1 |
commit: 6bc6d001a0fff7ea3ef374a9a5a1de885b2ff8cb |
2 |
Author: Pacho Ramos <pacho <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Jan 13 19:33:17 2019 +0000 |
4 |
Commit: Pacho Ramos <pacho <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jan 13 19:33:17 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6bc6d001 |
7 |
|
8 |
net-ftp/tlswrap: Fix compat with openssl-1.1 and libressl |
9 |
|
10 |
Closes: https://bugs.gentoo.org/675330 |
11 |
Package-Manager: Portage-2.3.55, Repoman-2.3.12 |
12 |
Signed-off-by: Pacho Ramos <pacho <AT> gentoo.org> |
13 |
|
14 |
net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch | 16 ------ |
15 |
net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch | 60 ++++++++++++++++++++++ |
16 |
net-ftp/tlswrap/tlswrap-1.04-r3.ebuild | 17 +++--- |
17 |
3 files changed, 69 insertions(+), 24 deletions(-) |
18 |
|
19 |
diff --git a/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch b/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch |
20 |
deleted file mode 100644 |
21 |
index 5c1f1083005..00000000000 |
22 |
--- a/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch |
23 |
+++ /dev/null |
24 |
@@ -1,16 +0,0 @@ |
25 |
-diff -Naur a/tls.c b/tls.c |
26 |
---- a/tls.c 2006-11-25 19:52:08.000000000 +0100 |
27 |
-+++ b/tls.c 2015-11-10 16:16:25.000000000 +0100 |
28 |
-@@ -73,10 +73,12 @@ |
29 |
- printf("egd_sock is %s\n", egd_sock); |
30 |
- #ifdef HAVE_RAND_STATUS |
31 |
- if (RAND_status() != 1) { |
32 |
-+#ifndef OPENSSL_NO_EGD |
33 |
- if ( RAND_egd(egd_sock) == -1 ) { |
34 |
- fprintf(stderr, "egd_sock is %s\n", egd_sock); |
35 |
- sys_err("RAND_egd failed\n"); |
36 |
- } |
37 |
-+#endif |
38 |
- if (RAND_status() != 1) |
39 |
- sys_err("ssl_init: System without /dev/urandom, PRNG seeding must be done manually.\r\n"); |
40 |
- } |
41 |
|
42 |
diff --git a/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch b/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch |
43 |
new file mode 100644 |
44 |
index 00000000000..e8d0941d743 |
45 |
--- /dev/null |
46 |
+++ b/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch |
47 |
@@ -0,0 +1,60 @@ |
48 |
+diff -wru tlswrap-1.04.orig/tls.c tlswrap-1.04/tls.c |
49 |
+--- tlswrap-1.04.orig/tls.c 2006-11-25 19:52:08.000000000 +0100 |
50 |
++++ tlswrap-1.04/tls.c 2017-12-05 04:43:56.757223948 +0100 |
51 |
+@@ -73,10 +73,12 @@ |
52 |
+ printf("egd_sock is %s\n", egd_sock); |
53 |
+ #ifdef HAVE_RAND_STATUS |
54 |
+ if (RAND_status() != 1) { |
55 |
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || OPENSSL_NO_EGD |
56 |
+ if ( RAND_egd(egd_sock) == -1 ) { |
57 |
+ fprintf(stderr, "egd_sock is %s\n", egd_sock); |
58 |
+ sys_err("RAND_egd failed\n"); |
59 |
+ } |
60 |
++#endif |
61 |
+ if (RAND_status() != 1) |
62 |
+ sys_err("ssl_init: System without /dev/urandom, PRNG seeding must be done manually.\r\n"); |
63 |
+ } |
64 |
+@@ -262,7 +264,8 @@ |
65 |
+ int ok, extcount, i, j; |
66 |
+ char *extstr; |
67 |
+ SSL *ssl; |
68 |
+-#if (OPENSSL_VERSION_NUMBER > 0x00908000L) |
69 |
