Add fix from upstream for CVE-2007-3108 #188799.

Package-Manager: portage-2.1.3.7
author: Mike Frysinger <vapier@gentoo.org> 2007-08-25 16:08:30 +0000
committer: Mike Frysinger <vapier@gentoo.org> 2007-08-25 16:08:30 +0000
commit: 7b9781fe6f78a9e922ce9d089beccbd146196f59 (patch)
tree: 9bd5f1124686af81836cf04941d81da538a99fab /dev-libs/openssl
parent: Version bumped. (diff)
download: historical-7b9781fe6f78a9e922ce9d089beccbd146196f59.tar.gz
historical-7b9781fe6f78a9e922ce9d089beccbd146196f59.tar.bz2
historical-7b9781fe6f78a9e922ce9d089beccbd146196f59.zip
5 files changed, 346 insertions, 5 deletions
diff --git a/dev-libs/openssl/ChangeLog b/dev-libs/openssl/ChangeLog
index 679b7d65ddf4..ebd5750fbbdf 100644
--- a/dev-libs/openssl/ChangeLog
+++ b/dev-libs/openssl/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for dev-libs/openssl
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.214 2007/06/22 02:38:35 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.215 2007/08/25 16:08:30 vapier Exp $
+
+*openssl-0.9.8e-r2 (25 Aug 2007)
+
+  25 Aug 2007; Mike Frysinger <vapier@gentoo.org>
+  +files/openssl-0.9.8e-CVE-2007-3108.patch, +openssl-0.9.8e-r2.ebuild:
+  Add fix from upstream for CVE-2007-3108 #188799.
 
 *openssl-0.9.8e-r1 (22 Jun 2007)
 
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index c022d11c729a..2103676565ac 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
 AUX gentoo.config-0.9.7g 3356 RMD160 8e83cecd44f2dc6b0863bf10b920cae2490250d7 SHA1 9dc82ecc34677b9b9f2758d3c86ae5a8b4d86720 SHA256 1935ea31cf0d4c4a7f5ed0fa4434e9960c7ccef5cb43abcee26cff09472991eb
 MD5 5479124566140e079c2493abe59a1c90 files/gentoo.config-0.9.7g 3356
 RMD160 8e83cecd44f2dc6b0863bf10b920cae2490250d7 files/gentoo.config-0.9.7g 3356
@@ -82,6 +85,10 @@ AUX openssl-0.9.8b-parallel-build.patch 600 RMD160 ce857d7bfcf2039afc7ffe3d1badf
 MD5 d59919721f04f84d5d395c405a5be30d files/openssl-0.9.8b-parallel-build.patch 600
 RMD160 ce857d7bfcf2039afc7ffe3d1badf9d3f374f672 files/openssl-0.9.8b-parallel-build.patch 600
 SHA256 3219c6a1133f6df42909bcb5d30a097b88529e3964049a24dd3e9836a659f08d files/openssl-0.9.8b-parallel-build.patch 600
+AUX openssl-0.9.8e-CVE-2007-3108.patch 3107 RMD160 e5208df26a46a022464ee3fa27649ae075535268 SHA1 0e4299a78e529c05b1d9ec733b5a7115115922db SHA256 0004683cae9b4d28b19ff214546c6ea6eabb87bd2f7338ab387fb67ea698a9f2
+MD5 bed00d4fdfc59abd32eb7c1fb8256e01 files/openssl-0.9.8e-CVE-2007-3108.patch 3107
+RMD160 e5208df26a46a022464ee3fa27649ae075535268 files/openssl-0.9.8e-CVE-2007-3108.patch 3107
+SHA256 0004683cae9b4d28b19ff214546c6ea6eabb87bd2f7338ab387fb67ea698a9f2 files/openssl-0.9.8e-CVE-2007-3108.patch 3107
 DIST openssl-0.9.7l.tar.gz 3294357 RMD160 11cc0299cef6bcc4adb9e9a39214f7d9f8abf77d SHA1 f0e4136639b10cbd1227c4f7350ff7ad406e575d SHA256 7ed19859c92e1c13e9f8ed5c3de35c3d48e45bff1b52ffc43845cc0c856fa3d1
 DIST openssl-0.9.7m.tar.gz 3303943 RMD160 fed13325d90ae4749d7ee858931d6925c3955614 SHA1 546f6bcebdf72a633bad087469d3741a42f7b383 SHA256 c98b9703887e2dda6217b91405d0d94883f7c67e205fc4d7a81bb690d2e10572
 DIST openssl-0.9.8d.tar.gz 3315566 RMD160 f2eb6c266009bbbdbdc7f01b6238c55b3fe12073 SHA1 4136fba00303a3d319d2052bfa8e1f09a2e12fc2 SHA256 022194944cc20dad917c86c916db8a4e0050df2de91b9b6740ddd4fb2daf175d
