diff options
14 files changed, 0 insertions, 881 deletions
diff --git a/dev-libs/openssl/files/openssl-0.9.8-make-engines-dir.patch b/dev-libs/openssl/files/openssl-0.9.8-make-engines-dir.patch deleted file mode 100644 index 5cba456c7e9c..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8-make-engines-dir.patch +++ /dev/null @@ -1,12 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=2082 - ---- openssl-0.9.8/engines/Makefile -+++ openssl-0.9.8.az/engines/Makefile -@@ -88,6 +88,7 @@ - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ -+ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines; \ - for l in $(LIBNAMES); do \ - ( echo installing $$l; \ - if [ "$(PLATFORM)" != "Cygwin" ]; then \ diff --git a/dev-libs/openssl/files/openssl-0.9.8-makedepend.patch b/dev-libs/openssl/files/openssl-0.9.8-makedepend.patch deleted file mode 100644 index 9abbe8ef3720..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8-makedepend.patch +++ /dev/null @@ -1,15 +0,0 @@ -http://bugs.gentoo.org/149583 - -http://rt.openssl.org/Ticket/Display.html?id=2085 - ---- util/domd -+++ util/domd -@@ -14,7 +14,7 @@ - cp Makefile Makefile.save - # fake the presence of Kerberos - touch $TOP/krb5.h --if [ "$MAKEDEPEND" = "gcc" ]; then -+if [ "$MAKEDEPEND" != "makedepend" ]; then - args="" - while [ $# -gt 0 ]; do - if [ "$1" != "--" ]; then args="$args $1"; fi diff --git a/dev-libs/openssl/files/openssl-0.9.8e-make.patch b/dev-libs/openssl/files/openssl-0.9.8e-make.patch deleted file mode 100644 index 54f4302cbe79..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8e-make.patch +++ /dev/null @@ -1,26 +0,0 @@ -respect $MAKE if it is set in the environment so we don't get a mix -of the host `make` and whatever $MAKE is set to when recursing - -http://bugs.gentoo.org/146316 - -http://rt.openssl.org/Ticket/Display.html?id=2080 - ---- openssl-0.9.8e/Configure -+++ openssl-0.9.8e/Configure -@@ -931,6 +931,7 @@ - $default_ranlib= &which("ranlib") or $default_ranlib="true"; - $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl") - or $perl="perl"; -+my $make = $ENV{'MAKE'} || "make"; - - chop $openssldir if $openssldir =~ /\/$/; - chop $prefix if $prefix =~ /\/$/; -@@ -1554,7 +1557,7 @@ - EOF - close(OUT); - } else { -- my $make_command = "make PERL=\'$perl\'"; -+ my $make_command = "$make PERL=\'$perl\'"; - my $make_targets = ""; - $make_targets .= " links" if $symlink; - $make_targets .= " depend" if $depflags ne $default_depflags && $make_depend; diff --git a/dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch b/dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch deleted file mode 100644 index ef6134b02ca9..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch +++ /dev/null @@ -1,31 +0,0 @@ -Fix from upstream cvs - -Index: ssl/t1_lib.c -=================================================================== -RCS file: /usr/local/src/openssl/CVSROOT/openssl/ssl/t1_lib.c,v -retrieving revision 1.64 -retrieving revision 1.65 -diff -u -p -r1.64 -r1.65 ---- ssl/t1_lib.c 29 Dec 2008 16:15:27 -0000 1.64 -+++ ssl/t1_lib.c 28 Apr 2009 22:10:54 -0000 1.65 -@@ -267,6 +267,10 @@ unsigned char *ssl_add_clienthello_tlsex - int extdatalen=0; - unsigned char *ret = p; - -+ /* don't add extensions for SSLv3 */ -+ if (s->client_version == SSL3_VERSION) -+ return p; -+ - ret+=2; - - if (ret>=limit) return NULL; /* this really never occurs, but ... */ -@@ -448,6 +452,10 @@ unsigned char *ssl_add_serverhello_tlsex - int extdatalen=0; - unsigned char *ret = p; - -+ /* don't add extensions for SSLv3 */ -+ if (s->version == SSL3_VERSION) -+ return p; -+ - ret+=2; - if (ret>=limit) return NULL; /* this really never occurs, but ... */ diff --git a/dev-libs/openssl/files/openssl-0.9.8k-toolchain.patch b/dev-libs/openssl/files/openssl-0.9.8k-toolchain.patch deleted file mode 100644 index 78d77d0a74a4..