1 |
commit: 180ca9f16a555d6e4b66f13411c12fe3eea5eb5b |
2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat May 1 17:20:13 2021 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat May 1 18:06:21 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=180ca9f1 |
7 |
|
8 |
app-crypt/mit-krb5: drop obsolete LibreSSL patches |
9 |
|
10 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
11 |
|
12 |
.../files/mit-krb5-1.16.3-libressl-r1.patch | 101 --------------------- |
13 |
.../mit-krb5/files/mit-krb5-1.18-libressl.patch | 42 --------- |
14 |
app-crypt/mit-krb5/mit-krb5-1.18.2-r3.ebuild | 2 - |
15 |
app-crypt/mit-krb5/mit-krb5-1.18.3-r1.ebuild | 2 - |
16 |
4 files changed, 147 deletions(-) |
17 |
|
18 |
diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl-r1.patch b/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl-r1.patch |
19 |
deleted file mode 100644 |
20 |
index ca74b88bb0f..00000000000 |
21 |
--- a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl-r1.patch |
22 |
+++ /dev/null |
23 |
@@ -1,101 +0,0 @@ |
24 |
-From 58263cbf3106f4c9c9a2252794093014a2f9c01f Mon Sep 17 00:00:00 2001 |
25 |
-From: Stefan Strogin <stefan.strogin@×××××.com> |
26 |
-Date: Thu, 25 Apr 2019 03:48:10 +0300 |
27 |
-Subject: [PATCH] Fix build for LibreSSL 2.9.x |
28 |
- |
29 |
-asn1_mac.h is removed from LibreSSL 2.9.0, but static_ASN1_*() methods |
30 |
-are not defined. Define them. |
31 |
- |
32 |
-Upstream-Status: Pending |
33 |
-[Needs to be amended if |
34 |
-https://github.com/libressl-portable/openbsd/pull/109 is accepted] |
35 |
-Signed-off-by: Stefan Strogin <stefan.strogin@×××××.com> |
36 |
---- |
37 |
- .../preauth/pkinit/pkinit_crypto_openssl.c | 13 ++++++++---- |
38 |
- .../preauth/pkinit/pkinit_crypto_openssl.h | 20 ++++++++++++++++++- |
39 |
- 2 files changed, 28 insertions(+), 5 deletions(-) |
40 |
- |
41 |
-diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |
42 |
-index 2064eb7bd..81d5d3cf2 100644 |
43 |
---- a/plugins/preauth/pkinit/pkinit_crypto_openssl.c |
44 |
-+++ b/plugins/preauth/pkinit/pkinit_crypto_openssl.c |
45 |
-@@ -188,14 +188,16 @@ pkinit_pkcs11_code_to_text(int err); |
46 |
- (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) |
47 |
- #endif |
48 |
- |
49 |
--#if OPENSSL_VERSION_NUMBER < 0x10100000L |
50 |
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
51 |
- |
52 |
--/* 1.1 standardizes constructor and destructor names, renaming |
53 |
-- * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ |
54 |
-+/* 1.1 (and LibreSSL 2.7) standardizes constructor and destructor names, |
55 |
-+ * renaming EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ |
56 |
- |
57 |
-+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL |
58 |
- #define EVP_MD_CTX_new EVP_MD_CTX_create |
59 |
- #define EVP_MD_CTX_free EVP_MD_CTX_destroy |
60 |
- #define ASN1_STRING_get0_data ASN1_STRING_data |
61 |
-+#endif |
62 |
- |
63 |
- /* 1.1 makes many handle types opaque and adds accessors. Add compatibility |
64 |
