[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/ - gentoo-commits

From:	Doug Goldstein <cardoe@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/
Date:	Fri, 26 Feb 2016 22:50:25
Message-Id:	`1456527004.47f53172d2f6e2beaddb1c072d62e51de3884111.cardoe@gentoo`

1

commit:     47f53172d2f6e2beaddb1c072d62e51de3884111

2

Author:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>

3

AuthorDate: Fri Feb 26 22:49:18 2016 +0000

4

Commit:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>

5

CommitDate: Fri Feb 26 22:50:04 2016 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47f53172

7

8

dev-libs/openssl: remove vulnerable version

9

10

Due to multiple vulnerabilities remove outdated version of OpenSSL.

11

12

Gentoo-Bug: 567476

13

14

Package-Manager: portage-2.2.26

15

Signed-off-by: Doug Goldstein <cardoe <AT> gentoo.org>

16

17

 dev-libs/openssl/Manifest                 |   1 -

18

 dev-libs/openssl/openssl-0.9.8z_p7.ebuild | 162 ------------------------------

19

 2 files changed, 163 deletions(-)

20

21

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest

22

index 5decc0a..e16c5f3 100644

23

--- a/dev-libs/openssl/Manifest

24

+++ b/dev-libs/openssl/Manifest

25

@@ -1,3 +1,2 @@

26

-DIST openssl-0.9.8zg.tar.gz 3826891 SHA256 06500060639930e471050474f537fcd28ec934af92ee282d78b52460fbe8f580 SHA512 c757454de321d168ac6d89fe2859966a9f07a8b28305bf697af9018db13fc457e0883346b3d35977461ab058442375563554ecb2a8756a687ff9fc2fdd9103c9 WHIRLPOOL 55ecf50a264a2ddd9b5755b5d90b9b736d2f27e0ba2fd529ccff3b68bbd726d1f60460182a0d215ae6712dbc4d3ef2df11339fb2d8424e049f54c3e904fcfab0

27

 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf

28

 DIST openssl-1.0.2f.tar.gz 5258384 SHA256 932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c SHA512 50abf6dc94cafd06e7fd20770808bdc675c88daa369e4f752bd584ab17f72a57357c1ca1eca3c83e6745b5a3c9c73c99dce70adaa904d73f6df4c75bc7138351 WHIRLPOOL 179e1b5ad38c50a4c8110024aa7b33c53634c39690917e3bf5c2099548430beef96132ae9f9588ff0cedd6e08bb216a8d36835baaaa04e506fb3fbaed37d31c9

29

30

diff --git a/dev-libs/openssl/openssl-0.9.8z_p7.ebuild b/dev-libs/openssl/openssl-0.9.8z_p7.ebuild

31

deleted file mode 100644

32

index 817c1c8..0000000

33

--- a/dev-libs/openssl/openssl-0.9.8z_p7.ebuild

34

+++ /dev/null

35

@@ -1,162 +0,0 @@

36

-# Copyright 1999-2015 Gentoo Foundation

37

-# Distributed under the terms of the GNU General Public License v2

38

-# $Id$

39

-

40

-# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat

41

-

42

-EAPI="5"

43

-

44

-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal

45

-

46

-PLEVEL=$(echo "${PV##*_p}" | tr '[1-9]' '[a-i]')

47

-MY_PV=${PV/_p*/${PLEVEL}}

48

-MY_P=${PN}-${MY_PV}

49

-S="${WORKDIR}/${MY_P}"

50

-DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"

51

-HOMEPAGE="http://www.openssl.org/"

52

-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"

53

-

54

-LICENSE="openssl"

55

-SLOT="0.9.8"

56

-KEYWORDS="alpha amd64 arm ~hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"

57

-IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"

58

-RESTRICT="!bindist? ( bindist )"

59

-

60

-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )

61

-	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )

62

-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )

63

-	abi_x86_32? (

64

-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r4

65

-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]

66

-	)

67

-	!=dev-libs/openssl-0.9.8*:0"

68

-DEPEND="${RDEPEND}

69

-	>=dev-lang/perl-5

70

-	test? (

71

-		sys-apps/diffutils

72

-		sys-devel/bc

73

-	)"

74

-

75

-# Do not install any docs

76

-DOCS=()