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8k-toolchain.patch +++ /dev/null @@ -1,22 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=2081 - ---- Configure -+++ Configure -@@ -979,7 +979,8 @@ - my $shared_cflag = $fields[$idx_shared_cflag]; - my $shared_ldflag = $fields[$idx_shared_ldflag]; - my $shared_extension = $fields[$idx_shared_extension]; --my $ranlib = $fields[$idx_ranlib]; -+my $ar = $ENV{'AR'} || "ar"; -+my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib]; - my $arflags = $fields[$idx_arflags]; - - if ($fips) -@@ -1487,6 +1488,7 @@ - s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; - s/^PROCESSOR=.*/PROCESSOR= $processor/; - s/^RANLIB=.*/RANLIB= $ranlib/; -+ s/^AR=ar /AR= $ar /; - s/^ARFLAGS=.*/ARFLAGS= $arflags/; - s/^PERL=.*/PERL= $perl/; - s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch deleted file mode 100644 index 761698e0f1d4..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch +++ /dev/null @@ -1,53 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest - -Index: openssl/crypto/pqueue/pqueue.c -RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v -rcsdiff -q -kk '-r1.2.2.4' '-r1.2.2.5' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v' 2>/dev/null ---- crypto/pqueue/pqueue.c 2005/06/28 12:53:33 1.2.2.4 -+++ crypto/pqueue/pqueue.c 2009/05/16 16:18:44 1.2.2.5 -@@ -234,3 +234,17 @@ - - return ret; - } -+ -+int -+pqueue_size(pqueue_s *pq) -+{ -+ pitem *item = pq->items; -+ int count = 0; -+ -+ while(item != NULL) -+ { -+ count++; -+ item = item->next; -+ } -+ return count; -+} -Index: openssl/crypto/pqueue/pqueue.h -RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v -rcsdiff -q -kk '-r1.2.2.1' '-r1.2.2.2' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v' 2>/dev/null ---- crypto/pqueue/pqueue.h 2005/05/30 22:34:27 1.2.2.1 -+++ crypto/pqueue/pqueue.h 2009/05/16 16:18:44 1.2.2.2 -@@ -91,5 +91,6 @@ - pitem *pqueue_next(piterator *iter); - - void pqueue_print(pqueue pq); -+int pqueue_size(pqueue pq); - - #endif /* ! HEADER_PQUEUE_H */ -Index: openssl/ssl/d1_pkt.c -RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v -rcsdiff -q -kk '-r1.4.2.17' '-r1.4.2.18' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null ---- ssl/d1_pkt.c 2009/05/16 15:51:59 1.4.2.17 -+++ ssl/d1_pkt.c 2009/05/16 16:18:45 1.4.2.18 -@@ -167,6 +167,10 @@ - DTLS1_RECORD_DATA *rdata; - pitem *item; - -+ /* Limit the size of the queue to prevent DOS attacks */ -+ if (pqueue_size(queue->q) >= 100) -+ return 0; -+ - rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); - item = pitem_new(priority, rdata); - if (rdata == NULL || item == NULL) diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch deleted file mode 100644 index f111a4c086e8..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch +++ /dev/null @@ -1,24 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest - -Index: ssl/d1_both.c -=================================================================== ---- ssl/d1_both.c.orig -+++ ssl/d1_both.c -@@ -561,7 +561,16 @@ dtls1_process_out_of_seq_message(SSL *s, - if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) - goto err; - -- if (msg_hdr->seq <= s->d1->handshake_read_seq) -+ /* Try to find item in queue, to prevent duplicate entries */ -+ pq_64bit_init(&seq64); -+ pq_64bit_assign_word(&seq64, msg_hdr->seq); -+ item = pqueue_find(s->d1->buffered_messages, seq64); -+ pq_64bit_free(&seq64); -+ -+ /* Discard the message if sequence number was already there, is -+ * too far in the future or the fragment is already in the queue */ -+ if (msg_hdr->seq <= s->d1->handshake_read_seq || -+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL) - { - unsigned char devnull [256]; - diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch deleted file mode 100644 index 706732435097..