From: "Lars Wendler" <polynomial-c@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: net-libs/c-client/, net-libs/c-client/files/
Date: Wed, 24 Oct 2018 15:07:47 +0000 (UTC) [thread overview]
Message-ID: <1540393659.c2626757b304cbe1ba5da551b0db496989e95cc0.polynomial-c@gentoo> (raw)
commit: c2626757b304cbe1ba5da551b0db496989e95cc0
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 24 15:07:24 2018 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Oct 24 15:07:39 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2626757
net-libs/c-client: Fixed build with openssl-1.1
Closes: https://bugs.gentoo.org/647616
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
net-libs/c-client/c-client-2007f-r6.ebuild | 33 ++++++-----
.../files/c-client-2007f-openssl-1.1.patch | 66 ++++++++++++++++++++++
2 files changed, 86 insertions(+), 13 deletions(-)
diff --git a/net-libs/c-client/c-client-2007f-r6.ebuild b/net-libs/c-client/c-client-2007f-r6.ebuild
index 6f539a98487..bd9925412df 100644
--- a/net-libs/c-client/c-client-2007f-r6.ebuild
+++ b/net-libs/c-client/c-client-2007f-r6.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=6
@@ -30,9 +30,28 @@ DEPEND="${RDEPEND}
kernel_linux? ( pam? ( >=sys-libs/pam-0.72 ) )
"
+PATCHES=(
+ # Apply a patch to only build the stuff we need for c-client
+ "${FILESDIR}/${PN}-2006k_GENTOO_Makefile.patch"
+
+ # Apply patch to add the compilation of a .so for PHP
+ # This was previously conditional, but is more widely useful.
+ "${FILESDIR}/${PN}-2006k_GENTOO_amd64-so-fix.patch"
+
+ # Respect LDFLAGS
+ "${FILESDIR}/${PN}-2007f-ldflags.patch"
+
+ # openssl-1.1 build fix #647616
+ "${FILESDIR}/${PN}-2007f-openssl-1.1.patch"
+)
+
src_prepare() {
+ use topal && PATCHES+=( "${FILESDIR}/${P}-topal.patch" )
+
default
+ use chappa && eapply -p2 "${WORKDIR}/${P}-chappa-${CHAPPA_PL}-all.patch"
+
# Tarball packed with bad file perms
chmod -R u+rwX,go-w . || die "failed to fix permissions"
@@ -60,28 +79,16 @@ src_prepare() {
-i src/osdep/unix/Makefile \
|| die "failed to fix the FreeBSD ACTIVEFILE path in the Makefile"
- # Apply a patch to only build the stuff we need for c-client
- eapply "${FILESDIR}/${PN}-2006k_GENTOO_Makefile.patch"
-
- # Apply patch to add the compilation of a .so for PHP
- # This was previously conditional, but is more widely useful.
- eapply "${FILESDIR}/${PN}-2006k_GENTOO_amd64-so-fix.patch"
-
# Remove the pesky checks about SSL stuff
sed -e '/read.*exit/d' -i Makefile \
|| die "failed to disable SSL warning in the Makefile"
- # Respect LDFLAGS
- eapply "${FILESDIR}/${PN}-2007f-ldflags.patch"
sed -e "s:CC=cc:CC=$(tc-getCC):" \
-e "s:ARRC=ar:ARRC=$(tc-getAR):" \
-e "s:RANLIB=ranlib:RANLIB=$(tc-getRANLIB):" \
-i src/osdep/unix/Makefile \
|| die "failed to fix build flags support in the Makefile"
- use topal && eapply "${FILESDIR}/${P}-topal.patch"
- use chappa && epatch "${DISTDIR}/${P}-chappa-${CHAPPA_PL}-all.patch.gz"
-
elibtoolize
}
diff --git a/net-libs/c-client/files/c-client-2007f-openssl-1.1.patch b/net-libs/c-client/files/c-client-2007f-openssl-1.1.patch
new file mode 100644
index 00000000000..918f0bd3fbd
--- /dev/null
+++ b/net-libs/c-client/files/c-client-2007f-openssl-1.1.patch
@@ -0,0 +1,66 @@
+diff -Nru a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c
+--- a/src/osdep/unix/ssl_unix.c 2011-07-23 02:20:10.000000000 +0200
++++ b/src/osdep/unix/ssl_unix.c 2018-09-22 09:34:26.492765776 +0200
+@@ -59,7 +59,7 @@
+ static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags);
+ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags);
+ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx);
+-static char *ssl_validate_cert (X509 *cert,char *host);
++static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj);
+ static long ssl_compare_hostnames (unsigned char *s,unsigned char *pat);
+ static char *ssl_getline_work (SSLSTREAM *stream,unsigned long *size,
+ long *contd);
+@@ -210,6 +210,7 @@
+ BIO *bio;
+ X509 *cert;
+ unsigned long sl,tl;
++ char cert_subj[250];
+ char *s,*t,*err,tmp[MAILTMPLEN];
+ sslcertificatequery_t scq =
+ (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL);
+@@ -266,13 +267,17 @@
+ if (SSL_write (stream->con,"",0) < 0)
+ return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
+ /* need to validate host names? */
+- if (!(flags & NET_NOVALIDATECERT) &&
+- (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
+- host))) {
+- /* application callback */
+- if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL : "";
+- /* error message to return via mm_log() */
+- sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
++ if (!(flags & NET_NOVALIDATECERT)) {
++ cert_subj[0] = '\0';
++ cert = SSL_get_peer_certificate(stream->con);
++ if (cert)
++ X509_NAME_oneline(X509_get_subject_name(cert), cert_subj, sizeof(cert_subj));
++ err = ssl_validate_cert (cert, host, cert_subj);
++ if (err)
++ /* application callback */
++ if (scq) return (*scq) (err,host,cert ? cert_subj : "???") ? NIL : "";
++ /* error message to return via mm_log() */
++ sprintf (tmp,"*%.128s: %.255s",err,cert ? cert_subj : "???");
+ return ssl_last_error = cpystr (tmp);
+ }
+ return NIL;
+@@ -313,7 +318,7 @@
+ * Returns: NIL if validated, else string of error message
+ */
+
+-static char *ssl_validate_cert (X509 *cert,char *host)
++static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj)
+ {
+ int i,n;
+ char *s,*t,*ret;
+@@ -322,9 +327,9 @@
+ /* make sure have a certificate */
+ if (!cert) ret = "No certificate from server";
+ /* and that it has a name */
+- else if (!cert->name) ret = "No name in certificate";
++ else if (cert_subj[0] == '\0') ret = "No name in certificate";
+ /* locate CN */
+- else if (s = strstr (cert->name,"/CN=")) {
++ else if (s = strstr (cert_subj,"/CN=")) {
+ if (t = strchr (s += 4,'/')) *t = '\0';
+ /* host name matches pattern? */
+ ret = ssl_compare_hostnames (host,s) ? NIL :
next reply other threads:[~2018-10-24 15:07 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-24 15:07 Lars Wendler [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-02-06 3:59 [gentoo-commits] repo/gentoo:master commit in: net-libs/c-client/, net-libs/c-client/files/ Sam James
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1540393659.c2626757b304cbe1ba5da551b0db496989e95cc0.polynomial-c@gentoo \
--to=polynomial-c@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox