openssl update (19312ae) - keks-overlay.git

openssl update

Hanno Böck commited on 2015-03-19 20:46:20
Zeige 5 geänderte Dateien mit 550 Einfügungen und 9 Löschungen.

dev-libs/openssl/Manifest 3fcdee5..a77b277
dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch 0000000..6d396b4
dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch 0000000..a6a10b0
dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch 0000000..852d06e
dev-libs/openssl/openssl-1.0.2a.ebuild f2c038e..628df67

Zeige Datei @ 19312ae

@@ -7,6 +7,9 @@ AUX openssl-1.0.1-x32.patch 3273 SHA256 a4f05b8757e225a05a9c5a3ea485159066760d87
 AUX openssl-1.0.1e-s_client-verify.patch 592 SHA256 6f540fce663eefbe68cee16ad7d8d561d6c898eeb4180c2f4a4caa7e43c6d0c9 SHA512 117b1017e1259667078d3ccdcd9fd46357c6f85cf2702794f49c612b37acdc044fe88f871dbe46fcad9ed4cd8aaaaee800dddb5286203322802efd7549a43b68 WHIRLPOOL 70a4cc36b1dcb24d7e9bcef016684fb2394977f7f20aa332ebd0aa15e3f4c16c74563d2fc0ba8d70669f6cc9a13bf8a30cdb28ebafe2d102cd2859a4e32c38d7
 AUX openssl-1.0.1f-revert-alpha-perl-generation.patch 3102 SHA256 6e502275b32ac0eca80f28448ae1bb88506f9135258f420fd857ea0b9b485778 SHA512 c80439da3d268e70fd492d0ca73c0a17ddb088b9330610794a338d1921ee13dad9caca4c81ca103b82a7541c8712f77e51f352ec1b1b02789d9aed291acb0cdc WHIRLPOOL cb760366c8759b1c78c5307134bb48c4fc12b1556276c2ef55455ea54725d20cb433ade966a7453f512d2feb5ae89a9798078ab535e4605366633a8e003c7ac6
 AUX openssl-1.0.1h-ipv6.patch 17788 SHA256 7adeeb88cc544f8b210efbe2baff48fccf5029b582dff7010ae70e0e1f097d7b SHA512 0f0990d4294abcb5f3e51c84080883046a054c710b57a23f99b3323727d5e9aeb5ddeb6b6c2565b4be364f7c21419c90ce5288154e404cd663678f87e0d1c259 WHIRLPOOL cfe7a2e141a4a6252ffcfe215b16dd1082bc14a757dad7eb01bb9819de41ef0ee51a4b2dbf110c27b52e483341c337bf4d1f77f4f9f3172d2fee9e348c30af7e
+AUX openssl-1.0.2-CVE-2015-0209.patch 1282 SHA256 6be2b1fa0d440bc1c1b15da4a9d32811a04c3e7c701678eb8ee72454bbf87401 SHA512 db5b73c815582453d3231d49c9c24d60824e56f67a74f815818d0f90bccd485e98a98b449386aa297fa055b5fc27e2a058c03bc410478fb98051a729ac75b4db WHIRLPOOL 46ddfaff115622e2426c544e757bf882fc5069f35d169189cf277d90a5ad36c274beaf1ff89cdc593e2e5cd1593588c389262dce3bb6a166c5fd7eb908458fec
+AUX openssl-1.0.2-CVE-2015-0288.patch 800 SHA256 613acdc06a22ec5cbc274cc39022b1fa1fd73e409551493bcab6d4a273983484 SHA512 4785d9c4620492c4997cbe7c83a42a9804a9e8c3d94e35dd7d3e6bd16f607a9b294b77123686f24c953e6330f96907008dccf1379648d806fa85bbdd20b81ca0 WHIRLPOOL 738831379e3c117f260306e2f39aacd51b895ed4bcb7dd0189f14a7301c09ffd4fbd882fbd05d7e71cd6c9524fc289124909e5fd2dcc23607fa4ce71ba3a0df7
+AUX openssl-1.0.2-CVE-2015-0291.patch 16069 SHA256 be4f9fa463a027e7c77396a8d3ddc1d6ad6c0bbc8b07c2f7af0738621c619710 SHA512 2ee10f21ce02f1c46ee6c446c60d4e1e3af05366769603f38c971018ce07341369db87cb050432d0501f152cabf377c03848df501694ea46ef2f6578d19cf030 WHIRLPOOL 1ea004fe43633b18c91a8cf390285c274b1c05d3bed313ccc6f9bebb92e0b313504f17d4fe41a643feedc626a8851c6e568b34b2d5bf7d62683e170f5c3e5301
 AUX openssl-1.0.2-ipv6.patch 18811 SHA256 9ff3150c75f3f3e6a9773ffe54d90994cbf68cc919134aea68e09e7ed921763d SHA512 58e293f8f19a3fad08729b842dd977b73fedb0c49208d87a056bfea857c0e2b79a310d7d098c04429b65564fce64defeda6d1dcc3068ad5a80ef276db6421e54 WHIRLPOOL 36a0fffc7238011b93077bed94c9507f2ffc1cf199e6c06e94d01589cdc84a6568b9122e1a120b8262bd0a1c43f25169a29796c92a78338dd9f03b4cc2cdf0b8
 AUX openssl-1.0.2-parallel-build.patch 10661 SHA256 bc5622150a964dc2d9909f41557140b696ce1bdfa4e2b12cc3e0e51029ead32b SHA512 a4957304a4424016cd8a1c6552c422cd042d737e12f96235ec54d1e601ccbe8cb79d931ac8777d1a599bd4a70eac4e6700a24362f14fb04eb273df82f2de0d01 WHIRLPOOL 5b34e45dcb0db6649e26d275925ca008f5201afbc22184e15c5324513bc0ed40ee271a70686e10a20bb219b3c4bd2148323b317ead97cdc27a3c897c0a07d228
 AUX openssl-1.0.2-s_client-verify.patch 648 SHA256 b6ca2278dd9833f87a1d0037cb3cac8aee0f8326ff13ece1f08a536b8545eb77 SHA512 78b09ae700096205582785584a268776af46fc5bc94a0faa1ce6087ffcc945649e69269ff7fa88dedd5df1a5cdecc53e885de1e39506470f23b02028ca962104 WHIRLPOOL 8e7c90d37c1736b4b2f2c38d1c12dcfee4996a50a2a7dd07645a0c0b6616006d11232dd0f88ab735833e1c46aa171ceb5e1288c3d57296010bdda59295de7599
