summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPacho Ramos <pacho@gentoo.org>2019-01-13 20:33:17 +0100
committerPacho Ramos <pacho@gentoo.org>2019-01-13 20:33:17 +0100
commit6bc6d001a0fff7ea3ef374a9a5a1de885b2ff8cb (patch)
tree1690f05ca650c754ed5537f660197e82b772a27a /net-ftp/tlswrap
parentapp-metrics/github-exporter: 04-r1 revbump to create the user (diff)
downloadgentoo-6bc6d001a0fff7ea3ef374a9a5a1de885b2ff8cb.tar.gz
gentoo-6bc6d001a0fff7ea3ef374a9a5a1de885b2ff8cb.tar.bz2
gentoo-6bc6d001a0fff7ea3ef374a9a5a1de885b2ff8cb.zip
net-ftp/tlswrap: Fix compat with openssl-1.1 and libressl
Closes: https://bugs.gentoo.org/675330 Package-Manager: Portage-2.3.55, Repoman-2.3.12 Signed-off-by: Pacho Ramos <pacho@gentoo.org>
Diffstat (limited to 'net-ftp/tlswrap')
-rw-r--r--net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch16
-rw-r--r--net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch60
-rw-r--r--net-ftp/tlswrap/tlswrap-1.04-r3.ebuild17
3 files changed, 69 insertions, 24 deletions
diff --git a/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch b/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch
deleted file mode 100644
index 5c1f1083005f..000000000000
--- a/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -Naur a/tls.c b/tls.c
---- a/tls.c 2006-11-25 19:52:08.000000000 +0100
-+++ b/tls.c 2015-11-10 16:16:25.000000000 +0100
-@@ -73,10 +73,12 @@
- printf("egd_sock is %s\n", egd_sock);
- #ifdef HAVE_RAND_STATUS
- if (RAND_status() != 1) {
-+#ifndef OPENSSL_NO_EGD
- if ( RAND_egd(egd_sock) == -1 ) {
- fprintf(stderr, "egd_sock is %s\n", egd_sock);
- sys_err("RAND_egd failed\n");
- }
-+#endif
- if (RAND_status() != 1)
- sys_err("ssl_init: System without /dev/urandom, PRNG seeding must be done manually.\r\n");
- }
diff --git a/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch b/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch
new file mode 100644
index 000000000000..e8d0941d7434
--- /dev/null
+++ b/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch
@@ -0,0 +1,60 @@
+diff -wru tlswrap-1.04.orig/tls.c tlswrap-1.04/tls.c
+--- tlswrap-1.04.orig/tls.c 2006-11-25 19:52:08.000000000 +0100
++++ tlswrap-1.04/tls.c 2017-12-05 04:43:56.757223948 +0100
+@@ -73,10 +73,12 @@
+ printf("egd_sock is %s\n", egd_sock);
+ #ifdef HAVE_RAND_STATUS
+ if (RAND_status() != 1) {
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || OPENSSL_NO_EGD
+ if ( RAND_egd(egd_sock) == -1 ) {
+ fprintf(stderr, "egd_sock is %s\n", egd_sock);
+ sys_err("RAND_egd failed\n");
+ }
++#endif
+ if (RAND_status() != 1)
+ sys_err("ssl_init: System without /dev/urandom, PRNG seeding must be done manually.\r\n");
+ }
+@@ -262,7 +264,8 @@
+ int ok, extcount, i, j;
+ char *extstr;
+ SSL *ssl;
+-#if (OPENSSL_VERSION_NUMBER > 0x00908000L)
++#if (OPENSSL_VERSION_NUMBER > 0x10100000L)
++#elif (OPENSSL_VERSION_NUMBER > 0x00908000L)
+ unsigned char const *data1;
+ #else
+ unsigned char *data1;
+@@ -279,6 +282,16 @@
+ if (debug)
+ printf("tls_cert2\n");
+
++#if (OPENSSL_VERSION_NUMBER > 0x10100000L)
++ if (ud->sec_level > 3) {
++ X509_VERIFY_PARAM *param = SSL_get0_param(ssl);
++ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
++ X509_VERIFY_PARAM_set1_host(param, ud->serv_dns.hostname, 0);
++ X509_VERIFY_PARAM_set1_ip_asc(param, ud->serv_data_host);
++ SSL_set_verify(ssl, SSL_VERIFY_PEER, 0);
++ }
++#endif
++
+ if ((x509_peer = SSL_get_peer_certificate(ssl)) == NULL)
+ return X509_V_ERR_APPLICATION_VERIFICATION; /* SSL_get_peer* can only be NULL on 'anonymous DH connections' so shouldn't happen. */
+
+@@ -287,6 +300,8 @@
+ return SSL_get_verify_result(ssl);
+ }
+
++
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ if ((extcount = X509_get_ext_count(x509_peer)) > 0) {
+ if (debug) printf("extcount = %d\n", extcount);
+ for (i = 0; i < extcount; i++) {
+@@ -333,6 +348,7 @@
+ return X509_V_ERR_APPLICATION_VERIFICATION;
+ }
+ }
++#endif
+ X509_free(x509_peer);
+ return SSL_get_verify_result(ssl);
+ }
diff --git a/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild b/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild
index 4bb88bbe38ec..07e388e8f258 100644
--- a/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild
+++ b/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild
@@ -1,8 +1,7 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=6
-
+EAPI=7
inherit autotools
DESCRIPTION="FTP wrapper which supports TLS with every FTP client"
@@ -15,15 +14,17 @@ SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="libressl"
-DEPEND="!libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )"
-RDEPEND="${DEPEND}"
+RDEPEND="
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+"
+DEPEND="${RDEPEND}"
PATCHES=(
- "${FILESDIR}/${P}-libressl.patch"
"${FILESDIR}/respect-cflags.patch"
"${FILESDIR}/modernize-am_init_automake.patch"
"${FILESDIR}/fix-Wformat-security-warnings.patch"
+ "${FILESDIR}/${P}-openssl11.patch"
)
src_prepare() {
@@ -33,6 +34,6 @@ src_prepare() {
src_install() {
emake prefix="${D}/usr" install
- dodoc ChangeLog README
+ einstalldocs
newinitd "${FILESDIR}/tlswrap.init" tlswrap
}