diff options
| author |   Tim Harder <radhermit@gentoo.org> | 2013-05-30 19:56:09 +0000 |
|---|---|---|
| committer | Tim Harder <radhermit@gentoo.org> | 2013-05-30 19:56:09 +0000 |
| commit | e38d0cdc0279ca1171129fa96788a3f0916c04c5 (patch) | |
| tree | 5d354a3584ce648bafbd9120e727570febf5b03a /net-libs | |
| parent | Version bump, remove old (diff) | |
| download | gentoo-2-e38d0cdc0279ca1171129fa96788a3f0916c04c5.tar.gz gentoo-2-e38d0cdc0279ca1171129fa96788a3f0916c04c5.tar.bz2 gentoo-2-e38d0cdc0279ca1171129fa96788a3f0916c04c5.zip | |
Revision bump to fix CVE-2013-2116 (bug #471788), drop redundant --disable-silent-rules econf option for EAPI 5 ebuilds, and run tests serially since they often fail in parallel.
(Portage version: 2.2.0_alpha177/cvs/Linux x86_64, signed Manifest commit with key 4AB3E85B4F064CA3)
Diffstat (limited to 'net-libs')
| -rw-r--r-- | net-libs/gnutls/ChangeLog | 11 | ||||
| -rw-r--r-- | net-libs/gnutls/files/gnutls-2.12.23-CVE-2013-2116.patch | 25 | ||||
| -rw-r--r-- | net-libs/gnutls/gnutls-2.12.23-r1.ebuild | 120 | ||||
| -rw-r--r-- | net-libs/gnutls/gnutls-3.1.10.ebuild | 8 | ||||
| -rw-r--r-- | net-libs/gnutls/gnutls-3.1.11.ebuild | 8 | ||||
| -rw-r--r-- | net-libs/gnutls/gnutls-3.2.0.ebuild | 8 |
6 files changed, 173 insertions, 7 deletions
diff --git a/net-libs/gnutls/ChangeLog b/net-libs/gnutls/ChangeLog index 937651edaaa3..454f91e69f85 100644 --- a/net-libs/gnutls/ChangeLog +++ b/net-libs/gnutls/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for net-libs/gnutls # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/gnutls/ChangeLog,v 1.428 2013/05/22 18:32:22 radhermit Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-libs/gnutls/ChangeLog,v 1.429 2013/05/30 19:56:09 radhermit Exp $ + +*gnutls-2.12.23-r1 (30 May 2013) + + 30 May 2013; Tim Harder <radhermit@gentoo.org> +gnutls-2.12.23-r1.ebuild, + gnutls-3.1.10.ebuild, gnutls-3.1.11.ebuild, gnutls-3.2.0.ebuild, + +files/gnutls-2.12.23-CVE-2013-2116.patch: + Revision bump to fix CVE-2013-2116 (bug #471788), drop redundant + --disable-silent-rules econf option for EAPI 5 ebuilds, and run tests + serially since they often fail in parallel. 22 May 2013; Tim Harder <radhermit@gentoo.org> gnutls-3.2.0.ebuild: Update nettle dep (bug #471022). diff --git a/net-libs/gnutls/files/gnutls-2.12.23-CVE-2013-2116.patch b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2013-2116.patch new file mode 100644 index 000000000000..2223e708a609 --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2013-2116.patch @@ -0,0 +1,25 @@ +From 5164d5a1d57cd0372a5dd074382ca960ca18b27d Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@gnutls.org> +Date: Thu, 23 May 2013 09:54:37 +0200 +Subject: [PATCH] re-applied sanity check patch + +--- + lib/gnutls_cipher.