@@ -14,10 +17,9 @@ DIST openssl-1.0.1i.tar.gz 4422117 SHA256 3c179f46ca77069a6a0bac70212a9b3b838b2f
 DIST openssl-1.0.1j.tar.gz 4432964 SHA256 1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3 SHA512 a786bb99b68d88c1de79d3c5372767f091ebeefb5abc1d4883253fd3ab5a86af53389f5ff36fdd8faa27c5fb78be8bbff406392c373358697da80d250eadebb8 WHIRLPOOL 467aa3b02d04837e3281670401985e492d15b561c03b97246e3c8e61b0d3b1927332e3a226de4ed5bd02265a04fb31ce84c3501f4af9685633d00a9b43c56978
 DIST openssl-1.0.1k.tar.gz 4434910 SHA256 8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c SHA512 8b000fbd1bf919d9913a314f99aedd48a69f6caa4ccf43237889e73e08cbe0d82bfc27e9c7c4cade09fc459f91d6c4a831a9b3fc8bca0344fb864eadd7d1e8e8 WHIRLPOOL 5236a966d610c971e473cfc30e5412a72eef116fd259ada9c50da08bcd4ca967f80bb19babf530b4e5b9f1f24e9275e00391eb2e12a26d4544f593e2b4ba20b8
 DIST openssl-1.0.2.tar.gz 5265809 SHA256 8c48baf3babe0d505d16cfc0cf272589c66d3624264098213db0fb00034728e9 SHA512 dea46225a5445edc4986b02b99fbc90153819374b9a9bfdd892b60cd18ac7fefaf21a7e9d2bb05d0e3bfa4d2704e0ee24b06cc8e7081a542d7598cc9e73c67c5 WHIRLPOOL fe628a38125390deb75728b31427c308efbf65637a569fd1f139f6313fea533514ef05bf3d01bbdc793f77eb259400c95c53074a294d32d73576939d16f22e25
-DIST openssl-1.0.2a.tar.gz 5262089 SHA256 15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a SHA512 02d228578824add52b73433d64697706e6503c2334933fe8dd6b477f59c430977012c3c34da207096229a425e1dcb6f3ae806043894b5ac98c27bbcddb794dd4 WHIRLPOOL a590c71794f5d29b80afa28b18621b7535e96b714b3690d793c1422a90b09a89cbcb912841d400c5982a8197bb02c13051190e96ba0e4d530509b48b43067cd7
 DIST openssl-c_rehash.sh.1.7 4167 SHA256 4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0 SHA512 55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da WHIRLPOOL c88f06a3b8651f76b6289552cccceb64e13f6697c5f0ce3ff114c781ce1c218912b8ee308af9d087cd76a9600fdacda1953175bff07d7d3eb21b0c0b7f4f1ce1
 EBUILD openssl-1.0.1i.ebuild 8776 SHA256 99e7d64748e9448cd1f3d8738e1a97b5daab3c56b3e5f0168186f6644d83bbd8 SHA512 e1b922da0678ac59ed09f4cffd714b45ba8e028aa844e089a4385391fcb4e02b7fc731f855e2537acf10e817710e06aa61fac91233db78a053416212e83a9bf2 WHIRLPOOL 3537527dde49f7fd39c73c7a4053c5bf44fdf3e2544fd7148019729abd01120c7f3fe85e83a38b89630ff0bb38b7d044e42234cfaf4cf68612b630900e5b209a
 EBUILD openssl-1.0.1j.ebuild 8848 SHA256 823be5d97748b5b7e6f134746f13850b5a97cbf4ad0639c7238367d741386cb6 SHA512 f426b8bcd82113fc27eb001491e2c5ff03f276fd449f3ab763b58e1e5366f75d77eb5bb26648130ed1775e418181cc9d4cc744e507185cb12855b117bd86096c WHIRLPOOL 690246218ae96ec269249c23b65f6ec5f59e3e19388cb2bcd2f1e125fc75ba43124e9f63dc5ea4b0af62fd8aee024a9cff5fddf9ddd123e6fe9dc3a164860c48
 EBUILD openssl-1.0.1k.ebuild 8848 SHA256 654fb54cb45c343adea6b81d0850a2f9a62c43bd663c3f2d9a402ab90af0f05f SHA512 4372499d07a14131a05f9f62ef99eab1a86b50ab12356d58037e5d7d3754450a6c35947811282ad990c4d1897bc9ce6a4e16bf60ce6926d532e308ad80d28264 WHIRLPOOL 8f4c9224f9637cccb1362a343cfd17cd6b322eb96b15f18f34e2e26c8688d4eb0278a48618eee61e771c65c0d22e11e19a5e81e1fefdca3c9faaca75d74d7930
 EBUILD openssl-1.0.2-r1.ebuild 8829 SHA256 b07881d45227d608973c699e146081b2d3d164b741cc127995d2537cc8bb5c95 SHA512 0dbaae39454349726633993ffb71596344b0898cfe420fcc315b07fa0d314e780e9b61a978881b2c091b113523fd0ab37410a771c831b58f8bcd2c67e5c84234 WHIRLPOOL 1b167afb27753e66aa474e23ca2df504e8e3d70d67428af8179e88b238350e988014d8d33f5fe683d4fb345c847b0d954a558b5b69d22836b154c4bc6c15738a
-EBUILD openssl-1.0.2a.ebuild 8937 SHA256 9c7fb1f83273b492cf63ade7dab998c606222ca0aa2bad5c42f1fdb30964c93d SHA512 956a6640f3ffa41afcaf9a54967a63ce8b23216d5c54949c460ca780ed536961f918e0c6ce34e9bee5b0011de9400eba150ffe1e6c87a053eeae8efb35048c44 WHIRLPOOL 99003d7ad1bc559998e6c8d625c24ef776b96fc715b842bef2e9fb302508049480dc65c5f29b49ce8779d00f939abc3c25558b625c41634ccd154c76098ee3df
+EBUILD openssl-1.0.2-r3.ebuild 8996 SHA256 e28bc2726e4b8d1c7e779348d9c27412b3a37dea7009f3399a202b57f4aa8c58 SHA512 8e1a8bd531ee2eefb5f2e6b80f038528c51f05e474de5a8bf1191f438509ef195ee0decd4866e0bce12351100d88a2c1d9320795fcd001826b9b8241093e255b WHIRLPOOL f5f38405792f046187cd45ecf37d3f1cf4b19b87c605d4482c2d5fb4fc22c5d3f0736ef712f78255fe0efcb545a0eecec709b043aabe06c0c242a735d2bc062a

dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch

Zeige Datei @ 19312ae

...	...	@@ -0,0 +1,49 @@
	1	+https://bugs.gentoo.org/541502
	2	+
	3	+From 1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a Mon Sep 17 00:00:00 2001
	4	+From: Matt Caswell <matt@openssl.org>
	5	+Date: Mon, 9 Feb 2015 11:38:41 +0000
	6	+Subject: [PATCH] Fix a failure to NULL a pointer freed on error.
	7	+MIME-Version: 1.0
	8	+Content-Type: text/plain; charset=UTF-8
	9	+Content-Transfer-Encoding: 8bit
	10	+
	11	+Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
	12	+
	13	+CVE-2015-0209
	14	+
	15	+Reviewed-by: Emilia Käsper <emilia@openssl.org>
	16	+---
	17	+ crypto/ec/ec_asn1.c \| 6 +++---
	18	+ 1 file changed, 3 insertions(+), 3 deletions(-)
	19	+
	20	+diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
	21	+index 30b7df4..d3e8316 100644
	22	+--- a/crypto/ec/ec_asn1.c
	23	++++ b/crypto/ec/ec_asn1.c
	24	+@@ -1014,8 +1014,6 @@ EC_KEY d2i_ECPrivateKey(EC_KEY a, const unsigned char *in, long len)
	25	+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
	26	+ goto err;
	27	+ }
	28	+- if (a)
	29	+- *a = ret;
	30	+ } else
	31	+ ret = *a;
	32	+
	33	+@@ -1067,10 +1065,12 @@ EC_KEY d2i_ECPrivateKey(EC_KEY a, const unsigned char *in, long len)
	34	+ }
	35	+ }
	36	+
	37	++ if (a)
	38	++ *a = ret;
	39	+ ok = 1;
	40	+ err:
	41	+ if (!ok) {
	42	+- if (ret)
	43	++ if (ret && (a == NULL \|\| *a != ret))
	44	+ EC_KEY_free(ret);
	45	+ ret = NULL;
	46	+ }
	47	+--
	48	+2.3.1
	49	+

dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch

Zeige Datei @ 19312ae

...	...	@@ -0,0 +1,31 @@
	1	+https://bugs.gentoo.org/542038
	2	+
	3	+From 28a00bcd8e318da18031b2ac8778c64147cd54f9 Mon Sep 17 00:00:00 2001
	4	+From: "Dr. Stephen Henson" <steve@openssl.org>
	5	+Date: Wed, 18 Feb 2015 00:34:59 +0000
	6	+Subject: [PATCH] Check public key is not NULL.
	7	+
	8	+CVE-2015-0288
	9	+PR#3708
	10	+
	11	+Reviewed-by: Matt Caswell <matt@openssl.org>
	12	+---
	13	+ crypto/x509/x509_req.c \| 2 ++
	14	+ 1 file changed, 2 insertions(+)
	15	+
	16	+diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
	17	+index bc6e566..01795f4 100644
	18	+--- a/crypto/x509/x509_req.c
	19	++++ b/crypto/x509/x509_req.c
	20	+@@ -92,6 +92,8 @@ X509_REQ X509_to_X509_REQ(X509 x, EVP_PKEY pkey, const EVP_MD md)
	21	+ goto err;
	22	+
	23	+ pktmp = X509_get_pubkey(x);
	24	++ if (pktmp == NULL)
	25	++ goto err;
	26	+ i = X509_REQ_set_pubkey(ret, pktmp);
	27	+ EVP_PKEY_free(pktmp);
	28	+ if (!i)
	29	+--
	30	+2.3.1
	31	+

dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch

Zeige Datei @ 19312ae

...	...	@@ -0,0 +1,459 @@
	1	+--- openssl-1.0.2/crypto/asn1/a_type.c
	2	++++ openssl-1.0.2/crypto/asn1/a_type.c
	3	+@@ -119,6 +119,9 @@
	4	+ case V_ASN1_OBJECT:
	5	+ result = OBJ_cmp(a->value.object, b->value.object);
	6	+ break;
	7	++ case V_ASN1_BOOLEAN:
	8	++ result = a->value.boolean - b->value.boolean;
	9	++ break;
	10	+ case V_ASN1_NULL:
	11	+ result = 0; /* They do not have content. */
	12	+ break;
	13	+--- openssl-1.0.2/crypto/asn1/tasn_dec.c
	14	++++ openssl-1.0.2/crypto/asn1/tasn_dec.c
	15	+@@ -140,11 +140,17 @@
	16	+ {
	17	+ ASN1_TLC c;
	18	+ ASN1_VALUE *ptmpval = NULL;
	19	+- if (!pval)
	20	+- pval = &ptmpval;
	21	+ asn1_tlc_clear_nc(&c);
	22	+- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
	23	+- return *pval;
	24	++ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
	25	++ ptmpval = *pval;
	26	++ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
	27	++ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
	28	++ if (*pval)
	29	++ ASN1_item_free(*pval, it);
	30	++ *pval = ptmpval;
	31	++ }
	32	++ return ptmpval;
	33	++ }
	34	+ return NULL;
	35	+ }
	36	+
	37	+@@ -304,9 +310,16 @@
	38	+ case ASN1_ITYPE_CHOICE:
	39	+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
	40	+ goto auxerr;
	41	+-
	42	+- /* Allocate structure */
	43	+- if (!*pval && !ASN1_item_ex_new(pval, it)) {
	44	++ if (*pval) {
	45	++ /* Free up and zero CHOICE value if initialised */
	46	++ i = asn1_get_choice_selector(pval, it);
	47	++ if ((i >= 0) && (i < it->tcount)) {
	48	++ tt = it->templates + i;
	49	++ pchptr = asn1_get_field_ptr(pval, tt);
	50	++ ASN1_template_free(pchptr, tt);
	51	++ asn1_set_choice_selector(pval, -1, it);
	52	++ }
	53	++ } else if (!ASN1_item_ex_new(pval, it)) {
	54	+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
	55	+ goto err;
	56	+ }
	57	+@@ -386,6 +399,17 @@
	58	+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
	59	+ goto auxerr;
	60	+
	61	++ /* Free up and zero any ADB found */
	62	++ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
	63	++ if (tt->flags & ASN1_TFLG_ADB_MASK) {
	64	++ const ASN1_TEMPLATE *seqtt;
	65	++ ASN1_VALUE **pseqval;
	66	++ seqtt = asn1_do_adb(pval, tt, 1);
	67	++ pseqval = asn1_get_field_ptr(pval, seqtt);
	68	++ ASN1_template_free(pseqval, seqtt);
	69	++ }
	70	++ }
	71	++
	72	+ /* Get each field entry */
	73	+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
	74	+ const ASN1_TEMPLATE *seqtt;
	75	+--- openssl-1.0.2/crypto/pkcs7/pk7_doit.c
	76	++++ openssl-1.0.2/crypto/pkcs7/pk7_doit.c
	77	+@@ -261,6 +261,25 @@
	78	+ PKCS7_RECIP_INFO *ri = NULL;
	79	+ ASN1_OCTET_STRING *os = NULL;
	80	+
	81	++ if (p7 == NULL) {
	82	++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
	83	++ return NULL;
	84	++ }
	85	++ /*
	86	++ * The content field in the PKCS7 ContentInfo is optional, but that really
	87	++ * only applies to inner content (precisely, detached signatures).
	88	++ *
	89	++ * When reading content, missing outer content is therefore treated as an
	90	++ * error.
	91	++ *
	92	++ * When creating content, PKCS7_content_new() must be called before
	93	++ * calling this method, so a NULL p7->d is always an error.
	94	++ */
	95	++ if (p7->d.ptr == NULL) {
	96	++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
	97	++ return NULL;
	98	++ }
	99	++
	100	+ i = OBJ_obj2nid(p7->type);
	101	+ p7->state = PKCS7_S_HEADER;
	102	+
	103	+@@ -411,6 +430,16 @@
	104	+ unsigned char ek = NULL, tkey = NULL;
	105	+ int eklen = 0, tkeylen = 0;
	106	+
	107	++ if (p7 == NULL) {
	108	++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
	109	++ return NULL;
	110	++ }
	111	++
	112	++ if (p7->d.ptr == NULL) {
	113	++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
	114	++ return NULL;
	115	++ }
	116	++
	117	+ i = OBJ_obj2nid(p7->type);
	118	+ p7->state = PKCS7_S_HEADER;
	119	+
	120	+@@ -707,6 +736,16 @@
	121	+ STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
	122	+ ASN1_OCTET_STRING *os = NULL;
	123	+
	124	++ if (p7 == NULL) {
	125	++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
	126	++ return 0;
	127	++ }
	128	++
	129	++ if (p7->d.ptr == NULL) {
	130	++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
	131	++ return 0;
	132	++ }
	133	++
	134	+ EVP_MD_CTX_init(&ctx_tmp);
	135	+ i = OBJ_obj2nid(p7->type);
	136	+ p7->state = PKCS7_S_HEADER;
	137	+@@ -746,6 +785,7 @@
	138	+ /* If detached data then the content is excluded */
	139	+ if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
	140	+ M_ASN1_OCTET_STRING_free(os);
	141	++ os = NULL;
	142	+ p7->d.sign->contents->d.data = NULL;
	143	+ }
	144	+ break;
	145	+@@ -755,6 +795,7 @@
	146	+ /* If detached data then the content is excluded */
	147	+ if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
	148	+ M_ASN1_OCTET_STRING_free(os);
	149	++ os = NULL;
	150	+ p7->d.digest->contents->d.data = NULL;
	151	+ }
	152	+ break;
	153	+@@ -820,22 +861,30 @@
	154	+ M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
	155	+ }
	156	+
	157	+- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) {
	158	+- char *cont;
	159	+- long contlen;
	160	+- btmp = BIO_find_type(bio, BIO_TYPE_MEM);
	161	+- if (btmp == NULL) {
	162	+- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
	163	+- goto err;
	164	+- }
	165	+- contlen = BIO_get_mem_data(btmp, &cont);
	166	++ if (!PKCS7_is_detached(p7)) {
	167	+ /*
	168	+- * Mark the BIO read only then we can use its copy of the data
	169	+- * instead of making an extra copy.
	170	++ * NOTE(emilia): I think we only reach os == NULL here because detached
	171	++ * digested data support is broken.
	172	+ */
	173	+- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
	174	+- BIO_set_mem_eof_return(btmp, 0);
	175	+- ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
	176	++ if (os == NULL)
	177	++ goto err;
	178	++ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
	179	++ char *cont;
	180	++ long contlen;
	181	++ btmp = BIO_find_type(bio, BIO_TYPE_MEM);
	182	++ if (btmp == NULL) {
	183	++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
	184	++ goto err;
	185	++ }
	186	++ contlen = BIO_get_mem_data(btmp, &cont);
	187	++ /*
	188	++ * Mark the BIO read only then we can use its copy of the data
	189	++ * instead of making an extra copy.
	190	++ */
	191	++ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
	192	++ BIO_set_mem_eof_return(btmp, 0);
	193	++ ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
	194	++ }
	195	+ }
	196	+ ret = 1;
	197	+ err:
	198	+@@ -910,6 +959,16 @@
	199	+ STACK_OF(X509) *cert;
	200	+ X509 *x509;
	201	+
	202	++ if (p7 == NULL) {
	203	++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
	204	++ return 0;
	205	++ }
	206	++
	207	++ if (p7->d.ptr == NULL) {
	208	++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
	209	++ return 0;
	210	++ }
	211	++
	212	+ if (PKCS7_type_is_signed(p7)) {
	213	+ cert = p7->d.sign->cert;
	214	+ } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
	215	+--- openssl-1.0.2/crypto/pkcs7/pk7_lib.c
	216	++++ openssl-1.0.2/crypto/pkcs7/pk7_lib.c
	217	+@@ -70,6 +70,7 @@
	218	+ nid = OBJ_obj2nid(p7->type);
	219	+
	220	+ switch (cmd) {
	221	++ /* NOTE(emilia): does not support detached digested data. */
	222	+ case PKCS7_OP_SET_DETACHED_SIGNATURE:
	223	+ if (nid == NID_pkcs7_signed) {
	224	+ ret = p7->detached = (int)larg;
	225	+@@ -444,6 +445,8 @@
	226	+
	227	+ STACK_OF(PKCS7_SIGNER_INFO) PKCS7_get_signer_info(PKCS7 p7)
	228	+ {
	229	++ if (p7 == NULL \|\| p7->d.ptr == NULL)
	230	++ return NULL;
	231	+ if (PKCS7_type_is_signed(p7)) {
	232	+ return (p7->d.sign->signer_info);
	233	+ } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
	234	+--- openssl-1.0.2/crypto/rsa/rsa_ameth.c
	235	++++ openssl-1.0.2/crypto/rsa/rsa_ameth.c
	236	+@@ -698,9 +698,10 @@
	237	+ RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
	238	+ return -1;
	239	+ }
	240	+- if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey))
