1 |
commit: c2626757b304cbe1ba5da551b0db496989e95cc0 |
2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Oct 24 15:07:24 2018 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Oct 24 15:07:39 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2626757 |
7 |
|
8 |
net-libs/c-client: Fixed build with openssl-1.1 |
9 |
|
10 |
Closes: https://bugs.gentoo.org/647616 |
11 |
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> |
12 |
Package-Manager: Portage-2.3.51, Repoman-2.3.11 |
13 |
|
14 |
net-libs/c-client/c-client-2007f-r6.ebuild | 33 ++++++----- |
15 |
.../files/c-client-2007f-openssl-1.1.patch | 66 ++++++++++++++++++++++ |
16 |
2 files changed, 86 insertions(+), 13 deletions(-) |
17 |
|
18 |
diff --git a/net-libs/c-client/c-client-2007f-r6.ebuild b/net-libs/c-client/c-client-2007f-r6.ebuild |
19 |
index 6f539a98487..bd9925412df 100644 |
20 |
--- a/net-libs/c-client/c-client-2007f-r6.ebuild |
21 |
+++ b/net-libs/c-client/c-client-2007f-r6.ebuild |
22 |
@@ -1,4 +1,4 @@ |
23 |
-# Copyright 1999-2017 Gentoo Foundation |
24 |
+# Copyright 1999-2018 Gentoo Authors |
25 |
# Distributed under the terms of the GNU General Public License v2 |
26 |
|
27 |
EAPI=6 |
28 |
@@ -30,9 +30,28 @@ DEPEND="${RDEPEND} |
29 |
kernel_linux? ( pam? ( >=sys-libs/pam-0.72 ) ) |
30 |
" |
31 |
|
32 |
+PATCHES=( |
33 |
+ # Apply a patch to only build the stuff we need for c-client |
34 |
+ "${FILESDIR}/${PN}-2006k_GENTOO_Makefile.patch" |
35 |
+ |
36 |
+ # Apply patch to add the compilation of a .so for PHP |
37 |
+ # This was previously conditional, but is more widely useful. |
38 |
+ "${FILESDIR}/${PN}-2006k_GENTOO_amd64-so-fix.patch" |
39 |
+ |
40 |
+ # Respect LDFLAGS |
41 |
+ "${FILESDIR}/${PN}-2007f-ldflags.patch" |
42 |
+ |
43 |
+ # openssl-1.1 build fix #647616 |
44 |
+ "${FILESDIR}/${PN}-2007f-openssl-1.1.patch" |
45 |
+) |
46 |
+ |
47 |
src_prepare() { |
48 |
+ use topal && PATCHES+=( "${FILESDIR}/${P}-topal.patch" ) |
49 |
+ |
50 |
default |
51 |
|
52 |
+ use chappa && eapply -p2 "${WORKDIR}/${P}-chappa-${CHAPPA_PL}-all.patch" |
53 |
+ |
54 |
# Tarball packed with bad file perms |
55 |
chmod -R u+rwX,go-w . || die "failed to fix permissions" |
56 |
|
57 |
@@ -60,28 +79,16 @@ src_prepare() { |
58 |
-i src/osdep/unix/Makefile \ |
59 |
|| die "failed to fix the FreeBSD ACTIVEFILE path in the Makefile" |
60 |
|
61 |
- # Apply a patch to only build the stuff we need for c-client |
62 |
- eapply "${FILESDIR}/${PN}-2006k_GENTOO_Makefile.patch" |
63 |
- |
64 |
- # Apply patch to add the compilation of a .so for PHP |
65 |
- # This was previously conditional, but is more widely useful. |
66 |
- eapply "${FILESDIR}/${PN}-2006k_GENTOO_amd64-so-fix.patch" |
67 |
- |
68 |
# Remove the pesky checks about SSL stuff |
69 |
sed -e '/read.*exit/d' -i Makefile \ |
70 |
|| die "failed to disable SSL warning in the Makefile" |
71 |
|
72 |
- # Respect LDFLAGS |
73 |
- eapply "${FILESDIR}/${PN}-2007f-ldflags.patch" |
74 |
sed -e "s:CC=cc:CC=$(tc-getCC):" \ |
75 |
-e "s:ARRC=ar:ARRC=$(tc-getAR):" \ |
76 |
-e "s:RANLIB=ranlib:RANLIB=$(tc-getRANLIB):" \ |
77 |
-i src/osdep/unix/Makefile \ |
78 |
|| die "failed to fix build flags support in the Makefile" |
79 |
|
80 |
- use topal && eapply "${FILESDIR}/${P}-topal.patch" |
81 |
- use chappa && epatch "${DISTDIR}/${P}-chappa-${CHAPPA_PL}-all.patch.gz" |
82 |
- |
83 |
elibtoolize |
84 |
} |
85 |
|
86 |
|
87 |
