[gentoo-commits] repo/gentoo:master commit in: net-firewall/nufw/, net-firewall/nufw/files/ - gentoo-commits

From:	Alon Bar-Lev <alonbl@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-firewall/nufw/, net-firewall/nufw/files/
Date:	Fri, 03 Mar 2017 23:49:41
Message-Id:	`1488584971.1ec4d4652ae9c38e33c8ba59eba3eb43af4fc0fd.alonbl@gentoo`

1

commit:     1ec4d4652ae9c38e33c8ba59eba3eb43af4fc0fd

2

Author:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>

3

AuthorDate: Fri Mar  3 23:32:47 2017 +0000

4

Commit:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>

5

CommitDate: Fri Mar  3 23:49:31 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ec4d465

7

8

net-firewall/nufw: support gnutls-3.4 + eapi bump

9

10

Bug: 583608

11

12

Package-Manager: Portage-2.3.3, Repoman-2.3.1

13

14

 .../nufw/files/nufw-2.2.22-gnutls-3.4.patch        | 103 ++++++++++++++++++++

15

 net-firewall/nufw/nufw-2.2.22-r2.ebuild            | 105 +++++++++++++++++++++

16

 2 files changed, 208 insertions(+)

17

18

diff --git a/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch

19

new file mode 100644

20

index 00000000000..e75d2b3fd61

21

--- /dev/null

22

+++ b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch

23

@@ -0,0 +1,103 @@

24

+From cbe4cfe90322e5add59433d9dd8394f46e341fab Mon Sep 17 00:00:00 2001

25

+From: Alon Bar-Lev <alon.barlev@×××××.com>

26

+Date: Sat, 4 Mar 2017 01:00:40 +0200

27

+Subject: [PATCH] ssl: drop call of deprecated

28

+ gnutls_certificate_type_set_priority()

29

+

30

+CTYPE-X.509 is the default value. Closes: #624077

31

+

32

+Signed-off-by: Alon Bar-Lev <alon.barlev@×××××.com>

33

+---

34

+ src/clients/lib/libnuclient.c | 15 ++-------------

35

+ src/nufw/tls.c                | 14 --------------

36

+ 2 files changed, 2 insertions(+), 27 deletions(-)

37

+

38

+diff --git a/src/clients/lib/libnuclient.c b/src/clients/lib/libnuclient.c

39

+index 917e75a..6e78c96 100644

40

+--- a/src/clients/lib/libnuclient.c

41

++++ b/src/clients/lib/libnuclient.c

42

+@@ -62,9 +62,6 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL;

43

+ #  define DH_BITS 1024

44

+ #endif

45

+

46

+-static const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 };

47

+-

48

+-

49

+ void nu_exit_clean(nuauth_session_t * session)

50

+ {

51

+ 	if (session->ct) {

52

+@@ -270,7 +267,7 @@ int check_key_perms(const char* filename)

53

+ 	return 1;

54

+ }

55

+

56

+-static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st)

57

++static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st)

58

+ {

59

+ 	printf("TLS error: server requests certificate, none configured\n");

60

+ 	return 0;

61

+@@ -518,7 +515,7 @@ int nu_client_setup_tls(nuauth_session_t * session,

62

+ 			SET_ERROR(err, INTERNAL_ERROR, FILE_ACCESS_ERR);

63

+ 			return 0;

64

+ 		}

65

+-		gnutls_certificate_client_set_retrieve_function(session->cred,

66

++		gnutls_certificate_set_retrieve_function(session->cred,

67

+ 				&_cb_request_cert);

68

+ 	}

69

+

70

+@@ -604,12 +601,6 @@ int nu_client_reset_tls(nuauth_session_t *session)

71

+ 		return 0;

72

+ 	}

73

+

74

+-	ret =

75

+-	    gnutls_certificate_type_set_priority(session->tls,

76

+-						 cert_type_priority);

77

+-	if (ret < 0) {

78

+-		return 0;

79

+-	}

80

+ 	return 1;

81

+ }

82

+

83

+@@ -776,8 +767,6 @@ void nu_client_reset(nuauth_session_t * session)

