[gentoo-commits] repo/proj/libressl:master commit in: dev-perl/Net-SSLeay/, dev-perl/Net-SSLeay/files/

[gentoo-commits] repo/proj/libressl:master commit in: dev-perl/Net-SSLeay/, dev-perl/Net-SSLeay/files/

[Quentin Retornaz]

commit:     f70d8bd41578ec2ba2841a6b1304ec332882fc38
Author:     orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sat Oct  2 05:53:03 2021 +0000
Commit:     Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Sat Oct  2 22:18:54 2021 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=f70d8bd4

dev-perl/Net-SSLeay: Added

Signed-off-by: orbea <orbea <AT> riseup.net>
Closes: https://github.com/gentoo/libressl/pull/356
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>

 dev-perl/Net-SSLeay/Manifest                       |  1 +
 dev-perl/Net-SSLeay/Net-SSLeay-1.900.0.ebuild      | 64 ++++++++++++++++++++++
 .../files/Net-SSLeay-1.88-fix-libdir.patch         | 27 +++++++++
 .../files/Net-SSLeay-1.88-fix-network-tests.patch  | 17 ++++++
 .../files/Net-SSLeay-1.900.0-libressl.patch        | 24 ++++++++
 5 files changed, 133 insertions(+)

diff --git a/dev-perl/Net-SSLeay/Manifest b/dev-perl/Net-SSLeay/Manifest
new file mode 100644
index 0000000..5937ab9
--- /dev/null
+++ b/dev-perl/Net-SSLeay/Manifest
@@ -0,0 +1 @@
+DIST Net-SSLeay-1.90.tar.gz 534246 BLAKE2B 2510fa886db8b7c5f185aa1145ae1b50b7c4101a9bd80e17c8c1d77718765f288c9180464d831775c35aa94b5a6f6c8f717ecaeb4974f7280829b63f10567f22 SHA512 8a5f251b5ef1d8c2d619d984594a7a22ddeed2e5e726fe683a45f299d7878f4ca8ffab00480ebf5ef7a94ae1fcf6be05dfdaa68b8bfe2ad68443150765adb891

diff --git a/dev-perl/Net-SSLeay/Net-SSLeay-1.900.0.ebuild b/dev-perl/Net-SSLeay/Net-SSLeay-1.900.0.ebuild
new file mode 100644
index 0000000..5d4c2b8
--- /dev/null
+++ b/dev-perl/Net-SSLeay/Net-SSLeay-1.900.0.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DIST_AUTHOR=CHRISN
+DIST_VERSION=1.90
+DIST_EXAMPLES=("examples/*")
+inherit multilib perl-module
+
+DESCRIPTION="Perl extension for using OpenSSL"
+
+LICENSE="Artistic-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="minimal examples"
+
+RDEPEND="
+	dev-libs/openssl:0=
+	virtual/perl-MIME-Base64
+"
+BDEPEND="${RDEPEND}
+	virtual/perl-ExtUtils-MakeMaker
+	test? (
+		!minimal? (
+			dev-perl/Test-Exception
+			dev-perl/Test-Warn
+			dev-perl/Test-NoWarnings
+		)
+		virtual/perl-Test-Simple
+	)
+"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-1.88-fix-network-tests.patch"
+	"${FILESDIR}/${PN}-1.88-fix-libdir.patch"
+	"${FILESDIR}/${P}-libressl.patch"
+)
+
+PERL_RM_FILES=(
+	# Hateful author tests
+	't/local/01_pod.t'
+	't/local/02_pod_coverage.t'
+	't/local/kwalitee.t'
+)
+
+src_configure() {
+	if use test && has network ${DIST_TEST_OVERRIDE:-${DIST_TEST:-do parallel}}; then
+		export NETWORK_TESTS=yes
+	else
+		use test && einfo "Network tests will be skipped without DIST_TEST_OVERRIDE=~network"
+		export NETWORK_TESTS=no
+	fi
+	export LIBDIR=$(get_libdir)
+	perl-module_src_configure
+}
+
+src_compile() {
+	mymake=(
+		OPTIMIZE="${CFLAGS}"
+		OPENSSL_PREFIX="${EPREFIX}"/usr
+	)
+	perl-module_src_compile
+}

diff --git a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.88-fix-libdir.patch b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.88-fix-libdir.patch
new file mode 100644
index 0000000..d78acb9
--- /dev/null
+++ b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.88-fix-libdir.patch
@@ -0,0 +1,27 @@
+Bug: https://bugs.gentoo.org/416339
+
+The previous patch for the above bug report used $ENV{LIBDIR} but this
+wasn't enough to help with cross-compiling. We could use $ENV{SYSROOT}
+but this results in a bogus RPATH entry. It is better to simply trust
+the toolchain, which may have its own sysroot applied.
+
+Cross-compiling Perl modules requires additional hackery but at least
+that hackery will work now. :)
+
+Chewi
+2017/12/03
+
+diff -Naur a/Makefile.PL b/Makefile.PL
+--- a/Makefile.PL	2017-10-13 01:38:01.000000000 +0100
++++ b/Makefile.PL	2017-12-03 10:52:27.304861804 +0000
+@@ -141,10 +141,8 @@
+         cccdlflags => '',
+     };
+     for ("$prefix/include", "$prefix/inc32", '/usr/kerberos/include') {
+-      push @{$opts->{inc_paths}}, $_ if -f "$_/openssl/ssl.h";
+     }
+     for ($prefix, "$prefix/lib64", "$prefix/lib", "$prefix/out32dll") {
+-      push @{$opts->{lib_paths}}, $_ if -d $_;
+     }
+ 
+     my $rsaref  = $self->ssleay_is_rsaref;

diff --git a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.88-fix-network-tests.patch b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.88-fix-network-tests.patch
new file mode 100644
index 0000000..a98c4c8
--- /dev/null
+++ b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.88-fix-network-tests.patch
@@ -0,0 +1,17 @@
+diff --git a/Makefile.PL b/Makefile.PL
+index 31d9c74..91ac2b4 100644
+--- a/Makefile.PL
++++ b/Makefile.PL
+@@ -12,11 +12,7 @@ use Symbol qw(gensym);
+ # the Net-SSLeay loadable object on Windows
+ my $win_link_statically = 0;
+ 
+-my $tests = prompt(
+-  "Do you want to run external tests?\n".
+-  "These tests *will* *fail* if you do not have network connectivity.",
+-  'n',
+-) =~ /^y/i ? 't/*/*.t t/*/*/*.t' : 't/local/*.t t/handle/local/*.t';
++my $tests = ( 'yes' eq ( $ENV{NETWORK_TESTS} || '' ) ) ? 't/*/*.t t/*/*/*.t' : 't/local/*.t t/handle/local/*.t';
+ 
+ my %eumm_args = (
+   NAME => 'Net::SSLeay',

diff --git a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.900.0-libressl.patch b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.900.0-libressl.patch
new file mode 100644
index 0000000..dc5b69c
--- /dev/null
+++ b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.900.0-libressl.patch
@@ -0,0 +1,24 @@
+From 3cea3697bfc75ab3e5f4725eb1588ed9c4bff27a Mon Sep 17 00:00:00 2001
+From: Alexander Bluhm <alexander.bluhm@gmx.net>
+Date: Mon, 30 Aug 2021 21:31:20 +0200
+Subject: [PATCH] Use SSL_SESSION_get_master_key() for LibreSSL.
+
+Since version 2.7 LibreSSL implements SSL_SESSION_get_master_key().
+Use this instead of accessing internal struct fields.
+---
+ SSLeay.xs | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/SSLeay.xs b/SSLeay.xs
+index c2257fa..5377ba6 100644
+--- a/SSLeay.xs
++++ b/SSLeay.xs
+@@ -6281,7 +6281,7 @@ SSL_total_renegotiations(ssl)
+   OUTPUT:
+   RETVAL
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
+ void
+ SSL_SESSION_get_master_key(s)
+      SSL_SESSION *   s

