* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/files/, net-libs/gnutls/
@ 2016-05-09 18:29 Alon Bar-Lev
0 siblings, 0 replies; 12+ messages in thread
From: Alon Bar-Lev @ 2016-05-09 18:29 UTC (permalink / raw
To: gentoo-commits
commit: 7557fe901507a5a3b8ccd405cd4d785ce30a4e22
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Mon May 9 18:28:51 2016 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Mon May 9 18:29:10 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7557fe90
net-libs/gnutls: version bump
Package-Manager: portage-2.2.26
net-libs/gnutls/Manifest | 1 +
net-libs/gnutls/files/gnutls-3.5.0-build.patch | 26 +++++
net-libs/gnutls/gnutls-3.5.0.ebuild | 133 +++++++++++++++++++++++++
3 files changed, 160 insertions(+)
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index 28ed5d9..a43b0a9 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -11,3 +11,4 @@ DIST gnutls-3.4.6.tar.xz 6591628 SHA256 feb559ed7fffa24d5aa40527054fae5cb7f7b66e
DIST gnutls-3.4.7.tar.xz 6613096 SHA256 c1be9e4b30295d7b5f96fa332c6a908e6fa2254377b67811301fca92eb882e5a SHA512 fdfca4c37292ee07d2d1e398380afe79a20f56040a7c84deb7a5b5221f3bcb4080471b9644c7f2bacb42247c3cc62e32a511f1e2ec6e31c15d9b08b20e8050b6 WHIRLPOOL b56e54c13c33fd74076caf29062cb0c6b38afecfe044a6d7db9b3eef3379a133fb327527ddf07c333783266f00b970aec33b2bb2a21e8b35ceaee0d934456aee
DIST gnutls-3.4.8.tar.xz 6631528 SHA256 e07c05dea525c6bf0dd8017fc5b89d886954f04fedf457ecd1ce488ac3b86ab7 SHA512 b3b445ecbd8eae312183eee4f5087a33011236061fe1fe1f0db20239c4e281f5cacd818d62a992ef3011eb9fdc8459d0ed6faca6ea55012b152b5ac5907648bc WHIRLPOOL 97fc97a9f15b51ca91a06cc745397447a7f6b1d986f44f227d0e1aa970f48ca269c8527ff7320f072f555fcd7a1b34dfe115123e96bf45884c2e5357e02c9021
DIST gnutls-3.4.9.tar.xz 6627640 SHA256 48594fadba33d450f796ec69526cf2bce6ff9bc3dc90fbd7bf38dc3601f57c3f SHA512 3ec5349f1418bf9f8ac492e93d2e8967c2011f9aaea262e0acb40db124ec19c269a9de49b1c9c994e9039929cd03d75f77a40580a1d7eb4b3db0e1d2b9d40f86 WHIRLPOOL 9b440e33a20e76c5fa9d9252136c5667562681d6e28e0c182d3befdf49abb753b9aab2193774334b5570aec0b58961193f27f2395898ba6664cb2749dd8c344e
+DIST gnutls-3.5.0.tar.xz 6716848 SHA256 fc6b3b544d411e6ca54dd6167541770559070ea15e6868946cf56a621d58ae25 SHA512 0b53b8084972e9b47e71c47ca9a42d0413c781641f4da640a1016aa0c1a736863a57eadbd9bb81248d3fdf723796edbb1424b14f9846b2300ad7650925f2ac27 WHIRLPOOL 0f1b3e07f94f101b004ecb1024424a10826d32bab0168076e412cd8d3881af8d77b440395b1811a910188d950ed71a2eb13e87dae029ee4c8c461a3d71077ba3
diff --git a/net-libs/gnutls/files/gnutls-3.5.0-build.patch b/net-libs/gnutls/files/gnutls-3.5.0-build.patch
new file mode 100644
index 0000000..3e0ca33
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.5.0-build.patch
@@ -0,0 +1,26 @@
+diff --git a/extra/openssl_compat.c b/extra/openssl_compat.c
+index 399df90..4cee4cd 100644
+--- a/extra/openssl_compat.c
++++ b/extra/openssl_compat.c
+@@ -26,8 +26,6 @@
+
+ #include "gnutls_int.h"
+
+-#include <gnutls_global.h>
+-#include <gnutls_errors.h>
+ #include <string.h> /* memset */
+ #include <x509/x509_int.h>
+ #include <libtasn1.h>
+diff --git a/tests/windows/cng-windows.c b/tests/windows/cng-windows.c
+index f435afb..e92f7b0 100644
+--- a/tests/windows/cng-windows.c
++++ b/tests/windows/cng-windows.c
+@@ -31,6 +31,8 @@
+
+ #ifndef _WIN32
+
++#include <stdlib.h>
++
+ void doit()
+ {
+ exit(77);
diff --git a/net-libs/gnutls/gnutls-3.5.0.ebuild b/net-libs/gnutls/gnutls-3.5.0.ebuild
new file mode 100644
index 0000000..0f42068
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.5.0.ebuild
@@ -0,0 +1,133 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit autotools libtool eutils multilib-minimal versionator
+
+DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
+
+# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library.
+# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled.
+LICENSE="GPL-3 LGPL-3"
+SLOT="0/30" # libgnutls.so number
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
+IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
+IUSE="+cxx dane doc examples guile nls +openssl pkcs11 static-libs test +tools zlib ${IUSE_LINGUAS// / linguas_}"
+# heartbeat support is not disabled until re-licensing happens fullyf
+
+# NOTICE: sys-devel/autogen is required at runtime as we
+# use system libopts
+RDEPEND=">=dev-libs/libtasn1-4.3[${MULTILIB_USEDEP}]
+ >=dev-libs/nettle-3.1:=[gmp,${MULTILIB_USEDEP}]
+ >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}]
+ tools? ( sys-devel/autogen )
+ dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
+ guile? ( >=dev-scheme/guile-1.8:*[networking] )
+ nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+ pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${RDEPEND}
+ >=sys-devel/automake-1.11.6
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+ doc? (
+ sys-apps/texinfo
+ dev-util/gtk-doc
+ )
+ nls? ( sys-devel/gettext )
+ test? ( app-misc/datefudge )"
+
+DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
+
+PATCHES=(
+ "${FILESDIR}/${P}-build.patch"
+)
+
+pkg_setup() {
+ # bug#520818
+ export TZ=UTC
+}
+
+src_prepare() {
+ default
+
+ sed -i \
+ -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
+ doc/Makefile.am || die
+
+ # force regeneration of autogen-ed files
+ local file
+ for file in $(grep -l AutoGen-ed src/*.c) ; do
+ rm src/$(basename ${file} .c).{c,h} || die
+ done
+
+ # force regeneration of makeinfo files
+ # have no idea why on some system these files are not
+ # accepted as-is, see bug#520818
+ for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
+ rm "${file}" || die
+ done
+
+ eautoreconf
+
+ # Use sane .so versioning on FreeBSD.
+ elibtoolize
+
+ # bug 497472
+ use cxx || epunt_cxx
+}
+
+multilib_src_configure() {
+ LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+ # TPM needs to be tested before being enabled
+ # hardware-accell is disabled on OSX because the asm files force
+ # GNU-stack (as doesn't support that) and when that's removed ld
+ # complains about duplicate symbols
+ ECONF_SOURCE=${S} \
+ econf \
+ --disable-valgrind-tests \
+ --without-included-libtasn1 \
+ --enable-heartbeat-support \
+ $(use_enable cxx) \
+ $(use_enable dane libdane) \
+ $(multilib_native_enable manpages) \
+ $(multilib_native_use_enable tools) \
+ $(multilib_native_use_enable doc) \
+ $(multilib_native_use_enable doc gtk-doc) \
+ $(multilib_native_use_enable guile) \
+ $(multilib_native_use_enable test tests) \
+ $(use_enable nls) \
+ $(use_enable openssl openssl-compatibility) \
+ $(use_enable static-libs static) \
+ $(use_with pkcs11 p11-kit) \
+ $(use_with zlib) \
+ --without-tpm \
+ --with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
+ $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ dodoc doc/certtool.cfg
+
+ if use doc; then
+ dohtml doc/gnutls.html
+ else
+ rm -fr "${ED}/usr/share/doc/${PF}/html"
+ fi
+
+ if use examples; then
+ docinto examples
+ dodoc doc/examples/*.c
+ fi
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/files/, net-libs/gnutls/
@ 2016-06-14 15:46 Alon Bar-Lev
0 siblings, 0 replies; 12+ messages in thread
From: Alon Bar-Lev @ 2016-06-14 15:46 UTC (permalink / raw
To: gentoo-commits
commit: fdcd9ebb6521d41c0b95602b559c81983695de64
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 14 15:46:24 2016 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Tue Jun 14 15:46:24 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fdcd9ebb
net-libs/gnutls: version bump
Package-Manager: portage-2.2.28
net-libs/gnutls/Manifest | 1 +
net-libs/gnutls/files/gnutls-3.5.0-build.patch | 26 -----
net-libs/gnutls/gnutls-3.5.1.ebuild | 127 +++++++++++++++++++++++++
3 files changed, 128 insertions(+), 26 deletions(-)
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index 11eb943..8f7713e 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -2,3 +2,4 @@ DIST gnutls-3.3.17.1.tar.xz 6339588 SHA256 b40f158030a92f450a07b20300a3996710ca1
DIST gnutls-3.3.23.tar.xz 6304332 SHA256 f53453857e369d66d665c40389201c0b9dacb7ccda560fd21b20b798687a4239 SHA512 5c2e93ddbff3ca2fc5f8fca8eeaef363bf8fe0f5dce2f4a9448e3235c930baa09d59a456a019283a451d19e0497d3ae645786080aa31febc7f1bcd71c6de1e09 WHIRLPOOL fa082db1933eefc7e061dc7f7e6584d03920f40584865e2983250097db9acea0e6d0c075e8207a2e5b96e37ae77db2b91bcf21e97cc7dfdec0744904de4b5866
DIST gnutls-3.4.13.tar.xz 6670508 SHA256 fd3386e8e72725980bcd7f40949aa0121dcb7650b5147c6490e794555ed25859 SHA512 bec4832560945ca127524a7b529757aa36b7eb9a070d7385f8e5d10628e39b76ae20c1c146fab286860c70add8755f17a4b61bfa1a266eeb30d481f259120406 WHIRLPOOL aaee0a5b597305a2dab0064e9ef1fb1cf05f1f301de30601fa8a8c81f9c35f72c82df8c1c24e57c7f4beb132b4c50285f765ba998829ba7ab0681eadf7cfe7f7
DIST gnutls-3.5.0.tar.xz 6716848 SHA256 fc6b3b544d411e6ca54dd6167541770559070ea15e6868946cf56a621d58ae25 SHA512 0b53b8084972e9b47e71c47ca9a42d0413c781641f4da640a1016aa0c1a736863a57eadbd9bb81248d3fdf723796edbb1424b14f9846b2300ad7650925f2ac27 WHIRLPOOL 0f1b3e07f94f101b004ecb1024424a10826d32bab0168076e412cd8d3881af8d77b440395b1811a910188d950ed71a2eb13e87dae029ee4c8c461a3d71077ba3
+DIST gnutls-3.5.1.tar.xz 6799264 SHA256 bc4a0f80a627c3aca6e7ea59d30e50cda118c61e0e3fab367ff1451d6ec8bdbd SHA512 d59d0a7624a2783645d217a2f6955e8a5e67eea4a9bc682b101cf939f7b623f046b381bc12ae0bae08c17031e4bd178e615afbe2cdde3914433b8d829c353e14 WHIRLPOOL 1ce587c664896115a0b8f4d8bfadb562738b85db15dc592d049c89a10c1386ec2ec73f7bc94a7291188e590cd862419a15dac8ac37670629998231216a2450ce
diff --git a/net-libs/gnutls/files/gnutls-3.5.0-build.patch b/net-libs/gnutls/files/gnutls-3.5.0-build.patch
deleted file mode 100644
index 3e0ca33..0000000
--- a/net-libs/gnutls/files/gnutls-3.5.0-build.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff --git a/extra/openssl_compat.c b/extra/openssl_compat.c
-index 399df90..4cee4cd 100644
---- a/extra/openssl_compat.c
-+++ b/extra/openssl_compat.c
-@@ -26,8 +26,6 @@
-
- #include "gnutls_int.h"
-
--#include <gnutls_global.h>
--#include <gnutls_errors.h>
- #include <string.h> /* memset */
- #include <x509/x509_int.h>
- #include <libtasn1.h>
-diff --git a/tests/windows/cng-windows.c b/tests/windows/cng-windows.c
-index f435afb..e92f7b0 100644
---- a/tests/windows/cng-windows.c
-+++ b/tests/windows/cng-windows.c
-@@ -31,6 +31,8 @@
-
- #ifndef _WIN32
-
-+#include <stdlib.h>
-+
- void doit()
- {
- exit(77);
diff --git a/net-libs/gnutls/gnutls-3.5.1.ebuild b/net-libs/gnutls/gnutls-3.5.1.ebuild
new file mode 100644
index 0000000..efe6884
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.5.1.ebuild
@@ -0,0 +1,127 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit autotools libtool eutils multilib-minimal versionator
+
+DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
+
+# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library.
+# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled.
+LICENSE="GPL-3 LGPL-3"
+SLOT="0/30" # libgnutls.so number
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
+IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
+IUSE="+cxx dane doc examples guile nls +openssl pkcs11 static-libs test +tools zlib ${IUSE_LINGUAS// / linguas_}"
+# heartbeat support is not disabled until re-licensing happens fullyf
+
+# NOTICE: sys-devel/autogen is required at runtime as we
+# use system libopts
+RDEPEND=">=dev-libs/libtasn1-4.3[${MULTILIB_USEDEP}]
+ >=dev-libs/nettle-3.1:=[gmp,${MULTILIB_USEDEP}]
+ >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}]
+ tools? ( sys-devel/autogen )
+ dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
+ guile? ( >=dev-scheme/guile-1.8:*[networking] )
+ nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+ pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${RDEPEND}
+ >=sys-devel/automake-1.11.6
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+ doc? (
+ sys-apps/texinfo
+ dev-util/gtk-doc
+ )
+ nls? ( sys-devel/gettext )
+ test? ( app-misc/datefudge )"
+
+pkg_setup() {
+ # bug#520818
+ export TZ=UTC
+}
+
+src_prepare() {
+ default
+
+ sed -i \
+ -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
+ doc/Makefile.am || die
+
+ # force regeneration of autogen-ed files
+ local file
+ for file in $(grep -l AutoGen-ed src/*.c) ; do
+ rm src/$(basename ${file} .c).{c,h} || die
+ done
+
+ # force regeneration of makeinfo files
+ # have no idea why on some system these files are not
+ # accepted as-is, see bug#520818
+ for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
+ rm "${file}" || die
+ done
+
+ eautoreconf
+
+ # Use sane .so versioning on FreeBSD.
