1 |
cardoe 08/05/30 21:30:29 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: openssl-0.9.8g-r2.ebuild |
5 |
Log: |
6 |
Security fix for CVE-2008-0891 & CVE-2008-1672. bug #223429 |
7 |
(Portage version: 2.1.5.2) |
8 |
|
9 |
Revision Changes Path |
10 |
1.261 dev-libs/openssl/ChangeLog |
11 |
|
12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/ChangeLog?rev=1.261&view=markup |
13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/ChangeLog?rev=1.261&content-type=text/plain |
14 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/ChangeLog?r1=1.260&r2=1.261 |
15 |
|
16 |
Index: ChangeLog |
17 |
=================================================================== |
18 |
RCS file: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v |
19 |
retrieving revision 1.260 |
20 |
retrieving revision 1.261 |
21 |
diff -u -r1.260 -r1.261 |
22 |
--- ChangeLog 28 May 2008 16:30:40 -0000 1.260 |
23 |
+++ ChangeLog 30 May 2008 21:30:29 -0000 1.261 |
24 |
@@ -1,6 +1,13 @@ |
25 |
# ChangeLog for dev-libs/openssl |
26 |
# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 |
27 |
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.260 2008/05/28 16:30:40 vapier Exp $ |
28 |
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.261 2008/05/30 21:30:29 cardoe Exp $ |
29 |
+ |
30 |
+*openssl-0.9.8g-r2 (30 May 2008) |
31 |
+ |
32 |
+ 30 May 2008; Doug Goldstein <cardoe@g.o> |
33 |
+ +files/openssl-0.9.8g-CVE-2008-0891.patch, |
34 |
+ +files/openssl-0.9.8g-CVE-2008-1672.patch, +openssl-0.9.8g-r2.ebuild: |
35 |
+ Security fix for CVE-2008-0891 & CVE-2008-1672. bug #223429 |
36 |
|
37 |
*openssl-0.9.8h (28 May 2008) |
38 |
|
39 |
@@ -29,7 +36,7 @@ |
40 |
19 Nov 2007; Joshua Kinard <kumba@g.o> openssl-0.9.8g.ebuild: |
41 |
Stable on mips, per #198370. |
42 |
|
43 |
- 16 Nov 2007; Doug Klima <cardoe@g.o> openssl-0.9.8g.ebuild: |
44 |
+ 16 Nov 2007; Doug Goldstein <cardoe@g.o> openssl-0.9.8g.ebuild: |
45 |
change depend to mit-krb5 since openssl's Configure script specifically |
46 |
states they don't support building against heimdal and it will break. Which |
47 |
results in a die during the ebuild |
48 |
|
49 |
|
50 |
|
51 |
1.1 dev-libs/openssl/openssl-0.9.8g-r2.ebuild |
52 |
|
53 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/openssl-0.9.8g-r2.ebuild?rev=1.1&view=markup |
54 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/openssl-0.9.8g-r2.ebuild?rev=1.1&content-type=text/plain |
55 |
|
56 |
Index: openssl-0.9.8g-r2.ebuild |
57 |
=================================================================== |
58 |
# Copyright 1999-2008 Gentoo Foundation |
59 |
# Distributed under the terms of the GNU General Public License v2 |
60 |
# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8g-r2.ebuild,v 1.1 2008/05/30 21:30:29 cardoe Exp $ |
61 |
|
62 |
inherit eutils flag-o-matic toolchain-funcs |
63 |
|
64 |
DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" |
65 |
HOMEPAGE="http://www.openssl.org/" |
66 |
SRC_URI="mirror://openssl/source/${P}.tar.gz" |
67 |
|
68 |
LICENSE="openssl" |
69 |
SLOT="0" |
70 |
KEYWORDS="-* ~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" |
71 |
IUSE="bindist gmp kerberos sse2 test zlib" |
72 |
|
73 |
RDEPEND="gmp? ( dev-libs/gmp ) |
74 |
zlib? ( sys-libs/zlib ) |
