1 |
cardoe 08/03/25 00:27:16 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: openssl-0.9.8g-r1.ebuild |
5 |
Log: |
6 |
Patch from OpenSSL's bug tracker not to send TLS Extensions on SSLv3 only connections, while not explicitly against the SSL spec, several SSL implementations can not handle it. Patch by Kaspar Brand <ossl-rt@×××××.ch> from http://rt.openssl.org/Ticket/Display.html?id=1629. Resolves bug #198914 |
7 |
(Portage version: 2.1.4.4) |
8 |
|
9 |
Revision Changes Path |
10 |
1.258 dev-libs/openssl/ChangeLog |
11 |
|
12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/ChangeLog?rev=1.258&view=markup |
13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/ChangeLog?rev=1.258&content-type=text/plain |
14 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/ChangeLog?r1=1.257&r2=1.258 |
15 |
|
16 |
Index: ChangeLog |
17 |
=================================================================== |
18 |
RCS file: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v |
19 |
retrieving revision 1.257 |
20 |
retrieving revision 1.258 |
21 |
diff -u -r1.257 -r1.258 |
22 |
--- ChangeLog 24 Dec 2007 17:22:17 -0000 1.257 |
23 |
+++ ChangeLog 25 Mar 2008 00:27:14 -0000 1.258 |
24 |
@@ -1,6 +1,16 @@ |
25 |
# ChangeLog for dev-libs/openssl |
26 |
-# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 |
27 |
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.257 2007/12/24 17:22:17 vapier Exp $ |
28 |
+# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 |
29 |
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.258 2008/03/25 00:27:14 cardoe Exp $ |
30 |
+ |
31 |
+*openssl-0.9.8g-r1 (25 Mar 2008) |
32 |
+ |
33 |
+ 25 Mar 2008; Doug Goldstein <cardoe@g.o> |
34 |
+ +files/openssl-0.9.8g-sslv3-no-tlsext.patch, +openssl-0.9.8g-r1.ebuild: |
35 |
+ Patch from OpenSSL's bug tracker not to send TLS Extensions on SSLv3 only |
36 |
+ connections, while not explicitly against the SSL spec, several SSL |
37 |
+ implementations can not handle it. Patch by Kaspar Brand |
38 |
+ <ossl-rt@×××××.ch> from http://rt.openssl.org/Ticket/Display.html?id=1629. |
39 |
+ Resolves bug #198914 |
40 |
|
41 |
24 Dec 2007; Mike Frysinger <vapier@g.o> openssl-0.9.8g.ebuild: |
42 |
Dont force src_test any longer as things seem to be sane. |
43 |
|
44 |
|
45 |
|
46 |
1.1 dev-libs/openssl/openssl-0.9.8g-r1.ebuild |
47 |
|
48 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/openssl-0.9.8g-r1.ebuild?rev=1.1&view=markup |
49 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/openssl-0.9.8g-r1.ebuild?rev=1.1&content-type=text/plain |
50 |
|
51 |
Index: openssl-0.9.8g-r1.ebuild |
52 |
=================================================================== |
53 |
# Copyright 1999-2008 Gentoo Foundation |
54 |
# Distributed under the terms of the GNU General Public License v2 |
55 |
# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8g-r1.ebuild,v 1.1 2008/03/25 00:27:14 cardoe Exp $ |
56 |
|
57 |
inherit eutils flag-o-matic toolchain-funcs |
58 |
|
59 |
DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" |
60 |
HOMEPAGE="http://www.openssl.org/" |
61 |
SRC_URI="mirror://openssl/source/${P}.tar.gz" |
62 |
|
63 |
LICENSE="openssl" |
64 |
SLOT="0" |
65 |
KEYWORDS="-* ~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" |
66 |
