Bug #69550, make sure openssl is built correctly to work with unstripped /lib/ld.so.

Package-Manager: portage-2.0.51.16

4 files changed, 306 insertions, 24 deletions

diff --git a/dev-libs/openssl/ChangeLog b/dev-libs/openssl/ChangeLog
index e163f7430cbb..54ff189863d6 100644
--- a/dev-libs/openssl/ChangeLog
+++ b/dev-libs/openssl/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for dev-libs/openssl
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.102 2005/02/07 00:30:29 kloeri Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.103 2005/02/14 10:35:23 robbat2 Exp $
+
+*openssl-0.9.7e-r1 (14 Feb 2005)
+
+  14 Feb 2005; Robin H. Johnson <robbat2@gentoo.org>
+  +openssl-0.9.7e-r1.ebuild:
+  Bug #69550, make sure openssl is built correctly to work with unstripped
+  /lib/ld.so.
 
   07 Feb 2005; Bryan Østergaard <kloeri@gentoo.org> openssl-0.9.7e.ebuild:
   Stable on alpha.
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 722103fc4582..3d3fdd732cca 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,37 +1,40 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-MD5 2fb1c9b70331ccefa40cf1120f648e18 ChangeLog 16521
-MD5 86cc3049acb48e4c9e50c6c28d251dd4 openssl-0.9.7e.ebuild 8042
-MD5 37236013e0d26d43c6bff35a8a48e8ec metadata.xml 220
-MD5 e84f6b47647c88da5d6ff5ae72e3e101 openssl-0.9.7c.ebuild 4957
-MD5 2d5363922c0d09819338042c472ec25f openssl-0.9.6m.ebuild 3084
 MD5 1ca818d30aac187e7917f59b5f9bb380 openssl-0.9.7d-r2.ebuild 9062
-MD5 e98d01c1e168506fb7f46cb15996ad93 openssl-0.9.7c-r1.ebuild 7017
 MD5 f244311f05df216907805cd866348fdc openssl-0.9.7d.ebuild 7797
+MD5 a6dd0cc55bd913e7ed1429c108ae418a openssl-0.9.7e-r1.ebuild 8217
 MD5 e971724cd8179a30348af2e5ef03b84f openssl-0.9.7d-r1.ebuild 8555
-MD5 8ad6215b1b4c9d53c435ceff6b537e35 files/digest-openssl-0.9.7c 134
-MD5 f8ff492f66404c732e4661cc4443a2e8 files/openssl-0.9.7-alpha-default-gcc.patch 533
-MD5 f8b9ae9e3ed08f964620aa832aec4d0c files/digest-openssl-0.9.7c-r1 134
-MD5 7483d6f0412e857e9063dce4aecf2991 files/openssl-0.9.7d-gentoo.diff 936
-MD5 4e6c2cbbc1ff9e36ff6d83b6c5356b7c files/openssl-0.9.7-hppa-fix-detection.patch 1718
-MD5 7483d6f0412e857e9063dce4aecf2991 files/openssl-0.9.7c-gentoo.diff 936
+MD5 e84f6b47647c88da5d6ff5ae72e3e101 openssl-0.9.7c.ebuild 4957
+MD5 86cc3049acb48e4c9e50c6c28d251dd4 openssl-0.9.7e.ebuild 8042
+MD5 e98d01c1e168506fb7f46cb15996ad93 openssl-0.9.7c-r1.ebuild 7017
+MD5 be28e5a597e81c8bb213f49e24b48aff ChangeLog 16728
+MD5 37236013e0d26d43c6bff35a8a48e8ec metadata.xml 220
+MD5 2d5363922c0d09819338042c472ec25f openssl-0.9.6m.ebuild 3084
 MD5 bef2724dccc11edf27916526d9c08576 files/openssl-0.9.7-arm-big-endian.patch 1074
+MD5 7483d6f0412e857e9063dce4aecf2991 files/openssl-0.9.7c-gentoo.diff 936