84

+ 	gnutls_deinit(session->tls);

85

+ 	gnutls_init(&session->tls, GNUTLS_CLIENT);

86

+ 	gnutls_set_default_priority(session->tls);

87

+-	gnutls_certificate_type_set_priority(session->tls,

88

+-					     cert_type_priority);

89

+ 	session->need_set_cred = 1;

90

+

91

+ 	/* close socket */

92

+diff --git a/src/nufw/tls.c b/src/nufw/tls.c

93

+index e7223eb..2d46820 100644

94

+--- a/src/nufw/tls.c

95

++++ b/src/nufw/tls.c

96

+@@ -506,8 +506,6 @@ void tls_connect()

97

+ 	gnutls_session *tls_session;

98

+ 	int tls_socket, ret;

99

+ #if USE_X509

100

+-	const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 };

101

+-

102

+ 	tls.session = NULL;

103

+

104

+ 	/* compute patch key_file */

105

+@@ -655,18 +653,6 @@ void tls_connect()

106

+ 		return;

107

+ 	}

108

+ #if USE_X509

109

+-	ret = gnutls_certificate_type_set_priority(*(tls_session),

110

+-						   cert_type_priority);

111

+-	if (ret < 0) {

112

+-		log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING,

113

+-				"TLS: gnutls_certificate_type_set_priority() failed: %s",

114

+-				gnutls_strerror(ret));

115

+-		gnutls_certificate_free_credentials(tls.xcred);

116

+-		gnutls_deinit(*tls_session);

117

+-		free(tls_session);

118

+-		return;

119

+-	}

120

+-

121

+ 	/* put the x509 credentials to the current session */

122

+ 	ret = gnutls_credentials_set(*(tls_session), GNUTLS_CRD_CERTIFICATE,

123

+ 				   tls.xcred);

124

+--

125

+2.10.2

126

+

127

128

diff --git a/net-firewall/nufw/nufw-2.2.22-r2.ebuild b/net-firewall/nufw/nufw-2.2.22-r2.ebuild

129

new file mode 100644

130

index 00000000000..98a634420c3

131

--- /dev/null

132

+++ b/net-firewall/nufw/nufw-2.2.22-r2.ebuild

133

@@ -0,0 +1,105 @@

134

+# Copyright 1999-2017 Gentoo Foundation

135

+# Distributed under the terms of the GNU General Public License v2

136

+

137

+EAPI=6

138

+

139

+SSL_CERT_MANDATORY=1

140

+inherit autotools eutils multilib pam ssl-cert

141

+

142

+DESCRIPTION="An enterprise grade authenticating firewall based on netfilter"

143

+HOMEPAGE="http://www.nufw.org/"

144

+SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2"

145

+

146

+LICENSE="GPL-2"

147

+SLOT="0"

148

+KEYWORDS="~amd64 ~x86"

149

+IUSE="debug ldap mysql pam pam_nuauth plaintext postgres prelude unicode nfqueue nfconntrack static syslog test"

150

+

151

+REQUIRED_USE="pam_nuauth? ( plaintext )"

152

+DEPEND="

153

+	dev-libs/cyrus-sasl

154

+	dev-libs/glib:2

155

+	dev-libs/libgcrypt:0

156

+	dev-python/ipy

157

+	net-firewall/iptables

158

+	net-libs/gnutls

159

+	ldap? ( >=net-nds/openldap-2 )

160

+	mysql? ( virtual/mysql )

161

+	nfconntrack? ( net-libs/libnetfilter_conntrack )

162

+	nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue )

163

+	pam? ( sys-libs/pam )

164

+	pam_nuauth? ( sys-libs/pam )

165

+	postgres? ( dev-db/postgresql:*[server] )

166

+	prelude? ( dev-libs/libprelude )

167

+"

168

+RDEPEND=${DEPEND}

169

+

170

+PATCHES=(

171

+	"${FILESDIR}/${P}-var-run.patch"

172

+	"${FILESDIR}/${P}-gnutls-3.4.patch"

173

+)