	241	++ if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
	242	+ /* Carry on */
	243	+ return 2;
	244	++ }
	245	+ return -1;
	246	+ }
	247	+
	248	+--- openssl-1.0.2/doc/crypto/d2i_X509.pod
	249	++++ openssl-1.0.2/doc/crypto/d2i_X509.pod
	250	+@@ -207,6 +207,12 @@
	251	+ persist if they are not present in the new one. As a result the use
	252	+ of this "reuse" behaviour is strongly discouraged.
	253	+
	254	++Current versions of OpenSSL will not modify B<*px> if an error occurs.
	255	++If parsing succeeds then B<*px> is freed (if it is not NULL) and then
	256	++set to the value of the newly decoded structure. As a result B<*px>
	257	++B<must not> be allocated on the stack or an attempt will be made to
	258	++free an invalid pointer.
	259	++
	260	+ i2d_X509() will not return an error in many versions of OpenSSL,
	261	+ if mandatory fields are not initialized due to a programming error
	262	+ then the encoded structure may contain invalid data or omit the
	263	+@@ -233,7 +239,9 @@
	264	+
	265	+ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
	266	+ or B<NULL> if an error occurs. The error code that can be obtained by
	267	+-L<ERR_get_error(3)\|ERR_get_error(3)>.
	268	++L<ERR_get_error(3)\|ERR_get_error(3)>. If the "reuse" capability has been used
	269	++with a valid X509 structure being passed in via B<px> then the object is not
	270	++modified in the event of error.
	271	+
	272	+ i2d_X509() returns the number of bytes successfully encoded or a negative
	273	+ value if an error occurs. The error code can be obtained by
	274	+--- openssl-1.0.2/ssl/d1_lib.c
	275	++++ openssl-1.0.2/ssl/d1_lib.c
	276	+@@ -543,6 +543,9 @@
	277	+ {
	278	+ int ret;
	279	+
	280	++ /* Ensure there is no state left over from a previous invocation */
	281	++ SSL_clear(s);
	282	++
	283	+ SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
	284	+ s->d1->listen = 1;
	285	+
	286	+--- openssl-1.0.2/ssl/s2_lib.c
	287	++++ openssl-1.0.2/ssl/s2_lib.c
	288	+@@ -493,7 +493,7 @@
	289	+
	290	+ OPENSSL_assert(s->session->master_key_length >= 0
	291	+ && s->session->master_key_length
	292	+- < (int)sizeof(s->session->master_key));
	293	++ <= (int)sizeof(s->session->master_key));
	294	+ EVP_DigestUpdate(&ctx, s->session->master_key,
	295	+ s->session->master_key_length);
	296	+ EVP_DigestUpdate(&ctx, &c, 1);
	297	+--- openssl-1.0.2/ssl/s2_srvr.c
	298	++++ openssl-1.0.2/ssl/s2_srvr.c
	299	+@@ -454,11 +454,6 @@
	300	+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY);
	301	+ return (-1);
	302	+ }
	303	+- i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
	304	+- &(p[s->s2->tmp.clear]),
	305	+- &(p[s->s2->tmp.clear]),
	306	+- (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
	307	+- RSA_PKCS1_PADDING);
	308	+
	309	+ is_export = SSL_C_IS_EXPORT(s->session->cipher);
	310	+
	311	+@@ -475,23 +470,61 @@
	312	+ } else
	313	+ ek = 5;
	314	+
	315	++ /*
	316	++ * The format of the CLIENT-MASTER-KEY message is
	317	++ * 1 byte message type
	318	++ * 3 bytes cipher
	319	++ * 2-byte clear key length (stored in s->s2->tmp.clear)
	320	++ * 2-byte encrypted key length (stored in s->s2->tmp.enc)
	321	++ * 2-byte key args length (IV etc)
	322	++ * clear key
	323	++ * encrypted key
	324	++ * key args
	325	++ *
	326	++ * If the cipher is an export cipher, then the encrypted key bytes
	327	++ * are a fixed portion of the total key (5 or 8 bytes). The size of
	328	++ * this portion is in \|ek\|. If the cipher is not an export cipher,
	329	++ * then the entire key material is encrypted (i.e., clear key length
	330	++ * must be zero).
	331	++ */
	332	++ if ((!is_export && s->s2->tmp.clear != 0) \|\|
	333	++ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
	334	++ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
	335	++ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
	336	++ return -1;
	337	++ }
	338	++ /*
	339	++ * The encrypted blob must decrypt to the encrypted portion of the key.
	340	++ * Decryption can't be expanding, so if we don't have enough encrypted
	341	++ * bytes to fit the key in the buffer, stop now.
	342	++ */
	343	++ if ((is_export && s->s2->tmp.enc < ek) \|\|
	344	++ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
	345	++ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
	346	++ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
	347	++ return -1;
	348	++ }
	349	++
	350	++ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
	351	++ &(p[s->s2->tmp.clear]),
	352	++ &(p[s->s2->tmp.clear]),
	353	++ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
	354	++ RSA_PKCS1_PADDING);
	355	++
	356	+ /* bad decrypt */
	357	+ # if 1
	358	+ /*
	359	+ * If a bad decrypt, continue with protocol but with a random master
	360	+ * secret (Bleichenbacher attack)
	361	+ */
	362	+- if ((i < 0) \|\| ((!is_export && (i != EVP_CIPHER_key_length(c)))
	363	+- \|\| (is_export && ((i != ek)
	364	+- \|\| (s->s2->tmp.clear +
	365	+- (unsigned int)i != (unsigned int)
	366	+- EVP_CIPHER_key_length(c)))))) {
	367	++ if ((i < 0) \|\| ((!is_export && i != EVP_CIPHER_key_length(c))
	368	++ \|\| (is_export && i != ek))) {
	369	+ ERR_clear_error();
	370	+ if (is_export)
	371	+ i = ek;
	372	+ else
	373	+ i = EVP_CIPHER_key_length(c);
	374	+- if (RAND_pseudo_bytes(p, i) <= 0)
	375	++ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
	376	+ return 0;
	377	+ }
	378	+ # else
	379	+@@ -513,7 +546,7 @@
	380	+ # endif
	381	+
	382	+ if (is_export)
	383	+- i += s->s2->tmp.clear;
	384	++ i = EVP_CIPHER_key_length(c);
	385	+
	386	+ if (i > SSL_MAX_MASTER_KEY_LENGTH) {
	387	+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
	388	+--- openssl-1.0.2/ssl/s3_pkt.c
	389	++++ openssl-1.0.2/ssl/s3_pkt.c
	390	+@@ -780,7 +780,7 @@
	391	+
	392	+ i = ssl3_write_pending(s, type, &buf[tot], nw);
	393	+ if (i <= 0) {
	394	+- if (i < 0) {
	395	++ if (i < 0 && (!s->wbio \|\| !BIO_should_retry(s->wbio))) {
	396	+ OPENSSL_free(wb->buf);
	397	+ wb->buf = NULL;
	398	+ }
	399	+--- openssl-1.0.2/ssl/s3_srvr.c
	400	++++ openssl-1.0.2/ssl/s3_srvr.c
	401	+@@ -2251,10 +2251,17 @@
	402	+ if (alg_k & (SSL_kEDH \| SSL_kDHr \| SSL_kDHd)) {
	403	+ int idx = -1;
	404	+ EVP_PKEY *skey = NULL;
	405	+- if (n)
	406	++ if (n) {
	407	+ n2s(p, i);
	408	+- else
	409	++ } else {
	410	++ if (alg_k & SSL_kDHE) {
	411	++ al = SSL_AD_HANDSHAKE_FAILURE;
	412	++ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
	413	++ SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
	414	++ goto f_err;
	415	++ }
	416	+ i = 0;
	417	++ }
	418	+ if (n && n != i + 2) {
	419	+ if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
	420	+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
	421	+--- openssl-1.0.2/ssl/t1_lib.c
	422	++++ openssl-1.0.2/ssl/t1_lib.c
	423	+@@ -2965,6 +2965,7 @@
	424	+ if (s->cert->shared_sigalgs) {
	425	+ OPENSSL_free(s->cert->shared_sigalgs);
	426	+ s->cert->shared_sigalgs = NULL;
	427	++ s->cert->shared_sigalgslen = 0;
	428	+ }
	429	+ /* Clear certificate digests and validity flags */
	430	+ for (i = 0; i < SSL_PKEY_NUM; i++) {
	431	+@@ -3618,6 +3619,7 @@
	432	+ if (c->shared_sigalgs) {
	433	+ OPENSSL_free(c->shared_sigalgs);
	434	+ c->shared_sigalgs = NULL;
	435	++ c->shared_sigalgslen = 0;
	436	+ }
	437	+ /* If client use client signature algorithms if not NULL */
	438	+ if (!s->server && c->client_sigalgs && !is_suiteb) {
	439	+@@ -3640,12 +3642,14 @@
	440	+ preflen = c->peer_sigalgslen;
	441	+ }
	442	+ nmatch = tls12_do_shared_sigalgs(NULL, pref, preflen, allow, allowlen);
	443	+- if (!nmatch)
	444	+- return 1;
	445	+- salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
	446	+- if (!salgs)
	447	+- return 0;
	448	+- nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
	449	++ if (nmatch) {
	450	++ salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
	451	++ if (!salgs)
	452	++ return 0;
	453	++ nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
	454	++ } else {
	455	++ salgs = NULL;
	456	++ }
	457	+ c->shared_sigalgs = salgs;
	458	+ c->shared_sigalgslen = nmatch;
	459	+ return 1;