77

-

78

-src_prepare() {

79

-	epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch

80

-	epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438

81

-	epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130

82

-

83

-	# disable fips in the build

84

-	# make sure the man pages are suffixed #302165

85

-	# don't bother building man pages if they're disabled

86

-	sed -i \

87

-		-e '/DIRS/s: fips : :g' \

88

-		-e '/^MANSUFFIX/s:=.*:=ssl:' \

89

-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \

90

-		-e $(has noman FEATURES \

91

-			&& echo '/^install:/s:install_docs::' \

92

-			|| echo '/^MANDIR=/s:=.*:=/usr/share/man:') \

93

-		Makefile{,.org} \

94

-		|| die

95

-	# show the actual commands in the log

96

-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared

97

-	# update the enginedir path.

98

-	# punt broken config we don't care about as it fails sanity check.

99

-	sed -i \

100

-		-e '/^"debug-ben-debug-64"/d' \

101

-		-e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \

102

-		Configure || die

103

-

104

-	# since we're forcing $(CC) as makedep anyway, just fix

105

-	# the conditional as always-on

106

-	# helps clang (#417795), and versioned gcc (#499818)

107

-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die

108

-

109

-	# quiet out unknown driver argument warnings since openssl

110

-	# doesn't have well-split CFLAGS and we're making it even worse

111

-	# and 'make depend' uses -Werror for added fun (#417795 again)

112

-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments

113

-

114

-	# allow openssl to be cross-compiled

115

-	cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"

116

-	chmod a+rx gentoo.config

117

-

118

-	append-flags -fno-strict-aliasing

119

-	append-flags -Wa,--noexecstack

120

-

121

-	sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906

122

-	sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken

123

-	./config --test-sanity || die "I AM NOT SANE"

124

-

125

-	multilib_copy_sources

126

-}

127

-

128

-multilib_src_configure() {

129

-	unset APPS #197996

130

-	unset SCRIPTS #312551

131

-

132

-	tc-export CC AR RANLIB

133

-

134

-	# Clean out patent-or-otherwise-encumbered code

135

-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)

136

-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm

137

-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography

138

-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2

139

-	# RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5

140

-

141

-	use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }

142

-	echoit() { echo "$@" ; "$@" ; }

143

-

144

-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")

145

-

146

-	local sslout=$(./gentoo.config)

147

-	einfo "Use configuration ${sslout:-(openssl knows best)}"

148

-	local config="Configure"

149

-	[[ -z ${sslout} ]] && config="config"

150

-

151

-	echoit \

152

-	./${config} \

153

-		${sslout} \

154

-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \

155

-		enable-camellia \

156

-		$(use_ssl !bindist ec) \

157

-		enable-idea \

158

-		enable-mdc2 \

159

-		$(use_ssl !bindist rc5) \

160

-		enable-tlsext \

161

-		$(use_ssl gmp gmp -lgmp) \

162

-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \

163

-		$(use_ssl zlib) \

164

-		--prefix=/usr \

165

-		--openssldir=/etc/ssl \

166

-		shared threads \

167

-		|| die "Configure failed"

168

-

169

-	# Clean out hardcoded flags that openssl uses

170

-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \

171

-		-e 's:^CFLAG=::' \

172

-		-e 's:-fomit-frame-pointer ::g' \

173

-		-e 's:-O[0-9] ::g' \

174

-		-e 's:-march=[-a-z0-9]* ::g' \

175

-		-e 's:-mcpu=[-a-z0-9]* ::g' \

176

-		-e 's:-m[a-z0-9]* ::g' \

177

-	)

