[gentoo-commits] repo/gentoo:master commit in: net-libs/wvstreams/files/, net-libs/wvstreams/ - gentoo-commits

From:	Stefan Strogin <steils@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-libs/wvstreams/files/, net-libs/wvstreams/
Date:	Thu, 29 Aug 2019 17:05:44
Message-Id:	`1567098244.e363428904c1586d8667335c89aabc4ceeea768e.steils@gentoo`

1

commit:     e363428904c1586d8667335c89aabc4ceeea768e

2

Author:     Stefan Strogin <steils <AT> gentoo <DOT> org>

3

AuthorDate: Wed Aug 28 19:41:26 2019 +0000

4

Commit:     Stefan Strogin <steils <AT> gentoo <DOT> org>

5

CommitDate: Thu Aug 29 17:04:04 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3634289

7

8

net-libs/wvstreams: add USE=libressl and patch for LibreSSL support

9

10

Drop the redundant "ssl" flag, since wvstreams is always built with SSL

11

support.

12

13

Closes: https://bugs.gentoo.org/687096

14

Closes: https://github.com/gentoo/gentoo/pull/12233

15

Package-Manager: Portage-2.3.67, Repoman-2.3.14

16

Signed-off-by: Stefan Strogin <steils <AT> gentoo.org>

17

18

 .../files/wvstreams-4.6.1_p14-libressl.patch       | 114 +++++++++++++++++++++

19

 net-libs/wvstreams/wvstreams-4.6.1_p14-r1.ebuild   |   6 +-

20

 net-libs/wvstreams/wvstreams-99999.ebuild          |   7 +-

21

 3 files changed, 122 insertions(+), 5 deletions(-)

22

23

diff --git a/net-libs/wvstreams/files/wvstreams-4.6.1_p14-libressl.patch b/net-libs/wvstreams/files/wvstreams-4.6.1_p14-libressl.patch

24

new file mode 100644

25

index 00000000000..e897c95bf09

26

--- /dev/null

27

+++ b/net-libs/wvstreams/files/wvstreams-4.6.1_p14-libressl.patch

28

@@ -0,0 +1,114 @@

29

+From cb8a81da928054c2e8174d671f2abc88f4f35b87 Mon Sep 17 00:00:00 2001

30

+From: Stefan Strogin <steils@g.o>

31

+Date: Mon, 10 Jun 2019 17:07:06 +0300

32

+Subject: [PATCH] Fix LibreSSL support

33

+

34

+---

35

+ crypto/wvocsp.cc    | 34 ++++++++++++++++++++++++++++++++++

36

+ crypto/wvx509mgr.cc | 14 ++++++++++++++

37

+ include/wvdigest.h  |  1 +

38

+ 3 files changed, 49 insertions(+)

39

+

40

+diff --git a/crypto/wvocsp.cc b/crypto/wvocsp.cc

41

+index 7d5da072..7a157f90 100644

42

+--- a/crypto/wvocsp.cc

43

++++ b/crypto/wvocsp.cc

44

+@@ -130,6 +130,7 @@ bool WvOCSPResp::signedbycert(const WvX509 &cert) const

45

+ }

46

+

47

+

48

++#ifndef LIBRESSL_VERSION_NUMBER

49

+ WvX509 WvOCSPResp::get_signing_cert() const

50

+ {

51

+     const STACK_OF(X509) *certs = OCSP_resp_get0_certs(bs);

52

+@@ -143,6 +144,39 @@ WvX509 WvOCSPResp::get_signing_cert() const

53

+

54

+     return WvX509();

55

+ }

56

++#else

57

++WvX509 WvOCSPResp::get_signing_cert() const

58

++{

59

++    if (!bs || !sk_X509_num(bs->certs))

60

++        return WvX509();

61

++

62

++    // note: the following bit of code is taken almost verbatim from

63

++    // ocsp_vfy.c in OpenSSL 0.9.8. Copyright and attribution should

64

++    // properly belong to them

65

++

66

++    OCSP_RESPID *id = bs->tbsResponseData->responderId;

67

++

68

++    if (id->type == V_OCSP_RESPID_NAME)

69

++    {

70

++        X509 *x = X509_find_by_subject(bs->certs, id->value.byName);

71

++        if (x)

