From ebe7bdb25faea9efa2c8bbe3c07ef84787a39820 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Wed, 12 Oct 2005 04:56:44 +0000 Subject: Add fixes for CAN-2005-2969 #108852. (Portage version: 2.0.53_rc4) --- dev-libs/openssl/ChangeLog | 13 +- dev-libs/openssl/files/digest-openssl-0.9.7d-r2 | 2 - dev-libs/openssl/files/digest-openssl-0.9.7e-r2 | 2 + dev-libs/openssl/files/digest-openssl-0.9.7g-r1 | 1 + dev-libs/openssl/files/digest-openssl-0.9.8-r1 | 1 + .../files/openssl-0.9.7-CAN-2005-2969.patch | 60 +++++ .../files/openssl-0.9.8-CAN-2005-2969.patch | 111 ++++++++ dev-libs/openssl/openssl-0.9.7d-r2.ebuild | 300 --------------------- dev-libs/openssl/openssl-0.9.7e-r2.ebuild | 282 +++++++++++++++++++ dev-libs/openssl/openssl-0.9.7g-r1.ebuild | 173 ++++++++++++ dev-libs/openssl/openssl-0.9.8-r1.ebuild | 175 ++++++++++++ 11 files changed, 817 insertions(+), 303 deletions(-) delete mode 100644 dev-libs/openssl/files/digest-openssl-0.9.7d-r2 create mode 100644 dev-libs/openssl/files/digest-openssl-0.9.7e-r2 create mode 100644 dev-libs/openssl/files/digest-openssl-0.9.7g-r1 create mode 100644 dev-libs/openssl/files/digest-openssl-0.9.8-r1 create mode 100644 dev-libs/openssl/files/openssl-0.9.7-CAN-2005-2969.patch create mode 100644 dev-libs/openssl/files/openssl-0.9.8-CAN-2005-2969.patch delete mode 100644 dev-libs/openssl/openssl-0.9.7d-r2.ebuild create mode 100644 dev-libs/openssl/openssl-0.9.7e-r2.ebuild create mode 100644 dev-libs/openssl/openssl-0.9.7g-r1.ebuild create mode 100644 dev-libs/openssl/openssl-0.9.8-r1.ebuild (limited to 'dev-libs') diff --git a/dev-libs/openssl/ChangeLog b/dev-libs/openssl/ChangeLog index ef49333b65ec..58e69af06f62 100644 --- a/dev-libs/openssl/ChangeLog +++ b/dev-libs/openssl/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for dev-libs/openssl # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.136 2005/09/03 02:52:42 matsuu Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.137 2005/10/12 04:56:44 vapier Exp $ + +*openssl-0.9.8-r1 (12 Oct 2005) +*openssl-0.9.7g-r1 (12 Oct 2005) +*openssl-0.9.7e-r2 (12 Oct 2005) + + 12 Oct 2005; Mike Frysinger + +files/openssl-0.9.7-CAN-2005-2969.patch, + +files/openssl-0.9.8-CAN-2005-2969.patch, -openssl-0.9.7d-r2.ebuild, + +openssl-0.9.7e-r2.ebuild, +openssl-0.9.7g-r1.ebuild, + +openssl-0.9.8-r1.ebuild: + Add fixes for CAN-2005-2969 #108852. 02 Sep 2005; MATSUU Takuto +files/openssl-0.9.7e-superh.patch, openssl-0.9.7e-r1.ebuild: diff --git a/dev-libs/openssl/files/digest-openssl-0.9.7d-r2 b/dev-libs/openssl/files/digest-openssl-0.9.7d-r2 deleted file mode 100644 index 53244e8e53f6..000000000000 --- a/dev-libs/openssl/files/digest-openssl-0.9.7d-r2 +++ /dev/null @@ -1,2 +0,0 @@ -MD5 1b49e90fc8a75c3a507c0a624529aca5 openssl-0.9.7d.tar.gz 2798433 -MD5 1b63bfdca1c37837dddde9f1623498f9 openssl-0.9.6m.tar.gz 2184918 diff --git a/dev-libs/openssl/files/digest-openssl-0.9.7e-r2 b/dev-libs/openssl/files/digest-openssl-0.9.7e-r2 new file mode 100644 index 000000000000..81d2db421e96 --- /dev/null +++ b/dev-libs/openssl/files/digest-openssl-0.9.7e-r2 @@ -0,0 +1,2 @@ +MD5 a8777164bca38d84e5eb2b1535223474 openssl-0.9.7e.tar.gz 3043231 +MD5 1b63bfdca1c37837dddde9f1623498f9 openssl-0.9.6m.tar.gz 2184918 diff --git a/dev-libs/openssl/files/digest-openssl-0.9.7g-r1 b/dev-libs/openssl/files/digest-openssl-0.9.7g-r1 new file mode 100644 index 000000000000..d232b1fa0076 --- /dev/null +++ b/dev-libs/openssl/files/digest-openssl-0.9.7g-r1 @@ -0,0 +1 @@ +MD5 991615f73338a571b6a1be7d74906934 openssl-0.9.7g.tar.gz 3132217 diff --git a/dev-libs/openssl/files/digest-openssl-0.9.8-r1 b/dev-libs/openssl/files/digest-openssl-0.9.8-r1 new file mode 100644 index 000000000000..cbed557bf1ca --- /dev/null +++ b/dev-libs/openssl/files/digest-openssl-0.9.8-r1 @@ -0,0 +1 @@ +MD5 9da21071596a124acde6080552deac16 openssl-0.9.8.tar.gz 3259550 diff --git a/dev-libs/openssl/files/openssl-0.9.7-CAN-2005-2969.patch b/dev-libs/openssl/files/openssl-0.9.7-CAN-2005-2969.patch new file mode 100644 index 000000000000..372c0457070e --- /dev/null +++ b/dev-libs/openssl/files/openssl-0.9.7-CAN-2005-2969.patch @@ -0,0 +1,60 @@ +Index: doc/ssl/SSL_CTX_set_options.pod +=================================================================== +RCS file: /e/openssl/cvs/openssl/doc/ssl/SSL_CTX_set_options.pod,v +retrieving revision 1.9.2.4 +diff -u -r1.9.2.4 SSL_CTX_set_options.pod +--- doc/ssl/SSL_CTX_set_options.pod 22 Mar 2005 17:54:13 -0000 1.9.2.4 ++++ doc/ssl/SSL_CTX_set_options.pod 23 Sep 2005 03:38:43 -0000 +@@ -86,7 +86,7 @@ + + =item SSL_OP_MSIE_SSLV2_RSA_PADDING + +-... ++As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect. + + =item SSL_OP_SSLEAY_080_CLIENT_DH_BUG + +Index: ssl/s23_srvr.c +=================================================================== +RCS file: /e/openssl/cvs/openssl/ssl/s23_srvr.c,v +retrieving revision 1.41.2.6 +diff -u -r1.41.2.6 s23_srvr.c +--- ssl/s23_srvr.c 31 Jan 2005 01:33:35 -0000 1.41.2.6 ++++ ssl/s23_srvr.c 23 Sep 2005 03:38:44 -0000 +@@ -268,9 +268,6 @@ + int n=0,j; + int type=0; + int v[2]; +-#ifndef OPENSSL_NO_RSA +- int use_sslv2_strong=0; +-#endif + + if (s->state == SSL23_ST_SR_CLNT_HELLO_A) + { +@@ -528,9 +525,7 @@ + } + + s->state=SSL2_ST_GET_CLIENT_HELLO_A; +- if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || +- use_sslv2_strong || +- (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) ++ if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) + s->s2->ssl2_rollback=0; + else + /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 +Index: ssl/ssl.h +=================================================================== +RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v +retrieving revision 1.126.2.23 +diff -u -r1.126.2.23 ssl.h +--- ssl/ssl.h 10 Jun 2005 20:00:39 -0000 1.126.2.23 ++++ ssl/ssl.h 23 Sep 2005 03:38:47 -0000 +@@ -467,7 +467,7 @@ + #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L + #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L + #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L +-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L ++#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ + #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L + #define SSL_OP_TLS_D5_BUG 0x00000100L + #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L diff --git a/dev-libs/openssl/files/openssl-0.9.8-CAN-2005-2969.patch b/dev-libs/openssl/files/openssl-0.9.8-CAN-2005-2969.patch new file mode 100644 index 000000000000..7b35363c9804 --- /dev/null +++ b/dev-libs/openssl/files/openssl-0.9.8-CAN-2005-2969.patch @@ -0,0 +1,111 @@ +Index: CHANGES +=================================================================== +RCS file: /e/openssl/cvs/openssl/CHANGES,v +retrieving revision 1.1238.2.17 +diff -u -r1.1238.2.17 CHANGES +--- CHANGES 2 Sep 2005 22:48:13 -0000 1.1238.2.17 ++++ CHANGES 23 Sep 2005 03:37:36 -0000 +@@ -4,6 +4,16 @@ + + Changes between 0.9.8 and 0.9.8a [05 Jul 2005]] + ++ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING ++ (part of SSL_OP_ALL). This option used to disable the ++ countermeasure against man-in-the-middle protocol-version ++ rollback in the SSL 2.0 server implementation, which is a bad ++ idea. ++ ++ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center ++ for Information Security, National Institute of Advanced Industrial ++ Science and Technology [AIST], Japan)] ++ + *) Add libcrypto.pc and libssl.pc for those who feel they need them. + [Richard Levitte] + +@@ -850,6 +860,16 @@ + + Changes between 0.9.7g and 0.9.7h [XX xxx XXXX] + ++ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING ++ (part of SSL_OP_ALL). This option used to disable the ++ countermeasure against man-in-the-middle protocol-version ++ rollback in the SSL 2.0 server implementation, which is a bad ++ idea. ++ ++ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center ++ for Information Security, National Institute of Advanced Industrial ++ Science and Technology [AIST], Japan)] ++ + *) Minimal support for X9.31 signatures and PSS padding modes. This is + mainly for FIPS compliance and not fully integrated at this stage. + [Steve Henson] +@@ -899,6 +919,9 @@ + + Changes between 0.9.7f and 0.9.7g [11 Apr 2005] + ++ [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after ++ OpenSSL 0.9.8.] ++ + *) Fixes for newer kerberos headers. NB: the casts are needed because + the 'length' field is signed on one version and unsigned on another + with no (?) obvious way to tell the difference, without these VC++ +Index: doc/ssl/SSL_CTX_set_options.pod +=================================================================== +RCS file: /e/openssl/cvs/openssl/doc/ssl/SSL_CTX_set_options.pod,v +retrieving revision 1.13 +diff -u -r1.13 SSL_CTX_set_options.pod +--- doc/ssl/SSL_CTX_set_options.pod 22 Mar 2005 17:55:33 -0000 1.13 ++++ doc/ssl/SSL_CTX_set_options.pod 23 Sep 2005 03:37:38 -0000 +@@ -86,7 +86,7 @@ + + =item SSL_OP_MSIE_SSLV2_RSA_PADDING + +-... ++As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect. + + =item SSL_OP_SSLEAY_080_CLIENT_DH_BUG + +Index: ssl/s23_srvr.c +=================================================================== +RCS file: /e/openssl/cvs/openssl/ssl/s23_srvr.c,v +retrieving revision 1.46.2.1 +diff -u -r1.46.2.1 s23_srvr.c +--- ssl/s23_srvr.c 5 Aug 2005 23:52:07 -0000 1.46.2.1 ++++ ssl/s23_srvr.c 23 Sep 2005 03:37:38 -0000 +@@ -250,9 +250,6 @@ + int n=0,j; + int type=0; + int v[2]; +-#ifndef OPENSSL_NO_RSA +- int use_sslv2_strong=0; +-#endif + + if (s->state == SSL23_ST_SR_CLNT_HELLO_A) + { +@@ -501,9 +498,7 @@ + } + + s->state=SSL2_ST_GET_CLIENT_HELLO_A; +- if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || +- use_sslv2_strong || +- (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) ++ if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) + s->s2->ssl2_rollback=0; + else + /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 +Index: ssl/ssl.h +=================================================================== +RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v +retrieving