Add fixes from upstream but not in the 0.9.8l release.

Package-Manager: portage-2.2_rc49/cvs/Linux x86_64
author: Mike Frysinger <vapier@gentoo.org> 2009-11-21 03:09:54 +0000
committer: Mike Frysinger <vapier@gentoo.org> 2009-11-21 03:09:54 +0000
commit: 658ead5774a8284d139136334813ac369db7bb46 (patch)
tree: eee641be38a8bb38af1220f4f078ba3a76703aad /dev-libs/openssl
parent: Version bump. (diff)
download: historical-658ead5774a8284d139136334813ac369db7bb46.tar.gz
historical-658ead5774a8284d139136334813ac369db7bb46.tar.bz2
historical-658ead5774a8284d139136334813ac369db7bb46.zip
6 files changed, 466 insertions, 2 deletions
diff --git a/dev-libs/openssl/ChangeLog b/dev-libs/openssl/ChangeLog
index 708ee71619e0..4a3d1488b90d 100644
--- a/dev-libs/openssl/ChangeLog
+++ b/dev-libs/openssl/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for dev-libs/openssl
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.300 2009/11/08 20:38:28 nixnut Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.301 2009/11/21 03:09:54 vapier Exp $
+
+*openssl-0.9.8l-r1 (21 Nov 2009)
+
+  21 Nov 2009; Mike Frysinger <vapier@gentoo.org> +openssl-0.9.8l-r1.ebuild,
+  +files/openssl-0.9.8l-CVE-2009-1387.patch,
+  +files/openssl-0.9.8l-CVE-2009-2409.patch,
+  +files/openssl-0.9.8l-dtls-compat.patch:
+  Add fixes from upstream but not in the 0.9.8l release.
 
   08 Nov 2009; nixnut <nixnut@gentoo.org> openssl-0.9.8l.ebuild:
   ppc stable #292022
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index bdd3401122be..e24afa65e82b 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
 AUX gentoo.config-0.9.8 4249 RMD160 a63c08a30dd294429c562b8e24bf2b13ba220f63 SHA1 737dbd27e39726c49e44f5e92e46bdf8a8ff9b4d SHA256 c14ff861759f4ebaeb57f37ae7df63af4dea1767eae07ef0eb42abd43cebc4a1
 AUX openssl-0.9.7-alpha-default-gcc.patch 533 RMD160 ea2d91421aa4d3f463034b40c2c81c195a71c0dd SHA1 f5ee85db45ab80b66225a222c7655b74760b94fe SHA256 814ae7c09359414e7dcd96008c82d868fba0565de2d1b3e6a4275f8cdbeefb5c
 AUX openssl-0.9.7e-gentoo.patch 460 RMD160 60969fd05a15fe00d0d1c27b9098acfde28ba65e SHA1 73ff3c336dfdbeed903ac7b82486674ab4ec66a2 SHA256 ddb8d47429f3aadf3f5142293a2c38cbb9eb3927edfd1b497771337c48a11641
@@ -13,10 +16,21 @@ AUX openssl-0.9.8k-toolchain.patch 726 RMD160 d925596e8761867a0326b8bf30c556be2f
 AUX openssl-0.9.8l-CVE-2009-1377.patch 1630 RMD160 d97d1f0f27c5331c7ad8eb47bc231cbf2bbebf7b SHA1 b6e6785d740ad89d20e9fae113529e3082bea81b SHA256 399dfff19f183f0dc94497f3e48cef0a20dbb0e6c6583baf9e25479b985af1f0
 AUX openssl-0.9.8l-CVE-2009-1378.patch 894 RMD160 a7df4efdb0b1127e8fcf15d647dcddd6f5365e84 SHA1 4179a7ef9725b2540c29768c2d80e79b6e26b271 SHA256 e8e9273e30cadb9076ec8f2694d4d3a2d71289a0b33d37960b9d28c2c055459b
 AUX openssl-0.9.8l-CVE-2009-1379.patch 662 RMD160 15b352d935eb1489cadeebb8e09c8bcb301fc8c1 SHA1 358cacdf2442dfb882db5c945daa333329009dd1 SHA256 19fdbc9551cee3985a6f326c5b28d0ba6f2e52ef44c7b023bb313644937c5e7d
+AUX openssl-0.9.8l-CVE-2009-1387.patch 1561 RMD160 58d4df1b1e246c4bbb4db44e60eac51a286ccb4d SHA1 938ea6ec1af911f67075cba3b1675e8b07baa75f SHA256 5fd8dd453022aa6ea245877d795dd03761334a8960dfa0e13f1cfbdd88680438
+AUX openssl-0.9.8l-CVE-2009-2409.patch 982 RMD160 aa0cba74931e0387f9491b8c4ab0f2e3d30c8bc9 SHA1 93ce7baf4a5b2417da1e3b5a6ed30b58d7577424 SHA256 8f1c156b305c31419a317a8e65988071f033db5ba668fde70a10aab23c28efe9
+AUX openssl-0.9.8l-dtls-compat.patch 6141 RMD160 87d25f9b1e3ebbee2b3f168510e160bfeba5e2b3 SHA1 fe20d1d695df7fc3a87a264819305c7f40adc3d9 SHA256 440217a7b34dbc5eafc063bf6a3d9208dca1a8e673dcf0345759e898f0940ace
 DIST openssl-0.9.8k.tar.gz 3852259 RMD160 496df7a5d33457b0d8e3b930a8e5cf068923182c SHA1 3ba079f91d3c1ec90a36dcd1d43857165035703f SHA256 7e7cd4f3974199b729e6e3a0af08bd4279fde0370a1120c1a3b351ab090c6101
 DIST openssl-0.9.8l.tar.gz 4179422 RMD160 9de81ec2583edcba729e62d50fd22c0a98a52903 SHA1 d3fb6ec89532ab40646b65af179bb1770f7ca28f SHA256 ecd054e9eed2e9c1620ba15257e6fc4d882c9a4aea663d23b769e2138de8c91a
 EBUILD openssl-0.9.8k-r1.ebuild 5964 RMD160 ceb0d18aaf42309cde2212d154bd363f0e9b676f SHA1 77b5ffb0f2cec6581835123ca05f22fd6b547f05 SHA256 09b6edcb49f655b2dfa5edd33613fa9a1027375841ef7cc3b33a72beaa3141b4
 EBUILD openssl-0.9.8k.ebuild 5989 RMD160 6da50840cc10f982176156bfca8320d560aa8895 SHA1 a2509663bec3775fe81b2810301f46dbe503c464 SHA256 44958921f9043e8892a5f225aee5d10e6d5b920e222f8b448b24e4d29c13c9cd
+EBUILD openssl-0.9.8l-r1.ebuild 6203 RMD160 a065d5c7b9522c3d8060cb995ca6132c831f15e4 SHA1 10d3aa1582284f96cf1dcf56398eb27def551363 SHA256 2a77d44b49e4f021d1c1eacd9c0713b35c4e5525dfc037e5875b2b0e66a4e4b3
 EBUILD openssl-0.9.8l.ebuild 6034 RMD160 d1f206ade32e8202172bdc4ee82a0840adf1459b SHA1 3f85d97014ca59cd1258da2c50bd29795a1b758b SHA256 e9a64e59d491c66240764842817f75effb79611d1696bd2331a3ef0df30c0a1c
-MISC ChangeLog 44737 RMD160 faaee54c9a1e8c7bedb6222629d780563acbb667 SHA1 bb0ad9e408012f274061360efcdc3ee21c4d8589 SHA256 dcfef0ee5dcba89c049da780ce1aa83ed81768b111f4bf4a67b045bdea65aefc
+MISC ChangeLog 45039 RMD160 0ae7ecdd332466d3ae4b85615c5b6b1b7687f8f7 SHA1 09351d977fab3dc770a3efaf57b6d7e5e622d08f SHA256 07e4385b8651916ce65f54228c378542c9f177b8012842ca629ad2a62c2cc8b2
 MISC metadata.xml 164 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 SHA1 9c213f5803676c56439df3716be07d6692588856 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.13 (GNU/Linux)
+
+iEYEARECAAYFAksHWtYACgkQlPl3HsVfCDrK0QCfWpZJY15Xo0BBV4fEKNlYh5rJ
+hUcAniza8om8uVSvBSzWd00D5nM60NRf
+=PCPN
+-----END PGP SIGNATURE-----
diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1387.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1387.patch
new file mode 100644
index 000000000000..a9e5ea054f5c
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1387.patch
@@ -0,0 +1,59 @@
+http://bugs.gentoo.org/270305
+
+fix from upstream
+
+Index: ssl/d1_both.c
+===================================================================
+RCS file: /usr/local/src/openssl/CVSROOT/openssl/ssl/d1_both.c,v
+retrieving revision 1.4.2.7
+retrieving revision 1.4.2.8
+diff -u -p -r1.4.2.7 -r1.4.2.8
+--- ssl/d1_both.c	17 Oct 2007 21:17:49 -0000	1.4.2.7
++++ ssl/d1_both.c	2 Apr 2009 22:12:13 -0000	1.4.2.8
+@@ -575,30 +575,31 @@ dtls1_process_out_of_seq_message(SSL *s,
+ 			}
+ 		}
+ 
+-	frag = dtls1_hm_fragment_new(frag_len);
+-	if ( frag == NULL)
+-		goto err;
++	if (frag_len)
++	{
++		frag = dtls1_hm_fragment_new(frag_len);
++		if ( frag == NULL)
++			goto err;
+ 
+-	memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
++		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+ 
+-	if (frag_len)
+-		{
+-		/* read the body of the fragment (header has already been read */
++		/* read the body of the fragment (header has already been read) */
+ 		i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+ 			frag->fragment,frag_len,0);
+ 		if (i<=0 || (unsigned long)i!=frag_len)
+ 			goto err;
+-		}
+ 
+-	pq_64bit_init(&seq64);
+-	pq_64bit_assign_word(&seq64, msg_hdr->seq);
++		pq_64bit_init(&seq64);
++		pq_64bit_assign_word(&seq64, msg_hdr->seq);
+ 
+-	item = pitem_new(seq64, frag);
+-	pq_64bit_free(&seq64);
+-	if ( item == NULL)
+-		goto err;
++		item = pitem_new(seq64, frag);
++		pq_64bit_free(&seq64);
++		if ( item == NULL)
++			goto err;
++
++		pqueue_insert(s->d1->buffered_messages, item);
++	}
+ 
+-	pqueue_insert(s->d1->buffered_messages, item);
+ 	return DTLS1_HM_FRAGMENT_RETRY;
+ 
+ err:
diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-2409.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-2409.patch
new file mode 100644
index 000000000000..ad4bf3dac9fa
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-2409.patch
@@ -0,0 +1,34 @@
+http://bugs.gentoo.org/280591
+
+fix from upstream
+
+Index: openssl/crypto/evp/c_alld.c
+RCS File: /v/openssl/cvs/openssl/crypto/evp/c_alld.c,v
+rcsdiff -q -kk '-r1.7' '-r1.7.2.1' -u '/v/openssl/cvs/openssl/crypto/evp/c_alld.c,v' 2>/dev/null
+--- c_alld.c	2005/04/30 21:51:40	1.7
++++ c_alld.c	2009/07/08 08:33:26	1.7.2.1
+@@ -64,9 +64,6 @@
+ 
+ void OpenSSL_add_all_digests(void)
+ 	{
+-#ifndef OPENSSL_NO_MD2
+-	EVP_add_digest(EVP_md2());
+-#endif
+ #ifndef OPENSSL_NO_MD4
+ 	EVP_add_digest(EVP_md4());
+ #endif
+Index: openssl/ssl/ssl_algs.c
+RCS File: /v/openssl/cvs/openssl/ssl/ssl_algs.c,v
+rcsdiff -q -kk '-r1.12.2.3' '-r1.12.2.4' -u '/v/openssl/cvs/openssl/ssl/ssl_algs.c,v' 2>/dev/null
+--- ssl_algs.c	2007/04/23 23:50:21	1.12.2.3
++++ ssl_algs.c	2009/07/08 08:33:27	1.12.2.4
+@@ -92,9 +92,6 @@
+ 	EVP_add_cipher(EVP_seed_cbc());
+ #endif
+ 
+-#ifndef OPENSSL_NO_MD2
+-	EVP_add_digest(EVP_md2());
+-#endif
+ #ifndef OPENSSL_NO_MD5
+ 	EVP_add_digest(EVP_md5());
+ 	EVP_add_digest_alias(SN_md5,"ssl2-md5");
diff --git a/dev-libs/openssl/files/openssl-0.9.8l-dtls-compat.patch b/dev-libs/openssl/files/openssl-0.9.8l-dtls-compat.patch
new file mode 100644
index 000000000000..4d30c9b47d6f
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8l-dtls-compat.patch
@@ -0,0 +1,167 @@
+http://bugs.gentoo.org/280370
+
+fix from upstream
+
+Index: openssl/ssl/d1_clnt.c
+RCS File: /v/openssl/cvs/openssl/ssl/d1_clnt.c,v
+rcsdiff -q -kk '-r1.3.2.15' '-r1.3.2.16' -u '/v/openssl/cvs/openssl/ssl/d1_clnt.c,v' 2>/dev/null
+--- d1_clnt.c	2009/04/14 15:20:47	1.3.2.15
++++ d1_clnt.c	2009/04/19 18:08:11	1.3.2.16
+@@ -130,7 +130,7 @@
+ 
+ static SSL_METHOD *dtls1_get_client_method(int ver)
+ 	{
+-	if (ver == DTLS1_VERSION)
++	if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
+ 		return(DTLSv1_client_method());
+ 	else
+ 		return(NULL);
+@@ -181,7 +181,8 @@
+ 			s->server=0;
+ 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+ 
+-			if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
++			if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
++			    (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
+ 				{
+ 				SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
+ 				ret = -1;
+Index: openssl/ssl/d1_lib.c
+RCS File: /v/openssl/cvs/openssl/ssl/d1_lib.c,v
+rcsdiff -q -kk '-r1.1.2.7' '-r1.1.2.8' -u '/v/openssl/cvs/openssl/ssl/d1_lib.c,v' 2>/dev/null
+--- d1_lib.c	2009/04/02 22:34:59	1.1.2.7
++++ d1_lib.c	2009/04/19 18:08:11	1.1.2.8
+@@ -198,7 +198,10 @@
+ void dtls1_clear(SSL *s)
+ 	{
+ 	ssl3_clear(s);
+-	s->version=DTLS1_VERSION;
++	if (s->options & SSL_OP_CISCO_ANYCONNECT)
++		s->version=DTLS1_BAD_VER;
++	else
++		s->version=DTLS1_VERSION;
+ 	}
+ 
+ /*
+Index: openssl/ssl/d1_pkt.c
+RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v
+rcsdiff -q -kk '-r1.4.2.15' '-r1.4.2.16' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null
+--- d1_pkt.c	2009/04/02 22:34:59	1.4.2.15
++++ d1_pkt.c	2009/04/19 18:08:12	1.4.2.16
+@@ -1024,15 +1024,17 @@
+ 	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
+ 		{
+ 		struct ccs_header_st ccs_hdr;
++		int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
+ 
+ 		dtls1_get_ccs_header(rr->data, &ccs_hdr);
+ 
+ 		/* 'Change Cipher Spec' is just a single byte, so we know
+ 		 * exactly what the record payload has to look like */
+ 		/* XDTLS: check that epoch is consistent */
+-		if (	(s->client_version == DTLS1_BAD_VER && rr->length != 3) ||
+-			(s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) || 
+-			(rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
++		if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
++			ccs_hdr_len = 3;
++
++		if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
+ 			{
+ 			i=SSL_AD_ILLEGAL_PARAMETER;
+ 			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
+@@ -1358,7 +1360,7 @@
+ #if 0
+ 	/* 'create_empty_fragment' is true only when this function calls itself */
+ 	if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
+-		&& SSL_version(s) != DTLS1_VERSION)
++	    && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
+ 		{
+ 		/* countermeasure against known-IV weakness in CBC ciphersuites
+ 		 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 
+Index: openssl/ssl/s3_clnt.c
+RCS File: /v/openssl/cvs/openssl/ssl/s3_clnt.c,v
+rcsdiff -q -kk '-r1.88.2.21' '-r1.88.2.22' -u '/v/openssl/cvs/openssl/ssl/s3_clnt.c,v' 2>/dev/null
+--- s3_clnt.c	2009/02/14 21:50:14	1.88.2.21
++++ s3_clnt.c	2009/04/19 18:08:12	1.88.2.22
+@@ -708,7 +708,7 @@
+ 
+ 	if (!ok) return((int)n);
+ 
+-	if ( SSL_version(s) == DTLS1_VERSION)
++	if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+ 		{
+ 		if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
+ 			{
+Index: openssl/ssl/ssl.h
+RCS File: /v/openssl/cvs/openssl/ssl/ssl.h,v
+rcsdiff -q -kk '-r1.161.2.21' '-r1.161.2.22' -u '/v/openssl/cvs/openssl/ssl/ssl.h,v' 2>/dev/null
+--- ssl.h	2008/08/13 19:44:44	1.161.2.21
++++ ssl.h	2009/04/19 18:08:12	1.161.2.22
+@@ -510,6 +510,8 @@
+ #define SSL_OP_COOKIE_EXCHANGE              0x00002000L
+ /* Don't use RFC4507 ticket extension */
+ #define SSL_OP_NO_TICKET	            0x00004000L
++/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
++#define SSL_OP_CISCO_ANYCONNECT		    0x00008000L
+ 
+ /* As server, disallow session resumption on renegotiation */
+ #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L
+Index: openssl/ssl/ssl_lib.c
+RCS File: /v/openssl/cvs/openssl/ssl/ssl_lib.c,v
+rcsdiff -q -kk '-r1.133.2.16' '-r1.133.2.17' -u '/v/openssl/cvs/openssl/ssl/ssl_lib.c,v' 2>/dev/null
+--- ssl_lib.c	2009/02/23 16:02:47	1.133.2.16
++++ ssl_lib.c	2009/04/19 18:08:12	1.133.2.17
+@@ -995,7 +995,8 @@
+ 		s->max_cert_list=larg;
+ 		return(l);
+ 	case SSL_CTRL_SET_MTU:
+-		if (SSL_version(s) == DTLS1_VERSION)
++		if (SSL_version(s) == DTLS1_VERSION ||
++		    SSL_version(s) == DTLS1_BAD_VER)
+ 			{
+ 			s->d1->mtu = larg;
+ 			return larg;
+Index: openssl/ssl/ssl_sess.c
+RCS File: /v/openssl/cvs/openssl/ssl/ssl_sess.c,v
+rcsdiff -q -kk '-r1.51.2.9' '-r1.51.2.10' -u '/v/openssl/cvs/openssl/ssl/ssl_sess.c,v' 2>/dev/null
+--- ssl_sess.c	2008/06/04 18:35:27	1.51.2.9
++++ ssl_sess.c	2009/04/19 18:08:12	1.51.2.10
+@@ -211,6 +211,11 @@
+ 			ss->ssl_version=TLS1_VERSION;
+ 			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+ 			}
++		else if (s->version == DTLS1_BAD_VER)
++			{
++			ss->ssl_version=DTLS1_BAD_VER;
++			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
++			}
+ 		else if (s->version == DTLS1_VERSION)
+ 			{
+ 			ss->ssl_version=DTLS1_VERSION;
+Index: openssl/ssl/t1_enc.c
+RCS File: /v/openssl/cvs/openssl/ssl/t1_enc.c,v
+rcsdiff -q -kk '-r1.35.2.8' '-r1.35.2.9' -u '/v/openssl/cvs/openssl/ssl/t1_enc.c,v' 2>/dev/null
+--- t1_enc.c	2009/01/05 14:43:07	1.35.2.8
++++ t1_enc.c	2009/04/19 18:08:12	1.35.2.9
+@@ -765,10 +765,10 @@
+ 	HMAC_CTX_init(&hmac);
+ 	HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
+ 
+-	if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
++	if (ssl->version == DTLS1_BAD_VER ||
++	    (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER))
+ 		{
+ 		unsigned char dtlsseq[8],*p=dtlsseq;
+-
+ 		s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
+ 		memcpy (p,&seq[2],6);
+ 
+@@ -793,7 +793,7 @@
+ {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
+ #endif
+ 
+-	if ( SSL_version(ssl) != DTLS1_VERSION)
++	if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER)
+ 		{
+ 		for (i=7; i>=0; i--)
+ 			{
diff --git a/dev-libs/openssl/openssl-0.9.8l-r1.ebuild b/dev-libs/openssl/openssl-0.9.8l-r1.ebuild
new file mode 100644
index 000000000000..ab41d1a74852
--- /dev/null
+++ b/dev-libs/openssl/openssl-0.9.8l-r1.ebuild
@@ -0,0 +1,182 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8l-r1.ebuild,v 1.1 2009/11/21 03:09:54 vapier Exp $
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE="bindist gmp kerberos sse2 test zlib"
+
+RDEPEND="gmp? ( dev-libs/gmp )
+	zlib? ( sys-libs/zlib )
+	kerberos? ( app-crypt/mit-krb5 )"
+DEPEND="${RDEPEND}
+	sys-apps/diffutils
+	>=dev-lang/perl-5
+	test? ( sys-devel/bc )"
+PDEPEND="app-misc/ca-certificates"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch
+	epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch
+	#Forward port of the -b patch. Parallel make fails though.