+MD5 f804ea4df3b388d22451cde6e9458f2b files/openssl-0.9.7c-tempfile.patch 2178
 MD5 f886f4a6a62eb4ec7bc718952d76900d files/openssl-0.9.7e-gentoo.patch 460
-MD5 b901850df9952252974316e78775673b files/openssl-0.9.6-mips.diff 1487
-MD5 cebd09d1819c07b0fab14ad90b0da884 files/openssl-0.9.6m-gentoo.diff 1591
+MD5 7483d6f0412e857e9063dce4aecf2991 files/openssl-0.9.7d-gentoo.diff 936
+MD5 2e6ed24d513a8f2b1b6f03709ab5ba18 files/digest-openssl-0.9.6m 67
+MD5 8ad6215b1b4c9d53c435ceff6b537e35 files/digest-openssl-0.9.7c 134
 MD5 897d293325315cdeeb390745ed5cdd1b files/digest-openssl-0.9.7d 134
-MD5 f804ea4df3b388d22451cde6e9458f2b files/openssl-0.9.7c-tempfile.patch 2178
-MD5 744b358cd3b68b2ca6561c214c541fc0 files/addppc64support.diff 1327
-MD5 897d293325315cdeeb390745ed5cdd1b files/digest-openssl-0.9.7d-r1 134
+MD5 acab4ad88a6c249a7cde0511a0961a2c files/digest-openssl-0.9.7e 134
 MD5 91854bcd6c83f040927d490b104bb5a0 files/openssl-0.9.7d-smime.patch 641
+MD5 f8b9ae9e3ed08f964620aa832aec4d0c files/digest-openssl-0.9.7c-r1 134
+MD5 897d293325315cdeeb390745ed5cdd1b files/digest-openssl-0.9.7d-r1 134
 MD5 897d293325315cdeeb390745ed5cdd1b files/digest-openssl-0.9.7d-r2 134
-MD5 2e6ed24d513a8f2b1b6f03709ab5ba18 files/digest-openssl-0.9.6m 67
-MD5 acab4ad88a6c249a7cde0511a0961a2c files/digest-openssl-0.9.7e 134
+MD5 acab4ad88a6c249a7cde0511a0961a2c files/digest-openssl-0.9.7e-r1 134
+MD5 f8ff492f66404c732e4661cc4443a2e8 files/openssl-0.9.7-alpha-default-gcc.patch 533
+MD5 4e6c2cbbc1ff9e36ff6d83b6c5356b7c files/openssl-0.9.7-hppa-fix-detection.patch 1718
+MD5 cebd09d1819c07b0fab14ad90b0da884 files/openssl-0.9.6m-gentoo.diff 1591
+MD5 744b358cd3b68b2ca6561c214c541fc0 files/addppc64support.diff 1327
+MD5 b901850df9952252974316e78775673b files/openssl-0.9.6-mips.diff 1487
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.0 (GNU/Linux)
+Version: GnuPG v1.2.6 (GNU/Linux)
+Comment: Robbat2 @ Orbis-Terrarum Networks
 
-iD8DBQFCBrbHugEuf3OQ0akRAppoAJ4tycGapaVOQT+FKxPXUT9Tiu9RcgCdGzu7
-gH67XsV0lLxQ04xqM8ORZ1c=
-=cFSf
+iD8DBQFCEH74PpIsIjIzwiwRAtEkAKDcXBP87sATwOUFf4PmA0/M/ZKepwCgmYYg
+Z8PhuOwyftIbAqGIx0laj20=
+=Q5hd
 -----END PGP SIGNATURE-----
diff --git a/dev-libs/openssl/files/digest-openssl-0.9.7e-r1 b/dev-libs/openssl/files/digest-openssl-0.9.7e-r1
new file mode 100644
index 000000000000..81d2db421e96
--- /dev/null
+++ b/dev-libs/openssl/files/digest-openssl-0.9.7e-r1
@@ -0,0 +1,2 @@
+MD5 a8777164bca38d84e5eb2b1535223474 openssl-0.9.7e.tar.gz 3043231
+MD5 1b63bfdca1c37837dddde9f1623498f9 openssl-0.9.6m.tar.gz 2184918
diff --git a/dev-libs/openssl/openssl-0.9.7e-r1.ebuild b/dev-libs/openssl/openssl-0.9.7e-r1.ebuild
new file mode 100644
index 000000000000..3a7c845522e4
--- /dev/null
+++ b/dev-libs/openssl/openssl-0.9.7e-r1.ebuild
