2 files changed, 178 insertions, 0 deletions
diff --git a/app-arch/dump/dump-0.4.46-r1.ebuild b/app-arch/dump/dump-0.4.46-r1.ebuild
new file mode 100644
index 000000000000..f984ca0ef78b
--- /dev/null
+++ b/app-arch/dump/dump-0.4.46-r1.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit versionator
+
+MY_P="${PN}-$(replace_version_separator 2 b)"
+S=${WORKDIR}/${MY_P}
+DESCRIPTION="Dump/restore ext2fs backup utilities"
+HOMEPAGE="http://dump.sourceforge.net/"
+SRC_URI="mirror://sourceforge/dump/${MY_P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+# We keep uuid USE flag default dsiabled for this version. Don't forget
+# to default enable it for later versions as this is the upstream default.
+IUSE="bzip2 debug ermt libressl lzo readline selinux sqlite ssl static test uuid zlib"
+REQUIRED_USE="
+	ermt? ( ssl )
+	ssl? ( zlib )
+	test? ( sqlite? ( uuid ) )
+"
+
+RDEPEND=">=sys-fs/e2fsprogs-1.27:=
+	>=sys-libs/e2fsprogs-libs-1.27:=
+	sys-apps/util-linux
+	bzip2? ( >=app-arch/bzip2-1.0.2:= )
+	zlib? ( >=sys-libs/zlib-1.1.4:= )
+	lzo? ( dev-libs/lzo:2= )
+	sqlite? ( dev-db/sqlite:3= )
+	ermt? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:0= )
+	)
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:0= )
+	)
+	readline? (
+		sys-libs/readline:0=
+		sys-libs/ncurses:=
+		static? ( sys-libs/ncurses:=[static-libs] )
+	)"
+DEPEND="${RDEPEND}
+	virtual/pkgconfig
+	virtual/os-headers"
+
+PATCHES=( "${FILESDIR}"/${P}-openssl11.patch )
+
+src_configure() {
+	local myeconfargs=(
+		--with-dumpdatespath=/etc/dumpdates
+		--with-rmtpath='$(sbindir)/rmt'
+		--enable-blkid
+		$(use_enable bzip2)
+		$(use_enable debug)
+		$(use_enable ermt)
+		$(use_enable lzo)
+		$(use_enable readline)
+		$(use_enable selinux)
+		$(use_enable sqlite)
+		$(use_enable ssl)
+		$(use_enable static static-progs)
+		$(use_enable uuid)
+		$(use_enable zlib)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+	mv "${ED}"/usr/sbin/{,dump-}rmt || die
+	mv "${ED}"/usr/share/man/man8/{,dump-}rmt.8 || die
+	use ermt && newsbin rmt/ermt dump-ermt
+
+	dodoc KNOWNBUGS MAINTAINERS REPORTING-BUGS
+	dodoc -r examples
+}
+
+pkg_postinst() {
+	if [[ -z ${REPLACING_VERSIONS} ]] ; then
+		ewarn "app-arch/dump installs 'rmt' as 'dump-rmt'."
+		ewarn "This is to avoid conflicts with app-arch/tar 'rmt'."
+	fi
+}
diff --git a/app-arch/dump/files/dump-0.4.46-openssl11.patch b/app-arch/dump/files/dump-0.4.46-openssl11.patch
new file mode 100644
index 000000000000..db18e8190f5c
--- /dev/null
+++ b/app-arch/dump/files/dump-0.4.46-openssl11.patch
@@ -0,0 +1,91 @@
+Index: dump-0.4b46/common/transformation_ssl.c
+===================================================================
+--- dump-0.4b46.orig/common/transformation_ssl.c
++++ dump-0.4b46/common/transformation_ssl.c
+@@ -215,7 +215,10 @@ generateIV(Transformation *xform, unsign
+ 	/* to be exposed to any attacker anyway. */
+ 	*saltlen = 16;
+ 	if (xform->enc == 1) {
+-		RAND_pseudo_bytes(salt, *saltlen);
++		if (!RAND_bytes(salt, *saltlen) != 1) {
++			/* PRNG not sufficiently seeded */
++			return -1;
++		}
+ 	}
+ 	memcpy(ivbuffer, salt, 16);
+ 
+@@ -274,7 +277,7 @@ ssl_compress(Transformation *xform, stru
+ 	digestlen = sizeof(digest);
+ 
+ 	/* generate salt, put it in header */
+-	generateIV(xform, salt, &saltlen, iv, &ivlen);
++	generateIV(xform, salt, &saltlen, iv, &ivlen); /* TODO: check return value */
+ 	memcpy(tpbin->buf, salt, saltlen);
+ 
+ 	/* compress the buffer first - increase the entropy */
+@@ -351,7 +354,7 @@ ssl_decompress(Transformation *xform, st
+ 
+ 	// how to know salt length?