[gentoo-commits] repo/proj/libressl:master commit in: dev-perl/Net-SSLeay/, dev-perl/Net-SSLeay/files/

[Quentin Retornaz]

commit:     1136185fc6a0cdbf16f0fa0c2b82787343e93cfb
Author:     Mike Skec <skec <AT> protonmail <DOT> ch>
AuthorDate: Fri Mar 11 22:16:07 2022 +0000
Commit:     Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Sun Mar 13 02:48:47 2022 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=1136185f

dev-perl/Net-SSLeay-1.900.0: pull in patches to improve LibreSSL 3.5.0 compatibility

Signed-off-by: Mike Skec <skec <AT> protonmail.ch>
Closes: https://github.com/gentoo/libressl/pull/384
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>

 dev-perl/Net-SSLeay/Net-SSLeay-1.900.0.ebuild      |   1 +
 .../files/Net-SSLeay-1.900.0-libressl-3.5.0.patch  | 208 +++++++++++++++++++++
 2 files changed, 209 insertions(+)

diff --git a/dev-perl/Net-SSLeay/Net-SSLeay-1.900.0.ebuild b/dev-perl/Net-SSLeay/Net-SSLeay-1.900.0.ebuild
index 5d4c2b8..95c81cd 100644
--- a/dev-perl/Net-SSLeay/Net-SSLeay-1.900.0.ebuild
+++ b/dev-perl/Net-SSLeay/Net-SSLeay-1.900.0.ebuild
@@ -35,6 +35,7 @@ PATCHES=(
 	"${FILESDIR}/${PN}-1.88-fix-network-tests.patch"
 	"${FILESDIR}/${PN}-1.88-fix-libdir.patch"
 	"${FILESDIR}/${P}-libressl.patch"
+	"${FILESDIR}/${PN}-1.900.0-libressl-3.5.0.patch"
 )
 
 PERL_RM_FILES=(

diff --git a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.900.0-libressl-3.5.0.patch b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.900.0-libressl-3.5.0.patch
new file mode 100644
index 0000000..50375e1
--- /dev/null
+++ b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.900.0-libressl-3.5.0.patch
@@ -0,0 +1,208 @@
+From 783bb4e1ec594febf8e44274d7878002ab32f247 Mon Sep 17 00:00:00 2001
+From: Mike Skec <skec@protonmail.ch>
+Date: Sat, 12 Mar 2022 09:02:01 +1100
+Subject: [PATCH] apply various upstream patches for better LibreSSL support.
+
+Merges the following commits from upstream (these should be present in
+the next release of Net-SSLeay):
+ Use X509_get0_tbs_sigalg() for LibreSSL. (#360)
+  https://github.com/radiator-software/p5-net-ssleay/commit/4a886e06c1cac80e7fb3f8d52146a27ce557ba8c
+ Use OCSP_SINGLERESP_get0_id() for LibreSSL. (#362) 
+  https://github.com/radiator-software/p5-net-ssleay/commit/88c3bbc45399c8ef2c8879aada8bfa91d8bc6c10
+ Implement RSA_get_key_parameters() for newer LibreSSL. (#363) 
+  https://github.com/radiator-software/p5-net-ssleay/commit/3dd2f101b8e15a59f66e22525b8d001d5ad6ce7d
+ Enable SSL get proto version for LibreSSL. (#364)
+  https://github.com/radiator-software/p5-net-ssleay/commit/6c5da5b3a4b48d365adc4aca2fbb043416b3b288
+ GH-369 Make RSA_get_key_parameters available with OpenSSL 1.1.0 and later.
+  https://github.com/radiator-software/p5-net-ssleay/commit/7ff8f49b07301a5c804e3ac69dc3079200ac09a4
+---
+ SSLeay.xs                     | 51 +++++++++++++++++++++++++++--------
+ t/local/33_x509_create_cert.t | 26 +++++++++++++-----
+ typemap                       |  1 +
+ 3 files changed, 60 insertions(+), 18 deletions(-)
+
+diff --git a/SSLeay.xs b/SSLeay.xs
+index bfd6320..14c39ee 100644
+--- a/SSLeay.xs
++++ b/SSLeay.xs
+@@ -1759,10 +1759,10 @@ X509 * find_issuer(X509 *cert,X509_STORE *store, STACK_OF(X509) *chain) {
+     return issuer;
+ }
+ 
+-SV* bn2sv(BIGNUM* p_bn)
++static SV *bn2sv(const BIGNUM* p_bn)
+ {
+     return p_bn != NULL
+-        ? sv_2mortal(newSViv((IV) BN_dup(p_bn)))
++        ? sv_2mortal(newSViv(PTR2IV(BN_dup(p_bn))))
+         : &PL_sv_undef;
+ }
+ 
+@@ -4884,7 +4884,7 @@ SSL_set_max_proto_version(ssl, version)
+ #endif /* OpenSSL 1.1.0-pre2 or LibreSSL 2.6.0 */
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x1010007fL && !defined(LIBRESSL_VERSION_NUMBER)
++#if (OPENSSL_VERSION_NUMBER >= 0x1010007fL && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3040000fL)
+ 
+ int
+ SSL_CTX_get_min_proto_version(ctx)
+@@ -4902,7 +4902,7 @@ int
+ SSL_get_max_proto_version(ssl)
+      SSL *  ssl
+ 
+-#endif /* OpenSSL 1.1.0g */
++#endif /* OpenSSL 1.1.0g or LibreSSL 3.4.0 */
+ 
+ 
+ #if OPENSSL_VERSION_NUMBER < 0x10000000L
+@@ -5922,6 +5922,18 @@ SSL_set_tmp_rsa(ssl,rsa)
+ 
+ #endif
+ 
++BIGNUM *
++BN_dup(const BIGNUM *from)
++
++void
++BN_clear(BIGNUM *bn)
++
++void
++BN_clear_free(BIGNUM *bn)
++
++void
++BN_free(BIGNUM *bn)
++
+ #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
+ 
+ RSA *
+@@ -6001,13 +6013,31 @@ RSA_generate_key(bits,e,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
+ 
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+-
+ void
+ RSA_get_key_parameters(rsa)
+ 	    RSA * rsa
++PREINIT:
++#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL)) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL))
++    const BIGNUM *n, *e, *d;
++    const BIGNUM *p, *q;
++    const BIGNUM *dmp1, *dmq1, *iqmp;
++#endif
+ PPCODE:
+ {
++#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL)) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL))
++    RSA_get0_key(rsa, &n, &e, &d);
++    RSA_get0_factors(rsa, &p, &q);
++    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
++    /* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
++    XPUSHs(bn2sv(n));
++    XPUSHs(bn2sv(e));
++    XPUSHs(bn2sv(d));
++    XPUSHs(bn2sv(p));
++    XPUSHs(bn2sv(q));
++    XPUSHs(bn2sv(dmp1));
++    XPUSHs(bn2sv(dmq1));
++    XPUSHs(bn2sv(iqmp));
++#else
+     /* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
+     XPUSHs(bn2sv(rsa->n));
+     XPUSHs(bn2sv(rsa->e));
+@@ -6017,9 +6047,8 @@ PPCODE:
+     XPUSHs(bn2sv(rsa->dmp1));
+     XPUSHs(bn2sv(rsa->dmq1));
+     XPUSHs(bn2sv(rsa->iqmp));
+-}
+-
+ #endif
++}
+ 
+ void
+ RSA_free(r)
+@@ -6920,7 +6949,7 @@ ASN1_OBJECT *
+ P_X509_get_signature_alg(x)
+         X509 * x
+     CODE:
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
+         RETVAL = (X509_get0_tbs_sigalg(x)->algorithm);
+ #else
+         RETVAL = (x->cert_info->signature->algorithm);
+@@ -7412,7 +7441,7 @@ OCSP_response_results(rsp,...)
+ 		if (!idsv) {
+ 		    /* getall: create new SV with OCSP_CERTID */
+ 		    unsigned char *pi,*pc;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
++#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
+ 		    int len = i2d_OCSP_CERTID(OCSP_SINGLERESP_get0_id(sir),NULL);
+ #else
+ 		    int len = i2d_OCSP_CERTID(sir->certId,NULL);
+@@ -7421,7 +7450,7 @@ OCSP_response_results(rsp,...)
+ 		    Newx(pc,len,unsigned char);
+ 		    if (!pc) croak("out of memory");
+ 		    pi = pc;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
++#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
+ 		    i2d_OCSP_CERTID(OCSP_SINGLERESP_get0_id(sir),&pi);
+ #else
+ 		    i2d_OCSP_CERTID(sir->certId,&pi);
+diff --git a/t/local/33_x509_create_cert.t b/t/local/33_x509_create_cert.t
+index 3c5a2e8..3666095 100755
+--- a/t/local/33_x509_create_cert.t
++++ b/t/local/33_x509_create_cert.t
+@@ -5,7 +5,7 @@ use Test::Net::SSLeay qw( data_file_path initialise_libssl is_openssl );
+ 
+ use utf8;
+ 
+-plan tests => 139;
++plan tests => 141;
+ 
+ initialise_libssl();
+ 
+@@ -27,12 +27,24 @@ is(Net::SSLeay::X509_NAME_cmp($ca_issuer, $ca_subject), 0, "X509_NAME_cmp");
+   ok(my $rsa = Net::SSLeay::RSA_generate_key(2048, &Net::SSLeay::RSA_F4), "RSA_generate_key");
+   ok(Net::SSLeay::EVP_PKEY_assign_RSA($pk,$rsa), "EVP_PKEY_assign_RSA");
+ 
+-  SKIP: 
+-  {
+-    skip 'openssl<1.1.0 required', 1 unless Net::SSLeay::SSLeay < 0x10100000
+-       or Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER");
+-    my @params = Net::SSLeay::RSA_get_key_parameters($rsa);
+-    ok(@params == 8, "RSA_get_key_parameters");
++  my @params = Net::SSLeay::RSA_get_key_parameters($rsa);
++  ok(@params == 8, "RSA_get_key_parameters");
++
++ SKIP: {
++     skip('No Crypt::OpenSSL::Bignum for additional tests', 2)
++	 unless eval {require Crypt::OpenSSL::Bignum; 1; };
++
++     # Check that the exponent is what we expect and that our calls
++     # don't clear and free the original value. See
++     # RSA_get_key_parameters in the manual for the details.
++     my $bn = Net::SSLeay::BN_dup($params[1]);
++     my $r = Crypt::OpenSSL::Bignum->bless_pointer($bn);
++     is($r->to_decimal(), Net::SSLeay::RSA_F4(), 'Crypt::OpenSSL::Bignum exponent once');
++     undef $r;
++
++     $bn = Net::SSLeay::BN_dup($params[1]);
++     $r = Crypt::OpenSSL::Bignum->bless_pointer($bn);
++     is($r->to_decimal(), Net::SSLeay::RSA_F4(), 'Crypt::OpenSSL::Bignum exponent twice');
+   }
+  
+   ok(my $x509  = Net::SSLeay::X509_new(), "X509_new");
+diff --git a/typemap b/typemap
+index 373e711..dc31c65 100644
+--- a/typemap
++++ b/typemap
+@@ -23,6 +23,7 @@ X509_NAME_ENTRY *   T_PTR
+ X509_EXTENSION *	T_PTR
+ X509_REQ *      T_PTR
+ X509_PUBKEY *   T_PTR
++const BIGNUM *        T_PTR
+ BIGNUM *        T_PTR
+ BIO *           T_PTR
+ const BIO_METHOD *    T_PTR
+-- 
+2.34.1
+

