gentoo.config
92
93	# Don't build manpages if we don't want them
94	has noman FEATURES \
95	&& sed -i '/^install:/s:install_docs::' Makefile.org \
96	\|\| sed -i '/^MANDIR=/s:=.*:=/usr/share/man:' Makefile.org
97
98	# Try to derice users and work around broken ass toolchains
99	if [[ $(gcc-major-version) == "3" ]] ; then
100	filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops
101	[[ $(tc-arch) == "ppc64" ]] && replace-flags -O? -O
102	fi
103	[[ $(tc-arch) == ppc* ]] && append-flags -fno-strict-aliasing
104	append-flags -Wa,--noexecstack
105
106	# using a library directory other than lib requires some magic
107	sed -i \
108	-e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \
109	-e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \
110	Makefile.org engines/Makefile \
111	\|\| die "sed failed"
112	./config --test-sanity \|\| die "I AM NOT SANE"
113	}
114
115	src_compile() {
116	tc-export CC AR RANLIB
117
118	# Clean out patent-or-otherwise-encumbered code
119	# IDEA: 5,214,703 25/05/2010
120	# RC5: 5,724,428 03/03/2015
121	# EC: ????????? ??/??/2015
122	local confopts=""
123	if use bindist ; then
124	confopts="no-idea no-rc5 no-ec"
125	else
126	confopts="enable-idea enable-rc5 enable-mdc2 enable-ec"
127	fi
128	use zlib && confopts="${confopts} zlib-dynamic"
129	use sse2 \|\| confopts="${confopts} no-sse2"
130
131	local sslout=$(./gentoo.config)
132	einfo "Use configuration ${sslout:-(openssl knows best)}"
133	local config="Configure"
134	[[ -z ${sslout} ]] && config="config"
135	./${config} \
136	${sslout} \
137	${confopts} \
138	--prefix=/usr \
139	--openssldir=/etc/ssl \
140	shared threads \
141	\|\| die "Configure failed"
142
143	# Clean out hardcoded flags that openssl uses
144	local CFLAG=$(grep ^CFLAG= Makefile \| LC_ALL=C sed \
145	-e 's:^CFLAG=::' \
146	-e 's:-fomit-frame-pointer ::g' \
147	-e 's:-O[0-9] ::g' \
148	-e 's:-march=[-a-z0-9]* ::g' \
149	-e 's:-mcpu=[-a-z0-9]* ::g' \
150	-e 's:-m[a-z0-9]* ::g' \
151	)
152	sed -i \
153	-e "/^CFLAG/s:=.*:=${CFLAG} ${CFLAGS}:" \
154	-e "/^SHARED_LDFLAGS=/s:$: ${LDFLAGS}:" \
155	Makefile \|\| die
156
157	# depend is needed to use $confopts
158	# rehash is needed to prep the certs/ dir
159	emake -j1 depend \|\| die "depend failed"
160	emake all rehash \|\| die "make all failed"
161
162	# force until we get all the gentoo.config kinks worked out
163	if has test ${FEATURES} && ! tc-is-cross-compiler ; then
164	src_test
165	fi
166	}
167
168	src_test() {
169	# make sure sandbox doesnt die on *BSD
170	addpredict /dev/crypto
171
172	make test \|\| die "make test failed"
173	}
174
175	src_install() {
176	emake -j1 INSTALL_PREFIX="${D}" install \|\| die
177	dodoc CHANGES* FAQ NEWS README doc/*.txt
178	dohtml doc/*
179
180	if use emacs ; then
181	insinto /usr/share/emacs/site-lisp
182	doins doc/c-indentation.el
183	fi
184
185	# create the certs directory
186	dodir /etc/ssl/certs
187	cp -RP certs/* "${D}"/etc/ssl/certs/ \|\| die "failed to install certs"
188	rm -r "${D}"/etc/ssl/certs/{demo,expired}
189
190	# Namespace openssl programs to prevent conflicts with other man pages
191	cd "${D}"/usr/share/man
192	local m d s
193	for m in $(find . -type f \| xargs grep -L '#include') ; do
194	d=${m%/} ; d=${d#./} ; m=${m##/}
195	[[ ${m} == openssl.1* ]] && continue
196	mv ${d}/{,ssl-}${m}
197	ln -s ssl-${m} ${d}/openssl-${m}
198	# locate any symlinks that point to this man page
199	for s in $(find ${d} -lname ${m}) ; do
200	s=${s##*/}
201	rm -f ${d}/${s}
202	ln -s ssl-${m} ${d}/ssl-${s}
203	ln -s ssl-${s} ${d}/openssl-${s}
204	done
205	done
206
207	diropts -m0700
208	keepdir /etc/ssl/private
209	}
210
211	pkg_preinst() {
212	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7}
213	}
214
215	pkg_postinst() {
216	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7}
217
218	if [[ ${CHOST} == i686* ]] ; then
219	ewarn "Due to the way openssl is architected, you cannot"
220	ewarn "switch between optimized versions without breaking"
221	ewarn "ABI. The default i686 0.9.8 ABI was an unoptimized"
222	ewarn "version with horrible performance. This version uses"
223	ewarn "the optimized ABI. If you experience segfaults when"
224	ewarn "using ssl apps (like openssh), just re-emerge the"
225	ewarn "offending package."
226	fi
227	}
228
229
230
231	--
232	gentoo-commits@g.o mailing list

Gentoo Archives: gentoo-commits