revision 1.161.2.1 +diff -u -r1.161.2.1 ssl.h +--- ssl/ssl.h 10 Jun 2005 19:51:16 -0000 1.161.2.1 ++++ ssl/ssl.h 23 Sep 2005 03:37:40 -0000 +@@ -480,7 +480,7 @@ + #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L + #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L + #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L +-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L ++#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ + #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L + #define SSL_OP_TLS_D5_BUG 0x00000100L + #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L diff --git a/dev-libs/openssl/openssl-0.9.7d-r2.ebuild b/dev-libs/openssl/openssl-0.9.7d-r2.ebuild deleted file mode 100644 index 19558fd228a4..000000000000 --- a/dev-libs/openssl/openssl-0.9.7d-r2.ebuild +++ /dev/null @@ -1,300 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.7d-r2.ebuild,v 1.18 2005/07/05 23:45:20 azarah Exp $ - -inherit eutils flag-o-matic toolchain-funcs - -OLD_096_P="${PN}-0.9.6m" - -DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${P}.tar.gz - mirror://openssl/source/${OLD_096_P}.tar.gz" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86" -IUSE="emacs" - -RDEPEND="virtual/libc" -DEPEND="${RDEPEND} - sys-apps/diffutils - >=dev-lang/perl-5 - >=sys-apps/sed-4 - !elibc_uclibc? ( sys-devel/bc )" - -S=${WORKDIR} - -src_unpack() { - unpack ${A} - - # openssl-0.9.7 - cd ${WORKDIR}/${P} - - epatch ${FILESDIR}/openssl-0.9.7c-tempfile.patch || die "patch failed" - - if [ "${ARCH}" = "ppc64" ]; then - epatch ${FILESDIR}/addppc64support.diff - fi - - epatch ${FILESDIR}/${P}-gentoo.diff - epatch ${FILESDIR}/${P}-smime.patch - - if [ "${ARCH}" = "hppa" ]; then - # Tells to compile a static version of openssl - sed -i -e \ - 's!^"linux-parisc"\(.*\)::BN\(.*\)::!"linux-parisc"\1:-ldl:BN\2::::::::::dlfcn:linux-shared:-fPIC::.so.\\$(SHLIB_MAJOR).\\$(SHLIB_MINOR)!' \ - Configure \ - || die "sed failed" - # Fix detection of parisc running 64 bit kernel - sed -i -e 's/parisc-\*-linux2/parisc\*-\*-linux2/' config \ - || die "sed failed" - fi - if [ "${ARCH}" = "arm" ]; then - # patch linker to add -ldl or things linking aginst libcrypto fail - sed -i -e \ - 's!^"linux-elf-arm"\(.*\)::BN\(.*\)!"linux-elf-arm"\1:-ldl:BN\2!' \ - Configure \ - || die "sed failed" - fi - - if [ "${ARCH}" = "alpha" -a "${CC}" != "ccc" ]; then - # ccc compiled openssl will break things linked against - # a gcc compiled openssl, the configure will automatically detect - # ccc and use it, so stop that if user hasnt asked for it. - sed -i -e \ - 's!CC=ccc!CC=gcc!' config \ - || die "sed failed" - fi - - case $( gcc-version ) in - 3.2 ) - filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loop ;; - 3.4 | 3.3 ) - filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops - if [ "${ARCH}" = "ppc" -o "${ARCH}" = "ppc64" ]; then - append-flags -fno-strict-aliasing - fi - ;; - esac - - # replace CFLAGS - OLDIFS=$IFS - IFS=" -" - for a in $( grep -n -e "^\"linux-" Configure ); do - LINE=$( echo $a | awk -F: '{print $1}' ) - CUR_CFLAGS=$( echo $a | awk -F: '{print $3}' ) - # for ppc64 I have to be careful given current - # toolchain issues - if [ "${ARCH}" != "ppc64" ]; then - NEW_CFLAGS="$( echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s/-fomit-frame-pointer//" -e "s/-mcpu=[-a-z0-9]+//" -e "s/-m486//" ) $CFLAGS" - else - NEW_CFLAGS="$( echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s/-fomit-frame-pointer//" -e "s/-mcpu=[-a-z0-9]+//" -e "s/-m486//" ) " - - fi - - sed -i "${LINE}s/$CUR_CFLAGS/$NEW_CFLAGS/" Configure \ - || die "sed failed" - done - IFS=$OLDIFS - - if [ "$(get_libdir)" != "lib" ] ; then - # using a library directory other than lib requires some magic - sed -i \ - -e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \ - -e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \ - Makefile.org \ - || die "sed failed" - ./config --test-sanity || die - fi - - # openssl-0.9.6 - test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && { - cd ${WORKDIR}/${OLD_096_P} - - epatch ${FILESDIR}/${OLD_096_P}-gentoo.diff - - case ${ARCH} in - mips) - epatch ${FILESDIR}/openssl-0.9.6-mips.diff - ;; - arm) - # patch linker to add -ldl or things linking aginst libcrypto fail - sed -i -e \ - 's!^"linux-elf-arm"\(.*\)::BN\(.*\)!"linux-elf-arm"\1:-ldl:BN\2!' \ - Configure \ - || die "sed failed" - ;; - hppa) - # Tells to compile a static version of openssl - sed -i -e \ - 's!^"linux-parisc"\(.*\)::BN\(.*\)::!"linux-parisc"\1:-ldl:BN\2::::::::::dlfcn:linux-shared:-fPIC::.so.\\$(SHLIB_MAJOR).