summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDoug Goldstein <cardoe@gentoo.org>2008-03-25 00:27:16 +0000
committerDoug Goldstein <cardoe@gentoo.org>2008-03-25 00:27:16 +0000
commitf69b910c4566d48ad0d9de6c0b8155564580b9ee (patch)
tree3fdfd47cdae2ac1ccd4605680f7fa9aa22c90a15 /dev-libs
parentget the list of services from the default boot runlevel rather than maintaini... (diff)
downloadhistorical-f69b910c4566d48ad0d9de6c0b8155564580b9ee.tar.gz
historical-f69b910c4566d48ad0d9de6c0b8155564580b9ee.tar.bz2
historical-f69b910c4566d48ad0d9de6c0b8155564580b9ee.zip
Patch from OpenSSL's bug tracker not to send TLS Extensions on SSLv3 only connections, while not explicitly against the SSL spec, several SSL implementations can not handle it. Patch by Kaspar Brand <ossl-rt@velox.ch> from http://rt.openssl.org/Ticket/Display.html?id=1629. Resolves bug #198914
Package-Manager: portage-2.1.4.4
Diffstat (limited to 'dev-libs')
-rw-r--r--dev-libs/openssl/ChangeLog14
-rw-r--r--dev-libs/openssl/Manifest14
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch28
-rw-r--r--dev-libs/openssl/openssl-0.9.8g-r1.ebuild188
4 files changed, 241 insertions, 3 deletions
diff --git a/dev-libs/openssl/ChangeLog b/dev-libs/openssl/ChangeLog
index dec809403b64..c34e44e9ad9b 100644
--- a/dev-libs/openssl/ChangeLog
+++ b/dev-libs/openssl/ChangeLog
@@ -1,6 +1,16 @@
# ChangeLog for dev-libs/openssl
-# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.257 2007/12/24 17:22:17 vapier Exp $
+# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.258 2008/03/25 00:27:14 cardoe Exp $
+
+*openssl-0.9.8g-r1 (25 Mar 2008)
+
+ 25 Mar 2008; Doug Goldstein <cardoe@gentoo.org>
+ +files/openssl-0.9.8g-sslv3-no-tlsext.patch, +openssl-0.9.8g-r1.ebuild:
+ Patch from OpenSSL's bug tracker not to send TLS Extensions on SSLv3 only
+ connections, while not explicitly against the SSL spec, several SSL
+ implementations can not handle it. Patch by Kaspar Brand
+ <ossl-rt@velox.ch> from http://rt.openssl.org/Ticket/Display.html?id=1629.
+ Resolves bug #198914
24 Dec 2007; Mike Frysinger <vapier@gentoo.org> openssl-0.9.8g.ebuild:
Dont force src_test any longer as things seem to be sane.
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 0a989a649af2..d920ffe6037b 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
AUX gentoo.config-0.9.8 3157 RMD160 794fbfe1b01dff11a2722148e62274f38a242ef5 SHA1 fe9ee8b36dab783201a75d853f15dba6758787b6 SHA256 d34e75afa3e3661d29f8a7b0af8e7e47d39c7ba5db3b0e9cc48d6e41c58e94ed
AUX openssl-0.9.7-alpha-default-gcc.patch 533 RMD160 ea2d91421aa4d3f463034b40c2c81c195a71c0dd SHA1 f5ee85db45ab80b66225a222c7655b74760b94fe SHA256 814ae7c09359414e7dcd96008c82d868fba0565de2d1b3e6a4275f8cdbeefb5c
AUX openssl-0.9.7e-gentoo.patch 460 RMD160 60969fd05a15fe00d0d1c27b9098acfde28ba65e SHA1 73ff3c336dfdbeed903ac7b82486674ab4ec66a2 SHA256 ddb8d47429f3aadf3f5142293a2c38cbb9eb3927edfd1b497771337c48a11641
@@ -15,12 +18,21 @@ AUX openssl-0.9.8e-bsd-sparc64.patch 1666 RMD160 fa3ac81b409fa908949185805f733fd
AUX openssl-0.9.8e-make.patch 794 RMD160 2a99f48ef103fa369cc8c513efcc0330eb855b7d SHA1 b6b93f6db5f6519312b35df268eab51c2c3ca988 SHA256 f318fdebb6e035185c2bba2513ceac81f5cd229c1426e16ea4faed528f7795be