IUSE="bindist emacs gmp kerberos sse2 test zlib" |
67 |
|
68 |
RDEPEND="gmp? ( dev-libs/gmp ) |
69 |
zlib? ( sys-libs/zlib ) |
70 |
kerberos? ( app-crypt/mit-krb5 )" |
71 |
DEPEND="${RDEPEND} |
72 |
sys-apps/diffutils |
73 |
>=dev-lang/perl-5 |
74 |
test? ( sys-devel/bc )" |
75 |
PDEPEND="app-misc/ca-certificates" |
76 |
|
77 |
src_unpack() { |
78 |
unpack ${A} |
79 |
cd "${S}" |
80 |
|
81 |
epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch |
82 |
epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch |
83 |
epatch "${FILESDIR}"/${PN}-0.9.8b-parallel-build.patch |
84 |
epatch "${FILESDIR}"/${PN}-0.9.8-make-engines-dir.patch |
85 |
epatch "${FILESDIR}"/${PN}-0.9.8-toolchain.patch |
86 |
epatch "${FILESDIR}"/${PN}-0.9.8b-doc-updates.patch |
87 |
epatch "${FILESDIR}"/${PN}-0.9.8-makedepend.patch #149583 |
88 |
epatch "${FILESDIR}"/${PN}-0.9.8e-make.patch #146316 |
89 |
epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch |
90 |
epatch "${FILESDIR}"/${PN}-0.9.8g-sslv3-no-tlsext.patch |
91 |
|
92 |
# allow openssl to be cross-compiled |
93 |
cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed" |
94 |
chmod a+rx gentoo.config |
95 |
|
96 |
# Don't build manpages if we don't want them |
97 |
has noman FEATURES \ |
98 |
&& sed -i '/^install:/s:install_docs::' Makefile.org \ |
99 |
|| sed -i '/^MANDIR=/s:=.*:=/usr/share/man:' Makefile.org |
100 |
|
101 |
# Try to derice users and work around broken ass toolchains |
102 |
if [[ $(gcc-major-version) == "3" ]] ; then |
103 |
filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops |
104 |
[[ $(tc-arch) == "ppc64" ]] && replace-flags -O? -O |
105 |
fi |
106 |
[[ $(tc-arch) == ppc* ]] && append-flags -fno-strict-aliasing |
107 |
append-flags -Wa,--noexecstack |
108 |
|
109 |
# using a library directory other than lib requires some magic |
110 |
sed -i \ |
111 |
-e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \ |
112 |
-e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \ |
113 |
Makefile.org engines/Makefile \ |
114 |
|| die "sed failed" |
115 |
./config --test-sanity || die "I AM NOT SANE" |
116 |
} |
117 |
|
118 |
src_compile() { |
119 |
unset APPS #197996 |
120 |
|
121 |
tc-export CC AR RANLIB |
122 |
|
123 |
# Clean out patent-or-otherwise-encumbered code |
124 |
# Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) |
125 |
# IDEA: 5,214,703 25/05/2010 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm |
126 |
# EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography |
127 |
# MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 |
128 |
# RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 |
129 |
|
130 |
use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; } |
131 |
echoit() { echo "$@" ; "$@" ; } |
132 |
|
133 |
local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
134 |
|
135 |
local sslout=$(./gentoo.config) |
136 |
einfo "Use configuration ${sslout:-(openssl knows best)}" |
137 |
local config="Configure" |
138 |
[[ -z ${sslout} ]] && config="config" |
139 |
echoit \ |
140 |
./${config} \ |
141 |
${sslout} \ |
142 |
$(use sse2 || echo "no-sse2") \ |
143 |
enable-camellia \ |
144 |
$(use_ssl !bindist ec) \ |
145 |
$(use_ssl !bindist idea) \ |
146 |
enable-mdc2 \ |
147 |
$(use_ssl !bindist rc5) \ |
148 |
enable-tlsext \ |
149 |
$(use_ssl gmp) \ |