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: openssl/ssl/d1_both.c -RCS File: /v/openssl/cvs/openssl/ssl/d1_both.c,v -rcsdiff -q -kk '-r1.14.2.6' '-r1.14.2.7' -u '/v/openssl/cvs/openssl/ssl/d1_both.c,v' 2>/dev/null ---- d1_both.c 2009/04/22 12:17:02 1.14.2.6 -+++ d1_both.c 2009/05/13 11:51:30 1.14.2.7 -@@ -519,6 +519,7 @@ - - if ( s->d1->handshake_read_seq == frag->msg_header.seq) - { -+ unsigned long frag_len = frag->msg_header.frag_len; - pqueue_pop(s->d1->buffered_messages); - - al=dtls1_preprocess_fragment(s,&frag->msg_header,max); -@@ -536,7 +537,7 @@ - if (al==0) - { - *ok = 1; -- return frag->msg_header.frag_len; -+ return frag_len; - } - - ssl3_send_alert(s,SSL3_AL_FATAL,al); diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1387.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1387.patch deleted file mode 100644 index a9e5ea054f5c..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1387.patch +++ /dev/null @@ -1,59 +0,0 @@ -http://bugs.gentoo.org/270305 - -fix from upstream - -Index: ssl/d1_both.c -=================================================================== -RCS file: /usr/local/src/openssl/CVSROOT/openssl/ssl/d1_both.c,v -retrieving revision 1.4.2.7 -retrieving revision 1.4.2.8 -diff -u -p -r1.4.2.7 -r1.4.2.8 ---- ssl/d1_both.c 17 Oct 2007 21:17:49 -0000 1.4.2.7 -+++ ssl/d1_both.c 2 Apr 2009 22:12:13 -0000 1.4.2.8 -@@ -575,30 +575,31 @@ dtls1_process_out_of_seq_message(SSL *s, - } - } - -- frag = dtls1_hm_fragment_new(frag_len); -- if ( frag == NULL) -- goto err; -+ if (frag_len) -+ { -+ frag = dtls1_hm_fragment_new(frag_len); -+ if ( frag == NULL) -+ goto err; - -- memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); -+ memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); - -- if (frag_len) -- { -- /* read the body of the fragment (header has already been read */ -+ /* read the body of the fragment (header has already been read) */ - i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, - frag->fragment,frag_len,0); - if (i<=0 || (unsigned long)i!=frag_len) - goto err; -- } - -- pq_64bit_init(&seq64); -- pq_64bit_assign_word(&seq64, msg_hdr->seq); -+ pq_64bit_init(&seq64); -+ pq_64bit_assign_word(&seq64, msg_hdr->seq); - -- item = pitem_new(seq64, frag); -- pq_64bit_free(&seq64); -- if ( item == NULL) -- goto err; -+ item = pitem_new(seq64, frag); -+ pq_64bit_free(&seq64); -+ if ( item == NULL) -+ goto err; -+ -+ pqueue_insert(s->d1->buffered_messages, item); -+ } - -- pqueue_insert(s->d1->buffered_messages, item); - return DTLS1_HM_FRAGMENT_RETRY; - - err: diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-2409.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-2409.patch deleted file mode 100644 index b097869f3b1e..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-2409.patch +++ /dev/null @@ -1,71 +0,0 @@ -http://bugs.gentoo.org/280591 - -fix from upstream - -http://cvs.openssl.org/chngview?cn=18260 - -Index: openssl/crypto/x509/x509_vfy.c -RCS File: /v/openssl/cvs/openssl/crypto/x509/x509_vfy.c,v -rcsdiff -q -kk '-r1.77.2.8' '-r1.77.2.9' -u '/v/openssl/cvs/openssl/crypto/x509/x509_vfy.c,v' 2>/dev/null ---- crypto/x509/x509_vfy.c 2008/07/13 14:33:15 1.77.2.8 -+++ crypto/x509/x509_vfy.c 2009/06/15 14:52:38 1.77.2.9 -@@ -986,7 +986,11 @@ - while (n >= 0) - { - ctx->error_depth=n; -- if (!xs->valid) -+ -+ /* Skip signature check for self signed certificates. It -+ * doesn't add any security and just wastes time. -+ */ -+ if (!xs->valid && xs != xi) - { - if ((pkey=X509_get_pubkey(xi)) == NULL) - { -@@ -996,13 +1000,6 @@ - if (!ok) goto end; - } - else if (X509_verify(xs,pkey) <= 0) -- /* XXX For the final trusted self-signed cert, -- * this is a waste of time. That check should -- * optional so that e.g. 