dev-libs/openssl/openssl-1.0.2a.ebuild

Zeige Datei @ 19312ae

@@ -1,6 +1,6 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.2-r2.ebuild,v 1.2 2015/03/04 16:41:25 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.2-r3.ebuild,v 1.1 2015/03/19 14:28:24 polynomial-c Exp $
 
 EAPI="4"
 
@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib insecure-ssl2 insecure-ssl3"
 
 # The blocks are temporary just to make sure people upgrade to a
@@ -55,14 +55,15 @@ src_prepare() {
 	# that gets blown away anyways by the Configure script in src_configure
 	rm -f Makefile
 
-	#epatch "${FILESDIR}"/${P}-CVE-2015-0209.patch #541502
-	#epatch "${FILESDIR}"/${P}-CVE-2015-0288.patch #542038
+	epatch "${FILESDIR}"/${P}-CVE-2015-0209.patch #541502
+	epatch "${FILESDIR}"/${P}-CVE-2015-0288.patch #542038
 	if ! use vanilla ; then
 		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
 		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
 		epatch "${FILESDIR}"/${PN}-1.0.2-parallel-build.patch
 		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
 		epatch "${FILESDIR}"/${PN}-1.0.2-s_client-verify.patch #472584
+		epatch "${FILESDIR}"/${PN}-1.0.2-CVE-2015-0291.patch
 
 		epatch_user #332661
 	fi
@@ -149,9 +150,6 @@ multilib_src_configure() {
 		$(use sctp && echo "sctp") \
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
- 		$(use_ssl insecure-ssl2 ssl2) \
- 		$(use_ssl insecure-ssl3 ssl3) \
-
 		$(use_ssl !bindist ec) \
 		${ec_nistp_64_gcc_128} \
 		enable-idea \
@@ -163,6 +161,8 @@ multilib_src_configure() {
 		$(use_ssl rfc3779) \
 		$(use_ssl tls-heartbeat heartbeats) \
 		$(use_ssl zlib) \
+ 		$(use_ssl insecure-ssl2 ssl2) \
+ 		$(use_ssl insecure-ssl3 ssl3) \
 		--prefix="${EPREFIX}"/usr \
 		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
 		--libdir=$(get_libdir) \


...	...	@@ -7,6 +7,9 @@ AUX openssl-1.0.1-x32.patch 3273 SHA256 a4f05b8757e225a05a9c5a3ea485159066760d87
7	7	AUX openssl-1.0.1e-s_client-verify.patch 592 SHA256 6f540fce663eefbe68cee16ad7d8d561d6c898eeb4180c2f4a4caa7e43c6d0c9 SHA512 117b1017e1259667078d3ccdcd9fd46357c6f85cf2702794f49c612b37acdc044fe88f871dbe46fcad9ed4cd8aaaaee800dddb5286203322802efd7549a43b68 WHIRLPOOL 70a4cc36b1dcb24d7e9bcef016684fb2394977f7f20aa332ebd0aa15e3f4c16c74563d2fc0ba8d70669f6cc9a13bf8a30cdb28ebafe2d102cd2859a4e32c38d7
8	8	AUX openssl-1.0.1f-revert-alpha-perl-generation.patch 3102 SHA256 6e502275b32ac0eca80f28448ae1bb88506f9135258f420fd857ea0b9b485778 SHA512 c80439da3d268e70fd492d0ca73c0a17ddb088b9330610794a338d1921ee13dad9caca4c81ca103b82a7541c8712f77e51f352ec1b1b02789d9aed291acb0cdc WHIRLPOOL cb760366c8759b1c78c5307134bb48c4fc12b1556276c2ef55455ea54725d20cb433ade966a7453f512d2feb5ae89a9798078ab535e4605366633a8e003c7ac6
9	9	AUX openssl-1.0.1h-ipv6.patch 17788 SHA256 7adeeb88cc544f8b210efbe2baff48fccf5029b582dff7010ae70e0e1f097d7b SHA512 0f0990d4294abcb5f3e51c84080883046a054c710b57a23f99b3323727d5e9aeb5ddeb6b6c2565b4be364f7c21419c90ce5288154e404cd663678f87e0d1c259 WHIRLPOOL cfe7a2e141a4a6252ffcfe215b16dd1082bc14a757dad7eb01bb9819de41ef0ee51a4b2dbf110c27b52e483341c337bf4d1f77f4f9f3172d2fee9e348c30af7e
	10	+AUX openssl-1.0.2-CVE-2015-0209.patch 1282 SHA256 6be2b1fa0d440bc1c1b15da4a9d32811a04c3e7c701678eb8ee72454bbf87401 SHA512 db5b73c815582453d3231d49c9c24d60824e56f67a74f815818d0f90bccd485e98a98b449386aa297fa055b5fc27e2a058c03bc410478fb98051a729ac75b4db WHIRLPOOL 46ddfaff115622e2426c544e757bf882fc5069f35d169189cf277d90a5ad36c274beaf1ff89cdc593e2e5cd1593588c389262dce3bb6a166c5fd7eb908458fec
	11	+AUX openssl-1.0.2-CVE-2015-0288.patch 800 SHA256 613acdc06a22ec5cbc274cc39022b1fa1fd73e409551493bcab6d4a273983484 SHA512 4785d9c4620492c4997cbe7c83a42a9804a9e8c3d94e35dd7d3e6bd16f607a9b294b77123686f24c953e6330f96907008dccf1379648d806fa85bbdd20b81ca0 WHIRLPOOL 738831379e3c117f260306e2f39aacd51b895ed4bcb7dd0189f14a7301c09ffd4fbd882fbd05d7e71cd6c9524fc289124909e5fd2dcc23607fa4ce71ba3a0df7
	12	+AUX openssl-1.0.2-CVE-2015-0291.patch 16069 SHA256 be4f9fa463a027e7c77396a8d3ddc1d6ad6c0bbc8b07c2f7af0738621c619710 SHA512 2ee10f21ce02f1c46ee6c446c60d4e1e3af05366769603f38c971018ce07341369db87cb050432d0501f152cabf377c03848df501694ea46ef2f6578d19cf030 WHIRLPOOL 1ea004fe43633b18c91a8cf390285c274b1c05d3bed313ccc6f9bebb92e0b313504f17d4fe41a643feedc626a8851c6e568b34b2d5bf7d62683e170f5c3e5301
10	13	AUX openssl-1.0.2-ipv6.patch 18811 SHA256 9ff3150c75f3f3e6a9773ffe54d90994cbf68cc919134aea68e09e7ed921763d SHA512 58e293f8f19a3fad08729b842dd977b73fedb0c49208d87a056bfea857c0e2b79a310d7d098c04429b65564fce64defeda6d1dcc3068ad5a80ef276db6421e54 WHIRLPOOL 36a0fffc7238011b93077bed94c9507f2ffc1cf199e6c06e94d01589cdc84a6568b9122e1a120b8262bd0a1c43f25169a29796c92a78338dd9f03b4cc2cdf0b8
11	14	AUX openssl-1.0.2-parallel-build.patch 10661 SHA256 bc5622150a964dc2d9909f41557140b696ce1bdfa4e2b12cc3e0e51029ead32b SHA512 a4957304a4424016cd8a1c6552c422cd042d737e12f96235ec54d1e601ccbe8cb79d931ac8777d1a599bd4a70eac4e6700a24362f14fb04eb273df82f2de0d01 WHIRLPOOL 5b34e45dcb0db6649e26d275925ca008f5201afbc22184e15c5324513bc0ed40ee271a70686e10a20bb219b3c4bd2148323b317ead97cdc27a3c897c0a07d228
12	15	AUX openssl-1.0.2-s_client-verify.patch 648 SHA256 b6ca2278dd9833f87a1d0037cb3cac8aee0f8326ff13ece1f08a536b8545eb77 SHA512 78b09ae700096205582785584a268776af46fc5bc94a0faa1ce6087ffcc945649e69269ff7fa88dedd5df1a5cdecc53e885de1e39506470f23b02028ca962104 WHIRLPOOL 8e7c90d37c1736b4b2f2c38d1c12dcfee4996a50a2a7dd07645a0c0b6616006d11232dd0f88ab735833e1c46aa171ceb5e1288c3d57296010bdda59295de7599
...	...	@@ -14,10 +17,9 @@ DIST openssl-1.0.1i.tar.gz 4422117 SHA256 3c179f46ca77069a6a0bac70212a9b3b838b2f
14	17	DIST openssl-1.0.1j.tar.gz 4432964 SHA256 1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3 SHA512 a786bb99b68d88c1de79d3c5372767f091ebeefb5abc1d4883253fd3ab5a86af53389f5ff36fdd8faa27c5fb78be8bbff406392c373358697da80d250eadebb8 WHIRLPOOL 467aa3b02d04837e3281670401985e492d15b561c03b97246e3c8e61b0d3b1927332e3a226de4ed5bd02265a04fb31ce84c3501f4af9685633d00a9b43c56978
15	18	DIST openssl-1.0.1k.tar.gz 4434910 SHA256 8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c SHA512 8b000fbd1bf919d9913a314f99aedd48a69f6caa4ccf43237889e73e08cbe0d82bfc27e9c7c4cade09fc459f91d6c4a831a9b3fc8bca0344fb864eadd7d1e8e8 WHIRLPOOL 5236a966d610c971e473cfc30e5412a72eef116fd259ada9c50da08bcd4ca967f80bb19babf530b4e5b9f1f24e9275e00391eb2e12a26d4544f593e2b4ba20b8
16	19	DIST openssl-1.0.2.tar.gz 5265809 SHA256 8c48baf3babe0d505d16cfc0cf272589c66d3624264098213db0fb00034728e9 SHA512 dea46225a5445edc4986b02b99fbc90153819374b9a9bfdd892b60cd18ac7fefaf21a7e9d2bb05d0e3bfa4d2704e0ee24b06cc8e7081a542d7598cc9e73c67c5 WHIRLPOOL fe628a38125390deb75728b31427c308efbf65637a569fd1f139f6313fea533514ef05bf3d01bbdc793f77eb259400c95c53074a294d32d73576939d16f22e25
17		-DIST openssl-1.0.2a.tar.gz 5262089 SHA256 15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a SHA512 02d228578824add52b73433d64697706e6503c2334933fe8dd6b477f59c430977012c3c34da207096229a425e1dcb6f3ae806043894b5ac98c27bbcddb794dd4 WHIRLPOOL a590c71794f5d29b80afa28b18621b7535e96b714b3690d793c1422a90b09a89cbcb912841d400c5982a8197bb02c13051190e96ba0e4d530509b48b43067cd7
18	20	DIST openssl-c_rehash.sh.1.7 4167 SHA256 4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0 SHA512 55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da WHIRLPOOL c88f06a3b8651f76b6289552cccceb64e13f6697c5f0ce3ff114c781ce1c218912b8ee308af9d087cd76a9600fdacda1953175bff07d7d3eb21b0c0b7f4f1ce1
19	21	EBUILD openssl-1.0.1i.ebuild 8776 SHA256 99e7d64748e9448cd1f3d8738e1a97b5daab3c56b3e5f0168186f6644d83bbd8 SHA512 e1b922da0678ac59ed09f4cffd714b45ba8e028aa844e089a4385391fcb4e02b7fc731f855e2537acf10e817710e06aa61fac91233db78a053416212e83a9bf2 WHIRLPOOL 3537527dde49f7fd39c73c7a4053c5bf44fdf3e2544fd7148019729abd01120c7f3fe85e83a38b89630ff0bb38b7d044e42234cfaf4cf68612b630900e5b209a
20	22	EBUILD openssl-1.0.1j.ebuild 8848 SHA256 823be5d97748b5b7e6f134746f13850b5a97cbf4ad0639c7238367d741386cb6 SHA512 f426b8bcd82113fc27eb001491e2c5ff03f276fd449f3ab763b58e1e5366f75d77eb5bb26648130ed1775e418181cc9d4cc744e507185cb12855b117bd86096c WHIRLPOOL 690246218ae96ec269249c23b65f6ec5f59e3e19388cb2bcd2f1e125fc75ba43124e9f63dc5ea4b0af62fd8aee024a9cff5fddf9ddd123e6fe9dc3a164860c48
21	23	EBUILD openssl-1.0.1k.ebuild 8848 SHA256 654fb54cb45c343adea6b81d0850a2f9a62c43bd663c3f2d9a402ab90af0f05f SHA512 4372499d07a14131a05f9f62ef99eab1a86b50ab12356d58037e5d7d3754450a6c35947811282ad990c4d1897bc9ce6a4e16bf60ce6926d532e308ad80d28264 WHIRLPOOL 8f4c9224f9637cccb1362a343cfd17cd6b322eb96b15f18f34e2e26c8688d4eb0278a48618eee61e771c65c0d22e11e19a5e81e1fefdca3c9faaca75d74d7930
22	24	EBUILD openssl-1.0.2-r1.ebuild 8829 SHA256 b07881d45227d608973c699e146081b2d3d164b741cc127995d2537cc8bb5c95 SHA512 0dbaae39454349726633993ffb71596344b0898cfe420fcc315b07fa0d314e780e9b61a978881b2c091b113523fd0ab37410a771c831b58f8bcd2c67e5c84234 WHIRLPOOL 1b167afb27753e66aa474e23ca2df504e8e3d70d67428af8179e88b238350e988014d8d33f5fe683d4fb345c847b0d954a558b5b69d22836b154c4bc6c15738a
23		-EBUILD openssl-1.0.2a.ebuild 8937 SHA256 9c7fb1f83273b492cf63ade7dab998c606222ca0aa2bad5c42f1fdb30964c93d SHA512 956a6640f3ffa41afcaf9a54967a63ce8b23216d5c54949c460ca780ed536961f918e0c6ce34e9bee5b0011de9400eba150ffe1e6c87a053eeae8efb35048c44 WHIRLPOOL 99003d7ad1bc559998e6c8d625c24ef776b96fc715b842bef2e9fb302508049480dc65c5f29b49ce8779d00f939abc3c25558b625c41634ccd154c76098ee3df
	25	+EBUILD openssl-1.0.2-r3.ebuild 8996 SHA256 e28bc2726e4b8d1c7e779348d9c27412b3a37dea7009f3399a202b57f4aa8c58 SHA512 8e1a8bd531ee2eefb5f2e6b80f038528c51f05e474de5a8bf1191f438509ef195ee0decd4866e0bce12351100d88a2c1d9320795fcd001826b9b8241093e255b WHIRLPOOL f5f38405792f046187cd45ecf37d3f1cf4b19b87c605d4482c2d5fb4fc22c5d3f0736ef712f78255fe0efcb545a0eecec709b043aabe06c0c242a735d2bc062a