[gentoo-commits] repo/proj/libressl:master commit in: dev-perl/Net-SSLeay/, dev-perl/Net-SSLeay/files/

[orbea]

commit:     acdca69285809b17bc28ef39d42bc777967f80c5
Author:     orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sat May  6 18:34:15 2023 +0000
Commit:     orbea <orbea <AT> riseup <DOT> net>
CommitDate: Sat May  6 18:34:15 2023 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=acdca692

dev-perl/Net-SSLeay: use the ::gentoo patch

Signed-off-by: orbea <orbea <AT> riseup.net>

 dev-perl/Net-SSLeay/Net-SSLeay-1.920.0.ebuild      |  2 +-
 ...bressl.patch => Net-SSLeay-1.92-libressl.patch} | 62 ++++++++++++++++++----
 2 files changed, 53 insertions(+), 11 deletions(-)

diff --git a/dev-perl/Net-SSLeay/Net-SSLeay-1.920.0.ebuild b/dev-perl/Net-SSLeay/Net-SSLeay-1.920.0.ebuild
index ee07373..fed81d3 100644
--- a/dev-perl/Net-SSLeay/Net-SSLeay-1.920.0.ebuild
+++ b/dev-perl/Net-SSLeay/Net-SSLeay-1.920.0.ebuild
@@ -35,7 +35,7 @@ BDEPEND="${RDEPEND}
 
 PATCHES=(
 	"${FILESDIR}/${PN}-1.88-fix-network-tests.patch"
-	"${FILESDIR}/${PN}-1.920.0-libressl.patch"
+	"${FILESDIR}/${PN}-1.92-libressl.patch"
 )
 
 PERL_RM_FILES=(

diff --git a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.920.0-libressl.patch b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.92-libressl.patch
similarity index 62%
rename from dev-perl/Net-SSLeay/files/Net-SSLeay-1.920.0-libressl.patch
rename to dev-perl/Net-SSLeay/files/Net-SSLeay-1.92-libressl.patch
index eb1c331..380fd15 100644
--- a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.920.0-libressl.patch
+++ b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.92-libressl.patch
@@ -1,13 +1,56 @@
-https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/security/p5-Net-SSLeay/patches/patch-SSLeay_xs
-
-https://github.com/radiator-software/p5-net-ssleay/commit/3dd2f101b8e15a59f66e22525b8d001d5ad6ce7d
+https://bugs.gentoo.org/903001
+https://github.com/radiator-software/p5-net-ssleay/pull/360
 https://github.com/radiator-software/p5-net-ssleay/commit/4a886e06c1cac80e7fb3f8d52146a27ce557ba8c
+https://github.com/radiator-software/p5-net-ssleay/pull/362
 https://github.com/radiator-software/p5-net-ssleay/commit/88c3bbc45399c8ef2c8879aada8bfa91d8bc6c10
+https://github.com/radiator-software/p5-net-ssleay/pull/363
+https://github.com/radiator-software/p5-net-ssleay/commit/3dd2f101b8e15a59f66e22525b8d001d5ad6ce7d
+
+From 4a886e06c1cac80e7fb3f8d52146a27ce557ba8c Mon Sep 17 00:00:00 2001
+From: Alexander Bluhm <alexander.bluhm@gmx.net>
+Date: Wed, 19 Jan 2022 14:56:22 +0100
+Subject: [PATCH] Use X509_get0_tbs_sigalg() for LibreSSL. (#360)
+
+* Use X509_get0_tbs_sigalg() for LibreSSL.
+
+LibreSSL 3.5.0 has removed access to internal data structures.  Use
+X509_get0_tbs_sigalg() like in OpenSSL 1.1.
+
+* Start Changes for the next release.
+
+Co-authored-by: Heikki Vatiainen <hvn@radiatorsoftware.com>
+---
+ Changes   | 5 +++++
+ SSLeay.xs | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
 
-Index: SSLeay.xs
---- a/SSLeay.xs.orig
+From 88c3bbc45399c8ef2c8879aada8bfa91d8bc6c10 Mon Sep 17 00:00:00 2001
+From: Alexander Bluhm <alexander.bluhm@gmx.net>
+Date: Wed, 19 Jan 2022 20:38:57 +0100
+Subject: [PATCH] Use OCSP_SINGLERESP_get0_id() for LibreSSL. (#362)
+
+LibreSSL 3.5.0 has removed access to internal ocsp data structures.
+Use OCSP_SINGLERESP_get0_id() like in OpenSSL 1.1.
+---
+ SSLeay.xs | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+From 3dd2f101b8e15a59f66e22525b8d001d5ad6ce7d Mon Sep 17 00:00:00 2001
+From: Alexander Bluhm <alexander.bluhm@gmx.net>
+Date: Thu, 20 Jan 2022 19:15:27 +0100
+Subject: [PATCH] Implement RSA_get_key_parameters() for newer LibreSSL. (#363)
+
+LibreSSL 3.5.0 has removed access to internal rsa data structures.
+Use RSA_get0... functions to provide RSA_get_key_parameters().
+---
+ SSLeay.xs | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/SSLeay.xs b/SSLeay.xs
+index b0667e2..58f1716 100644
+--- a/SSLeay.xs
 +++ b/SSLeay.xs
-@@ -1914,7 +1914,7 @@ X509 * find_issuer(X509 *cert,X509_STORE *store, STACK
+@@ -1914,7 +1914,7 @@ X509 * find_issuer(X509 *cert,X509_STORE *store, STACK_OF(X509) *chain) {
      return issuer;
  }
  
@@ -16,7 +59,7 @@ Index: SSLeay.xs
  {
      return p_bn != NULL
          ? sv_2mortal(newSViv((IV) BN_dup(p_bn)))
-@@ -6283,9 +6283,29 @@ RSA_generate_key(bits,e,perl_cb=&PL_sv_undef,perl_data
+@@ -6283,8 +6283,28 @@ RSA_generate_key(bits,e,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
  void
  RSA_get_key_parameters(rsa)
  	    RSA * rsa
@@ -32,7 +75,7 @@ Index: SSLeay.xs
 +    RSA_get0_key(rsa, &n, &e, &d);
 +    RSA_get0_factors(rsa, &p, &q);
 +    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
-     /* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
++    /* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
 +    XPUSHs(bn2sv(n));
 +    XPUSHs(bn2sv(e));
 +    XPUSHs(bn2sv(d));
@@ -42,10 +85,9 @@ Index: SSLeay.xs
 +    XPUSHs(bn2sv(dmq1));
 +    XPUSHs(bn2sv(iqmp));
 +#else
-+    /* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
+     /* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
      XPUSHs(bn2sv(rsa->n));
      XPUSHs(bn2sv(rsa->e));
-     XPUSHs(bn2sv(rsa->d));
 @@ -6294,9 +6314,10 @@ PPCODE:
      XPUSHs(bn2sv(rsa->dmp1));
      XPUSHs(bn2sv(rsa->dmq1));

[gentoo-commits] repo/proj/libressl:master commit in: dev-perl/Net-SSLeay/, dev-perl/Net-SSLeay/files/

[orbea]

commit:     c01bfc815b0e60098a5f47c1b44410f8919df4bb
Author:     orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sat May  6 18:36:28 2023 +0000
Commit:     orbea <orbea <AT> riseup <DOT> net>
CommitDate: Sat May  6 18:36:28 2023 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=c01bfc81

dev-perl/Net-SSLeay: merge libressl patch

Signed-off-by: orbea <orbea <AT> riseup.net>

 dev-perl/Net-SSLeay/Net-SSLeay-1.900.0.ebuild      |   3 +-
 .../files/Net-SSLeay-1.90-libressl.patch           | 150 +++++++++++++++
 .../files/Net-SSLeay-1.900.0-libressl-3.5.0.patch  | 208 ---------------------
 .../files/Net-SSLeay-1.900.0-libressl.patch        |  24 ---
 4 files changed, 151 insertions(+), 234 deletions(-)

diff --git a/dev-perl/Net-SSLeay/Net-SSLeay-1.900.0.ebuild b/dev-perl/Net-SSLeay/Net-SSLeay-1.900.0.ebuild
index b3c6483..7986c59 100644
--- a/dev-perl/Net-SSLeay/Net-SSLeay-1.900.0.ebuild
+++ b/dev-perl/Net-SSLeay/Net-SSLeay-1.900.0.ebuild
@@ -34,8 +34,7 @@ BDEPEND="${RDEPEND}
 PATCHES=(
 	"${FILESDIR}/${PN}-1.88-fix-network-tests.patch"
 	"${FILESDIR}/${PN}-1.88-fix-libdir.patch"
-	"${FILESDIR}/${P}-libressl.patch"
-	"${FILESDIR}/${PN}-1.900.0-libressl-3.5.0.patch"
+	"${FILESDIR}/${PN}-1.90-libressl.patch"
 )
 
