1 |
commit: 5d0eadbc6aabbd869d57e042ab41563e888e6e2c |
2 |
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Mar 13 21:51:45 2019 +0000 |
4 |
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Mar 13 21:53:23 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d0eadbc |
7 |
|
8 |
net-vpn/openvpn: Revert LibreSSL patch (bug #680184) |
9 |
|
10 |
This reverts commit c16af66cd6e5903520a80e73c6f594449e654a5f. |
11 |
|
12 |
The patch doesn't apply |
13 |
|
14 |
Closes: https://bugs.gentoo.org/680184 |
15 |
Signed-off-By: Patrick McLean <chutzpah <AT> gentoo.org> |
16 |
|
17 |
net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch | 133 ++++----------------- |
18 |
...vpn-2.4.7-r2.ebuild => openvpn-2.4.7-r1.ebuild} | 0 |
19 |
2 files changed, 20 insertions(+), 113 deletions(-) |
20 |
|
21 |
diff --git a/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch b/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch |
22 |
index 414f132b336..210189cd4d4 100644 |
23 |
--- a/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch |
24 |
+++ b/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch |
25 |
@@ -1,142 +1,49 @@ |
26 |
-From a47508606be2c6359d4b27c3b65b72dfe4786222 Mon Sep 17 00:00:00 2001 |
27 |
+From 4faf695e3c42a81131c2aae96c4a60228aa237a5 Mon Sep 17 00:00:00 2001 |
28 |
From: Stefan Strogin <stefan.strogin@×××××.com> |
29 |
-Date: Mon, 25 Feb 2019 20:35:31 +0200 |
30 |
-Subject: [PATCH] Use correct ifdefs for LibreSSL support |
31 |
+Date: Sat, 23 Feb 2019 20:13:41 +0200 |
32 |
+Subject: [PATCH] Fix compilation with LibreSSL |
33 |
|
34 |
-- TLS 1.3 is not ready yet in LibreSSL. Also there is a theoretical |
35 |
-possibility of OpenSSL >=1.1.1 built without TLS 1.3 support. |
36 |
-- EC_KEY_METHOD API and SSL_get1_supported_ciphers are added into LibreSSL |
37 |
-master (not yet released in 2.9.0). |
38 |
-- Some methods that are available since LibreSSL 2.7.0 were thrown away |
39 |
-in ssl_openssl.c regardless of LibreSSL version. Use them with newer |
40 |
-LibreSSL. |
41 |
+TLS 1.3 is not ready yet in LibreSSL. |
42 |
+Also SSL_get1_supported_ciphers() has been just added into master (not yet |
43 |
+released). |
44 |
|
45 |
+Upstream-Status: Submitted [https://github.com/OpenVPN/openvpn/pull/123] |
46 |
Signed-off-by: Stefan Strogin <stefan.strogin@×××××.com> |
47 |
-Acked-by: Arne Schwabe <arne@×××××××.org> |
48 |
-Message-Id: <20190225183531.27399-1-stefan.strogin@×××××.com> |
49 |
-URL: https://www.mail-archive.com/openvpn-devel@×××××××××××××××××.net/msg18239.html |
50 |
-Signed-off-by: Gert Doering <gert@×××××××××××.de> |
51 |
-Upstream-Status: Accepted |
52 |
-[https://github.com/OpenVPN/openvpn/commit/a47508606be2c6359d4b27c3b65b72dfe4786222] |
53 |
--- |
54 |
- src/openvpn/ssl_openssl.c | 33 +++++++++++++++++++++------------ |
55 |
- 1 file changed, 21 insertions(+), 12 deletions(-) |
56 |
+ src/openvpn/ssl_openssl.c | 6 +++--- |
57 |
+ 1 file changed, 3 insertions(+), 3 deletions(-) |
58 |
|
59 |
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c |
60 |
-index ddb78da7..8bcebac4 100644 |
61 |
+index a78dae99..6a8fcef3 100644 |
62 |
--- a/src/openvpn/ssl_openssl.c |
63 |
+++ b/src/openvpn/ssl_openssl.c |
64 |
-@@ -465,7 +465,7 @@ tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers) |
65 |
+@@ -459,7 +459,7 @@ tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers) |
66 |
return; |
67 |
} |
68 |
|
69 |
-#if (OPENSSL_VERSION_NUMBER < 0x1010100fL) |
70 |
-+#if !defined(TLS1_3_VERSION) |
71 |
- crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. " |
72 |
- "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.", |
73 |
- ciphers); |
74 |
-@@ -526,7 +526,8 @@ tls_ctx_check_cert_time(const struct tls_root_ctx *ctx) |
75 |
- |
76 |
- ASSERT(ctx); |
77 |
- |
78 |
--#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) |
79 |
-+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)) \ |
80 |
-+ || LIBRESSL_VERSION_NUMBER >= 0x2070000fL |
81 |
- /* OpenSSL 1.0.2 and up */ |
82 |
- cert = SSL_CTX_get0_certificate(ctx->ctx); |
83 |
- #else |
84 |
-@@ -561,7 +562,8 @@ tls_ctx_check_cert_time(const struct tls_root_ctx *ctx) |
85 |
- } |
86 |
- |
87 |
- cleanup: |
88 |
--#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) |
89 |
-+#if OPENSSL_VERSION_NUMBER < 0x10002000L \ |
90 |
-+ || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) |
91 |
- SSL_free(ssl); |
92 |
- #endif |
93 |
- return; |