75 |
kerberos? ( app-crypt/mit-krb5 )" |
76 |
DEPEND="${RDEPEND} |
77 |
sys-apps/diffutils |
78 |
>=dev-lang/perl-5 |
79 |
test? ( sys-devel/bc )" |
80 |
PDEPEND="app-misc/ca-certificates" |
81 |
|
82 |
src_unpack() { |
83 |
unpack ${A} |
84 |
cd "${S}" |
85 |
|
86 |
epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch |
87 |
epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch |
88 |
epatch "${FILESDIR}"/${PN}-0.9.8b-parallel-build.patch |
89 |
epatch "${FILESDIR}"/${PN}-0.9.8-make-engines-dir.patch |
90 |
epatch "${FILESDIR}"/${PN}-0.9.8-toolchain.patch |
91 |
epatch "${FILESDIR}"/${PN}-0.9.8b-doc-updates.patch |
92 |
epatch "${FILESDIR}"/${PN}-0.9.8-makedepend.patch #149583 |
93 |
epatch "${FILESDIR}"/${PN}-0.9.8e-make.patch #146316 |
94 |
epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch |
95 |
epatch "${FILESDIR}"/${PN}-0.9.8g-sslv3-no-tlsext.patch |
96 |
|
97 |
# Security Fixes |
98 |
epatch "${FILESDIR}"/${PN}-0.9.8g-CVE-2008-0891.patch |
99 |
epatch "${FILESDIR}"/${PN}-0.9.8g-CVE-2008-1672.patch |
100 |
|
101 |
# allow openssl to be cross-compiled |
102 |
cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed" |
103 |
chmod a+rx gentoo.config |
104 |
|
105 |
# Don't build manpages if we don't want them |
106 |
has noman FEATURES \ |
107 |
&& sed -i '/^install:/s:install_docs::' Makefile.org \ |
108 |
|| sed -i '/^MANDIR=/s:=.*:=/usr/share/man:' Makefile.org |
109 |
|
110 |
# Try to derice users and work around broken ass toolchains |
111 |
if [[ $(gcc-major-version) == "3" ]] ; then |
112 |
filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops |
113 |
[[ $(tc-arch) == "ppc64" ]] && replace-flags -O? -O |
114 |
fi |
115 |
[[ $(tc-arch) == ppc* ]] && append-flags -fno-strict-aliasing |
116 |
append-flags -Wa,--noexecstack |
117 |
|
118 |
# using a library directory other than lib requires some magic |
119 |
sed -i \ |
120 |
-e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \ |
121 |
-e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \ |
122 |
Makefile.org engines/Makefile \ |
123 |
|| die "sed failed" |
124 |
./config --test-sanity || die "I AM NOT SANE" |
125 |
} |
126 |
|
127 |
src_compile() { |
128 |
unset APPS #197996 |
129 |
|
130 |
tc-export CC AR RANLIB |
131 |
|
132 |
# Clean out patent-or-otherwise-encumbered code |
133 |
# Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) |
134 |
# IDEA: 5,214,703 25/05/2010 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm |
135 |
# EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography |
136 |
# MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 |
137 |
# RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 |
138 |
|
139 |
use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; } |
140 |
echoit() { echo "$@" ; "$@" ; } |
141 |
|
142 |
local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
143 |
|
144 |
local sslout=$(./gentoo.config) |
145 |
einfo "Use configuration ${sslout:-(openssl knows best)}" |
146 |
local config="Configure" |
147 |
[[ -z ${sslout} ]] && config="config" |
148 |
echoit \ |
149 |
./${config} \ |
150 |
${sslout} \ |
151 |
$(use sse2 || echo "no-sse2") \ |
152 |
enable-camellia \ |
153 |
$(use_ssl !bindist ec) \ |
154 |
$(use_ssl !bindist idea) \ |
155 |
enable-mdc2 \ |