@@ -102,14 +109,22 @@ EBUILD openssl-0.9.8e-r1.ebuild 5437 RMD160 adb2cff01b35c2ab3a9b85a034012902a15f
 MD5 cea59981592972ba00eb807d9a548728 openssl-0.9.8e-r1.ebuild 5437
 RMD160 adb2cff01b35c2ab3a9b85a034012902a15f442c openssl-0.9.8e-r1.ebuild 5437
 SHA256 290f540bc81d71ff869a723598279b4a666f5a5ba6f4f47d77d3b0d0d3273d53 openssl-0.9.8e-r1.ebuild 5437
+EBUILD openssl-0.9.8e-r2.ebuild 5500 RMD160 2c25c1c2f5d2e582b3faa0a743ebb3705db7f3fa SHA1 e11d0876b969ab938c40c76cc716ca484d0f2df0 SHA256 5fa58fc967870f614d5462330ea741db98331956ae62bbce0a9579411e799f5c
+MD5 2c09a81f71d454b5f0d4c079fc448897 openssl-0.9.8e-r2.ebuild 5500
+RMD160 2c25c1c2f5d2e582b3faa0a743ebb3705db7f3fa openssl-0.9.8e-r2.ebuild 5500
+SHA256 5fa58fc967870f614d5462330ea741db98331956ae62bbce0a9579411e799f5c openssl-0.9.8e-r2.ebuild 5500
 EBUILD openssl-0.9.8e.ebuild 5287 RMD160 bceec651c3529487b13619e94919237039f477e4 SHA1 66639a4c879c53e1221873d5c611a449cc6ba213 SHA256 ad0c7b432865ee6a27dbd0762ca08139c4a03246531e4c8c782a0aced4442ac4
 MD5 73195a49e002fc41fade181a9e5d3b92 openssl-0.9.8e.ebuild 5287
 RMD160 bceec651c3529487b13619e94919237039f477e4 openssl-0.9.8e.ebuild 5287
 SHA256 ad0c7b432865ee6a27dbd0762ca08139c4a03246531e4c8c782a0aced4442ac4 openssl-0.9.8e.ebuild 5287
-MISC ChangeLog 32706 RMD160 a721b3dba56ee85d0bc766dcde36fac6154b0fe8 SHA1 399b313eb3133f3d4837ae8c2180b47800e9632a SHA256 cb68dd55d291ae5f70b4c6cced9ddb0c57668e095f39557dc1322d8fd8407674
-MD5 ce830bd5f6b0c85df6f63be5b825cbd9 ChangeLog 32706
-RMD160 a721b3dba56ee85d0bc766dcde36fac6154b0fe8 ChangeLog 32706
-SHA256 cb68dd55d291ae5f70b4c6cced9ddb0c57668e095f39557dc1322d8fd8407674 ChangeLog 32706
+MISC ChangeLog 32914 RMD160 f8e0ef0cbd784e57b986b50dc4f8eac4dd74acbd SHA1 9b16f505bf0dff47a4eea722b61416fa4bc4deb1 SHA256 10c12c14d561e493de530828340ef4f940010abcf15d3e3e921483a257ca948a
+MD5 58b62b51907d320e95507255ea654f70 ChangeLog 32914
+RMD160 f8e0ef0cbd784e57b986b50dc4f8eac4dd74acbd ChangeLog 32914
+SHA256 10c12c14d561e493de530828340ef4f940010abcf15d3e3e921483a257ca948a ChangeLog 32914
+MISC bindresport.o 1848 RMD160 1a62e51c343adfb9343af774dd18df0668f99147 SHA1 bc52ab3b819de17d7fba616770a4231b86c2a95c SHA256 11c183fcd6a67581444d4b1e07c8927eb00f7dd21a1a2e0bc0b32100165838be
+MD5 c4c2870cefd9746220ec6ea2bb5e0ab4 bindresport.o 1848
+RMD160 1a62e51c343adfb9343af774dd18df0668f99147 bindresport.o 1848
+SHA256 11c183fcd6a67581444d4b1e07c8927eb00f7dd21a1a2e0bc0b32100165838be bindresport.o 1848
 MISC metadata.xml 164 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 SHA1 9c213f5803676c56439df3716be07d6692588856 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92
 MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164
 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 metadata.xml 164
@@ -129,3 +144,13 @@ SHA256 2805d899eece0f11f31ca624c548ed874c31daaddf922044a6586a3ad2aad00a files/di
 MD5 b7beba1f496f9ed591d246ccb3986805 files/digest-openssl-0.9.8e-r1 247
 RMD160 70d9be870635c3015dcea57e013ad2017c44f878 files/digest-openssl-0.9.8e-r1 247
 SHA256 2805d899eece0f11f31ca624c548ed874c31daaddf922044a6586a3ad2aad00a files/digest-openssl-0.9.8e-r1 247
+MD5 b7beba1f496f9ed591d246ccb3986805 files/digest-openssl-0.9.8e-r2 247
+RMD160 70d9be870635c3015dcea57e013ad2017c44f878 files/digest-openssl-0.9.8e-r2 247
