diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2005-10-12 04:56:44 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2005-10-12 04:56:44 +0000 |
| commit | ebe7bdb25faea9efa2c8bbe3c07ef84787a39820 (patch) | |
| tree | 86b3660b07009379657fe69fbed6156c840ae3a0 /dev-libs | |
| parent | as pointed out by Alro, the no-listen-tcp patch is no longer needed since ups... (diff) | |
| download | gentoo-2-ebe7bdb25faea9efa2c8bbe3c07ef84787a39820.tar.gz gentoo-2-ebe7bdb25faea9efa2c8bbe3c07ef84787a39820.tar.bz2 gentoo-2-ebe7bdb25faea9efa2c8bbe3c07ef84787a39820.zip | |
Add fixes for CAN-2005-2969 #108852.
(Portage version: 2.0.53_rc4)
Diffstat (limited to 'dev-libs')
| -rw-r--r-- | dev-libs/openssl/ChangeLog | 13 | ||||
| -rw-r--r-- | dev-libs/openssl/files/digest-openssl-0.9.7e-r2 (renamed from dev-libs/openssl/files/digest-openssl-0.9.7d-r2) | 2 | ||||
| -rw-r--r-- | dev-libs/openssl/files/digest-openssl-0.9.7g-r1 | 1 | ||||
| -rw-r--r-- | dev-libs/openssl/files/digest-openssl-0.9.8-r1 | 1 | ||||
| -rw-r--r-- | dev-libs/openssl/files/openssl-0.9.7-CAN-2005-2969.patch | 60 | ||||
| -rw-r--r-- | dev-libs/openssl/files/openssl-0.9.8-CAN-2005-2969.patch | 111 | ||||
| -rw-r--r-- | dev-libs/openssl/openssl-0.9.7e-r2.ebuild (renamed from dev-libs/openssl/openssl-0.9.7d-r2.ebuild) | 158 | ||||
| -rw-r--r-- | dev-libs/openssl/openssl-0.9.7g-r1.ebuild | 173 | ||||
| -rw-r--r-- | dev-libs/openssl/openssl-0.9.8-r1.ebuild | 175 |
9 files changed, 604 insertions, 90 deletions
diff --git a/dev-libs/openssl/ChangeLog b/dev-libs/openssl/ChangeLog index ef49333b65ec..58e69af06f62 100644 --- a/dev-libs/openssl/ChangeLog +++ b/dev-libs/openssl/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for dev-libs/openssl # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.136 2005/09/03 02:52:42 matsuu Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.137 2005/10/12 04:56:44 vapier Exp $ + +*openssl-0.9.8-r1 (12 Oct 2005) +*openssl-0.9.7g-r1 (12 Oct 2005) +*openssl-0.9.7e-r2 (12 Oct 2005) + + 12 Oct 2005; Mike Frysinger <vapier@gentoo.org> + +files/openssl-0.9.7-CAN-2005-2969.patch, + +files/openssl-0.9.8-CAN-2005-2969.patch, -openssl-0.9.7d-r2.ebuild, + +openssl-0.9.7e-r2.ebuild, +openssl-0.9.7g-r1.ebuild, + +openssl-0.9.8-r1.ebuild: + Add fixes for CAN-2005-2969 #108852. 02 Sep 2005; MATSUU Takuto <matsuu@gentoo.org> +files/openssl-0.9.7e-superh.patch, openssl-0.9.7e-r1.ebuild: diff --git a/dev-libs/openssl/files/digest-openssl-0.9.7d-r2 b/dev-libs/openssl/files/digest-openssl-0.9.7e-r2 index 53244e8e53f6..81d2db421e96 100644 --- a/dev-libs/openssl/files/digest-openssl-0.9.7d-r2 +++ b/dev-libs/openssl/files/digest-openssl-0.9.7e-r2 @@ -1,2 +1,2 @@ -MD5 1b49e90fc8a75c3a507c0a624529aca5 openssl-0.9.7d.tar.gz 2798433 +MD5 a8777164bca38d84e5eb2b1535223474 openssl-0.9.7e.tar.gz 3043231 MD5 1b63bfdca1c37837dddde9f1623498f9 openssl-0.9.6m.tar.gz 2184918 diff --git a/dev-libs/openssl/files/digest-openssl-0.9.7g-r1 b/dev-libs/openssl/files/digest-openssl-0.9.7g-r1 new file mode 100644 index 000000000000..d232b1fa0076 --- /dev/null +++ b/dev-libs/openssl/files/digest-openssl-0.9.7g-r1 @@ -0,0 +1 @@ +MD5 991615f73338a571b6a1be7d74906934 openssl-0.9.7g.tar.gz 3132217 diff --git a/dev-libs/openssl/files/digest-openssl-0.9.8-r1 b/dev-libs/openssl/files/digest-openssl-0.9.8-r1 new file mode 100644 index 000000000000..cbed557bf1ca --- /dev/null +++ b/dev-libs/openssl/files/digest-openssl-0.9.8-r1 @@ -0,0 +1 @@ +MD5 9da21071596a124acde6080552deac16 openssl-0.9.8.tar.gz 3259550 diff --git a/dev-libs/openssl/files/openssl-0.9.7-CAN-2005-2969.patch b/dev-libs/openssl/files/openssl-0.9.7-CAN-2005-2969.patch new file mode 100644 index 000000000000..372c0457070e --- /dev/null +++ b/dev-libs/openssl/files/openssl-0.9.7-CAN-2005-2969.patch @@ -0,0 +1,60 @@ +Index: doc/ssl/SSL_CTX_set_options.pod +=================================================================== +RCS file: /e/openssl/cvs/openssl/doc/ssl/SSL_CTX_set_options.pod,v +retrieving revision 1.9.2.4 +diff -u -r1.9.2.4 SSL_CTX_set_options.pod +--- doc/ssl/SSL_CTX_set_options.pod 22 Mar 2005 17:54:13 -0000 1.9.2.4 ++++ doc/ssl/SSL_CTX_set_options.pod 23 Sep 2005 03:38:43 -0000 +@@ -86,7 +86,7 @@ + + =item SSL_OP_MSIE_SSLV2_RSA_PADDING + +-... ++As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect. + + =item SSL_OP_SSLEAY_080_CLIENT_DH_BUG + +Index: ssl/s23_srvr.c +=================================================================== +RCS file: /e/openssl/cvs/openssl/ssl/s23_srvr.c,v +retrieving revision 1.41.2.6 +diff -u -r1.41.2.6 s23_srvr.c +--- ssl/s23_srvr.c 31 Jan 2005 01:33:35 -0000 1.41.2.6 ++++ ssl/s23_srvr.c 23 Sep 2005 03:38:44 -0000 +@@ -268,9 +268,6 @@ + int n=0,j; + int type=0; + int v[2]; +-#ifndef OPENSSL_NO_RSA +- int use_sslv2_strong=0; +-#endif + + if (s->state == SSL23_ST_SR_CLNT_HELLO_A) + { +@@ -528,9 +525,7 @@ + } + + s->state=SSL2_ST_GET_CLIENT_HELLO_A; +- if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || +- use_sslv2_strong || +- (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) ++ if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) + s->s2->ssl2_rollback=0; + else + /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 +Index: ssl/ssl.h +=================================================================== +RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v +retrieving revision 1.126.2.23 +diff -u -r1.126.2.23 ssl.h +--- ssl/ssl.h 10 Jun 2005 20:00:39 -0000 1.126.2.23 ++++ ssl/ssl.h 23 Sep 2005 03:38:47 -0000 +@@ -467,7 +467,7 @@ + #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L + #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L + #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L +-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L ++#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ + #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L + #define SSL_OP_TLS_D5_BUG 0x00000100L + #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L diff --git a/dev-libs/openssl/files/openssl-0.9.8-CAN-2005-2969.patch b/dev-libs/openssl/files/openssl-0.9.8-CAN-2005-2969.patch new file mode 100644 index 000000000000..7b35363c9804 --- /dev/null +++ b/dev-libs/openssl/files/openssl-0.9.8-CAN-2005-2969.patch @@ -0,0 +1,111 @@ +Index: CHANGES +=================================================================== +RCS file: /e/openssl/cvs/openssl/CHANGES,v +retrieving revision 1.1238.2.17 +diff -u -r1.1238.2.17 CHANGES +--- CHANGES 2 Sep 2005 22:48:13 -0000 1.1238.2.17 ++++ CHANGES 23 Sep 2005 03:37:36 -0000 +@@ -4,6 +4,16 @@ + + Changes between 0.9.8 and 0.9.8a [05 Jul 2005]] + ++ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING ++ (part of SSL_OP_ALL). This option used to disable the ++ countermeasure against man-in-the-middle protocol-version ++ rollback in the SSL 2.0 server implementation, which is a bad ++ idea. ++ ++ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center ++ for Information Security, National Institute of Advanced Industrial ++ Science and Technology [AIST], Japan)] ++ + *) Add libcrypto.pc and libssl.pc for those who feel they need them. + [Richard Levitte] + +@@ -850,6 +860,16 @@ + + Changes between 0.9.7g and 0.9.7h [XX xxx XXXX] + ++ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING ++ (part of SSL_OP_ALL). This option used to disable the ++ countermeasure against man-in-the-middle protocol-version ++ rollback in the SSL 2.0 server implementation, which is a bad ++ idea. ++ ++ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center ++ for Information Security, National Institute of Advanced Industrial ++ Science and Technology [AIST], Japan)] ++ + *) Minimal support for X9.31 signatures and PSS padding