AUX openssl-0.9.8e-padlock-O0.patch 844 RMD160 e53dccc662c27a8a62fb45649f567f68394802f2 SHA1 aa6b069997c523738a068d6ce462e5f8bba1844a SHA256 f9ae47c6459d655707adb73333963a6dcd923c82d36cb34949bcc31e5aefc6d4
AUX openssl-0.9.8f-fix-version.patch 445 RMD160 ab3136992eb4028bff06bbc35322a1c2621485e8 SHA1 7a53632a9e13e00737930b22068d88b57879c925 SHA256 73d9952fc7032099a03b3b7fa143229646ae6e52394b4facd043afbce65658f1
+AUX openssl-0.9.8g-sslv3-no-tlsext.patch 848 RMD160 37bad7b70fd0bdae91fffe337dcbe820b371a163 SHA1 32043ee7841bd95bc647efa8fd7ecb5dcc2fa223 SHA256 d61299ab9b5f96f37979d60ea8e65430c59ef3242627de50be8e2fc87c8753be
DIST openssl-0.9.8e.tar.gz 3341665 RMD160 c1a498606dc0fc7219376b950fab6b53687466db SHA1 b429872d2a287714ab37e42296e6a5fbe23d32ff SHA256 414e8428b95fbc51707965fda31390497d058290356426bfe084b49464a60340
DIST openssl-0.9.8f.tar.gz 3357445 RMD160 ad0d9d8b238dbede1aa6b76256d11038bd281e05 SHA1 e8716370093b112763ace0c66c06a0d6049e413b SHA256 be5afd386f5d7acff019acaf46cdaad89a8b42cc9cee85d1adb2774627f32b42
DIST openssl-0.9.8g.tar.gz 3354792 RMD160 f080a32da9becdc8b98c38744d62c6fd8664f603 SHA1 4e9c5ced466715d18fd924de79bde5c15da80fa1 SHA256 0e26886845de95716c9f1b9b75c0e06e9d4075d2bdc9e11504eaa5f7ee901cf0
EBUILD openssl-0.9.8e-r3.ebuild 5834 RMD160 61635cc5dcc3bad24f8a0034bd23bed23b1bd82b SHA1 9d5ff9a41e77e0dfd960d43abe0e37b01a0f7e00 SHA256 6be488a5e215a94656cbc5f9fb20edd04155a3525be1437ac9ae296bd9adaaf2
EBUILD openssl-0.9.8e-r4.ebuild 6557 RMD160 ad9946a39fd4beb295b35a4b10bfc06fc0c77099 SHA1 e62202b0ec42ce354413fbf486870bdf6df95867 SHA256 c6a8090276ba069dc50cb21fe07437166f0cd1d456e8d9fd20e82bc732ec3559
EBUILD openssl-0.9.8f.ebuild 6215 RMD160 7af3dc8ed2b30206ff44e8d80af0c585cc7cea51 SHA1 12dc43a8baf204c3ac724344652c95ce0f8f4bed SHA256 4ffbdf05b8ea00618d3868a8a265220ff25bb5b1d8d58b150b3b6a5868e03fca
+EBUILD openssl-0.9.8g-r1.ebuild 6149 RMD160 9188744b2010b21b8eb3d3fe209332dbc5285782 SHA1 f4c9830fda899bccec7508aaaafb939170d959fe SHA256 72e43cdcdc83ac40feea9d4e26ff5d12ecc67cb29d15a2ab5272a24deea3f580
EBUILD openssl-0.9.8g.ebuild 6077 RMD160 07ea4dfe719b7a2179a5bb673eb169dc8dd8c92d SHA1 b071486e64127272af05aef4c7ac295775266574 SHA256 8745ab99de8a1ecf30ab1e1267e0117a5e11bea567696b7d0b06d867d6a62e06
-MISC ChangeLog 38252 RMD160 14a56be169ac218c229199e000f0f26c1e2d8752 SHA1 c3bb51a67de4cb3dd594c2cb4c42fdb3329524f7 SHA256 8912109a285e9b7eeefbada406ba3b248d97897671f6c27e747621aa14f2660b
+MISC ChangeLog 38716 RMD160 c120722c92a48df9b9bc5bc2e612c4e5be0a8f03 SHA1 11f1de0847c741406a6cbce88a6328946e672e65 SHA256 f64123a26ca23b6744ab67fcfe6b35a82db3acd291acdba7024e7b1a4614b50f
MISC metadata.xml 164 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 SHA1 9c213f5803676c56439df3716be07d6692588856 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.7 (GNU/Linux)
+
+iD8DBQFH6EbwoeSe8B0zEfwRAjTnAJ9fV9tZTnbCmd1d6eXL/Q7QRkdCnwCfZ7at
+Py9PyLdklWqUJMRBy+6Rx6Q=
+=Qt3Y
+-----END PGP SIGNATURE-----
diff --git a/dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch b/dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch
new file mode 100644
index 000000000000..4c3cd06f16eb
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch
@@ -0,0 +1,28 @@
+ndex: ssl/t1_lib.c
+===================================================================
+RCS file: /home/ossl-cvs/openssl/ssl/t1_lib.c,v