+SHA256 2805d899eece0f11f31ca624c548ed874c31daaddf922044a6586a3ad2aad00a files/digest-openssl-0.9.8e-r2 247
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.6 (GNU/Linux)
+
+iD8DBQFG0FRQp/wUKkr7RBoRAtT5AJ98VoMPm0O59TpzBghy9pvf+SGpbQCgrzZo
+meGPrkNJiCqtqDoOT5oM9eY=
+=jFlQ
+-----END PGP SIGNATURE-----
diff --git a/dev-libs/openssl/files/digest-openssl-0.9.8e-r2 b/dev-libs/openssl/files/digest-openssl-0.9.8e-r2
new file mode 100644
index 000000000000..1ecd5456a79a
--- /dev/null
+++ b/dev-libs/openssl/files/digest-openssl-0.9.8e-r2
@@ -0,0 +1,3 @@
+MD5 3a7ff24f6ea5cd711984722ad654b927 openssl-0.9.8e.tar.gz 3341665
+RMD160 c1a498606dc0fc7219376b950fab6b53687466db openssl-0.9.8e.tar.gz 3341665
+SHA256 414e8428b95fbc51707965fda31390497d058290356426bfe084b49464a60340 openssl-0.9.8e.tar.gz 3341665
diff --git a/dev-libs/openssl/files/openssl-0.9.8e-CVE-2007-3108.patch b/dev-libs/openssl/files/openssl-0.9.8e-CVE-2007-3108.patch
new file mode 100644
index 000000000000..5437c801f4d1
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8e-CVE-2007-3108.patch
@@ -0,0 +1,128 @@
+http://bugs.gentoo.org/188799
+
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+- --- openssl-0.9.8e/crypto/bn/bn_mont.c	2006-06-16 03:01:14.000000000 +0200
++++ openssl-0.9.8-cvs/crypto/bn/bn_mont.c	2007-06-29 10:13:25.000000000 +0200
+@@ -176,7 +176,6 @@
+ 
+ 	max=(nl+al+1); /* allow for overflow (no?) XXX */
+ 	if (bn_wexpand(r,max) == NULL) goto err;
+- -	if (bn_wexpand(ret,max) == NULL) goto err;
+ 
+ 	r->neg=a->neg^n->neg;
+ 	np=n->d;
+@@ -228,19 +227,70 @@
+ 		}
+ 	bn_correct_top(r);
+ 	
+- -	/* mont->ri will be a multiple of the word size */
+- -#if 0
+- -	BN_rshift(ret,r,mont->ri);
+- -#else
+- -	ret->neg = r->neg;
+- -	x=ri;
++	/* mont->ri will be a multiple of the word size and below code
++	 * is kind of BN_rshift(ret,r,mont->ri) equivalent */
++	if (r->top <= ri)
++		{
++		ret->top=0;
++		retn=1;
++		goto err;
++		}
++	al=r->top-ri;
++
++# define BRANCH_FREE 1
++# if BRANCH_FREE
++	if (bn_wexpand(ret,ri) == NULL) goto err;
++	x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
++	ret->top=x=(ri&~x)|(al&x);	/* min(ri,al) */
++	ret->neg=r->neg;
++
+ 	rp=ret->d;
+- -	ap= &(r->d[x]);
+- -	if (r->top < x)
+- -		al=0;
+- -	else
+- -		al=r->top-x;
++	ap=&(r->d[ri]);
++
++	{
++	size_t m1,m2;
++
++	v=bn_sub_words(rp,ap,np,ri);
++	/* this ----------------^^ works even in al<ri case
++	 * thanks to zealous zeroing of top of the vector in the
++	 * beginning. */
++
++	/* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
++	/* in other words if subtraction result is real, then
++	 * trick unconditional memcpy below to perform in-place
++	 * "refresh" instead of actual copy. */
++	m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1);	/* al<ri */
++	m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1);	/* al>ri */
++	m1|=m2;			/* (al!=ri) */
++	m1|=(0-(size_t)v);	/* (al!=ri || v) */
++	m1&=~m2;		/* (al!=ri || v) && !al>ri */
++	nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
++	}
++
++	/* 'i<ri' is chosen to eliminate dependency on input data, even
++	 * though it results in redundant copy in al<ri case. */
++	for (i=0,ri-=4; i<ri; i+=4)
++		{
++		BN_ULONG t1,t2,t3,t4;
++		
++		t1=nrp[i+0];
