Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/net-libs
diff options
context:
space:
mode:
authorStuart Shelton <stuart@shelton.me>2016-02-18 15:09:47 +0000
committerStuart Shelton <stuart@shelton.me>2016-02-18 15:09:47 +0000
commit6ab54a297734c3bdc5de493b7ffbe16f8e0f1e39 (patch)
tree9dade188fd0c527141bab9cdd2e2e3fc20fe7415 /net-libs
parentAdd mail-client/roundcube-1.2_beta (diff)
downloadsrcshelton-6ab54a297734c3bdc5de493b7ffbe16f8e0f1e39.tar.gz
srcshelton-6ab54a297734c3bdc5de493b7ffbe16f8e0f1e39.tar.bz2
srcshelton-6ab54a297734c3bdc5de493b7ffbe16f8e0f1e39.zip
Update net-libs/neon-0.30.1-r1
Diffstat (limited to 'net-libs')
-rw-r--r--net-libs/neon/Manifest3
-rw-r--r--net-libs/neon/files/neon-0.30.1-gnutls3.4.patch282
-rw-r--r--net-libs/neon/neon-0.30.1-r1.ebuild5
3 files changed, 287 insertions, 3 deletions
diff --git a/net-libs/neon/Manifest b/net-libs/neon/Manifest
index 553df4ef..08a3c806 100644
--- a/net-libs/neon/Manifest
+++ b/net-libs/neon/Manifest
@@ -1,4 +1,5 @@
+AUX neon-0.30.1-gnutls3.4.patch 10696 SHA256 bd9c8e07655f8bf42239334992b2d3d1d57ad983bea0ed90c6f8f12228000362 SHA512 85e0a973b010ae1ddfbde4c6d54054a2d3f410622dccf5b9fed61726071d5c1d181bfbe1192395698f9739dcbdab7844cfd18fb97c0fe3103ce600f8dacf1874 WHIRLPOOL 92ed0c9bb29295293ec612fd4f2fe95c896d9e07b6af1abaddcf3eb6c63009b7f7934932ae54abe34daa3e3e478dd9b834e2b40e051a0e50d72d06be92d9f6ce
AUX neon-0.30.1-xml2-config.patch 587 SHA256 e40bd6f27d10dfee5c8a2ed2b03497660cc0acda063dde0477b32030be394634 SHA512 a2572be00e592686d30a114c862454b817b7494b90234fd77b154ca0b50117ac2788c2ecdd471a90d88710079137fe3e1ab8f2d02bde108223c30547718eab79 WHIRLPOOL d171135cddf71520ac583adc2cbee46d35ab730dcabdf3703bc1d657ef2eaabfbe7004930ad9e26f8b1e8bd94ecd9a9c9fa27410e5616dc33c35fb93164360bb
DIST neon-0.30.1.tar.gz 911414 SHA256 00c626c0dc18d094ab374dbd9a354915bfe4776433289386ed489c2ec0845cdd SHA512 4a9e45c886e04c5e1a1c781f7c2544b73724e09745097b1e8dc9adf9acd79af1762d668d4f18c295d7b4148d57af797834dd3c1203f2529089f7d1972ca71e63 WHIRLPOOL 747385544f0fbacc6c39fa5911ee5a21654ac21ecea89f297c17b43c21a7a649ae47b08b155733e9da0286a24024f4e54dcff3c9c2d678d9abe27f83054d718b
-EBUILD neon-0.30.1-r1.ebuild 3186 SHA256 1fcad8faf7c2fb6e61b40fc790d89ee9114ca2040475d5feb5950d4c1d8927ba SHA512 a6649b735ed1bd297717f3f8173d39a86f8b9dfdcfba04881e513e0f7f09c41cda250853512395d9bfef8c84d27bb06542a4f027660d05de620dfddb210bfa45 WHIRLPOOL 29777dbbe4468e077565400a4731514e175819636b73fa783aba0dedea868e81d85ecfa9512bf6c47bff5c76f358882f872124702f44ed6baef83f62ec75a633
+EBUILD neon-0.30.1-r1.ebuild 3225 SHA256 44406073e0bb4fca0ca27b835bc557e38f99da290d95b3c04a1d6f3e42b61568 SHA512 2876aff65b4b2a9b9b13e96373decd356f40ddea554fd81ec3ff5f103efe6f41b733ba9e90dcaca0616c1183dd8075aa9ae49f3a4b05acf8cb1665c5243fed00 WHIRLPOOL 7bb766bef8a175d879eaa0c3f85daa5d71d81b64d5322db61d47e2223ad5ae9fb7657f2214f9e0288edba2068eba4f1ac0c9de4d4e3140fbab2840b4c1135b6c
EBUILD neon-0.30.1.ebuild 3097 SHA256 cd59cdb98497e796675571e4c61f11369f1041e3246ff8f41b485930550e6980 SHA512 beb1f68b54f3890558543fe23e02aff9817a0c9dcc45830fdd4bb2152f87b901e9810fd431f74d5c1b7ec0c933e3fd919abb108cc17f4ca9d4969274da6ca2da WHIRLPOOL 2e9a39264b57ec59df969d70b6953c875d4ed1a68961f1f75b3304bb5b32ea646da24a3b0698c75100f6e1fb5aafd5cb630d04c80dd06cf001244968f8e8f419
diff --git a/net-libs/neon/files/neon-0.30.1-gnutls3.4.patch b/net-libs/neon/files/neon-0.30.1-gnutls3.4.patch
new file mode 100644
index 00000000..c5165a09
--- /dev/null
+++ b/net-libs/neon/files/neon-0.30.1-gnutls3.4.patch
@@ -0,0 +1,282 @@
+Description: fix building with GnuTLS 3.4
+ Rewrite GnuTLS PKCS#11 support to work (exclusively) with the new
+ GnuTLS 3.x API.