94 |
-@@ -1209,7 +1211,9 @@ err: |
95 |
- return 0; |
96 |
- } |
97 |
- |
98 |
--#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER) |
99 |
-+#if ((OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \ |
100 |
-+ || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \ |
101 |
-+ && !defined(OPENSSL_NO_EC) |
102 |
- |
103 |
- /* called when EC_KEY is destroyed */ |
104 |
- static void |
105 |
-@@ -1331,7 +1335,7 @@ err: |
106 |
- } |
107 |
- return 0; |
108 |
- } |
109 |
--#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev */ |
110 |
-+#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev && !defined(OPENSSL_NO_EC) */ |
111 |
- |
112 |
- int |
113 |
- tls_ctx_use_management_external_key(struct tls_root_ctx *ctx) |
114 |
-@@ -1340,7 +1344,8 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx) |
115 |
- |
116 |
- ASSERT(NULL != ctx); |
117 |
- |
118 |
--#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) |
119 |
-+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)) \ |
120 |
-+ || LIBRESSL_VERSION_NUMBER >= 0x2070000fL |
121 |
- /* OpenSSL 1.0.2 and up */ |
122 |
- X509 *cert = SSL_CTX_get0_certificate(ctx->ctx); |
123 |
- #else |
124 |
-@@ -1362,7 +1367,9 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx) |
125 |
- goto cleanup; |
126 |
- } |
127 |
- } |
128 |
--#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER) |
129 |
-+#if ((OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \ |
130 |
-+ || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \ |
131 |
-+ && !defined(OPENSSL_NO_EC) |
132 |
- else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) |
133 |
- { |
134 |
- if (!tls_ctx_use_external_ec_key(ctx, pkey)) |
135 |
-@@ -1375,17 +1382,18 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx) |
136 |
- crypto_msg(M_WARN, "management-external-key requires an RSA or EC certificate"); |
137 |
- goto cleanup; |
138 |
- } |
139 |
--#else /* if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER) */ |
140 |
-+#else /* OPENSSL_VERSION_NUMBER > 1.1.0 dev && !defined(OPENSSL_NO_EC) */ |
141 |
- else |
142 |
- { |
143 |
- crypto_msg(M_WARN, "management-external-key requires an RSA certificate"); |
144 |
- goto cleanup; |
145 |
- } |
146 |
--#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev */ |
147 |
-+#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev && !defined(OPENSSL_NO_EC) */ |
148 |
- |
149 |
- ret = 0; |
150 |
- cleanup: |
151 |
--#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) |
152 |
-+#if OPENSSL_VERSION_NUMBER < 0x10002000L \ |
153 |
-+ || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) |
154 |
- if (ssl) |
155 |
- { |
156 |
- SSL_free(ssl); |
157 |
-@@ -1998,7 +2006,7 @@ show_available_tls_ciphers_list(const char *cipher_list, |
158 |
++#if (OPENSSL_VERSION_NUMBER < 0x1010100fL) || defined(LIBRESSL_VERSION_NUMBER) |
159 |
+ crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. " |
160 |
+ "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.", |
161 |
+ ciphers); |
162 |
+@@ -1846,7 +1846,7 @@ show_available_tls_ciphers_list(const char *cipher_list, |
163 |
crypto_msg(M_FATAL, "Cannot create SSL_CTX object"); |
164 |
} |
165 |
|
166 |
-#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL) |
167 |
-+#if defined(TLS1_3_VERSION) |
168 |
++#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)) |
169 |
if (tls13) |
170 |
{ |
171 |
SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION); |
172 |
-@@ -2019,7 +2027,8 @@ show_available_tls_ciphers_list(const char *cipher_list, |
173 |
+@@ -1867,7 +1867,7 @@ show_available_tls_ciphers_list(const char *cipher_list, |
174 |
crypto_msg(M_FATAL, "Cannot create SSL object"); |
175 |
} |
176 |
|
177 |
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) |
178 |
-+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || \ |
179 |
-+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL) |
180 |
++#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER) |
181 |
STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl); |
182 |
#else |
183 |
STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl); |
184 |
-- |
185 |
-2.21.0 |
186 |
+2.20.1 |
187 |
|
188 |
|
189 |
diff --git a/net-vpn/openvpn/openvpn-2.4.7-r2.ebuild b/net-vpn/openvpn/openvpn-2.4.7-r1.ebuild |
190 |
similarity index 100% |
191 |
rename from net-vpn/openvpn/openvpn-2.4.7-r2.ebuild |
192 |
rename to net-vpn/openvpn/openvpn-2.4.7-r1.ebuild |