 PERL_RM_FILES=(

diff --git a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.90-libressl.patch b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.90-libressl.patch
new file mode 100644
index 0000000..5a253bc
--- /dev/null
+++ b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.90-libressl.patch
@@ -0,0 +1,150 @@
+https://github.com/radiator-software/p5-net-ssleay/pull/285
+https://github.com/radiator-software/p5-net-ssleay/commit/b5143eaec1a59ee948e8d2bace246bbb2440f397
+https://github.com/radiator-software/p5-net-ssleay/pull/360
+https://github.com/radiator-software/p5-net-ssleay/commit/4a886e06c1cac80e7fb3f8d52146a27ce557ba8c
+https://github.com/radiator-software/p5-net-ssleay/pull/362
+https://github.com/radiator-software/p5-net-ssleay/commit/88c3bbc45399c8ef2c8879aada8bfa91d8bc6c10
+https://github.com/radiator-software/p5-net-ssleay/pull/363
+https://github.com/radiator-software/p5-net-ssleay/commit/3dd2f101b8e15a59f66e22525b8d001d5ad6ce7d
+
+From b5143eaec1a59ee948e8d2bace246bbb2440f397 Mon Sep 17 00:00:00 2001
+From: Alexander Bluhm <alexander.bluhm@gmx.net>
+Date: Wed, 1 Sep 2021 13:06:04 +0200
+Subject: [PATCH] Use SSL_SESSION_get_master_key() for LibreSSL. (#285)
+
+Since version 2.7 LibreSSL implements SSL_SESSION_get_master_key().
+Use this instead of accessing internal struct fields.
+---
+ SSLeay.xs | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+From 4a886e06c1cac80e7fb3f8d52146a27ce557ba8c Mon Sep 17 00:00:00 2001
+From: Alexander Bluhm <alexander.bluhm@gmx.net>
+Date: Wed, 19 Jan 2022 14:56:22 +0100
+Subject: [PATCH] Use X509_get0_tbs_sigalg() for LibreSSL. (#360)
+
+* Use X509_get0_tbs_sigalg() for LibreSSL.
+
+LibreSSL 3.5.0 has removed access to internal data structures.  Use
+X509_get0_tbs_sigalg() like in OpenSSL 1.1.
+
+* Start Changes for the next release.
+
+Co-authored-by: Heikki Vatiainen <hvn@radiatorsoftware.com>
+---
+ Changes   | 5 +++++
+ SSLeay.xs | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+From 88c3bbc45399c8ef2c8879aada8bfa91d8bc6c10 Mon Sep 17 00:00:00 2001
+From: Alexander Bluhm <alexander.bluhm@gmx.net>
+Date: Wed, 19 Jan 2022 20:38:57 +0100
+Subject: [PATCH] Use OCSP_SINGLERESP_get0_id() for LibreSSL. (#362)
+
+LibreSSL 3.5.0 has removed access to internal ocsp data structures.
+Use OCSP_SINGLERESP_get0_id() like in OpenSSL 1.1.
+---
+ SSLeay.xs | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+From 3dd2f101b8e15a59f66e22525b8d001d5ad6ce7d Mon Sep 17 00:00:00 2001
+From: Alexander Bluhm <alexander.bluhm@gmx.net>
+Date: Thu, 20 Jan 2022 19:15:27 +0100
+Subject: [PATCH] Implement RSA_get_key_parameters() for newer LibreSSL. (#363)
+
+LibreSSL 3.5.0 has removed access to internal rsa data structures.
+Use RSA_get0... functions to provide RSA_get_key_parameters().
+---
+ SSLeay.xs | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/SSLeay.xs b/SSLeay.xs
+index 02b81e7..bffd72d 100644
+--- a/SSLeay.xs
++++ b/SSLeay.xs
+@@ -1759,7 +1759,7 @@ X509 * find_issuer(X509 *cert,X509_STORE *store, STACK_OF(X509) *chain) {
+     return issuer;
+ }
+ 
+-SV* bn2sv(BIGNUM* p_bn)
++SV* bn2sv(const BIGNUM* p_bn)
+ {
+     return p_bn != NULL
+         ? sv_2mortal(newSViv((IV) BN_dup(p_bn)))
+@@ -6006,8 +6006,28 @@ RSA_generate_key(bits,e,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
+ void
+ RSA_get_key_parameters(rsa)
+ 	    RSA * rsa
++PREINIT:
++#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
++    const BIGNUM *n, *e, *d;
++    const BIGNUM *p, *q;
++    const BIGNUM *dmp1, *dmq1, *iqmp;
++#endif
+ PPCODE:
+ {
++#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
++    RSA_get0_key(rsa, &n, &e, &d);
++    RSA_get0_factors(rsa, &p, &q);
++    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
++    /* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
++    XPUSHs(bn2sv(n));
++    XPUSHs(bn2sv(e));
++    XPUSHs(bn2sv(d));
++    XPUSHs(bn2sv(p));
++    XPUSHs(bn2sv(q));
++    XPUSHs(bn2sv(dmp1));
++    XPUSHs(bn2sv(dmq1));
++    XPUSHs(bn2sv(iqmp));
++#else
+     /* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
+     XPUSHs(bn2sv(rsa->n));
+     XPUSHs(bn2sv(rsa->e));
+@@ -6017,9 +6037,10 @@ PPCODE:
+     XPUSHs(bn2sv(rsa->dmp1));
+     XPUSHs(bn2sv(rsa->dmq1));
+     XPUSHs(bn2sv(rsa->iqmp));
++#endif
+ }
+ 
+-#endif
++#endif /* OpenSSL < 1.1 or LibreSSL */
+ 
+ void
+ RSA_free(r)
+@@ -6172,7 +6193,7 @@ SSL_total_renegotiations(ssl)
+   OUTPUT:
+   RETVAL
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
+ void
+ SSL_SESSION_get_master_key(s)
+      SSL_SESSION *   s
+@@ -6920,7 +6941,7 @@ ASN1_OBJECT *
+ P_X509_get_signature_alg(x)
+         X509 * x
+     CODE:
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
+         RETVAL = (X509_get0_tbs_sigalg(x)->algorithm);
+ #else
+         RETVAL = (x->cert_info->signature->algorithm);
+@@ -7412,7 +7433,7 @@ OCSP_response_results(rsp,...)
+ 		if (!idsv) {
+ 		    /* getall: create new SV with OCSP_CERTID */
+ 		    unsigned char *pi,*pc;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
++#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
+ 		    int len = i2d_OCSP_CERTID(OCSP_SINGLERESP_get0_id(sir),NULL);
+ #else
+ 		    int len = i2d_OCSP_CERTID(sir->certId,NULL);
+@@ -7421,7 +7442,7 @@ OCSP_response_results(rsp,...)
+ 		    Newx(pc,len,unsigned char);
+ 		    if (!pc) croak("out of memory");
+ 		    pi = pc;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
++#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
+ 		    i2d_OCSP_CERTID(OCSP_SINGLERESP_get0_id(sir),&pi);
+ #else
+ 		    i2d_OCSP_CERTID(sir->certId,&pi);

