[gentoo-commits] repo/gentoo:master commit in: dev-libs/xmlsec/, dev-libs/xmlsec/files/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Alon Bar-Lev" <alonbl@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/xmlsec/, dev-libs/xmlsec/files/
Date: Mon,  1 Apr 2019 04:12:01 +0000 (UTC)	[thread overview]
Message-ID: <1554091909.4ee1e630aca57b00bfaaa1e1b1c8921c4a6e25b5.alonbl@gentoo> (raw)

commit:     4ee1e630aca57b00bfaaa1e1b1c8921c4a6e25b5
Author:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Mon Apr  1 04:09:15 2019 +0000
Commit:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Mon Apr  1 04:11:49 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ee1e630

dev-libs/xmlsec: support SHA-1 signed certificates with gnutls-3.6

Signed-off-by: Alon Bar-Lev <alonbl <AT> gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11
RepoMan-Options: --force

 dev-libs/xmlsec/files/xmlsec-1.2.27-gnutls.patch   | 47 ++++++++++++++++++++++
 ...mlsec-1.2.27.ebuild => xmlsec-1.2.27-r1.ebuild} |  4 ++
 2 files changed, 51 insertions(+)

diff --git a/dev-libs/xmlsec/files/xmlsec-1.2.27-gnutls.patch b/dev-libs/xmlsec/files/xmlsec-1.2.27-gnutls.patch
new file mode 100644
index 00000000000..2837420e0dc
--- /dev/null
+++ b/dev-libs/xmlsec/files/xmlsec-1.2.27-gnutls.patch
@@ -0,0 +1,47 @@
+From 321e62add243cf8f024d6278da4c5ff030bae3b9 Mon Sep 17 00:00:00 2001
+From: Alon Bar-Lev <alon.barlev@gmail.com>
+Date: Mon, 1 Apr 2019 01:28:18 +0300
+Subject: [PATCH] gnutls: allow SHA-1 signed certificate when not in strict
+ checks (#250) (#251)
+
+This is required for gnutls-3.6.x.
+
+Allow tests to use no strict checks until all certificates will be converted
+to stronger signature than SHA-1.
+
+Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+---
+ src/gnutls/x509vfy.c | 3 +++
+ tests/testrun.sh     | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/gnutls/x509vfy.c b/src/gnutls/x509vfy.c
+index a9c956a3..4c753344 100644
+--- a/src/gnutls/x509vfy.c
++++ b/src/gnutls/x509vfy.c
+@@ -295,6 +295,9 @@ xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store,
+     if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0) {
+         flags |= GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2;
+         flags |= GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
++#if GNUTLS_VERSION_NUMBER >= 0x030600
++        flags |= GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1;
++#endif
+     }
+ 
+     /* We are going to build all possible cert chains and try to verify them */
+diff --git a/tests/testrun.sh b/tests/testrun.sh
+index 02484d09..ea65802b 100755
+--- a/tests/testrun.sh
++++ b/tests/testrun.sh
+@@ -59,7 +59,7 @@ if [ "z$XMLSEC_DEFAULT_CRYPTO" != "z" ] ; then
+ elif [ "z$crypto" != "z" ] ; then
+     xmlsec_params="$xmlsec_params --crypto $crypto"
+ fi
+-xmlsec_params="$xmlsec_params --crypto-config $crypto_config"
++xmlsec_params="$xmlsec_params --X509-skip-strict-checks --crypto-config $crypto_config"
+ 
+ #
+ # Setup keys config
+-- 
+2.21.0
+

diff --git a/dev-libs/xmlsec/xmlsec-1.2.27.ebuild b/dev-libs/xmlsec/xmlsec-1.2.27-r1.ebuild
similarity index 97%
rename from dev-libs/xmlsec/xmlsec-1.2.27.ebuild
rename to dev-libs/xmlsec/xmlsec-1.2.27-r1.ebuild
index 80b76456dd6..e56570b8002 100644
--- a/dev-libs/xmlsec/xmlsec-1.2.27.ebuild
+++ b/dev-libs/xmlsec/xmlsec-1.2.27-r1.ebuild
@@ -38,6 +38,10 @@ BDEPEND="virtual/pkgconfig
 
 S="${WORKDIR}/${PN}1-${PV}"
 
+PATCHES=(
+	"${FILESDIR}/${P}-gnutls.patch"
+)
+
 src_prepare() {
 	default
 	# conditionally install extra documentation

next             reply	other threads:[~2019-04-01  4:12 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-01  4:12 Alon Bar-Lev [this message]
  -- strict thread matches above, loose matches on Subject: below --
2019-04-16 20:25 [gentoo-commits] repo/gentoo:master commit in: dev-libs/xmlsec/, dev-libs/xmlsec/files/ Alon Bar-Lev
2019-06-04 15:28 Alon Bar-Lev
2021-02-02 15:24 Sam James
2023-04-15  5:40 Sam James
2023-04-17  0:51 Sam James
2023-06-14  6:07 Sam James
2023-11-25  0:55 Sam James
2024-10-05  8:24 Sam James

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2837420e0d dfblob:80b76456dd dfblob:e56570b800 )
 OR (
bs:"[gentoo-commits] repo/gentoo:master commit in: dev-libs/xmlsec/, dev-libs/xmlsec/files/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1554091909.4ee1e630aca57b00bfaaa1e1b1c8921c4a6e25b5.alonbl@gentoo \
    --to=alonbl@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox