Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Pacho Ramos <pacho@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-ftp/tlswrap/, net-ftp/tlswrap/files/
Date: Sun, 13 Jan 2019 19:34:54
Message-Id: 1547407997.6bc6d001a0fff7ea3ef374a9a5a1de885b2ff8cb.pacho@gentoo
1 commit: 6bc6d001a0fff7ea3ef374a9a5a1de885b2ff8cb
2 Author: Pacho Ramos <pacho <AT> gentoo <DOT> org>
3 AuthorDate: Sun Jan 13 19:33:17 2019 +0000
4 Commit: Pacho Ramos <pacho <AT> gentoo <DOT> org>
5 CommitDate: Sun Jan 13 19:33:17 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6bc6d001
7
8 net-ftp/tlswrap: Fix compat with openssl-1.1 and libressl
9
10 Closes: https://bugs.gentoo.org/675330
11 Package-Manager: Portage-2.3.55, Repoman-2.3.12
12 Signed-off-by: Pacho Ramos <pacho <AT> gentoo.org>
13
14 net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch | 16 ------
15 net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch | 60 ++++++++++++++++++++++
16 net-ftp/tlswrap/tlswrap-1.04-r3.ebuild | 17 +++---
17 3 files changed, 69 insertions(+), 24 deletions(-)
18
19 diff --git a/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch b/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch
20 deleted file mode 100644
21 index 5c1f1083005..00000000000
22 --- a/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch
23 +++ /dev/null
24 @@ -1,16 +0,0 @@
25 -diff -Naur a/tls.c b/tls.c
26 ---- a/tls.c 2006-11-25 19:52:08.000000000 +0100
27 -+++ b/tls.c 2015-11-10 16:16:25.000000000 +0100
28 -@@ -73,10 +73,12 @@
29 - printf("egd_sock is %s\n", egd_sock);
30 - #ifdef HAVE_RAND_STATUS
31 - if (RAND_status() != 1) {
32 -+#ifndef OPENSSL_NO_EGD
33 - if ( RAND_egd(egd_sock) == -1 ) {
34 - fprintf(stderr, "egd_sock is %s\n", egd_sock);
35 - sys_err("RAND_egd failed\n");
36 - }
37 -+#endif
38 - if (RAND_status() != 1)
39 - sys_err("ssl_init: System without /dev/urandom, PRNG seeding must be done manually.\r\n");
40 - }
41
42 diff --git a/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch b/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch
43 new file mode 100644
44 index 00000000000..e8d0941d743
45 --- /dev/null
46 +++ b/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch
47 @@ -0,0 +1,60 @@
48 +diff -wru tlswrap-1.04.orig/tls.c tlswrap-1.04/tls.c
49 +--- tlswrap-1.04.orig/tls.c 2006-11-25 19:52:08.000000000 +0100
50 ++++ tlswrap-1.04/tls.c 2017-12-05 04:43:56.757223948 +0100
51 +@@ -73,10 +73,12 @@
52 + printf("egd_sock is %s\n", egd_sock);
53 + #ifdef HAVE_RAND_STATUS
54 + if (RAND_status() != 1) {
55 ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || OPENSSL_NO_EGD
56 + if ( RAND_egd(egd_sock) == -1 ) {
57 + fprintf(stderr, "egd_sock is %s\n", egd_sock);
58 + sys_err("RAND_egd failed\n");
59 + }
60 ++#endif
61 + if (RAND_status() != 1)
62 + sys_err("ssl_init: System without /dev/urandom, PRNG seeding must be done manually.\r\n");
63 + }
64 +@@ -262,7 +264,8 @@
65 + int ok, extcount, i, j;
66 + char *extstr;
67 + SSL *ssl;
68 +-#if (OPENSSL_VERSION_NUMBER > 0x00908000L)
69 ++#if (OPENSSL_VERSION_NUMBER > 0x10100000L)
70 ++#elif (OPENSSL_VERSION_NUMBER > 0x00908000L)
71 + unsigned char const *data1;
72 + #else
73 + unsigned char *data1;
74 +@@ -279,6 +282,16 @@
75 + if (debug)
76 + printf("tls_cert2\n");
77 +
78 ++#if (OPENSSL_VERSION_NUMBER > 0x10100000L)
79 ++ if (ud->sec_level > 3) {
80 ++ X509_VERIFY_PARAM *param = SSL_get0_param(ssl);
81 ++ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
82 ++ X509_VERIFY_PARAM_set1_host(param, ud->serv_dns.hostname, 0);
83 ++ X509_VERIFY_PARAM_set1_ip_asc(param, ud->serv_data_host);
84 ++ SSL_set_verify(ssl, SSL_VERIFY_PEER, 0);
85 ++ }
86 ++#endif
87 ++
88 + if ((x509_peer = SSL_get_peer_certificate(ssl)) == NULL)
89 + return X509_V_ERR_APPLICATION_VERIFICATION; /* SSL_get_peer* can only be NULL on 'anonymous DH connections' so shouldn't happen. */
90 +
91 +@@ -287,6 +300,8 @@
92 + return SSL_get_verify_result(ssl);
93 + }
94 +
95 ++
96 ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
97 + if ((extcount = X509_get_ext_count(x509_peer)) > 0) {
98 + if (debug) printf("extcount = %d\n", extcount);
99 + for (i = 0; i < extcount; i++) {
100 +@@ -333,6 +348,7 @@
101 + return X509_V_ERR_APPLICATION_VERIFICATION;
102 + }
103 + }
104 ++#endif
105 + X509_free(x509_peer);
106 + return SSL_get_verify_result(ssl);
107 + }
108
109 diff --git a/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild b/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild
110 index 4bb88bbe38e..07e388e8f25 100644
111 --- a/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild
112 +++ b/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild
113 @@ -1,8 +1,7 @@
114 -# Copyright 1999-2018 Gentoo Foundation
115 +# Copyright 1999-2019 Gentoo Authors
116 # Distributed under the terms of the GNU General Public License v2
117
118 -EAPI=6
119 -
120 +EAPI=7
121 inherit autotools
122
123 DESCRIPTION="FTP wrapper which supports TLS with every FTP client"
124 @@ -15,15 +14,17 @@ SLOT="0"
125 KEYWORDS="~amd64 ~x86"
126 IUSE="libressl"
127
128 -DEPEND="!libressl? ( dev-libs/openssl:0= )
129 - libressl? ( dev-libs/libressl:= )"
130 -RDEPEND="${DEPEND}"
131 +RDEPEND="
132 + !libressl? ( dev-libs/openssl:0= )
133 + libressl? ( dev-libs/libressl:= )
134 +"
135 +DEPEND="${RDEPEND}"
136
137 PATCHES=(
138 - "${FILESDIR}/${P}-libressl.patch"
139 "${FILESDIR}/respect-cflags.patch"
140 "${FILESDIR}/modernize-am_init_automake.patch"
141 "${FILESDIR}/fix-Wformat-security-warnings.patch"
142 + "${FILESDIR}/${P}-openssl11.patch"
143 )
144
145 src_prepare() {
146 @@ -33,6 +34,6 @@ src_prepare() {
147
148 src_install() {
149 emake prefix="${D}/usr" install
150 - dodoc ChangeLog README
151 + einstalldocs
152 newinitd "${FILESDIR}/tlswrap.init" tlswrap
153 }
Report Message
Find on MARC Find on Google Groups