diff --git a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.900.0-libressl-3.5.0.patch b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.900.0-libressl-3.5.0.patch
deleted file mode 100644
index 50375e1..0000000
--- a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.900.0-libressl-3.5.0.patch
+++ /dev/null
@@ -1,208 +0,0 @@
-From 783bb4e1ec594febf8e44274d7878002ab32f247 Mon Sep 17 00:00:00 2001
-From: Mike Skec <skec@protonmail.ch>
-Date: Sat, 12 Mar 2022 09:02:01 +1100
-Subject: [PATCH] apply various upstream patches for better LibreSSL support.
-
-Merges the following commits from upstream (these should be present in
-the next release of Net-SSLeay):
- Use X509_get0_tbs_sigalg() for LibreSSL. (#360)
-  https://github.com/radiator-software/p5-net-ssleay/commit/4a886e06c1cac80e7fb3f8d52146a27ce557ba8c
- Use OCSP_SINGLERESP_get0_id() for LibreSSL. (#362) 
-  https://github.com/radiator-software/p5-net-ssleay/commit/88c3bbc45399c8ef2c8879aada8bfa91d8bc6c10
- Implement RSA_get_key_parameters() for newer LibreSSL. (#363) 
-  https://github.com/radiator-software/p5-net-ssleay/commit/3dd2f101b8e15a59f66e22525b8d001d5ad6ce7d
- Enable SSL get proto version for LibreSSL. (#364)
-  https://github.com/radiator-software/p5-net-ssleay/commit/6c5da5b3a4b48d365adc4aca2fbb043416b3b288
- GH-369 Make RSA_get_key_parameters available with OpenSSL 1.1.0 and later.
-  https://github.com/radiator-software/p5-net-ssleay/commit/7ff8f49b07301a5c804e3ac69dc3079200ac09a4
----
- SSLeay.xs                     | 51 +++++++++++++++++++++++++++--------
- t/local/33_x509_create_cert.t | 26 +++++++++++++-----
- typemap                       |  1 +
- 3 files changed, 60 insertions(+), 18 deletions(-)
-
-diff --git a/SSLeay.xs b/SSLeay.xs
-index bfd6320..14c39ee 100644
---- a/SSLeay.xs
-+++ b/SSLeay.xs
-@@ -1759,10 +1759,10 @@ X509 * find_issuer(X509 *cert,X509_STORE *store, STACK_OF(X509) *chain) {
-     return issuer;
- }
- 
--SV* bn2sv(BIGNUM* p_bn)
-+static SV *bn2sv(const BIGNUM* p_bn)
- {
-     return p_bn != NULL
--        ? sv_2mortal(newSViv((IV) BN_dup(p_bn)))
-+        ? sv_2mortal(newSViv(PTR2IV(BN_dup(p_bn))))
-         : &PL_sv_undef;
- }
- 
-@@ -4884,7 +4884,7 @@ SSL_set_max_proto_version(ssl, version)
- #endif /* OpenSSL 1.1.0-pre2 or LibreSSL 2.6.0 */
- 
- 
--#if OPENSSL_VERSION_NUMBER >= 0x1010007fL && !defined(LIBRESSL_VERSION_NUMBER)
-+#if (OPENSSL_VERSION_NUMBER >= 0x1010007fL && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3040000fL)
- 
- int
- SSL_CTX_get_min_proto_version(ctx)
-@@ -4902,7 +4902,7 @@ int
- SSL_get_max_proto_version(ssl)
-      SSL *  ssl
- 
--#endif /* OpenSSL 1.1.0g */
-+#endif /* OpenSSL 1.1.0g or LibreSSL 3.4.0 */
- 
- 
- #if OPENSSL_VERSION_NUMBER < 0x10000000L
-@@ -5922,6 +5922,18 @@ SSL_set_tmp_rsa(ssl,rsa)
- 
- #endif
- 
-+BIGNUM *
-+BN_dup(const BIGNUM *from)
-+
-+void
-+BN_clear(BIGNUM *bn)
-+
-+void
-+BN_clear_free(BIGNUM *bn)
-+
-+void
-+BN_free(BIGNUM *bn)
-+
- #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
- 
- RSA *
-@@ -6001,13 +6013,31 @@ RSA_generate_key(bits,e,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
- 
- #endif
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
--
- void
- RSA_get_key_parameters(rsa)
- 	    RSA * rsa
-+PREINIT:
-+#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL)) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL))
-+    const BIGNUM *n, *e, *d;
-+    const BIGNUM *p, *q;
-+    const BIGNUM *dmp1, *dmq1, *iqmp;
-+#endif
- PPCODE:
- {
-+#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL)) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL))
-+    RSA_get0_key(rsa, &n, &e, &d);
-+    RSA_get0_factors(rsa, &p, &q);
-+    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
-+    /* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
-+    XPUSHs(bn2sv(n));
-+    XPUSHs(bn2sv(e));
-+    XPUSHs(bn2sv(d));
-+    XPUSHs(bn2sv(p));
-+    XPUSHs(bn2sv(q));
-+    XPUSHs(bn2sv(dmp1));
-+    XPUSHs(bn2sv(dmq1));
-+    XPUSHs(bn2sv(iqmp));
-+#else
-     /* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
-     XPUSHs(bn2sv(rsa->n));
-     XPUSHs(bn2sv(rsa->e));
-@@ -6017,9 +6047,8 @@ PPCODE:
-     XPUSHs(bn2sv(rsa->dmp1));
-     XPUSHs(bn2sv(rsa->dmq1));
-     XPUSHs(bn2sv(rsa->iqmp));
--}
--
- #endif
-+}
- 
- void
- RSA_free(r)
-@@ -6920,7 +6949,7 @@ ASN1_OBJECT *
- P_X509_get_signature_alg(x)
-         X509 * x
-     CODE:
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
-         RETVAL = (X509_get0_tbs_sigalg(x)->algorithm);
- #else
-         RETVAL = (x->cert_info->signature->algorithm);
-@@ -7412,7 +7441,7 @@ OCSP_response_results(rsp,...)
- 		if (!idsv) {
- 		    /* getall: create new SV with OCSP_CERTID */
- 		    unsigned char *pi,*pc;
--#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
- 		    int len = i2d_OCSP_CERTID(OCSP_SINGLERESP_get0_id(sir),NULL);
- #else
- 		    int len = i2d_OCSP_CERTID(sir->certId,NULL);
-@@ -7421,7 +7450,7 @@ OCSP_response_results(rsp,...)
- 		    Newx(pc,len,unsigned char);
- 		    if (!pc) croak("out of memory");
- 		    pi = pc;
--#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
- 		    i2d_OCSP_CERTID(OCSP_SINGLERESP_get0_id(sir),&pi);
- #else
- 		    i2d_OCSP_CERTID(sir->certId,&pi);
-diff --git a/t/local/33_x509_create_cert.t b/t/local/33_x509_create_cert.t
-index 3c5a2e8..3666095 100755
---- a/t/local/33_x509_create_cert.t
-+++ b/t/local/33_x509_create_cert.t
-@@ -5,7 +5,7 @@ use Test::Net::SSLeay qw( data_file_path initialise_libssl is_openssl );
- 
- use utf8;
- 
--plan tests => 139;
-+plan tests => 141;
- 
- initialise_libssl();
- 
-@@ -27,12 +27,24 @@ is(Net::SSLeay::X509_NAME_cmp($ca_issuer, $ca_subject), 0, "X509_NAME_cmp");
-   ok(my $rsa = Net::SSLeay::RSA_generate_key(2048, &Net::SSLeay::RSA_F4), "RSA_generate_key");
-   ok(Net::SSLeay::EVP_PKEY_assign_RSA($pk,$rsa), "EVP_PKEY_assign_RSA");
- 
--  SKIP: 
--  {
--    skip 'openssl<1.1.0 required', 1 unless Net::SSLeay::SSLeay < 0x10100000
--       or Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER");
--    my @params = Net::SSLeay::RSA_get_key_parameters($rsa);
--    ok(@params == 8, "RSA_get_key_parameters");
-+  my @params = Net::SSLeay::RSA_get_key_parameters($rsa);
-+  ok(@params == 8, "RSA_get_key_parameters");
-+
-+ SKIP: {
-+     skip('No Crypt::OpenSSL::Bignum for additional tests', 2)
-+	 unless eval {require Crypt::OpenSSL::Bignum; 1; };
-+
-+     # Check that the exponent is what we expect and that our calls
-+     # don't clear and free the original value. See
-+     # RSA_get_key_parameters in the manual for the details.
-+     my $bn = Net::SSLeay::BN_dup($params[1]);
-+     my $r = Crypt::OpenSSL::Bignum->bless_pointer($bn);
-+     is($r->to_decimal(), Net::SSLeay::RSA_F4(), 'Crypt::OpenSSL::Bignum exponent once');
-+     undef $r;
-+
-+     $bn = Net::SSLeay::BN_dup($params[1]);
-+     $r = Crypt::OpenSSL::Bignum->bless_pointer($bn);
-+     is($r->to_decimal(), Net::SSLeay::RSA_F4(), 'Crypt::OpenSSL::Bignum exponent twice');
-   }
-  
-   ok(my $x509  = Net::SSLeay::X509_new(), "X509_new");
-diff --git a/typemap b/typemap
-index 373e711..dc31c65 100644
---- a/typemap
-+++ b/typemap
-@@ -23,6 +23,7 @@ X509_NAME_ENTRY *   T_PTR
- X509_EXTENSION *	T_PTR
- X509_REQ *      T_PTR
- X509_PUBKEY *   T_PTR
-+const BIGNUM *        T_PTR
- BIGNUM *        T_PTR
- BIO *           T_PTR
- const BIO_METHOD *    T_PTR
--- 
-2.34.1
-

diff --git a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.900.0-libressl.patch b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.900.0-libressl.patch
deleted file mode 100644
index dc5b69c..0000000
--- a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.900.0-libressl.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 3cea3697bfc75ab3e5f4725eb1588ed9c4bff27a Mon Sep 17 00:00:00 2001
-From: Alexander Bluhm <alexander.bluhm@gmx.net>
-Date: Mon, 30 Aug 2021 21:31:20 +0200
-Subject: [PATCH] Use SSL_SESSION_get_master_key() for LibreSSL.
-
-Since version 2.7 LibreSSL implements SSL_SESSION_get_master_key().
-Use this instead of accessing internal struct fields.
----
- SSLeay.xs | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/SSLeay.xs b/SSLeay.xs
-index c2257fa..5377ba6 100644
---- a/SSLeay.xs
-+++ b/SSLeay.xs
-@@ -6281,7 +6281,7 @@ SSL_total_renegotiations(ssl)
-   OUTPUT:
-   RETVAL
- 
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
- void
- SSL_SESSION_get_master_key(s)
-      SSL_SESSION *   s

[gentoo-commits] repo/proj/libressl:master commit in: dev-perl/Net-SSLeay/, dev-perl/Net-SSLeay/files/

