1 |
commit: 1ec4d4652ae9c38e33c8ba59eba3eb43af4fc0fd |
2 |
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Mar 3 23:32:47 2017 +0000 |
4 |
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Mar 3 23:49:31 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ec4d465 |
7 |
|
8 |
net-firewall/nufw: support gnutls-3.4 + eapi bump |
9 |
|
10 |
Bug: 583608 |
11 |
|
12 |
Package-Manager: Portage-2.3.3, Repoman-2.3.1 |
13 |
|
14 |
.../nufw/files/nufw-2.2.22-gnutls-3.4.patch | 103 ++++++++++++++++++++ |
15 |
net-firewall/nufw/nufw-2.2.22-r2.ebuild | 105 +++++++++++++++++++++ |
16 |
2 files changed, 208 insertions(+) |
17 |
|
18 |
diff --git a/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch |
19 |
new file mode 100644 |
20 |
index 00000000000..e75d2b3fd61 |
21 |
--- /dev/null |
22 |
+++ b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch |
23 |
@@ -0,0 +1,103 @@ |
24 |
+From cbe4cfe90322e5add59433d9dd8394f46e341fab Mon Sep 17 00:00:00 2001 |
25 |
+From: Alon Bar-Lev <alon.barlev@×××××.com> |
26 |
+Date: Sat, 4 Mar 2017 01:00:40 +0200 |
27 |
+Subject: [PATCH] ssl: drop call of deprecated |
28 |
+ gnutls_certificate_type_set_priority() |
29 |
+ |
30 |
+CTYPE-X.509 is the default value. Closes: #624077 |
31 |
+ |
32 |
+Signed-off-by: Alon Bar-Lev <alon.barlev@×××××.com> |
33 |
+--- |
34 |
+ src/clients/lib/libnuclient.c | 15 ++------------- |
35 |
+ src/nufw/tls.c | 14 -------------- |
36 |
+ 2 files changed, 2 insertions(+), 27 deletions(-) |
37 |
+ |
38 |
+diff --git a/src/clients/lib/libnuclient.c b/src/clients/lib/libnuclient.c |
39 |
+index 917e75a..6e78c96 100644 |
40 |
+--- a/src/clients/lib/libnuclient.c |
41 |
++++ b/src/clients/lib/libnuclient.c |
42 |
+@@ -62,9 +62,6 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL; |
43 |
+ # define DH_BITS 1024 |
44 |
+ #endif |
45 |
+ |
46 |
+-static const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 }; |
47 |
+- |
48 |
+- |
49 |
+ void nu_exit_clean(nuauth_session_t * session) |
50 |
+ { |
51 |
+ if (session->ct) { |
52 |
+@@ -270,7 +267,7 @@ int check_key_perms(const char* filename) |
53 |
+ return 1; |
54 |
+ } |
55 |
+ |
56 |
+-static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st) |
57 |
++static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st) |
58 |
+ { |
59 |
+ printf("TLS error: server requests certificate, none configured\n"); |
60 |
+ return 0; |
61 |
+@@ -518,7 +515,7 @@ int nu_client_setup_tls(nuauth_session_t * session, |
62 |
+ SET_ERROR(err, INTERNAL_ERROR, FILE_ACCESS_ERR); |
63 |
+ return 0; |
64 |
+ } |
65 |
+- gnutls_certificate_client_set_retrieve_function(session->cred, |
66 |
++ gnutls_certificate_set_retrieve_function(session->cred, |
67 |
+ &_cb_request_cert); |
68 |
+ } |
69 |
+ |
70 |
+@@ -604,12 +601,6 @@ int nu_client_reset_tls(nuauth_session_t *session) |
