Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-dev:musl commit in: dev-libs/openssl/files/, dev-libs/openssl/
Date: Tue, 21 Jan 2014 17:58:15
Message-Id: 1390326964.9485647bb62342f8ef8f190a30bcd0c8a8473e95.blueness@gentoo
1 commit: 9485647bb62342f8ef8f190a30bcd0c8a8473e95
2 Author: layman <layman <AT> localhost>
3 AuthorDate: Tue Jan 21 17:43:36 2014 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Tue Jan 21 17:56:04 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=9485647b
7
8 dev-libs/openssl: bump to 1.0.1e
9
10 ---
11 .../files/openssl-1.0.1e-bad-mac-aes-ni.patch | 34 --
12 .../files/openssl-1.0.1e-rdrand-explicit.patch | 27 --
13 .../openssl/files/openssl-1.0.1f-perl-5.18.patch | 356 +++++++++++++++++++++
14 ...1.0.1e-r99.ebuild => openssl-1.0.1f-r99.ebuild} | 11 +-
15 4 files changed, 360 insertions(+), 68 deletions(-)
16
17 diff --git a/dev-libs/openssl/files/openssl-1.0.1e-bad-mac-aes-ni.patch b/dev-libs/openssl/files/openssl-1.0.1e-bad-mac-aes-ni.patch
18 deleted file mode 100644
19 index ede40c2..0000000
20 --- a/dev-libs/openssl/files/openssl-1.0.1e-bad-mac-aes-ni.patch
21 +++ /dev/null
22 @@ -1,34 +0,0 @@
23 -https://bugs.gentoo.org/463444
24 -
25 -From 9ab3ce124616cb12bd39c6aa1e1bde0f46969b29 Mon Sep 17 00:00:00 2001
26 -From: Andy Polyakov <appro@×××××××.org>
27 -Date: Mon, 18 Mar 2013 19:29:41 +0100
28 -Subject: [PATCH] e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI
29 - plaforms.
30 -
31 -PR: 3002
32 -(cherry picked from commit 5c60046553716fcf160718f59160493194f212dc)
33 ----
34 - crypto/evp/e_aes_cbc_hmac_sha1.c | 5 +++--
35 - 1 file changed, 3 insertions(+), 2 deletions(-)
36 -
37 -diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
38 -index 483e04b..fb2c884 100644
39 ---- a/crypto/evp/e_aes_cbc_hmac_sha1.c
40 -+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
41 -@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
42 -
43 - if (res!=SHA_CBLOCK) continue;
44 -
45 -- mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
46 -+ /* j is not incremented yet */
47 -+ mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
48 - data->u[SHA_LBLOCK-1] |= bitlen&mask;
49 - sha1_block_data_order(&key->md,data,1);
50 -- mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
51 -+ mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
52 - pmac->u[0] |= key->md.h0 & mask;
53 - pmac->u[1] |= key->md.h1 & mask;
54 - pmac->u[2] |= key->md.h2 & mask;
55 ---
56 -1.8.2.1
57
58 diff --git a/dev-libs/openssl/files/openssl-1.0.1e-rdrand-explicit.patch b/dev-libs/openssl/files/openssl-1.0.1e-rdrand-explicit.patch
59 deleted file mode 100644
60 index fae056c..0000000
61 --- a/dev-libs/openssl/files/openssl-1.0.1e-rdrand-explicit.patch
62 +++ /dev/null
63 @@ -1,27 +0,0 @@
64 -https://chromium-review.googlesource.com/181001
65 -
66 -From 8a1956f3eac8b164f8c741ff1a259008bab3bac1 Mon Sep 17 00:00:00 2001
67 -From: "Dr. Stephen Henson" <steve@×××××××.org>
68 -Date: Wed, 11 Dec 2013 14:45:12 +0000
69 -Subject: [PATCH] Don't use rdrand engine as default unless explicitly
70 - requested. (cherry picked from commit
71 - 16898401bd47a153fbf799127ff57fdcfcbd324f)
72 -
73 ----
74 - crypto/engine/eng_rdrand.c | 1 +
75 - 1 file changed, 1 insertion(+)
76 -
77 -diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c
78 -index a9ba5ae..4e9e91d 100644
79 ---- a/crypto/engine/eng_rdrand.c
80 -+++ b/crypto/engine/eng_rdrand.c
81 -@@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e)
82 - {
83 - if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
84 - !ENGINE_set_name(e, engine_e_rdrand_name) ||
85 -+ !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
86 - !ENGINE_set_init_function(e, rdrand_init) ||
87 - !ENGINE_set_RAND(e, &rdrand_meth) )
88 - return 0;
89 ---
90 -1.8.4.3
91
92 diff --git a/dev-libs/openssl/files/openssl-1.0.1f-perl-5.18.patch b/dev-libs/openssl/files/openssl-1.0.1f-perl-5.18.patch
93 new file mode 100644
94 index 0000000..c662096
95 --- /dev/null
96 +++ b/dev-libs/openssl/files/openssl-1.0.1f-perl-5.18.patch
97 @@ -0,0 +1,356 @@
98 +Forward-ported from openssl-1.0.1e-perl-5.18.patch
99 +Fixes install with perl-5.18.