@@ -0,0 +1,270 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.7e-r1.ebuild,v 1.1 2005/02/14 10:35:23 robbat2 Exp $
+
+inherit eutils flag-o-matic toolchain-funcs
+
+OLD_096_P="${PN}-0.9.6m"
+
+DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${P}.tar.gz
+	mirror://openssl/source/${OLD_096_P}.tar.gz"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="emacs uclibc"
+
+RDEPEND="virtual/libc"
+DEPEND="${RDEPEND}
+	sys-apps/diffutils
+	>=dev-lang/perl-5
+	>=sys-apps/sed-4
+	!uclibc? ( sys-devel/bc )"
+
+S=${WORKDIR}
+
+src_unpack() {
+	unpack ${A}
+
+	# openssl-0.9.7
+	cd ${WORKDIR}/${P}
+
+	epatch ${FILESDIR}/${PN}-0.9.7c-tempfile.patch
+	[[ $(tc-arch) == "ppc64" ]] && epatch ${FILESDIR}/addppc64support.diff
+	epatch ${FILESDIR}/${PN}-0.9.7e-gentoo.patch
+	epatch ${FILESDIR}/${PN}-0.9.7-arm-big-endian.patch
+	epatch ${FILESDIR}/${PN}-0.9.7-hppa-fix-detection.patch
+	epatch ${FILESDIR}/${PN}-0.9.7-alpha-default-gcc.patch
+
+	case $(gcc-version) in
+		3.2)
+			filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loop
+		;;
+		3.4 | 3.3 )
+			filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops
+			if [[ ${ARCH} == "ppc" ||  ${ARCH} == "ppc64" ]] ; then
+				append-flags -fno-strict-aliasing
+			fi
+			# <robbat2@gentoo.org> (14 Feb 2004)
+			# bug #69550 openssl breaks in some cases.
+			if [[ ${ARCH} == "x86" ]] ; then
+				append-flags -Wa,--noexecstack
+			fi
+		;;
+	esac
+
+	# replace CFLAGS
+	OLDIFS=$IFS
+	IFS=$'\n'
+	for a in $( grep -n -e "^\"linux-" Configure ); do
+		LINE=$( echo $a | awk -F: '{print $1}' )
+		CUR_CFLAGS=$( echo $a | awk -F: '{print $3}' )
+		# for ppc64 I have to be careful given current toolchain issues
+		if [[ ${ARCH} != "ppc64" ]]; then
+			NEW_CFLAGS="$( echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s:-fomit-frame-pointer::" -e "s:-mcpu=[-a-z0-9]+::" -e "s:-m486::" ) $CFLAGS"
+		else
+			NEW_CFLAGS="$( echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s:-fomit-frame-pointer::" -e "s:-mcpu=[-a-z0-9]+::" -e "s:-m486::" ) "
+
+		fi
+
+		sed -i "${LINE}s:$CUR_CFLAGS:$NEW_CFLAGS:" Configure \
+		|| die "sed failed"
+	done
+	IFS=$OLDIFS
+
+	if [ "$(get_libdir)" != "lib" ] ; then
+		# using a library directory other than lib requires some magic
+		sed -i \
+			-e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \
+			-e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \
+			Makefile.org \
+			|| die "sed failed"
+		./config --test-sanity || die "sanity failed"
+	fi
+
+	# openssl-0.9.6
+	test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && {
+		cd ${WORKDIR}/${OLD_096_P}
+
+		epatch ${FILESDIR}/${OLD_096_P}-gentoo.diff
+
+		case ${ARCH} in
+		mips)
+			epatch ${FILESDIR}/openssl-0.9.6-mips.diff
+		;;
+		arm)
+			# patch linker to add -ldl or things linking aginst libcrypto fail