modes. This is + mainly for FIPS compliance and not fully integrated at this stage. + [Steve Henson] +@@ -899,6 +919,9 @@ + + Changes between 0.9.7f and 0.9.7g [11 Apr 2005] + ++ [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after ++ OpenSSL 0.9.8.] ++ + *) Fixes for newer kerberos headers. NB: the casts are needed because + the 'length' field is signed on one version and unsigned on another + with no (?) obvious way to tell the difference, without these VC++ +Index: doc/ssl/SSL_CTX_set_options.pod +=================================================================== +RCS file: /e/openssl/cvs/openssl/doc/ssl/SSL_CTX_set_options.pod,v +retrieving revision 1.13 +diff -u -r1.13 SSL_CTX_set_options.pod +--- doc/ssl/SSL_CTX_set_options.pod 22 Mar 2005 17:55:33 -0000 1.13 ++++ doc/ssl/SSL_CTX_set_options.pod 23 Sep 2005 03:37:38 -0000 +@@ -86,7 +86,7 @@ + + =item SSL_OP_MSIE_SSLV2_RSA_PADDING + +-... ++As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect. + + =item SSL_OP_SSLEAY_080_CLIENT_DH_BUG + +Index: ssl/s23_srvr.c +=================================================================== +RCS file: /e/openssl/cvs/openssl/ssl/s23_srvr.c,v +retrieving revision 1.46.2.1 +diff -u -r1.46.2.1 s23_srvr.c +--- ssl/s23_srvr.c 5 Aug 2005 23:52:07 -0000 1.46.2.1 ++++ ssl/s23_srvr.c 23 Sep 2005 03:37:38 -0000 +@@ -250,9 +250,6 @@ + int n=0,j; + int type=0; + int v[2]; +-#ifndef OPENSSL_NO_RSA +- int use_sslv2_strong=0; +-#endif + + if (s->state == SSL23_ST_SR_CLNT_HELLO_A) + { +@@ -501,9 +498,7 @@ + } + + s->state=SSL2_ST_GET_CLIENT_HELLO_A; +- if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || +- use_sslv2_strong || +- (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) ++ if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) + s->s2->ssl2_rollback=0; + else + /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 +Index: ssl/ssl.h +=================================================================== +RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v +retrieving revision 1.161.2.1 +diff -u -r1.161.2.1 ssl.h +--- ssl/ssl.h 10 Jun 2005 19:51:16 -0000 1.161.2.1 ++++ ssl/ssl.h 23 Sep 2005 03:37:40 -0000 +@@ -480,7 +480,7 @@ + #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L + #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L + #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L +-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L ++#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ + #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L + #define SSL_OP_TLS_D5_BUG 0x00000100L + #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L diff --git a/dev-libs/openssl/openssl-0.9.7d-r2.ebuild b/dev-libs/openssl/openssl-0.9.7e-r2.ebuild index 19558fd228a4..9cc461b1d1a2 100644 --- a/dev-libs/openssl/openssl-0.9.7d-r2.ebuild +++ b/dev-libs/openssl/openssl-0.9.7e-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.7d-r2.ebuild,v 1.18 2005/07/05 23:45:20 azarah Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.7e-r2.ebuild,v 1.1 2005/10/12 04:56:44 vapier Exp $ inherit eutils flag-o-matic toolchain-funcs @@ -11,17 +11,16 @@ HOMEPAGE="http://www.openssl.org/" SRC_URI="mirror://openssl/source/${P}.tar.gz mirror://openssl/source/${OLD_096_P}.tar.gz" -LICENSE="openssl" +LICENSE="as-is" SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86" -IUSE="emacs" +KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86" +IUSE="emacs test bindist zlib" -RDEPEND="virtual/libc" +RDEPEND="" DEPEND="${RDEPEND} sys-apps/diffutils >=dev-lang/perl-5 - >=sys-apps/sed-4 - !elibc_uclibc? ( sys-devel/bc )" + !test? ( sys-devel/bc )" S=${WORKDIR} @@ -31,70 +30,47 @@ src_unpack() { # openssl-0.9.7 cd ${WORKDIR}/${P} - epatch ${FILESDIR}/openssl-0.9.7c-tempfile.patch || die "patch failed" - - if [ "${ARCH}" = "ppc64" ]; then - epatch ${FILESDIR}/addppc64support.diff - fi - - epatch ${FILESDIR}/${P}-gentoo.diff - epatch ${FILESDIR}/${P}-smime.patch - - if [ "${ARCH}" = "hppa" ]; then - # Tells to compile a static version of openssl - sed -i -e \ - 's!