100 +
101 +https://bugs.gentoo.org/show_bug.cgi?id=497286
102 +
103 +Signed-off-by: Lars Wendler <polynomial-c@g.o>
104 +
105 +--- openssl-1.0.1f/doc/apps/cms.pod
106 ++++ openssl-1.0.1f/doc/apps/cms.pod
107 +@@ -450,28 +450,28 @@
108 +
109 + =over 4
110 +
111 +-=item 0
112 ++=item C<0>
113 +
114 + the operation was completely successfully.
115 +
116 +-=item 1
117 ++=item C<1>
118 +
119 + an error occurred parsing the command options.
120 +
121 +-=item 2
122 ++=item C<2>
123 +
124 + one of the input files could not be read.
125 +
126 +-=item 3
127 ++=item C<3>
128 +
129 + an error occurred creating the CMS file or when reading the MIME
130 + message.
131 +
132 +-=item 4
133 ++=item C<4>
134 +
135 + an error occurred decrypting or verifying the message.
136 +
137 +-=item 5
138 ++=item C<5>
139 +
140 + the message was verified correctly but an error occurred writing out
141 + the signers certificates.
142 +--- openssl-1.0.1f/doc/apps/smime.pod
143 ++++ openssl-1.0.1f/doc/apps/smime.pod
144 +@@ -308,28 +308,28 @@
145 +
146 + =over 4
147 +
148 +-=item 0
149 ++=item C<0>
150 +
151 + the operation was completely successfully.
152 +
153 +-=item 1
154 ++=item C<1>
155 +
156 + an error occurred parsing the command options.
157 +
158 +-=item 2
159 ++=item C<2>
160 +
161 + one of the input files could not be read.
162 +
163 +-=item 3
164 ++=item C<3>
165 +
166 + an error occurred creating the PKCS#7 file or when reading the MIME
167 + message.
168 +
169 +-=item 4
170 ++=item C<4>
171 +
172 + an error occurred decrypting or verifying the message.
173 +
174 +-=item 5
175 ++=item C<5>
176 +
177 + the message was verified correctly but an error occurred writing out
178 + the signers certificates.
179 +--- openssl-1.0.1f/doc/ssl/SSL_accept.pod
180 ++++ openssl-1.0.1f/doc/ssl/SSL_accept.pod
181 +@@ -44,13 +44,13 @@
182 +
183 + =over 4
184 +
185 +-=item 0
186 ++=item C<0>
187 +
188 + The TLS/SSL handshake was not successful but was shut down controlled and
189 + by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
190 + return value B<ret> to find out the reason.
191 +
192 +-=item 1
193 ++=item C<1>
194 +
195 + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
196 + established.
197 +--- openssl-1.0.1f/doc/ssl/SSL_clear.pod
198 ++++ openssl-1.0.1f/doc/ssl/SSL_clear.pod
199 +@@ -56,12 +56,12 @@
200 +
201 + =over 4
202 +
203 +-=item 0
204 ++=item C<0>
205 +
206 + The SSL_clear() operation could not be performed. Check the error stack to
207 + find out the reason.
208 +
209 +-=item 1
210 ++=item C<1>
211 +
212 + The SSL_clear() operation was successful.
213 +
214 +--- openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
215 ++++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
216 +@@ -53,11 +53,11 @@
217 +
218 + =over 4
219 +
220 +-=item 0
221 ++=item C<0>
222 +
223 + The operation succeeded.