178

-	sed -i \

179

-		-e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \

180

-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \

181

-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \

182

-		Makefile || die

183

-}

184

-

185

-multilib_src_compile() {

186

-	# depend is needed to use $confopts

187

-	emake -j1 depend

188

-	emake -j1 build_libs

189

-}

190

-

191

-multilib_src_test() {

192

-	emake -j1 test

193

-}

194

-

195

-multilib_src_install() {

196

-	dolib.so lib{crypto,ssl}.so.0.9.8

197

-}

1	commit: 47f53172d2f6e2beaddb1c072d62e51de3884111
2	Author: Doug Goldstein <cardoe <AT> gentoo <DOT> org>
3	AuthorDate: Fri Feb 26 22:49:18 2016 +0000
4	Commit: Doug Goldstein <cardoe <AT> gentoo <DOT> org>
5	CommitDate: Fri Feb 26 22:50:04 2016 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47f53172
7
8	dev-libs/openssl: remove vulnerable version
9
10	Due to multiple vulnerabilities remove outdated version of OpenSSL.
11
12	Gentoo-Bug: 567476
13
14	Package-Manager: portage-2.2.26
15	Signed-off-by: Doug Goldstein <cardoe <AT> gentoo.org>
16
17	dev-libs/openssl/Manifest \| 1 -
18	dev-libs/openssl/openssl-0.9.8z_p7.ebuild \| 162 ------------------------------
19	2 files changed, 163 deletions(-)
20
21	diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
22	index 5decc0a..e16c5f3 100644
23	--- a/dev-libs/openssl/Manifest
24	+++ b/dev-libs/openssl/Manifest
25	@@ -1,3 +1,2 @@
26	-DIST openssl-0.9.8zg.tar.gz 3826891 SHA256 06500060639930e471050474f537fcd28ec934af92ee282d78b52460fbe8f580 SHA512 c757454de321d168ac6d89fe2859966a9f07a8b28305bf697af9018db13fc457e0883346b3d35977461ab058442375563554ecb2a8756a687ff9fc2fdd9103c9 WHIRLPOOL 55ecf50a264a2ddd9b5755b5d90b9b736d2f27e0ba2fd529ccff3b68bbd726d1f60460182a0d215ae6712dbc4d3ef2df11339fb2d8424e049f54c3e904fcfab0
27	DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
28	DIST openssl-1.0.2f.tar.gz 5258384 SHA256 932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c SHA512 50abf6dc94cafd06e7fd20770808bdc675c88daa369e4f752bd584ab17f72a57357c1ca1eca3c83e6745b5a3c9c73c99dce70adaa904d73f6df4c75bc7138351 WHIRLPOOL 179e1b5ad38c50a4c8110024aa7b33c53634c39690917e3bf5c2099548430beef96132ae9f9588ff0cedd6e08bb216a8d36835baaaa04e506fb3fbaed37d31c9
29
30	diff --git a/dev-libs/openssl/openssl-0.9.8z_p7.ebuild b/dev-libs/openssl/openssl-0.9.8z_p7.ebuild
31	deleted file mode 100644
32	index 817c1c8..0000000
33	--- a/dev-libs/openssl/openssl-0.9.8z_p7.ebuild
34	+++ /dev/null
35	@@ -1,162 +0,0 @@
36	-# Copyright 1999-2015 Gentoo Foundation
37	-# Distributed under the terms of the GNU General Public License v2
38	-# $Id$
39	-
40	-# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
41	-
42	-EAPI="5"
43	-
44	-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
45	-
46	-PLEVEL=$(echo "${PV##*_p}" \| tr '[1-9]' '[a-i]')
47	-MY_PV=${PV/_p*/${PLEVEL}}
48	-MY_P=${PN}-${MY_PV}
49	-S="${WORKDIR}/${MY_P}"
50	-DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
51	-HOMEPAGE="http://www.openssl.org/"
52	-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
53	-
54	-LICENSE="openssl"
55	-SLOT="0.9.8"
56	-KEYWORDS="alpha amd64 arm ~hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
57	-IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
58	-RESTRICT="!bindist? ( bindist )"
59	-
60	-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
61	- zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
62	- kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
63	- abi_x86_32? (
64	- !<=app-emulation/emul-linux-x86-baselibs-20140508-r4
65	- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
66	- )
67	- !=dev-libs/openssl-0.9.8*:0"
68	-DEPEND="${RDEPEND}
69	- >=dev-lang/perl-5
70	- test? (
71	- sys-apps/diffutils
72	- sys-devel/bc
73	- )"
74	-
75	-# Do not install any docs
76	-DOCS=()
77	-
78	-src_prepare() {
79	- epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
80	- epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
81	- epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130
