| 1 |
commit: 180ca9f16a555d6e4b66f13411c12fe3eea5eb5b |
| 2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sat May 1 17:20:13 2021 +0000 |
| 4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sat May 1 18:06:21 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=180ca9f1 |
| 7 |
|
| 8 |
app-crypt/mit-krb5: drop obsolete LibreSSL patches |
| 9 |
|
| 10 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
| 11 |
|
| 12 |
.../files/mit-krb5-1.16.3-libressl-r1.patch | 101 --------------------- |
| 13 |
.../mit-krb5/files/mit-krb5-1.18-libressl.patch | 42 --------- |
| 14 |
app-crypt/mit-krb5/mit-krb5-1.18.2-r3.ebuild | 2 - |
| 15 |
app-crypt/mit-krb5/mit-krb5-1.18.3-r1.ebuild | 2 - |
| 16 |
4 files changed, 147 deletions(-) |
| 17 |
|
| 18 |
diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl-r1.patch b/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl-r1.patch |
| 19 |
deleted file mode 100644 |
| 20 |
index ca74b88bb0f..00000000000 |
| 21 |
--- a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl-r1.patch |
| 22 |
+++ /dev/null |
| 23 |
@@ -1,101 +0,0 @@ |
| 24 |
-From 58263cbf3106f4c9c9a2252794093014a2f9c01f Mon Sep 17 00:00:00 2001 |
| 25 |
-From: Stefan Strogin <stefan.strogin@×××××.com> |
| 26 |
-Date: Thu, 25 Apr 2019 03:48:10 +0300 |
| 27 |
-Subject: [PATCH] Fix build for LibreSSL 2.9.x |
| 28 |
- |
| 29 |
-asn1_mac.h is removed from LibreSSL 2.9.0, but static_ASN1_*() methods |
| 30 |
-are not defined. Define them. |
| 31 |
- |
| 32 |
-Upstream-Status: Pending |
| 33 |
-[Needs to be amended if |
| 34 |
-https://github.com/libressl-portable/openbsd/pull/109 is accepted] |
| 35 |
-Signed-off-by: Stefan Strogin <stefan.strogin@×××××.com> |
| 36 |
---- |
| 37 |
- .../preauth/pkinit/pkinit_crypto_openssl.c | 13 ++++++++---- |
| 38 |
- .../preauth/pkinit/pkinit_crypto_openssl.h | 20 ++++++++++++++++++- |
| 39 |
- 2 files changed, 28 insertions(+), 5 deletions(-) |
| 40 |
- |
| 41 |
-diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |
| 42 |
-index 2064eb7bd..81d5d3cf2 100644 |
| 43 |
---- a/plugins/preauth/pkinit/pkinit_crypto_openssl.c |
| 44 |
-+++ b/plugins/preauth/pkinit/pkinit_crypto_openssl.c |
| 45 |
-@@ -188,14 +188,16 @@ pkinit_pkcs11_code_to_text(int err); |
| 46 |
- (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) |
| 47 |
- #endif |
| 48 |
- |
| 49 |
--#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 50 |
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
| 51 |
- |
| 52 |
--/* 1.1 standardizes constructor and destructor names, renaming |
| 53 |
-- * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ |
| 54 |
-+/* 1.1 (and LibreSSL 2.7) standardizes constructor and destructor names, |
| 55 |
-+ * renaming EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ |
| 56 |
- |
| 57 |
-+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL |
| 58 |
- #define EVP_MD_CTX_new EVP_MD_CTX_create |
| 59 |
- #define EVP_MD_CTX_free EVP_MD_CTX_destroy |
| 60 |
- #define ASN1_STRING_get0_data ASN1_STRING_data |
| 61 |
-+#endif |
| 62 |
- |
| 63 |
- /* 1.1 makes many handle types opaque and adds accessors. Add compatibility |
| 64 |