+ elibtoolize
+
+ # bug 497472
+ use cxx || epunt_cxx
+}
+
+multilib_src_configure() {
+ LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+ # TPM needs to be tested before being enabled
+ # hardware-accell is disabled on OSX because the asm files force
+ # GNU-stack (as doesn't support that) and when that's removed ld
+ # complains about duplicate symbols
+ ECONF_SOURCE=${S} \
+ econf \
+ --disable-valgrind-tests \
+ --without-included-libtasn1 \
+ --enable-heartbeat-support \
+ $(use_enable cxx) \
+ $(use_enable dane libdane) \
+ $(multilib_native_enable manpages) \
+ $(multilib_native_use_enable tools) \
+ $(multilib_native_use_enable doc) \
+ $(multilib_native_use_enable doc gtk-doc) \
+ $(multilib_native_use_enable guile) \
+ $(multilib_native_use_enable test tests) \
+ $(use_enable nls) \
+ $(use_enable openssl openssl-compatibility) \
+ $(use_enable static-libs static) \
+ $(use_with pkcs11 p11-kit) \
+ $(use_with zlib) \
+ --without-tpm \
+ --with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
+ $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ dodoc doc/certtool.cfg
+
+ if use doc; then
+ dohtml doc/gnutls.html
+ else
+ rm -fr "${ED}/usr/share/doc/${PF}/html"
+ fi
+
+ if use examples; then
+ docinto examples
+ dodoc doc/examples/*.c
+ fi
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/files/, net-libs/gnutls/
@ 2016-09-23 6:53 Alon Bar-Lev
0 siblings, 0 replies; 12+ messages in thread
From: Alon Bar-Lev @ 2016-09-23 6:53 UTC (permalink / raw
To: gentoo-commits
commit: 821ac429221b9978e64463adad7cd03dbfff6965
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 22 22:00:08 2016 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Fri Sep 23 06:52:56 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=821ac429
net-libs/gnutls: fix CVE-2016-7444
Thanks: behemothchess
Bug: 594738
Package-Manager: portage-2.2.28
net-libs/gnutls/Manifest | 2 -
.../gnutls/files/gnutls-3.3.24-CVE-2016-7444.patch | 28 ++++
net-libs/gnutls/gnutls-3.3.24-r1.ebuild | 178 +++++++++++++++++++++
3 files changed, 206 insertions(+), 2 deletions(-)
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index 6c8ad16..2185e4e 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,7 +1,5 @@
DIST gnutls-3.3.17.1.tar.xz 6339588 SHA256 b40f158030a92f450a07b20300a3996710ca19800848d9f6fd62493170c5bbb4 SHA512 9f2945abe1251db176fa227f2c90be46dba831af97647f04b960c71a50fc597776be31080733f9417f2242c4c6ae92fa897bf02d5f2ba40863e94df245c03319 WHIRLPOOL 8a04e56a5f47ddaad106081a613ead85a107b013d3e894074745e9439e0a7797b7f528aab5db7e3ac808f1c5c361c4717d7f0cb3abc943a6f912e5b6981db320
DIST gnutls-3.3.23.tar.xz 6304332 SHA256 f53453857e369d66d665c40389201c0b9dacb7ccda560fd21b20b798687a4239 SHA512 5c2e93ddbff3ca2fc5f8fca8eeaef363bf8fe0f5dce2f4a9448e3235c930baa09d59a456a019283a451d19e0497d3ae645786080aa31febc7f1bcd71c6de1e09 WHIRLPOOL fa082db1933eefc7e061dc7f7e6584d03920f40584865e2983250097db9acea0e6d0c075e8207a2e5b96e37ae77db2b91bcf21e97cc7dfdec0744904de4b5866
DIST gnutls-3.3.24.tar.xz 6294532 SHA256 5b65fe2a91c8dfa32bedc78acffcb152e5426cd3349e2afc43cccc9bdaf18aa5 SHA512 1fbb2e15ade14db15d7acc9ff559ecfc39517fd99e6c784583a7a4f8786daf8053f35f41e39cde0eeb5a1dfd3193ad908b52f62f945fbd43c147dc87e55f192f WHIRLPOOL 0725b35af9bbb4a7ee8f430af95e078066fb455328dd0ee71cca6633d093fe0433c7d869ebf0fabf8983679a32ff8451a2b631aec672810eb7bc55a3de28cc7d
-DIST gnutls-3.4.14.tar.xz 6673148 SHA256 35deddf2779b76ac11057de38bf380b8066c05de21b94263ad5b6dfa75dfbb23 SHA512 d75f6b4dea2dc742cd7f60ee0ee540d41b69991aaa937ca0138cfdf4a1e0dfaaa3863464303bfa5799e14ee02de252f71c59a7a9e57b96ff8af653e419edfd4e WHIRLPOOL 1869b831521f4ef5dde5a6694fdf6239793b404478a9b7e97ec2b4af2f1a4326fa5b65521a74d664113a84d2ff1b660269fcf1f3ca1db361fddfab2af3c191dd
DIST gnutls-3.4.15.tar.xz 6676480 SHA256 eb2a013905f5f2a0cbf7bcc1d20c85a50065063ee87bd33b496c4e19815e3498 SHA512 03157f2da22890ecd080ad58144a9aabe933382c0b7e969b7b194a0248bb5e6e25207078c0a92755650d0004970eb1c0cf0140dbdbf2e615808f9978e965a5e5 WHIRLPOOL a5f866e44421b6ecb492587f9eee09373fbda0644cc71468995fd2756b620c254c2cd69c07e8db30df415810d1090daf5ea5d50b33f2fda02c0758a7d4ee04e8
-DIST gnutls-3.5.3.tar.xz 6895068 SHA256 92c4bc999a10a1b95299ebefaeea8333f19d8a98d957a35b5eae74881bdb1fef SHA512 d53d8067628ce49e5bb0dbbd76761a27f585b0a38356c0d8524db6cf96542f54a7f8a87c5772335c1ca1ceec1e111e11c54636bb24ca2ac014c367b96c9e3969 WHIRLPOOL fc0b7a744c6c08a48c43a2e95781ec7139600b45b12f8352db01824468f301ab56f2adfec6f7a4806247fe33eadaa234ad541a27c75d8689c2817a0f5967aa05
DIST gnutls-3.5.4.tar.xz 6930620 SHA256 4e38014332e0f70c5d19b0eca8d85025ccd0d8be85894c0aaa498b42f6b9a8eb SHA512 175aab43b6349a62530938333910feb26ea5d923e151a9942fd5a6989f87193b18862e69bbbdb6308f889585d428d689d8fd3a6e8149f9fd1ac2882802ea6a9f WHIRLPOOL 6625adb815a69ba24e19b7966884f36577e8035272884d3d3b38c813ddd73e211ec3d2180c4e9160ad8459acab0ee72a36b328eae27357d6d1eb6476a06db75a
diff --git a/net-libs/gnutls/files/gnutls-3.3.24-CVE-2016-7444.patch b/net-libs/gnutls/files/gnutls-3.3.24-CVE-2016-7444.patch
new file mode 100644
index 00000000..82ab36f
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.3.24-CVE-2016-7444.patch
@@ -0,0 +1,28 @@
+From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Sat, 27 Aug 2016 17:00:22 +0200
+Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response
+
+Previously the OCSP certificate check wouldn't verify the serial length
+and could succeed in cases it shouldn't.
+
+Reported by Stefan Buehler.
+---
+ lib/x509/ocsp.c | 1 +
+ 1 file changed, 1 insertion(+), 0 deletions(-)
+
+diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
+index 92db9b6..8181f2e 100644
+--- a/lib/x509/ocsp.c
++++ b/lib/x509/ocsp.c
+@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
+ gnutls_assert();
+ goto cleanup;
+ }
++ cserial.size = t;
+
+ if (rserial.size != cserial.size
+ || memcmp(cserial.data, rserial.data, rserial.size) != 0) {
+--
+libgit2 0.24.0
+
diff --git a/net-libs/gnutls/gnutls-3.3.24-r1.ebuild b/net-libs/gnutls/gnutls-3.3.24-r1.ebuild
new file mode 100644
index 00000000..4b00e29
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.3.24-r1.ebuild
@@ -0,0 +1,178 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit autotools libtool eutils multilib-minimal versionator
+
+DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
+
+# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library.
+# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled.
+LICENSE="GPL-3 LGPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
+IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
+IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test zlib ${IUSE_LINGUAS// / linguas_}"
+# heartbeat support is not disabled until re-licensing happens fullyf
+
+# NOTICE: sys-devel/autogen is required at runtime as we
+# use system libopts
+RDEPEND=">=dev-libs/libtasn1-4.3[${MULTILIB_USEDEP}]
+ >=dev-libs/nettle-2.7:=[gmp,${MULTILIB_USEDEP}]
+ >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}]
+ sys-devel/autogen
+ crywrap? ( net-dns/libidn )
+ dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
+ guile? ( >=dev-scheme/guile-1.8:*[networking] )
+ nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+ pkcs11? ( >=app-crypt/p11-kit-0.20.7[${MULTILIB_USEDEP}] )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${RDEPEND}
+ >=sys-devel/automake-1.11.6
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+ doc? (
+ sys-apps/texinfo
+ dev-util/gtk-doc
+ )
+ nls? ( sys-devel/gettext )
+ test? ( app-misc/datefudge )"
+
+DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
+
+PATCHES=(
+ "${FILESDIR}/${PN}-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch"
+ "${FILESDIR}/${P}-CVE-2016-7444.patch"
+)
+
+pkg_setup() {
+ # bug#520818
+ export TZ=UTC
+}
+
+src_prepare() {
+ default
+
+ sed -i \
+ -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
+ doc/Makefile.am || die
+
+ # force regeneration of autogen-ed files
+ local file
+ for file in $(grep -l AutoGen-ed src/*.c) ; do
+ rm src/$(basename ${file} .c).{c,h} || die
+ done
+
+ # force regeneration of makeinfo files
+ # have no idea why on some system these files are not
+ # accepted as-is, see bug#520818
+ for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
+ rm "${file}" || die
+ done
+
+ eautoreconf
+
+ # Use sane .so versioning on FreeBSD.
+ elibtoolize
+
+ # bug 497472
+ use cxx || epunt_cxx
+}
+
+multilib_src_configure() {
+ LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+ # TPM needs to be tested before being enabled
+ # hardware-accell is disabled on OSX because the asm files force
+ # GNU-stack (as doesn't support that) and when that's removed ld
+ # complains about duplicate symbols
+ ECONF_SOURCE=${S} \
+ econf \
+ --disable-valgrind-tests \
+ --without-included-libtasn1 \
+ --enable-heartbeat-support \
+ $(use_enable cxx) \
+ $(use_enable dane libdane) \
+ $(multilib_native_enable manpages) \
+ $(multilib_native_use_enable doc) \
+ $(multilib_native_use_enable doc gtk-doc) \
+ $(multilib_native_use_enable guile) \
+ $(multilib_native_use_enable crywrap) \
+ $(use_enable nls) \
+ $(use_enable openssl openssl-compatibility) \
+ $(use_enable static-libs static) \
+ $(use_with pkcs11 p11-kit) \
+ $(use_with zlib) \
+ --without-tpm \
+ --with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
+ $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
+
+ if multilib_is_native_abi; then
+ ln -s "${S}"/doc/reference/html doc/reference/html || die
+ fi
+}
+
+multilib_src_compile() {
+ if multilib_is_native_abi; then
+ default
+
+ # symlink certtool for use in other ABIs
+ if use test; then
+ ln -s "${BUILD_DIR}"/src "${T}"/native-tools || die
+ fi
+ else
+ emake -C gl
+ emake -C lib
+ emake -C extra
+ use dane && emake -C libdane
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ # parallel testing often fails
+ emake -j1 check
+ else
+ # use native ABI tools
+ ln -s "${T}"/native-tools/{certtool,gnutls-{serv,cli}} \
+ "${BUILD_DIR}"/src/ || die
+
+ emake -C gl -j1 check
+ emake -C tests -j1 check
+ fi
+}
+
+multilib_src_install() {
+ if multilib_is_native_abi; then
+ emake DESTDIR="${D}" install
+ else
+ emake -C lib DESTDIR="${D}" install
+ emake -C extra DESTDIR="${D}" install
+ use dane && emake -C libdane DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ dodoc doc/certtool.cfg
+
+ if use doc; then
+ dohtml doc/gnutls.html
+ else
+ rm -fr "${ED}/usr/share/doc/${PF}/html"
+ fi
+
+ if use examples; then
+ docinto examples
+ dodoc doc/examples/*.c
+ fi
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/files/, net-libs/gnutls/
@ 2016-12-08 15:59 Alon Bar-Lev
0 siblings, 0 replies; 12+ messages in thread
From: Alon Bar-Lev @ 2016-12-08 15:59 UTC (permalink / raw
To: gentoo-commits
commit: 9134720a308d6f4368291e7735d8ee02a304c0e6
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 8 15:59:10 2016 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Thu Dec 8 15:59:38 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9134720a
net-libs/gnutls: manage libidn properly
cherry-pick upstream patches to build/test without libidn
make idn USE enabled by default per upstream recommendation
Package-Manager: portage-2.3.0
net-libs/gnutls/files/gnutls-3.5.7-idn.patch | 87 ++++++++++++++++++++++++++++
net-libs/gnutls/gnutls-3.5.7.ebuild | 6 +-
2 files changed, 92 insertions(+), 1 deletion(-)
diff --git a/net-libs/gnutls/files/gnutls-3.5.7-idn.patch b/net-libs/gnutls/files/gnutls-3.5.7-idn.patch
new file mode 100644
index 00000000..aa30116
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.5.7-idn.patch
@@ -0,0 +1,87 @@
+From ddca30ed625d9f5f7efb628e4467ff7ab5a65701 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Thu, 8 Dec 2016 15:54:07 +0100
+Subject: [PATCH] tests: make conditional (to HAVE_LIBIDN) any IDN related checks
+
+This allows the test suite to successfully complete even when compiled
+without libidn.
+---
+ tests/crq_apis.c | 2 ++
+ tests/crt_apis.c | 4 ++++
+ 2 files changed, 6 insertions(+), 0 deletions(-)
+
+diff --git a/tests/crq_apis.c b/tests/crq_apis.c
+index 99c02cb..7ad717f 100644
+--- a/tests/crq_apis.c
++++ b/tests/crq_apis.c
+@@ -448,8 +448,10 @@ void doit(void)
+
+ assert(gnutls_x509_crq_export2(crq, GNUTLS_X509_FMT_PEM, &out) >= 0);
+
++#ifdef HAVE_LIBIDN
+ assert(out.size == saved_crq.size);
+ assert(memcmp(out.data, saved_crq.data, out.size)==0);
++#endif
+
+ gnutls_free(out.data);
+ gnutls_x509_crq_deinit(crq);
+diff --git a/tests/crt_apis.c b/tests/crt_apis.c
+index 8b8ebbe..ed31640 100644
+--- a/tests/crt_apis.c
++++ b/tests/crt_apis.c
+@@ -183,10 +183,12 @@ void doit(void)
+ if (ret != 0)
+ fail("gnutls_x509_crt_set_subject_alt_name\n");
+
++#ifdef HAVE_LIBIDN
+ ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_RFC822NAME,
+ "test@νίκο.org", strlen("test@νίκο.org"), 1);
+ if (ret != 0)
+ fail("gnutls_x509_crt_set_subject_alt_name\n");
++#endif
+
+ s = 0;
+ ret = gnutls_x509_crt_get_key_purpose_oid(crt, 0, NULL, &s, NULL);
+@@ -275,8 +277,10 @@ void doit(void)
+ }
+ assert(gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_PEM, &out) >= 0);
+
++#ifdef HAVE_LIBIDN
+ assert(out.size == saved_crt.size);
+ assert(memcmp(out.data, saved_crt.data, out.size)==0);
++#endif
+
+ gnutls_free(out.data);
+
+--
+libgit2 0.24.0
+
+From e40393e5685743e185ea284337b6a0ed5d756a0f Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Thu, 8 Dec 2016 15:44:28 +0100
+Subject: [PATCH] str: do not call gnutls_assert in inline function
+
+This allows the build to succeed when compiled without libidn.