^"linux-parisc"\(.*\)::BN\(.*\)::!"linux-parisc"\1:-ldl:BN\2::::::::::dlfcn:linux-shared:-fPIC::.so.\\$(SHLIB_MAJOR).\\$(SHLIB_MINOR)!' \ - Configure \ - || die "sed failed" - # Fix detection of parisc running 64 bit kernel - sed -i -e 's/parisc-\*-linux2/parisc\*-\*-linux2/' config \ - || die "sed failed" - fi - if [ "${ARCH}" = "arm" ]; then - # patch linker to add -ldl or things linking aginst libcrypto fail - sed -i -e \ - 's!^"linux-elf-arm"\(.*\)::BN\(.*\)!"linux-elf-arm"\1:-ldl:BN\2!' \ - Configure \ - || die "sed failed" - fi - - if [ "${ARCH}" = "alpha" -a "${CC}" != "ccc" ]; then - # ccc compiled openssl will break things linked against - # a gcc compiled openssl, the configure will automatically detect - # ccc and use it, so stop that if user hasnt asked for it. - sed -i -e \ - 's!CC=ccc!CC=gcc!' config \ - || die "sed failed" - fi - - case $( gcc-version ) in - 3.2 ) - filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loop ;; + epatch "${FILESDIR}"/${PN}-0.9.7c-tempfile.patch + [[ $(tc-arch) == "ppc64" ]] && epatch "${FILESDIR}"/addppc64support.diff + epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch + epatch "${FILESDIR}"/${PN}-0.9.7-arm-big-endian.patch + epatch "${FILESDIR}"/${PN}-0.9.7-hppa-fix-detection.patch + epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch + epatch "${FILESDIR}"/${PN}-0.9.7e-no-fips.patch + epatch "${FILESDIR}"/${PN}-0.9.7e-ptr-casting.patch + epatch "${FILESDIR}"/${PN}-0.9.7g-mem-clr-ptr-cast.patch + epatch "${FILESDIR}"/${PN}-0.9.7e-x86_64-bn-asm.patch + epatch "${FILESDIR}"/${PN}-0.9.7-CAN-2005-2969.patch #108046 + epatch "${FILESDIR}"/${PN}-0.9.7e-superh.patch + + case $(gcc-version) in + 3.2) + filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loop + ;; 3.4 | 3.3 ) filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops - if [ "${ARCH}" = "ppc" -o "${ARCH}" = "ppc64" ]; then - append-flags -fno-strict-aliasing - fi + [[ ${ARCH} == "ppc" || ${ARCH} == "ppc64" ]] && append-flags -fno-strict-aliasing + # <robbat2@gentoo.org> (14 Feb 2004) + # bug #69550 openssl breaks in some cases. + [[ ${ARCH} == "x86" ]] && append-flags -Wa,--noexecstack ;; esac # replace CFLAGS OLDIFS=$IFS - IFS=" -" + IFS=$'\n' for a in $( grep -n -e "^\"linux-" Configure ); do LINE=$( echo $a | awk -F: '{print $1}' ) CUR_CFLAGS=$( echo $a | awk -F: '{print $3}' ) - # for ppc64 I have to be careful given current - # toolchain issues - if [ "${ARCH}" != "ppc64" ]; then - NEW_CFLAGS="$( echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s/-fomit-frame-pointer//" -e "s/-mcpu=[-a-z0-9]+//" -e "s/-m486//" ) $CFLAGS" + # for ppc64 I have to be careful given current toolchain issues + if [[ ${ARCH} != "ppc64" ]]; then + NEW_CFLAGS="$( echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s:-fomit-frame-pointer::" -e "s:-mcpu=[-a-z0-9]+::" -e "s:-m486::" ) $CFLAGS" else - NEW_CFLAGS="$( echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s/-fomit-frame-pointer//" -e "s/-mcpu=[-a-z0-9]+//" -e "s/-m486//" ) " + NEW_CFLAGS="$( echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s:-fomit-frame-pointer::" -e "s:-mcpu=[-a-z0-9]+::" -e "s:-m486::" ) " fi - sed -i "${LINE}s/$CUR_CFLAGS/$NEW_CFLAGS/" Configure \ + sed -i "${LINE}s:$CUR_CFLAGS:$NEW_CFLAGS:" Configure \ || die "sed failed" done IFS=$OLDIFS @@ -102,22 +78,22 @@ src_unpack() { if [ "$(get_libdir)" != "lib" ] ; then # using a library directory other than lib requires some magic sed -i \ - -e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \ - -e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \ - Makefile.org \ - || die "sed failed" - ./config --test-sanity || die + -e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \ + -e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \ + Makefile.org \ + || die "sed failed" + ./config --test-sanity || die "sanity failed" fi # openssl-0.9.6 test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && { cd ${WORKDIR}/${OLD_096_P} - epatch ${FILESDIR}/${OLD_096_P}-gentoo.diff + epatch "${FILESDIR}"/${OLD_096_P}-gentoo.diff case ${ARCH} in mips) - epatch ${FILESDIR}/openssl-0.9.6-mips.diff + epatch "${FILESDIR}"/openssl-0.9.6-mips.diff ;; arm) # patch linker to add -ldl or things linking aginst libcrypto fail @@ -139,8 +115,7 @@ src_unpack() { # replace CFLAGS OLDIFS=$IFS - IFS=" -" + IFS=$'\n' for a in $( grep -n -e "^\"linux-" Configure ); do LINE=$( echo $a | awk -F: '{print $1}' ) CUR_CFLAGS=$( echo $a | awk -F: '{print $3}' ) @@ -156,34 +131,39 @@ src_compile() { # openssl-0.9.7 cd ${WORKDIR}/${P} + # Clean out patent-or-otherwise-encumbered code. + # MDC-2: 4,908,861 13/03/2007 + # IDEA: 5,214,703 25/05/2010 + # RC5: 5,724,428 03/03/2015 + # EC: ????????? ??/??/2015 + use bindist && conf_options="no-idea no-rc5 no-mdc2 -no-ec" + + use zlib && conf_options="${conf_options} zlib-dynamic" + # Build correctly for mips, mips64, & mipsel if use mips; then - if [ "`echo ${CHOST} | grep "mipsel"`" ]; then + if [[ ${CHOST/mipsel} != ${CHOST} ]] ; then mipsarch="linux-mipsel" else mipsarch="linux-mips" fi - ./Configure ${mipsarch} --prefix=/usr --openssldir=/etc/ssl \ - shared threads || die - # We have to force the target for hppa because detection - # is broken on SMP box - elif [ "`uname -m`" = "parisc" -o "`uname -m`" = "parisc64" ]; then - ./Configure linux-parisc --prefix=/usr --openssldir=/etc/ssl \ + ./Configure ${mipsarch} ${conf_options} --prefix=/usr --openssldir=/etc/ssl \ shared threads || die # force sparcv8 on sparc32 profile elif [ "$PROFILE_ARCH" = "sparc" ]; then - ./Configure linux-sparcv8 --prefix=/usr --openssldir=/etc/ssl \ + ./Configure linux-sparcv8 ${conf_options} --prefix=/usr --openssldir=/etc/ssl \ shared threads || die elif [ "${ABI}" = "sparc64" ]; then - ./Configure linux64-sparcv9 --prefix=/usr --openssldir=/etc/ssl \ + ./Configure linux64-sparcv9 ${conf_options} --prefix=/usr --openssldir=/etc/ssl \ shared threads || die else - ./config --prefix=/usr --openssldir=/etc/ssl shared threads || die + ./config ${conf_options} --prefix=/usr --openssldir=/etc/ssl shared threads \ + || die "config failed" fi einfo "Compiling ${P}" - make all || die + make CC="$(tc-getCC)" all || die "make all failed" # openssl-0.9.6 test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && { @@ -219,13 +199,16 @@ src_compile() { fi einfo "Compiling ${OLD_096_P}" - make all || die + make CC="$(tc-getCC)" all || die } } src_test() { + # make sure sandbox doesnt die on *BSD + add_predict /dev/crypto + cd ${WORKDIR}/${P} - make test || die + make test || die "make test failed" # openssl-0.9.6 test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && { @@ -238,7 +221,7 @@ src_install() { # openssl-0.9.7 cd ${WORKDIR}/${P} make INSTALL_PREFIX=${D} MANDIR=/usr/share/man install || die - dodoc CHANGES* FAQ LICENSE NEWS README + dodoc CHANGES* FAQ NEWS README dodoc doc/*.txt dohtml doc/* @@ -255,14 +238,13 @@ src_install() { LD_LIBRARY_PATH="${D}"/usr/$(get_libdir)/ \ OPENSSL=${D}/usr/bin/openssl /usr/bin/perl tools/c_rehash ${D}/etc/ssl/certs - # The man pages rand.3 and passwd.1 conflict with other packages - # Rename them to ssl-* and also make a symlink from openssl-* to ssl-* - cd ${D}/usr/share/man/man1 - mv passwd.1 ssl-passwd.1 - ln -sf ssl-passwd.1 openssl-passwd.1 - cd ${D}/usr/share/man/man3 - mv rand.3 ssl-rand.3 - ln -sf ssl-rand.3 openssl-rand.3 + # These man pages with other packages so rename them + cd "${D}"/usr/share/man + for m in man1/passwd.1 man3/rand.3 man3/err.3 ; do + d=${m%%/*} ; m=${m##*/} + mv ${d}/{,ssl-}${m} + ln -s ssl-${m} ${d}/openssl-${m} + done # openssl-0.9.6 test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && { diff --git a/dev-libs/openssl/openssl-0.9.7g-r1.ebuild b/dev-libs/openssl/openssl-0.9.7g-r1.ebuild new file mode 100644 index 000000000000..8bb34b634c25 --- /dev/null +++ b/dev-libs/openssl/openssl-0.9.7g-r1.ebuild @@ -0,0 +1,173 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.7g-r1.ebuild,v 1.1 2005/10/12 04:56:44 vapier Exp $ + +inherit eutils flag-o-matic toolchain-funcs + +DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" +HOMEPAGE="http://www.openssl.org/" +SRC_URI="mirror://openssl/source/${P}.tar.gz" + +LICENSE="openssl" +SLOT="0" +# ia64 is ABI incompat atm, do not change the KEYWORD +KEYWORDS="~alpha ~amd64 ~arm ~hppa -ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="emacs test bindist zlib" + +RDEPEND="" +DEPEND="${RDEPEND} + sys-apps/diffutils + >=dev-lang/perl-5 + test? ( sys-devel/bc )" + +src_unpack() { + unpack ${A} + + cd "${S}" + + epatch "${FILESDIR}"/${PN}-0.9.7g-ppc64.patch + epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch + epatch "${FILESDIR}"/${PN}-0.9.7-hppa-fix-detection.patch + epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch + epatch "${FILESDIR}"/${PN}-0.9.7g-no-fips.patch + epatch "${FILESDIR}"/${PN}-0.9.7g-ptr-casting.patch + epatch "${FILESDIR}"/${PN}-0.9.7g-mem-clr-ptr-cast.patch + epatch "${FILESDIR}"/${PN}-0.9.7g-ABI-compat.patch + epatch "${FILESDIR}"/${PN}-0.9.7-CAN-2005-2969.patch #108046 + epatch "${FILESDIR}"/${PN}-0.9.7g-superh.patch + epatch "${FILESDIR}"/${PN}-0.9.7g-amd64-fbsd.patch + + # allow openssl to be cross-compiled + cp "${FILESDIR}"/gentoo.config-0.9.7g gentoo.config || die "cp cross-compile failed" + chmod a+rx gentoo.config + + # Don't build manpages if we don't want them + has noman FEATURES && sed -i '/^install:/s:install_docs::' Makefile.org + + case $(gcc-version) in + 3.2) + filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loop + ;; + 3.4 | 3.3 ) + filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops + [[ ${ARCH} == "ppc" || ${ARCH} == "ppc64" ]] && append-flags -fno-strict-aliasing + ;; + esac + append-flags -Wa,--noexecstack + + # replace CFLAGS + OLDIFS=$IFS + IFS=$'\n' + for a in $( grep -n -e "^\"linux-" Configure ); do + LINE=$( echo $a | awk -F: '{print $1}' ) + CUR_CFLAGS=$( echo $a | awk -F: '{print $3}' ) + NEW_CFLAGS=$(echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s:-fomit-frame-pointer::" -e "s:-mcpu=[-a-z0-9]+::" -e "s:-m486::") + # ppc64's current toolchain sucks at optimization and will break this package + [[ $(tc-arch) != "ppc64" ]] && NEW_CFLAGS="${NEW_CFLAGS} ${CFLAGS}" + + sed -i "${LINE}s:$CUR_CFLAGS:$NEW_CFLAGS:" Configure || die "sed failed" + done + IFS=$OLDIFS + + if [ "$(get_libdir)" != "lib" ] ; then + # using a library directory other than lib requires some magic + sed -i \ + -e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \ + -e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \ + Makefile.org \ + || die "sed failed" + ./config --test-sanity || die "sanity failed" + fi +} + +src_compile() { + # Clean out patent-or-otherwise-encumbered code. + # MDC-2: 4,908,861 13/03/2007 + # IDEA: 5,214,703 25/05/2010 + # RC5: 5,724,428 03/03/2015 + # EC: ????????? ??/??