150 |
$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ |
151 |
$(use_ssl zlib) \ |
152 |
$(use_ssl zlib zlib-dynamic) \ |
153 |
--prefix=/usr \ |
154 |
--openssldir=/etc/ssl \ |
155 |
shared threads \ |
156 |
|| die "Configure failed" |
157 |
|
158 |
# Clean out hardcoded flags that openssl uses |
159 |
local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ |
160 |
-e 's:^CFLAG=::' \ |
161 |
-e 's:-fomit-frame-pointer ::g' \ |
162 |
-e 's:-O[0-9] ::g' \ |
163 |
-e 's:-march=[-a-z0-9]* ::g' \ |
164 |
-e 's:-mcpu=[-a-z0-9]* ::g' \ |
165 |
-e 's:-m[a-z0-9]* ::g' \ |
166 |
) |
167 |
sed -i \ |
168 |
-e "/^CFLAG/s:=.*:=${CFLAG} ${CFLAGS}:" \ |
169 |
-e "/^SHARED_LDFLAGS=/s:$: ${LDFLAGS}:" \ |
170 |
Makefile || die |
171 |
|
172 |
# depend is needed to use $confopts |
173 |
# rehash is needed to prep the certs/ dir |
174 |
emake -j1 depend || die "depend failed" |
175 |
emake all rehash || die "make all failed" |
176 |
} |
177 |
|
178 |
src_test() { |
179 |
# make sure sandbox doesnt die on *BSD |
180 |
addpredict /dev/crypto |
181 |
|
182 |
emake -j1 test || die "make test failed" |
183 |
} |
184 |
|
185 |
src_install() { |
186 |
emake -j1 INSTALL_PREFIX="${D}" install || die |
187 |
dodoc CHANGES* FAQ NEWS README doc/*.txt |
188 |
dohtml doc/* |
189 |
|
190 |
if use emacs ; then |
191 |
insinto /usr/share/emacs/site-lisp |
192 |
doins doc/c-indentation.el |
193 |
fi |
194 |
|
195 |
# create the certs directory |
196 |
dodir /etc/ssl/certs |
197 |
cp -RP certs/* "${D}"/etc/ssl/certs/ || die "failed to install certs" |
198 |
rm -r "${D}"/etc/ssl/certs/{demo,expired} |
199 |
|
200 |
# Namespace openssl programs to prevent conflicts with other man pages |
201 |
cd "${D}"/usr/share/man |
202 |
local m d s |
203 |
for m in $(find . -type f | xargs grep -L '#include') ; do |
204 |
d=${m%/*} ; d=${d#./} ; m=${m##*/} |
205 |
[[ ${m} == openssl.1* ]] && continue |
206 |
[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
207 |
mv ${d}/{,ssl-}${m} |
208 |
ln -s ssl-${m} ${d}/openssl-${m} |
209 |
# locate any symlinks that point to this man page ... we assume |
210 |
# that any broken links are due to the above renaming |
211 |
for s in $(find -L ${d} -type l) ; do |
212 |
s=${s##*/} |
213 |
rm -f ${d}/${s} |
214 |
ln -s ssl-${m} ${d}/ssl-${s} |
215 |
ln -s ssl-${s} ${d}/openssl-${s} |
216 |
done |
217 |
done |
218 |
[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
219 |
|
220 |
diropts -m0700 |
221 |
keepdir /etc/ssl/private |
222 |
} |
223 |
|
224 |
pkg_preinst() { |
225 |
preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7} |
226 |
} |
227 |
|
228 |
pkg_postinst() { |
229 |
preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7} |
230 |
|
231 |
if [[ ${CHOST} == i686* ]] ; then |
232 |
ewarn "Due to the way openssl is architected, you cannot" |
233 |
ewarn "switch between optimized versions without breaking" |
234 |
ewarn "ABI. The default i686 0.9.8 ABI was an unoptimized" |
235 |
ewarn "version with horrible performance. This version uses" |
236 |
ewarn "the optimized ABI. If you experience segfaults when" |
237 |
ewarn "using ssl apps (like openssh), just re-emerge the" |
238 |
ewarn "offending package." |
239 |
fi |
240 |
} |
241 |
|
242 |
|
243 |
|
244 |
-- |
245 |
gentoo-commits@l.g.o mailing list |