72

++            return WvX509(X509_dup(x));

73

++    }

74

++

75

++    if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL;

76

++    unsigned char tmphash[SHA_DIGEST_LENGTH];

77

++    unsigned char *keyhash = id->value.byKey->data;

78

++    for (int i = 0; i < sk_X509_num(bs->certs); i++)

79

++    {

80

++        X509 *x = sk_X509_value(bs->certs, i);

81

++        X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);

82

++        if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))

83

++            return WvX509(X509_dup(x));

84

++    }

85

++

86

++    return WvX509();

87

++}

88

++#endif /* LIBRESSL_VERSION_NUMBER */

89

+

90

+

91

+ WvOCSPResp::Status WvOCSPResp::get_status(const WvX509 &cert, 

92

+diff --git a/crypto/wvx509mgr.cc b/crypto/wvx509mgr.cc

93

+index 156d3a49..e2bb3ffe 100644

94

+--- a/crypto/wvx509mgr.cc

95

++++ b/crypto/wvx509mgr.cc

96

+@@ -350,8 +350,15 @@ bool WvX509Mgr::signcert(WvX509 &unsignedcert) const

97

+         return false;

98

+     }

99

+

100

++#ifndef LIBRESSL_VERSION_NUMBER

101

+     uint32_t ex_flags = X509_get_extension_flags(cert);

102

+     uint32_t ex_kusage = X509_get_key_usage(cert);

103

++#else

104

++    X509_check_purpose(cert, -1, -1);

105

++    uint32_t ex_flags = cert->ex_flags;

106

++    uint32_t ex_kusage = (cert->ex_flags & EXFLAG_KUSAGE) ?

107

++                         cert->ex_kusage : UINT32_MAX;

108

++#endif

109

+     if (cert == unsignedcert.cert)

110

+     {

111

+ 	debug("Self Signing!\n");

112

+@@ -392,8 +399,15 @@ bool WvX509Mgr::signcert(WvX509 &unsignedcert) const

113

+

114

+ bool WvX509Mgr::signcrl(WvCRL &crl) const

115

+ {

116

++#ifndef LIBRESSL_VERSION_NUMBER

117

+     uint32_t ex_flags = X509_get_extension_flags(cert);

118

+     uint32_t ex_kusage = X509_get_key_usage(cert);

119

++#else

120

++    X509_check_purpose(cert, -1, -1);

121

++    uint32_t ex_flags = cert->ex_flags;

122

++    uint32_t ex_kusage = (cert->ex_flags & EXFLAG_KUSAGE) ?

123

++                         cert->ex_kusage : UINT32_MAX;

124

++#endif

125

+     if (!isok() || !crl.isok())

126

+     {

127

+         debug(WvLog::Warning, "Asked to sign CRL, but certificate or CRL (or "

128

+diff --git a/include/wvdigest.h b/include/wvdigest.h

129

+index f2eed401..e637fb49 100644

130

+--- a/include/wvdigest.h

131

++++ b/include/wvdigest.h

132

+@@ -10,6 +10,7 @@

133

+ #include "wvencoder.h"

134

+ #include <stdint.h>

135

+ #include <openssl/evp.h>

136

++#include <openssl/hmac.h>

137

+

138

+

139

+ /**

140

+--

141

+2.21.0

142

+

143

144

diff --git a/net-libs/wvstreams/wvstreams-4.6.1_p14-r1.ebuild b/net-libs/wvstreams/wvstreams-4.6.1_p14-r1.ebuild

145

index 58f5b66846d..34a203bd673 100644

146

--- a/net-libs/wvstreams/wvstreams-4.6.1_p14-r1.ebuild

147

+++ b/net-libs/wvstreams/wvstreams-4.6.1_p14-r1.ebuild

148

@@ -14,7 +14,7 @@ SRC_URI="

149

 LICENSE="GPL-2"

150

 SLOT="0"

151

 KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~sparc ~x86"

152

-IUSE="pam doc +ssl +dbus debug boost"

153

+IUSE="boost +dbus debug doc libressl pam"

154

155

 #Tests fail if openssl is not compiled with -DPURIFY. Gentoo's isn't. FAIL!