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c +index 2835121..71f5a98 100644 +--- a/lib/gnutls_cipher.c ++++ b/lib/gnutls_cipher.c +@@ -561,6 +561,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, + return GNUTLS_E_DECRYPTION_FAILED; + } + pad = ciphertext.data[ciphertext.size - 1]; /* pad */ ++ if (pad+1 > ciphertext.size-hash_size) ++ pad_failed = GNUTLS_E_DECRYPTION_FAILED; + + /* Check the pading bytes (TLS 1.x). + * Note that we access all 256 bytes of ciphertext for padding check +-- +1.7.1 + diff --git a/net-libs/gnutls/gnutls-2.12.23-r1.ebuild b/net-libs/gnutls/gnutls-2.12.23-r1.ebuild new file mode 100644 index 000000000000..a42ebc38c246 --- /dev/null +++ b/net-libs/gnutls/gnutls-2.12.23-r1.ebuild @@ -0,0 +1,120 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-libs/gnutls/gnutls-2.12.23-r1.ebuild,v 1.1 2013/05/30 19:56:09 radhermit Exp $ + +EAPI=5 + +inherit autotools libtool eutils versionator + +DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project" +HOMEPAGE="http://www.gnutls.org/" +SRC_URI="ftp://ftp.gnutls.org/gcrypt/gnutls/v$(get_version_component_range 1-2)/${P}.tar.bz2" + +# LGPL-2.1 for libgnutls library and GPL-3 for libgnutls-extra library. +LICENSE="GPL-3 LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris" +IUSE="bindist +cxx doc examples guile lzo +nettle nls pkcs11 static-libs test zlib" + +RDEPEND=">=dev-libs/libtasn1-0.3.4 + <dev-libs/libtasn1-3 + guile? ( >=dev-scheme/guile-1.8[networking] ) + nettle? ( >=dev-libs/nettle-2.1[gmp] ) + !nettle? ( >=dev-libs/libgcrypt-1.4.0 ) + nls? ( virtual/libintl ) + pkcs11? ( >=app-crypt/p11-kit-0.11 ) + zlib? ( >=sys-libs/zlib-1.2.3.1 ) + !bindist? ( lzo? ( >=dev-libs/lzo-2 ) )" +DEPEND="${RDEPEND} + virtual/pkgconfig + sys-devel/libtool + doc? ( dev-util/gtk-doc ) + nls? ( sys-devel/gettext ) + test? ( app-misc/datefudge )" + +DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO ) + +pkg_setup() { + if use lzo && use bindist; then + ewarn "lzo support is disabled for binary distribution of GnuTLS due to licensing issues." + fi +} + +src_prepare() { + # tests/suite directory is not distributed + sed -i -e 's|AC_CONFIG_FILES(\[tests/suite/Makefile\])|:|' \ + configure.ac || die + + sed -i -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \ + doc/Makefile.am || die + + local dir + for dir in m4 lib/m4 libextra/m4; do + rm -f "${dir}/lt"* "${dir}/libtool.m4" + done + find . -name ltmain.sh -exec rm {} \; + + epatch "${FILESDIR}"/${PN}-2.12.20-AF_UNIX.patch + epatch "${FILESDIR}"/${PN}-2.12.20-libadd.patch + epatch "${FILESDIR}"/${PN}-2.12.20-guile-parallelmake.patch + epatch "${FILESDIR}"/${PN}-2.12.23-CVE-2013-2116.patch + + # support user patches + epatch_user + + for dir in . lib libextra; do + pushd "${dir}" > /dev/null + sed -i -e '/^AM_INIT_AUTOMAKE/s/-Werror//' configure.ac || die + eautoreconf + popd > /dev/null + done + + # Use sane .so versioning on FreeBSD. + elibtoolize +} + +src_configure() { + local myconf + use bindist && myconf="--without-lzo" || myconf="$(use_with lzo)" + [[ "${VALGRIND_TESTS}" != "1" ]] && myconf+=" --disable-valgrind-tests" + + econf \ + --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \ + $(use_enable cxx) \ + $(use_enable doc gtk-doc) \ + $(use_enable doc gtk-doc-pdf) \ + $(use_enable guile) \ + $(use_with !nettle libgcrypt) \ + $(use_enable nls) \ + $(use_with pkcs11 p11-kit) \ + $(use_enable static-libs static) \ + $(use_with zlib) \ + ${myconf} +} + +src_test() { + if has_version dev-util/valgrind && [[ ${VALGRIND_TESTS} != 1 ]]; then + elog + elog "You can set VALGRIND_TESTS=\"1\" to enable Valgrind tests." + elog + fi + + # parallel testing often fails + emake -j1 check +} + +src_install() { + default + + prune_libtool_files + + if use doc; then + dodoc doc/gnutls.