1 |
vapier 10/08/19 22:33:28 |
2 |
|
3 |
Modified: metadata.xml ChangeLog |
4 |
Added: openssl-1.0.0a-r2.ebuild |
5 |
Log: |
6 |
Grab POSIX shell version of c_rehash from PLD #333117. Add a local USE=sslv2 flag so people can enable legacy support #332661 by Stefan de Konink. |
7 |
(Portage version: 2.2_rc67/cvs/Linux x86_64) |
8 |
|
9 |
Revision Changes Path |
10 |
1.4 dev-libs/openssl/metadata.xml |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/metadata.xml?rev=1.4&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/metadata.xml?rev=1.4&content-type=text/plain |
14 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/metadata.xml?r1=1.3&r2=1.4 |
15 |
|
16 |
Index: metadata.xml |
17 |
=================================================================== |
18 |
RCS file: /var/cvsroot/gentoo-x86/dev-libs/openssl/metadata.xml,v |
19 |
retrieving revision 1.3 |
20 |
retrieving revision 1.4 |
21 |
diff -u -r1.3 -r1.4 |
22 |
--- metadata.xml 13 Feb 2010 10:23:09 -0000 1.3 |
23 |
+++ metadata.xml 19 Aug 2010 22:33:28 -0000 1.4 |
24 |
@@ -4,5 +4,6 @@ |
25 |
<herd>base-system</herd> |
26 |
<use> |
27 |
<flag name='rfc3779'>Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag> |
28 |
+ <flag name='sslv2'>Enable old/vulnerable SSLv2 protocol -- ONLY do this with closed/legacy systems</flag> |
29 |
</use> |
30 |
</pkgmetadata> |
31 |
|
32 |
|
33 |
|
34 |
1.345 dev-libs/openssl/ChangeLog |
35 |
|
36 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/ChangeLog?rev=1.345&view=markup |
37 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/ChangeLog?rev=1.345&content-type=text/plain |
38 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/ChangeLog?r1=1.344&r2=1.345 |
39 |
|
40 |
Index: ChangeLog |
41 |
=================================================================== |
42 |
RCS file: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v |
43 |
retrieving revision 1.344 |
44 |
retrieving revision 1.345 |
45 |
diff -u -r1.344 -r1.345 |
46 |
--- ChangeLog 17 Aug 2010 04:10:10 -0000 1.344 |
47 |
+++ ChangeLog 19 Aug 2010 22:33:28 -0000 1.345 |
48 |
@@ -1,6 +1,13 @@ |
49 |
# ChangeLog for dev-libs/openssl |
50 |
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 |
51 |
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.344 2010/08/17 04:10:10 vapier Exp $ |
52 |
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.345 2010/08/19 22:33:28 vapier Exp $ |
53 |
+ |
54 |
+*openssl-1.0.0a-r2 (19 Aug 2010) |
55 |
+ |
56 |
+ 19 Aug 2010; Mike Frysinger <vapier@g.o> +openssl-1.0.0a-r2.ebuild, |
57 |
+ metadata.xml: |
58 |
+ Grab POSIX shell version of c_rehash from PLD #333117. Add a local USE=sslv2 |
59 |
+ flag so people can enable legacy support #332661 by Stefan de Konink. |
60 |
|
61 |
17 Aug 2010; Mike Frysinger <vapier@g.o> openssl-1.0.0a-r1.ebuild: |
62 |
Automatically rehash ssl certs for people #333069. |
63 |
|
64 |
|
65 |
|
66 |
1.1 dev-libs/openssl/openssl-1.0.0a-r2.ebuild |
67 |
|
68 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/openssl-1.0.0a-r2.ebuild?rev=1.1&view=markup |
69 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/openssl-1.0.0a-r2.ebuild?rev=1.1&content-type=text/plain |
70 |
|
71 |
Index: openssl-1.0.0a-r2.ebuild |
72 |
=================================================================== |
73 |
# Copyright 1999-2010 Gentoo Foundation |
74 |
# Distributed under the terms of the GNU General Public License v2 |
75 |
# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.0a-r2.ebuild,v 1.1 2010/08/19 22:33:28 vapier Exp $ |
76 |
|
77 |
inherit eutils flag-o-matic toolchain-funcs |
78 |
|
79 |
DESCRIPTION="full-strength general purpose cryptography library (including SSL v2/v3 and TLS v1)" |
80 |
HOMEPAGE="http://www.openssl.org/" |
81 |
SRC_URI="mirror://openssl/source/${P}.tar.gz |
82 |
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/~checkout~/packages/${PN}/${PN}-c_rehash.sh?rev=1.7" |
83 |
|
84 |
LICENSE="openssl" |
85 |
SLOT="0" |
86 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" |
87 |
IUSE="bindist gmp kerberos rfc3779 sse2 sslv2 test zlib" |
88 |
|
89 |
RDEPEND="gmp? ( dev-libs/gmp ) |
90 |
zlib? ( sys-libs/zlib ) |
91 |
kerberos? ( app-crypt/mit-krb5 )" |
92 |
DEPEND="${RDEPEND} |
93 |
sys-apps/diffutils |
94 |
>=dev-lang/perl-5 |
95 |
test? ( sys-devel/bc )" |
96 |
PDEPEND="app-misc/ca-certificates" |
97 |
|
98 |
src_unpack() { |
99 |
unpack ${P}.tar.gz |
100 |
cp "${DISTDIR}"/openssl-c_rehash.sh* "${WORKDIR}"/c_rehash || die |
101 |
cd "${S}" |
102 |
|
103 |
epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch |
104 |
epatch "${FILESDIR}"/${PN}-0.9.8l-binutils.patch #289130 |
105 |
epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 |
106 |
epatch "${FILESDIR}"/${P}-fix-double-free.patch #332027 |
107 |
cp "${FILESDIR}"/alphacpuid.s "${S}"/crypto/ || die #330915 |
108 |
|
109 |
# disable fips in the build |
110 |
# make sure the man pages are suffixed #302165 |
111 |
# don't bother building man pages if they're disabled |
112 |
sed -i \ |
113 |
-e '/DIRS/s: fips : :g' \ |
114 |
-e '/^MANSUFFIX/s:=.*:=ssl:' \ |
115 |
-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ |
116 |
-e $(has noman FEATURES \ |
117 |
&& echo '/^install:/s:install_docs::' \ |
118 |
|| echo '/^MANDIR=/s:=.*:=/usr/share/man:') \ |
119 |
Makefile{,.org} \ |
120 |
|| die |
121 |
# show the actual commands in the log |
122 |
sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared |
123 |
|
124 |
# allow openssl to be cross-compiled |
125 |
cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed" |
126 |
chmod a+rx gentoo.config |
127 |
|
128 |
append-flags -fno-strict-aliasing |
129 |
append-flags -Wa,--noexecstack |
130 |
|
131 |
sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906 |
132 |
./config --test-sanity || die "I AM NOT SANE" |
133 |
} |
134 |
|
135 |
src_compile() { |
136 |
unset APPS #197996 |
137 |
unset SCRIPTS #312551 |
138 |
|
139 |
tc-export CC AR RANLIB |
140 |
|
141 |
# Clean out patent-or-otherwise-encumbered code |
142 |
# Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) |
143 |
# IDEA: 5,214,703 07/01/2012 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm |
144 |
# EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography |
145 |
# MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 |
146 |
# RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 |
147 |
|
148 |
use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; } |
149 |
echoit() { echo "$@" ; "$@" ; } |
150 |
|
151 |
local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
152 |
|
153 |
local sslout=$(./gentoo.config) |
154 |
einfo "Use configuration ${sslout:-(openssl knows best)}" |
155 |
local config="Configure" |
156 |
[[ -z ${sslout} ]] && config="config" |
157 |
echoit \ |
158 |
./${config} \ |
159 |