\\$(SHLIB_MINOR)!' \ - Configure \ - || die "sed failed" - # Fix detection of parisc running 64 bit kernel - sed -i -e 's/parisc-\*-linux2/parisc\*-\*-linux2/' config \ - || die "sed failed" - esac - - # replace CFLAGS - OLDIFS=$IFS - IFS=" -" - for a in $( grep -n -e "^\"linux-" Configure ); do - LINE=$( echo $a | awk -F: '{print $1}' ) - CUR_CFLAGS=$( echo $a | awk -F: '{print $3}' ) - NEW_CFLAGS="$( echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s/-fomit-frame-pointer//" -e "s/-mcpu=[-a-z0-9]+//" -e "s/-m486//" ) $CFLAGS" - sed -i "${LINE}s/$CUR_CFLAGS/$NEW_CFLAGS/" Configure \ - || die "sed failed" - done - IFS=$OLDIFS - } -} - -src_compile() { - # openssl-0.9.7 - cd ${WORKDIR}/${P} - - # Build correctly for mips, mips64, & mipsel - if use mips; then - if [ "`echo ${CHOST} | grep "mipsel"`" ]; then - mipsarch="linux-mipsel" - else - mipsarch="linux-mips" - fi - - ./Configure ${mipsarch} --prefix=/usr --openssldir=/etc/ssl \ - shared threads || die - # We have to force the target for hppa because detection - # is broken on SMP box - elif [ "`uname -m`" = "parisc" -o "`uname -m`" = "parisc64" ]; then - ./Configure linux-parisc --prefix=/usr --openssldir=/etc/ssl \ - shared threads || die - # force sparcv8 on sparc32 profile - elif [ "$PROFILE_ARCH" = "sparc" ]; then - ./Configure linux-sparcv8 --prefix=/usr --openssldir=/etc/ssl \ - shared threads || die - elif [ "${ABI}" = "sparc64" ]; then - ./Configure linux64-sparcv9 --prefix=/usr --openssldir=/etc/ssl \ - shared threads || die - else - ./config --prefix=/usr --openssldir=/etc/ssl shared threads || die - fi - - einfo "Compiling ${P}" - make all || die - - # openssl-0.9.6 - test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && { - cd ${WORKDIR}/${OLD_096_P} - - # force sparcv8 on sparc32 profile - if [ "$PROFILE_ARCH" = "sparc" ]; then - SSH_TARGET="linux-sparcv8" - elif [ "`uname -m`" = "parisc" -o "`uname -m`" = "parisc64" ]; then - SSH_TARGET="linux-parisc" - elif use mips; then - if [ "`echo ${CHOST} | grep "mipsel"`" ]; then - SSH_TARGET="linux-mipsel" - else - SSH_TARGET="linux-mips" - fi - fi - - case ${CHOST} in - alphaev56*|alphaev6*) - SSH_TARGET="linux-alpha+bwx-${CC:-gcc}" - ;; - alpha*) - SSH_TARGET="linux-alpha-${CC:-gcc}" ;; - esac - - if [ ${SSH_TARGET} ]; then - einfo "Forcing ${SSH_TARGET} compile" - ./Configure ${SSH_TARGET} --prefix=/usr \ - --openssldir=/etc/ssl shared threads || die - else - ./config --prefix=/usr --openssldir=/etc/ssl shared threads || die - fi - - einfo "Compiling ${OLD_096_P}" - make all || die - } -} - -src_test() { - cd ${WORKDIR}/${P} - make test || die - - # openssl-0.9.6 - test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && { - cd ${WORKDIR}/${OLD_096_P} - make all || die - } -} - -src_install() { - # openssl-0.9.7 - cd ${WORKDIR}/${P} - make INSTALL_PREFIX=${D} MANDIR=/usr/share/man install || die - dodoc CHANGES* FAQ LICENSE NEWS README - dodoc doc/*.txt - dohtml doc/* - - if use emacs ; then - insinto /usr/share/emacs/site-lisp - doins doc/c-indentation.el - fi - - # create the certs directory. Previous openssl builds - # would need to create /usr/lib/ssl/certs but this looks - # to be the more FHS compliant setup... -raker - insinto /etc/ssl/certs - doins certs/*.pem - LD_LIBRARY_PATH="${D}"/usr/$(get_libdir)/ \ - OPENSSL=${D}/usr/bin/openssl /usr/bin/perl tools/c_rehash ${D}/etc/ssl/certs - - # The man pages rand.3 and passwd.1 conflict with other packages - # Rename them to ssl-* and also make a symlink from openssl-* to ssl-* - cd ${D}/usr/share/man/man1 - mv passwd.1 ssl-passwd.1 - ln -sf ssl-passwd.1 openssl-passwd.1 - cd ${D}/usr/share/man/man3 - mv rand.3 ssl-rand.3 - ln -sf ssl-rand.3 openssl-rand.3 - - # openssl-0.9.6 - test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && { - cd ${WORKDIR}/${OLD_096_P} - make || die - dolib.so ${WORKDIR}/${OLD_096_P}/libcrypto.so.0.9.6||die "libcrypto.so.0.9.6 not found" - dolib.so ${WORKDIR}/${OLD_096_P}/libssl.so.0.9.6|| die "libssl.so.0.9.6 not found" - } - fperms a+x /usr/$(get_libdir)/pkgconfig #34088 -} - -pkg_postinst() { - local BN_H="${ROOT}$(gcc-config -L)/include/openssl/bn.h" - # Breaks things one some boxen, bug #13795. The problem is that - # if we have a 'gcc fixed' version in $(gcc-config -L) from 0.9.6, - # then breaks as it was defined as 'int BN_mod(...)' and in 0.9.7 it - # is a define with BN_div(...) - (24 Sep 2003) - if [ -f "${BN_H}" ] && [ -n "$(grep '^int[[:space:]]*BN_mod(' "${BN_H}")" ] - then - rm -f "${BN_H}" - fi - - test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && { - einfo "You can now re-compile all packages that are linked against" - einfo "OpenSSL 0.9.6 by using revdep-rebuild from gentoolkit:" - einfo "# revdep-rebuild --soname libssl.so.0.9.6" - einfo "# revdep-rebuild --soname libcrypto.so.0.9.6" - einfo "After this, you can delete /usr/lib/libssl.so.0.9.6 and /usr/lib/libcrypto.so.0.9.6" - } - - - ewarn "If you do not etc-update now and update /etc/ssl/misc/der_chop to the new version, your" - ewarn "system IS VULNERABLE to a symlink attack as described in bug 68407" - ewarn "refer to http://bugs.gentoo.org/show_bug.cgi?id=68407 if you have any doubts" -} diff --git a/dev-libs/openssl/openssl-0.9.7e-r2.ebuild b/dev-libs/openssl/openssl-0.9.7e-r2.ebuild new file mode 100644 index 000000000000..9cc461b1d1a2 --- /dev/null +++ b/dev-libs/openssl/openssl-0.9.7e-r2.ebuild @@ -0,0 +1,282 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.7e-r2.ebuild,v 