+---
+ lib/str.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/str.h b/lib/str.h
+index fe8b38e..d341baa 100644
+--- a/lib/str.h
++++ b/lib/str.h
+@@ -52,9 +52,10 @@ int _gnutls_idna_email_map(const char *input, unsigned ilen, gnutls_datum_t *out
+ inline static
+ int __gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsigned flags)
+ {
++ /* no call to gnutls_assert() due to header dependency issues */
+ out->data = gnutls_malloc(ilen+1);
+ if (out->data == NULL)
+- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++ return GNUTLS_E_MEMORY_ERROR;
+ out->size = ilen;
+ memcpy(out->data, input, ilen);
+ out->data[ilen] = 0;
+--
+libgit2 0.24.0
+
diff --git a/net-libs/gnutls/gnutls-3.5.7.ebuild b/net-libs/gnutls/gnutls-3.5.7.ebuild
index ad5aa1c..5792a83 100644
--- a/net-libs/gnutls/gnutls-3.5.7.ebuild
+++ b/net-libs/gnutls/gnutls-3.5.7.ebuild
@@ -14,7 +14,7 @@ LICENSE="GPL-3 LGPL-2.1"
SLOT="0/30" # libgnutls.so number
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
-IUSE="+cxx dane doc examples guile idn nls +openssl pkcs11 sslv2 +sslv3 static-libs test +tls-heartbeat +tools zlib ${IUSE_LINGUAS// / linguas_}"
+IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 sslv2 +sslv3 static-libs test +tls-heartbeat +tools zlib ${IUSE_LINGUAS// / linguas_}"
# NOTICE: sys-devel/autogen is required at runtime as we
# use system libopts
@@ -43,6 +43,10 @@ DEPEND="${RDEPEND}
nls? ( sys-devel/gettext )
test? ( app-misc/datefudge )"
+PATCHES=(
+ "${FILESDIR}/${P}-idn.patch"
+)
+
pkg_setup() {
# bug#520818
export TZ=UTC
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/files/, net-libs/gnutls/
@ 2017-01-30 6:48 Alon Bar-Lev
0 siblings, 0 replies; 12+ messages in thread
From: Alon Bar-Lev @ 2017-01-30 6:48 UTC (permalink / raw
To: gentoo-commits
commit: 9135da89460847e333410a1a59d8383c9430dcdb
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 30 06:47:01 2017 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Mon Jan 30 06:47:36 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9135da89
net-libs/gnutls: cleanup
Bug: 605238
Package-Manager: portage-2.3.3
net-libs/gnutls/Manifest | 2 -
.../gnutls/files/gnutls-3.3.24-CVE-2016-7444.patch | 28 ----
net-libs/gnutls/gnutls-3.3.24-r1.ebuild | 178 --------------------
net-libs/gnutls/gnutls-3.3.25.ebuild | 182 ---------------------
4 files changed, 390 deletions(-)
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index 48d11d8..50632c6 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,4 +1,2 @@
-DIST gnutls-3.3.24.tar.xz 6294532 SHA256 5b65fe2a91c8dfa32bedc78acffcb152e5426cd3349e2afc43cccc9bdaf18aa5 SHA512 1fbb2e15ade14db15d7acc9ff559ecfc39517fd99e6c784583a7a4f8786daf8053f35f41e39cde0eeb5a1dfd3193ad908b52f62f945fbd43c147dc87e55f192f WHIRLPOOL 0725b35af9bbb4a7ee8f430af95e078066fb455328dd0ee71cca6633d093fe0433c7d869ebf0fabf8983679a32ff8451a2b631aec672810eb7bc55a3de28cc7d
-DIST gnutls-3.3.25.tar.xz 6315372 SHA256 189d6c4e43465d2ec84f2cd66f0ef63657225926f56875e182743cfeef9f1f2e SHA512 6f9074f58250517287d183faac27afcc4318293b24b587b00494d40b6b5dae088fef993b5c2adf6842238adc1f694a747262b50bc602037626579b84401207f6 WHIRLPOOL 3d320378cd8e7330e2b399876bb8739dd35fe2dc1204b0ead561f214676583f2b2c1fa4c5a61b720e3af5c72769e804d9bc36f69f8659eb7a1d6e8a1a7012e2c
DIST gnutls-3.3.26.tar.xz 6361068 SHA256 6a7d882b6b581d684883fde195abf930dab37dfbe6aaea88ab164252bec720d9 SHA512 41259f760f5ed9b87d4203de567efb1a2087e01a025f2ea0f14167f146ecd640fbddeab390fbae6acc262507229894774db883d0892d448068ee73abb110738f WHIRLPOOL afca5aabebf36064847933662736c7713b837375db2c91c416d43a980407d912edf8fb64f53615c0bed770f46a9d2e0a3eb309f6a66281f5377e50a02863c8e7
DIST gnutls-3.5.8.tar.xz 7264448 SHA256 0e97f243ae72b70307d684b84c7fe679385aa7a7a0e37e5be810193dcc17d4ff SHA512 e6cdc4f9f2e41bd10e61b90b6b5ea3882c80a7130de8a0e9c23e373985cdc332128529dad49d6854fe93ee934e1bbde8b34dfd19e354b3a8e11b22d61424292e WHIRLPOOL 8e9c0407d13793b1c2a8a6377588e87502fa0a9dc79fe8b963ceac558538326052620e95772d8cef61d2d4e680bcabd3094adf5cea09cff42dd272d4478e7f7c
diff --git a/net-libs/gnutls/files/gnutls-3.3.24-CVE-2016-7444.patch b/net-libs/gnutls/files/gnutls-3.3.24-CVE-2016-7444.patch
deleted file mode 100644
index 82ab36f..00000000
--- a/net-libs/gnutls/files/gnutls-3.3.24-CVE-2016-7444.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-Date: Sat, 27 Aug 2016 17:00:22 +0200
-Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response
-
-Previously the OCSP certificate check wouldn't verify the serial length
-and could succeed in cases it shouldn't.
-
-Reported by Stefan Buehler.
----
- lib/x509/ocsp.c | 1 +
- 1 file changed, 1 insertion(+), 0 deletions(-)
-
-diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
-index 92db9b6..8181f2e 100644
---- a/lib/x509/ocsp.c
-+++ b/lib/x509/ocsp.c
-@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
- gnutls_assert();
- goto cleanup;
- }
-+ cserial.size = t;
-
- if (rserial.size != cserial.size
- || memcmp(cserial.data, rserial.data, rserial.size) != 0) {
---
-libgit2 0.24.0
-
diff --git a/net-libs/gnutls/gnutls-3.3.24-r1.ebuild b/net-libs/gnutls/gnutls-3.3.24-r1.ebuild
deleted file mode 100644
index 7dfbd62..00000000
--- a/net-libs/gnutls/gnutls-3.3.24-r1.ebuild
+++ /dev/null
@@ -1,178 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-inherit autotools libtool eutils multilib-minimal versionator
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library.
-# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled.
-LICENSE="GPL-3 LGPL-3"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
-IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
-IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test zlib ${IUSE_LINGUAS// / linguas_}"
-# heartbeat support is not disabled until re-licensing happens fullyf
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.3:=[${MULTILIB_USEDEP}]
- >=dev-libs/nettle-2.7:=[gmp,${MULTILIB_USEDEP}]
- >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
- sys-devel/autogen
- crywrap? ( net-dns/libidn )
- dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
- guile? ( >=dev-scheme/guile-1.8:=[networking] )
- nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.20.7[${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${RDEPEND}
- >=sys-devel/automake-1.11.6
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
- doc? (
- sys-apps/texinfo
- dev-util/gtk-doc
- )
- nls? ( sys-devel/gettext )
- test? ( app-misc/datefudge )"
-
-DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
-
-PATCHES=(
- "${FILESDIR}/${PN}-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch"
- "${FILESDIR}/${P}-CVE-2016-7444.patch"
-)
-
-pkg_setup() {
- # bug#520818
- export TZ=UTC
-}
-
-src_prepare() {
- default
-
- sed -i \
- -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
- doc/Makefile.am || die
-
- # force regeneration of autogen-ed files
- local file
- for file in $(grep -l AutoGen-ed src/*.c) ; do
- rm src/$(basename ${file} .c).{c,h} || die
- done
-
- # force regeneration of makeinfo files
- # have no idea why on some system these files are not
- # accepted as-is, see bug#520818
- for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
- rm "${file}" || die
- done
-
- eautoreconf
-
- # Use sane .so versioning on FreeBSD.
- elibtoolize
-
- # bug 497472
- use cxx || epunt_cxx
-}
-
-multilib_src_configure() {
- LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
- # TPM needs to be tested before being enabled
- # hardware-accell is disabled on OSX because the asm files force
- # GNU-stack (as doesn't support that) and when that's removed ld
- # complains about duplicate symbols
- ECONF_SOURCE=${S} \
- econf \
- --disable-valgrind-tests \
- --without-included-libtasn1 \
- --enable-heartbeat-support \
- $(use_enable cxx) \
- $(use_enable dane libdane) \
- $(multilib_native_enable manpages) \
- $(multilib_native_use_enable doc) \
- $(multilib_native_use_enable doc gtk-doc) \
- $(multilib_native_use_enable guile) \
- $(multilib_native_use_enable crywrap) \
- $(use_enable nls) \
- $(use_enable openssl openssl-compatibility) \
- $(use_enable static-libs static) \
- $(use_with pkcs11 p11-kit) \
- $(use_with zlib) \
- --without-tpm \
- --with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
- $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
-
- if multilib_is_native_abi; then
- ln -s "${S}"/doc/reference/html doc/reference/html || die
- fi
-}
-
-multilib_src_compile() {
- if multilib_is_native_abi; then
- default
-
- # symlink certtool for use in other ABIs
- if use test; then
- ln -s "${BUILD_DIR}"/src "${T}"/native-tools || die
- fi
- else
- emake -C gl
- emake -C lib
- emake -C extra
- use dane && emake -C libdane
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- # parallel testing often fails
- emake -j1 check
- else
- # use native ABI tools
- ln -s "${T}"/native-tools/{certtool,gnutls-{serv,cli}} \
- "${BUILD_DIR}"/src/ || die
-
- emake -C gl -j1 check
- emake -C tests -j1 check
- fi
-}
-
-multilib_src_install() {
- if multilib_is_native_abi; then
- emake DESTDIR="${D}" install
- else
- emake -C lib DESTDIR="${D}" install
- emake -C extra DESTDIR="${D}" install
- use dane && emake -C libdane DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- prune_libtool_files --all
-
- dodoc doc/certtool.cfg
-
- if use doc; then
- dohtml doc/gnutls.html
- else
- rm -fr "${ED}/usr/share/doc/${PF}/html"
- fi
-
- if use examples; then
- docinto examples
- dodoc doc/examples/*.c
- fi
-}
diff --git a/net-libs/gnutls/gnutls-3.3.25.ebuild b/net-libs/gnutls/gnutls-3.3.25.ebuild
deleted file mode 100644
index 275c118..00000000
--- a/net-libs/gnutls/gnutls-3.3.25.ebuild
+++ /dev/null
@@ -1,182 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-inherit autotools libtool eutils multilib-minimal versionator
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library.
-# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled.
-LICENSE="GPL-3 LGPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
-IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
-IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test zlib ${IUSE_LINGUAS// / linguas_}"
-# heartbeat support is not disabled until re-licensing happens fullyf
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.3:=[${MULTILIB_USEDEP}]
- >=dev-libs/nettle-2.7:=[gmp,${MULTILIB_USEDEP}]
- >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
- sys-devel/autogen
- crywrap? ( net-dns/libidn )
- dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
- guile? ( >=dev-scheme/guile-1.8:=[networking] )
- nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.20.7[${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${RDEPEND}
- >=sys-devel/automake-1.11.6
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
- doc? (
- sys-apps/texinfo
- dev-util/gtk-doc
- )
- nls? ( sys-devel/gettext )
- test? ( app-misc/datefudge )"
-
-DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
-
-PATCHES=(
- "${FILESDIR}/${PN}-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch"
-)
-
-pkg_setup() {
- # bug#520818
- export TZ=UTC
-}
-
-src_prepare() {
- default
-
- sed -i \
- -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
- doc/Makefile.am || die
-
- # force regeneration of autogen-ed files
- local file
- for file in $(grep -l AutoGen-ed src/*.c) ; do
- rm src/$(basename ${file} .c).{c,h} || die
- done
-
- # force regeneration of makeinfo files
- # have no idea why on some system these files are not
- # accepted as-is, see bug#520818
- for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
- rm "${file}" || die
- done
-
- eautoreconf
-
- # Use sane .so versioning on FreeBSD.
- elibtoolize
-
- # bug 497472
- use cxx || epunt_cxx
-}
-
-multilib_src_configure() {
- LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
- # remove magic of library detection
- # bug#438222
- libconf=($("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g'))
-
- # TPM needs to be tested before being enabled
- # hardware-accell is disabled on OSX because the asm files force
- # GNU-stack (as doesn't support that) and when that's removed ld
- # complains about duplicate symbols
- ECONF_SOURCE=${S} \
- econf \
- --disable-valgrind-tests \
- --without-included-libtasn1 \
- --enable-heartbeat-support \
- $(use_enable cxx) \
- $(use_enable dane libdane) \
- $(multilib_native_enable manpages) \
- $(multilib_native_use_enable doc) \
- $(multilib_native_use_enable doc gtk-doc) \
- $(multilib_native_use_enable guile) \
- $(multilib_native_use_enable crywrap) \
- $(use_enable nls) \
- $(use_enable openssl openssl-compatibility) \
- $(use_enable static-libs static) \
- $(use_with pkcs11 p11-kit) \
- $(use_with zlib) \
- --without-tpm \
- --with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
- "${libconf[@]}" \
- $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
-
- if multilib_is_native_abi; then
- ln -s "${S}"/doc/reference/html doc/reference/html || die
- fi
-}
-
-multilib_src_compile() {
- if multilib_is_native_abi; then
- default
-
- # symlink certtool for use in other ABIs
- if use test; then
- ln -s "${BUILD_DIR}"/src "${T}"/native-tools || die
- fi
- else
- emake -C gl
- emake -C lib
- emake -C extra
- use dane && emake -C libdane
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- # parallel testing often fails
- emake -j1 check
- else
- # use native ABI tools
- ln -s "${T}"/native-tools/{certtool,gnutls-{serv,cli}} \
- "${BUILD_DIR}"/src/ || die
-
- emake -C gl -j1 check
- emake -C tests -j1 check
- fi
-}
-
-multilib_src_install() {
- if multilib_is_native_abi; then
- emake DESTDIR="${D}" install
- else
- emake -C lib DESTDIR="${D}" install
- emake -C extra DESTDIR="${D}" install
- use dane && emake -C libdane DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- prune_libtool_files --all
-
- dodoc doc/certtool.cfg
-
- if use doc; then
- dohtml doc/gnutls.html
- else
- rm -fr "${ED}/usr/share/doc/${PF}/html"
- fi
-
- if use examples; then
- docinto examples
- dodoc doc/examples/*.c
- fi
-}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/files/, net-libs/gnutls/
@ 2017-04-07 11:33 Alon Bar-Lev
0 siblings, 0 replies; 12+ messages in thread
From: Alon Bar-Lev @ 2017-04-07 11:33 UTC (permalink / raw
To: gentoo-commits
commit: 07b8f5a9fb1b67aac3337ed7de8acdfdac7dc8f7
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 7 08:42:01 2017 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Fri Apr 7 10:40:36 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07b8f5a9
net-libs/gnutls: version bump
Package-Manager: Portage-2.3.3, Repoman-2.3.1
net-libs/gnutls/Manifest | 1 +
net-libs/gnutls/files/gnutls-3.5.11-tests.patch | 166 ++++++++++++++++++++++++
net-libs/gnutls/gnutls-3.5.11.ebuild | 138 ++++++++++++++++++++
net-libs/gnutls/metadata.xml | 3 +
4 files changed, 308 insertions(+)
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index 297f7cb04c1..266b29e6617 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,3 +1,4 @@
DIST gnutls-3.3.26.tar.xz 6361068 SHA256 6a7d882b6b581d684883fde195abf930dab37dfbe6aaea88ab164252bec720d9 SHA512 41259f760f5ed9b87d4203de567efb1a2087e01a025f2ea0f14167f146ecd640fbddeab390fbae6acc262507229894774db883d0892d448068ee73abb110738f WHIRLPOOL afca5aabebf36064847933662736c7713b837375db2c91c416d43a980407d912edf8fb64f53615c0bed770f46a9d2e0a3eb309f6a66281f5377e50a02863c8e7
DIST gnutls-3.3.27.tar.xz 6364824 SHA256 8dfda16c158ef5c134010d51d1a91d02aa5d43b8cb711b1572650a7ffb56b17f SHA512 2cc5706b502a500375f706d1a7321af4c55554d3052f35cf24cbb288f9568ce891999d0f401119d04f594e9bc79e2e68d3c008648604032222ad2a6d8224bbdf WHIRLPOOL 508ac8939e471155bd5d49510111fca4eb5b5362f0bae8ec16f98eb16aeaa44ff06448fd7793398e56f9713b344b0b27a32e66c24cbdc062d33bc74dd6b83f57
DIST gnutls-3.5.10.tar.xz 7194752 SHA256 af443e86ba538d4d3e37c4732c00101a492fe4b56a55f4112ff0ab39dbe6579d SHA512 60fc3409ee81932bc2672c68eb65748b88da4b9307764fb395dbadc06120e1011207a04d5f540e77a4d07649ffaed0789c04d57692eeca6ab24ac79d72418906 WHIRLPOOL c711bff10bcfa1ba8df82307d9fab30e08ed56d10bc87ae9ffbf8646d5d2fbd6c036db0335188cd6cb4b042ef616e342d3712715a6cb0ac3e6be934a5ea9c5f5
+DIST gnutls-3.5.11.tar.xz 7208068 SHA256 51765cc5579e250da77fbd7871507c517d01b15353cc40af7b67e9ec7b6fe28f SHA512 ce7e68bae417c114dcd8d2d8f84a69c233e41aa0591cb35f3872db29164031b53e1688553eb1c829602512954066aef6b0894ce50deb556723b93fd8e5817ac5 WHIRLPOOL 0c237b924148aef3fdee82567962c379293054f2b73e7740fc73aef9dc70f19007992a3d69bd2b3b0939c5ef4b34350fe69c99e94f46f3784d326eb6ddce9c01
diff --git a/net-libs/gnutls/files/gnutls-3.5.11-tests.patch b/net-libs/gnutls/files/gnutls-3.5.11-tests.patch
new file mode 100644
index 00000000000..e81ecedbc34
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.5.11-tests.patch
@@ -0,0 +1,166 @@
+From e03782b6ce2f5b909ebb65ff1682126302200c80 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Tue, 7 Mar 2017 22:39:20 +0100
+Subject: [PATCH] tests: do not run tests which require openpgp when it is
+ disabled
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+---
+ tests/openpgp-callback.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/openpgp-callback.c b/tests/openpgp-callback.c
+index c3f2c4c..3df10ac 100644
+--- a/tests/openpgp-callback.c
++++ b/tests/openpgp-callback.c
+@@ -27,7 +27,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+
+-#if defined(_WIN32)
++#if defined(_WIN32) || !defined(ENABLED_OPENPGP)
+
+ /* socketpair isn't supported on Win32. */
+ int main(int argc, char **argv)
+--
+2.10.2
+
+From 72e9bc6f807924ae563f247272ebd8437f7fd5db Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 8 Mar 2017 16:00:02 +0100
+Subject: [PATCH] tests: dtls-stress: use X.509 certificates instead of openpgp
+
+This will allow the test tool to operate even after openpgp certificates
+are deprecated.