'openssl x509' can be -- * used to detect invalid self-signatures, but -- * we don't verify again and again in SSL -- * handshakes and the like once the cert has -- * been declared trusted. */ - { - ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; - ctx->current_cert=xs; - -http://cvs.openssl.org/chngview?cn=18317 - -Index: openssl/crypto/evp/c_alld.c -RCS File: /v/openssl/cvs/openssl/crypto/evp/c_alld.c,v -rcsdiff -q -kk '-r1.7' '-r1.7.2.1' -u '/v/openssl/cvs/openssl/crypto/evp/c_alld.c,v' 2>/dev/null ---- crypto/evp/c_alld.c 2005/04/30 21:51:40 1.7 -+++ crypto/evp/c_alld.c 2009/07/08 08:33:26 1.7.2.1 -@@ -64,9 +64,6 @@ - - void OpenSSL_add_all_digests(void) - { --#ifndef OPENSSL_NO_MD2 -- EVP_add_digest(EVP_md2()); --#endif - #ifndef OPENSSL_NO_MD4 - EVP_add_digest(EVP_md4()); - #endif -Index: openssl/ssl/ssl_algs.c -RCS File: /v/openssl/cvs/openssl/ssl/ssl_algs.c,v -rcsdiff -q -kk '-r1.12.2.3' '-r1.12.2.4' -u '/v/openssl/cvs/openssl/ssl/ssl_algs.c,v' 2>/dev/null ---- ssl/ssl_algs.c 2007/04/23 23:50:21 1.12.2.3 -+++ ssl/ssl_algs.c 2009/07/08 08:33:27 1.12.2.4 -@@ -92,9 +92,6 @@ - EVP_add_cipher(EVP_seed_cbc()); - #endif - --#ifndef OPENSSL_NO_MD2 -- EVP_add_digest(EVP_md2()); --#endif - #ifndef OPENSSL_NO_MD5 - EVP_add_digest(EVP_md5()); - EVP_add_digest_alias(SN_md5,"ssl2-md5"); diff --git a/dev-libs/openssl/files/openssl-0.9.8l-dtls-compat.patch b/dev-libs/openssl/files/openssl-0.9.8l-dtls-compat.patch deleted file mode 100644 index 4d30c9b47d6f..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8l-dtls-compat.patch +++ /dev/null @@ -1,167 +0,0 @@ -http://bugs.gentoo.org/280370 - -fix from upstream - -Index: openssl/ssl/d1_clnt.c -RCS File: /v/openssl/cvs/openssl/ssl/d1_clnt.c,v -rcsdiff -q -kk '-r1.3.2.15' '-r1.3.2.16' -u '/v/openssl/cvs/openssl/ssl/d1_clnt.c,v' 2>/dev/null ---- d1_clnt.c 2009/04/14 15:20:47 1.3.2.15 -+++ d1_clnt.c 2009/04/19 18:08:11 1.3.2.16 -@@ -130,7 +130,7 @@ - - static SSL_METHOD *dtls1_get_client_method(int ver) - { -- if (ver == DTLS1_VERSION) -+ if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) - return(DTLSv1_client_method()); - else - return(NULL); -@@ -181,7 +181,8 @@ - s->server=0; - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - -- if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) -+ if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && -+ (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) - { - SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); - ret = -1; -Index: openssl/ssl/d1_lib.c -RCS File: /v/openssl/cvs/openssl/ssl/d1_lib.c,v -rcsdiff -q -kk '-r1.1.2.7' '-r1.1.2.8' -u '/v/openssl/cvs/openssl/ssl/d1_lib.c,v' 2>/dev/null ---- d1_lib.c 2009/04/02 22:34:59 1.1.2.7 -+++ d1_lib.c 2009/04/19 18:08:11 1.1.2.8 -@@ -198,7 +198,10 @@ - void dtls1_clear(SSL *s) - { - ssl3_clear(s); -- s->version=DTLS1_VERSION; -+ if (s->options & SSL_OP_CISCO_ANYCONNECT) -+ s->version=DTLS1_BAD_VER; -+ else -+ s->version=DTLS1_VERSION; - } - - /* -Index: openssl/ssl/d1_pkt.c -RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v -rcsdiff -q -kk '-r1.4.2.15' '-r1.4.2.16' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null ---- d1_pkt.c 2009/04/02 22:34:59 1.4.2.15 -+++ d1_pkt.c 2009/04/19 18:08:12 1.4.2.16 -@@ -1024,15 +1024,17 @@ - if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) - { - struct ccs_header_st ccs_hdr; -+ int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; - - dtls1_get_ccs_header(rr->data, &ccs_hdr); - - /* 'Change Cipher Spec' is just a single byte, so we know - * exactly what the record payload has to look like */ - /* XDTLS: check that epoch is consistent */ -- if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) || -- (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) || -- (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) -+ if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER) -+ ccs_hdr_len = 3; -+ -+ if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) - { - i=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); -@@ -1358,7 +1360,7 @@ - #if 0 - /* 'create_empty_fragment' is true only when this function calls itself */ - if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done -- && SSL_version(s) != DTLS1_VERSION) -+ && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) - { - /* countermeasure against known-IV weakness in CBC ciphersuites - * (see http://www.openssl.org/~bodo/tls-cbc.txt) -Index: openssl/ssl/s3_clnt.c -RCS File: /v/openssl/cvs/openssl/ssl/s3_clnt.c,v -rcsdiff -q -kk '-r1.88.2.21' '-r1.88.2.22' -u '/v/openssl/cvs/openssl/ssl/s3_clnt.c,v' 2>/dev/null ---- s3_clnt.c 2009/02/14 21:50:14 1.88.2.21 -+++ s3_clnt.c 2009/04/19 18:08:12 1.88.2.22 -@@ -708,7 +708,7 @@ - - if (!ok) return((int)n); - -- if ( SSL_version(s) == DTLS1_VERSION) -+ if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) - { - if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) - { -Index: openssl/ssl/ssl.h -RCS File: /v/openssl/cvs/openssl/ssl/ssl.h,v -rcsdiff -q -kk '-r1.161.2.21' '-r1.161.2.22' -u '/v/openssl/cvs/openssl/ssl/ssl.h,v' 2>/dev/null ---- ssl.h 2008/08/13 19:44:44 1.161.2.21 -+++ ssl.h 2009/04/19 18:08:12 1.161.2.22 -@@ -510,6 +510,8 @@ - #define SSL_OP_COOKIE_EXCHANGE 0x00002000L - /* Don't use RFC4507 ticket extension */ - #define SSL_OP_NO_TICKET 0x00004000L -+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ -+#define SSL_OP_CISCO_ANYCONNECT 0x00008000L - - /* As server, disallow session resumption on renegotiation */ - #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L -Index: openssl/ssl/ssl_lib.c -RCS File: /v/openssl/cvs/openssl/ssl/ssl_lib.c,v -rcsdiff -q -kk '-r1.133.2.16' '-r1.133.2.17' -u '/v/openssl/cvs/openssl/ssl/ssl_lib.c,v' 2>/dev/null ---- ssl_lib.c 2009/02/23 16:02:47 1.133.2.16 -+++ ssl_lib.c 2009/04/19 18:08:12 1.133.2.17 -@@ -995,7 +995,8 @@ - s->max_cert_list=larg; - return(l); - case SSL_CTRL_SET_MTU: -- if (SSL_version(s) == DTLS1_VERSION) -+ if (SSL_version(s) == DTLS1_VERSION || -+ SSL_version(s) == DTLS1_BAD_VER) - { - s->d1->mtu = larg; - return larg; -Index: openssl/ssl/ssl_sess.c -RCS File: /v/openssl/cvs/openssl/ssl/ssl_sess.c,v -rcsdiff -q -kk '-r1.51.2.9' '-r1.51.2.10' -u '/v/openssl/cvs/openssl/ssl/ssl_sess.c,v' 2>/dev/null ---- ssl_sess.c 2008/06/04 18:35:27 1.51.2.9 -+++ ssl_sess.c 2009/04/19 18:08:12 1.51.2.10 -@@ -211,6 +211,11 @@ - ss->ssl_version=TLS1_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } -+ else if (s->version == DTLS1_BAD_VER) -+ { -+ ss->ssl_version=DTLS1_BAD_VER; -+ ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; -+ } - else if (s->version == DTLS1_VERSION) - { - ss->ssl_version=DTLS1_VERSION; -Index: openssl/ssl/t1_enc.c -RCS File: /v/openssl/cvs/openssl/ssl/t1_enc.c,v -rcsdiff -q -kk '-r1.35.2.8' '-r1.35.2.9' -u '/v/openssl/cvs/openssl/ssl/t1_enc.c,v' 2>/dev/null ---- t1_enc.c 2009/01/05 14:43:07 1.35.2.8 -+++ t1_enc.c 2009/04/19 18:08:12 1.35.2.9 -@@ -765,10 +765,10 @@ - HMAC_CTX_init(&hmac); - HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); - -- if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER) -+ if (ssl->version == DTLS1_BAD_VER || -+ (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)) - { - unsigned char dtlsseq[8],*p=dtlsseq; -- - s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); - memcpy (p,&seq[2],6); - -@@ -793,7 +793,7 @@ - {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); } - #endif - -- if ( SSL_version(ssl) != DTLS1_VERSION) -+ if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER) - { - for (i=7; i>=0; i--) - { diff --git a/dev-libs/openssl/files/openssl-0.9.8m-cfb.patch b/dev-libs/openssl/files/openssl-0.9.8m-cfb.patch deleted file mode 100644 index 9835b93c314a..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8m-cfb.