Respect LDFLAGS #181438 by Arfrever Frehtes Taifersar Arahesis and add fix from upstream for PKCS12 troubles #224843 by Per Pomsel.

Package-Manager: portage-2.2_pre8/cvs/Linux 2.6.25 x86_64
author: Mike Frysinger <vapier@gentoo.org> 2008-06-21 05:36:55 +0000
committer: Mike Frysinger <vapier@gentoo.org> 2008-06-21 05:36:55 +0000
commit: 6c305aea08c745b45859c89dd3422b46762fcfe2 (patch)
tree: 77b7d5983abf6ee4e37e86cc0a69b8ac8f24b5d4 /dev-libs/openssl
parent: old (diff)
download: historical-6c305aea08c745b45859c89dd3422b46762fcfe2.tar.gz
historical-6c305aea08c745b45859c89dd3422b46762fcfe2.tar.bz2
historical-6c305aea08c745b45859c89dd3422b46762fcfe2.zip
5 files changed, 247 insertions, 5 deletions
diff --git a/dev-libs/openssl/ChangeLog b/dev-libs/openssl/ChangeLog
index 5cf2df00d1ce..2580b334e25c 100644
--- a/dev-libs/openssl/ChangeLog
+++ b/dev-libs/openssl/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for dev-libs/openssl
 # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.267 2008/06/05 18:08:59 dertobi123 Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.268 2008/06/21 05:36:54 vapier Exp $
+
+*openssl-0.9.8h-r1 (21 Jun 2008)
+
+  21 Jun 2008; Mike Frysinger <vapier@gentoo.org>
+  +files/openssl-0.9.8h-ldflags.patch, +files/openssl-0.9.8h-pkcs12.patch,
+  +openssl-0.9.8h-r1.ebuild:
+  Respect LDFLAGS #181438 by Arfrever Frehtes Taifersar Arahesis and add fix
+  from upstream for PKCS12 troubles #224843 by Per Pomsel.
 
   05 Jun 2008; Tobias Scherbaum <dertobi123@gentoo.org>
   openssl-0.9.8g-r2.ebuild:
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index a87e25358de2..f7448adbf208 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -21,6 +21,8 @@ AUX openssl-0.9.8f-fix-version.patch 445 RMD160 ab3136992eb4028bff06bbc35322a1c2
 AUX openssl-0.9.8g-CVE-2008-0891.patch 576 RMD160 77e5e7d70f2d47961a8ebcc24cf3dad652d6da67 SHA1 f9415a6270e535300bf6126fe93f4620a2b65829 SHA256 33474833c286ef8c6aada66a9b68893ae6904085c85dbcb382c51de88894a005
 AUX openssl-0.9.8g-CVE-2008-1672.patch 836 RMD160 16faf7fc779ad4565cf110dafac113659da715a1 SHA1 bb64007df7982f5227cb7f1f6b5825556e0f1e91 SHA256 15ed1f219f2d82d93a6f170ae1b389f7ef76e6f14f033c2e05134503e8368ba1
 AUX openssl-0.9.8g-sslv3-no-tlsext.patch 848 RMD160 37bad7b70fd0bdae91fffe337dcbe820b371a163 SHA1 32043ee7841bd95bc647efa8fd7ecb5dcc2fa223 SHA256 d61299ab9b5f96f37979d60ea8e65430c59ef3242627de50be8e2fc87c8753be
+AUX openssl-0.9.8h-ldflags.patch 992 RMD160 3350aaa026419281ac8178cdd59db5d19fa7f4c0 SHA1 0da211ea01216c5a61d32d33be40090ca4e54c71 SHA256 a664f2291e97ce4cf043a63349bcb0c2c89c0d288b7edea0ccfa323b21a9268a
+AUX openssl-0.9.8h-pkcs12.patch 732 RMD160 8afbc53985088fbed3d7608deba95d85716df967 SHA1 9ee10f75616d6e556fa419db491cef9866940cd6 SHA256 6de724cbe0ea6adf72401eb93e47e56a00e193687f46a810702180cbf61e43a6
 DIST openssl-0.9.8e.tar.gz 3341665 RMD160 c1a498606dc0fc7219376b950fab6b53687466db SHA1 b429872d2a287714ab37e42296e6a5fbe23d32ff SHA256 414e8428b95fbc51707965fda31390497d058290356426bfe084b49464a60340
 DIST openssl-0.9.8f.tar.gz 3357445 RMD160 ad0d9d8b238dbede1aa6b76256d11038bd281e05 SHA1 e8716370093b112763ace0c66c06a0d6049e413b SHA256 be5afd386f5d7acff019acaf46cdaad89a8b42cc9cee85d1adb2774627f32b42
 DIST openssl-0.9.8g.tar.gz 3354792 RMD160 f080a32da9becdc8b98c38744d62c6fd8664f603 SHA1 4e9c5ced466715d18fd924de79bde5c15da80fa1 SHA256 0e26886845de95716c9f1b9b75c0e06e9d4075d2bdc9e11504eaa5f7ee901cf0
@@ -31,13 +33,14 @@ EBUILD openssl-0.9.8f.ebuild 6215 RMD160 7af3dc8ed2b30206ff44e8d80af0c585cc7cea5
 EBUILD openssl-0.9.8g-r1.ebuild 6069 RMD160 80e894745c915973fab4a905f4290d9edd933ec2 SHA1 001401f0fb616251daa429c5185c7505fb0f0f55 SHA256 83c6417c325601f99200caceba67c6cdf8e32d5a09110d3dd6390046e0c47bd4
 EBUILD openssl-0.9.8g-r2.ebuild 6189 RMD160 f4ce4514b7e6636d23d9897742527c000203a382 SHA1 4bab53bfcff3037f7e5452cd3da2a4c325cda393 SHA256 d390551e94446b906f4d065b6708efc17069f8ef6a2d011257b92e0cdaf1e4bf
 EBUILD openssl-0.9.8g.ebuild 6075 RMD160 b00d2ee7d97f3f5ae4bfb45c83ce439db9e9e05f SHA1 dedb66afe8c2e502cfd44507517f821a27e5d2eb SHA256 25ea50177ea4619921bcd0e93dcea1c04d135b4a6eb26c6ed4097491e1485f60
+EBUILD openssl-0.9.8h-r1.ebuild 6186 RMD160 84ff203d9d8ecee52a3004c230a9f8cccc3afdf1 SHA1 4f508cfad93dfada141aa663d15099436252a7f1 SHA256 06551d788566f427a1e682d0cbde55b4913ad9e48c4722c60e4e72df92fe309c
 EBUILD openssl-0.9.8h.ebuild 6070 RMD160 3921448846496f393ce2bde48e0f9917632a3f92 SHA1 a37bae8e54f6fdcb9851efd31a794ceca81132c5 SHA256 3859370a56a85b08a3fbe893be7b4c728b4c02ff7f48d414645056da87d97e48
-MISC ChangeLog 39914 RMD160 f9facdaab0f28c95f93afb72cd315162965c3580 SHA1 7af9dcb52c15c8ec46ad16b764146b9b325c10bc SHA256 7a0449bcc1e0fbc7478e1292cd3dcc2ebf716d27b24ffa1fbc6328fb4c0bdb8a
+MISC ChangeLog 40235 RMD160 df2bf7684d2bac324342275b53db995c43f69606 SHA1 caa6956c698e59211733d8ef315769c733b3e40c SHA256 bfbe5b77364df7a0b3ed869f4a1bed37aaa4a3ffc3fd2c0c2117f38ab1b2eb23
 MISC metadata.xml 164 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 SHA1 9c213f5803676c56439df3716be07d6692588856 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.9 (GNU/Linux)
 
-iEYEARECAAYFAkhciYoACgkQ67wieSYcaxfMWACfU10I33Sk+RzE6sMNAmH4jzsZ
-w9YAoOVpZobFMNhDJLgGTQx8EVJQCUsW
-=lSXh
+iEYEARECAAYFAkhck3wACgkQ67wieSYcaxclbgCgtiRwKX0ZXu1VMjb2GQ6yesM9
+wWcAnRnzCC5+cUgBYHOLl6LrB9P3R/HK
+=8mtt
 -----END PGP SIGNATURE-----
diff --git a/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch b/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch
new file mode 100644
index 000000000000..4658c85ebce1
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch
@@ -0,0 +1,25 @@
+http://bugs.gentoo.org/181438
+
+make sure we respect LDFLAGS
+
+--- openssl-0.9.8h/Makefile
++++ openssl-0.9.8h/Makefile
+@@ -180,6 +181,7 @@
+ 		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
+ 		DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}'	\
+ 		MAKEDEPPROG='${MAKEDEPPROG}'			\
++		LDFLAGS='${LDFLAGS}'		\
+ 		SHARED_LDFLAGS='${SHARED_LDFLAGS}'		\
+ 		KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}'	\
+ 		EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}'	\
+--- openssl-0.9.8h/Makefile.shared
++++ openssl-0.9.8h/Makefile.shared
+@@ -153,7 +153,7 @@
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
+ 
+ #This is rather special.  It's a special target with which one can link
+ #applications without bothering with any features that have anything to
diff --git a/dev-libs/openssl/files/openssl-0.9.8h-pkcs12.patch b/dev-libs/openssl/files/openssl-0.9.8h-pkcs12.patch
new file mode 100644
index 000000000000..bec63f1da33a
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8h-pkcs12.patch
@@ -0,0 +1,21 @@
+fix from upstream
+
+http://bugs.gentoo.org/224843
+
+Index: crypto/x509/x509_att.c
+===================================================================
+RCS file: /usr/local/src/openssl/CVSROOT/openssl/crypto/x509/x509_att.c,v
+retrieving revision 1.8.2.2
+retrieving revision 1.8.2.3
+diff -u -p -r1.8.2.2 -r1.8.2.3
+--- crypto/x509/x509_att.c	2 Apr 2008 11:11:51 -0000	1.8.2.2
++++ crypto/x509/x509_att.c	30 May 2008 10:57:13 -0000	1.8.2.3
+@@ -303,7 +303,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIB
+ 	}
+ 	if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
+ 	if(!(ttmp = ASN1_TYPE_new())) goto err;
+-	if (len == -1)
++	if ((len == -1) && !(attrtype & MBSTRING_FLAG))
+ 		{
+ 		if (!ASN1_TYPE_set1(ttmp, attrtype, data))
+ 			goto err;
diff --git a/dev-libs/openssl/openssl-0.9.8h-r1.ebuild b/dev-libs/openssl/openssl-0.9.8h-r1.ebuild
new file mode 100644
index 000000000000..29b0316d750d
--- /dev/null
+++ b/dev-libs/openssl/openssl-0.9.8h-r1.ebuild
@@ -0,0 +1,185 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8h-r1.ebuild,v 1.1 2008/06/21 05:36:54 vapier Exp $
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="-* ~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
+IUSE="bindist gmp kerberos sse2 test zlib"
+
+RDEPEND="gmp? ( dev-libs/gmp )
+	zlib? ( sys-libs/zlib )
+	kerberos? ( app-crypt/mit-krb5 )"
+DEPEND="${RDEPEND}
+	sys-apps/diffutils
+	>=dev-lang/perl-5
+	test? ( sys-devel/bc )"
+PDEPEND="app-misc/ca-certificates"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch
+	epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8b-parallel-build.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8-make-engines-dir.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8-toolchain.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8b-doc-updates.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8-makedepend.patch #149583
+	epatch "${FILESDIR}"/${PN}-0.9.8e-make.patch #146316
+	#epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8g-sslv3-no-tlsext.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
+	epatch "${FILESDIR}"/${PN}-0.9.8h-pkcs12.patch #224843
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
+	chmod a+rx gentoo.config
+
+	# Don't build manpages if we don't want them
+	has noman FEATURES \
+		&& sed -i '/^install:/s:install_docs::' Makefile.org \
+		|| sed -i '/^MANDIR=/s:=.*:=/usr/share/man:' Makefile.org
+
+	# Try to derice users and work around broken ass toolchains
+	if [[ $(gcc-major-version) == "3" ]] ; then