+Origin: upstream, r1963
+Author: Joe Orton <joe@light.plus.com>
+Bug-Debian: https://bugs.debian.org/782832
+Last-Update: 2015-10-03
+
+---
+
+--- neon27-0.30.1.orig/macros/neon.m4
++++ neon27-0.30.1/macros/neon.m4
+@@ -982,10 +982,11 @@ gnutls)
+
+ # Check for functions in later releases
+ NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \
+- gnutls_sign_callback_set \
+ gnutls_certificate_get_issuer \
+ gnutls_certificate_get_x509_cas \
+- gnutls_x509_crt_sign2])
++ gnutls_x509_crt_sign2 \
++ gnutls_certificate_set_retrieve_function2 \
++ gnutls_privkey_import_ext])
+
+ # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required)
+ if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then
+@@ -1039,7 +1040,7 @@ posix|yes)
+ ;;
+ esac
+
+-case ${with_pakchois}X${ac_cv_func_gnutls_sign_callback_set}Y${ne_cv_lib_ssl097} in
++case ${with_pakchois}X${ac_cv_func_gnutls_privkey_import_ext}Y${ne_cv_lib_ssl097} in
+ noX*Y*) ;;
+ *X*Yyes|*XyesY*)
+ # PKCS#11... ho!
+--- neon27-0.30.1.orig/src/ne_gnutls.c
++++ neon27-0.30.1/src/ne_gnutls.c
+@@ -89,6 +89,13 @@ struct ne_ssl_client_cert_s {
+ ne_ssl_certificate cert;
+ gnutls_x509_privkey_t pkey;
+ char *friendly_name;
++#ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT
++ /* Signing callback & userdata provided by ne_pkcs11.c. It would
++ * be better to rewrite the whole module to use gnutls_privkey_t
++ * directly, but it seems impossible to dup such an object. */
++ gnutls_privkey_sign_func sign_func;
++ void *sign_ud;
++#endif
+ };
+
+ /* Returns the highest used index in subject (or issuer) DN of
+@@ -525,6 +532,10 @@ static ne_ssl_client_cert *dup_client_ce
+
+ if (cc->keyless) {
+ newcc->keyless = 1;
++#ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT
++ newcc->sign_func = cc->sign_func;
++ newcc->sign_ud = cc->sign_ud;
++#endif
+ }
+ else {
+ ret = gnutls_x509_privkey_init(&newcc->pkey);
+@@ -553,7 +564,15 @@ dup_error:
+ static int provide_client_cert(gnutls_session_t session,
+ const gnutls_datum_t *req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t *sign_algos,
+- int sign_algos_length, gnutls_retr_st *st)
++ int sign_algos_length,
++#ifdef HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION2
++ gnutls_pcert_st **pcert,
++ unsigned int *pcert_length,
++ gnutls_privkey_t *pkey
++#else
++ gnutls_retr2_st *st
++#endif
++ )
+ {
+ ne_session *sess = gnutls_session_get_ptr(session);
+
+@@ -611,27 +630,59 @@ static int provide_client_cert(gnutls_se
+ if (sess->client_cert) {
+ gnutls_certificate_type_t type = gnutls_certificate_type_get(session);
+ if (type == GNUTLS_CRT_X509
+-#if LIBGNUTLS_VERSION_NUMBER > 0x030000
+- /* Ugly hack; prevent segfaults w/GnuTLS 3.0. */
+- && sess->client_cert->pkey != NULL
++ && (sess->client_cert->pkey || sess->client_cert->keyless)) {
++ int ret;
++
++#ifdef HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION2
++ *pkey = gnutls_malloc(sizeof *pkey);
++ gnutls_privkey_init(pkey);
++
++#ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT
++ if (sess->client_cert->sign_func) {
++ int algo = gnutls_x509_crt_get_pk_algorithm(sess->client_cert->cert.subject, NULL);
++ NE_DEBUG(NE_DBG_SSL, "ssl: Signing for %s.\n", gnutls_pk_algorithm_get_name(algo));
++
