1 |
vapier 07/09/30 01:21:01 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: openssl-0.9.8e-r3.ebuild |
5 |
Log: |
6 |
Add fix from upstream for CVE-2007-5135 #194039. |
7 |
(Portage version: 2.1.3.9) |
8 |
|
9 |
Revision Changes Path |
10 |
1.222 dev-libs/openssl/ChangeLog |
11 |
|
12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/ChangeLog?rev=1.222&view=markup |
13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/ChangeLog?rev=1.222&content-type=text/plain |
14 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/ChangeLog?r1=1.221&r2=1.222 |
15 |
|
16 |
Index: ChangeLog |
17 |
=================================================================== |
18 |
RCS file: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v |
19 |
retrieving revision 1.221 |
20 |
retrieving revision 1.222 |
21 |
diff -u -r1.221 -r1.222 |
22 |
--- ChangeLog 29 Aug 2007 10:14:17 -0000 1.221 |
23 |
+++ ChangeLog 30 Sep 2007 01:21:00 -0000 1.222 |
24 |
@@ -1,6 +1,12 @@ |
25 |
# ChangeLog for dev-libs/openssl |
26 |
# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 |
27 |
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.221 2007/08/29 10:14:17 corsair Exp $ |
28 |
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.222 2007/09/30 01:21:00 vapier Exp $ |
29 |
+ |
30 |
+*openssl-0.9.8e-r3 (30 Sep 2007) |
31 |
+ |
32 |
+ 30 Sep 2007; Mike Frysinger <vapier@g.o> |
33 |
+ +files/openssl-0.9.8e-CVE-2007-5135.patch, +openssl-0.9.8e-r3.ebuild: |
34 |
+ Add fix from upstream for CVE-2007-5135 #194039. |
35 |
|
36 |
29 Aug 2007; Markus Rothe <corsair@g.o> openssl-0.9.8e-r2.ebuild: |
37 |
Stable on ppc64; bug #188799 |
38 |
|
39 |
|
40 |
|
41 |
1.1 dev-libs/openssl/openssl-0.9.8e-r3.ebuild |
42 |
|
43 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/openssl-0.9.8e-r3.ebuild?rev=1.1&view=markup |
44 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/openssl-0.9.8e-r3.ebuild?rev=1.1&content-type=text/plain |
45 |
|
46 |
Index: openssl-0.9.8e-r3.ebuild |
47 |
=================================================================== |
48 |
# Copyright 1999-2007 Gentoo Foundation |
49 |
# Distributed under the terms of the GNU General Public License v2 |
50 |
# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8e-r3.ebuild,v 1.1 2007/09/30 01:21:00 vapier Exp $ |
51 |
|
52 |
inherit eutils flag-o-matic toolchain-funcs |
53 |
|
54 |
DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" |
55 |
HOMEPAGE="http://www.openssl.org/" |
56 |
SRC_URI="mirror://openssl/source/${P}.tar.gz" |
57 |
|
58 |
LICENSE="openssl" |
59 |
SLOT="0" |
60 |
KEYWORDS="-* ~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
61 |
IUSE="bindist emacs sse2 test zlib" |
62 |
|
63 |
RDEPEND="" |
64 |
DEPEND="${RDEPEND} |
65 |
sys-apps/diffutils |
66 |
>=dev-lang/perl-5 |
67 |
test? ( sys-devel/bc )" |
68 |
PDEPEND="app-misc/ca-certificates" |
69 |
|
70 |
src_unpack() { |
71 |
unpack ${A} |
72 |
|
73 |
cd "${S}" |
74 |
|
75 |
epatch "${FILESDIR}"/${PN}-0.9.8-ppc64.patch |
76 |
epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch |
77 |
epatch "${FILESDIR}"/${PN}-0.9.8-hppa-fix-detection.patch |
78 |
epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch |
79 |
epatch "${FILESDIR}"/${PN}-0.9.8b-parallel-build.patch |
80 |
epatch "${FILESDIR}"/${PN}-0.9.8-make-engines-dir.patch |
81 |
epatch "${FILESDIR}"/${PN}-0.9.8-toolchain.patch |
82 |
epatch "${FILESDIR}"/${PN}-0.9.8b-doc-updates.patch |
83 |
epatch "${FILESDIR}"/${PN}-0.9.8-makedepend.patch #149583 |
84 |
epatch "${FILESDIR}"/${PN}-0.9.8-evp-key-len.patch #168750 |
85 |
epatch "${FILESDIR}"/${PN}-0.9.8e-CVE-2007-3108.patch #188799 |
86 |
epatch "${FILESDIR}"/${PN}-0.9.8e-CVE-2007-5135.patch #194039 |
87 |
[[ $(gcc-version) == "4.2" ]] && epatch "${FILESDIR}"/${PN}-0.9.8-gcc42.patch #158324 |
88 |
|
89 |
# allow openssl to be cross-compiled |
90 |
cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed" |
91 |
chmod a+rx gentoo.config |
92 |
|
93 |
# Don't build manpages if we don't want them |
94 |
has noman FEATURES \ |
95 |
&& sed -i '/^install:/s:install_docs::' Makefile.org \ |
96 |
|| sed -i '/^MANDIR=/s:=.*:=/usr/share/man:' Makefile.org |
97 |
|
98 |
# Try to derice users and work around broken ass toolchains |
99 |
if [[ $(gcc-major-version) == "3" ]] ; then |
100 |
filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops |
101 |
[[ $(tc-arch) == "ppc64" ]] && replace-flags -O? -O |