156

 RESTRICT="test"

157

@@ -24,10 +24,11 @@ RESTRICT="test"

158

 #more tightly this time. Probably for the better since upstream xplc seems dead.

159

160

 RDEPEND="

161

-	>=dev-libs/openssl-1.1:0=

162

 	sys-libs/readline:0=

163

 	sys-libs/zlib

164

 	dbus? ( >=sys-apps/dbus-1.4.20 )

165

+	!libressl? ( >=dev-libs/openssl-1.1:0= )

166

+	libressl? ( dev-libs/libressl:0= )

167

 	pam? ( virtual/pam )

168

"

169

 DEPEND="

170

@@ -49,6 +50,7 @@ src_prepare() {

171

 	default

172

173

 	eapply $(awk '{ print "'"${WORKDIR}"'/debian/patches/" $0; }' < "${WORKDIR}"/debian/patches/series)

174

+	eapply "${FILESDIR}"/${P}-libressl.patch # bug 687096

175

176

 	eautoreconf

177

}

178

179

diff --git a/net-libs/wvstreams/wvstreams-99999.ebuild b/net-libs/wvstreams/wvstreams-99999.ebuild

180

index 8665f2087f9..dc51487d43e 100644

181

--- a/net-libs/wvstreams/wvstreams-99999.ebuild

182

+++ b/net-libs/wvstreams/wvstreams-99999.ebuild

183

@@ -1,4 +1,4 @@

184

-# Copyright 1999-2018 Gentoo Authors

185

+# Copyright 1999-2019 Gentoo Authors

186

 # Distributed under the terms of the GNU General Public License v2

187

188

 EAPI=6

189

@@ -12,13 +12,14 @@ EGIT_REPO_URI="${HOMEPAGE}"

190

 LICENSE="GPL-2"

191

 SLOT="0/5.0"

192

 KEYWORDS=""

193

-IUSE="+dbus debug doc pam static-libs +zlib"

194

+IUSE="+dbus debug doc libressl pam static-libs +zlib"

195

196

 RDEPEND="

197

-	<dev-libs/openssl-1.1:0=

198

 	sys-libs/readline:0=

199

 	sys-libs/zlib

200

 	dbus? ( >=sys-apps/dbus-1.4.20 )

201

+	!libressl? ( <dev-libs/openssl-1.1:0= )

202

+	libressl? ( dev-libs/libressl:0= )

203

 	pam? ( virtual/pam )

204

"

205

 DEPEND="

