Lines 14-20
Link Here
|
14 |
LICENSE="openssl" |
14 |
LICENSE="openssl" |
15 |
# subslot set to 1.0.2g version as this is the first release without SSLv2 |
15 |
# subslot set to 1.0.2g version as this is the first release without SSLv2 |
16 |
# support and thus breaks nearly every openssl consumer (see bug #575548) |
16 |
# support and thus breaks nearly every openssl consumer (see bug #575548) |
17 |
SLOT="0" |
17 |
SLOT="0/1.0.2g" |
18 |
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" |
18 |
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" |
19 |
IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib" |
19 |
IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib" |
20 |
RESTRICT="!bindist? ( bindist )" |
20 |
RESTRICT="!bindist? ( bindist )" |
Lines 47-52
Link Here
|
47 |
usr/include/openssl/opensslconf.h |
47 |
usr/include/openssl/opensslconf.h |
48 |
) |
48 |
) |
49 |
|
49 |
|
|
|
50 |
pkg_pretend() { |
51 |
if has_version "<dev-libs/openssl-1.0.2g-r3" && |
52 |
( has_version "<=net-misc/wget-1.16.3-r1[ssl,-gnutls,-static]" || |
53 |
has_version ">=net-misc/wget-1.16.3-r2[ssl,-gnutls,-libressl,-static]" ) |
54 |
then |
55 |
eerror "Due to SSLv2 being officially disabled by default in" |
56 |
eerror "openssl-1.0.2g for security reasons, a non-statically-linked" |
57 |
eerror "Wget will crash from missing symbols until it is recompiled," |
58 |
eerror "preventing packages from being downloaded by Portage, including" |
59 |
eerror "Wget itself if you don't have its tarball already." |
60 |
eerror |
61 |
eerror "To solve this, you must first temporarily compile net-misc/wget" |
62 |
eerror "with USE=\"static\". After you do this, you will be able to" |
63 |
eerror "emerge >=openssl-1.0.2g-r3, and then recompile Wget" |
64 |
eerror "non-statically if you wish. You MUST at least recompile Wget" |
65 |
eerror "once anyway, to include the new OpenSSL libraries with their" |
66 |
eerror "security updates." |
67 |
eerror |
68 |
eerror "You can also compile Wget with USE=\"gnutls\" or" |
69 |
eerror "USE=\"libressl\" (starting from wget-1.16.3-r2) instead, in" |
70 |
eerror "which case it won't depend on OpenSSL, and there won't be any" |
71 |
eerror "issue with it after upgrading OpenSSL, even if non-statically" |
72 |
eerror "linked." |
73 |
eerror |
74 |
eerror "Be also warned that other packages depending on OpenSSL will" |
75 |
eerror "crash because of the missing symbols, until they are" |
76 |
eerror "recompiled. To recompile them all, run the following command" |
77 |
eerror "as soon as possible after installing >=openssl-1.0.2g-r3:" |
78 |
eerror |
79 |
eerror "revdep-rebuild -i -L \"libssl.so.*\"" |
80 |
eerror |
81 |
|
82 |
die "You must first temporarily compile net-misc/wget statically." |
83 |
fi |
84 |
} |
85 |
|
50 |
src_prepare() { |
86 |
src_prepare() { |
51 |
# keep this in sync with app-misc/c_rehash |
87 |
# keep this in sync with app-misc/c_rehash |
52 |
SSL_CNF_DIR="/etc/ssl" |
88 |
SSL_CNF_DIR="/etc/ssl" |
Lines 156-162
Link Here
|
156 |
enable-mdc2 \ |
192 |
enable-mdc2 \ |
157 |
enable-rc5 \ |
193 |
enable-rc5 \ |
158 |
enable-tlsext \ |
194 |
enable-tlsext \ |
159 |
enable-ssl2 \ |
|
|
160 |
$(use_ssl asm) \ |
195 |
$(use_ssl asm) \ |
161 |
$(use_ssl gmp gmp -lgmp) \ |
196 |
$(use_ssl gmp gmp -lgmp) \ |
162 |
$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ |
197 |
$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ |
Lines 265-268
Link Here
|
265 |
|
300 |
|
266 |
has_version ${CATEGORY}/${PN}:0.9.8 && return 0 |
301 |
has_version ${CATEGORY}/${PN}:0.9.8 && return 0 |
267 |
preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 |
302 |
preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 |
|
|
303 |
|
304 |
ewarn "If you have upgraded from <openssl-1.0.2g-r3, you MUST recompile NOW" |
305 |
ewarn "all packages depending on OpenSSL. Many of them will crash" |
306 |
ewarn "otherwise, due to missing SSLv2 symbols (SSLv2 being now disabled" |
307 |
ewarn "for security reasons). See bugs #575548 and #576128." |
308 |
ewarn |
309 |
ewarn "To compile them all, run the following command AS SOON AS POSSIBLE:" |
310 |
ewarn |
311 |
ewarn "revdep-rebuild -i -L \"libssl.so.*\"" |
268 |
} |
312 |
} |