/2015 + local confopts="" + use bindist && confopts="no-idea no-rc5 no-mdc2 -no-ec" + + use zlib && confopts="${confopts} zlib-dynamic" + + local sslout=$(./gentoo.config) + einfo "Use configuration ${sslout}" + + local config="Configure" + [[ -z ${sslout} ]] && config="config" + ./${config} \ + ${sslout} \ + ${confopts} \ + --prefix=/usr \ + --openssldir=/etc/ssl \ + shared threads \ + || die "Configure failed" + + emake \ + CC="$(tc-getCC)" MAKEDEPPROG="$(tc-getCC)" \ + AR="$(tc-getAR) r" \ + RANLIB="$(tc-getRANLIB)" \ + all || die "make all failed" + + # force until we get all the gentoo.config kinks worked out + tc-is-cross-compiler || src_test +} + +src_test() { + # make sure sandbox doesnt die on *BSD + add_predict /dev/crypto + + make test || die "make test failed" +} + +src_install() { + make INSTALL_PREFIX="${D}" MANDIR=/usr/share/man install || die + dodoc CHANGES* FAQ NEWS README + dodoc doc/*.txt + dohtml doc/* + + if use emacs ; then + insinto /usr/share/emacs/site-lisp + doins doc/c-indentation.el + fi + + # create the certs directory. Previous openssl builds + # would need to create /usr/lib/ssl/certs but this looks + # to be the more FHS compliant setup... -raker + insinto /etc/ssl/certs + doins certs/*.pem + LD_LIBRARY_PATH="${D}"/usr/$(get_libdir)/ \ + OPENSSL="${D}"/usr/bin/openssl /usr/bin/perl tools/c_rehash "${D}"/etc/ssl/certs + + # These man pages with other packages so rename them + cd "${D}"/usr/share/man + for m in man1/passwd.1 man3/rand.3 man3/err.3 ; do + d=${m%%/*} ; m=${m##*/} + mv ${d}/{,ssl-}${m} + ln -s ssl-${m} ${d}/openssl-${m} + done + + fperms a+x /usr/$(get_libdir)/pkgconfig #34088 +} + +pkg_postinst() { + local BN_H="${ROOT}$(gcc-config -L)/include/openssl/bn.h" + # Breaks things one some boxen, bug #13795. The problem is that + # if we have a 'gcc fixed' version in $(gcc-config -L) from 0.9.6, + # then breaks as it was defined as 'int BN_mod(...)' and in 0.9.7 it + # is a define with BN_div(...) - <azarah@gentoo.org> (24 Sep 2003) + if [ -f "${BN_H}" ] && [ -n "$(grep '^int[[:space:]]*BN_mod(' "${BN_H}")" ] + then + rm -f "${BN_H}" + fi + + if [[ -e ${ROOT}/usr/lib/libcrypto.so.0.9.6 ]] ; then + ewarn "You must re-compile all packages that are linked against" + ewarn "OpenSSL 0.9.6 by using revdep-rebuild from gentoolkit:" + ewarn "# revdep-rebuild --soname libssl.so.0.9.6" + ewarn "# revdep-rebuild --soname libcrypto.so.0.9.6" + ewarn "After this, you can delete /usr/lib/libssl.so.0.9.6 and /usr/lib/libcrypto.so.0.9.6" + touch -c "${ROOT}"/usr/lib/lib{crypto,ssl}.so.0.9.6 + fi +} diff --git a/dev-libs/openssl/openssl-0.9.8-r1.ebuild b/dev-libs/openssl/openssl-0.9.8-r1.ebuild new file mode 100644 index 000000000000..0a8a2e49e98c --- /dev/null +++ b/dev-libs/openssl/openssl-0.9.8-r1.ebuild @@ -0,0 +1,175 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8-r1.ebuild,v 1.1 2005/10/12 04:56:44 vapier Exp $ + +inherit eutils flag-o-matic toolchain-funcs + +DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" +HOMEPAGE="http://www.openssl.org/" +SRC_URI="mirror://openssl/source/${P}.tar.gz" + +LICENSE="openssl" +SLOT="0" +KEYWORDS="-*" +IUSE="emacs test bindist zlib" + +RDEPEND="" +DEPEND="${RDEPEND} + sys-apps/diffutils + >=dev-lang/perl-5 + test? ( sys-devel/bc )" + +src_unpack() { + unpack ${A} + + cd "${S}" + + epatch "${FILESDIR}"/${PN}-0.9.8-ppc64.patch + epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch + #epatch "${FILESDIR}"/${PN}-0.9.7-hppa-fix-detection.patch + epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch + epatch "${FILESDIR}"/${PN}-0.9.8-parallel-build.patch + epatch "${FILESDIR}"/${PN}-0.9.8-make-engines-dir.patch + epatch "${FILESDIR}"/${PN}-0.9.8-CAN-2005-2969.patch + + # allow openssl to be cross-compiled + cp "${FILESDIR}"/gentoo.config-0.9.7g gentoo.config || die "cp cross-compile failed" + chmod a+rx gentoo.config + + # Don't build manpages if we don't want them + has noman FEATURES && sed -i '/^install:/s:install_docs::' Makefile.org + + case $(gcc-version) in + 3.2) + filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loop + ;; + 3.4 | 3.3 ) + filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops + [[ ${ARCH} == "ppc" || ${ARCH} == "ppc64" ]] && append-flags -fno-strict-aliasing + ;; + esac + append-flags -Wa,--noexecstack + + # replace CFLAGS + OLDIFS=$IFS + IFS=$'\n' + for a in $( grep -n -e "^\"linux-" Configure ); do + LINE=$( echo $a | awk -F: '{print $1}' ) + CUR_CFLAGS=$( echo $a | awk -F: '{print $3}' ) + NEW_CFLAGS=$(echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s:-fomit-frame-pointer::" -e "s:-mcpu=[-a-z0-9]+::" -e "s:-m486::") + # ppc64's current toolchain sucks at optimization and will break this package + [[ $(tc-arch) != "ppc64" ]] && NEW_CFLAGS="${NEW_CFLAGS} ${CFLAGS}" + + sed -i "${LINE}s:$CUR_CFLAGS:$NEW_CFLAGS:" Configure || die "sed failed" + done + IFS=$OLDIFS + + if [ "$(get_libdir)" != "lib" ] ; then + # using a library directory other than lib requires some magic + sed -i \ + -e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \ + -e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \ + Makefile.org engines/Makefile \ + || die "sed failed" + ./config --test-sanity || die "sanity failed" + fi +} + +src_compile() { + # Clean out patent-or-otherwise-encumbered code. + # MDC-2: 4,908,861 13/03/2007 + # IDEA: 5,214,703 25/05/2010 + # RC5: 5,724,428 03/03/2015 + # EC: ????????? ??/??/2015 + local confopts="" + use bindist && confopts="no-idea no-rc5 no-mdc2 -no-ec" + + use zlib && confopts="${confopts} zlib-dynamic" + + local sslout=$(./gentoo.config) + einfo "Use configuration ${sslout}" + + local config="Configure" + [[ -z ${sslout} ]] && config="config" + ./${config} \ + ${sslout} \ + ${confopts} \ + --prefix=/usr \ + --openssldir=/etc/ssl \ + shared threads \ + || die "Configure failed" + + emake \ + CC="$(tc-getCC)" MAKEDEPPROG="$(tc-getCC)" \ + AR="$(tc-getAR) r" \ + RANLIB="$(tc-getRANLIB)" \ + all || die "make all failed" + + # force until we get all the gentoo.config kinks worked out + tc-is-cross-compiler || src_test +} + +src_test() { + # make sure sandbox doesnt die on *BSD + add_predict /dev/crypto + + make test || die "make test failed" +} + +src_install() { + make INSTALL_PREFIX="${D}" MANDIR=/usr/share/man install || die + dodoc CHANGES* FAQ NEWS README + dodoc doc/*.txt + dohtml doc/* + + if use emacs ; then + insinto /usr/share/emacs/site-lisp + doins doc/c-indentation.el + fi + + # create the certs directory. Previous openssl builds + # would need to create /usr/lib/ssl/certs but this looks + # to be the more FHS compliant setup... -raker + insinto /etc/ssl/certs + doins certs/*.pem + LD_LIBRARY_PATH="${D}"/usr/$(get_libdir)/ \ + OPENSSL="${D}"/usr/bin/openssl /usr/bin/perl tools/c_rehash \ + "${D}"/etc/ssl/certs + + # These man pages with other packages so rename them + cd "${D}"/usr/share/man + for m in man1/passwd.1 man3/rand.3 man3/err.3 ; do + d=${m%%/*} ; m=${m##*/} + mv -f ${d}/{,ssl-}${m} + ln -snf ssl-${m} ${d}/openssl-${m} + done + + fperms a+x /usr/$(get_libdir)/pkgconfig #34088 +} + +pkg_preinst() { + if [[ -e ${ROOT}/usr/$(get_libdir)/libcrypto.so.0.9.7 ]] ; then + cp -pPR "${ROOT}"/usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.7 "${IMAGE}"/usr/$(get_libdir)/ + fi +} + +pkg_postinst() { + local BN_H="${ROOT}$(gcc-config -L)/include/openssl/bn.h" + # Breaks things one some boxen, bug #13795. The problem is that + # if we have a 'gcc fixed' version in $(gcc-config -L) from 0.9.6, + # then breaks as it was defined as 'int BN_mod(...)' and in 0.9.7 it + # is a define with BN_div(...) - <azarah@gentoo.org> (24 Sep 2003) + if [ -f "${BN_H}" ] && [ -n "$(grep '^int[[:space:]]*BN_mod(' "${BN_H}")" ] + then + rm -f "${BN_H}" + fi + + if [[ -e ${ROOT}/usr/$(get_libdir)/libcrypto.so.0.9.7 ]] ; then + ewarn "You must re-compile all packages that are linked against" + ewarn "OpenSSL 0.9.7 by using revdep-rebuild from gentoolkit:" + ewarn "# revdep-rebuild --soname libssl.so.0.9.7" + ewarn "# revdep-rebuild --soname libcrypto.so.0.9.7" + ewarn "After this, you can delete /usr/$(get_libdir)/libssl.so.0.9.7" + ewarn "and /usr/$(get_libdir)/libcrypto.so.0.9.7" + fi +} |