...	...	@@ -1,6 +1,6 @@
1	1	# Copyright 1999-2015 Gentoo Foundation
2	2	# Distributed under the terms of the GNU General Public License v2
3		-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.2-r2.ebuild,v 1.2 2015/03/04 16:41:25 vapier Exp $
	3	+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.2-r3.ebuild,v 1.1 2015/03/19 14:28:24 polynomial-c Exp $
4	4
5	5	EAPI="4"
6	6
...	...	@@ -15,7 +15,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
15	15
16	16	LICENSE="openssl"
17	17	SLOT="0"
18		-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
	18	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
19	19	IUSE="bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib insecure-ssl2 insecure-ssl3"
20	20
21	21	# The blocks are temporary just to make sure people upgrade to a
...	...	@@ -55,14 +55,15 @@ src_prepare() {
55	55	# that gets blown away anyways by the Configure script in src_configure
56	56	rm -f Makefile
57	57
58		- #epatch "${FILESDIR}"/${P}-CVE-2015-0209.patch #541502
59		- #epatch "${FILESDIR}"/${P}-CVE-2015-0288.patch #542038
	58	+ epatch "${FILESDIR}"/${P}-CVE-2015-0209.patch #541502
	59	+ epatch "${FILESDIR}"/${P}-CVE-2015-0288.patch #542038
60	60	if ! use vanilla ; then
61	61	epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
62	62	epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
63	63	epatch "${FILESDIR}"/${PN}-1.0.2-parallel-build.patch
64	64	epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
65	65	epatch "${FILESDIR}"/${PN}-1.0.2-s_client-verify.patch #472584
	66	+ epatch "${FILESDIR}"/${PN}-1.0.2-CVE-2015-0291.patch
66	67
67	68	epatch_user #332661
68	69	fi
...	...	@@ -149,9 +150,6 @@ multilib_src_configure() {
149	150	$(use sctp && echo "sctp") \
150	151	$(use cpu_flags_x86_sse2 \|\| echo "no-sse2") \
151	152	enable-camellia \
152		- $(use_ssl insecure-ssl2 ssl2) \
153		- $(use_ssl insecure-ssl3 ssl3) \
154		-
155	153	$(use_ssl !bindist ec) \
156	154	${ec_nistp_64_gcc_128} \
157	155	enable-idea \
...	...	@@ -163,6 +161,8 @@ multilib_src_configure() {
163	161	$(use_ssl rfc3779) \
164	162	$(use_ssl tls-heartbeat heartbeats) \
165	163	$(use_ssl zlib) \
	164	+ $(use_ssl insecure-ssl2 ssl2) \
	165	+ $(use_ssl insecure-ssl3 ssl3) \
166	166	--prefix="${EPREFIX}"/usr \
167	167	--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
168	168	--libdir=$(get_libdir) \
169	169