[orbea]

commit:     02be6afe98da744f31bd3bb184ee2d47737e39b6
Author:     orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Wed Jun 21 13:19:31 2023 +0000
Commit:     orbea <orbea <AT> riseup <DOT> net>
CommitDate: Wed Jun 21 13:19:31 2023 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=02be6afe

dev-perl/Net-SSLeay: use gentoo libressl patch

Signed-off-by: orbea <orbea <AT> riseup.net>

 dev-perl/Net-SSLeay/Net-SSLeay-1.920.0.ebuild      |  1 -
 .../files/Net-SSLeay-1.92-libressl.patch           | 45 ++++++++++++++++++----
 2 files changed, 37 insertions(+), 9 deletions(-)

diff --git a/dev-perl/Net-SSLeay/Net-SSLeay-1.920.0.ebuild b/dev-perl/Net-SSLeay/Net-SSLeay-1.920.0.ebuild
index 9ee02cd..c66c67f 100644
--- a/dev-perl/Net-SSLeay/Net-SSLeay-1.920.0.ebuild
+++ b/dev-perl/Net-SSLeay/Net-SSLeay-1.920.0.ebuild
@@ -36,7 +36,6 @@ BDEPEND="${RDEPEND}
 PATCHES=(
 	"${FILESDIR}/${PN}-1.88-fix-network-tests.patch"
 	"${FILESDIR}/${PN}-1.92-libressl.patch" #903001
-	"${FILESDIR}/${PN}-1.92-libressl-3.8.0.patch"
 )
 
 PERL_RM_FILES=(

diff --git a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.92-libressl.patch b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.92-libressl.patch
index 380fd15..f3e1b4a 100644
--- a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.92-libressl.patch
+++ b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.92-libressl.patch
@@ -5,6 +5,9 @@ https://github.com/radiator-software/p5-net-ssleay/pull/362
 https://github.com/radiator-software/p5-net-ssleay/commit/88c3bbc45399c8ef2c8879aada8bfa91d8bc6c10
 https://github.com/radiator-software/p5-net-ssleay/pull/363
 https://github.com/radiator-software/p5-net-ssleay/commit/3dd2f101b8e15a59f66e22525b8d001d5ad6ce7d
+https://github.com/radiator-software/p5-net-ssleay/pull/434
+https://github.com/radiator-software/p5-net-ssleay/pull/435
+https://github.com/radiator-software/p5-net-ssleay/commit/fe9e49d220fa424c55fc436303b24f5bddae0b8d
 
 From 4a886e06c1cac80e7fb3f8d52146a27ce557ba8c Mon Sep 17 00:00:00 2001
 From: Alexander Bluhm <alexander.bluhm@gmx.net>
@@ -46,14 +49,24 @@ Use RSA_get0... functions to provide RSA_get_key_parameters().
  SSLeay.xs | 25 +++++++++++++++++++++++--
  1 file changed, 23 insertions(+), 2 deletions(-)
 
-diff --git a/SSLeay.xs b/SSLeay.xs
-index b0667e2..58f1716 100644
+From fe9e49d220fa424c55fc436303b24f5bddae0b8d Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Mon, 29 May 2023 10:16:33 -0700
+Subject: [PATCH] SSLeay.xs: Disable Policy Tree API for LibreSSL 3.8 and later
+
+This is taken from the OpenBSD ports tree.
+
+https://github.com/openbsd/ports/commit/f6567f938c9bd51bfd99f8426eba6a1590cc6384
+---
+ SSLeay.xs | 2 ++
+ 1 file changed, 2 insertions(+)
+
 --- a/SSLeay.xs
 +++ b/SSLeay.xs
 @@ -1914,7 +1914,7 @@ X509 * find_issuer(X509 *cert,X509_STORE *store, STACK_OF(X509) *chain) {
      return issuer;
  }
- 
+
 -SV* bn2sv(BIGNUM* p_bn)
 +SV* bn2sv(const BIGNUM* p_bn)
  {
@@ -94,13 +107,29 @@ index b0667e2..58f1716 100644
      XPUSHs(bn2sv(rsa->iqmp));
 +#endif
  }
- 
+
 -#endif
 +#endif /* OpenSSL < 1.1 or LibreSSL */
- 
+
  void
  RSA_free(r)
-@@ -7197,7 +7218,7 @@ ASN1_OBJECT *
+@@ -7010,6 +7031,7 @@ X509_VERIFY_PARAM_get0_peername(param)
+
+ #endif /* OpenSSL 1.0.2-beta2, LibreSSL 2.7.0 */
+
++#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER < 0x3080000fL) /* LibreSSL < 3.8.0 */
+ void
+ X509_policy_tree_free(tree)
+     X509_POLICY_TREE *tree
+@@ -7052,6 +7074,7 @@ const X509_POLICY_NODE *
+ X509_policy_node_get0_parent(node)
+     const X509_POLICY_NODE *node
+
++#endif /* !(LibreSSL >= 3.7.0) */
+ #endif
+
+ ASN1_OBJECT *
+@@ -7197,7 +7220,7 @@ ASN1_OBJECT *
  P_X509_get_signature_alg(x)
          X509 * x
      CODE:
@@ -109,7 +138,7 @@ index b0667e2..58f1716 100644
          RETVAL = (X509_get0_tbs_sigalg(x)->algorithm);
  #else
          RETVAL = (x->cert_info->signature->algorithm);
-@@ -7690,7 +7711,7 @@ OCSP_response_results(rsp,...)
+@@ -7690,7 +7713,7 @@ OCSP_response_results(rsp,...)
  		if (!idsv) {
  		    /* getall: create new SV with OCSP_CERTID */
  		    unsigned char *pi,*pc;
@@ -118,7 +147,7 @@ index b0667e2..58f1716 100644
  		    int len = i2d_OCSP_CERTID((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sir),NULL);
  #else
  		    int len = i2d_OCSP_CERTID(sir->certId,NULL);
-@@ -7699,7 +7720,7 @@ OCSP_response_results(rsp,...)
+@@ -7699,7 +7722,7 @@ OCSP_response_results(rsp,...)
  		    Newx(pc,len,unsigned char);
  		    if (!pc) croak("out of memory");
  		    pi = pc;

[gentoo-commits] repo/proj/libressl:master commit in: dev-perl/Net-SSLeay/, dev-perl/Net-SSLeay/files/

[orbea]

commit:     4d88bd03d8589c6ad3b78ecec0087af4bd16792b
Author:     orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Thu Aug  1 18:09:53 2024 +0000
Commit:     orbea <orbea <AT> riseup <DOT> net>
CommitDate: Thu Aug  1 18:09:53 2024 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=4d88bd03

dev-perl/Net-SSLeay: sync ::gentoo

Signed-off-by: orbea <orbea <AT> riseup.net>

 dev-perl/Net-SSLeay/Net-SSLeay-1.940.0.ebuild      |   1 +
 .../files/Net-SSLeay-1.90-libressl.patch           | 150 ---------------------
 .../Net-SSLeay-1.940.0-avoid-runtime-check.patch   |  26 ++++
 3 files changed, 27 insertions(+), 150 deletions(-)

diff --git a/dev-perl/Net-SSLeay/Net-SSLeay-1.940.0.ebuild b/dev-perl/Net-SSLeay/Net-SSLeay-1.940.0.ebuild
index d3214f5..c11bb15 100644
--- a/dev-perl/Net-SSLeay/Net-SSLeay-1.940.0.ebuild
+++ b/dev-perl/Net-SSLeay/Net-SSLeay-1.940.0.ebuild
@@ -36,6 +36,7 @@ BDEPEND="
 