156 |
$(use_ssl !bindist rc5) \ |
157 |
enable-tlsext \ |
158 |
$(use_ssl gmp) \ |
159 |
$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ |
160 |
$(use_ssl zlib) \ |
161 |
$(use_ssl zlib zlib-dynamic) \ |
162 |
--prefix=/usr \ |
163 |
--openssldir=/etc/ssl \ |
164 |
shared threads \ |
165 |
|| die "Configure failed" |
166 |
|
167 |
# Clean out hardcoded flags that openssl uses |
168 |
local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ |
169 |
-e 's:^CFLAG=::' \ |
170 |
-e 's:-fomit-frame-pointer ::g' \ |
171 |
-e 's:-O[0-9] ::g' \ |
172 |
-e 's:-march=[-a-z0-9]* ::g' \ |
173 |
-e 's:-mcpu=[-a-z0-9]* ::g' \ |
174 |
-e 's:-m[a-z0-9]* ::g' \ |
175 |
) |
176 |
sed -i \ |
177 |
-e "/^CFLAG/s:=.*:=${CFLAG} ${CFLAGS}:" \ |
178 |
-e "/^SHARED_LDFLAGS=/s:$: ${LDFLAGS}:" \ |
179 |
Makefile || die |
180 |
|
181 |
# depend is needed to use $confopts |
182 |
# rehash is needed to prep the certs/ dir |
183 |
emake -j1 depend || die "depend failed" |
184 |
emake all rehash || die "make all failed" |
185 |
} |
186 |
|
187 |
src_test() { |
188 |
# make sure sandbox doesnt die on *BSD |
189 |
addpredict /dev/crypto |
190 |
|
191 |
emake -j1 test || die "make test failed" |
192 |
} |
193 |
|
194 |
src_install() { |
195 |
emake -j1 INSTALL_PREFIX="${D}" install || die |
196 |
dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el |
197 |
dohtml doc/* |
198 |
|
199 |
# create the certs directory |
200 |
dodir /etc/ssl/certs |
201 |
cp -RP certs/* "${D}"/etc/ssl/certs/ || die "failed to install certs" |
202 |
rm -r "${D}"/etc/ssl/certs/{demo,expired} |
203 |
|
204 |
# Namespace openssl programs to prevent conflicts with other man pages |
205 |
cd "${D}"/usr/share/man |
206 |
local m d s |
207 |
for m in $(find . -type f | xargs grep -L '#include') ; do |
208 |
d=${m%/*} ; d=${d#./} ; m=${m##*/} |
209 |
[[ ${m} == openssl.1* ]] && continue |
210 |
[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
211 |
mv ${d}/{,ssl-}${m} |
212 |
ln -s ssl-${m} ${d}/openssl-${m} |
213 |
# locate any symlinks that point to this man page ... we assume |
214 |
# that any broken links are due to the above renaming |
215 |
for s in $(find -L ${d} -type l) ; do |
216 |
s=${s##*/} |
217 |
rm -f ${d}/${s} |
218 |
ln -s ssl-${m} ${d}/ssl-${s} |
219 |
ln -s ssl-${s} ${d}/openssl-${s} |
220 |
done |
221 |
done |
222 |
[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
223 |
|
224 |
diropts -m0700 |
225 |
keepdir /etc/ssl/private |
226 |
} |
227 |
|
228 |
pkg_preinst() { |
229 |
preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7} |
230 |
} |
231 |
|
232 |
pkg_postinst() { |
233 |
preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7} |
234 |
|
235 |
if [[ ${CHOST} == i686* ]] ; then |
236 |
ewarn "Due to the way openssl is architected, you cannot" |
237 |
ewarn "switch between optimized versions without breaking" |
238 |
ewarn "ABI. The default i686 0.9.8 ABI was an unoptimized" |
239 |
ewarn "version with horrible performance. This version uses" |
240 |
ewarn "the optimized ABI. If you experience segfaults when" |
241 |
ewarn "using ssl apps (like openssh), just re-emerge the" |
242 |
ewarn "offending package." |
243 |
fi |
244 |
} |
245 |
|
246 |
|
247 |
|
248 |
-- |
249 |
gentoo-commits@l.g.o mailing list |