+retrieving revision 1.51
+diff -p -u -r1.51 t1_lib.c
+--- ssl/t1_lib.c 26 Oct 2007 12:06:35 -0000 1.51
++++ ssl/t1_lib.c 26 Feb 2008 18:02:50 -0000
+@@ -267,6 +267,10 @@ unsigned char *ssl_add_clienthello_tlsex
+ int extdatalen=0;
+ unsigned char *ret = p;
+
++ /* don't add extensions for SSLv3 */
++ if (s->client_version == SSL3_VERSION)
++ return p;
++
+ ret+=2;
+
+ if (ret>=limit) return NULL; /* this really never occurs, but ... */
+@@ -448,6 +452,10 @@ unsigned char *ssl_add_serverhello_tlsex
+ int extdatalen=0;
+ unsigned char *ret = p;
+
++ /* don't add extensions for SSLv3 */
++ if (s->version == SSL3_VERSION)
++ return p;
++
+ ret+=2;
+ if (ret>=limit) return NULL; /* this really never occurs, but ... */
diff --git a/dev-libs/openssl/openssl-0.9.8g-r1.ebuild b/dev-libs/openssl/openssl-0.9.8g-r1.ebuild
new file mode 100644
index 000000000000..ae5fa58b84bb
--- /dev/null
+++ b/dev-libs/openssl/openssl-0.9.8g-r1.ebuild
@@ -0,0 +1,188 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8g-r1.ebuild,v 1.1 2008/03/25 00:27:14 cardoe Exp $
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="-* ~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
+IUSE="bindist emacs gmp kerberos sse2 test zlib"
+
+RDEPEND="gmp? ( dev-libs/gmp )
+ zlib? ( sys-libs/zlib )
+ kerberos? ( app-crypt/mit-krb5 )"
+DEPEND="${RDEPEND}
+ sys-apps/diffutils
+ >=dev-lang/perl-5
+ test? ( sys-devel/bc )"
+PDEPEND="app-misc/ca-certificates"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch
+ epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch
+ epatch "${FILESDIR}"/${PN}-0.9.8b-parallel-build.patch
+ epatch "${FILESDIR}"/${PN}-0.9.8-make-engines-dir.patch
+ epatch "${FILESDIR}"/${PN}-0.9.8-toolchain.patch
+ epatch "${FILESDIR}"/${PN}-0.9.8b-doc-updates.patch
+ epatch "${FILESDIR}"/${PN}-0.9.8-makedepend.patch #149583
+ epatch "${FILESDIR}"/${PN}-0.9.8e-make.patch #146316
+ epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
+ epatch "${FILESDIR}"/${PN}-0.9.8g-sslv3-no-tlsext.patch
+
+ # allow openssl to be cross-compiled
+ cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
+ chmod a+rx gentoo.config
+
+ # Don't build manpages if we don't want them
+ has noman FEATURES \
+ && sed -i '/^install:/s:install_docs::' Makefile.org \
+ || sed -i '/^MANDIR=/s:=.*:=/usr/share/man:' Makefile.org
+
+ # Try to derice users and work around broken ass toolchains
+ if [[ $(gcc-major-version) == "3" ]] ; then
+ filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops
+ [[ $(tc-arch) == "ppc64" ]] && replace-flags -O? -O
+ fi
+ [[ $(tc-arch) == ppc* ]] && append-flags -fno-strict-aliasing
+ append-flags -Wa,--noexecstack
+
+ # using a library directory other than lib requires some magic
+ sed -i \
+ -e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \
+ -e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \
+ Makefile.org engines/Makefile \
+ || die "sed failed"
+ ./config --test-sanity || die "I AM NOT SANE"
+}
+
+src_compile() {
+ unset APPS #197996
+
+ tc-export CC AR RANLIB
+
+ # Clean out patent-or-otherwise-encumbered code
+ # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
+ # IDEA: 5,214,703 25/05/2010 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+ # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+ # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
+ # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5
+
+ use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
+ echoit() { echo "$@" ; "$@" ; }
+
+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+ local sslout=$(./gentoo.config)
+ einfo "Use configuration ${sslout:-(openssl knows best)}"
+ local config="Configure"
+ [[ -z ${sslout} ]] && config="config"
+ echoit \
+ ./${config} \
+ ${sslout} \
+ $(use sse2 || echo "no-sse2") \
+ enable-camellia \
+ $(use_ssl !bindist ec) \
+ $(use_ssl !bindist idea) \
+ enable-mdc2 \
+ $(use_ssl !bindist rc5) \
+ enable-tlsext \
+ $(use_ssl gmp) \
+ $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+ $(use_ssl zlib) \
+ $(use_ssl zlib zlib-dynamic) \
+ --prefix=/usr \
+ --openssldir=/etc/ssl \
+ shared threads \
+ || die "Configure failed"
+
+ # Clean out hardcoded flags that openssl uses
+ local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+ -e 's:^CFLAG=::' \
+ -e 's:-fomit-frame-pointer ::g' \
+ -e 's:-O[0-9] ::g' \
+ -e 's:-march=[-a-z0-9]* ::g' \
+ -e 's:-mcpu=[-a-z0-9]* ::g' \
+ -e 's:-m[a-z0-9]* ::g' \
+ )
+ sed -i \
+ -e "/^CFLAG/s:=.*:=${CFLAG} ${CFLAGS}:" \
+ -e "/^SHARED_LDFLAGS=/s:$: ${LDFLAGS}:" \
+ Makefile || die
+
+ # depend is needed to use $confopts
+ # rehash is needed to prep the certs/ dir
+ emake -j1 depend || die "depend failed"
+ emake all rehash || die "make all failed"
+}
+
+src_test() {
+ # make sure sandbox doesnt die on *BSD
+ addpredict /dev/crypto
+
+ emake -j1 test || die "make test failed"
+}
+
+src_install() {
+ emake -j1 INSTALL_PREFIX="${D}" install || die
+ dodoc CHANGES* FAQ NEWS README doc/*.txt
+ dohtml doc/*
+
+ if use emacs ; then
+ insinto /usr/share/emacs/site-lisp
+ doins doc/c-indentation.el
+ fi
+
+ # create the certs directory
+ dodir /etc/ssl/certs
+ cp -RP certs/* "${D}"/etc/ssl/certs/ || die "failed to install certs"
+ rm -r "${D}"/etc/ssl/certs/{demo,expired}
+
+ # Namespace openssl programs to prevent conflicts with other man pages
+ cd "${D}"/usr/share/man
+ local m d s
+ for m in $(find . -type f | xargs grep -L '#include') ; do
+ d=${m%/*} ; d=${d#./} ; m=${m##*/}
+ [[ ${m} == openssl.1* ]] && continue
+ [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+ mv ${d}/{,ssl-}${m}
+ ln -s ssl-${m} ${d}/openssl-${m}
+ # locate any symlinks that point to this man page ... we assume
+ # that any broken links are due to the above renaming
+ for s in $(find -L ${d} -type l) ; do
+ s=${s##*/}
+ rm -f ${d}/${s}
+ ln -s ssl-${m} ${d}/ssl-${s}
+ ln -s ssl-${s} ${d}/openssl-${s}
+ done
+ done
+ [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+ diropts -m0700
+ keepdir /etc/ssl/private
+}
+
+pkg_preinst() {
+ preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7}
+}
+
+pkg_postinst() {
+ preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7}
+
+ if [[ ${CHOST} == i686* ]] ; then
+ ewarn "Due to the way openssl is architected, you cannot"
+ ewarn "switch between optimized versions without breaking"
+ ewarn "ABI. The default i686 0.9.8 ABI was an unoptimized"
+ ewarn "version with horrible performance. This version uses"
+ ewarn "the optimized ABI. If you experience segfaults when"
+ ewarn "using ssl apps (like openssh), just re-emerge the"
+ ewarn "offending package."
+ fi
+}