- * versions of the new accessors we use for pre-1.1. */ |
65 |
-@@ -203,6 +205,7 @@ pkinit_pkcs11_code_to_text(int err); |
66 |
- #define OBJ_get0_data(o) ((o)->data) |
67 |
- #define OBJ_length(o) ((o)->length) |
68 |
- |
69 |
-+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL |
70 |
- #define DH_set0_pqg compat_dh_set0_pqg |
71 |
- static int compat_dh_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) |
72 |
- { |
73 |
-@@ -235,6 +238,7 @@ static void compat_dh_get0_key(const DH *dh, const BIGNUM **pub, |
74 |
- if (priv != NULL) |
75 |
- *priv = dh->priv_key; |
76 |
- } |
77 |
-+#endif /* LIBRESSL_VERSION_NUMBER */ |
78 |
- |
79 |
- /* Return true if the cert c includes a key usage which doesn't include u. |
80 |
- * Define using direct member access for pre-1.1. */ |
81 |
-@@ -3040,7 +3044,8 @@ cleanup: |
82 |
- return retval; |
83 |
- } |
84 |
- |
85 |
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
86 |
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \ |
87 |
-+ LIBRESSL_VERSION_NUMBER >= 0x2090000fL |
88 |
- |
89 |
- /* |
90 |
- * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would |
91 |
-diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h |
92 |
-index 7411348fa..ac91408c4 100644 |
93 |
---- a/plugins/preauth/pkinit/pkinit_crypto_openssl.h |
94 |
-+++ b/plugins/preauth/pkinit/pkinit_crypto_openssl.h |
95 |
-@@ -46,7 +46,25 @@ |
96 |
- #include <openssl/asn1.h> |
97 |
- #include <openssl/pem.h> |
98 |
- |
99 |
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
100 |
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \ |
101 |
-+ LIBRESSL_VERSION_NUMBER >= 0x2090000fL |
102 |
-+ |
103 |
-+#ifndef static_ASN1_SEQUENCE_END_name |
104 |
-+#define static_ASN1_ITEM_start(itname) \ |
105 |
-+ static const ASN1_ITEM itname##_it = { |
106 |
-+#define static_ASN1_SEQUENCE_END_name(stname, tname) \ |
107 |
-+ ;\ |
108 |
-+ static_ASN1_ITEM_start(tname) \ |
109 |
-+ ASN1_ITYPE_SEQUENCE,\ |
110 |
-+ V_ASN1_SEQUENCE,\ |
111 |
-+ tname##_seq_tt,\ |
112 |
-+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ |
113 |
-+ NULL,\ |
114 |
-+ sizeof(stname),\ |
115 |
-+ #stname \ |
116 |
-+ ASN1_ITEM_end(tname) |
117 |
-+#endif /* !defined(static_ASN1_SEQUENCE_END_name) */ |
118 |
-+ |
119 |
- #include <openssl/asn1t.h> |
120 |
- #else |
121 |
- #include <openssl/asn1_mac.h> |
122 |
--- |
123 |
-2.21.0 |
124 |
- |
125 |
|
126 |
diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.18-libressl.patch b/app-crypt/mit-krb5/files/mit-krb5-1.18-libressl.patch |
127 |
deleted file mode 100644 |
128 |
index 1522d42a730..00000000000 |
129 |
--- a/app-crypt/mit-krb5/files/mit-krb5-1.18-libressl.patch |
130 |
+++ /dev/null |
131 |
@@ -1,42 +0,0 @@ |
132 |
-From e3e3bc2a20795becda6e130d511fe59f04635624 Mon Sep 17 00:00:00 2001 |
133 |
-From: Stefan Strogin <steils@g.o> |
134 |
-Date: Sat, 15 Feb 2020 10:27:20 +0200 |
135 |
-Subject: [PATCH] Fix compilation for LibreSSL 3.0.2 |
136 |
- |
137 |
-RSA_PKCS1_OpenSSL() is provided in LibreSSL the master branch, |
138 |
-expected to be in the next release. |
139 |
-See: https://github.com/libressl-portable/openbsd/commit/3a8c41f3a84868337fde01ec1122198ec60bdc8e |
140 |
- |
141 |
-Bug: https://bugs.gentoo.org/709640 |
142 |
-Signed-off-by: Stefan Strogin <steils@g.o> |
143 |
---- |
144 |
- tests/softpkcs11/main.c | 6 +++++- |
145 |
- 1 file changed, 5 insertions(+), 1 deletion(-) |
146 |
- |
147 |
-diff --git a/tests/softpkcs11/main.c b/tests/softpkcs11/main.c |
148 |
-index 1cccdfb43..a5099fbe4 100644 |
149 |
---- a/tests/softpkcs11/main.c |
150 |
-+++ b/tests/softpkcs11/main.c |
151 |
-@@ -47,7 +47,6 @@ |
152 |
- |
153 |
- #if OPENSSL_VERSION_NUMBER < 0x10100000L |
154 |
- #define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa) |
155 |
--#define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay |
156 |
- #define RSA_get0_key compat_rsa_get0_key |
157 |
- static void |
158 |
- compat_rsa_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, |
159 |
-@@ -62,6 +61,11 @@ compat_rsa_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, |
160 |
- } |
161 |
- #endif |
162 |
- |
163 |
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \ |
164 |
-+ defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER <= 0x3000200fL) |
165 |
-+#define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay |
166 |
-+#endif |
167 |
-+ |
168 |
- #define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \ |
169 |
- { \ |
170 |
- unsigned char *p; \ |
171 |
--- |
172 |
-2.25.0 |
173 |
- |
174 |
|
175 |
diff --git a/app-crypt/mit-krb5/mit-krb5-1.18.2-r3.ebuild b/app-crypt/mit-krb5/mit-krb5-1.18.2-r3.ebuild |
176 |
index 3b7ff7d91e9..a80fe2ba685 100644 |
177 |
--- a/app-crypt/mit-krb5/mit-krb5-1.18.2-r3.ebuild |
178 |
+++ b/app-crypt/mit-krb5/mit-krb5-1.18.2-r3.ebuild |
179 |
@@ -59,9 +59,7 @@ S=${WORKDIR}/${MY_P}/src |
180 |
PATCHES=( |
181 |
"${FILESDIR}/${PN}-1.12_warn_cflags.patch" |
182 |
"${FILESDIR}/${PN}-config_LDFLAGS-r1.patch" |
183 |
- "${FILESDIR}/${PN}-1.16.3-libressl-r1.patch" |
184 |
"${FILESDIR}/${PN}_dont_create_run.patch" |
185 |
- "${FILESDIR}/${PN}-1.18-libressl.patch" |
186 |
"${FILESDIR}/CVE-2020-28196.patch" |
187 |
"${FILESDIR}/${PN}-1.18.2-krb5-config.patch" |
188 |
"${FILESDIR}/${PN}-1.18.2-autoconf-2.70.patch" |
189 |
|
190 |
diff --git a/app-crypt/mit-krb5/mit-krb5-1.18.3-r1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.18.3-r1.ebuild |
191 |
index 901b431b246..a20eb9604cb 100644 |
192 |
--- a/app-crypt/mit-krb5/mit-krb5-1.18.3-r1.ebuild |
193 |
+++ b/app-crypt/mit-krb5/mit-krb5-1.18.3-r1.ebuild |
194 |
@@ -59,9 +59,7 @@ S=${WORKDIR}/${MY_P}/src |
195 |
PATCHES=( |
196 |
"${FILESDIR}/${PN}-1.12_warn_cflags.patch" |
197 |
"${FILESDIR}/${PN}-config_LDFLAGS-r1.patch" |
198 |
- "${FILESDIR}/${PN}-1.16.3-libressl-r1.patch" |
199 |
"${FILESDIR}/${PN}_dont_create_run.patch" |
200 |
- "${FILESDIR}/${PN}-1.18-libressl.patch" |
201 |
"${FILESDIR}/${PN}-1.18.2-krb5-config.patch" |
202 |
) |