${sslout} \ |
160 |
$(use sse2 || echo "no-sse2") \ |
161 |
enable-camellia \ |
162 |
$(use_ssl !bindist ec) \ |
163 |
$(use_ssl !bindist idea) \ |
164 |
enable-mdc2 \ |
165 |
$(use_ssl !bindist rc5) \ |
166 |
enable-tlsext \ |
167 |
$(use_ssl gmp gmp -lgmp) \ |
168 |
$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ |
169 |
$(use_ssl rfc3779) \ |
170 |
$(use_ssl sslv2 ssl2) \ |
171 |
$(use_ssl zlib) \ |
172 |
--prefix=/usr \ |
173 |
--openssldir=/etc/ssl \ |
174 |
--libdir=$(get_libdir) \ |
175 |
shared threads \ |
176 |
|| die "Configure failed" |
177 |
|
178 |
# Clean out hardcoded flags that openssl uses |
179 |
local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ |
180 |
-e 's:^CFLAG=::' \ |
181 |
-e 's:-fomit-frame-pointer ::g' \ |
182 |
-e 's:-O[0-9] ::g' \ |
183 |
-e 's:-march=[-a-z0-9]* ::g' \ |
184 |
-e 's:-mcpu=[-a-z0-9]* ::g' \ |
185 |
-e 's:-m[a-z0-9]* ::g' \ |
186 |
) |
187 |
sed -i \ |
188 |
-e "/^CFLAG/s:=.*:=${CFLAG} ${CFLAGS}:" \ |
189 |
-e "/^SHARED_LDFLAGS=/s:$: ${LDFLAGS}:" \ |
190 |
Makefile || die |
191 |
|
192 |
# depend is needed to use $confopts |
193 |
# rehash is needed to prep the certs/ dir |
194 |
emake -j1 depend || die "depend failed" |
195 |
emake -j1 all rehash || die "make all failed" |
196 |
} |
197 |
|
198 |
src_test() { |
199 |
emake -j1 test || die "make test failed" |
200 |
} |
201 |
|
202 |
src_install() { |
203 |
emake -j1 INSTALL_PREFIX="${D}" install || die |
204 |
dobin "${WORKDIR}"/c_rehash || die #333117 |
205 |
dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el |
206 |
dohtml -r doc/* |
207 |
|
208 |
# create the certs directory |
209 |
dodir /etc/ssl/certs |
210 |
cp -RP certs/* "${D}"/etc/ssl/certs/ || die "failed to install certs" |
211 |
rm -r "${D}"/etc/ssl/certs/{demo,expired} |
212 |
|
213 |
# Namespace openssl programs to prevent conflicts with other man pages |
214 |
cd "${D}"/usr/share/man |
215 |
local m d s |
216 |
for m in $(find . -type f | xargs grep -L '#include') ; do |
217 |
d=${m%/*} ; d=${d#./} ; m=${m##*/} |
218 |
[[ ${m} == openssl.1* ]] && continue |
219 |
[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
220 |
mv ${d}/{,ssl-}${m} |
221 |
# fix up references to renamed man pages |
222 |
sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} |
223 |
ln -s ssl-${m} ${d}/openssl-${m} |
224 |
# locate any symlinks that point to this man page ... we assume |
225 |
# that any broken links are due to the above renaming |
226 |
for s in $(find -L ${d} -type l) ; do |
227 |
s=${s##*/} |
228 |
rm -f ${d}/${s} |
229 |
ln -s ssl-${m} ${d}/ssl-${s} |
230 |
ln -s ssl-${s} ${d}/openssl-${s} |
231 |
done |
232 |
done |
233 |
[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
234 |
|
235 |
dodir /etc/sandbox.d #254521 |
236 |
echo 'SANDBOX_PREDICT="/dev/crypto"' > "${D}"/etc/sandbox.d/10openssl |
237 |
|
238 |
diropts -m0700 |
239 |
keepdir /etc/ssl/private |
240 |
} |
241 |
|
242 |
pkg_preinst() { |
243 |
has_version ${CATEGORY}/${PN}:0.9.8 && return 0 |
244 |
preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 |
245 |
} |
246 |
|
247 |
pkg_postinst() { |
248 |
ebegin "Running 'c_rehash ${ROOT}etc/ssl/certs/' to rebuild hashes #333069" |
249 |
c_rehash "${ROOT}etc/ssl/certs" >/dev/null |
250 |
eend $? |
251 |
|
252 |
has_version ${CATEGORY}/${PN}:0.9.8 && return 0 |
253 |
preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 |
254 |
} |