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ tests/dtls/Makefile.am | 1 +
+ tests/dtls/dtls-stress.c | 67 ++++++------------------------------------------
+ 2 files changed, 9 insertions(+), 59 deletions(-)
+
+diff --git a/tests/dtls/Makefile.am b/tests/dtls/Makefile.am
+index 8f56408..6c8f411 100644
+--- a/tests/dtls/Makefile.am
++++ b/tests/dtls/Makefile.am
+@@ -30,6 +30,7 @@ AM_CPPFLAGS = \
+ -I$(top_srcdir)/extra/includes \
+ -I$(top_builddir)/extra/includes \
+ -I$(top_srcdir)/lib \
++ -I$(top_srcdir)/tests \
+ -I$(top_srcdir)/doc/examples
+
+ AM_LDFLAGS = -no-install
+diff --git a/tests/dtls/dtls-stress.c b/tests/dtls/dtls-stress.c
+index c9493af..01e5eca 100644
+--- a/tests/dtls/dtls-stress.c
++++ b/tests/dtls/dtls-stress.c
+@@ -101,6 +101,7 @@
+ #include <errno.h>
+ #include <poll.h>
+ #include <time.h>
++#include <assert.h>
+ #include <sys/wait.h>
+
+ #if _POSIX_TIMERS && (_POSIX_TIMERS - 200112L) >= 0
+@@ -232,56 +233,7 @@ static const char *filter_names_full[12]
+ "SFinished"
+ };
+
+-static const unsigned char PUBKEY[] =
+- "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
+- "\n"
+- "mI0ETz0XRAEEAKXSU/tg2yGvoKf/r1pdzj7dnfPHeS+BRiT34763uUhibAbTgMkp\n"
+- "v44OlBPiAaZ54uuXVkz8e4pgvrBgQwIRtNp3xPaWF1CfC4F+V4LdZV8l8IG+AfES\n"
+- "K0GbfUS4q8vjnPJ0TyxnXE2KtbcRdzZzWBshJ8KChKwbH2vvrMrlmEeZABEBAAG0\n"
+- "CHRlc3Qga2V5iLgEEwECACIFAk89F0QCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B\n"
+- "AheAAAoJEMNjhmkfkLY9J/YD+wYZ2BD/0/c5gkkDP2NlVvrLGyFmEwQcR7DcaQYB\n"
+- "P3/Teq2gnscZ5Xm/z1qgGEpwmaVfVHY8mfEj8bYI8jAu0v1C1jCtJPUTmxf9tmkZ\n"
+- "QYFNR8T+F5Xae2XseOH70lSN/AEiW02BEBFlGBx0a3T30muFfqi/KawaE7KKn2e4\n"
+- "uNWvuI0ETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1\n"
+- "Ao9g+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw\n"
+- "1PUl/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEB\n"
+- "AAGInwQYAQIACQUCTz0XRAIbDAAKCRDDY4ZpH5C2PTBtBACVsR6l4HtuzQb5WFQt\n"
+- "sD/lQEk6BEY9aVfK957Oj+A4alGEGObToqVJFo/nq+P7aWExIXucJQRL8lYnC7u+\n"
+- "GjPVCun5TYzKMiryxHPkQr9NBx4hh8JjkDCc8nAgI3il49uPYkmsv70CgqJFFtT8\n"
+- "NfM+8fS537I+XA+hfjt20NUFIA==\n"
+- "=oD3a\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
+-
+-static const unsigned char PRIVKEY[] =
+- "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
+- "\n"
+- "lQHYBE89F0QBBACl0lP7YNshr6Cn/69aXc4+3Z3zx3kvgUYk9+O+t7lIYmwG04DJ\n"
+- "Kb+ODpQT4gGmeeLrl1ZM/HuKYL6wYEMCEbTad8T2lhdQnwuBfleC3WVfJfCBvgHx\n"
+- "EitBm31EuKvL45zydE8sZ1xNirW3EXc2c1gbISfCgoSsGx9r76zK5ZhHmQARAQAB\n"
+- "AAP6A6VhRVi22MHE1YzQrTr8yvMSgwayynGcOjndHxdpEodferLx1Pp/BL+bT+ib\n"
+- "Qq7RZ363Xg/7I2rHJpenQYdkI5SI4KrXIV57p8G+isyTtsxU38SY84WoB5os8sfT\n"
+- "YhxG+edoTfDzXkRSWFB8EUjRaLa2b//nvLpxNRyqDSzzUxECAMtEnL5H/8gHbpZf\n"
+- "D98TSJVxdAl9rBAQaVMgrFgcU/IlmxCyVEh9eh/P261tefgOnyVcGFYHxdZvJ3td\n"
+- "miM+DNUCANDW1S9t7IiqflDpQIS2wGTZ/rLKPoE1F3285EaYAd0FQUq0O4/Nu31D\n"
+- "5pz/S7D+PfXn9oEZH3Dvl3EVIDyq4bUB+QEzFc3BsH2uueD3g42RoBfMGl6m3LI9\n"
+- "yWOnrUmIW+h9Fu8W9mcU6y82Q1G7OPIxA1me/Qtzo20lGQa8jAyzLhuit7QIdGVz\n"
+- "dCBrZXmIuAQTAQIAIgUCTz0XRAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA\n"
+- "CgkQw2OGaR+Qtj0n9gP7BhnYEP/T9zmCSQM/Y2VW+ssbIWYTBBxHsNxpBgE/f9N6\n"
+- "raCexxnleb/PWqAYSnCZpV9UdjyZ8SPxtgjyMC7S/ULWMK0k9RObF/22aRlBgU1H\n"
+- "xP4Xldp7Zex44fvSVI38ASJbTYEQEWUYHHRrdPfSa4V+qL8prBoTsoqfZ7i41a+d\n"
+- "AdgETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1Ao9g\n"
+- "+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw1PUl\n"
+- "/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEBAAEA\n"
+- "A/4wX+brqkGZQTv8lateHn3PRHM3O34nPjgiNeo/SV9EKZg1e1PdRx9ZTAJrGK9y\n"
+- "uZ03BKn7vZIy7fD4ufVzV/s/BaypVmvwjZud8fdMgsMQAJYtoMhozbOtUelCFpja\n"
+- "I1xAbDBx1PAAbS8Sh022/0jvOGnZhvkgZMG90z7AEANUYQIAwzywU087TcJk8Bzd\n"
+- "37JGWyE4f3iYFGA+r8BoIOrxvvgfUHKxdhG0gaT8SDeRAwNY6D43dCBZkG7Uel1F\n"
+- "x9MlLQIA3Goaz58hEN0fdm4TM7A8crtMB+f8/h87EneBgMl+Yj/3sklhyahR6Itm\n"
+- "lGuAAGTAOmD7i8OmS/a1ac5MtHAGtwH6A0B5GjaL8VnLQo4vFnuR7JuCQaLqGadV\n"
+- "mBmKxVHElduLf/VauBQPD5KZA+egpg+laJ4JLVXMmKIZGqRzopcIWZnKiJ8EGAEC\n"
+- "AAkFAk89F0QCGwwACgkQw2OGaR+Qtj0wbQQAlbEepeB7bs0G+VhULbA/5UBJOgRG\n"
+- "PWlXyveezo/gOGpRhBjm06KlSRaP56vj+2lhMSF7nCUES/JWJwu7vhoz1Qrp+U2M\n"
+- "yjIq8sRz5EK/TQceIYfCY5AwnPJwICN4pePbj2JJrL+9AoKiRRbU/DXzPvH0ud+y\n"
+- "PlwPoX47dtDVBSA=\n" "=EVlv\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
++#include "cert-common.h"
+
+ // }}}
+
+@@ -736,13 +688,10 @@ static void await(int fd, int timeout)
+
+ static void cred_init(void)
+ {
+- gnutls_datum_t key = { (unsigned char *)PUBKEY, sizeof(PUBKEY) };
+- gnutls_datum_t sec = { (unsigned char *)PRIVKEY, sizeof(PRIVKEY) };
++ assert(gnutls_certificate_allocate_credentials(&cred)>=0);
+
+- gnutls_certificate_allocate_credentials(&cred);
+-
+- gnutls_certificate_set_openpgp_key_mem(cred, &key, &sec,
+- GNUTLS_OPENPGP_FMT_BASE64);
++ gnutls_certificate_set_x509_key_mem(cred, &cli_ca3_cert, &cli_ca3_key,
++ GNUTLS_X509_FMT_PEM);
+ }
+
+ static void session_init(int sock, int server)
+@@ -751,7 +700,7 @@ static void session_init(int sock, int server)
+ GNUTLS_DATAGRAM | (server ? GNUTLS_SERVER : GNUTLS_CLIENT)
+ | GNUTLS_NONBLOCK * nonblock);
+ gnutls_priority_set_direct(session,
+- "+CTYPE-OPENPGP:+CIPHER-ALL:+MAC-ALL:+ECDHE-RSA:+ANON-ECDH",
++ "NORMAL:+ECDHE-RSA:+ANON-ECDH",
+ 0);
+ gnutls_transport_set_int(session, sock);
+
+@@ -763,11 +712,11 @@ static void session_init(int sock, int server)
+ }
+ } else if (server) {
+ gnutls_anon_server_credentials_t acred;
+- gnutls_anon_allocate_server_credentials(&acred);
++ assert(gnutls_anon_allocate_server_credentials(&acred)>=0);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, acred);
+ } else {
+ gnutls_anon_client_credentials_t acred;
+- gnutls_anon_allocate_client_credentials(&acred);
++ assert(gnutls_anon_allocate_client_credentials(&acred)>=0);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, acred);
+ }
+
+--
+2.10.2
+
diff --git a/net-libs/gnutls/gnutls-3.5.11.ebuild b/net-libs/gnutls/gnutls-3.5.11.ebuild
new file mode 100644
index 00000000000..0a31cb65abe
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.5.11.ebuild
@@ -0,0 +1,138 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit libtool ltprune multilib-minimal versionator
+
+DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
+
+LICENSE="GPL-3 LGPL-2.1"
+SLOT="0/30" # libgnutls.so number
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
+IUSE="+cxx dane doc examples guile +idn nls openpgp +openssl pkcs11 sslv2 +sslv3 seccomp static-libs test test-full +tls-heartbeat tools valgrind zlib ${IUSE_LINGUAS// / linguas_}"
+
+REQUIRED_USE="
+ test-full? ( guile pkcs11 openpgp openssl idn seccomp tools zlib )"
+
+# NOTICE: sys-devel/autogen is required at runtime as we
+# use system libopts
+RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
+ dev-libs/libunistring:=[${MULTILIB_USEDEP}]
+ >=dev-libs/nettle-3.1:=[gmp,${MULTILIB_USEDEP}]
+ >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
+ tools? ( sys-devel/autogen )
+ dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
+ guile? ( >=dev-scheme/guile-1.8:=[networking] )
+ nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+ pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-0.16-r1[${MULTILIB_USEDEP}] )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${RDEPEND}
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+ doc? ( dev-util/gtk-doc )
+ nls? ( sys-devel/gettext )
+ valgrind? ( dev-util/valgrind )
+ test? (
+ guile? ( >=dev-scheme/guile-2 )
+ seccomp? ( sys-libs/libseccomp )
+ )
+ test-full? (
+ app-crypt/dieharder
+ app-misc/datefudge
+ dev-libs/softhsm:2[-bindist]
+ net-dialup/ppp
+ net-misc/socat
+ )"
+
+DOCS=(
+ README.md
+ doc/certtool.cfg
+)
+
+HTML_DOCS=()
+
+PATCHES=(
+ "${FILESDIR}/${P}-tests.patch"
+)
+
+pkg_setup() {
+ # bug#520818
+ export TZ=UTC
+
+ use doc && HTML_DOCS+=(
+ doc/gnutls.html
+ )
+}
+
+src_prepare() {
+ default
+
+ # force regeneration of autogen-ed files
+ local file
+ for file in $(grep -l AutoGen-ed src/*.c) ; do
+ rm src/$(basename ${file} .c).{c,h} || die
+ done
+
+ # Use sane .so versioning on FreeBSD.
+ elibtoolize
+}
+
+multilib_src_configure() {
+ LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+ # remove magic of library detection
+ # bug#438222
+ local libconf=($("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g'))
+
+ # TPM needs to be tested before being enabled
+ # hardware-accell is disabled on OSX because the asm files force
+ # GNU-stack (as doesn't support that) and when that's removed ld
+ # complains about duplicate symbols
+ ECONF_SOURCE=${S} econf \
+ --without-included-libtasn1 \
+ $(use_enable cxx) \
+ $(use_enable dane libdane) \
+ $(multilib_native_enable manpages) \
+ $(multilib_native_use_enable tools) \
+ $(multilib_native_use_enable doc) \
+ $(multilib_native_use_enable doc gtk-doc) \
+ $(multilib_native_use_enable guile) \
+ $(multilib_native_use_enable test tests) \
+ $(multilib_native_use_enable seccomp seccomp-tests) \
+ $(multilib_native_use_enable valgrind valgrind-tests) \
+ $(multilib_native_use_enable test-full full-test-suite) \
+ $(use_enable nls) \
+ $(use_enable openpgp openpgp-authentication) \
+ $(use_enable openssl openssl-compatibility) \
+ $(use_enable openssl openssl-compatibility) \
+ $(use_enable tls-heartbeat heartbeat-support) \
+ $(use_enable sslv2 ssl2-support) \
+ $(use_enable sslv3 ssl3-support) \
+ $(use_enable static-libs static) \
+ $(use_with pkcs11 p11-kit) \
+ $(use_with zlib) \
+ $(use_with idn) \
+ $(use_with idn libidn2) \
+ --without-tpm \
+ --with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt" \
+ "${libconf[@]}" \
+ $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ if use examples; then
+ docinto examples
+ dodoc doc/examples/*.c
+ fi
+}
diff --git a/net-libs/gnutls/metadata.xml b/net-libs/gnutls/metadata.xml
index 05022018193..536d49f0da3 100644
--- a/net-libs/gnutls/metadata.xml
+++ b/net-libs/gnutls/metadata.xml
@@ -13,6 +13,9 @@
Build libgnutls-dane, implementing DNS-based Authentication of
Named Entities. Requires <pkg>net-dns/unbound</pkg>
</flag>
+ <flag name="openpgp">
+ Enable openpgp support
+ </flag>
<flag name="openssl">
Build openssl compatibility libraries
</flag>
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/files/, net-libs/gnutls/
@ 2019-01-14 19:17 Alon Bar-Lev
0 siblings, 0 replies; 12+ messages in thread
From: Alon Bar-Lev @ 2019-01-14 19:17 UTC (permalink / raw
To: gentoo-commits
commit: 9a28e54de3798ec4ce92508cc2c4c67b985f817f
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 14 19:17:22 2019 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Mon Jan 14 19:17:38 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a28e54d
net-libs/gnutls: fix build failure
Closes: https://bugs.gentoo.org/show_bug.cgi?id=675424
Thanks: Toralf Förster
Signed-off-by: Alon Bar-Lev <alonbl <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
net-libs/gnutls/files/gnutls-3.6.5-build.patch | 31 ++++++++++++++++++++++++++
net-libs/gnutls/gnutls-3.6.5.ebuild | 4 ++++
2 files changed, 35 insertions(+)
diff --git a/net-libs/gnutls/files/gnutls-3.6.5-build.patch b/net-libs/gnutls/files/gnutls-3.6.5-build.patch
new file mode 100644
index 00000000000..00c11da4ae7
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.6.5-build.patch
@@ -0,0 +1,31 @@
+From b7fdb4125e4eebc5af2155b6d36cf17339a3abf5 Mon Sep 17 00:00:00 2001
+From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+Date: Tue, 25 Dec 2018 14:44:11 +0300
+Subject: [PATCH] tests: cipher-openssl-compat: don't call
+ EVP_CIPHER_CTX_init()
+
+There is no need to call EVP_CIPHER_CTX_init() after
+EVP_CIPHER_CTX_new().
+
+Fixes #658
+
+Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+---
+ tests/slow/cipher-openssl-compat.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/tests/slow/cipher-openssl-compat.c b/tests/slow/cipher-openssl-compat.c
+index a4cb3522d..64adf25a4 100644
+--- a/tests/slow/cipher-openssl-compat.c
++++ b/tests/slow/cipher-openssl-compat.c
+@@ -106,7 +106,6 @@ static int cipher_test(const char *ocipher, gnutls_cipher_algorithm_t gcipher,
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if (gcipher == GNUTLS_CIPHER_AES_128_CCM
+ || gcipher == GNUTLS_CIPHER_AES_256_CCM) {
+- assert(EVP_CIPHER_CTX_init(ctx)==1);
+ assert(EVP_CipherInit_ex(ctx, evp_cipher, 0, 0, 0, 0) >
+ 0);
+
+--
+2.19.2
+
diff --git a/net-libs/gnutls/gnutls-3.6.5.ebuild b/net-libs/gnutls/gnutls-3.6.5.ebuild
index 0e4f46b96b2..883584c16a7 100644
--- a/net-libs/gnutls/gnutls-3.6.5.ebuild
+++ b/net-libs/gnutls/gnutls-3.6.5.ebuild
@@ -53,6 +53,10 @@ DOCS=(
HTML_DOCS=()
+PATCHES=(
+ "${FILESDIR}/${P}-build.patch"
+)
+
pkg_setup() {
# bug#520818
export TZ=UTC
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/files/, net-libs/gnutls/
@ 2019-01-15 18:46 Alon Bar-Lev
0 siblings, 0 replies; 12+ messages in thread
From: Alon Bar-Lev @ 2019-01-15 18:46 UTC (permalink / raw
To: gentoo-commits
commit: 452494d7ca5dfa6a804e932eadf24b999c51316e
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 15 18:45:31 2019 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Tue Jan 15 18:45:48 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=452494d7
net-libs/gnutls: libressl fix
Closes: https://bugs.gentoo.org/show_bug.cgi?id=675512
Thanks: Toralf Förster
Signed-off-by: Alon Bar-Lev <alonbl <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
net-libs/gnutls/files/gnutls-3.6.5-libressl.patch | 53 +++++++++++++++++++++++
net-libs/gnutls/gnutls-3.6.5.ebuild | 1 +
2 files changed, 54 insertions(+)
diff --git a/net-libs/gnutls/files/gnutls-3.6.5-libressl.patch b/net-libs/gnutls/files/gnutls-3.6.5-libressl.patch
new file mode 100644
index 00000000000..16cac8c13b9
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.6.5-libressl.patch
@@ -0,0 +1,53 @@
+From bfd036b31f2a47ae40e104b2ea1a0e095900cf52 Mon Sep 17 00:00:00 2001
+From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+Date: Tue, 25 Dec 2018 14:43:56 +0300
+Subject: [PATCH] tests: cipher-openssl-compat: don't fail if OpenSSL doesn't
+ provide cipher
+
+LibreSSL does not provide ChaCha20-Poly1305 through EVP_CIPHER
+interface, so let's skip the test if cipher is not available.
+
+Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+---
+ tests/slow/cipher-openssl-compat.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/tests/slow/cipher-openssl-compat.c b/tests/slow/cipher-openssl-compat.c
+index c9b39d026..a4cb3522d 100644
+--- a/tests/slow/cipher-openssl-compat.c
++++ b/tests/slow/cipher-openssl-compat.c
+@@ -38,6 +38,19 @@ static int cipher_test(const char *ocipher, gnutls_cipher_algorithm_t gcipher,
+
+ success("cipher: %s\n", ocipher);
+
++ /* decrypt with openssl */
++ evp_cipher = EVP_get_cipherbyname(ocipher);
++ if (!evp_cipher) {
++ /* XXX: fix version check later when LibreSSL fixes support for aes-ccm and chacha20-poly1305 */
++#ifdef LIBRESSL_VERSION_NUMBER
++ fprintf(stderr, "EVP_get_cipherbyname failed for %s\n", ocipher);
++ return -1;
++#else
++ /* OpenSSL should always work! */
++ fail("EVP_get_cipherbyname failed for %s\n", ocipher);
++#endif
++ }
++
+ for (i = 0; i < 32; i++) { /* try with multiple keys and nonces */
+ assert(gnutls_rnd
+ (GNUTLS_RND_NONCE, orig_plain_data,
+@@ -88,11 +101,6 @@ static int cipher_test(const char *ocipher, gnutls_cipher_algorithm_t gcipher,
+
+ gnutls_aead_cipher_deinit(hd);
+
+- /* decrypt with openssl */
+- evp_cipher = EVP_get_cipherbyname(ocipher);
+- if (!evp_cipher)
+- fail("EVP_get_cipherbyname failed for %s\n", ocipher);
+-
+ ctx = EVP_CIPHER_CTX_new();
+
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+--
+2.19.2
+
diff --git a/net-libs/gnutls/gnutls-3.6.5.ebuild b/net-libs/gnutls/gnutls-3.6.5.ebuild
index 883584c16a7..9d141a5165c 100644
--- a/net-libs/gnutls/gnutls-3.6.5.ebuild
+++ b/net-libs/gnutls/gnutls-3.6.5.ebuild
@@ -55,6 +55,7 @@ HTML_DOCS=()
PATCHES=(
"${FILESDIR}/${P}-build.patch"
+ "${FILESDIR}/${P}-libressl.patch"
)
pkg_setup() {
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/files/, net-libs/gnutls/
@ 2019-04-17 11:48 Alon Bar-Lev
0 siblings, 0 replies; 12+ messages in thread
From: Alon Bar-Lev @ 2019-04-17 11:48 UTC (permalink / raw
To: gentoo-commits
commit: 31dd00f6488dc707074208b71c8e0997faf6e1f2
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 17 11:47:04 2019 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Wed Apr 17 11:48:01 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31dd00f6
net-libs/gnutls: cleanup old
Signed-off-by: Alon Bar-Lev <alonbl <AT> gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11
net-libs/gnutls/Manifest | 3 -
net-libs/gnutls/files/gnutls-3.5.19-idn2.patch | 47 --------
net-libs/gnutls/files/gnutls-3.6.5-build.patch | 31 -----
net-libs/gnutls/files/gnutls-3.6.5-libressl.patch | 53 ---------
net-libs/gnutls/gnutls-3.5.19-r1.ebuild | 135 ---------------------
net-libs/gnutls/gnutls-3.5.19.ebuild | 137 ----------------------
net-libs/gnutls/gnutls-3.6.5.ebuild | 137 ----------------------
net-libs/gnutls/gnutls-3.6.6.ebuild | 132 ---------------------
net-libs/gnutls/metadata.xml | 3 -
9 files changed, 678 deletions(-)
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index b47e8e66dce..6dbf4d22866 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,4 +1 @@
-DIST gnutls-3.5.19.tar.xz 7239744 BLAKE2B c12578e79d3e96e1df7a5dc5f05fe9bc4bce4150f7440a73fda8e69d3f137a9ad1ace28b56e976bc319bd7be7305bf93af9c20087229e0b8fefee85b64e8261d SHA512 a78a59505e59c62ca671b34eacaeadcf070a943b12d964b7362962ba05636136638063491c37bb1883807014b8b6cf4f83f7d5b918ed02d5fbb52155679ce52f
-DIST gnutls-3.6.5.tar.xz 8192888 BLAKE2B 1d305d49c461657b921a51e6c3577e8aea76ba2a4ecbb0ba165ca1f452560b691f12733e3b3ef6d1206096a7393a6fdd05bedb5d5653c7e18e14c5c2f5993de2 SHA512 127f053ce45c63cd745fa5a654a2d8e4fbc322f5e17dcc3740fb2e7b376dd18dad59318d66e6e93e37d6a179fca4b35cf2ae62d13be5645cd2d06badd79d4dce
-DIST gnutls-3.6.6.tar.xz 8257612 BLAKE2B 1b201eedcad7e4424cc6f53d21de5c8105fdea3f0bbc2ea1eceac6fed20a45ad8009fc0f4d9bd7c3e8e3a4cd261d6c32a180a273b22494c4b2f1982244bd4698 SHA512 4ff34f38d7dc543bc5750d8fdfe9be84af60c66e8d41da45f6cffc11d6c6c726784fd2d471b3416604ca1f3f9efb22ff7a290d5c92c96deda38df6ae3e794cc1
DIST gnutls-3.6.7.tar.xz 8153728 BLAKE2B 993a45edff335e75f36de27373d5db01094c81ebc5eb13d9e04a01f7f32ce6189f71f05a18c90c2e57aec688750e917ee948261726acdd7752d9d7d42a9c7ac2 SHA512 ae9b8996eb9b7269d28213f0aca3a4a17890ba8d47e3dc3b8e754ab8e2b4251e9412aaaa161a8bf56167f04cc169b4cada46f55a7bde92b955eb36cd717a99f3
diff --git a/net-libs/gnutls/files/gnutls-3.5.19-idn2.patch b/net-libs/gnutls/files/gnutls-3.5.19-idn2.patch
deleted file mode 100644
index 1f16302c81b..00000000000
--- a/net-libs/gnutls/files/gnutls-3.5.19-idn2.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From b0dfccd2149086cf5d2db44c329664a56b126216 Mon Sep 17 00:00:00 2001
-From: Alon Bar-Lev <alon.barlev@gmail.com>
-Date: Sun, 6 Jan 2019 20:02:50 +0200
-Subject: [PATCH] idn2: do not use deprecated idn2_to_unicode_8z8z in
- idn2-2.1.0
-
-Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
----
- lib/str-idna.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-https://gitlab.com/gnutls/gnutls/merge_requests/864
-
-diff --git a/lib/str-idna.c b/lib/str-idna.c
-index 3bf2db877..95ca9b769 100644
---- a/lib/str-idna.c
-+++ b/lib/str-idna.c
-@@ -145,7 +145,7 @@ int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsig
- return ret;
- }
-
--#ifdef HAVE_LIBIDN2
-+#if defined(HAVE_LIBIDN2) && IDN2_VERSION_NUMBER < 0x02000000
- int _idn2_punycode_decode(
- size_t input_length,
- const char input[],
-@@ -153,7 +153,7 @@ int _idn2_punycode_decode(
- uint32_t output[],
- unsigned char case_flags[]);
-
--static int _idn2_to_unicode_8z8z(const char *src, char **dst)
-+static int idn2_to_unicode_8z8z(const char *src, char **dst, int flags)
- {
- int rc, run;
- size_t out_len = 0;
-@@ -253,7 +253,7 @@ int gnutls_idna_reverse_map(const char *input, unsigned ilen, gnutls_datum_t *ou
-
- #ifdef HAVE_LIBIDN2
- /* currently libidn2 just converts single labels, thus a wrapper function */
-- rc = _idn2_to_unicode_8z8z((char*)istr.data, &u8);
-+ rc = idn2_to_unicode_8z8z((char*)istr.data, &u8, 0);
- if (rc != IDN2_OK) {
- gnutls_assert();
- _gnutls_debug_log("unable to convert ACE name '%s' to UTF-8 format: %s\n", istr.data, idn2_strerror(rc));
---
-2.19.2
-
diff --git a/net-libs/gnutls/files/gnutls-3.6.5-build.patch b/net-libs/gnutls/files/gnutls-3.6.5-build.patch
deleted file mode 100644
index 00c11da4ae7..00000000000
--- a/net-libs/gnutls/files/gnutls-3.6.5-build.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From b7fdb4125e4eebc5af2155b6d36cf17339a3abf5 Mon Sep 17 00:00:00 2001
-From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-Date: Tue, 25 Dec 2018 14:44:11 +0300
-Subject: [PATCH] tests: cipher-openssl-compat: don't call
- EVP_CIPHER_CTX_init()
-
-There is no need to call EVP_CIPHER_CTX_init() after
-EVP_CIPHER_CTX_new().
-
-Fixes #658
-
-Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
----
- tests/slow/cipher-openssl-compat.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/tests/slow/cipher-openssl-compat.c b/tests/slow/cipher-openssl-compat.c
-index a4cb3522d..64adf25a4 100644
---- a/tests/slow/cipher-openssl-compat.c
-+++ b/tests/slow/cipher-openssl-compat.c
-@@ -106,7 +106,6 @@ static int cipher_test(const char *ocipher, gnutls_cipher_algorithm_t gcipher,
- #if OPENSSL_VERSION_NUMBER >= 0x10100000L
- if (gcipher == GNUTLS_CIPHER_AES_128_CCM
- || gcipher == GNUTLS_CIPHER_AES_256_CCM) {
-- assert(EVP_CIPHER_CTX_init(ctx)==1);
- assert(EVP_CipherInit_ex(ctx, evp_cipher, 0, 0, 0, 0) >
- 0);
-
---
-2.19.2
-
diff --git a/net-libs/gnutls/files/gnutls-3.6.5-libressl.patch b/net-libs/gnutls/files/gnutls-3.6.5-libressl.patch
deleted file mode 100644
index 16cac8c13b9..00000000000
--- a/net-libs/gnutls/files/gnutls-3.6.5-libressl.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From bfd036b31f2a47ae40e104b2ea1a0e095900cf52 Mon Sep 17 00:00:00 2001
-From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-Date: Tue, 25 Dec 2018 14:43:56 +0300
-Subject: [PATCH] tests: cipher-openssl-compat: don't fail if OpenSSL doesn't
- provide cipher
-
-LibreSSL does not provide ChaCha20-Poly1305 through EVP_CIPHER
-interface, so let's skip the test if cipher is not available.
