From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 94B251388BF for ; Wed, 17 Feb 2016 21:08:32 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8A6C9E0879; Wed, 17 Feb 2016 21:08:31 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id EB2D4E0878 for ; Wed, 17 Feb 2016 21:08:30 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B7EC9340CA2 for ; Wed, 17 Feb 2016 21:08:29 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 4ABCF15E7 for ; Wed, 17 Feb 2016 21:08:28 +0000 (UTC) From: "Alexis Ballier" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Alexis Ballier" Message-ID: <1455743287.8de0c5c4f0e7c862d82893a94945d32b4cc38076.aballier@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-libs/neon/, net-libs/neon/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-libs/neon/files/neon-0.30.1-gnutls3.4.patch net-libs/neon/neon-0.30.1-r1.ebuild X-VCS-Directories: net-libs/neon/ net-libs/neon/files/ X-VCS-Committer: aballier X-VCS-Committer-Name: Alexis Ballier X-VCS-Revision: 8de0c5c4f0e7c862d82893a94945d32b4cc38076 X-VCS-Branch: master Date: Wed, 17 Feb 2016 21:08:28 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: e016be14-2f3c-49ba-a069-66a8f763ca63 X-Archives-Hash: 65ba78e6d45579c5d6f4115e5bed7c11 commit: 8de0c5c4f0e7c862d82893a94945d32b4cc38076 Author: Alexis Ballier gentoo org> AuthorDate: Wed Feb 17 20:12:14 2016 +0000 Commit: Alexis Ballier gentoo org> CommitDate: Wed Feb 17 21:08:07 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8de0c5c4 net-libs/neon: Import patch from debian & upstream to fix build with gnutls 3.4. Bug #546114. Package-Manager: portage-2.2.27 Signed-off-by: Alexis Ballier gentoo.org> net-libs/neon/files/neon-0.30.1-gnutls3.4.patch | 282 ++++++++++++++++++++++++ net-libs/neon/neon-0.30.1-r1.ebuild | 3 +- 2 files changed, 284 insertions(+), 1 deletion(-) diff --git a/net-libs/neon/files/neon-0.30.1-gnutls3.4.patch b/net-libs/neon/files/neon-0.30.1-gnutls3.4.patch new file mode 100644 index 0000000..c5165a0 --- /dev/null +++ b/net-libs/neon/files/neon-0.30.1-gnutls3.4.patch @@ -0,0 +1,282 @@ +Description: fix building with GnuTLS 3.4 + Rewrite GnuTLS PKCS#11 support to work (exclusively) with the new + GnuTLS 3.x API. +Origin: upstream, r1963 +Author: Joe Orton +Bug-Debian: https://bugs.debian.org/782832 +Last-Update: 2015-10-03 + +--- + +--- neon27-0.30.1.orig/macros/neon.m4 ++++ neon27-0.30.1/macros/neon.m4 +@@ -982,10 +982,11 @@ gnutls) + + # Check for functions in later releases + NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \ +- gnutls_sign_callback_set \ + gnutls_certificate_get_issuer \ + gnutls_certificate_get_x509_cas \ +- gnutls_x509_crt_sign2]) ++ gnutls_x509_crt_sign2 \ ++ gnutls_certificate_set_retrieve_function2 \ ++ gnutls_privkey_import_ext]) + + # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required) + if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then +@@ -1039,7 +1040,7 @@ posix|yes) + ;; + esac + +-case ${with_pakchois}X${ac_cv_func_gnutls_sign_callback_set}Y${ne_cv_lib_ssl097} in ++case ${with_pakchois}X${ac_cv_func_gnutls_privkey_import_ext}Y${ne_cv_lib_ssl097} in + noX*Y*) ;; + *X*Yyes|*XyesY*) + # PKCS#11... ho! +--- neon27-0.30.1.orig/src/ne_gnutls.c ++++ neon27-0.30.1/src/ne_gnutls.c +@@ -89,6 +89,13 @@ struct ne_ssl_client_cert_s { + ne_ssl_certificate cert; + gnutls_x509_privkey_t pkey; + char *friendly_name; ++#ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT ++ /* Signing callback & userdata provided by ne_pkcs11.c. It would ++ * be better to rewrite the whole module to use gnutls_privkey_t ++ * directly, but it seems impossible to dup such an object. */ ++ gnutls_privkey_sign_func sign_func; ++ void *sign_ud; ++#endif + }; + + /* Returns the highest used index in subject (or issuer) DN of +@@ -525,6 +532,10 @@ static ne_ssl_client_cert *dup_client_ce + + if (cc->keyless) { + newcc->keyless = 1; ++#ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT ++ newcc->sign_func = cc->sign_func; ++ newcc->sign_ud = cc->sign_ud; ++#endif + } + else { + ret = gnutls_x509_privkey_init(&newcc->pkey); +@@ -553,7 +564,15 @@ dup_error: + static int provide_client_cert(gnutls_session_t session, + const gnutls_datum_t *req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t *sign_algos, +- int sign_algos_length, gnutls_retr_st *st) ++ int sign_algos_length, ++#ifdef HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION2 ++ gnutls_pcert_st **pcert, ++ unsigned int *pcert_length, ++ gnutls_privkey_t *pkey ++#else ++ gnutls_retr2_st *st ++#endif ++ ) + { + ne_session *sess = gnutls_session_get_ptr(session); + +@@ -611,27 +630,59 @@ static int provide_client_cert(gnutls_se + if (sess->client_cert) { + gnutls_certificate_type_t type = gnutls_certificate_type_get(session); + if (type == GNUTLS_CRT_X509 +-#if LIBGNUTLS_VERSION_NUMBER > 0x030000 +- /* Ugly hack; prevent segfaults w/GnuTLS 3.0. */ +- && sess->client_cert->pkey != NULL ++ && (sess->client_cert->pkey || sess->client_cert->keyless)) { ++ int ret; ++ ++#ifdef HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION2 ++ *pkey = gnutls_malloc(sizeof *pkey); ++ gnutls_privkey_init(pkey); ++ ++#ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT ++ if (sess->client_cert->sign_func) { ++ int algo = gnutls_x509_crt_get_pk_algorithm(sess->client_cert->cert.subject, NULL); ++ NE_DEBUG(NE_DBG_SSL, "ssl: Signing for %s.\n", gnutls_pk_algorithm_get_name(algo)); ++ ++ ret = gnutls_privkey_import_ext(*pkey, algo, sess->client_cert->sign_ud, ++ sess->client_cert->sign_func, NULL, 0); ++ } ++ else + #endif +- ) { +- NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n"); ++ if (sess->client_cert->keyless) { ++ ret = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; ++ } ++ else { ++ ret = gnutls_privkey_import_x509(*pkey, sess->client_cert->pkey, 0); ++ } + +- st->type = type; ++ if (ret) { ++ NE_DEBUG(NE_DBG_SSL, "ssl: Failed to import private key: %s.\n", gnutls_strerror(ret)); ++ ne_set_error(sess, _("Failed to import private key: %s"), gnutls_strerror(ret)); ++ return ret; ++ } ++ ++ *pcert = gnutls_malloc(sizeof *pcert); ++ gnutls_pcert_import_x509(*pcert, sess->client_cert->cert.subject, 0); ++ *pcert_length = 1; ++#else /* !HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION2 */ ++ st->cert_type = type; + st->ncerts = 1; + st->cert.x509 = &sess->client_cert->cert.subject; + st->key.x509 = sess->client_cert->pkey; + + /* tell GNU TLS not to deallocate the certs. */ + st->deinit_all = 0; ++#endif + } else { + return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; + } + } + else { +- NE_DEBUG(NE_DBG_SSL, "No client certificate supplied.\n"); ++ NE_DEBUG(NE_DBG_SSL, "ssl: No client certificate supplied.\n"); ++#ifdef HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION2 ++ *pcert_length = 0; ++#else + st->ncerts = 0; ++#endif + sess->ssl_cc_requested = 1; + return 0; + } +@@ -649,8 +700,12 @@ ne_ssl_context *ne_ssl_context_create(in + ne_ssl_context *ctx = ne_calloc(sizeof *ctx); + gnutls_certificate_allocate_credentials(&ctx->cred); + if (flags == NE_SSL_CTX_CLIENT) { ++#ifdef HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION2 ++ gnutls_certificate_set_retrieve_function2(ctx->cred, provide_client_cert); ++#else + gnutls_certificate_client_set_retrieve_function(ctx->cred, + provide_client_cert); ++#endif + } + gnutls_certificate_set_verify_flags(ctx->cred, + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); +@@ -1206,8 +1261,10 @@ ne_ssl_client_cert *ne_ssl_clicert_impor + } + } + +-ne_ssl_client_cert *ne__ssl_clicert_exkey_import(const unsigned char *der, +- size_t der_len) ++#ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT ++ne_ssl_client_cert *ne__ssl_clicert_exkey_import(const unsigned char *der, size_t der_len, ++ gnutls_privkey_sign_func sign_func, ++ void *userdata) + { + ne_ssl_client_cert *cc; + gnutls_x509_crt_t x5; +@@ -1226,9 +1283,12 @@ ne_ssl_client_cert *ne__ssl_clicert_exke + cc->keyless = 1; + cc->decrypted = 1; + populate_cert(&cc->cert, x5); ++ cc->sign_func = sign_func; ++ cc->sign_ud = userdata; + +- return cc; ++ return cc; + } ++#endif + + int ne_ssl_clicert_encrypted(const ne_ssl_client_cert *cc) + { +--- neon27-0.30.1.orig/src/ne_pkcs11.c ++++ neon27-0.30.1/src/ne_pkcs11.c +@@ -156,6 +156,13 @@ static RSA_METHOD *pk11_rsa_method(ne_ss + } + #endif + ++#ifdef HAVE_GNUTLS ++static int pk11_sign_callback(gnutls_privkey_t pkey, ++ void *userdata, ++ const gnutls_datum_t *raw_data, ++ gnutls_datum_t *signature); ++#endif ++ + static int pk11_find_x509(ne_ssl_pkcs11_provider *prov, + pakchois_session_t *pks, + unsigned char *certid, unsigned long *cid_len) +@@ -203,7 +210,7 @@ static int pk11_find_x509(ne_ssl_pkcs11_ + ne_ssl_client_cert *cc; + + #ifdef HAVE_GNUTLS +- cc = ne__ssl_clicert_exkey_import(value, a[0].value_len); ++ cc = ne__ssl_clicert_exkey_import(value, a[0].value_len, pk11_sign_callback, prov); + #else + cc = ne__ssl_clicert_exkey_import(value, a[0].value_len, pk11_rsa_method(prov)); + #endif +@@ -298,10 +305,8 @@ static int find_client_cert(ne_ssl_pkcs1 + #ifdef HAVE_GNUTLS + /* Callback invoked by GnuTLS to provide the signature. The signature + * operation is handled here by the PKCS#11 provider. */ +-static int pk11_sign_callback(gnutls_session_t session, ++static int pk11_sign_callback(gnutls_privkey_t pkey, + void *userdata, +- gnutls_certificate_type_t cert_type, +- const gnutls_datum_t *cert, + const gnutls_datum_t *hash, + gnutls_datum_t *signature) + { +@@ -571,11 +576,6 @@ void ne_ssl_pkcs11_provider_pin(ne_ssl_p + void ne_ssl_set_pkcs11_provider(ne_session *sess, + ne_ssl_pkcs11_provider *provider) + { +-#ifdef HAVE_GNUTLS +- sess->ssl_context->sign_func = pk11_sign_callback; +- sess->ssl_context->sign_data = provider; +-#endif +- + ne_ssl_provide_clicert(sess, pk11_provide, provider); + } + +--- neon27-0.30.1.orig/src/ne_privssl.h ++++ neon27-0.30.1/src/ne_privssl.h +@@ -58,6 +58,10 @@ ne__ssl_clicert_exkey_import(const unsig + + #include + ++#ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT ++#include ++#endif ++ + struct ne_ssl_context_s { + gnutls_certificate_credentials_t cred; + int verify; /* non-zero if client cert verification required */ +@@ -78,17 +82,13 @@ struct ne_ssl_context_s { + } client; + #endif + } cache; +- +-#ifdef HAVE_GNUTLS_SIGN_CALLBACK_SET +- gnutls_sign_func sign_func; +- void *sign_data; +-#endif + }; + + typedef gnutls_session_t ne_ssl_socket; + + NE_PRIVATE ne_ssl_client_cert * +-ne__ssl_clicert_exkey_import(const unsigned char *der, size_t der_len); ++ne__ssl_clicert_exkey_import(const unsigned char *der, size_t der_len, ++ gnutls_privkey_sign_func sign_func, void *userdata); + + #endif /* HAVE_GNUTLS */ + +--- neon27-0.30.1.orig/src/ne_socket.c ++++ neon27-0.30.1/src/ne_socket.c +@@ -1793,11 +1793,6 @@ int ne_sock_connect_ssl(ne_socket *sock, + gnutls_session_set_ptr(sock->ssl, userdata); + gnutls_credentials_set(sock->ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); + +-#ifdef HAVE_GNUTLS_SIGN_CALLBACK_SET +- if (ctx->sign_func) +- gnutls_sign_callback_set(sock->ssl, ctx->sign_func, ctx->sign_data); +-#endif +- + if (ctx->hostname) { + gnutls_server_name_set(sock->ssl, GNUTLS_NAME_DNS, ctx->hostname, + strlen(ctx->hostname)); diff --git a/net-libs/neon/neon-0.30.1-r1.ebuild b/net-libs/neon/neon-0.30.1-r1.ebuild index c2b7f79..e4de832 100644 --- a/net-libs/neon/neon-0.30.1-r1.ebuild +++ b/net-libs/neon/neon-0.30.1-r1.ebuild @@ -56,7 +56,8 @@ src_prepare() { done sed -e "s/ALL_LINGUAS=.*/ALL_LINGUAS=\"${linguas}\"/" -i configure.ac || die - epatch "${FILESDIR}"/${P}-xml2-config.patch + epatch "${FILESDIR}"/${P}-xml2-config.patch \ + "${FILESDIR}"/${P}-gnutls3.4.patch AT_M4DIR="macros" eautoreconf elibtoolize