 PATCHES=(
 	"${FILESDIR}/${PN}-1.88-fix-network-tests.patch"
+	"${FILESDIR}/${PN}-1.940.0-avoid-runtime-check.patch"
 	"${FILESDIR}/${PN}-1.94-libressl.patch" #903001
 )
 

diff --git a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.90-libressl.patch b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.90-libressl.patch
deleted file mode 100644
index 5a253bc..0000000
--- a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.90-libressl.patch
+++ /dev/null
@@ -1,150 +0,0 @@
-https://github.com/radiator-software/p5-net-ssleay/pull/285
-https://github.com/radiator-software/p5-net-ssleay/commit/b5143eaec1a59ee948e8d2bace246bbb2440f397
-https://github.com/radiator-software/p5-net-ssleay/pull/360
-https://github.com/radiator-software/p5-net-ssleay/commit/4a886e06c1cac80e7fb3f8d52146a27ce557ba8c
-https://github.com/radiator-software/p5-net-ssleay/pull/362
-https://github.com/radiator-software/p5-net-ssleay/commit/88c3bbc45399c8ef2c8879aada8bfa91d8bc6c10
-https://github.com/radiator-software/p5-net-ssleay/pull/363
-https://github.com/radiator-software/p5-net-ssleay/commit/3dd2f101b8e15a59f66e22525b8d001d5ad6ce7d
-
-From b5143eaec1a59ee948e8d2bace246bbb2440f397 Mon Sep 17 00:00:00 2001
-From: Alexander Bluhm <alexander.bluhm@gmx.net>
-Date: Wed, 1 Sep 2021 13:06:04 +0200
-Subject: [PATCH] Use SSL_SESSION_get_master_key() for LibreSSL. (#285)
-
-Since version 2.7 LibreSSL implements SSL_SESSION_get_master_key().
-Use this instead of accessing internal struct fields.
----
- SSLeay.xs | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-From 4a886e06c1cac80e7fb3f8d52146a27ce557ba8c Mon Sep 17 00:00:00 2001
-From: Alexander Bluhm <alexander.bluhm@gmx.net>
-Date: Wed, 19 Jan 2022 14:56:22 +0100
-Subject: [PATCH] Use X509_get0_tbs_sigalg() for LibreSSL. (#360)
-
-* Use X509_get0_tbs_sigalg() for LibreSSL.
-
-LibreSSL 3.5.0 has removed access to internal data structures.  Use
-X509_get0_tbs_sigalg() like in OpenSSL 1.1.
-
-* Start Changes for the next release.
-
-Co-authored-by: Heikki Vatiainen <hvn@radiatorsoftware.com>
----
- Changes   | 5 +++++
- SSLeay.xs | 2 +-
- 2 files changed, 6 insertions(+), 1 deletion(-)
-
-From 88c3bbc45399c8ef2c8879aada8bfa91d8bc6c10 Mon Sep 17 00:00:00 2001
-From: Alexander Bluhm <alexander.bluhm@gmx.net>
-Date: Wed, 19 Jan 2022 20:38:57 +0100
-Subject: [PATCH] Use OCSP_SINGLERESP_get0_id() for LibreSSL. (#362)
-
-LibreSSL 3.5.0 has removed access to internal ocsp data structures.
-Use OCSP_SINGLERESP_get0_id() like in OpenSSL 1.1.
----
- SSLeay.xs | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-From 3dd2f101b8e15a59f66e22525b8d001d5ad6ce7d Mon Sep 17 00:00:00 2001
-From: Alexander Bluhm <alexander.bluhm@gmx.net>
-Date: Thu, 20 Jan 2022 19:15:27 +0100
-Subject: [PATCH] Implement RSA_get_key_parameters() for newer LibreSSL. (#363)
-
-LibreSSL 3.5.0 has removed access to internal rsa data structures.
-Use RSA_get0... functions to provide RSA_get_key_parameters().
----
- SSLeay.xs | 25 +++++++++++++++++++++++--
- 1 file changed, 23 insertions(+), 2 deletions(-)
-
-diff --git a/SSLeay.xs b/SSLeay.xs
-index 02b81e7..bffd72d 100644
---- a/SSLeay.xs
-+++ b/SSLeay.xs
-@@ -1759,7 +1759,7 @@ X509 * find_issuer(X509 *cert,X509_STORE *store, STACK_OF(X509) *chain) {
-     return issuer;
- }
- 
--SV* bn2sv(BIGNUM* p_bn)
-+SV* bn2sv(const BIGNUM* p_bn)
- {
-     return p_bn != NULL
-         ? sv_2mortal(newSViv((IV) BN_dup(p_bn)))
-@@ -6006,8 +6006,28 @@ RSA_generate_key(bits,e,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
- void
- RSA_get_key_parameters(rsa)
- 	    RSA * rsa
-+PREINIT:
-+#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
-+    const BIGNUM *n, *e, *d;
-+    const BIGNUM *p, *q;
-+    const BIGNUM *dmp1, *dmq1, *iqmp;
-+#endif
- PPCODE:
- {
-+#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
-+    RSA_get0_key(rsa, &n, &e, &d);
-+    RSA_get0_factors(rsa, &p, &q);
-+    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
-+    /* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
-+    XPUSHs(bn2sv(n));
-+    XPUSHs(bn2sv(e));
-+    XPUSHs(bn2sv(d));
-+    XPUSHs(bn2sv(p));
-+    XPUSHs(bn2sv(q));
-+    XPUSHs(bn2sv(dmp1));
-+    XPUSHs(bn2sv(dmq1));
-+    XPUSHs(bn2sv(iqmp));
-+#else
-     /* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
-     XPUSHs(bn2sv(rsa->n));
-     XPUSHs(bn2sv(rsa->e));
-@@ -6017,9 +6037,10 @@ PPCODE:
-     XPUSHs(bn2sv(rsa->dmp1));
-     XPUSHs(bn2sv(rsa->dmq1));
-     XPUSHs(bn2sv(rsa->iqmp));
-+#endif
- }
- 
--#endif
-+#endif /* OpenSSL < 1.1 or LibreSSL */
- 
- void
- RSA_free(r)
-@@ -6172,7 +6193,7 @@ SSL_total_renegotiations(ssl)
-   OUTPUT:
-   RETVAL
- 
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
- void
- SSL_SESSION_get_master_key(s)
-      SSL_SESSION *   s
-@@ -6920,7 +6941,7 @@ ASN1_OBJECT *
- P_X509_get_signature_alg(x)
-         X509 * x
-     CODE:
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
-         RETVAL = (X509_get0_tbs_sigalg(x)->algorithm);
- #else
-         RETVAL = (x->cert_info->signature->algorithm);
-@@ -7412,7 +7433,7 @@ OCSP_response_results(rsp,...)
- 		if (!idsv) {
- 		    /* getall: create new SV with OCSP_CERTID */
- 		    unsigned char *pi,*pc;
--#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
- 		    int len = i2d_OCSP_CERTID(OCSP_SINGLERESP_get0_id(sir),NULL);
- #else
- 		    int len = i2d_OCSP_CERTID(sir->certId,NULL);
-@@ -7421,7 +7442,7 @@ OCSP_response_results(rsp,...)
- 		    Newx(pc,len,unsigned char);
- 		    if (!pc) croak("out of memory");
- 		    pi = pc;
--#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
- 		    i2d_OCSP_CERTID(OCSP_SINGLERESP_get0_id(sir),&pi);
- #else
- 		    i2d_OCSP_CERTID(sir->certId,&pi);

diff --git a/dev-perl/Net-SSLeay/files/Net-SSLeay-1.940.0-avoid-runtime-check.patch b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.940.0-avoid-runtime-check.patch
new file mode 100644
index 0000000..ed60190
--- /dev/null
+++ b/dev-perl/Net-SSLeay/files/Net-SSLeay-1.940.0-avoid-runtime-check.patch
@@ -0,0 +1,26 @@
+From 5219e8c5181b3a819b89032766340d5c1b11c3c5 Mon Sep 17 00:00:00 2001
+From: Luca Barbato <lu_zero@gentoo.org>
+Date: Sat, 29 Jun 2024 21:10:06 +0200
+Subject: [PATCH] Remove the runtime check
+
+Makes simpler to cross-build. At least for Gentoo it is fine since we
+control the versions on our own.
+---
+ Makefile.PL | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/Makefile.PL b/Makefile.PL
+index 94c72f2..d4b1aea 100644
+--- a/Makefile.PL
++++ b/Makefile.PL
+@@ -196,7 +196,6 @@ EOM
+         exit MISSING_PREREQ;
+     }
+ 
+-    check_openssl_version($prefix, $exec);
+     my %args = (
+         CCCDLFLAGS => $opts->{cccdlflags},
+         OPTIMIZE => $opts->{optimize},
+-- 
+2.45.2
+