+		filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops
+		[[ $(tc-arch) == "ppc64" ]] && replace-flags -O? -O
+	fi
+	[[ $(tc-arch) == ppc* ]] && append-flags -fno-strict-aliasing
+	append-flags -Wa,--noexecstack
+
+	# using a library directory other than lib requires some magic
+	sed -i \
+		-e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \
+		-e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \
+		Makefile.org engines/Makefile \
+		|| die "sed failed"
+	./config --test-sanity || die "I AM NOT SANE"
+}
+
+src_compile() {
+	unset APPS #197996
+
+	tc-export CC AR RANLIB
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     5,214,703 25/05/2010    http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use sse2 || echo "no-sse2") \
+		enable-camellia \
+		$(use_ssl !bindist ec) \
+		$(use_ssl !bindist idea) \
+		enable-mdc2 \
+		$(use_ssl !bindist rc5) \
+		enable-tlsext \
+		$(use_ssl gmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl zlib) \
+		$(use_ssl zlib zlib-dynamic) \
+		--prefix=/usr \
+		--openssldir=/etc/ssl \
+		shared threads \
+		|| die "Configure failed"
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s:=.*:=${CFLAG} ${CFLAGS}:" \
+		-e "/^SHARED_LDFLAGS=/s:$: ${LDFLAGS}:" \
+		Makefile || die
+
+	# depend is needed to use $confopts
+	# rehash is needed to prep the certs/ dir
+	emake -j1 depend || die "depend failed"
+	emake all rehash || die "make all failed"
+}
+
+src_test() {
+	# make sure sandbox doesnt die on *BSD
+	addpredict /dev/crypto
+
+	emake -j1 test || die "make test failed"
+}
+
+src_install() {
+	emake -j1 INSTALL_PREFIX="${D}" install || die
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
+	dohtml doc/*
+
+	# create the certs directory
+	dodir /etc/ssl/certs
+	cp -RP certs/* "${D}"/etc/ssl/certs/ || die "failed to install certs"
+	rm -r "${D}"/etc/ssl/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${D}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	diropts -m0700
+	keepdir /etc/ssl/private
+}
+
+pkg_preinst() {
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7}
+}
+
+pkg_postinst() {
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7}
+
+	if [[ ${CHOST} == i686* ]] ; then
+		ewarn "Due to the way openssl is architected, you cannot"
+		ewarn "switch between optimized versions without breaking"
+		ewarn "ABI.  The default i686 0.9.8 ABI was an unoptimized"
+		ewarn "version with horrible performance.  This version uses"
+		ewarn "the optimized ABI.  If you experience segfaults when"
+		ewarn "using ssl apps (like openssh), just re-emerge the"
+		ewarn "offending package."
+	fi
+}
author	Mike Frysinger <vapier@gentoo.org>	2008-06-21 05:36:55 +0000
committer	Mike Frysinger <vapier@gentoo.org>	2008-06-21 05:36:55 +0000
commit	6c305aea08c745b45859c89dd3422b46762fcfe2 (patch)
tree	77b7d5983abf6ee4e37e86cc0a69b8ac8f24b5d4 /dev-libs/openssl
parent	old (diff)
download	historical-6c305aea08c745b45859c89dd3422b46762fcfe2.tar.gz historical-6c305aea08c745b45859c89dd3422b46762fcfe2.tar.bz2 historical-6c305aea08c745b45859c89dd3422b46762fcfe2.zip