- * versions of the new accessors we use for pre-1.1. */ |
| 65 |
-@@ -203,6 +205,7 @@ pkinit_pkcs11_code_to_text(int err); |
| 66 |
- #define OBJ_get0_data(o) ((o)->data) |
| 67 |
- #define OBJ_length(o) ((o)->length) |
| 68 |
- |
| 69 |
-+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL |
| 70 |
- #define DH_set0_pqg compat_dh_set0_pqg |
| 71 |
- static int compat_dh_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) |
| 72 |
- { |
| 73 |
-@@ -235,6 +238,7 @@ static void compat_dh_get0_key(const DH *dh, const BIGNUM **pub, |
| 74 |
- if (priv != NULL) |
| 75 |
- *priv = dh->priv_key; |
| 76 |
- } |
| 77 |
-+#endif /* LIBRESSL_VERSION_NUMBER */ |
| 78 |
- |
| 79 |
- /* Return true if the cert c includes a key usage which doesn't include u. |
| 80 |
- * Define using direct member access for pre-1.1. */ |
| 81 |
-@@ -3040,7 +3044,8 @@ cleanup: |
| 82 |
- return retval; |
| 83 |
- } |
| 84 |
- |
| 85 |
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 86 |
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \ |
| 87 |
-+ LIBRESSL_VERSION_NUMBER >= 0x2090000fL |
| 88 |
- |
| 89 |
- /* |
| 90 |
- * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would |
| 91 |
-diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h |
| 92 |
-index 7411348fa..ac91408c4 100644 |
| 93 |
---- a/plugins/preauth/pkinit/pkinit_crypto_openssl.h |
| 94 |
-+++ b/plugins/preauth/pkinit/pkinit_crypto_openssl.h |
| 95 |
-@@ -46,7 +46,25 @@ |
| 96 |
- #include <openssl/asn1.h> |
| 97 |
- #include <openssl/pem.h> |
| 98 |
- |
| 99 |
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 100 |
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \ |
| 101 |
-+ LIBRESSL_VERSION_NUMBER >= 0x2090000fL |
| 102 |
-+ |
| 103 |
-+#ifndef static_ASN1_SEQUENCE_END_name |
| 104 |
-+#define static_ASN1_ITEM_start(itname) \ |
| 105 |
-+ static const ASN1_ITEM itname##_it = { |
| 106 |
-+#define static_ASN1_SEQUENCE_END_name(stname, tname) \ |
| 107 |
-+ ;\ |
| 108 |
-+ static_ASN1_ITEM_start(tname) \ |
| 109 |
-+ ASN1_ITYPE_SEQUENCE,\ |
| 110 |
-+ V_ASN1_SEQUENCE,\ |
| 111 |
-+ tname##_seq_tt,\ |
| 112 |
-+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ |
| 113 |
-+ NULL,\ |
| 114 |
-+ sizeof(stname),\ |
| 115 |
-+ #stname \ |
| 116 |
-+ ASN1_ITEM_end(tname) |
| 117 |
-+#endif /* !defined(static_ASN1_SEQUENCE_END_name) */ |
| 118 |
-+ |
| 119 |
- #include <openssl/asn1t.h> |
| 120 |
- #else |
| 121 |
- #include <openssl/asn1_mac.h> |
| 122 |
--- |
| 123 |
-2.21.0 |
| 124 |
- |
| 125 |
|
| 126 |
diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.18-libressl.patch b/app-crypt/mit-krb5/files/mit-krb5-1.18-libressl.patch |
| 127 |
deleted file mode 100644 |
| 128 |
index 1522d42a730..00000000000 |
| 129 |
--- a/app-crypt/mit-krb5/files/mit-krb5-1.18-libressl.patch |
| 130 |
+++ /dev/null |
| 131 |
@@ -1,42 +0,0 @@ |
| 132 |
-From e3e3bc2a20795becda6e130d511fe59f04635624 Mon Sep 17 00:00:00 2001 |
| 133 |
-From: Stefan Strogin <steils@g.o> |
| 134 |
-Date: Sat, 15 Feb 2020 10:27:20 +0200 |
| 135 |
-Subject: [PATCH] Fix compilation for LibreSSL 3.0.2 |
| 136 |
- |
| 137 |
-RSA_PKCS1_OpenSSL() is provided in LibreSSL the master branch, |
| 138 |
-expected to be in the next release. |
| 139 |
-See: https://github.com/libressl-portable/openbsd/commit/3a8c41f3a84868337fde01ec1122198ec60bdc8e |
| 140 |
- |
| 141 |
-Bug: https://bugs.gentoo.org/709640 |
| 142 |
-Signed-off-by: Stefan Strogin <steils@g.o> |
| 143 |
---- |
| 144 |
- tests/softpkcs11/main.c | 6 +++++- |
| 145 |
- 1 file changed, 5 insertions(+), 1 deletion(-) |
| 146 |
- |
| 147 |
-diff --git a/tests/softpkcs11/main.c b/tests/softpkcs11/main.c |
| 148 |
-index 1cccdfb43..a5099fbe4 100644 |
| 149 |
---- a/tests/softpkcs11/main.c |
| 150 |
-+++ b/tests/softpkcs11/main.c |
| 151 |
-@@ -47,7 +47,6 @@ |
| 152 |
- |
| 153 |
- #if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 154 |
- #define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa) |
| 155 |
--#define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay |
| 156 |
- #define RSA_get0_key compat_rsa_get0_key |
| 157 |
- static void |
| 158 |
- compat_rsa_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, |
| 159 |
-@@ -62,6 +61,11 @@ compat_rsa_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, |
| 160 |
- } |
| 161 |
- #endif |
| 162 |
- |
| 163 |
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \ |
| 164 |
-+ defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER <= 0x3000200fL) |
| 165 |
-+#define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay |
| 166 |
-+#endif |
| 167 |
-+ |
| 168 |
- #define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \ |
| 169 |
- { \ |
| 170 |
- unsigned char *p; \ |
| 171 |
--- |
| 172 |
-2.25.0 |
| 173 |
- |
| 174 |
|
| 175 |
diff --git a/app-crypt/mit-krb5/mit-krb5-1.18.2-r3.ebuild b/app-crypt/mit-krb5/mit-krb5-1.18.2-r3.ebuild |
| 176 |
index 3b7ff7d91e9..a80fe2ba685 100644 |
| 177 |
--- a/app-crypt/mit-krb5/mit-krb5-1.18.2-r3.ebuild |
| 178 |
+++ b/app-crypt/mit-krb5/mit-krb5-1.18.2-r3.ebuild |
| 179 |
@@ -59,9 +59,7 @@ S=${WORKDIR}/${MY_P}/src |
| 180 |
PATCHES=( |
| 181 |
"${FILESDIR}/${PN}-1.12_warn_cflags.patch" |
| 182 |
"${FILESDIR}/${PN}-config_LDFLAGS-r1.patch" |
| 183 |
- "${FILESDIR}/${PN}-1.16.3-libressl-r1.patch" |
| 184 |
"${FILESDIR}/${PN}_dont_create_run.patch" |
| 185 |
- "${FILESDIR}/${PN}-1.18-libressl.patch" |
| 186 |
"${FILESDIR}/CVE-2020-28196.patch" |
| 187 |
"${FILESDIR}/${PN}-1.18.2-krb5-config.patch" |
| 188 |
"${FILESDIR}/${PN}-1.18.2-autoconf-2.70.patch" |
| 189 |
|
| 190 |
diff --git a/app-crypt/mit-krb5/mit-krb5-1.18.3-r1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.18.3-r1.ebuild |
| 191 |
index 901b431b246..a20eb9604cb 100644 |
| 192 |
--- a/app-crypt/mit-krb5/mit-krb5-1.18.3-r1.ebuild |
| 193 |
+++ b/app-crypt/mit-krb5/mit-krb5-1.18.3-r1.ebuild |
| 194 |
@@ -59,9 +59,7 @@ S=${WORKDIR}/${MY_P}/src |
| 195 |
PATCHES=( |
| 196 |
"${FILESDIR}/${PN}-1.12_warn_cflags.patch" |
| 197 |
"${FILESDIR}/${PN}-config_LDFLAGS-r1.patch" |
| 198 |
- "${FILESDIR}/${PN}-1.16.3-libressl-r1.patch" |
| 199 |
"${FILESDIR}/${PN}_dont_create_run.patch" |
| 200 |
- "${FILESDIR}/${PN}-1.18-libressl.patch" |
| 201 |
"${FILESDIR}/${PN}-1.18.2-krb5-config.patch" |
| 202 |
) |
Archives