+			sed -i -e \
+				's!^"linux-elf-arm"\(.*\)::BN\(.*\)!"linux-elf-arm"\1:-ldl:BN\2!' \
+				Configure \
+				|| die "sed failed"
+		;;
+		hppa)
+			# Tells to compile a static version of openssl
+			sed -i -e \
+				's!^"linux-parisc"\(.*\)::BN\(.*\)::!"linux-parisc"\1:-ldl:BN\2::::::::::dlfcn:linux-shared:-fPIC::.so.\\$(SHLIB_MAJOR).\\$(SHLIB_MINOR)!' \
+				Configure \
+				|| die "sed failed"
+			# Fix detection of parisc running 64 bit kernel
+			sed -i -e 's/parisc-\*-linux2/parisc\*-\*-linux2/' config \
+			|| die "sed failed"
+		esac
+
+		# replace CFLAGS
+		OLDIFS=$IFS
+		IFS=$'\n'
+		for a in $( grep -n -e "^\"linux-" Configure ); do
+	  		LINE=$( echo $a | awk -F: '{print $1}' )
+	  		CUR_CFLAGS=$( echo $a | awk -F: '{print $3}' )
+	  		NEW_CFLAGS="$( echo $CUR_CFLAGS | sed -r -e "s|-O[23]||" -e "s/-fomit-frame-pointer//" -e "s/-mcpu=[-a-z0-9]+//" -e "s/-m486//" ) $CFLAGS"
+	  		sed -i "${LINE}s/$CUR_CFLAGS/$NEW_CFLAGS/" Configure \
+			|| die "sed failed"
+		done
+		IFS=$OLDIFS
+	}
+}
+
+src_compile() {
+	# openssl-0.9.7
+	cd ${WORKDIR}/${P}
+
+	# Build correctly for mips, mips64, & mipsel
+	if use mips; then
+		if [[ ${CHOST/mipsel} != ${CHOST} ]] ; then
+			mipsarch="linux-mipsel"
+		else
+			mipsarch="linux-mips"
+		fi
+
+		./Configure ${mipsarch} --prefix=/usr --openssldir=/etc/ssl \
+			shared threads || die
+	# force sparcv8 on sparc32 profile
+	elif [ "$PROFILE_ARCH" = "sparc" ]; then
+		./Configure linux-sparcv8 --prefix=/usr --openssldir=/etc/ssl \
+			shared threads || die
+	elif [ "$PROFILE_ARCH" = "sparc64-multilib" -a "${ABI}" = "sparc64" ]; then
+		./Configure linux64-sparcv9 --prefix=/usr --openssldir=/etc/ssl \
+			shared threads || die
+	else
+		./config --prefix=/usr --openssldir=/etc/ssl shared threads || die "config failed"
+	fi
+
+	einfo "Compiling ${P}"
+	make all || die "make all failed"
+
+	# openssl-0.9.6
+	test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && {
+		cd ${WORKDIR}/${OLD_096_P}
+
+		# force sparcv8 on sparc32 profile
+		if [ "$PROFILE_ARCH" = "sparc" ]; then
+			SSH_TARGET="linux-sparcv8"
+		elif [ "`uname -m`" = "parisc" -o "`uname -m`" = "parisc64" ]; then
+			SSH_TARGET="linux-parisc"
+		elif use mips; then
+			if [ "`echo ${CHOST} | grep "mipsel"`" ]; then
+				SSH_TARGET="linux-mipsel"
+			else
+				SSH_TARGET="linux-mips"
+			fi
+		fi
+
+		case ${CHOST} in
+		alphaev56*|alphaev6*)
+			SSH_TARGET="linux-alpha+bwx-${CC:-gcc}"
+		;;
+		alpha*)
+			SSH_TARGET="linux-alpha-${CC:-gcc}" ;;
+		esac
+
+		if [ ${SSH_TARGET} ]; then
+			einfo "Forcing ${SSH_TARGET} compile"
+			./Configure ${SSH_TARGET} --prefix=/usr \
+				--openssldir=/etc/ssl shared threads || die
+		else
+			./config --prefix=/usr --openssldir=/etc/ssl shared threads || die