174

+

175

+RESTRICT="test"

176

+

177

+src_prepare() {

178

+	default

179

+	sed -i \

180

+		-e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \

181

+		-e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \

182

+		conf/nuauth.conf || die

183

+	sed -i \

184

+		-e "/^modulesdir/s|=.*|= /$(get_libdir)/security|g" \

185

+		src/clients/pam_nufw/Makefile.am || die

186

+	eautoreconf

187

+}

188

+

189

+src_configure() {

190

+	econf \

191

+		$(use_enable debug) \

192

+		$(use_enable pam_nuauth pam-nufw) \

193

+		$(use_enable static) \

194

+		$(use_with ldap) \

195

+		$(use_with mysql mysql-auth) \

196

+		$(use_with mysql mysql-log) \

197

+		$(use_with nfconntrack) \

198

+		$(use_with nfqueue) \

199

+		$(use_with pam system-auth) \

200

+		$(use_with plaintext plaintext-auth) \

201

+		$(use_with postgres pgsql-log) \

202

+		$(use_with prelude prelude-log) \

203

+		$(use_with syslog syslog-log) \

204

+		$(use_with unicode utf8) \

205

+		--enable-shared \

206

+		--includedir="/usr/include/nufw" \

207

+		--localstatedir="/var" \

208

+		--sysconfdir="/etc/nufw" \

209

+		--with-mark-group \

210

+		--with-user-mark

211

+}

212

+

213

+src_install() {

214

+	default

215

+	prune_libtool_files

216

+

217

+	newinitd "${FILESDIR}"/nufw-init.d nufw

218

+	newconfd "${FILESDIR}"/nufw-conf.d nufw

219

+

220

+	newinitd "${FILESDIR}"/nuauth-init.d nuauth

221

+	newconfd "${FILESDIR}"/nuauth-conf.d nuauth

222

+

223

+	insinto /etc/nufw

224

+	doins conf/nuauth.conf

225

+

226

+	docinto scripts

227

+	dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh}

228

+	docinto conf

229

+	dodoc conf/*.{nufw,schema,conf,dump,xml}

230

+

231

+	if use pam; then

232

+		pamd_mimic system-auth nufw auth account password session

233

+	fi

234

+}

235

+

236

+pkg_postinst() {

237

+	install_cert /etc/nufw/{nufw,nuauth}

238

+}

1	commit: 1ec4d4652ae9c38e33c8ba59eba3eb43af4fc0fd
2	Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
3	AuthorDate: Fri Mar 3 23:32:47 2017 +0000
4	Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
5	CommitDate: Fri Mar 3 23:49:31 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ec4d465
7
8	net-firewall/nufw: support gnutls-3.4 + eapi bump
9
10	Bug: 583608
11
12	Package-Manager: Portage-2.3.3, Repoman-2.3.1
13
14	.../nufw/files/nufw-2.2.22-gnutls-3.4.patch \| 103 ++++++++++++++++++++
15	net-firewall/nufw/nufw-2.2.22-r2.ebuild \| 105 +++++++++++++++++++++
16	2 files changed, 208 insertions(+)
17
18	diff --git a/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch
19	new file mode 100644
20	index 00000000000..e75d2b3fd61
21	--- /dev/null
22	+++ b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch
23	@@ -0,0 +1,103 @@
24	+From cbe4cfe90322e5add59433d9dd8394f46e341fab Mon Sep 17 00:00:00 2001
25	+From: Alon Bar-Lev <alon.barlev@×××××.com>
26	+Date: Sat, 4 Mar 2017 01:00:40 +0200
27	+Subject: [PATCH] ssl: drop call of deprecated
28	+ gnutls_certificate_type_set_priority()
29	+
30	+CTYPE-X.509 is the default value. Closes: #624077
31	+
32	+Signed-off-by: Alon Bar-Lev <alon.barlev@×××××.com>
33	+---