1	commit: e363428904c1586d8667335c89aabc4ceeea768e
2	Author: Stefan Strogin <steils <AT> gentoo <DOT> org>
3	AuthorDate: Wed Aug 28 19:41:26 2019 +0000
4	Commit: Stefan Strogin <steils <AT> gentoo <DOT> org>
5	CommitDate: Thu Aug 29 17:04:04 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3634289
7
8	net-libs/wvstreams: add USE=libressl and patch for LibreSSL support
9
10	Drop the redundant "ssl" flag, since wvstreams is always built with SSL
11	support.
12
13	Closes: https://bugs.gentoo.org/687096
14	Closes: https://github.com/gentoo/gentoo/pull/12233
15	Package-Manager: Portage-2.3.67, Repoman-2.3.14
16	Signed-off-by: Stefan Strogin <steils <AT> gentoo.org>
17
18	.../files/wvstreams-4.6.1_p14-libressl.patch \| 114 +++++++++++++++++++++
19	net-libs/wvstreams/wvstreams-4.6.1_p14-r1.ebuild \| 6 +-
20	net-libs/wvstreams/wvstreams-99999.ebuild \| 7 +-
21	3 files changed, 122 insertions(+), 5 deletions(-)
22
23	diff --git a/net-libs/wvstreams/files/wvstreams-4.6.1_p14-libressl.patch b/net-libs/wvstreams/files/wvstreams-4.6.1_p14-libressl.patch
24	new file mode 100644
25	index 00000000000..e897c95bf09
26	--- /dev/null
27	+++ b/net-libs/wvstreams/files/wvstreams-4.6.1_p14-libressl.patch
28	@@ -0,0 +1,114 @@
29	+From cb8a81da928054c2e8174d671f2abc88f4f35b87 Mon Sep 17 00:00:00 2001
30	+From: Stefan Strogin <steils@g.o>
31	+Date: Mon, 10 Jun 2019 17:07:06 +0300
32	+Subject: [PATCH] Fix LibreSSL support
33	+
34	+---
35	+ crypto/wvocsp.cc \| 34 ++++++++++++++++++++++++++++++++++
36	+ crypto/wvx509mgr.cc \| 14 ++++++++++++++
37	+ include/wvdigest.h \| 1 +
38	+ 3 files changed, 49 insertions(+)
39	+
40	+diff --git a/crypto/wvocsp.cc b/crypto/wvocsp.cc
41	+index 7d5da072..7a157f90 100644
42	+--- a/crypto/wvocsp.cc
43	++++ b/crypto/wvocsp.cc
44	+@@ -130,6 +130,7 @@ bool WvOCSPResp::signedbycert(const WvX509 &cert) const
45	+ }
46	+
47	+
48	++#ifndef LIBRESSL_VERSION_NUMBER
49	+ WvX509 WvOCSPResp::get_signing_cert() const
50	+ {
51	+ const STACK_OF(X509) *certs = OCSP_resp_get0_certs(bs);
52	+@@ -143,6 +144,39 @@ WvX509 WvOCSPResp::get_signing_cert() const
53	+
54	+ return WvX509();
55	+ }
56	++#else
57	++WvX509 WvOCSPResp::get_signing_cert() const
58	++{
59	++ if (!bs \|\| !sk_X509_num(bs->certs))
60	++ return WvX509();
61	++
62	++ // note: the following bit of code is taken almost verbatim from
63	++ // ocsp_vfy.c in OpenSSL 0.9.8. Copyright and attribution should
64	++ // properly belong to them
65	++
66	++ OCSP_RESPID *id = bs->tbsResponseData->responderId;
67	++
68	++ if (id->type == V_OCSP_RESPID_NAME)
69	++ {
70	++ X509 *x = X509_find_by_subject(bs->certs, id->value.byName);
71	++ if (x)
72	++ return WvX509(X509_dup(x));
73	++ }
74	++
75	++ if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL;
76	++ unsigned char tmphash[SHA_DIGEST_LENGTH];
77	++ unsigned char *keyhash = id->value.byKey->data;
78	++ for (int i = 0; i < sk_X509_num(bs->certs); i++)
79	++ {
80	++ X509 *x = sk_X509_value(bs->certs, i);
81	++ X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
82	++ if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
83	++ return WvX509(X509_dup(x));
84	++ }
85	++
86	++ return WvX509();
87	++}
88	++#endif /* LIBRESSL_VERSION_NUMBER */
89	+
90	+
91	+ WvOCSPResp::Status WvOCSPResp::get_status(const WvX509 &cert,
92	+diff --git a/crypto/wvx509mgr.cc b/crypto/wvx509mgr.cc
93	+index 156d3a49..e2bb3ffe 100644
94	+--- a/crypto/wvx509mgr.cc
95	++++ b/crypto/wvx509mgr.cc
96	+@@ -350,8 +350,15 @@ bool WvX509Mgr::signcert(WvX509 &unsignedcert) const
97	+ return false;
98	+ }
99	+
100	++#ifndef LIBRESSL_VERSION_NUMBER