-
-Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
----
- tests/slow/cipher-openssl-compat.c | 18 +++++++++++++-----
- 1 file changed, 13 insertions(+), 5 deletions(-)
-
-diff --git a/tests/slow/cipher-openssl-compat.c b/tests/slow/cipher-openssl-compat.c
-index c9b39d026..a4cb3522d 100644
---- a/tests/slow/cipher-openssl-compat.c
-+++ b/tests/slow/cipher-openssl-compat.c
-@@ -38,6 +38,19 @@ static int cipher_test(const char *ocipher, gnutls_cipher_algorithm_t gcipher,
-
- success("cipher: %s\n", ocipher);
-
-+ /* decrypt with openssl */
-+ evp_cipher = EVP_get_cipherbyname(ocipher);
-+ if (!evp_cipher) {
-+ /* XXX: fix version check later when LibreSSL fixes support for aes-ccm and chacha20-poly1305 */
-+#ifdef LIBRESSL_VERSION_NUMBER
-+ fprintf(stderr, "EVP_get_cipherbyname failed for %s\n", ocipher);
-+ return -1;
-+#else
-+ /* OpenSSL should always work! */
-+ fail("EVP_get_cipherbyname failed for %s\n", ocipher);
-+#endif
-+ }
-+
- for (i = 0; i < 32; i++) { /* try with multiple keys and nonces */
- assert(gnutls_rnd
- (GNUTLS_RND_NONCE, orig_plain_data,
-@@ -88,11 +101,6 @@ static int cipher_test(const char *ocipher, gnutls_cipher_algorithm_t gcipher,
-
- gnutls_aead_cipher_deinit(hd);
-
-- /* decrypt with openssl */
-- evp_cipher = EVP_get_cipherbyname(ocipher);
-- if (!evp_cipher)
-- fail("EVP_get_cipherbyname failed for %s\n", ocipher);
--
- ctx = EVP_CIPHER_CTX_new();
-
- #if OPENSSL_VERSION_NUMBER >= 0x10100000L
---
-2.19.2
-
diff --git a/net-libs/gnutls/gnutls-3.5.19-r1.ebuild b/net-libs/gnutls/gnutls-3.5.19-r1.ebuild
deleted file mode 100644
index 5917ea116d3..00000000000
--- a/net-libs/gnutls/gnutls-3.5.19-r1.ebuild
+++ /dev/null
@@ -1,135 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit libtool multilib-minimal
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-3 LGPL-2.1"
-SLOT="0/30" # libgnutls.so number
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cxx dane doc examples guile +idn nls openpgp +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind zlib"
-
-REQUIRED_USE="
- test-full? ( guile pkcs11 openpgp openssl idn seccomp tools zlib )"
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
- dev-libs/libunistring:=[${MULTILIB_USEDEP}]
- >=dev-libs/nettle-3.1:=[gmp,${MULTILIB_USEDEP}]
- >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
- tools? ( sys-devel/autogen:= )
- dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
- guile? ( >=dev-scheme/guile-2:=[networking] )
- nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.23.1:=[${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
- test? (
- seccomp? ( sys-libs/libseccomp )
- )"
-BDEPEND=">=virtual/pkgconfig-0-r1
- doc? ( dev-util/gtk-doc )
- nls? ( sys-devel/gettext )
- tools? ( sys-devel/autogen )
- valgrind? ( dev-util/valgrind )
- test-full? (
- app-crypt/dieharder
- app-misc/datefudge
- dev-libs/softhsm:2[-bindist]
- net-dialup/ppp
- net-misc/socat
- )"
-
-DOCS=(
- README.md
- doc/certtool.cfg
-)
-
-HTML_DOCS=()
-
-PATCHES=(
- "${FILESDIR}/${P}-idn2.patch"
-)
-
-pkg_setup() {
- # bug#520818
- export TZ=UTC
-
- use doc && HTML_DOCS+=(
- doc/gnutls.html
- )
-}
-
-src_prepare() {
- default
-
- # force regeneration of autogen-ed files
- local file
- for file in $(grep -l AutoGen-ed src/*.c) ; do
- rm src/$(basename ${file} .c).{c,h} || die
- done
-
- # Use sane .so versioning on FreeBSD.
- elibtoolize
-}
-
-multilib_src_configure() {
- LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
- # TPM needs to be tested before being enabled
- libconf+=( --without-tpm )
-
- # hardware-accell is disabled on OSX because the asm files force
- # GNU-stack (as doesn't support that) and when that's removed ld
- # complains about duplicate symbols
- [[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- # Cygwin as does not understand these asm files at all
- [[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- ECONF_SOURCE=${S} econf \
- $(multilib_native_enable manpages) \
- $(multilib_native_use_enable doc gtk-doc) \
- $(multilib_native_use_enable doc) \
- $(multilib_native_use_enable guile) \
- $(multilib_native_use_enable seccomp seccomp-tests) \
- $(multilib_native_use_enable test tests) \
- $(multilib_native_use_enable test-full full-test-suite) \
- $(multilib_native_use_enable tools) \
- $(multilib_native_use_enable valgrind valgrind-tests) \
- $(use_enable cxx) \
- $(use_enable dane libdane) \
- $(use_enable nls) \
- $(use_enable openpgp openpgp-authentication) \
- $(use_enable openssl openssl-compatibility) \
- $(use_enable sslv2 ssl2-support) \
- $(use_enable sslv3 ssl3-support) \
- $(use_enable static-libs static) \
- $(use_enable tls-heartbeat heartbeat-support) \
- $(use_with idn libidn2) \
- $(use_with idn) \
- $(use_with pkcs11 p11-kit) \
- $(use_with zlib) \
- --disable-rpath \
- --with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt" \
- --without-included-libtasn1 \
- "${libconf[@]}" \
- $("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g')
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${D}" -name '*.la' -delete || die
-
- if use examples; then
- docinto examples
- dodoc doc/examples/*.c
- fi
-}
diff --git a/net-libs/gnutls/gnutls-3.5.19.ebuild b/net-libs/gnutls/gnutls-3.5.19.ebuild
deleted file mode 100644
index cb1358dae23..00000000000
--- a/net-libs/gnutls/gnutls-3.5.19.ebuild
+++ /dev/null
@@ -1,137 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit libtool ltprune multilib-minimal versionator
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-3 LGPL-2.1"
-SLOT="0/30" # libgnutls.so number
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cxx dane doc examples guile +idn nls openpgp +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind zlib"
-
-REQUIRED_USE="
- test-full? ( guile pkcs11 openpgp openssl idn seccomp tools zlib )"
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
- dev-libs/libunistring:=[${MULTILIB_USEDEP}]
- >=dev-libs/nettle-3.1:=[gmp,${MULTILIB_USEDEP}]
- >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
- tools? ( sys-devel/autogen )
- dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
- guile? ( >=dev-scheme/guile-1.8:=[networking] )
- nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
- doc? ( dev-util/gtk-doc )
- nls? ( sys-devel/gettext )
- valgrind? ( dev-util/valgrind )
- test? (
- seccomp? ( sys-libs/libseccomp )
- )
- test-full? (
- guile? ( >=dev-scheme/guile-2 )
- app-crypt/dieharder
- app-misc/datefudge
- dev-libs/softhsm:2[-bindist]
- net-dialup/ppp
- net-misc/socat
- )"
-
-DOCS=(
- README.md
- doc/certtool.cfg
-)
-
-HTML_DOCS=()
-
-PATCHES=(
- "${FILESDIR}/${P}-idn2.patch"
-)
-
-pkg_setup() {
- # bug#520818
- export TZ=UTC
-
- use doc && HTML_DOCS+=(
- doc/gnutls.html
- )
-}
-
-src_prepare() {
- default
-
- # force regeneration of autogen-ed files
- local file
- for file in $(grep -l AutoGen-ed src/*.c) ; do
- rm src/$(basename ${file} .c).{c,h} || die
- done
-
- # Use sane .so versioning on FreeBSD.
- elibtoolize
-}
-
-multilib_src_configure() {
- LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
- # remove magic of library detection
- # bug#438222
- local libconf=($("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g'))
-
- # TPM needs to be tested before being enabled
- libconf+=( --without-tpm )
-
- # hardware-accell is disabled on OSX because the asm files force
- # GNU-stack (as doesn't support that) and when that's removed ld
- # complains about duplicate symbols
- [[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- # Cygwin as does not understand these asm files at all
- [[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- ECONF_SOURCE=${S} econf \
- $(multilib_native_enable manpages) \
- $(multilib_native_use_enable doc gtk-doc) \
- $(multilib_native_use_enable doc) \
- $(multilib_native_use_enable guile) \
- $(multilib_native_use_enable seccomp seccomp-tests) \
- $(multilib_native_use_enable test tests) \
- $(multilib_native_use_enable test-full full-test-suite) \
- $(multilib_native_use_enable tools) \
- $(multilib_native_use_enable valgrind valgrind-tests) \
- $(use_enable cxx) \
- $(use_enable dane libdane) \
- $(use_enable nls) \
- $(use_enable openpgp openpgp-authentication) \
- $(use_enable openssl openssl-compatibility) \
- $(use_enable sslv2 ssl2-support) \
- $(use_enable sslv3 ssl3-support) \
- $(use_enable static-libs static) \
- $(use_enable tls-heartbeat heartbeat-support) \
- $(use_with idn libidn2) \
- $(use_with idn) \
- $(use_with pkcs11 p11-kit) \
- $(use_with zlib) \
- --with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt" \
- --without-included-libtasn1 \
- "${libconf[@]}"
-}
-
-multilib_src_install_all() {
- einstalldocs
- prune_libtool_files --all
-
- if use examples; then
- docinto examples
- dodoc doc/examples/*.c
- fi
-}
diff --git a/net-libs/gnutls/gnutls-3.6.5.ebuild b/net-libs/gnutls/gnutls-3.6.5.ebuild
deleted file mode 100644
index 9d141a5165c..00000000000
--- a/net-libs/gnutls/gnutls-3.6.5.ebuild
+++ /dev/null
@@ -1,137 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit libtool multilib-minimal
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-3 LGPL-2.1"
-SLOT="0/30" # libgnutls.so number
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind"
-
-REQUIRED_USE="
- test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
- dev-libs/libunistring:=[${MULTILIB_USEDEP}]
- >=dev-libs/nettle-3.4.1:=[gmp,${MULTILIB_USEDEP}]
- >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
- tools? ( sys-devel/autogen:= )
- dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
- guile? ( >=dev-scheme/guile-2:=[networking] )
- nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.23.1:=[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
- test? (
- seccomp? ( sys-libs/libseccomp )
- )"
-BDEPEND=">=virtual/pkgconfig-0-r1
- doc? ( dev-util/gtk-doc )
- nls? ( sys-devel/gettext )
- tools? ( sys-devel/autogen )
- valgrind? ( dev-util/valgrind )
- test-full? (
- app-crypt/dieharder
- >=app-misc/datefudge-1.22
- dev-libs/softhsm:2[-bindist]
- net-dialup/ppp
- net-misc/socat
- )"
-
-DOCS=(
- README.md
- doc/certtool.cfg
-)
-
-HTML_DOCS=()
-
-PATCHES=(
- "${FILESDIR}/${P}-build.patch"
- "${FILESDIR}/${P}-libressl.patch"
-)
-
-pkg_setup() {
- # bug#520818
- export TZ=UTC
-
- use doc && HTML_DOCS+=(
- doc/gnutls.html
- )
-}
-
-src_prepare() {
- default
-
- # force regeneration of autogen-ed files
- local file
- for file in $(grep -l AutoGen-ed src/*.c) ; do
- rm src/$(basename ${file} .c).{c,h} || die
- done
-
- # Use sane .so versioning on FreeBSD.
- elibtoolize
-
- # detect also guile-2.2, bug#673574
- # aclocal/autoreconf will require more dependencies
- # that we want to have
- sed -i 's/\(_guile_versions_to_search="\)\(.*\)\("\)/\1\2 2.2\3/' configure || die
-}
-
-multilib_src_configure() {
- LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
- # TPM needs to be tested before being enabled
- libconf+=( --without-tpm )
-
- # hardware-accell is disabled on OSX because the asm files force
- # GNU-stack (as doesn't support that) and when that's removed ld
- # complains about duplicate symbols
- [[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- # Cygwin as does not understand these asm files at all
- [[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- ECONF_SOURCE=${S} econf \
- $(multilib_native_enable manpages) \
- $(multilib_native_use_enable doc gtk-doc) \
- $(multilib_native_use_enable doc) \
- $(multilib_native_use_enable guile) \
- $(multilib_native_use_enable seccomp seccomp-tests) \
- $(multilib_native_use_enable test tests) \
- $(multilib_native_use_enable test-full full-test-suite) \
- $(multilib_native_use_enable tools) \
- $(multilib_native_use_enable valgrind valgrind-tests) \
- $(use_enable cxx) \
- $(use_enable dane libdane) \
- $(use_enable nls) \
- $(use_enable openssl openssl-compatibility) \
- $(use_enable sslv2 ssl2-support) \
- $(use_enable sslv3 ssl3-support) \
- $(use_enable static-libs static) \
- $(use_enable tls-heartbeat heartbeat-support) \
- $(use_with idn) \
- $(use_with pkcs11 p11-kit) \
- --disable-rpath \
- --with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt" \
- --without-included-libtasn1 \
- "${libconf[@]}" \
- $("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g')
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${D}" -name '*.la' -delete || die
-
- if use examples; then
- docinto examples
- dodoc doc/examples/*.c
- fi
-}
diff --git a/net-libs/gnutls/gnutls-3.6.6.ebuild b/net-libs/gnutls/gnutls-3.6.6.ebuild
deleted file mode 100644
index 727e95bff15..00000000000
--- a/net-libs/gnutls/gnutls-3.6.6.ebuild
+++ /dev/null
@@ -1,132 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit libtool multilib-minimal
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-3 LGPL-2.1"
-SLOT="0/30" # libgnutls.so number
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind"
-
-REQUIRED_USE="
- test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
- dev-libs/libunistring:=[${MULTILIB_USEDEP}]
- >=dev-libs/nettle-3.4.1:=[gmp,${MULTILIB_USEDEP}]
- >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
- tools? ( sys-devel/autogen:= )
- dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
- guile? ( >=dev-scheme/guile-2:=[networking] )
- nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.23.1:=[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
- test? (
- seccomp? ( sys-libs/libseccomp )
- )"
-BDEPEND=">=virtual/pkgconfig-0-r1
- doc? ( dev-util/gtk-doc )
- nls? ( sys-devel/gettext )
- tools? ( sys-devel/autogen )
- valgrind? ( dev-util/valgrind )
- test-full? (
- app-crypt/dieharder
- >=app-misc/datefudge-1.22
- dev-libs/softhsm:2[-bindist]
- net-dialup/ppp
- net-misc/socat
- )"
-
-DOCS=(
- README.md
- doc/certtool.cfg
-)
-
-HTML_DOCS=()
-
-pkg_setup() {
- # bug#520818
- export TZ=UTC
-
- use doc && HTML_DOCS+=(
- doc/gnutls.html
- )
-}
-
-src_prepare() {
- default
-
- # force regeneration of autogen-ed files
- local file
- for file in $(grep -l AutoGen-ed src/*.c) ; do
- rm src/$(basename ${file} .c).{c,h} || die
- done
-
- # Use sane .so versioning on FreeBSD.