34	+ src/clients/lib/libnuclient.c \| 15 ++-------------
35	+ src/nufw/tls.c \| 14 --------------
36	+ 2 files changed, 2 insertions(+), 27 deletions(-)
37	+
38	+diff --git a/src/clients/lib/libnuclient.c b/src/clients/lib/libnuclient.c
39	+index 917e75a..6e78c96 100644
40	+--- a/src/clients/lib/libnuclient.c
41	++++ b/src/clients/lib/libnuclient.c
42	+@@ -62,9 +62,6 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL;
43	+ # define DH_BITS 1024
44	+ #endif
45	+
46	+-static const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 };
47	+-
48	+-
49	+ void nu_exit_clean(nuauth_session_t * session)
50	+ {
51	+ if (session->ct) {
52	+@@ -270,7 +267,7 @@ int check_key_perms(const char* filename)
53	+ return 1;
54	+ }
55	+
56	+-static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st)
57	++static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st)
58	+ {
59	+ printf("TLS error: server requests certificate, none configured\n");
60	+ return 0;
61	+@@ -518,7 +515,7 @@ int nu_client_setup_tls(nuauth_session_t * session,
62	+ SET_ERROR(err, INTERNAL_ERROR, FILE_ACCESS_ERR);
63	+ return 0;
64	+ }
65	+- gnutls_certificate_client_set_retrieve_function(session->cred,
66	++ gnutls_certificate_set_retrieve_function(session->cred,
67	+ &_cb_request_cert);
68	+ }
69	+
70	+@@ -604,12 +601,6 @@ int nu_client_reset_tls(nuauth_session_t *session)
71	+ return 0;
72	+ }
73	+
74	+- ret =
75	+- gnutls_certificate_type_set_priority(session->tls,
76	+- cert_type_priority);
77	+- if (ret < 0) {
78	+- return 0;
79	+- }
80	+ return 1;
81	+ }
82	+
83	+@@ -776,8 +767,6 @@ void nu_client_reset(nuauth_session_t * session)
84	+ gnutls_deinit(session->tls);
85	+ gnutls_init(&session->tls, GNUTLS_CLIENT);
86	+ gnutls_set_default_priority(session->tls);
87	+- gnutls_certificate_type_set_priority(session->tls,
88	+- cert_type_priority);
89	+ session->need_set_cred = 1;
90	+
91	+ /* close socket */
92	+diff --git a/src/nufw/tls.c b/src/nufw/tls.c
93	+index e7223eb..2d46820 100644
94	+--- a/src/nufw/tls.c
95	++++ b/src/nufw/tls.c
96	+@@ -506,8 +506,6 @@ void tls_connect()
97	+ gnutls_session *tls_session;
98	+ int tls_socket, ret;
99	+ #if USE_X509
100	+- const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 };
101	+-
102	+ tls.session = NULL;
103	+
104	+ /* compute patch key_file */
105	+@@ -655,18 +653,6 @@ void tls_connect()
106	+ return;
107	+ }
108	+ #if USE_X509
109	+- ret = gnutls_certificate_type_set_priority(*(tls_session),
110	+- cert_type_priority);
111	+- if (ret < 0) {
112	+- log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING,
113	+- "TLS: gnutls_certificate_type_set_priority() failed: %s",
114	+- gnutls_strerror(ret));
115	+- gnutls_certificate_free_credentials(tls.xcred);
116	+- gnutls_deinit(*tls_session);
117	+- free(tls_session);
118	+- return;
119	+- }
120	+-
121	+ /* put the x509 credentials to the current session */
122	+ ret = gnutls_credentials_set(*(tls_session), GNUTLS_CRD_CERTIFICATE,
123	+ tls.xcred);
124	+--
125	+2.10.2
126	+
127
128	diff --git a/net-firewall/nufw/nufw-2.2.22-r2.ebuild b/net-firewall/nufw/nufw-2.2.22-r2.ebuild
129	new file mode 100644
130	index 00000000000..98a634420c3
131	--- /dev/null
132	+++ b/net-firewall/nufw/nufw-2.2.22-r2.ebuild
133	@@ -0,0 +1,105 @@
134	+# Copyright 1999-2017 Gentoo Foundation
135	+# Distributed under the terms of the GNU General Public License v2
136	+
137	+EAPI=6
138	+
139	+SSL_CERT_MANDATORY=1
140	+inherit autotools eutils multilib pam ssl-cert
141	+
142	+DESCRIPTION="An enterprise grade authenticating firewall based on netfilter"
143	+HOMEPAGE="http://www.nufw.org/"
144	+SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2"
145	+
146	+LICENSE="GPL-2"
147	+SLOT="0"
148	+KEYWORDS="~amd64 ~x86"
149	+IUSE="debug ldap mysql pam pam_nuauth plaintext postgres prelude unicode nfqueue nfconntrack static syslog test"
150	+
151	+REQUIRED_USE="pam_nuauth? ( plaintext )"
152	+DEPEND="
153	+ dev-libs/cyrus-sasl
154	+ dev-libs/glib:2
155	+ dev-libs/libgcrypt:0
156	+ dev-python/ipy
157	+ net-firewall/iptables
158	+ net-libs/gnutls
159	+ ldap? ( >=net-nds/openldap-2 )
160	+ mysql? ( virtual/mysql )
161	+ nfconntrack? ( net-libs/libnetfilter_conntrack )
162	+ nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue )
163	+ pam? ( sys-libs/pam )
164	+ pam_nuauth? ( sys-libs/pam )
165	+ postgres? ( dev-db/postgresql:*[server] )
166	+ prelude? ( dev-libs/libprelude )
167	+"
168	+RDEPEND=${DEPEND}
169	+
170	+PATCHES=(
171	+ "${FILESDIR}/${P}-var-run.patch"
172	+ "${FILESDIR}/${P}-gnutls-3.4.patch"
173	+)
174	+
175	+RESTRICT="test"
176	+
177	+src_prepare() {
178	+ default
179	+ sed -i \
180	+ -e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \
181	+ -e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \
182	+ conf/nuauth.conf \|\| die
183	+ sed -i \
184	+ -e "/^modulesdir/s\|=.*\|= /$(get_libdir)/security\|g" \
185	+ src/clients/pam_nufw/Makefile.am \|\| die
186	+ eautoreconf
187	+}
188	+
189	+src_configure() {
190	+ econf \
191	+ $(use_enable debug) \
192	+ $(use_enable pam_nuauth pam-nufw) \
193	+ $(use_enable static) \
194	+ $(use_with ldap) \
195	+ $(use_with mysql mysql-auth) \
196	+ $(use_with mysql mysql-log) \
197	+ $(use_with nfconntrack) \
198	+ $(use_with nfqueue) \
199	+ $(use_with pam system-auth) \
200	+ $(use_with plaintext plaintext-auth) \
201	+ $(use_with postgres pgsql-log) \
202	+ $(use_with prelude prelude-log) \
203	+ $(use_with syslog syslog-log) \
204	+ $(use_with unicode utf8) \
205	+ --enable-shared \
206	+ --includedir="/usr/include/nufw" \
207	+ --localstatedir="/var" \
208	+ --sysconfdir="/etc/nufw" \
209	+ --with-mark-group \
210	+ --with-user-mark
211	+}
212	+
213	+src_install() {
214	+ default
215	+ prune_libtool_files
216	+
217	+ newinitd "${FILESDIR}"/nufw-init.d nufw
218	+ newconfd "${FILESDIR}"/nufw-conf.d nufw
219	+
220	+ newinitd "${FILESDIR}"/nuauth-init.d nuauth
221	+ newconfd "${FILESDIR}"/nuauth-conf.d nuauth
222	+
223	+ insinto /etc/nufw
224	+ doins conf/nuauth.conf
225	+
226	+ docinto scripts
227	+ dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh}
228	+ docinto conf
229	+ dodoc conf/*.{nufw,schema,conf,dump,xml}
230	+
231	+ if use pam; then
232	+ pamd_mimic system-auth nufw auth account password session
233	+ fi
234	+}
235	+
236	+pkg_postinst() {
237	+ install_cert /etc/nufw/{nufw,nuauth}
238	+}

Gentoo Archives: gentoo-commits