++ ret = gnutls_privkey_import_ext(*pkey, algo, sess->client_cert->sign_ud,
++ sess->client_cert->sign_func, NULL, 0);
++ }
++ else
+ #endif
+- ) {
+- NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n");
++ if (sess->client_cert->keyless) {
++ ret = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
++ }
++ else {
++ ret = gnutls_privkey_import_x509(*pkey, sess->client_cert->pkey, 0);
++ }
+
+- st->type = type;
++ if (ret) {
++ NE_DEBUG(NE_DBG_SSL, "ssl: Failed to import private key: %s.\n", gnutls_strerror(ret));
++ ne_set_error(sess, _("Failed to import private key: %s"), gnutls_strerror(ret));
++ return ret;
++ }
++
++ *pcert = gnutls_malloc(sizeof *pcert);
++ gnutls_pcert_import_x509(*pcert, sess->client_cert->cert.subject, 0);
++ *pcert_length = 1;
++#else /* !HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION2 */
++ st->cert_type = type;
+ st->ncerts = 1;
+ st->cert.x509 = &sess->client_cert->cert.subject;
+ st->key.x509 = sess->client_cert->pkey;
+
+ /* tell GNU TLS not to deallocate the certs. */
+ st->deinit_all = 0;
++#endif
+ } else {
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+ }
+ else {
+- NE_DEBUG(NE_DBG_SSL, "No client certificate supplied.\n");
++ NE_DEBUG(NE_DBG_SSL, "ssl: No client certificate supplied.\n");
++#ifdef HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION2
++ *pcert_length = 0;
++#else
+ st->ncerts = 0;
++#endif
+ sess->ssl_cc_requested = 1;
+ return 0;
+ }
+@@ -649,8 +700,12 @@ ne_ssl_context *ne_ssl_context_create(in
+ ne_ssl_context *ctx = ne_calloc(sizeof *ctx);
+ gnutls_certificate_allocate_credentials(&ctx->cred);
+ if (flags == NE_SSL_CTX_CLIENT) {
++#ifdef HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION2
++ gnutls_certificate_set_retrieve_function2(ctx->cred, provide_client_cert);
++#else
+ gnutls_certificate_client_set_retrieve_function(ctx->cred,
+ provide_client_cert);
++#endif
+ }
+ gnutls_certificate_set_verify_flags(ctx->cred,
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
+@@ -1206,8 +1261,10 @@ ne_ssl_client_cert *ne_ssl_clicert_impor
+ }
+ }
+
+-ne_ssl_client_cert *ne__ssl_clicert_exkey_import(const unsigned char *der,
+- size_t der_len)
++#ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT
++ne_ssl_client_cert *ne__ssl_clicert_exkey_import(const unsigned char *der, size_t der_len,
++ gnutls_privkey_sign_func sign_func,
++ void *userdata)
+ {
+ ne_ssl_client_cert *cc;
+ gnutls_x509_crt_t x5;
+@@ -1226,9 +1283,12 @@ ne_ssl_client_cert *ne__ssl_clicert_exke
+ cc->keyless = 1;
+ cc->decrypted = 1;
+ populate_cert(&cc->cert, x5);
++ cc->sign_func = sign_func;
++ cc->sign_ud = userdata;
+
+- return cc;
++ return cc;
+ }
++#endif
+
+ int ne_ssl_clicert_encrypted(const ne_ssl_client_cert *cc)
+ {
+--- neon27-0.30.1.orig/src/ne_pkcs11.c
++++ neon27-0.30.1/src/ne_pkcs11.c
+@@ -156,6 +156,13 @@ static RSA_METHOD *pk11_rsa_method(ne_ss
+ }
+ #endif
+
++#ifdef HAVE_GNUTLS
++static int pk11_sign_callback(gnutls_privkey_t pkey,
++ void *userdata,
++ const gnutls_datum_t *raw_data,
++ gnutls_datum_t *signature);
++#endif
++
+ static int pk11_find_x509(ne_ssl_pkcs11_provider *prov,
+ pakchois_session_t *pks,
+ unsigned char *certid, unsigned long *cid_len)
+@@ -203,7 +210,7 @@ static int pk11_find_x509(ne_ssl_pkcs11_
+ ne_ssl_client_cert *cc;
