Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 133354 Details for
Bug 195634
dev-libs/openssl < 0.9.8f DTLS vulnerability (CVE-2007-4995)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
openssl-0.9.8f.ebuild with padlock patch support
openssl-0.9.8f.ebuild (text/plain), 6.13 KB, created by
cilly
on 2007-10-13 19:00:54 UTC
(
hide
)
Description:
openssl-0.9.8f.ebuild with padlock patch support
Filename:
MIME Type:
Creator:
cilly
Created:
2007-10-13 19:00:54 UTC
Size:
6.13 KB
patch
obsolete
># Copyright 1999-2007 Gentoo Foundation ># Distributed under the terms of the GNU General Public License v2 ># $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8f.ebuild,v 1.1 2007/10/13 14:26:51 vapier Exp $ > >inherit eutils flag-o-matic toolchain-funcs > >DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" >HOMEPAGE="http://www.openssl.org/" >SRC_URI="mirror://openssl/source/${P}.tar.gz" > >LICENSE="openssl" >SLOT="0" >KEYWORDS="-* ~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd x86 ~x86-fbsd" >IUSE="bindist emacs gmp kerberos sse2 test zlib" > >RDEPEND="gmp? ( dev-libs/gmp ) > zlib? ( sys-libs/zlib ) > kerberos? ( virtual/krb5 )" >DEPEND="${RDEPEND} > sys-apps/diffutils > >=dev-lang/perl-5 > test? ( sys-devel/bc )" >PDEPEND="app-misc/ca-certificates" > >src_unpack() { > unpack ${A} > cd "${S}" > > epatch "${FILESDIR}"/${PN}-0.9.8f-fix-version.patch > epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch > epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch > epatch "${FILESDIR}"/${PN}-0.9.8b-parallel-build.patch > epatch "${FILESDIR}"/${PN}-0.9.8-make-engines-dir.patch > epatch "${FILESDIR}"/${PN}-0.9.8-toolchain.patch > epatch "${FILESDIR}"/${PN}-0.9.8b-doc-updates.patch > epatch "${FILESDIR}"/${PN}-0.9.8-makedepend.patch #149583 > epatch "${FILESDIR}"/${PN}-0.9.8e-make.patch #146316 > epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch > epatch "${FILESDIR}"/${PN}-0.9.8-padlock-engine.patch > > # allow openssl to be cross-compiled > cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed" > chmod a+rx gentoo.config > > # Don't build manpages if we don't want them > has noman FEATURES \ > && sed -i '/^install:/s:install_docs::' Makefile.org \ > || sed -i '/^MANDIR=/s:=.*:=/usr/share/man:' Makefile.org > > # Try to derice users and work around broken ass toolchains > if [[ $(gcc-major-version) == "3" ]] ; then > filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops > [[ $(tc-arch) == "ppc64" ]] && replace-flags -O? -O > fi > [[ $(tc-arch) == ppc* ]] && append-flags -fno-strict-aliasing > append-flags -Wa,--noexecstack > > # using a library directory other than lib requires some magic > sed -i \ > -e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \ > -e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \ > Makefile.org engines/Makefile \ > || die "sed failed" > ./config --test-sanity || die "I AM NOT SANE" >} > >src_compile() { > tc-export CC AR RANLIB > > # Clean out patent-or-otherwise-encumbered code > # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) > # IDEA: 5,214,703 25/05/2010 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm > # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography > # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 > # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 > > use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; } > echoit() { echo "$@" ; "$@" ; } > > local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") > > local sslout=$(./gentoo.config) > einfo "Use configuration ${sslout:-(openssl knows best)}" > local config="Configure" > [[ -z ${sslout} ]] && config="config" > echoit \ > ./${config} \ > ${sslout} \ > $(use sse2 || echo "no-sse2") \ > enable-camellia \ > $(use_ssl !bindist idea) \ > $(use_ssl !bindist ec) \ > enable-mdc2 \ > $(use_ssl !bindist rc5) \ > $(use_ssl gmp) \ > $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ > $(use_ssl zlib) \ > $(use_ssl zlib zlib-dynamic) \ > --prefix=/usr \ > --openssldir=/etc/ssl \ > shared threads \ > || die "Configure failed" > > # Clean out hardcoded flags that openssl uses > local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ > -e 's:^CFLAG=::' \ > -e 's:-fomit-frame-pointer ::g' \ > -e 's:-O[0-9] ::g' \ > -e 's:-march=[-a-z0-9]* ::g' \ > -e 's:-mcpu=[-a-z0-9]* ::g' \ > -e 's:-m[a-z0-9]* ::g' \ > ) > sed -i \ > -e "/^CFLAG/s:=.*:=${CFLAG} ${CFLAGS}:" \ > -e "/^SHARED_LDFLAGS=/s:$: ${LDFLAGS}:" \ > Makefile || die > > # depend is needed to use $confopts > # rehash is needed to prep the certs/ dir > emake -j1 depend || die "depend failed" > emake all rehash || die "make all failed" > > # force until we get all the gentoo.config kinks worked out > if has test ${FEATURES} && ! tc-is-cross-compiler ; then > src_test > fi >} > >src_test() { > # make sure sandbox doesnt die on *BSD > addpredict /dev/crypto > > make test || die "make test failed" >} > >src_install() { > emake -j1 INSTALL_PREFIX="${D}" install || die > dodoc CHANGES* FAQ NEWS README doc/*.txt > dohtml doc/* > > if use emacs ; then > insinto /usr/share/emacs/site-lisp > doins doc/c-indentation.el > fi > > # create the certs directory > dodir /etc/ssl/certs > cp -RP certs/* "${D}"/etc/ssl/certs/ || die "failed to install certs" > rm -r "${D}"/etc/ssl/certs/{demo,expired} > > # Namespace openssl programs to prevent conflicts with other man pages > cd "${D}"/usr/share/man > local m d s > for m in $(find . -type f | xargs grep -L '#include') ; do > d=${m%/*} ; d=${d#./} ; m=${m##*/} > [[ ${m} == openssl.1* ]] && continue > [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" > mv ${d}/{,ssl-}${m} > ln -s ssl-${m} ${d}/openssl-${m} > # locate any symlinks that point to this man page ... we assume > # that any broken links are due to the above renaming > for s in $(find -L ${d} -type l) ; do > s=${s##*/} > rm -f ${d}/${s} > ln -s ssl-${m} ${d}/ssl-${s} > ln -s ssl-${s} ${d}/openssl-${s} > done > done > [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" > > diropts -m0700 > keepdir /etc/ssl/private >} > >pkg_preinst() { > preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7} >} > >pkg_postinst() { > preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7} > > if [[ ${CHOST} == i686* ]] ; then > ewarn "Due to the way openssl is architected, you cannot" > ewarn "switch between optimized versions without breaking" > ewarn "ABI. The default i686 0.9.8 ABI was an unoptimized" > ewarn "version with horrible performance. This version uses" > ewarn "the optimized ABI. If you experience segfaults when" > ewarn "using ssl apps (like openssh), just re-emerge the" > ewarn "offending package." > fi >}
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 195634
:
133354
|
133358