224 +
225 +-=item 1
226 ++=item C<1>
227 +
228 + The operation failed. Check the error queue to find out the reason.
229 +
230 +--- openssl-1.0.1f/doc/ssl/SSL_connect.pod
231 ++++ openssl-1.0.1f/doc/ssl/SSL_connect.pod
232 +@@ -41,13 +41,13 @@
233 +
234 + =over 4
235 +
236 +-=item 0
237 ++=item C<0>
238 +
239 + The TLS/SSL handshake was not successful but was shut down controlled and
240 + by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
241 + return value B<ret> to find out the reason.
242 +
243 +-=item 1
244 ++=item C<1>
245 +
246 + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
247 + established.
248 +--- openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
249 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
250 +@@ -52,13 +52,13 @@
251 +
252 + =over 4
253 +
254 +-=item 0
255 ++=item C<0>
256 +
257 + The operation failed. In case of the add operation, it was tried to add
258 + the same (identical) session twice. In case of the remove operation, the
259 + session was not found in the cache.
260 +
261 +-=item 1
262 ++=item C<1>
263 +
264 + The operation succeeded.
265 +
266 +--- openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
267 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
268 +@@ -100,13 +100,13 @@
269 +
270 + =over 4
271 +
272 +-=item 0
273 ++=item C<0>
274 +
275 + The operation failed because B<CAfile> and B<CApath> are NULL or the
276 + processing at one of the locations specified failed. Check the error
277 + stack to find out the reason.
278 +
279 +-=item 1
280 ++=item C<1>
281 +
282 + The operation succeeded.
283 +
284 +--- openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
285 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
286 +@@ -66,13 +66,13 @@
287 +
288 + =over 4
289 +
290 +-=item 0
291 ++=item C<0>
292 +
293 + A failure while manipulating the STACK_OF(X509_NAME) object occurred or
294 + the X509_NAME could not be extracted from B<cacert>. Check the error stack
295 + to find out the reason.
296 +
297 +-=item 1
298 ++=item C<1>
299 +
300 + The operation succeeded.
301 +
302 +--- openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
303 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
304 +@@ -64,13 +64,13 @@
305 +
306 + =over 4
307 +
308 +-=item 0
309 ++=item C<0>
310 +
311 + The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
312 + the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
313 + is logged to the error stack.
314 +
315 +-=item 1
316 ++=item C<1>
317 +
318 + The operation succeeded.
319 +
320 +--- openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
321 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
322 +@@ -42,11 +42,11 @@
323 +
324 + =over 4
325 +
326 +-=item 0
327 ++=item C<0>
328 +
329 + The new choice failed, check the error stack to find out the reason.
330 +
331 +-=item 1
332 ++=item C<1>
333 +
334 + The operation succeeded.
335 +
336 +--- openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
337 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
338 +@@ -96,7 +96,7 @@
339 + connection will fail with decryption_error before it will be finished
340 + completely.
341 +
342 +-=item 0
343 ++=item C<0>
344 +
345 + PSK identity was not found. An "unknown_psk_identity" alert message
346 + will be sent and the connection setup fails.
347 +--- openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
348 ++++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
349 +@@ -45,13 +45,13 @@
350 +
351 + =over 4
352 +
353 +-=item 0
354 ++=item C<0>
355 +
356 + The TLS/SSL handshake was not successful but was shut down controlled and
357 + by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
358 + return value B<ret> to find out the reason.
359 +
360 +-=item 1
361 ++=item C<1>
362 +
363 + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
364 + established.
365 +--- openssl-1.0.1f/doc/ssl/SSL_read.pod
366 ++++ openssl-1.0.1f/doc/ssl/SSL_read.pod
367 +@@ -86,7 +86,7 @@
368 + The read operation was successful; the return value is the number of
369 + bytes actually read from the TLS/SSL connection.
370 +
371 +-=item 0
372 ++=item C<0>
373 +
374 + The read operation was not successful. The reason may either be a clean
375 + shutdown due to a "close notify" alert sent by the peer (in which case
376 +--- openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
377 ++++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
378 +@@ -27,11 +27,11 @@
379 +
380 + =over 4
381 +
382 +-=item 0
383 ++=item C<0>
384 +
385 + A new session was negotiated.