+
+ #ifdef HAVE_GNUTLS
+- cc = ne__ssl_clicert_exkey_import(value, a[0].value_len);
++ cc = ne__ssl_clicert_exkey_import(value, a[0].value_len, pk11_sign_callback, prov);
+ #else
+ cc = ne__ssl_clicert_exkey_import(value, a[0].value_len, pk11_rsa_method(prov));
+ #endif
+@@ -298,10 +305,8 @@ static int find_client_cert(ne_ssl_pkcs1
+ #ifdef HAVE_GNUTLS
+ /* Callback invoked by GnuTLS to provide the signature. The signature
+ * operation is handled here by the PKCS#11 provider. */
+-static int pk11_sign_callback(gnutls_session_t session,
++static int pk11_sign_callback(gnutls_privkey_t pkey,
+ void *userdata,
+- gnutls_certificate_type_t cert_type,
+- const gnutls_datum_t *cert,
+ const gnutls_datum_t *hash,
+ gnutls_datum_t *signature)
+ {
+@@ -571,11 +576,6 @@ void ne_ssl_pkcs11_provider_pin(ne_ssl_p
+ void ne_ssl_set_pkcs11_provider(ne_session *sess,
+ ne_ssl_pkcs11_provider *provider)
+ {
+-#ifdef HAVE_GNUTLS
+- sess->ssl_context->sign_func = pk11_sign_callback;
+- sess->ssl_context->sign_data = provider;
+-#endif
+-
+ ne_ssl_provide_clicert(sess, pk11_provide, provider);
+ }
+
+--- neon27-0.30.1.orig/src/ne_privssl.h
++++ neon27-0.30.1/src/ne_privssl.h
+@@ -58,6 +58,10 @@ ne__ssl_clicert_exkey_import(const unsig
+
+ #include <gnutls/gnutls.h>
+
++#ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT
++#include <gnutls/abstract.h>
++#endif
++
+ struct ne_ssl_context_s {
+ gnutls_certificate_credentials_t cred;
+ int verify; /* non-zero if client cert verification required */
+@@ -78,17 +82,13 @@ struct ne_ssl_context_s {
+ } client;
+ #endif
+ } cache;
+-
+-#ifdef HAVE_GNUTLS_SIGN_CALLBACK_SET
+- gnutls_sign_func sign_func;
+- void *sign_data;
+-#endif
+ };
+
+ typedef gnutls_session_t ne_ssl_socket;
+
+ NE_PRIVATE ne_ssl_client_cert *
+-ne__ssl_clicert_exkey_import(const unsigned char *der, size_t der_len);
++ne__ssl_clicert_exkey_import(const unsigned char *der, size_t der_len,
++ gnutls_privkey_sign_func sign_func, void *userdata);
+
+ #endif /* HAVE_GNUTLS */
+
+--- neon27-0.30.1.orig/src/ne_socket.c
++++ neon27-0.30.1/src/ne_socket.c
+@@ -1793,11 +1793,6 @@ int ne_sock_connect_ssl(ne_socket *sock,
+ gnutls_session_set_ptr(sock->ssl, userdata);
+ gnutls_credentials_set(sock->ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred);
+
+-#ifdef HAVE_GNUTLS_SIGN_CALLBACK_SET
+- if (ctx->sign_func)
+- gnutls_sign_callback_set(sock->ssl, ctx->sign_func, ctx->sign_data);
+-#endif
+-
+ if (ctx->hostname) {
+ gnutls_server_name_set(sock->ssl, GNUTLS_NAME_DNS, ctx->hostname,
+ strlen(ctx->hostname));
diff --git a/net-libs/neon/neon-0.30.1-r1.ebuild b/net-libs/neon/neon-0.30.1-r1.ebuild
index 07f53d4c..e4aee48e 100644
--- a/net-libs/neon/neon-0.30.1-r1.ebuild
+++ b/net-libs/neon/neon-0.30.1-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Id: c2b7f79bcbfbe30f06cf278fa65b07c014a4c6d6 $
+# $Id: e4de8328538cb285dd89b5e5cc7876497225d402 $
EAPI="5"
@@ -57,7 +57,8 @@ src_prepare() {
sed -e "s/ALL_LINGUAS=.*/ALL_LINGUAS=\"${linguas}\"/" -i configure.ac || die
sed -e '/^#ifdef HAVE_SYS_UIO_h$/s/h$/H/' -i src/ne_socket.c || die
- epatch "${FILESDIR}"/${P}-xml2-config.patch
+ epatch "${FILESDIR}"/${P}-xml2-config.patch \
+ "${FILESDIR}"/${P}-gnutls3.4.patch
AT_M4DIR="macros" eautoreconf
elibtoolize