++		t2=nrp[i+1];
++		t3=nrp[i+2];	ap[i+0]=0;
++		t4=nrp[i+3];	ap[i+1]=0;
++		rp[i+0]=t1;	ap[i+2]=0;
++		rp[i+1]=t2;	ap[i+3]=0;
++		rp[i+2]=t3;
++		rp[i+3]=t4;
++		}
++	for (ri+=4; i<ri; i++)
++		rp[i]=nrp[i], ap[i]=0;
++# else
++	if (bn_wexpand(ret,al) == NULL) goto err;
+ 	ret->top=al;
++	ret->neg=r->neg;
++
++	rp=ret->d;
++	ap=&(r->d[ri]);
+ 	al-=4;
+ 	for (i=0; i<al; i+=4)
+ 		{
+@@ -258,7 +308,7 @@
+ 	al+=4;
+ 	for (; i<al; i++)
+ 		rp[i]=ap[i];
+- -#endif
++# endif
+ #else /* !MONT_WORD */ 
+ 	BIGNUM *t1,*t2;
+ 
+@@ -278,10 +328,12 @@
+ 	if (!BN_rshift(ret,t2,mont->ri)) goto err;
+ #endif /* MONT_WORD */
+ 
++#if !defined(BRANCH_FREE) || BRANCH_FREE==0
+ 	if (BN_ucmp(ret, &(mont->N)) >= 0)
+ 		{
+ 		if (!BN_usub(ret,ret,&(mont->N))) goto err;
+ 		}
++#endif
+ 	retn=1;
+ 	bn_check_top(ret);
+  err:
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (GNU/Linux)
+
+iQCVAwUBRrGk++6tTP1JpWPZAQJbjwP/W/6mROtxOVU1gvvq/uFHCytNWHVaJfKA
+7zh+v4OPQEIYekIBkEpNFgTJbHcyIZoyDNnwOetkRXvI4LDqvV1V5/pA5bzrKqDj
+zv7Hj8R7DGqG8ad0Esf3l7SqqirI3curkIzm5/cALJBJxz/Pp7qyXNzzQgp55UPz
+iBDdynBpa+s=
+=aquq
+-----END PGP SIGNATURE-----
diff --git a/dev-libs/openssl/openssl-0.9.8e-r2.ebuild b/dev-libs/openssl/openssl-0.9.8e-r2.ebuild
new file mode 100644
index 000000000000..92c00bd74036
--- /dev/null
+++ b/dev-libs/openssl/openssl-0.9.8e-r2.ebuild
@@ -0,0 +1,179 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8e-r2.ebuild,v 1.1 2007/08/25 16:08:30 vapier Exp $
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="-* ~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="bindist emacs sse2 test zlib"
+
+RDEPEND=""
+DEPEND="${RDEPEND}
+	sys-apps/diffutils
+	>=dev-lang/perl-5
+	test? ( sys-devel/bc )"
+PDEPEND="app-misc/ca-certificates"
+
+src_unpack() {
+	unpack ${A}
+
+	cd "${S}"
+
+	epatch "${FILESDIR}"/${PN}-0.9.8-ppc64.patch
+	epatch "${FILESDIR}"/${PN}-0.9.7e-gentoo.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8-hppa-fix-detection.patch
+	epatch "${FILESDIR}"/${PN}-0.9.7-alpha-default-gcc.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8b-parallel-build.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8-make-engines-dir.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8-toolchain.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8b-doc-updates.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8-makedepend.patch #149583
+	epatch "${FILESDIR}"/${PN}-0.9.8-evp-key-len.patch #168750
+	epatch "${FILESDIR}"/${PN}-0.9.8e-CVE-2007-3108.patch #188799
+	[[ $(gcc-version) == "4.2" ]] && epatch "${FILESDIR}"/${PN}-0.9.8-gcc42.patch #158324
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
+	chmod a+rx gentoo.config
+
+	# Don't build manpages if we don't want them
+	has noman FEATURES \
+		&& sed -i '/^install:/s:install_docs::' Makefile.org \
+		|| sed -i '/^MANDIR=/s:=.*:=/usr/share/man:' Makefile.org
+
+	# Try to derice users and work around broken ass toolchains
+	if [[ $(gcc-major-version) == "3" ]] ; then
+		filter-flags -fprefetch-loop-arrays -freduce-all-givs -funroll-loops
+		[[ $(tc-arch) == "ppc64" ]] && replace-flags -O? -O
+	fi
+	[[ $(tc-arch) == ppc* ]] && append-flags -fno-strict-aliasing
+	append-flags -Wa,--noexecstack
+
+	# using a library directory other than lib requires some magic
+	sed -i \
