From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id CA96F139345 for ; Wed, 21 Jul 2021 12:56:21 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id EFBA7E09AD; Wed, 21 Jul 2021 12:56:20 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C8E21E09AD for ; Wed, 21 Jul 2021 12:56:20 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 59BE633BEDD for ; Wed, 21 Jul 2021 12:56:19 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 882E55C4 for ; Wed, 21 Jul 2021 12:56:17 +0000 (UTC) From: "Thomas Deutschmann" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Thomas Deutschmann" Message-ID: <1626871920.2dbf858aef6c9f91c2e988d58688360d82981798.whissi@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/ X-VCS-Repository: repo/gentoo X-VCS-Files: dev-libs/openssl/metadata.xml dev-libs/openssl/openssl-1.0.2u-r1.ebuild dev-libs/openssl/openssl-1.0.2u.ebuild dev-libs/openssl/openssl-1.1.1k-r1.ebuild dev-libs/openssl/openssl-1.1.1k.ebuild dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild dev-libs/openssl/openssl-3.0.0_beta1.ebuild X-VCS-Directories: dev-libs/openssl/ X-VCS-Committer: whissi X-VCS-Committer-Name: Thomas Deutschmann X-VCS-Revision: 2dbf858aef6c9f91c2e988d58688360d82981798 X-VCS-Branch: master Date: Wed, 21 Jul 2021 12:56:17 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 87c579bd-a50a-4059-8357-911b0c173e1a X-Archives-Hash: 5deb2351fc7757921d8e3a87f774fda5 commit: 2dbf858aef6c9f91c2e988d58688360d82981798 Author: Thomas Deutschmann gentoo org> AuthorDate: Fri Jul 9 13:00:07 2021 +0000 Commit: Thomas Deutschmann gentoo org> CommitDate: Wed Jul 21 12:52:00 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2dbf858a dev-libs/openssl: rename USE=zlib to USE=tls-compression USE=zlib is a global USE flag and probably enabled by most users. However, in OpenSSL, zlib is used for TLS compression which allows for attacks like CRIME vulnerability. Its usage is discouraged and banned in TLS 1.3+. Renaming the USE flag allows us to opt-out from globally set USE=zlib. Package-Manager: Portage-3.0.21, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/21574 Signed-off-by: Thomas Deutschmann gentoo.org> dev-libs/openssl/metadata.xml | 1 + .../openssl/{openssl-1.0.2u.ebuild => openssl-1.0.2u-r1.ebuild} | 6 +++--- .../openssl/{openssl-1.1.1k.ebuild => openssl-1.1.1k-r1.ebuild} | 6 +++--- .../{openssl-3.0.0_beta1.ebuild => openssl-3.0.0_beta1-r1.ebuild} | 6 +++--- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml index 44e5433a485..350be7c07b0 100644 --- a/dev-libs/openssl/metadata.xml +++ b/dev-libs/openssl/metadata.xml @@ -12,6 +12,7 @@ Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers) Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https + Enable support for discouraged TLS compression Enable the Heartbeat Extension in TLS and DTLS diff --git a/dev-libs/openssl/openssl-1.0.2u.ebuild b/dev-libs/openssl/openssl-1.0.2u-r1.ebuild similarity index 98% rename from dev-libs/openssl/openssl-1.0.2u.ebuild rename to dev-libs/openssl/openssl-1.0.2u-r1.ebuild index 65c29788382..a54fa8fc1b0 100644 --- a/dev-libs/openssl/openssl-1.0.2u.ebuild +++ b/dev-libs/openssl/openssl-1.0.2u-r1.ebuild @@ -38,14 +38,14 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz LICENSE="openssl" SLOT="0" KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux" -IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" +IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test tls-compression +tls-heartbeat vanilla" RESTRICT="!bindist? ( bindist ) !test? ( test )" RDEPEND=">=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" + tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" DEPEND="${RDEPEND}" BDEPEND=" >=dev-lang/perl-5 @@ -197,8 +197,8 @@ multilib_src_configure() { $(use_ssl sctp) \ $(use_ssl sslv2 ssl2) \ $(use_ssl sslv3 ssl3) \ + $(use_ssl tls-compression zlib) \ $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ --prefix="${EPREFIX}"/usr \ --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ --libdir=$(get_libdir) \ diff --git a/dev-libs/openssl/openssl-1.1.1k.ebuild b/dev-libs/openssl/openssl-1.1.1k-r1.ebuild similarity index 98% rename from dev-libs/openssl/openssl-1.1.1k.ebuild rename to dev-libs/openssl/openssl-1.1.1k-r1.ebuild index 1e98af8f703..d212bef1be7 100644 --- a/dev-libs/openssl/openssl-1.1.1k.ebuild +++ b/dev-libs/openssl/openssl-1.1.1k-r1.ebuild @@ -28,12 +28,12 @@ LICENSE="openssl" SLOT="0/1.1" # .so version of libssl/libcrypto [[ "${PV}" = *_pre* ]] || \ KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux" -IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib" +IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla" RESTRICT="!bindist? ( bindist ) !test? ( test )" RDEPEND=">=app-misc/c_rehash-1.7-r1 - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" + tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" DEPEND="${RDEPEND}" BDEPEND=" >=dev-lang/perl-5 @@ -222,8 +222,8 @@ multilib_src_configure() { $(use_ssl asm) \ $(use_ssl rfc3779) \ $(use_ssl sctp) \ + $(use_ssl tls-compression zlib) \ $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ --prefix="${EPREFIX}"/usr \ --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ --libdir=$(get_libdir) \ diff --git a/dev-libs/openssl/openssl-3.0.0_beta1.ebuild b/dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild similarity index 98% rename from dev-libs/openssl/openssl-3.0.0_beta1.ebuild rename to dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild index 396083b136a..f07fa0d1b07 100644 --- a/dev-libs/openssl/openssl-3.0.0_beta1.ebuild +++ b/dev-libs/openssl/openssl-3.0.0_beta1-r1.ebuild @@ -22,12 +22,12 @@ fi LICENSE="Apache-2.0" SLOT="0/3" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 elibc_musl ktls rfc3779 sctp static-libs test vanilla zlib" +IUSE="+asm cpu_flags_x86_sse2 elibc_musl ktls rfc3779 sctp static-libs test tls-compression vanilla" RESTRICT="!test? ( test )" COMMON_DEPEND=" >=app-misc/c_rehash-1.7-r1 - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) + tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) " BDEPEND=" @@ -176,7 +176,7 @@ multilib_src_configure() { $(use_ssl ktls) $(use_ssl rfc3779) $(use_ssl sctp) - $(use_ssl zlib) + $(use_ssl tls-compression zlib) --prefix="${EPREFIX}"/usr --openssldir="${EPREFIX}"${SSL_CNF_DIR} --libdir=$(get_libdir)