1 |
commit: e363428904c1586d8667335c89aabc4ceeea768e |
2 |
Author: Stefan Strogin <steils <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Aug 28 19:41:26 2019 +0000 |
4 |
Commit: Stefan Strogin <steils <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Aug 29 17:04:04 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3634289 |
7 |
|
8 |
net-libs/wvstreams: add USE=libressl and patch for LibreSSL support |
9 |
|
10 |
Drop the redundant "ssl" flag, since wvstreams is always built with SSL |
11 |
support. |
12 |
|
13 |
Closes: https://bugs.gentoo.org/687096 |
14 |
Closes: https://github.com/gentoo/gentoo/pull/12233 |
15 |
Package-Manager: Portage-2.3.67, Repoman-2.3.14 |
16 |
Signed-off-by: Stefan Strogin <steils <AT> gentoo.org> |
17 |
|
18 |
.../files/wvstreams-4.6.1_p14-libressl.patch | 114 +++++++++++++++++++++ |
19 |
net-libs/wvstreams/wvstreams-4.6.1_p14-r1.ebuild | 6 +- |
20 |
net-libs/wvstreams/wvstreams-99999.ebuild | 7 +- |
21 |
3 files changed, 122 insertions(+), 5 deletions(-) |
22 |
|
23 |
diff --git a/net-libs/wvstreams/files/wvstreams-4.6.1_p14-libressl.patch b/net-libs/wvstreams/files/wvstreams-4.6.1_p14-libressl.patch |
24 |
new file mode 100644 |
25 |
index 00000000000..e897c95bf09 |
26 |
--- /dev/null |
27 |
+++ b/net-libs/wvstreams/files/wvstreams-4.6.1_p14-libressl.patch |
28 |
@@ -0,0 +1,114 @@ |
29 |
+From cb8a81da928054c2e8174d671f2abc88f4f35b87 Mon Sep 17 00:00:00 2001 |
30 |
+From: Stefan Strogin <steils@g.o> |
31 |
+Date: Mon, 10 Jun 2019 17:07:06 +0300 |
32 |
+Subject: [PATCH] Fix LibreSSL support |
33 |
+ |
34 |
+--- |
35 |
+ crypto/wvocsp.cc | 34 ++++++++++++++++++++++++++++++++++ |
36 |
+ crypto/wvx509mgr.cc | 14 ++++++++++++++ |
37 |
+ include/wvdigest.h | 1 + |
38 |
+ 3 files changed, 49 insertions(+) |
39 |
+ |
40 |
+diff --git a/crypto/wvocsp.cc b/crypto/wvocsp.cc |
41 |
+index 7d5da072..7a157f90 100644 |
42 |
+--- a/crypto/wvocsp.cc |
43 |
++++ b/crypto/wvocsp.cc |
44 |
+@@ -130,6 +130,7 @@ bool WvOCSPResp::signedbycert(const WvX509 &cert) const |
45 |
+ } |
46 |
+ |
47 |
+ |
48 |
++#ifndef LIBRESSL_VERSION_NUMBER |
49 |
+ WvX509 WvOCSPResp::get_signing_cert() const |
50 |
+ { |
51 |
+ const STACK_OF(X509) *certs = OCSP_resp_get0_certs(bs); |
52 |
+@@ -143,6 +144,39 @@ WvX509 WvOCSPResp::get_signing_cert() const |
53 |
+ |
54 |
+ return WvX509(); |
55 |
+ } |
56 |
++#else |
57 |
++WvX509 WvOCSPResp::get_signing_cert() const |
58 |
++{ |
59 |
++ if (!bs || !sk_X509_num(bs->certs)) |
60 |
++ return WvX509(); |
61 |
++ |
62 |
++ // note: the following bit of code is taken almost verbatim from |
63 |
++ // ocsp_vfy.c in OpenSSL 0.9.8. Copyright and attribution should |