+ 	memcpy(salt, src, saltlen);
+-	generateIV(xform, salt, &saltlen, iv, &ivlen);
++	generateIV(xform, salt, &saltlen, iv, &ivlen); /* TODO: check return value */
+ 
+ 	EVP_DecryptInit_ex(xform->state.ssl.dataCtx, xform->state.ssl.cipher,  xform->state.ssl.engine, NULL, NULL);
+ 	//EVP_CIPHER_CTX_set_key_length(&ctx, 8);
+@@ -515,7 +518,7 @@ Transformation
+ 		//EVP_CIPHER_CTX_rand_key(ctx, t->state.ssl.key);
+ 		//EVP_CIPHER_CTX_cleanup(ctx);
+ 		//EVP_CIPHER_CTX_free(ctx);
+-		RAND_bytes(t->state.ssl.key, t->state.ssl.cipher->key_len);
++		RAND_bytes(t->state.ssl.key, EVP_CIPHER_key_length(t->state.ssl.cipher));
+ 	} else {
+ 		// how do we get keys?
+ 	}
+Index: dump-0.4b46/rmt/cipher.c
+===================================================================
+--- dump-0.4b46.orig/rmt/cipher.c
++++ dump-0.4b46/rmt/cipher.c
+@@ -23,7 +23,7 @@
+ char *
+ cipher(char *buf, int buflen, int do_encrypt)
+ {
+-	static EVP_CIPHER_CTX ctx;
++	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ 	static char *out = NULL;	/* return value, grown as necessary */
+ 	static int outlen = 0;
+ 	static int init = 0, which, blocksize;
+@@ -71,13 +71,13 @@ cipher(char *buf, int buflen, int do_enc
+ 		}
+ 		EVP_BytesToKey(cipher, EVP_md5(), NULL,
+ 			buf, strlen(buf), 1, key, iv);
+-		EVP_CIPHER_CTX_init(&ctx);
+-		EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, do_encrypt);
+-		EVP_CIPHER_CTX_set_padding(&ctx, 0);	// -nopad
++		EVP_CIPHER_CTX_init(ctx);
++		EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, do_encrypt);
++		EVP_CIPHER_CTX_set_padding(ctx, 0);	// -nopad
+ 		OPENSSL_cleanse(buf, sizeof buf);
+ 		OPENSSL_cleanse(key, sizeof key);
+ 		OPENSSL_cleanse(iv, sizeof iv);
+-		blocksize = EVP_CIPHER_CTX_block_size(&ctx);
++		blocksize = EVP_CIPHER_CTX_block_size(ctx);
+ 		which = do_encrypt;
+ 		init = 1;
+ 	}
+@@ -95,7 +95,7 @@ cipher(char *buf, int buflen, int do_enc
+ 		outlen = (buflen+blocksize) * 2;
+ 		out = realloc(out, outlen);
+ 	}
+-	if (!EVP_CipherUpdate(&ctx, out, &n, buf, buflen)) {
++	if (!EVP_CipherUpdate(ctx, out, &n, buf, buflen)) {
+ 		syslog(LOG_ERR, "EVP_CipherUpdate failed");
+ 		errno = EINVAL;
+ 		return NULL;
+@@ -106,6 +106,7 @@ cipher(char *buf, int buflen, int do_enc
+ 		return NULL;
+ 	}
+ 	// assert(ctx->buf_len == 0);
++	EVP_CIPHER_CTX_free(ctx);
+ 	return out;
+ }
+