+		-e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/$(get_libdir)+g" \
+		-e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/$(get_libdir)+g" \
+		Makefile.org engines/Makefile \
+		|| die "sed failed"
+	./config --test-sanity || die "I AM NOT SANE"
+}
+
+src_compile() {
+	tc-export CC AR RANLIB
+
+	# Clean out patent-or-otherwise-encumbered code
+	# IDEA:  5,214,703 25/05/2010
+	# RC5:   5,724,428 03/03/2015
+	# EC:    ????????? ??/??/2015
+	local confopts=""
+	if use bindist ; then
+		confopts="no-idea no-rc5 no-ec"
+	else
+		confopts="enable-idea enable-rc5 enable-mdc2 enable-ec"
+	fi
+	use zlib && confopts="${confopts} zlib-dynamic"
+	use sse2 || confopts="${confopts} no-sse2"
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+	./${config} \
+		${sslout} \
+		${confopts} \
+		--prefix=/usr \
+		--openssldir=/etc/ssl \
+		shared threads \
+		|| die "Configure failed"
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s:=.*:=${CFLAG} ${CFLAGS}:" \
+		-e "/^SHARED_LDFLAGS=/s:$: ${LDFLAGS}:" \
+		Makefile || die
+
+	# depend is needed to use $confopts
+	# rehash is needed to prep the certs/ dir
+	emake -j1 depend || die "depend failed"
+	emake all rehash || die "make all failed"
+
+	# force until we get all the gentoo.config kinks worked out
+	if has test ${FEATURES} && ! tc-is-cross-compiler ; then
+		src_test
+	fi
+}
+
+src_test() {
+	# make sure sandbox doesnt die on *BSD
+	addpredict /dev/crypto
+
+	make test || die "make test failed"
+}
+
+src_install() {
+	emake -j1 INSTALL_PREFIX="${D}" install || die
+	dodoc CHANGES* FAQ NEWS README doc/*.txt
+	dohtml doc/*
+
+	if use emacs ; then
+		insinto /usr/share/emacs/site-lisp
+		doins doc/c-indentation.el
+	fi
+
+	# create the certs directory
+	dodir /etc/ssl/certs
+	cp -RP certs/* "${D}"/etc/ssl/certs/ || die "failed to install certs"
+	rm -r "${D}"/etc/ssl/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${D}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		mv ${d}/{,ssl-}${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page
+		for s in $(find ${d} -lname ${m}) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+
+	diropts -m0700
+	keepdir /etc/ssl/private
+}
+
+pkg_preinst() {
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7}
+}
+
+pkg_postinst() {
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.{6,7}
+
+	if [[ ${CHOST} == i686* ]] ; then
+		ewarn "Due to the way openssl is architected, you cannot"
+		ewarn "switch between optimized versions without breaking"
+		ewarn "ABI.  The default i686 0.9.8 ABI was an unoptimized"
+		ewarn "version with horrible performance.  This version uses"
+		ewarn "the optimized ABI.  If you experience segfaults when"
+		ewarn "using ssl apps (like openssh), just re-emerge the"
+		ewarn "offending package."
+	fi
+}
author	Mike Frysinger <vapier@gentoo.org>	2007-08-25 16:08:30 +0000
committer	Mike Frysinger <vapier@gentoo.org>	2007-08-25 16:08:30 +0000
commit	7b9781fe6f78a9e922ce9d089beccbd146196f59 (patch)
tree	9bd5f1124686af81836cf04941d81da538a99fab /dev-libs/openssl
parent	Version bumped. (diff)
download	historical-7b9781fe6f78a9e922ce9d089beccbd146196f59.tar.gz historical-7b9781fe6f78a9e922ce9d089beccbd146196f59.tar.bz2 historical-7b9781fe6f78a9e922ce9d089beccbd146196f59.zip