+	epatch "${FILESDIR}"/${PN}-0.9.8j-parallel-build.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8-make-engines-dir.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8k-toolchain.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8b-doc-updates.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8-makedepend.patch #149583
+	epatch "${FILESDIR}"/${PN}-0.9.8e-make.patch #146316
+	#epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8g-sslv3-no-tlsext.patch
+	#epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
+	epatch "${FILESDIR}"/${PN}-0.9.8l-CVE-2009-137{7,8,9}.patch #270305
+	epatch "${FILESDIR}"/${P}-CVE-2009-1387.patch #270305
+	epatch "${FILESDIR}"/${P}-CVE-2009-2409.patch #280591
+	epatch "${FILESDIR}"/${P}-dtls-compat.patch #280370
+	sed -i -e '/DIRS/ s/ fips / /g' Makefile{,.org} \
+		|| die "Removing fips from openssl failed."
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
+	chmod a+rx gentoo.config
+
+	# Don't build manpages if we don't want them
+	has noman FEATURES \
+		&& sed -i '/^install:/s:install_docs::' Makefile.org \
+		|| sed -i '/^MANDIR=/s:=.*:=/usr/share/man:' Makefile.org
+
+	# Try to derice users and work around broken ass toolchains
+	if [[ $(gcc-major-version) == "3" ]] ; then
+		filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops
+		[[ $(tc-arch) == "ppc64" ]] && replace-flags -O? -O
+	fi
+	[[ $(tc-arch) == ppc* ]] && append-flags -fno-strict-aliasing
+	append-flags -Wa,--noexecstack
+
+	# using a library directory other than lib requires some magic
+	sed -i \
+		-e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \
+		-e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \
+		Makefile.org engines/Makefile \
+		|| die "sed failed"
+	sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
+	sed -i '/^"debug-steve/d' Configure # 0.9.8k shipped broken
+	./config --test-sanity || die "I AM NOT SANE"
+}
+
+src_compile() {
+	unset APPS #197996
+
+	tc-export CC AR RANLIB
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     5,214,703 25/05/2010    http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use sse2 || echo "no-sse2") \
+		enable-camellia \
+		$(use_ssl !bindist ec) \
+		$(use_ssl !bindist idea) \
+		enable-mdc2 \
+		$(use_ssl !bindist rc5) \
+		enable-tlsext \
+		$(use_ssl gmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl zlib) \
+		--prefix=/usr \
+		--openssldir=/etc/ssl \
+		shared threads \
+		|| die "Configure failed"
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s:=.*:=${CFLAG} ${CFLAGS}:" \
+		-e "/^SHARED_LDFLAGS=/s:$: ${LDFLAGS}:" \
+		Makefile || die
+
+	# depend is needed to use $confopts
+	# rehash is needed to prep the certs/ dir
+	emake -j1 depend || die "depend failed"
+	emake -j1 all rehash || die "make all failed"
+}
+
+src_test() {
+	emake -j1 test || die "make test failed"
+}
+
+src_install() {
+	emake -j1 INSTALL_PREFIX="${D}" install || die
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
+	dohtml -r doc/*
+
+	# create the certs directory
+	dodir /etc/ssl/certs
+	cp -RP certs/* "${D}"/etc/ssl/certs/ || die "failed to install certs"
+	rm -r "${D}"/etc/ssl/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${D}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${D}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir /etc/ssl/private
+}
+
+pkg_preinst() {
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7}
+}
+
+pkg_postinst() {
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7}
+}
author	Mike Frysinger <vapier@gentoo.org>	2009-11-21 03:09:54 +0000
committer	Mike Frysinger <vapier@gentoo.org>	2009-11-21 03:09:54 +0000
commit	658ead5774a8284d139136334813ac369db7bb46 (patch)
tree	eee641be38a8bb38af1220f4f078ba3a76703aad /dev-libs/openssl
parent	Version bump. (diff)
download	historical-658ead5774a8284d139136334813ac369db7bb46.tar.gz historical-658ead5774a8284d139136334813ac369db7bb46.tar.bz2 historical-658ead5774a8284d139136334813ac369db7bb46.zip