71 |
+ return 0; |
72 |
+ } |
73 |
+ |
74 |
+- ret = |
75 |
+- gnutls_certificate_type_set_priority(session->tls, |
76 |
+- cert_type_priority); |
77 |
+- if (ret < 0) { |
78 |
+- return 0; |
79 |
+- } |
80 |
+ return 1; |
81 |
+ } |
82 |
+ |
83 |
+@@ -776,8 +767,6 @@ void nu_client_reset(nuauth_session_t * session) |
84 |
+ gnutls_deinit(session->tls); |
85 |
+ gnutls_init(&session->tls, GNUTLS_CLIENT); |
86 |
+ gnutls_set_default_priority(session->tls); |
87 |
+- gnutls_certificate_type_set_priority(session->tls, |
88 |
+- cert_type_priority); |
89 |
+ session->need_set_cred = 1; |
90 |
+ |
91 |
+ /* close socket */ |
92 |
+diff --git a/src/nufw/tls.c b/src/nufw/tls.c |
93 |
+index e7223eb..2d46820 100644 |
94 |
+--- a/src/nufw/tls.c |
95 |
++++ b/src/nufw/tls.c |
96 |
+@@ -506,8 +506,6 @@ void tls_connect() |
97 |
+ gnutls_session *tls_session; |
98 |
+ int tls_socket, ret; |
99 |
+ #if USE_X509 |
100 |
+- const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 }; |
101 |
+- |
102 |
+ tls.session = NULL; |
103 |
+ |
104 |
+ /* compute patch key_file */ |
105 |
+@@ -655,18 +653,6 @@ void tls_connect() |
106 |
+ return; |
107 |
+ } |
108 |
+ #if USE_X509 |
109 |
+- ret = gnutls_certificate_type_set_priority(*(tls_session), |
110 |
+- cert_type_priority); |
111 |
+- if (ret < 0) { |
112 |
+- log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, |
113 |
+- "TLS: gnutls_certificate_type_set_priority() failed: %s", |
114 |
+- gnutls_strerror(ret)); |
115 |
+- gnutls_certificate_free_credentials(tls.xcred); |
116 |
+- gnutls_deinit(*tls_session); |
117 |
+- free(tls_session); |
118 |
+- return; |
119 |
+- } |
120 |
+- |
121 |
+ /* put the x509 credentials to the current session */ |
122 |
+ ret = gnutls_credentials_set(*(tls_session), GNUTLS_CRD_CERTIFICATE, |
123 |
+ tls.xcred); |
124 |
+-- |
125 |
+2.10.2 |
126 |
+ |
127 |
|
128 |
diff --git a/net-firewall/nufw/nufw-2.2.22-r2.ebuild b/net-firewall/nufw/nufw-2.2.22-r2.ebuild |
129 |
new file mode 100644 |
130 |
index 00000000000..98a634420c3 |
131 |
--- /dev/null |
132 |
+++ b/net-firewall/nufw/nufw-2.2.22-r2.ebuild |
133 |
@@ -0,0 +1,105 @@ |
134 |
+# Copyright 1999-2017 Gentoo Foundation |
135 |
+# Distributed under the terms of the GNU General Public License v2 |
136 |
+ |
137 |
+EAPI=6 |
138 |
+ |
139 |
+SSL_CERT_MANDATORY=1 |
140 |
+inherit autotools eutils multilib pam ssl-cert |
141 |
+ |
142 |
+DESCRIPTION="An enterprise grade authenticating firewall based on netfilter" |
143 |
+HOMEPAGE="http://www.nufw.org/" |
144 |
+SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2" |
145 |
+ |
146 |
+LICENSE="GPL-2" |
147 |
+SLOT="0" |
148 |
+KEYWORDS="~amd64 ~x86" |
149 |
+IUSE="debug ldap mysql pam pam_nuauth plaintext postgres prelude unicode nfqueue nfconntrack static syslog test" |
150 |
+ |