64 |
++ // properly belong to them |
65 |
++ |
66 |
++ OCSP_RESPID *id = bs->tbsResponseData->responderId; |
67 |
++ |
68 |
++ if (id->type == V_OCSP_RESPID_NAME) |
69 |
++ { |
70 |
++ X509 *x = X509_find_by_subject(bs->certs, id->value.byName); |
71 |
++ if (x) |
72 |
++ return WvX509(X509_dup(x)); |
73 |
++ } |
74 |
++ |
75 |
++ if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL; |
76 |
++ unsigned char tmphash[SHA_DIGEST_LENGTH]; |
77 |
++ unsigned char *keyhash = id->value.byKey->data; |
78 |
++ for (int i = 0; i < sk_X509_num(bs->certs); i++) |
79 |
++ { |
80 |
++ X509 *x = sk_X509_value(bs->certs, i); |
81 |
++ X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL); |
82 |
++ if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH)) |
83 |
++ return WvX509(X509_dup(x)); |
84 |
++ } |
85 |
++ |
86 |
++ return WvX509(); |
87 |
++} |
88 |
++#endif /* LIBRESSL_VERSION_NUMBER */ |
89 |
+ |
90 |
+ |
91 |
+ WvOCSPResp::Status WvOCSPResp::get_status(const WvX509 &cert, |
92 |
+diff --git a/crypto/wvx509mgr.cc b/crypto/wvx509mgr.cc |
93 |
+index 156d3a49..e2bb3ffe 100644 |
94 |
+--- a/crypto/wvx509mgr.cc |
95 |
++++ b/crypto/wvx509mgr.cc |
96 |
+@@ -350,8 +350,15 @@ bool WvX509Mgr::signcert(WvX509 &unsignedcert) const |
97 |
+ return false; |
98 |
+ } |
99 |
+ |
100 |
++#ifndef LIBRESSL_VERSION_NUMBER |
101 |
+ uint32_t ex_flags = X509_get_extension_flags(cert); |
102 |
+ uint32_t ex_kusage = X509_get_key_usage(cert); |
103 |
++#else |
104 |
++ X509_check_purpose(cert, -1, -1); |
105 |
++ uint32_t ex_flags = cert->ex_flags; |
106 |
++ uint32_t ex_kusage = (cert->ex_flags & EXFLAG_KUSAGE) ? |
107 |
++ cert->ex_kusage : UINT32_MAX; |
108 |
++#endif |
109 |
+ if (cert == unsignedcert.cert) |
110 |
+ { |
111 |
+ debug("Self Signing!\n"); |
112 |
+@@ -392,8 +399,15 @@ bool WvX509Mgr::signcert(WvX509 &unsignedcert) const |
113 |
+ |
114 |
+ bool WvX509Mgr::signcrl(WvCRL &crl) const |
115 |
+ { |
116 |
++#ifndef LIBRESSL_VERSION_NUMBER |
117 |
+ uint32_t ex_flags = X509_get_extension_flags(cert); |
118 |
+ uint32_t ex_kusage = X509_get_key_usage(cert); |
119 |
++#else |
120 |
++ X509_check_purpose(cert, -1, -1); |
121 |
++ uint32_t ex_flags = cert->ex_flags; |
122 |
++ uint32_t ex_kusage = (cert->ex_flags & EXFLAG_KUSAGE) ? |
123 |
++ cert->ex_kusage : UINT32_MAX; |
124 |
++#endif |
125 |
+ if (!isok() || !crl.isok()) |
126 |
+ { |
127 |
+ debug(WvLog::Warning, "Asked to sign CRL, but certificate or CRL (or " |
128 |
+diff --git a/include/wvdigest.h b/include/wvdigest.h |
129 |
+index f2eed401..e637fb49 100644 |
130 |
+--- a/include/wvdigest.h |
131 |
++++ b/include/wvdigest.h |