{pdf,ps} + dohtml doc/gnutls.html + fi + + if use examples; then + docinto examples + dodoc doc/examples/*.c + fi +} diff --git a/net-libs/gnutls/gnutls-3.1.10.ebuild b/net-libs/gnutls/gnutls-3.1.10.ebuild index c5a35bd23203..9556160b6ee9 100644 --- a/net-libs/gnutls/gnutls-3.1.10.ebuild +++ b/net-libs/gnutls/gnutls-3.1.10.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/gnutls/gnutls-3.1.10.ebuild,v 1.2 2013/05/22 10:10:43 radhermit Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-libs/gnutls/gnutls-3.1.10.ebuild,v 1.3 2013/05/30 19:56:09 radhermit Exp $ EAPI=5 @@ -76,7 +76,6 @@ src_configure() { # TPM needs to be tested before being enabled econf \ --htmldir="${EPREFIX}/usr/share/doc/${PF}/html" \ - --disable-silent-rules \ --disable-valgrind-tests \ --enable-heartbeat-support \ $(use_enable cxx) \ @@ -91,6 +90,11 @@ src_configure() { --without-tpm } +src_test() { + # parallel testing often fails + emake -j1 check +} + src_install() { default diff --git a/net-libs/gnutls/gnutls-3.1.11.ebuild b/net-libs/gnutls/gnutls-3.1.11.ebuild index cc9e239956e4..dbc6c1d2186d 100644 --- a/net-libs/gnutls/gnutls-3.1.11.ebuild +++ b/net-libs/gnutls/gnutls-3.1.11.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/gnutls/gnutls-3.1.11.ebuild,v 1.2 2013/05/22 10:10:43 radhermit Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-libs/gnutls/gnutls-3.1.11.ebuild,v 1.3 2013/05/30 19:56:09 radhermit Exp $ EAPI=5 @@ -76,7 +76,6 @@ src_configure() { # TPM needs to be tested before being enabled econf \ --htmldir="${EPREFIX}/usr/share/doc/${PF}/html" \ - --disable-silent-rules \ --disable-valgrind-tests \ --enable-heartbeat-support \ $(use_enable cxx) \ @@ -91,6 +90,11 @@ src_configure() { --without-tpm } +src_test() { + # parallel testing often fails + emake -j1 check +} + src_install() { default diff --git a/net-libs/gnutls/gnutls-3.2.0.ebuild b/net-libs/gnutls/gnutls-3.2.0.ebuild index 26968744715e..1e080e22e6c5 100644 --- a/net-libs/gnutls/gnutls-3.2.0.ebuild +++ b/net-libs/gnutls/gnutls-3.2.0.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/gnutls/gnutls-3.2.0.ebuild,v 1.3 2013/05/22 18:32:22 radhermit Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-libs/gnutls/gnutls-3.2.0.ebuild,v 1.4 2013/05/30 19:56:09 radhermit Exp $ EAPI=5 @@ -76,7 +76,6 @@ src_configure() { # TPM needs to be tested before being enabled econf \ --htmldir="${EPREFIX}/usr/share/doc/${PF}/html" \ - --disable-silent-rules \ --disable-valgrind-tests \ --enable-heartbeat-support \ $(use_enable cxx) \ @@ -91,6 +90,11 @@ src_configure() { --without-tpm } +src_test() { + # parallel testing often fails + emake -j1 check +} + src_install() { default |