1.1 2005/10/12 04:56:44 vapier Exp $ + +inherit eutils flag-o-matic toolchain-funcs + +OLD_096_P="${PN}-0.9.6m" + +DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" +HOMEPAGE="http://www.openssl.org/" +SRC_URI="mirror://openssl/source/${P}.tar.gz + mirror://openssl/source/${OLD_096_P}.tar.gz" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86" +IUSE="emacs test bindist zlib" + +RDEPEND="" +DEPEND="${RDEPEND} + sys-apps/diffutils + >=dev-lang/perl-5 + !test? ( sys-devel/bc )" + +S=${WORKDIR} + +src_unpack() { + unpack ${A} + + # openssl-0.9.7 + cd ${WORKDIR}/${P} + + epatch "${FILESDIR}"/${PN}-0.9.7c-tempfile.patch + [[ $(tc-arch) == "ppc64" ]] && epatch "${FILESDIR}"/addppc64support.diff + epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch + epatch "${FILESDIR}"/${PN}-0.9.7-arm-big-endian.patch + epatch "${FILESDIR}"/${PN}-0.9.7-hppa-fix-detection.patch + epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch + epatch "${FILESDIR}"/${PN}-0.9.7e-no-fips.patch + epatch "${FILESDIR}"/${PN}-0.9.7e-ptr-casting.patch + epatch "${FILESDIR}"/${PN}-0.9.7g-mem-clr-ptr-cast.patch + epatch "${FILESDIR}"/${PN}-0.9.7e-x86_64-bn-asm.patch + epatch "${FILESDIR}"/${PN}-0.9.7-CAN-2005-2969.patch #108046 + epatch "${FILESDIR}"/${PN}-0.9.7e-superh.patch + + case $(gcc-version) in + 3.2) + filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loop + ;; + 3.4 | 3.3 ) + filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops + [[ ${ARCH} == "ppc" || ${ARCH} == "ppc64" ]] && append-flags -fno-strict-aliasing + # (14 Feb 2004) + # bug #69550 openssl breaks in some cases. + [[ ${ARCH} == "x86" ]] && append-flags -Wa,--noexecstack + ;; + esac + + # replace CFLAGS + OLDIFS=$IFS + IFS=$'\n' + for a in $( grep -n -e "^\"linux-" Configure ); do + LINE=$( echo $a | awk -F: '{print $1}' ) + CUR_CFLAGS=$( echo $a | awk -F: '{print $3}' ) + # for ppc64 I have to be careful given current toolchain issues + if [[ ${ARCH} != "ppc64" ]]; then + NEW_CFLAGS="$( echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s:-fomit-frame-pointer::" -e "s:-mcpu=[-a-z0-9]+::" -e "s:-m486::" ) $CFLAGS" + else + NEW_CFLAGS="$( echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s:-fomit-frame-pointer::" -e "s:-mcpu=[-a-z0-9]+::" -e "s:-m486::" ) " + + fi + + sed -i "${LINE}s:$CUR_CFLAGS:$NEW_CFLAGS:" Configure \ + || die "sed failed" + done + IFS=$OLDIFS + + if [ "$(get_libdir)" != "lib" ] ; then + # using a library directory other than lib requires some magic + sed -i \ + -e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \ + -e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \ + Makefile.org \ + || die "sed failed" + ./config --test-sanity || die "sanity failed" + fi + + # openssl-0.9.6 + test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && { + cd ${WORKDIR}/${OLD_096_P} + + epatch "${FILESDIR}"/${OLD_096_P}-gentoo.diff + + case ${ARCH} in + mips) + epatch "${FILESDIR}"/openssl-0.9.6-mips.diff + ;; + arm) + # patch linker to add -ldl or things linking aginst libcrypto fail + sed -i -e \ + 's!^"linux-elf-arm"\(.*\)::BN\(.*\)!"linux-elf-arm"\1:-ldl:BN\2!' \ + Configure \ + || die "sed failed" + ;; + hppa) + # Tells to compile a static version of openssl + sed -i -e \ + 's!^"linux-parisc"\(.*\)::BN\(.*\)::!"linux-parisc"\1:-ldl:BN\2::::::::::dlfcn:linux-shared:-fPIC::.so.\\$(SHLIB_MAJOR).\\$(SHLIB_MINOR)!' \ + Configure \ + || die "sed failed" + # Fix detection of parisc running 64 bit kernel + sed -i -e 's/parisc-\*-linux2/parisc\*-\*-linux2/' config \ + || die "sed failed" + esac + + # replace CFLAGS + OLDIFS=$IFS + IFS=$'\n' + for a in $( grep -n -e "^\"linux-" Configure ); do + LINE=$( echo $a | awk -F: '{print $1}' ) + CUR_CFLAGS=$( echo $a | awk -F: '{print $3}' ) + NEW_CFLAGS="$( echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s/-fomit-frame-pointer//" -e "s/-mcpu=[-a-z0-9]+//" -e "s/-m486//" ) $CFLAGS" + sed -i "${LINE}s/$CUR_CFLAGS/$NEW_CFLAGS/" Configure \ + || die "sed failed" + done + IFS=$OLDIFS + } +} + +src_compile() { + # openssl-0.9.7 + cd ${WORKDIR}/${P} + + # Clean out patent-or-otherwise-encumbered code. + # MDC-2: 4,908,861 13/03/2007 + # IDEA: 5,214,703 25/05/2010 + # RC5: 5,724,428 03/03/2015 + # EC: ????????? ??/??/2015 + use bindist && conf_options="no-idea no-rc5 no-mdc2 -no-ec" + + use zlib && conf_options="${conf_options} zlib-dynamic" + + # Build correctly for mips, mips64, & mipsel + if use mips; then + if [[ ${CHOST/mipsel} != ${CHOST} ]] ; then + mipsarch="linux-mipsel" + else + mipsarch="linux-mips" + fi + + ./Configure ${mipsarch} ${conf_options} --prefix=/usr --openssldir=/etc/ssl \ + shared threads || die + # force sparcv8 on sparc32 profile + elif [ "$PROFILE_ARCH" = "sparc" ]; then + ./Configure linux-sparcv8 ${conf_options} --prefix=/usr --openssldir=/etc/ssl \ + shared threads || die + elif [ "${ABI}" = "sparc64" ]; then + ./Configure linux64-sparcv9 ${conf_options} --prefix=/usr --openssldir=/etc/ssl \ + shared threads || die + else + ./config ${conf_options} --prefix=/usr --openssldir=/etc/ssl shared threads \ + || die "config failed" + fi + + einfo "Compiling ${P}" + make CC="$(tc-getCC)" all || die "make all failed" + + # openssl-0.9.6 + test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && { + cd ${WORKDIR}/${OLD_096_P} + + # force sparcv8 on sparc32 profile + if [ "$PROFILE_ARCH" = "sparc" ]; then + SSH_TARGET="linux-sparcv8" + elif [ "`uname -m`" = "parisc" -o "`uname -m`" = "parisc64" ]; then + SSH_TARGET="linux-parisc" + elif use mips; then + if [ "`echo ${CHOST} | grep "mipsel"`" ]; then + SSH_TARGET="linux-mipsel" + else + SSH_TARGET="linux-mips" + fi + fi + + case ${CHOST} in + alphaev56*|alphaev6*) + SSH_TARGET="linux-alpha+bwx-${CC:-gcc}" + ;; + alpha*) + SSH_TARGET="linux-alpha-${CC:-gcc}" ;; + esac + + if [ ${SSH_TARGET} ]; then + einfo "Forcing ${SSH_TARGET} compile" + ./Configure ${SSH_TARGET} --prefix=/usr \ + --openssldir=/etc/ssl shared threads || die + else + ./config --prefix=/usr --openssldir=/etc/ssl shared threads || die + fi + + einfo "Compiling ${OLD_096_P}" + make CC="$(tc-getCC)" all || die + } +} + +src_test() { + # make sure sandbox doesnt die on *BSD + add_predict /dev/crypto + + cd ${WORKDIR}/${P} + make test || die "make test failed" + + # openssl-0.9.6 + test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && { + cd ${WORKDIR}/${OLD_096_P} + make all || die + } +} + +src_install() { + # openssl-0.9.7 + cd ${WORKDIR}/${P} + make INSTALL_PREFIX=${D} MANDIR=/usr/share/man install || die + dodoc CHANGES* FAQ NEWS README + dodoc doc/*.txt + dohtml doc/* + + if use emacs ; then + insinto /usr/share/emacs/site-lisp + doins doc/c-indentation.el + fi + + # create the certs directory. Previous openssl builds + # would need to create /usr/lib/ssl/certs but this looks + # to be the more FHS compliant setup... -raker + insinto /etc/ssl/certs + doins certs/*.pem + LD_LIBRARY_PATH="${D}"/usr/$(get_libdir)/ \ + OPENSSL=${D}/usr/bin/openssl /usr/bin/perl tools/c_rehash ${D}/etc/ssl/certs + + # These man pages with other packages so rename them + cd "${D}"/usr/share/man + for m in man1/passwd.1 man3/rand.3 man3/err.3 ; do + d=${m%%/*} ; m=${m##*/} + mv ${d}/{,ssl-}${m} + ln -s ssl-${m} ${d}/openssl-${m} + done + + # openssl-0.9.6 + test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && { + cd ${WORKDIR}/${OLD_096_P} + make || die + dolib.so ${WORKDIR}/${OLD_096_P}/libcrypto.so.0.9.6||die "libcrypto.so.0.9.6 not found" + dolib.so ${WORKDIR}/${OLD_096_P}/libssl.so.0.9.6|| die "libssl.so.0.9.6 not found" + } + fperms a+x /usr/$(get_libdir)/pkgconfig #34088 +} + +pkg_postinst() { + local BN_H="${ROOT}$(gcc-config -L)/include/openssl/bn.h" + # Breaks things one some boxen, bug #13795. The problem is that + # if we have a 'gcc fixed' version in $(gcc-config -L) from 0.9.6, + # then breaks as it was defined as 'int BN_mod(...)' and in 0.9.7 it + # is a define with BN_div(...) - (24 Sep 2003) + if [ -f "${BN_H}" ] && [ -n "$(grep '^int[[:space:]]*BN_mod(' "${BN_H}")" ] + then + rm -f "${BN_H}" + fi + + test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && { + einfo "You can now re-compile all packages that are linked against" + einfo "OpenSSL 0.9.6 by using revdep-rebuild from gentoolkit:" + einfo "# revdep-rebuild --soname libssl.so.0.9.6" + einfo "# revdep-rebuild --soname libcrypto.so.0.9.6" + einfo "After this, you can delete /usr/lib/libssl.so.0.9.6 and /usr/lib/libcrypto.so.0.9.6" + } + + + ewarn "If you do not etc-update now and update /etc/ssl/misc/der_chop to the new version, your" + ewarn "system IS VULNERABLE to a symlink attack as described in bug 68407" + ewarn "refer to http://bugs.gentoo.org/show_bug.cgi?id=68407 if you have any doubts" +} diff --git a/dev-libs/openssl/openssl-0.9.7g-r1.ebuild b/dev-libs/openssl/openssl-0.9.7g-r1.ebuild new file mode 100644 index 000000000000..8bb34b634c25 --- /dev/null +++ b/dev-libs/openssl/openssl-0.9.7g-r1.ebuild @@ -0,0 +1,173 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.7g-r1.ebuild,v 1.1 2005/10/12 04:56:44 vapier Exp $ + +inherit eutils flag-o-matic toolchain-funcs + +DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" +HOMEPAGE="http://www.openssl.org/" +SRC_URI="mirror://openssl/source/${P}.tar.gz" + +LICENSE="openssl" +SLOT="0" +# ia64 is ABI incompat atm, do not change the KEYWORD +KEYWORDS="~alpha ~amd64 ~arm ~hppa -ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="emacs test bindist zlib" + +RDEPEND="" +DEPEND="${RDEPEND} + sys-apps/diffutils + >=dev-lang/perl-5 + test? ( sys-devel/bc )" + +src_unpack() { + unpack ${A} + + cd "${S}" + + epatch "${FILESDIR}"/${PN}-0.9.7g-ppc64.patch + epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch + epatch "${FILESDIR}"/${PN}-0.9.7-hppa-fix-detection.patch + epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch + epatch "${FILESDIR}"/${PN}-0.9.7g-no-fips.patch + epatch "${FILESDIR}"/${PN}-0.9.7g-ptr-casting.patch + epatch "${FILESDIR}"/${PN}-0.9.7g-mem-clr-ptr-cast.patch + epatch "${FILESDIR}"/${PN}-0.9.7g-ABI-compat.patch + epatch "${FILESDIR}"/${PN}-0.9.7-CAN-2005-2969.patch #108046 + epatch "${FILESDIR}"/${PN}-0.9.7g-superh.patch + epatch "${FILESDIR}"/${PN}-0.9.7g-amd64-fbsd.patch + + # allow openssl to be cross-compiled + cp "${FILESDIR}"/gentoo.config-0.9.7g gentoo.config || die "cp cross-compile failed" + chmod a+rx gentoo.config + + # Don't build manpages if we don't want them + has noman FEATURES && sed -i '/^install:/s:install_docs::' Makefile.org + + case $(gcc-version) in + 3.2) + filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loop + ;; + 3.4 | 3.3 ) + filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops + [[ ${ARCH} == "ppc" || ${ARCH} == "ppc64" ]] && append-flags -fno-strict-aliasing + ;; + esac + append-flags -Wa,--noexecstack + + # replace CFLAGS + OLDIFS=$IFS + IFS=$'\n' + for a in $( grep -n -e "^\"linux-" Configure ); do + LINE=$( echo $a | awk -F: '{print $1}' ) + CUR_CFLAGS=$( echo $a | awk -F: '{print $3}' ) + NEW_CFLAGS=$(echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s:-fomit-frame-pointer::" -e "s:-mcpu=[-a-z0-9]+::" -e "s:-m486::") + # ppc64's current toolchain sucks at optimization and will break this package + [[ $(tc-arch) != "ppc64" ]] && NEW_CFLAGS="${NEW_CFLAGS} ${CFLAGS}" + + sed -i "${LINE}s:$CUR_CFLAGS:$NEW_CFLAGS:" Configure || die "sed failed" + done + IFS=$OLDIFS + + if [ "$(get_libdir)" != "lib" ] ; then + # using a library directory other than lib requires some magic + sed -i \ + -e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \ + -e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \ + Makefile.org \ + || die "sed failed" + ./config --test-sanity || die "sanity failed" + fi +} + +src_compile() { + # Clean out patent-or-otherwise-encumbered code. + # MDC-2: 4,908,861 13/03/2007 + # IDEA: 5,214,703 25/05/2010 + # RC5: 5,724,428 03/03/2015 + # EC: ????????? ??/??/2015 + local confopts="" + use bindist && confopts="no-idea no-rc5 no-mdc2 -no-ec" + + use zlib && confopts="${confopts} zlib-dynamic" + + local sslout=$(./gentoo.config) + einfo "Use configuration ${sslout}" + + local config="Configure" + [[ -z ${sslout} ]] && config="config" + ./${config} \ + ${sslout} \ + ${confopts} \ + --prefix=/usr \ + --openssldir=/etc/ssl \ + shared threads \ + || die "Configure failed" + + emake \ + CC="$(tc-getCC)" MAKEDEPPROG="$(tc-getCC)" \ + AR="$(tc-getAR) r" \ + RANLIB="$(tc-getRANLIB)" \ + all || die "make all failed" + + # force until we get all the gentoo.config kinks worked out + tc-is-cross-compiler || src_test +} + +src_test() { + # make sure sandbox doesnt die on *BSD + add_predict /dev/crypto + + make test || die "make test failed" +} + +src_install() { + make INSTALL_PREFIX="${D}" MANDIR=/usr/share/man install || die + dodoc CHANGES* FAQ NEWS README + dodoc doc/*.txt + dohtml doc/* + + if use emacs ; then + insinto /usr/share/emacs/site-lisp + doins doc/c-indentation.el + fi + + # create the certs directory. Previous openssl builds + # would need to create /usr/lib/ssl/certs but this looks + # to be the more FHS compliant setup... -raker + insinto /etc/ssl/certs + doins certs/*.pem + LD_LIBRARY_PATH="${D}"/usr/$(get_libdir)/ \ + OPENSSL="${D}"/usr/bin/openssl /usr/bin/perl tools/c_rehash "${D}"/etc/ssl/certs + + # These man pages with other packages so rename them + cd "${D}"/usr/share/man + for m in man1/passwd.1 man3/rand.3 man3/err.3 ; do + d=${m%%/*} ; m=${m##*/} + mv ${d}/{,ssl-}${m} + ln -s ssl-${m} ${d}/openssl-${m} + done + + fperms a+x /usr/$(get_libdir)/pkgconfig #34088 +} + +pkg_postinst() { + local BN_H="${ROOT}$(gcc-config -L)/include/openssl/bn.h" + # Breaks things one some boxen, bug #13795. The problem is that + # if we have a 'gcc fixed' version in $(gcc-config -L) from 0.9.6, + # then breaks as it was defined as 'int BN_mod(...)' and in 0.9.7 it + # is a define with BN_div(...) - (24 Sep 2003) + if [ -f "${BN_H}" ] && [ -n "$(grep '^int[[:space:]]*BN_mod(' "${BN_H}")" ] + then + rm -f "${BN_H}" + fi + + if [[ -e ${ROOT}/usr/lib/libcrypto.so.0.9.6 ]] ; then + ewarn "You must re-compile all packages that are linked against" + ewarn "OpenSSL 0.9.6 by using revdep-rebuild from gentoolkit:" + ewarn "# revdep-rebuild --soname libssl.so.0.9.6" + ewarn "# revdep-rebuild --soname libcrypto.so.0.9.6" + ewarn "After this, you can delete /usr/lib/libssl.so.0.9.6 and /usr/lib/libcrypto.so.0.9.6" + touch -c "${ROOT}"/usr/lib/lib{crypto,ssl}.so.0.9.6 + fi +} diff --git a/dev-libs/openssl/openssl-0.9.8-r1.ebuild b/dev-libs/openssl/openssl-0.9.8-r1.ebuild new file mode 100644 index 000000000000..0a8a2e49e98c --- /dev/null +++ b/dev-libs/openssl/openssl-0.9.8-r1.ebuild @@ -0,0 +1,175 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8-r1.ebuild,v 1.1 2005/10/12 04:56:44 vapier Exp $ + +inherit eutils flag-o-matic toolchain-funcs + +DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" +HOMEPAGE="http://www.openssl.org/" +SRC_URI="mirror://openssl/source/${P}.tar.gz" + +LICENSE="openssl" +SLOT="0" +KEYWORDS="-*" +IUSE="emacs test bindist