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- crypto/evp/evp_locl.h 2010/02/15 19:40:45 1.10.2.7 -+++ crypto/evp/evp_locl.h 2010/02/26 14:41:38 1.10.2.8 -@@ -127,9 +127,9 @@ - #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ - iv_len, cbits, flags, init_key, cleanup, \ - set_asn1, get_asn1, ctrl) \ --BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, \ -- (cbits + 7)/8, key_len, iv_len, \ -- flags, init_key, cleanup, set_asn1, get_asn1, ctrl) -+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ -+ key_len, iv_len, flags, init_key, cleanup, set_asn1, \ -+ get_asn1, ctrl) - - #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ - iv_len, cbits, flags, init_key, cleanup, \ diff --git a/dev-libs/openssl/openssl-0.9.8l-r2.ebuild b/dev-libs/openssl/openssl-0.9.8l-r2.ebuild deleted file mode 100644 index f63f338bcc36..000000000000 --- a/dev-libs/openssl/openssl-0.9.8l-r2.ebuild +++ /dev/null @@ -1,186 +0,0 @@ -# Copyright 1999-2010 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8l-r2.ebuild,v 1.10 2010/02/15 06:39:39 vapier Exp $ - -inherit eutils flag-o-matic toolchain-funcs - -DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${P}.tar.gz" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd" -IUSE="bindist gmp kerberos sse2 test zlib" - -RDEPEND="gmp? ( dev-libs/gmp ) - zlib? ( sys-libs/zlib ) - kerberos? ( app-crypt/mit-krb5 )" -DEPEND="${RDEPEND} - sys-apps/diffutils - >=dev-lang/perl-5 - test? ( sys-devel/bc )" -PDEPEND="app-misc/ca-certificates" - -src_unpack() { - unpack ${A} - cd "${S}" - - epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch - epatch "${FILESDIR}"/${PN}-0.9.8j-parallel-build.patch - epatch "${FILESDIR}"/${PN}-0.9.8-make-engines-dir.patch - epatch "${FILESDIR}"/${PN}-0.9.8k-toolchain.patch - epatch "${FILESDIR}"/${PN}-0.9.8b-doc-updates.patch - epatch "${FILESDIR}"/${PN}-0.9.8-makedepend.patch #149583 - epatch "${FILESDIR}"/${PN}-0.9.8e-make.patch #146316 - epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch - epatch "${FILESDIR}"/${PN}-0.9.8g-sslv3-no-tlsext.patch - epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438 - epatch "${FILESDIR}"/${PN}-0.9.8l-CVE-2009-137{7,8,9}.patch #270305 - epatch "${FILESDIR}"/${P}-CVE-2009-1387.patch #270305 - epatch "${FILESDIR}"/${P}-CVE-2009-2409.patch #280591 - epatch "${FILESDIR}"/${P}-dtls-compat.patch #280370 - epatch "${FILESDIR}"/${PN}-0.9.8l-binutils.patch #289130 - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \ - Makefile{,.org} \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed" - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags -Wa,--noexecstack - - # using a library directory other than lib requires some magic - sed -i \ - -e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \ - -e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \ - Makefile.org engines/Makefile \ - || die "sed failed" - sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906 - sed -i '/^"debug-steve/d' Configure # 0.9.8k shipped broken - ./config --test-sanity || die "I AM NOT SANE" -} - -src_compile() { - unset APPS #197996 - - tc-export CC AR RANLIB - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: 5,214,703 25/05/2010 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 - - use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - echoit \ - ./${config} \ - ${sslout} \ - $(use sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - $(use_ssl !bindist idea) \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl zlib) \ - --prefix=/usr \ - --openssldir=/etc/ssl \ - shared threads \ - || die "Configure failed" - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s:=.*:=${CFLAG} ${CFLAGS}:" \ - -e "/^SHARED_LDFLAGS=/s:$: ${LDFLAGS}:" \ - Makefile || die - - # depend is needed to use $confopts - # rehash is needed to prep the certs/ dir - emake -j1 depend || die "depend failed" - emake -j1 all rehash || die "make all failed" -} - -src_test() { - emake -j1 test || die "make test failed" -} - -src_install() { - emake -j1 INSTALL_PREFIX="${D}" install || die - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* - - # create the certs directory - dodir /etc/ssl/certs - cp -RP certs/* "${D}"/etc/ssl/certs/ || die "failed to install certs" - rm -r "${D}"/etc/ssl/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${D}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.][^I]/s:\([^(, I]*([15])\):ssl-\1:g' ${d}/${m} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${D}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir /etc/ssl/private -} - -pkg_preinst() { - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7} -} - -pkg_postinst() { - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7} -} diff --git a/dev-libs/openssl/openssl-0.9.8m-r1.ebuild b/dev-libs/openssl/openssl-0.9.8m-r1.ebuild deleted file mode 100644 index fc684cf17a52..000000000000 --- a/dev-libs/openssl/openssl-0.9.8m-r1.ebuild +++ /dev/null @@ -1,178 +0,0 @@ -# Copyright 1999-2010 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8m-r1.ebuild,v 1.1 2010/03/09 13:25:30 lxnay Exp $ - -inherit eutils flag-o-matic toolchain-funcs - -DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${P}.tar.gz" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" -IUSE="bindist gmp kerberos sse2 test zlib" - -RDEPEND="gmp? ( dev-libs/gmp ) - zlib? ( sys-libs/zlib ) - kerberos? ( app-crypt/mit-krb5 )" -DEPEND="${RDEPEND} - sys-apps/diffutils - >=dev-lang/perl-5 - test? ( sys-devel/bc )" -PDEPEND="app-misc/ca-certificates" - -src_unpack() { - unpack ${A} - cd "${S}" - - epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch - epatch "${FILESDIR}"/${PN}-0.9.8b-doc-updates.patch - epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch - epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438 - epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130 - epatch "${FILESDIR}"/${PN}-0.9.8m-cfb.patch #308123 - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \ - Makefile{,.org} \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed" - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags -Wa,--noexecstack - - # using a library directory other than lib requires some magic -# sed -i \ -# -e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \ -# -e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \ -# Makefile.org engines/Makefile \ -# || die "sed failed" - sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906 - sed -i '/^"debug-steve/d' Configure # 0.9.8k shipped broken - ./config --test-sanity || die "I AM NOT SANE" -} - -src_compile() { - unset APPS #197996 - - tc-export CC AR RANLIB - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: 5,214,703 25/05/2010 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 - - use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - echoit \ - ./${config} \ - ${sslout} \ - $(use sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - $(use_ssl !bindist idea) \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl zlib) \ - --prefix=/usr \ - --openssldir=/etc/ssl \ - shared threads \ - || die "Configure failed" - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^LIBDIR=/s:=.*:=$(get_libdir):" \ - -e "/^CFLAG/s:=.*:=${CFLAG} ${CFLAGS}:" \ - -e "/^SHARED_LDFLAGS=/s:$: ${LDFLAGS}:" \ - Makefile || die - - # depend is needed to use $confopts - # rehash is needed to prep the certs/ dir - emake -j1 depend || die "depend failed" - emake -j1 all rehash || die "make all failed" -} - -src_test() { - emake -j1 test || die "make test failed" -} - -src_install() { - emake -j1 INSTALL_PREFIX="${D}" install || die - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* - - # create the certs directory - dodir /etc/ssl/certs - cp -RP certs/* "${D}"/etc/ssl/certs/ || die "failed to install certs" - rm -r "${D}"/etc/ssl/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${D}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.][^I]/s:\([^(, I]*([15])\):ssl-\1:g' ${d}/${m} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${D}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir /etc/ssl/private -} - -pkg_preinst() { - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7} -} - -pkg_postinst() { - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7} -} |