101	+ uint32_t ex_flags = X509_get_extension_flags(cert);
102	+ uint32_t ex_kusage = X509_get_key_usage(cert);
103	++#else
104	++ X509_check_purpose(cert, -1, -1);
105	++ uint32_t ex_flags = cert->ex_flags;
106	++ uint32_t ex_kusage = (cert->ex_flags & EXFLAG_KUSAGE) ?
107	++ cert->ex_kusage : UINT32_MAX;
108	++#endif
109	+ if (cert == unsignedcert.cert)
110	+ {
111	+ debug("Self Signing!\n");
112	+@@ -392,8 +399,15 @@ bool WvX509Mgr::signcert(WvX509 &unsignedcert) const
113	+
114	+ bool WvX509Mgr::signcrl(WvCRL &crl) const
115	+ {
116	++#ifndef LIBRESSL_VERSION_NUMBER
117	+ uint32_t ex_flags = X509_get_extension_flags(cert);
118	+ uint32_t ex_kusage = X509_get_key_usage(cert);
119	++#else
120	++ X509_check_purpose(cert, -1, -1);
121	++ uint32_t ex_flags = cert->ex_flags;
122	++ uint32_t ex_kusage = (cert->ex_flags & EXFLAG_KUSAGE) ?
123	++ cert->ex_kusage : UINT32_MAX;
124	++#endif
125	+ if (!isok() \|\| !crl.isok())
126	+ {
127	+ debug(WvLog::Warning, "Asked to sign CRL, but certificate or CRL (or "
128	+diff --git a/include/wvdigest.h b/include/wvdigest.h
129	+index f2eed401..e637fb49 100644
130	+--- a/include/wvdigest.h
131	++++ b/include/wvdigest.h
132	+@@ -10,6 +10,7 @@
133	+ #include "wvencoder.h"
134	+ #include <stdint.h>
135	+ #include <openssl/evp.h>
136	++#include <openssl/hmac.h>
137	+
138	+
139	+ /**
140	+--
141	+2.21.0
142	+
143
144	diff --git a/net-libs/wvstreams/wvstreams-4.6.1_p14-r1.ebuild b/net-libs/wvstreams/wvstreams-4.6.1_p14-r1.ebuild
145	index 58f5b66846d..34a203bd673 100644
146	--- a/net-libs/wvstreams/wvstreams-4.6.1_p14-r1.ebuild
147	+++ b/net-libs/wvstreams/wvstreams-4.6.1_p14-r1.ebuild
148	@@ -14,7 +14,7 @@ SRC_URI="
149	LICENSE="GPL-2"
150	SLOT="0"
151	KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~sparc ~x86"
152	-IUSE="pam doc +ssl +dbus debug boost"
153	+IUSE="boost +dbus debug doc libressl pam"
154
155	#Tests fail if openssl is not compiled with -DPURIFY. Gentoo's isn't. FAIL!
156	RESTRICT="test"
157	@@ -24,10 +24,11 @@ RESTRICT="test"
158	#more tightly this time. Probably for the better since upstream xplc seems dead.
159
160	RDEPEND="
161	- >=dev-libs/openssl-1.1:0=
162	sys-libs/readline:0=
163	sys-libs/zlib
164	dbus? ( >=sys-apps/dbus-1.4.20 )
165	+ !libressl? ( >=dev-libs/openssl-1.1:0= )
166	+ libressl? ( dev-libs/libressl:0= )
167	pam? ( virtual/pam )
168	"
169	DEPEND="
170	@@ -49,6 +50,7 @@ src_prepare() {
171	default
172
173	eapply $(awk '{ print "'"${WORKDIR}"'/debian/patches/" $0; }' < "${WORKDIR}"/debian/patches/series)
174	+ eapply "${FILESDIR}"/${P}-libressl.patch # bug 687096
175
176	eautoreconf
177	}
178
179	diff --git a/net-libs/wvstreams/wvstreams-99999.ebuild b/net-libs/wvstreams/wvstreams-99999.ebuild
180	index 8665f2087f9..dc51487d43e 100644
181	--- a/net-libs/wvstreams/wvstreams-99999.ebuild
182	+++ b/net-libs/wvstreams/wvstreams-99999.ebuild
183	@@ -1,4 +1,4 @@
184	-# Copyright 1999-2018 Gentoo Authors
185	+# Copyright 1999-2019 Gentoo Authors
186	# Distributed under the terms of the GNU General Public License v2
187
188	EAPI=6
189	@@ -12,13 +12,14 @@ EGIT_REPO_URI="${HOMEPAGE}"
190	LICENSE="GPL-2"
191	SLOT="0/5.0"
192	KEYWORDS=""
193	-IUSE="+dbus debug doc pam static-libs +zlib"
194	+IUSE="+dbus debug doc libressl pam static-libs +zlib"
195
196	RDEPEND="
197	- <dev-libs/openssl-1.1:0=
198	sys-libs/readline:0=
199	sys-libs/zlib
200	dbus? ( >=sys-apps/dbus-1.4.20 )
201	+ !libressl? ( <dev-libs/openssl-1.1:0= )
202	+ libressl? ( dev-libs/libressl:0= )
203	pam? ( virtual/pam )
204	"
205	DEPEND="

Gentoo Archives: gentoo-commits