386 +
387 +-=item 1
388 ++=item C<1>
389 +
390 + A session was reused.
391 +
392 +--- openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
393 ++++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
394 +@@ -35,11 +35,11 @@
395 +
396 + =over 4
397 +
398 +-=item 0
399 ++=item C<0>
400 +
401 + The operation failed. Check the error stack to find out why.
402 +
403 +-=item 1
404 ++=item C<1>
405 +
406 + The operation succeeded.
407 +
408 +--- openssl-1.0.1f/doc/ssl/SSL_set_session.pod
409 ++++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod
410 +@@ -37,11 +37,11 @@
411 +
412 + =over 4
413 +
414 +-=item 0
415 ++=item C<0>
416 +
417 + The operation failed; check the error stack to find out the reason.
418 +
419 +-=item 1
420 ++=item C<1>
421 +
422 + The operation succeeded.
423 +
424 +--- openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
425 ++++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
426 +@@ -92,14 +92,14 @@
427 +
428 + =over 4
429 +
430 +-=item 0
431 ++=item C<0>
432 +
433 + The shutdown is not yet finished. Call SSL_shutdown() for a second time,
434 + if a bidirectional shutdown shall be performed.
435 + The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
436 + erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
437 +
438 +-=item 1
439 ++=item C<1>
440 +
441 + The shutdown was successfully completed. The "close notify" alert was sent
442 + and the peer's "close notify" alert was received.
443 +--- openssl-1.0.1f/doc/ssl/SSL_write.pod
444 ++++ openssl-1.0.1f/doc/ssl/SSL_write.pod
445 +@@ -79,7 +79,7 @@
446 + The write operation was successful, the return value is the number of
447 + bytes actually written to the TLS/SSL connection.
448 +
449 +-=item 0
450 ++=item C<0>
451 +
452 + The write operation was not successful. Probably the underlying connection
453 + was closed. Call SSL_get_error() with the return value B<ret> to find out,
454
455 diff --git a/dev-libs/openssl/openssl-1.0.1e-r99.ebuild b/dev-libs/openssl/openssl-1.0.1f-r99.ebuild
456 similarity index 95%
457 rename from dev-libs/openssl/openssl-1.0.1e-r99.ebuild
458 rename to dev-libs/openssl/openssl-1.0.1f-r99.ebuild
459 index 5769664..0bb5880 100644
460 --- a/dev-libs/openssl/openssl-1.0.1e-r99.ebuild
461 +++ b/dev-libs/openssl/openssl-1.0.1f-r99.ebuild
462 @@ -1,6 +1,6 @@
463 -# Copyright 1999-2013 Gentoo Foundation
464 +# Copyright 1999-2014 Gentoo Foundation
465 # Distributed under the terms of the GNU General Public License v2
466 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1e-r3.ebuild,v 1.1 2013/12/20 19:26:59 vapier Exp $
467 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1f.ebuild,v 1.8 2014/01/19 13:48:03 ago Exp $
468
469 EAPI="4"
470
471 @@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${P}.tar.gz
472
473 LICENSE="openssl"
474 SLOT="0"
475 -KEYWORDS="amd64"
476 +KEYWORDS="alpha amd64 arm arm64 hppa ~ia64 m68k ~mips ~ppc ~ppc64 s390 sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
477 IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib"
478
479 # Have the sub-libs in RDEPEND with [static-libs] since, logically,
480 @@ -57,11 +57,8 @@ src_prepare() {
481 epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch
482 epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch
483 epatch "${FILESDIR}"/${PN}-1.0.1e-ipv6.patch
484 - epatch "${FILESDIR}"/${P}-bad-mac-aes-ni.patch #463444
485 - epatch "${FILESDIR}"/${PN}-1.0.1e-perl-5.18.patch #483820
486 + epatch "${FILESDIR}"/${PN}-1.0.1f-perl-5.18.patch #497286
487 epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584
488 - epatch "${FILESDIR}"/${P}-tls-ver-crash.patch #494816
489 - epatch "${FILESDIR}"/${P}-rdrand-explicit.patch
490 epatch "${FILESDIR}"/${PN}-1.0.1c-force-termios.patch
491 epatch_user #332661
492 fi
Report Message
Find on MARC Find on Google Groups