151 |
+REQUIRED_USE="pam_nuauth? ( plaintext )" |
152 |
+DEPEND=" |
153 |
+ dev-libs/cyrus-sasl |
154 |
+ dev-libs/glib:2 |
155 |
+ dev-libs/libgcrypt:0 |
156 |
+ dev-python/ipy |
157 |
+ net-firewall/iptables |
158 |
+ net-libs/gnutls |
159 |
+ ldap? ( >=net-nds/openldap-2 ) |
160 |
+ mysql? ( virtual/mysql ) |
161 |
+ nfconntrack? ( net-libs/libnetfilter_conntrack ) |
162 |
+ nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue ) |
163 |
+ pam? ( sys-libs/pam ) |
164 |
+ pam_nuauth? ( sys-libs/pam ) |
165 |
+ postgres? ( dev-db/postgresql:*[server] ) |
166 |
+ prelude? ( dev-libs/libprelude ) |
167 |
+" |
168 |
+RDEPEND=${DEPEND} |
169 |
+ |
170 |
+PATCHES=( |
171 |
+ "${FILESDIR}/${P}-var-run.patch" |
172 |
+ "${FILESDIR}/${P}-gnutls-3.4.patch" |
173 |
+) |
174 |
+ |
175 |
+RESTRICT="test" |
176 |
+ |
177 |
+src_prepare() { |
178 |
+ default |
179 |
+ sed -i \ |
180 |
+ -e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \ |
181 |
+ -e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \ |
182 |
+ conf/nuauth.conf || die |
183 |
+ sed -i \ |
184 |
+ -e "/^modulesdir/s|=.*|= /$(get_libdir)/security|g" \ |
185 |
+ src/clients/pam_nufw/Makefile.am || die |
186 |
+ eautoreconf |
187 |
+} |
188 |
+ |
189 |
+src_configure() { |
190 |
+ econf \ |
191 |
+ $(use_enable debug) \ |
192 |
+ $(use_enable pam_nuauth pam-nufw) \ |
193 |
+ $(use_enable static) \ |
194 |
+ $(use_with ldap) \ |
195 |
+ $(use_with mysql mysql-auth) \ |
196 |
+ $(use_with mysql mysql-log) \ |
197 |
+ $(use_with nfconntrack) \ |
198 |
+ $(use_with nfqueue) \ |
199 |
+ $(use_with pam system-auth) \ |
200 |
+ $(use_with plaintext plaintext-auth) \ |
201 |
+ $(use_with postgres pgsql-log) \ |
202 |
+ $(use_with prelude prelude-log) \ |
203 |
+ $(use_with syslog syslog-log) \ |
204 |
+ $(use_with unicode utf8) \ |
205 |
+ --enable-shared \ |
206 |
+ --includedir="/usr/include/nufw" \ |
207 |
+ --localstatedir="/var" \ |
208 |
+ --sysconfdir="/etc/nufw" \ |
209 |
+ --with-mark-group \ |
210 |
+ --with-user-mark |
211 |
+} |
212 |
+ |
213 |
+src_install() { |
214 |
+ default |
215 |
+ prune_libtool_files |
216 |
+ |
217 |
+ newinitd "${FILESDIR}"/nufw-init.d nufw |
218 |
+ newconfd "${FILESDIR}"/nufw-conf.d nufw |
219 |
+ |
220 |
+ newinitd "${FILESDIR}"/nuauth-init.d nuauth |
221 |
+ newconfd "${FILESDIR}"/nuauth-conf.d nuauth |
222 |
+ |
223 |
+ insinto /etc/nufw |
224 |
+ doins conf/nuauth.conf |
225 |
+ |
226 |
+ docinto scripts |
227 |
+ dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh} |
228 |
+ docinto conf |
229 |
+ dodoc conf/*.{nufw,schema,conf,dump,xml} |
230 |
+ |
231 |
+ if use pam; then |
232 |
+ pamd_mimic system-auth nufw auth account password session |
233 |
+ fi |
234 |
+} |
235 |
+ |
236 |
+pkg_postinst() { |
237 |
+ install_cert /etc/nufw/{nufw,nuauth} |
238 |
+} |