+		fi
+
+		einfo "Compiling ${OLD_096_P}"
+		make all || die
+	}
+}
+
+src_test() {
+	cd ${WORKDIR}/${P}
+	make test || die "make test failed"
+
+	# openssl-0.9.6
+	test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && {
+		cd ${WORKDIR}/${OLD_096_P}
+		make all || die
+	}
+}
+
+src_install() {
+	# openssl-0.9.7
+	cd ${WORKDIR}/${P}
+	make INSTALL_PREFIX=${D} MANDIR=/usr/share/man install || die
+	dodoc CHANGES* FAQ LICENSE NEWS README
+	dodoc doc/*.txt
+	dohtml doc/*
+	insinto /usr/share/emacs/site-lisp
+	doins doc/c-indentation.el
+
+	if use emacs ; then
+		insinto /usr/share/emacs/site-lisp
+		doins doc/c-indentation.el
+	fi
+
+	# create the certs directory.  Previous openssl builds
+	# would need to create /usr/lib/ssl/certs but this looks
+	# to be the more FHS compliant setup... -raker
+	insinto /etc/ssl/certs
+	doins certs/*.pem
+	OPENSSL=${D}/usr/bin/openssl /usr/bin/perl tools/c_rehash ${D}/etc/ssl/certs
+
+	# The man pages rand.3 and passwd.1 conflict with other packages
+	# Rename them to ssl-* and also make a symlink from openssl-* to ssl-*
+	cd ${D}/usr/share/man/man1
+	mv passwd.1 ssl-passwd.1
+	ln -sf ssl-passwd.1 openssl-passwd.1
+	cd ${D}/usr/share/man/man3
+	mv rand.3 ssl-rand.3
+	ln -sf ssl-rand.3 openssl-rand.3
+
+	# openssl-0.9.6
+	test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && {
+		cd ${WORKDIR}/${OLD_096_P}
+		make || die
+		dolib.so ${WORKDIR}/${OLD_096_P}/libcrypto.so.0.9.6||die "libcrypto.so.0.9.6 not found"
+		dolib.so ${WORKDIR}/${OLD_096_P}/libssl.so.0.9.6|| die "libssl.so.0.9.6 not found"
+	}
+	fperms a+x /usr/$(get_libdir)/pkgconfig #34088
+}
+
+pkg_postinst() {
+	local BN_H="${ROOT}$(gcc-config -L)/include/openssl/bn.h"
+	# Breaks things one some boxen, bug #13795.  The problem is that
+	# if we have a 'gcc fixed' version in $(gcc-config -L) from 0.9.6,
+	# then breaks as it was defined as 'int BN_mod(...)' and in 0.9.7 it
+	# is a define with BN_div(...) - <azarah@gentoo.org> (24 Sep 2003)
+	if [ -f "${BN_H}" ] && [ -n "$(grep '^int[[:space:]]*BN_mod(' "${BN_H}")" ]
+	then
+		rm -f "${BN_H}"
+	fi
+
+	test -f ${ROOT}/usr/lib/libssl.so.0.9.6 && {
+		einfo "You can now re-compile all packages that are linked against"
+		einfo "OpenSSL 0.9.6 by using revdep-rebuild from gentoolkit:"
+		einfo "# revdep-rebuild --soname libssl.so.0.9.6"
+		einfo "# revdep-rebuild --soname libcrypto.so.0.9.6"
+		einfo "After this, you can delete /usr/lib/libssl.so.0.9.6 and /usr/lib/libcrypto.so.0.9.6"
+	}
+
+
+	ewarn "If you do not etc-update now and update /etc/ssl/misc/der_chop to the new version, your"
+	ewarn "system IS VULNERABLE to a symlink attack as described in bug 68407"
+	ewarn "refer to http://bugs.gentoo.org/show_bug.cgi?id=68407 if you have any doubts"
+}