zlib" + +RDEPEND="" +DEPEND="${RDEPEND} + sys-apps/diffutils + >=dev-lang/perl-5 + test? ( sys-devel/bc )" + +src_unpack() { + unpack ${A} + + cd "${S}" + + epatch "${FILESDIR}"/${PN}-0.9.8-ppc64.patch + epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch + #epatch "${FILESDIR}"/${PN}-0.9.7-hppa-fix-detection.patch + epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch + epatch "${FILESDIR}"/${PN}-0.9.8-parallel-build.patch + epatch "${FILESDIR}"/${PN}-0.9.8-make-engines-dir.patch + epatch "${FILESDIR}"/${PN}-0.9.8-CAN-2005-2969.patch + + # allow openssl to be cross-compiled + cp "${FILESDIR}"/gentoo.config-0.9.7g gentoo.config || die "cp cross-compile failed" + chmod a+rx gentoo.config + + # Don't build manpages if we don't want them + has noman FEATURES && sed -i '/^install:/s:install_docs::' Makefile.org + + case $(gcc-version) in + 3.2) + filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loop + ;; + 3.4 | 3.3 ) + filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops + [[ ${ARCH} == "ppc" || ${ARCH} == "ppc64" ]] && append-flags -fno-strict-aliasing + ;; + esac + append-flags -Wa,--noexecstack + + # replace CFLAGS + OLDIFS=$IFS + IFS=$'\n' + for a in $( grep -n -e "^\"linux-" Configure ); do + LINE=$( echo $a | awk -F: '{print $1}' ) + CUR_CFLAGS=$( echo $a | awk -F: '{print $3}' ) + NEW_CFLAGS=$(echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s:-fomit-frame-pointer::" -e "s:-mcpu=[-a-z0-9]+::" -e "s:-m486::") + # ppc64's current toolchain sucks at optimization and will break this package + [[ $(tc-arch) != "ppc64" ]] && NEW_CFLAGS="${NEW_CFLAGS} ${CFLAGS}" + + sed -i "${LINE}s:$CUR_CFLAGS:$NEW_CFLAGS:" Configure || die "sed failed" + done + IFS=$OLDIFS + + if [ "$(get_libdir)" != "lib" ] ; then + # using a library directory other than lib requires some magic + sed -i \ + -e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \ + -e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \ + Makefile.org engines/Makefile \ + || die "sed failed" + ./config --test-sanity || die "sanity failed" + fi +} + +src_compile() { + # Clean out patent-or-otherwise-encumbered code. + # MDC-2: 4,908,861 13/03/2007 + # IDEA: 5,214,703 25/05/2010 + # RC5: 5,724,428 03/03/2015 + # EC: ????????? ??/??/2015 + local confopts="" + use bindist && confopts="no-idea no-rc5 no-mdc2 -no-ec" + + use zlib && confopts="${confopts} zlib-dynamic" + + local sslout=$(./gentoo.config) + einfo "Use configuration ${sslout}" + + local config="Configure" + [[ -z ${sslout} ]] && config="config" + ./${config} \ + ${sslout} \ + ${confopts} \ + --prefix=/usr \ + --openssldir=/etc/ssl \ + shared threads \ + || die "Configure failed" + + emake \ + CC="$(tc-getCC)" MAKEDEPPROG="$(tc-getCC)" \ + AR="$(tc-getAR) r" \ + RANLIB="$(tc-getRANLIB)" \ + all || die "make all failed" + + # force until we get all the gentoo.config kinks worked out + tc-is-cross-compiler || src_test +} + +src_test() { + # make sure sandbox doesnt die on *BSD + add_predict /dev/crypto + + make test || die "make test failed" +} + +src_install() { + make INSTALL_PREFIX="${D}" MANDIR=/usr/share/man install || die + dodoc CHANGES* FAQ NEWS README + dodoc doc/*.txt + dohtml doc/* + + if use emacs ; then + insinto /usr/share/emacs/site-lisp + doins doc/c-indentation.el + fi + + # create the certs directory. Previous openssl builds + # would need to create /usr/lib/ssl/certs but this looks + # to be the more FHS compliant setup... -raker + insinto /etc/ssl/certs + doins certs/*.pem + LD_LIBRARY_PATH="${D}"/usr/$(get_libdir)/ \ + OPENSSL="${D}"/usr/bin/openssl /usr/bin/perl tools/c_rehash \ + "${D}"/etc/ssl/certs + + # These man pages with other packages so rename them + cd "${D}"/usr/share/man + for m in man1/passwd.1 man3/rand.3 man3/err.3 ; do + d=${m%%/*} ; m=${m##*/} + mv -f ${d}/{,ssl-}${m} + ln -snf ssl-${m} ${d}/openssl-${m} + done + + fperms a+x /usr/$(get_libdir)/pkgconfig #34088 +} + +pkg_preinst() { + if [[ -e ${ROOT}/usr/$(get_libdir)/libcrypto.so.0.9.7 ]] ; then + cp -pPR "${ROOT}"/usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.7 "${IMAGE}"/usr/$(get_libdir)/ + fi +} + +pkg_postinst() { + local BN_H="${ROOT}$(gcc-config -L)/include/openssl/bn.h" + # Breaks things one some boxen, bug #13795. The problem is that + # if we have a 'gcc fixed' version in $(gcc-config -L) from 0.9.6, + # then breaks as it was defined as 'int BN_mod(...)' and in 0.9.7 it + # is a define with BN_div(...) - (24 Sep 2003) + if [ -f "${BN_H}" ] && [ -n "$(grep '^int[[:space:]]*BN_mod(' "${BN_H}")" ] + then + rm -f "${BN_H}" + fi + + if [[ -e ${ROOT}/usr/$(get_libdir)/libcrypto.so.0.9.7 ]] ; then + ewarn "You must re-compile all packages that are linked against" + ewarn "OpenSSL 0.9.7 by using revdep-rebuild from gentoolkit:" + ewarn "# revdep-rebuild --soname libssl.so.0.9.7" + ewarn "# revdep-rebuild --soname libcrypto.so.0.9.7" + ewarn "After this, you can delete /usr/$(get_libdir)/libssl.so.0.9.7" + ewarn "and /usr/$(get_libdir)/libcrypto.so.0.9.7" + fi +} -- cgit v1.2.3-65-gdbad