diff --git a/net-libs/c-client/files/c-client-2007f-openssl-1.1.patch b/net-libs/c-client/files/c-client-2007f-openssl-1.1.patch |
88 |
new file mode 100644 |
89 |
index 00000000000..918f0bd3fbd |
90 |
--- /dev/null |
91 |
+++ b/net-libs/c-client/files/c-client-2007f-openssl-1.1.patch |
92 |
@@ -0,0 +1,66 @@ |
93 |
+diff -Nru a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c |
94 |
+--- a/src/osdep/unix/ssl_unix.c 2011-07-23 02:20:10.000000000 +0200 |
95 |
++++ b/src/osdep/unix/ssl_unix.c 2018-09-22 09:34:26.492765776 +0200 |
96 |
+@@ -59,7 +59,7 @@ |
97 |
+ static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags); |
98 |
+ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags); |
99 |
+ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx); |
100 |
+-static char *ssl_validate_cert (X509 *cert,char *host); |
101 |
++static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj); |
102 |
+ static long ssl_compare_hostnames (unsigned char *s,unsigned char *pat); |
103 |
+ static char *ssl_getline_work (SSLSTREAM *stream,unsigned long *size, |
104 |
+ long *contd); |
105 |
+@@ -210,6 +210,7 @@ |
106 |
+ BIO *bio; |
107 |
+ X509 *cert; |
108 |
+ unsigned long sl,tl; |
109 |
++ char cert_subj[250]; |
110 |
+ char *s,*t,*err,tmp[MAILTMPLEN]; |
111 |
+ sslcertificatequery_t scq = |
112 |
+ (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL); |
113 |
+@@ -266,13 +267,17 @@ |
114 |
+ if (SSL_write (stream->con,"",0) < 0) |
115 |
+ return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; |
116 |
+ /* need to validate host names? */ |
117 |
+- if (!(flags & NET_NOVALIDATECERT) && |
118 |
+- (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), |
119 |
+- host))) { |
120 |
+- /* application callback */ |
121 |
+- if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL : ""; |
122 |
+- /* error message to return via mm_log() */ |
123 |
+- sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???"); |
124 |
++ if (!(flags & NET_NOVALIDATECERT)) { |
125 |
++ cert_subj[0] = '\0'; |
126 |
++ cert = SSL_get_peer_certificate(stream->con); |
127 |
++ if (cert) |
128 |
++ X509_NAME_oneline(X509_get_subject_name(cert), cert_subj, sizeof(cert_subj)); |
129 |
++ err = ssl_validate_cert (cert, host, cert_subj); |
130 |
++ if (err) |
131 |
++ /* application callback */ |
132 |
++ if (scq) return (*scq) (err,host,cert ? cert_subj : "???") ? NIL : ""; |
133 |
++ /* error message to return via mm_log() */ |
134 |
++ sprintf (tmp,"*%.128s: %.255s",err,cert ? cert_subj : "???"); |
135 |
+ return ssl_last_error = cpystr (tmp); |
136 |
+ } |
137 |
+ return NIL; |
138 |
+@@ -313,7 +318,7 @@ |
139 |
+ * Returns: NIL if validated, else string of error message |
140 |
+ */ |
141 |
+ |
142 |
+-static char *ssl_validate_cert (X509 *cert,char *host) |
143 |
++static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj) |
144 |
+ { |
145 |
+ int i,n; |
146 |
+ char *s,*t,*ret; |
147 |
+@@ -322,9 +327,9 @@ |
148 |
+ /* make sure have a certificate */ |
149 |
+ if (!cert) ret = "No certificate from server"; |
150 |
+ /* and that it has a name */ |
151 |
+- else if (!cert->name) ret = "No name in certificate"; |
152 |
++ else if (cert_subj[0] == '\0') ret = "No name in certificate"; |
153 |
+ /* locate CN */ |
154 |
+- else if (s = strstr (cert->name,"/CN=")) { |
155 |
++ else if (s = strstr (cert_subj,"/CN=")) { |
156 |
+ if (t = strchr (s += 4,'/')) *t = '\0'; |
157 |
+ /* host name matches pattern? */ |
158 |
+ ret = ssl_compare_hostnames (host,s) ? NIL : |