102 |
fi |
103 |
[[ $(tc-arch) == ppc* ]] && append-flags -fno-strict-aliasing |
104 |
append-flags -Wa,--noexecstack |
105 |
|
106 |
# using a library directory other than lib requires some magic |
107 |
sed -i \ |
108 |
-e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \ |
109 |
-e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \ |
110 |
Makefile.org engines/Makefile \ |
111 |
|| die "sed failed" |
112 |
./config --test-sanity || die "I AM NOT SANE" |
113 |
} |
114 |
|
115 |
src_compile() { |
116 |
tc-export CC AR RANLIB |
117 |
|
118 |
# Clean out patent-or-otherwise-encumbered code |
119 |
# IDEA: 5,214,703 25/05/2010 |
120 |
# RC5: 5,724,428 03/03/2015 |
121 |
# EC: ????????? ??/??/2015 |
122 |
local confopts="" |
123 |
if use bindist ; then |
124 |
confopts="no-idea no-rc5 no-ec" |
125 |
else |
126 |
confopts="enable-idea enable-rc5 enable-mdc2 enable-ec" |
127 |
fi |
128 |
use zlib && confopts="${confopts} zlib-dynamic" |
129 |
use sse2 || confopts="${confopts} no-sse2" |
130 |
|
131 |
local sslout=$(./gentoo.config) |
132 |
einfo "Use configuration ${sslout:-(openssl knows best)}" |
133 |
local config="Configure" |
134 |
[[ -z ${sslout} ]] && config="config" |
135 |
./${config} \ |
136 |
${sslout} \ |
137 |
${confopts} \ |
138 |
--prefix=/usr \ |
139 |
--openssldir=/etc/ssl \ |
140 |
shared threads \ |
141 |
|| die "Configure failed" |
142 |
|
143 |
# Clean out hardcoded flags that openssl uses |
144 |
local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ |
145 |
-e 's:^CFLAG=::' \ |
146 |
-e 's:-fomit-frame-pointer ::g' \ |
147 |
-e 's:-O[0-9] ::g' \ |
148 |
-e 's:-march=[-a-z0-9]* ::g' \ |
149 |
-e 's:-mcpu=[-a-z0-9]* ::g' \ |
150 |
-e 's:-m[a-z0-9]* ::g' \ |
151 |
) |
152 |
sed -i \ |
153 |
-e "/^CFLAG/s:=.*:=${CFLAG} ${CFLAGS}:" \ |
154 |
-e "/^SHARED_LDFLAGS=/s:$: ${LDFLAGS}:" \ |
155 |
Makefile || die |
156 |
|
157 |
# depend is needed to use $confopts |
158 |
# rehash is needed to prep the certs/ dir |
159 |
emake -j1 depend || die "depend failed" |
160 |
emake all rehash || die "make all failed" |
161 |
|
162 |
# force until we get all the gentoo.config kinks worked out |
163 |
if has test ${FEATURES} && ! tc-is-cross-compiler ; then |
164 |
src_test |
165 |
fi |
166 |
} |
167 |
|
168 |
src_test() { |
169 |
# make sure sandbox doesnt die on *BSD |
170 |
addpredict /dev/crypto |
171 |
|
172 |
make test || die "make test failed" |
173 |
} |
174 |
|
175 |
src_install() { |
176 |
emake -j1 INSTALL_PREFIX="${D}" install || die |
177 |
dodoc CHANGES* FAQ NEWS README doc/*.txt |
178 |
dohtml doc/* |
179 |
|
180 |
if use emacs ; then |
181 |
insinto /usr/share/emacs/site-lisp |
182 |
doins doc/c-indentation.el |
183 |
fi |
184 |
|
185 |
# create the certs directory |
186 |
dodir /etc/ssl/certs |
187 |
cp -RP certs/* "${D}"/etc/ssl/certs/ || die "failed to install certs" |
188 |
rm -r "${D}"/etc/ssl/certs/{demo,expired} |
189 |
|
190 |
# Namespace openssl programs to prevent conflicts with other man pages |
191 |
cd "${D}"/usr/share/man |
192 |
local m d s |
193 |
for m in $(find . -type f | xargs grep -L '#include') ; do |
194 |
d=${m%/*} ; d=${d#./} ; m=${m##*/} |
195 |
[[ ${m} == openssl.1* ]] && continue |
196 |
mv ${d}/{,ssl-}${m} |
197 |
ln -s ssl-${m} ${d}/openssl-${m} |
198 |
# locate any symlinks that point to this man page |
199 |
for s in $(find ${d} -lname ${m}) ; do |
200 |
s=${s##*/} |
201 |
rm -f ${d}/${s} |
202 |
ln -s ssl-${m} ${d}/ssl-${s} |
203 |
ln -s ssl-${s} ${d}/openssl-${s} |
204 |
done |
205 |
done |
206 |
|
207 |
diropts -m0700 |
208 |
keepdir /etc/ssl/private |
209 |
} |
210 |
|
211 |
pkg_preinst() { |
212 |
preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7} |
213 |
} |
214 |
|
215 |
pkg_postinst() { |
216 |
preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7} |
217 |
|
218 |
if [[ ${CHOST} == i686* ]] ; then |
219 |
ewarn "Due to the way openssl is architected, you cannot" |
220 |
ewarn "switch between optimized versions without breaking" |
221 |
ewarn "ABI. The default i686 0.9.8 ABI was an unoptimized" |
222 |
ewarn "version with horrible performance. This version uses" |
223 |
ewarn "the optimized ABI. If you experience segfaults when" |
224 |
ewarn "using ssl apps (like openssh), just re-emerge the" |
225 |
ewarn "offending package." |
226 |
fi |
227 |
} |
228 |
|
229 |
|
230 |
|
231 |
-- |
232 |
gentoo-commits@g.o mailing list |