++#if (OPENSSL_VERSION_NUMBER > 0x10100000L) |
70 |
++#elif (OPENSSL_VERSION_NUMBER > 0x00908000L) |
71 |
+ unsigned char const *data1; |
72 |
+ #else |
73 |
+ unsigned char *data1; |
74 |
+@@ -279,6 +282,16 @@ |
75 |
+ if (debug) |
76 |
+ printf("tls_cert2\n"); |
77 |
+ |
78 |
++#if (OPENSSL_VERSION_NUMBER > 0x10100000L) |
79 |
++ if (ud->sec_level > 3) { |
80 |
++ X509_VERIFY_PARAM *param = SSL_get0_param(ssl); |
81 |
++ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); |
82 |
++ X509_VERIFY_PARAM_set1_host(param, ud->serv_dns.hostname, 0); |
83 |
++ X509_VERIFY_PARAM_set1_ip_asc(param, ud->serv_data_host); |
84 |
++ SSL_set_verify(ssl, SSL_VERIFY_PEER, 0); |
85 |
++ } |
86 |
++#endif |
87 |
++ |
88 |
+ if ((x509_peer = SSL_get_peer_certificate(ssl)) == NULL) |
89 |
+ return X509_V_ERR_APPLICATION_VERIFICATION; /* SSL_get_peer* can only be NULL on 'anonymous DH connections' so shouldn't happen. */ |
90 |
+ |
91 |
+@@ -287,6 +300,8 @@ |
92 |
+ return SSL_get_verify_result(ssl); |
93 |
+ } |
94 |
+ |
95 |
++ |
96 |
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
97 |
+ if ((extcount = X509_get_ext_count(x509_peer)) > 0) { |
98 |
+ if (debug) printf("extcount = %d\n", extcount); |
99 |
+ for (i = 0; i < extcount; i++) { |
100 |
+@@ -333,6 +348,7 @@ |
101 |
+ return X509_V_ERR_APPLICATION_VERIFICATION; |
102 |
+ } |
103 |
+ } |
104 |
++#endif |
105 |
+ X509_free(x509_peer); |
106 |
+ return SSL_get_verify_result(ssl); |
107 |
+ } |
108 |
|
109 |
diff --git a/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild b/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild |
110 |
index 4bb88bbe38e..07e388e8f25 100644 |
111 |
--- a/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild |
112 |
+++ b/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild |
113 |
@@ -1,8 +1,7 @@ |
114 |
-# Copyright 1999-2018 Gentoo Foundation |
115 |
+# Copyright 1999-2019 Gentoo Authors |
116 |
# Distributed under the terms of the GNU General Public License v2 |
117 |
|
118 |
-EAPI=6 |
119 |
- |
120 |
+EAPI=7 |
121 |
inherit autotools |
122 |
|
123 |
DESCRIPTION="FTP wrapper which supports TLS with every FTP client" |
124 |
@@ -15,15 +14,17 @@ SLOT="0" |
125 |
KEYWORDS="~amd64 ~x86" |
126 |
IUSE="libressl" |
127 |
|
128 |
-DEPEND="!libressl? ( dev-libs/openssl:0= ) |
129 |
- libressl? ( dev-libs/libressl:= )" |
130 |
-RDEPEND="${DEPEND}" |
131 |
+RDEPEND=" |
132 |
+ !libressl? ( dev-libs/openssl:0= ) |
133 |
+ libressl? ( dev-libs/libressl:= ) |
134 |
+" |
135 |
+DEPEND="${RDEPEND}" |
136 |
|
137 |
PATCHES=( |
138 |
- "${FILESDIR}/${P}-libressl.patch" |
139 |
"${FILESDIR}/respect-cflags.patch" |
140 |
"${FILESDIR}/modernize-am_init_automake.patch" |
141 |
"${FILESDIR}/fix-Wformat-security-warnings.patch" |
142 |
+ "${FILESDIR}/${P}-openssl11.patch" |
143 |
) |
144 |
|
145 |
src_prepare() { |
146 |
@@ -33,6 +34,6 @@ src_prepare() { |
147 |
|
148 |
src_install() { |
149 |
emake prefix="${D}/usr" install |
150 |
- dodoc ChangeLog README |
151 |
+ einstalldocs |
152 |
newinitd "${FILESDIR}/tlswrap.init" tlswrap |
153 |
} |