82	-
83	- # disable fips in the build
84	- # make sure the man pages are suffixed #302165
85	- # don't bother building man pages if they're disabled
86	- sed -i \
87	- -e '/DIRS/s: fips : :g' \
88	- -e '/^MANSUFFIX/s:=.*:=ssl:' \
89	- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
90	- -e $(has noman FEATURES \
91	- && echo '/^install:/s:install_docs::' \
92	- \|\| echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
93	- Makefile{,.org} \
94	- \|\| die
95	- # show the actual commands in the log
96	- sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
97	- # update the enginedir path.
98	- # punt broken config we don't care about as it fails sanity check.
99	- sed -i \
100	- -e '/^"debug-ben-debug-64"/d' \
101	- -e "/foo.*engines/s\|/lib/engines\|/$(get_libdir)/engines\|" \
102	- Configure \|\| die
103	-
104	- # since we're forcing $(CC) as makedep anyway, just fix
105	- # the conditional as always-on
106	- # helps clang (#417795), and versioned gcc (#499818)
107	- sed -i 's/expr.MAKEDEPEND.;/true;/' util/domd \|\| die
108	-
109	- # quiet out unknown driver argument warnings since openssl
110	- # doesn't have well-split CFLAGS and we're making it even worse
111	- # and 'make depend' uses -Werror for added fun (#417795 again)
112	- [[ ${CC} == clang ]] && append-flags -Qunused-arguments
113	-
114	- # allow openssl to be cross-compiled
115	- cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config \|\| die "cp cross-compile failed"
116	- chmod a+rx gentoo.config
117	-
118	- append-flags -fno-strict-aliasing
119	- append-flags -Wa,--noexecstack
120	-
121	- sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
122	- sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken
123	- ./config --test-sanity \|\| die "I AM NOT SANE"
124	-
125	- multilib_copy_sources
126	-}
127	-
128	-multilib_src_configure() {
129	- unset APPS #197996
130	- unset SCRIPTS #312551
131	-
132	- tc-export CC AR RANLIB
133	-
134	- # Clean out patent-or-otherwise-encumbered code
135	- # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
136	- # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
137	- # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
138	- # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
139	- # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5
140	-
141	- use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" \|\| echo "no-${2:-$1}" ; }
142	- echoit() { echo "$@" ; "$@" ; }
143	-
144	- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" \|\| echo "Heimdal")
145	-
146	- local sslout=$(./gentoo.config)
147	- einfo "Use configuration ${sslout:-(openssl knows best)}"
148	- local config="Configure"
149	- [[ -z ${sslout} ]] && config="config"
150	-
151	- echoit \
152	- ./${config} \
153	- ${sslout} \
154	- $(use cpu_flags_x86_sse2 \|\| echo "no-sse2") \
155	- enable-camellia \
156	- $(use_ssl !bindist ec) \
157	- enable-idea \
158	- enable-mdc2 \
159	- $(use_ssl !bindist rc5) \
160	- enable-tlsext \
161	- $(use_ssl gmp gmp -lgmp) \
162	- $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
163	- $(use_ssl zlib) \
164	- --prefix=/usr \
165	- --openssldir=/etc/ssl \
166	- shared threads \
167	- \|\| die "Configure failed"
168	-
169	- # Clean out hardcoded flags that openssl uses
170	- local CFLAG=$(grep ^CFLAG= Makefile \| LC_ALL=C sed \
171	- -e 's:^CFLAG=::' \
172	- -e 's:-fomit-frame-pointer ::g' \
173	- -e 's:-O[0-9] ::g' \
174	- -e 's:-march=[-a-z0-9]* ::g' \
175	- -e 's:-mcpu=[-a-z0-9]* ::g' \
176	- -e 's:-m[a-z0-9]* ::g' \
177	- )
178	- sed -i \
179	- -e "/^LIBDIR=/s\|=.*\|=$(get_libdir)\|" \
180	- -e "/^CFLAG/s\|=.*\|=${CFLAG} ${CFLAGS}\|" \
181	- -e "/^SHARED_LDFLAGS=/s\|$\| ${LDFLAGS}\|" \
182	- Makefile \|\| die
183	-}
184	-
185	-multilib_src_compile() {
186	- # depend is needed to use $confopts
187	- emake -j1 depend
188	- emake -j1 build_libs
189	-}
190	-
191	-multilib_src_test() {
192	- emake -j1 test
193	-}
194	-
195	-multilib_src_install() {
196	- dolib.so lib{crypto,ssl}.so.0.9.8
197	-}

Gentoo Archives: gentoo-commits