- elibtoolize
-
- # detect also guile-2.2, bug#676402
- # aclocal/autoreconf will require more dependencies
- # that we want to have
- sed -i 's/_guile_required_version=2.2$/_guile_required_version=2.0/' configure || die
-}
-
-multilib_src_configure() {
- LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
- # TPM needs to be tested before being enabled
- libconf+=( --without-tpm )
-
- # hardware-accell is disabled on OSX because the asm files force
- # GNU-stack (as doesn't support that) and when that's removed ld
- # complains about duplicate symbols
- [[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- # Cygwin as does not understand these asm files at all
- [[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- ECONF_SOURCE=${S} econf \
- $(multilib_native_enable manpages) \
- $(multilib_native_use_enable doc gtk-doc) \
- $(multilib_native_use_enable doc) \
- $(multilib_native_use_enable guile) \
- $(multilib_native_use_enable seccomp seccomp-tests) \
- $(multilib_native_use_enable test tests) \
- $(multilib_native_use_enable test-full full-test-suite) \
- $(multilib_native_use_enable tools) \
- $(multilib_native_use_enable valgrind valgrind-tests) \
- $(use_enable cxx) \
- $(use_enable dane libdane) \
- $(use_enable nls) \
- $(use_enable openssl openssl-compatibility) \
- $(use_enable sslv2 ssl2-support) \
- $(use_enable sslv3 ssl3-support) \
- $(use_enable static-libs static) \
- $(use_enable tls-heartbeat heartbeat-support) \
- $(use_with idn) \
- $(use_with pkcs11 p11-kit) \
- --disable-rpath \
- --with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt" \
- --without-included-libtasn1 \
- "${libconf[@]}" \
- $("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g')
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${D}" -name '*.la' -delete || die
-
- if use examples; then
- docinto examples
- dodoc doc/examples/*.c
- fi
-}
diff --git a/net-libs/gnutls/metadata.xml b/net-libs/gnutls/metadata.xml
index 85804ccbea4..d90b1d71c77 100644
--- a/net-libs/gnutls/metadata.xml
+++ b/net-libs/gnutls/metadata.xml
@@ -10,9 +10,6 @@
Build libgnutls-dane, implementing DNS-based Authentication of
Named Entities. Requires <pkg>net-dns/unbound</pkg>
</flag>
- <flag name="openpgp">
- Enable openpgp support
- </flag>
<flag name="openssl">
Build openssl compatibility libraries
</flag>
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/files/, net-libs/gnutls/
@ 2020-06-01 19:17 Thomas Deutschmann
0 siblings, 0 replies; 12+ messages in thread
From: Thomas Deutschmann @ 2020-06-01 19:17 UTC (permalink / raw
To: gentoo-commits
commit: f7402bdfcb5c3017b29d80d60312804b4b3fbebd
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 1 19:01:34 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jun 1 19:17:15 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7402bdf
net-libs/gnutls: rev bump to fix handling of expired root certificates
Link: https://gitlab.com/gnutls/gnutls/-/issues/1008
Closes: https://bugs.gentoo.org/726650
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
...s-3.6.13-handle-expired-root-certificates.patch | 391 +++++++++++++++++++++
...nutls-3.6.13.ebuild => gnutls-3.6.13-r1.ebuild} | 2 +
2 files changed, 393 insertions(+)
diff --git a/net-libs/gnutls/files/gnutls-3.6.13-handle-expired-root-certificates.patch b/net-libs/gnutls/files/gnutls-3.6.13-handle-expired-root-certificates.patch
new file mode 100644
index 00000000000..91986cf449c
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.6.13-handle-expired-root-certificates.patch
@@ -0,0 +1,391 @@
+From 299bd4f113d0bd39fa1577a671a04ed7899eff3c Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Sun, 31 May 2020 12:39:14 +0200
+Subject: [PATCH 1/3] _gnutls_pkcs11_verify_crt_status: check validity against
+ system cert
+
+To verify a certificate chain, this function replaces known
+certificates with the ones in the system trust store if possible.
+
+However, if it is found, the function checks the validity of the
+original certificate rather than the certificate found in the trust
+store. That reveals a problem in a scenario that (1) a certificate is
+signed by multiple issuers and (2) one of the issuers' certificate has
+expired and included in the input chain.
+
+This patch makes it a little robuster by actually retrieving the
+certificate from the trust store and perform check against it.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/pkcs11.c | 98 +++++++++++++++++++++++++++++++++--------------
+ lib/pkcs11_int.h | 5 +++
+ lib/x509/verify.c | 7 +++-
+ 3 files changed, 80 insertions(+), 30 deletions(-)
+
+diff --git a/lib/pkcs11.c b/lib/pkcs11.c
+index fad16aaf4f..d8d4a65114 100644
+--- a/lib/pkcs11.c
++++ b/lib/pkcs11.c
+@@ -4547,34 +4547,10 @@ int gnutls_pkcs11_get_raw_issuer_by_subject_key_id (const char *url,
+ return ret;
+ }
+
+-/**
+- * gnutls_pkcs11_crt_is_known:
+- * @url: A PKCS 11 url identifying a token
+- * @cert: is the certificate to find issuer for
+- * @issuer: Will hold the issuer if any in an allocated buffer.
+- * @fmt: The format of the exported issuer.
+- * @flags: Use zero or flags from %GNUTLS_PKCS11_OBJ_FLAG.
+- *
+- * This function will check whether the provided certificate is stored
+- * in the specified token. This is useful in combination with
+- * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED or
+- * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED,
+- * to check whether a CA is present or a certificate is blacklisted in
+- * a trust PKCS #11 module.
+- *
+- * This function can be used with a @url of "pkcs11:", and in that case all modules
+- * will be searched. To restrict the modules to the marked as trusted in p11-kit
+- * use the %GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE flag.
+- *
+- * Note that the flag %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is
+- * specific to p11-kit trust modules.
+- *
+- * Returns: If the certificate exists non-zero is returned, otherwise zero.
+- *
+- * Since: 3.3.0
+- **/
+-unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
+- unsigned int flags)
++unsigned
++_gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
++ unsigned int flags,
++ gnutls_x509_crt_t *trusted_cert)
+ {
+ int ret;
+ struct find_cert_st priv;
+@@ -4586,6 +4562,15 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
+
+ memset(&priv, 0, sizeof(priv));
+
++ if (trusted_cert) {
++ ret = gnutls_pkcs11_obj_init(&priv.obj);
++ if (ret < 0) {
++ gnutls_assert();
++ goto cleanup;
++ }
++ priv.need_import = 1;
++ }
++
+ if (url == NULL || url[0] == 0) {
+ url = "pkcs11:";
+ }
+@@ -4632,8 +4617,18 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
+ _gnutls_debug_log("crt_is_known: did not find cert, using issuer DN + serial, using DN only\n");
+ /* attempt searching with the subject DN only */
+ gnutls_assert();
++ if (priv.obj)
++ gnutls_pkcs11_obj_deinit(priv.obj);
+ gnutls_free(priv.serial.data);
+ memset(&priv, 0, sizeof(priv));
++ if (trusted_cert) {
++ ret = gnutls_pkcs11_obj_init(&priv.obj);
++ if (ret < 0) {
++ gnutls_assert();
++ goto cleanup;
++ }
++ priv.need_import = 1;
++ }
+ priv.crt = cert;
+ priv.flags = flags;
+
+@@ -4650,9 +4645,26 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
+ goto cleanup;
+ }
+
++ if (trusted_cert) {
++ ret = gnutls_x509_crt_init(trusted_cert);
++ if (ret < 0) {
++ gnutls_assert();
++ ret = 0;
++ goto cleanup;
++ }
++ ret = gnutls_x509_crt_import_pkcs11(*trusted_cert, priv.obj);
++ if (ret < 0) {
++ gnutls_assert();
++ gnutls_x509_crt_deinit(*trusted_cert);
++ ret = 0;
++ goto cleanup;
++ }
++ }
+ ret = 1;
+
+ cleanup:
++ if (priv.obj)
++ gnutls_pkcs11_obj_deinit(priv.obj);
+ if (info)
+ p11_kit_uri_free(info);
+ gnutls_free(priv.serial.data);
+@@ -4660,6 +4672,36 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
+ return ret;
+ }
+
++/**
++ * gnutls_pkcs11_crt_is_known:
++ * @url: A PKCS 11 url identifying a token
++ * @cert: is the certificate to find issuer for
++ * @flags: Use zero or flags from %GNUTLS_PKCS11_OBJ_FLAG.
++ *
++ * This function will check whether the provided certificate is stored
++ * in the specified token. This is useful in combination with
++ * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED or
++ * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED,
++ * to check whether a CA is present or a certificate is blacklisted in
++ * a trust PKCS #11 module.
++ *
++ * This function can be used with a @url of "pkcs11:", and in that case all modules
++ * will be searched. To restrict the modules to the marked as trusted in p11-kit
++ * use the %GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE flag.
++ *
++ * Note that the flag %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is
++ * specific to p11-kit trust modules.
++ *
++ * Returns: If the certificate exists non-zero is returned, otherwise zero.
++ *
++ * Since: 3.3.0
++ **/
++unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
++ unsigned int flags)
++{
++ return _gnutls_pkcs11_crt_is_known(url, cert, flags, NULL);
++}
++
+ /**
+ * gnutls_pkcs11_obj_get_flags:
+ * @obj: The pkcs11 object
+diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
+index 9d88807098..86cce0dee5 100644
+--- a/lib/pkcs11_int.h
++++ b/lib/pkcs11_int.h
+@@ -460,6 +460,11 @@ inline static bool is_pkcs11_url_object(const char *url)
+ return 0;
+ }
+
++unsigned
++_gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
++ unsigned int flags,
++ gnutls_x509_crt_t *trusted_cert);
++
+ #endif /* ENABLE_PKCS11 */
+
+ #endif /* GNUTLS_LIB_PKCS11_INT_H */
+diff --git a/lib/x509/verify.c b/lib/x509/verify.c
+index d202670198..fd7c6a1642 100644
+--- a/lib/x509/verify.c
++++ b/lib/x509/verify.c
+@@ -34,6 +34,7 @@
+ #include <tls-sig.h>
+ #include <str.h>
+ #include <datum.h>
++#include <pkcs11_int.h>
+ #include <x509_int.h>
+ #include <common.h>
+ #include <pk.h>
+@@ -1188,6 +1189,7 @@ _gnutls_pkcs11_verify_crt_status(const char* url,
+
+ for (; i < clist_size; i++) {
+ unsigned vflags;
++ gnutls_x509_crt_t trusted_cert;
+
+ if (i == 0) /* in the end certificate do full comparison */
+ vflags = GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE|
+@@ -1196,9 +1198,10 @@ _gnutls_pkcs11_verify_crt_status(const char* url,
+ vflags = GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE|
+ GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED;
+
+- if (gnutls_pkcs11_crt_is_known (url, certificate_list[i], vflags) != 0) {
++ if (_gnutls_pkcs11_crt_is_known (url, certificate_list[i], vflags, &trusted_cert) != 0) {
+
+- status |= check_ca_sanity(certificate_list[i], now, flags);
++ status |= check_ca_sanity(trusted_cert, now, flags);
++ gnutls_x509_crt_deinit(trusted_cert);
+
+ if (func)
+ func(certificate_list[i],
+--
+2.26.2
+
+
+From cdf075e7f54cb77f046ef3e7c2147f159941faca Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Sun, 31 May 2020 13:59:53 +0200
+Subject: [PATCH 2/3] x509: trigger fallback verification path when cert is
+ expired
+
+gnutls_x509_trust_list_verify_crt2 use the macro SIGNER_OLD_OR_UNKNOWN
+to trigger the fallback verification path if the signer of the last
+certificate is not in the trust store. Previously, it doesn't take
+into account of the condition where the certificate is expired.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/x509/verify-high.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
+index b1421ef17a..40638ad3aa 100644
+--- a/lib/x509/verify-high.c
++++ b/lib/x509/verify-high.c
+@@ -1192,11 +1192,13 @@ gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list,
+
+ #define LAST_DN cert_list[cert_list_size-1]->raw_dn
+ #define LAST_IDN cert_list[cert_list_size-1]->raw_issuer_dn
+-/* This macro is introduced to detect a verification output
+- * which indicates an unknown signer, or a signer which uses
+- * an insecure algorithm (e.g., sha1), something that indicates
+- * a superseded signer */
+-#define SIGNER_OLD_OR_UNKNOWN(output) ((output & GNUTLS_CERT_SIGNER_NOT_FOUND) || (output & GNUTLS_CERT_INSECURE_ALGORITHM))
++/* This macro is introduced to detect a verification output which
++ * indicates an unknown signer, a signer which uses an insecure
++ * algorithm (e.g., sha1), a signer has expired, or something that
++ * indicates a superseded signer */
++#define SIGNER_OLD_OR_UNKNOWN(output) ((output & GNUTLS_CERT_SIGNER_NOT_FOUND) || \
++ (output & GNUTLS_CERT_EXPIRED) || \
++ (output & GNUTLS_CERT_INSECURE_ALGORITHM))
+ #define SIGNER_WAS_KNOWN(output) (!(output & GNUTLS_CERT_SIGNER_NOT_FOUND))
+
+ /**
+--
+2.26.2
+
+
+From 9067bcbee8ff18badff1e829d22e63590dbd7a5c Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Sun, 31 May 2020 14:28:48 +0200
+Subject: [PATCH 3/3] tests: add test case for certificate chain superseding
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ tests/test-chains.h | 97 +++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 97 insertions(+)
+
+diff --git a/tests/test-chains.h b/tests/test-chains.h
+index dd19e6a815..9b06b85f5f 100644
+--- a/tests/test-chains.h
++++ b/tests/test-chains.h
+@@ -4010,6 +4010,102 @@ static const char *ed448[] = {
+ NULL
+ };
+
++/* This contains an expired intermediate CA, which should be superseded. */