132 |
+@@ -10,6 +10,7 @@ |
133 |
+ #include "wvencoder.h" |
134 |
+ #include <stdint.h> |
135 |
+ #include <openssl/evp.h> |
136 |
++#include <openssl/hmac.h> |
137 |
+ |
138 |
+ |
139 |
+ /** |
140 |
+-- |
141 |
+2.21.0 |
142 |
+ |
143 |
|
144 |
diff --git a/net-libs/wvstreams/wvstreams-4.6.1_p14-r1.ebuild b/net-libs/wvstreams/wvstreams-4.6.1_p14-r1.ebuild |
145 |
index 58f5b66846d..34a203bd673 100644 |
146 |
--- a/net-libs/wvstreams/wvstreams-4.6.1_p14-r1.ebuild |
147 |
+++ b/net-libs/wvstreams/wvstreams-4.6.1_p14-r1.ebuild |
148 |
@@ -14,7 +14,7 @@ SRC_URI=" |
149 |
LICENSE="GPL-2" |
150 |
SLOT="0" |
151 |
KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~sparc ~x86" |
152 |
-IUSE="pam doc +ssl +dbus debug boost" |
153 |
+IUSE="boost +dbus debug doc libressl pam" |
154 |
|
155 |
#Tests fail if openssl is not compiled with -DPURIFY. Gentoo's isn't. FAIL! |
156 |
RESTRICT="test" |
157 |
@@ -24,10 +24,11 @@ RESTRICT="test" |
158 |
#more tightly this time. Probably for the better since upstream xplc seems dead. |
159 |
|
160 |
RDEPEND=" |
161 |
- >=dev-libs/openssl-1.1:0= |
162 |
sys-libs/readline:0= |
163 |
sys-libs/zlib |
164 |
dbus? ( >=sys-apps/dbus-1.4.20 ) |
165 |
+ !libressl? ( >=dev-libs/openssl-1.1:0= ) |
166 |
+ libressl? ( dev-libs/libressl:0= ) |
167 |
pam? ( virtual/pam ) |
168 |
" |
169 |
DEPEND=" |
170 |
@@ -49,6 +50,7 @@ src_prepare() { |
171 |
default |
172 |
|
173 |
eapply $(awk '{ print "'"${WORKDIR}"'/debian/patches/" $0; }' < "${WORKDIR}"/debian/patches/series) |
174 |
+ eapply "${FILESDIR}"/${P}-libressl.patch # bug 687096 |
175 |
|
176 |
eautoreconf |
177 |
} |
178 |
|
179 |
diff --git a/net-libs/wvstreams/wvstreams-99999.ebuild b/net-libs/wvstreams/wvstreams-99999.ebuild |
180 |
index 8665f2087f9..dc51487d43e 100644 |
181 |
--- a/net-libs/wvstreams/wvstreams-99999.ebuild |
182 |
+++ b/net-libs/wvstreams/wvstreams-99999.ebuild |
183 |
@@ -1,4 +1,4 @@ |
184 |
-# Copyright 1999-2018 Gentoo Authors |
185 |
+# Copyright 1999-2019 Gentoo Authors |
186 |
# Distributed under the terms of the GNU General Public License v2 |
187 |
|
188 |
EAPI=6 |
189 |
@@ -12,13 +12,14 @@ EGIT_REPO_URI="${HOMEPAGE}" |
190 |
LICENSE="GPL-2" |
191 |
SLOT="0/5.0" |
192 |
KEYWORDS="" |
193 |
-IUSE="+dbus debug doc pam static-libs +zlib" |
194 |
+IUSE="+dbus debug doc libressl pam static-libs +zlib" |
195 |
|
196 |
RDEPEND=" |
197 |
- <dev-libs/openssl-1.1:0= |
198 |
sys-libs/readline:0= |
199 |
sys-libs/zlib |
200 |
dbus? ( >=sys-apps/dbus-1.4.20 ) |
201 |
+ !libressl? ( <dev-libs/openssl-1.1:0= ) |
202 |
+ libressl? ( dev-libs/libressl:0= ) |
203 |
pam? ( virtual/pam ) |
204 |
" |
205 |
DEPEND=" |