++static const char *superseding[] = {
++ "-----BEGIN CERTIFICATE-----"
++ "MIIDrzCCAmegAwIBAgIUcozIBhMJvM/rd1PVI7LOq7Kscs8wDQYJKoZIhvcNAQEL"
++ "BQAwJjEkMCIGA1UEAxMbR251VExTIHRlc3QgaW50ZXJtZWRpYXRlIENBMCAXDTIw"
++ "MDUzMTEyMTczN1oYDzk5OTkxMjMxMjM1OTU5WjA3MRgwFgYDVQQDEw90ZXN0Lmdu"
++ "dXRscy5vcmcxGzAZBgNVBAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCASAwCwYJKoZI"
++ "hvcNAQEKA4IBDwAwggEKAoIBAQCd2PBnWn+b0FsIMbG+f/K+og2iK/BoLCsJD3j9"
++ "yRNSHD6wTifYwNTbe1LF/8BzxcwVRCD0zpbpFQawbjxbmBSzrXqQlUFFG11DvNBa"
++ "w58rgHGo3TYCrtFIBfLbziyB1w/vWeX0xHvv8MMJ1iRSdY+7Y36a2cV+s85PdO4B"
++ "TpZlLfy8LPP6p6+dgVoC+9tTu2H1wARYOVog+jt9A3Hx0L1xxVWTedFoiK2sVouz"
++ "fLRjfp5cOwuRHSD2qbpGOAeNVVaOE88Bv3pIGPguMw0qAdEDo20hRYH23LIyvBwB"
++ "oCnyFNnAViMtLa2QlXSliV9a9BKOXYjWzAeso2SF4pdHcvd5AgMBAAGjgZMwgZAw"
++ "DAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg90ZXN0LmdudXRscy5vcmcwEwYDVR0l"
++ "BAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUan6mlccq"
++ "Uy1Z64wvRv3xxg4h2ykwHwYDVR0jBBgwFoAUSCM0UwqJMThKWurKttKm3s4dKxgw"
++ "DQYJKoZIhvcNAQELBQADggExAKAOMyMLpk0u2UTwwFWtr1hfx7evo2J7dgco410I"
++ "DN/QWoe2Xlcxcp1h5R9rX1I3KU2WGFtdXqiMsllCLnrDEKZmlks0uz76bCpKmM99"
++ "/1MDlY7mGCr/2PPx53USK5J5JTiqgp6r7qAcDAnpYvrPH45kk7iqwh02DhAxRnGR"
++ "CW7KWK8h7uu0Az9iBT2YfV372g4fRDK3fqYzJofQwbhSiUuJ7wyZCRhGOoxMMmDb"
++ "KBbc1wAYXW+tlv2cSbfzRvSxMR+CzkyH2tGDxeN//aZUfGmQ8IzWUQ7UtK5z+Q0E"
++ "fL6fZtm2SdGabGpV1UYoGpwOtOngK+m0i9SqrMD7g5+SMhc1VuvVuTtxjr5Cha8l"
++ "X0HEZtxgFrkdfMD4yLAqiguaCBngtbRmELF5VpebmJbiLVU="
++ "-----END CERTIFICATE-----",
++ "-----BEGIN CERTIFICATE-----"
++ "MIIDkTCCAkmgAwIBAgIUY9cJ4NLNFEaojJHdP1I4Q7OHNJwwDQYJKoZIhvcNAQEL"
++ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMTgxMjMxMjMwMDAwWhcN"
++ "MjAwNTMwMjIwMDAwWjAmMSQwIgYDVQQDExtHbnVUTFMgdGVzdCBpbnRlcm1lZGlh"
++ "dGUgQ0EwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC0ayeYJa/B/x7K"
++ "sH702LztQ4ZnVF3atB7CkF+DPAIR/BNyhbKIpGVBC3ZfI76Kn/55S3M7LsdLPL8W"
++ "yZdVNRfzoXJLMMLgJ5QS81YA5s6CSxFdpB6b+vq5GypNGLW6peYMx6iooW2qiITc"
++ "lg6ybBw1qufHlD351cfCog1Ls2569whfxQnNFZMa95jfKkxmiSTtH9AWY4FlpVg7"
++ "oc0lYpuZgVQIFxjsfC8IojsoVzKdF0cKhvtisUGZ5vveqOogfvMb7rrqmiFkKZLy"
++ "rXPlGQWdN1PiEZ8YXyK64osNAIyeL6eHPUC+SqKlkggMLmHAWHyameHWrIM5Jc8+"
++ "G+3ro22dy8U43sHHbps0FL4wPoKQHrlKmnbk7zMMRqIxcvbDYQv4qmeJ9KXldjeh"
++ "KZ+Aeap1AgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE"
++ "ADAdBgNVHQ4EFgQUSCM0UwqJMThKWurKttKm3s4dKxgwHwYDVR0jBBgwFoAUHncj"
++ "bWcxH5EHm5Yv7PzIRv6M4QMwDQYJKoZIhvcNAQELBQADggExAHP1UAQ/nvuQtRZF"
++ "Q4b96yxVwCjMjn7knLyLNtyYGE3466xvE/ofvx5lgaR06ez/G17XP+Ok5SLJNUVc"
++ "mplTERCv5CgnX7R5VdGJkkD1repaYxaTtwyJz0AfYEMRUj3jfaeLaiUKJvEW5RRs"
++ "I3solY18sy/m/xGrH2X0GTNfKM9BURENABsppt07jxH719nF9m9SynV/Z2hE5hlv"
++ "5e5vyPt4wyRPIJLUI3TKAlvb1s40zz3ua7ZTgQL/cOxfY4f9pRKW9CMB3uF69OP9"
++ "COAxrmHVZsImmDZ6qO1qQrbY1KN/cX5kG4pKg7Ium723aOlwcWzEDXKumD960fN1"
++ "5g+HrjNs6kW+r9Q5QS8qV5s8maZNcxTrMvQ1fF2AKBNI3Z3U7vmtrSeqxIXp3rGH"
++ "iJwOKIk="
++ "-----END CERTIFICATE-----",
++ NULL
++};
++
++static const char *superseding_ca[] = {
++ "-----BEGIN CERTIFICATE-----"
++ "MIIDkzCCAkugAwIBAgIUIs7jB4Q4sFcdCmzWVHbJLESC3T4wDQYJKoZIhvcNAQEL"
++ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjAwNTMxMTIxMzEwWhgP"
++ "OTk5OTEyMzEyMzU5NTlaMCYxJDAiBgNVBAMTG0dudVRMUyB0ZXN0IGludGVybWVk"
++ "aWF0ZSBDQTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/"
++ "HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8"
++ "vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqI"
++ "hNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWl"
++ "WDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQp"
++ "kvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzkl"
++ "zz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2"
++ "N6Epn4B5qnUCAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMD"
++ "BwQAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDAfBgNVHSMEGDAWgBQe"
++ "dyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsFAAOCATEAcF9R9VGQxTwW"
++ "aOjeIeQ9ZJxybaj0BaXC8xR4b9uZloS9d/RBFTjgRbQ82yqaj7f80mgUtabKRfTA"
++ "ltV2MgTbJdOjwGzEDtKGhClBbovnEGrYTbPBT9rgfYPt0q7SMBr6AzGAPt+ltwI7"
++ "9yntV81qvTxvW5MEEo0j2MuA3NT3oqe+w1rUKNQCWhnN2TUhJGkTlaaMozcgNFaE"
++ "Dplop4dtvCGtupxOjC3Nf6FWq1k7iZQxX70AFBYVMpuF7qGh6qDp+T1hmTCSVzxP"
++ "SfDQIBjhKgy4clhkuR5SRxhN74RX+/5eiQyVLxzr+eIhqzJhPqUCmVnCLcqYdNRi"
++ "hpHic4uJm0wGOKYTI7EG8rb4ZP4Jz6k4iN9CnL/+kiiW5otSl3YyCAuao5VKdDq9"
++ "izchzb9eow=="
++ "-----END CERTIFICATE-----",
++ "-----BEGIN CERTIFICATE-----"
++ "MIIDZTCCAh2gAwIBAgIULcrECQOBgPaePBfBHXcyZiU0IiYwDQYJKoZIhvcNAQEL"
++ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjAwNTMxMTIxMTQzWhgP"
++ "OTk5OTEyMzEyMzU5NTlaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIBUjAN"
++ "BgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduIg/3C"
++ "qVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJ"
++ "U95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8"
++ "vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwW"
++ "PJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vG"
++ "VYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7"
++ "FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQAB"
++ "o0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYE"
++ "FB53I21nMR+RB5uWL+z8yEb+jOEDMA0GCSqGSIb3DQEBCwUAA4IBMQAeMSzMyuTy"
++ "FjXTjxAUv010bsr6e6fI9txq/S1tXmWWJV/8aeARthuOFZO5Jjy3C5aMbac2HDV4"
++ "Otu0+JLaoEMSXvorAhValVuq06i5cmaPzvJBcxMWzlEAXfavSwHv5Q+kqNU3z81S"
++ "WnjEpMHcl9OyER7o9IhF55Xom2BXY5XL83QOzQ4C3bpKrNevZC7i7zS8NoYRGP+8"
++ "w21JseXkWQW4o2hkFqbCcRE1dlMW02iJE28RZ5aBFDIm2Y6zuLaXZIkaO7E41CAw"
++ "IUyhowm/S1HcmQnhruAGKJvQtB6jvnhZb7pgnuSkhIvAQgw93CLE985KEua1ifY2"
++ "p1d/6ho2TWotHHqDnDkB8pC0Wzai8R+63z18Kt0gROX2QItCyFksjNJqYPbgwZgt"
++ "eh1COrLsOJo+"
++ "-----END CERTIFICATE-----",
++ NULL
++};
++
+ #if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
+ # pragma GCC diagnostic push
+ # pragma GCC diagnostic ignored "-Wunused-variable"
+@@ -4178,6 +4274,7 @@ static struct
+ GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, 1576759855, 1},
+ { "ed448 - ok", ed448, &ed448[0], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA),
+ 0, NULL, 1584352960, 1},
++ { "superseding - ok", superseding, superseding_ca, 0, 0, 0, 1590928011 },
+ { NULL, NULL, NULL, 0, 0}
+ };
+
+--
+2.26.2
+
diff --git a/net-libs/gnutls/gnutls-3.6.13.ebuild b/net-libs/gnutls/gnutls-3.6.13-r1.ebuild
similarity index 98%
rename from net-libs/gnutls/gnutls-3.6.13.ebuild
rename to net-libs/gnutls/gnutls-3.6.13-r1.ebuild
index 1969a839156..0f8de4605eb 100644
--- a/net-libs/gnutls/gnutls-3.6.13.ebuild
+++ b/net-libs/gnutls/gnutls-3.6.13-r1.ebuild
@@ -54,6 +54,8 @@ DOCS=(
HTML_DOCS=()
+PATCHES=( "${FILESDIR}"/${P}-handle-expired-root-certificates.patch )
+
pkg_setup() {
# bug#520818
export TZ=UTC
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/files/, net-libs/gnutls/
@ 2023-08-08 4:38 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2023-08-08 4:38 UTC (permalink / raw
To: gentoo-commits
commit: 55579ccfe7243a03d0cbe77d95c550913841d451
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 8 04:37:22 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Aug 8 04:37:22 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55579ccf
net-libs/gnutls: fix 3.8.0 headers
Closes: https://bugs.gentoo.org/911872
Signed-off-by: Sam James <sam <AT> gentoo.org>
| 46 ++++++++++++++++++++++
...{gnutls-3.8.1.ebuild => gnutls-3.8.1-r1.ebuild} | 4 ++
2 files changed, 50 insertions(+)
--git a/net-libs/gnutls/files/gnutls-3.8.1-fix-gnutls-header.patch b/net-libs/gnutls/files/gnutls-3.8.1-fix-gnutls-header.patch
new file mode 100644
index 000000000000..b3d10c1788f6
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.8.1-fix-gnutls-header.patch
@@ -0,0 +1,46 @@
+https://bugs.gentoo.org/911872
+https://gitlab.com/gnutls/gnutls/-/commit/abfa8634db940115a11a07596ce53c8f9c4f87d2
+
+From abfa8634db940115a11a07596ce53c8f9c4f87d2 Mon Sep 17 00:00:00 2001
+From: Adrian Bunk <bunk@debian.org>
+Date: Sun, 6 Aug 2023 22:46:22 +0300
+Subject: [PATCH] Move the GNUTLS_NO_EXTENSIONS compatibility #define to
+ gnutls.h
+
+Signed-off-by: Adrian Bunk <bunk@debian.org>
+--- a/lib/ext/ext_master_secret.h
++++ b/lib/ext/ext_master_secret.h
+@@ -23,9 +23,6 @@
+ #ifndef GNUTLS_LIB_EXT_EXT_MASTER_SECRET_H
+ #define GNUTLS_LIB_EXT_EXT_MASTER_SECRET_H
+
+-/* Keep backward compatibility */
+-#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS
+-
+ #include <hello_ext.h>
+
+ extern const hello_ext_entry_st ext_mod_ext_master_secret;
+--- a/lib/includes/gnutls/gnutls.h.in
++++ b/lib/includes/gnutls/gnutls.h.in
+@@ -542,6 +542,9 @@ typedef enum {
+ #define GNUTLS_ENABLE_CERT_TYPE_NEG 0
+ // Here for compatibility reasons
+
++/* Keep backward compatibility */
++#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS
++
+ /**
+ * gnutls_alert_level_t:
+ * @GNUTLS_AL_WARNING: Alert of warning severity.
+--- a/lib/state.h
++++ b/lib/state.h
+@@ -110,7 +110,4 @@ inline static int _gnutls_PRF(gnutls_session_t session, const uint8_t *secret,
+
+ #define DEFAULT_CERT_TYPE GNUTLS_CRT_X509
+
+-/* Keep backward compatibility */
+-#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS
+-
+ #endif /* GNUTLS_LIB_STATE_H */
+--
+GitLab
diff --git a/net-libs/gnutls/gnutls-3.8.1.ebuild b/net-libs/gnutls/gnutls-3.8.1-r1.ebuild
similarity index 98%
rename from net-libs/gnutls/gnutls-3.8.1.ebuild
rename to net-libs/gnutls/gnutls-3.8.1-r1.ebuild
index 19eb1aa7b6f0..730ced6f1866 100644
--- a/net-libs/gnutls/gnutls-3.8.1.ebuild
+++ b/net-libs/gnutls/gnutls-3.8.1-r1.ebuild
@@ -60,6 +60,10 @@ DOCS=( README.md doc/certtool.cfg )
HTML_DOCS=()
+PATCHES=(
+ "${FILESDIR}"/${P}-fix-gnutls-header.patch
+)
+
src_prepare() {
default
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/files/, net-libs/gnutls/
@ 2024-08-21 5:30 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2024-08-21 5:30 UTC (permalink / raw
To: gentoo-commits
commit: 10656ddc55952ddad4d3e72351580d20ccdb9099
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 21 05:29:58 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Aug 21 05:30:28 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10656ddc
net-libs/gnutls: fix test
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-libs/gnutls/files/gnutls-3.8.7.1-tests.patch | 45 ++++++++++++++++++++++++
net-libs/gnutls/gnutls-3.8.7.1-r1.ebuild | 1 +
2 files changed, 46 insertions(+)
diff --git a/net-libs/gnutls/files/gnutls-3.8.7.1-tests.patch b/net-libs/gnutls/files/gnutls-3.8.7.1-tests.patch
new file mode 100644
index 000000000000..1e1b3b54f49d
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.8.7.1-tests.patch
@@ -0,0 +1,45 @@
+https://gitlab.com/gnutls/gnutls/-/commit/f3e8eac0586a19f4dafd89f68006a536b826e65a
+
+From f3e8eac0586a19f4dafd89f68006a536b826e65a Mon Sep 17 00:00:00 2001
+From: Andreas Metzler <ametzler@bebt.de>
+Date: Thu, 15 Aug 2024 16:22:02 +0200
+Subject: [PATCH] revert back to datefudge for "openssl ocsp".
+
+openssl's -attime only changes the verification logic but not the
+generation.
+
+Broken by: d1bc7f644422c4d87edfcd9fafe7f292a1a3a6de
+
+Signed-off-by: Andreas Metzler <ametzler@bebt.de>
+--- a/tests/ocsp-tests/ocsp-must-staple-connection.sh
++++ b/tests/ocsp-tests/ocsp-must-staple-connection.sh
+@@ -48,6 +48,8 @@ fi
+
+ . "${srcdir}/scripts/common.sh"
+
++skip_if_no_datefudge
++
+ eval "${GETPORT}"
+ # Port for gnutls-serv
+ TLS_SERVER_PORT=$PORT
+@@ -69,7 +71,6 @@ fi
+
+ CERTDATE="2016-04-28 00:00:00"
+ TESTDATE="2016-04-29 00:00:00"
+-EPOCHTESTDATE=1461888000
+ EXP_OCSP_DATE="2016-03-27 00:00:00"
+
+ OCSP_PID=""
+@@ -129,8 +130,8 @@ cp "${srcdir}/ocsp-tests/certs/ocsp_index.txt.attr" ${ATTRFILE}
+ # SO_REUSEADDR usage.
+ PORT=${OCSP_PORT}
+ launch_bare_server \
+- "${OPENSSL}" ocsp -attime "${EPOCHTESTDATE}" \
+- -index "${INDEXFILE}" -text \
++ "$FAKETIME" "${TESTDATE}" \
++ "${OPENSSL}" ocsp -index "${INDEXFILE}" -text \
+ -port "${OCSP_PORT}" \
+ -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \
+ -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" \
+--
+GitLab
diff --git a/net-libs/gnutls/gnutls-3.8.7.1-r1.ebuild b/net-libs/gnutls/gnutls-3.8.7.1-r1.ebuild
index 3474e58c4983..74f6ffe49d3a 100644
--- a/net-libs/gnutls/gnutls-3.8.7.1-r1.ebuild
+++ b/net-libs/gnutls/gnutls-3.8.7.1-r1.ebuild
@@ -74,6 +74,7 @@ QA_CONFIG_IMPL_DECL_SKIP=(
PATCHES=(
"${FILESDIR}"/${PN}-3.8.7.1-configure-brotli.patch
+ "${FILESDIR}"/${PN}-3.8.7.1-tests.patch
)
src_prepare() {
^ permalink raw reply related [flat|nested] 12+ messages in thread
end of thread, other threads:[~2024-08-21 5:30 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-08 4:38 [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/files/, net-libs/gnutls/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2024-08-21 5:30 Sam James
2020-06-01 19:17 Thomas Deutschmann
2019-04-17 11:48 Alon Bar-Lev
2019-01-15 18:46 Alon Bar-Lev
2019-01-14 19:17 Alon Bar-Lev
2017-04-07 11:33 Alon Bar-Lev
2017-01-30 6:48 Alon Bar-Lev
2016-12-08 15:59 Alon Bar-Lev
2016-09-23 6:53 Alon Bar-Lev
2016-06-14 15:46 Alon Bar-Lev
2016-05-09 18:29 Alon Bar-Lev
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox