diff options
author | Pacho Ramos <pacho@gentoo.org> | 2019-01-13 20:33:17 +0100 |
---|---|---|
committer | Pacho Ramos <pacho@gentoo.org> | 2019-01-13 20:33:17 +0100 |
commit | 6bc6d001a0fff7ea3ef374a9a5a1de885b2ff8cb (patch) | |
tree | 1690f05ca650c754ed5537f660197e82b772a27a /net-ftp/tlswrap | |
parent | app-metrics/github-exporter: 04-r1 revbump to create the user (diff) | |
download | gentoo-6bc6d001a0fff7ea3ef374a9a5a1de885b2ff8cb.tar.gz gentoo-6bc6d001a0fff7ea3ef374a9a5a1de885b2ff8cb.tar.bz2 gentoo-6bc6d001a0fff7ea3ef374a9a5a1de885b2ff8cb.zip |
net-ftp/tlswrap: Fix compat with openssl-1.1 and libressl
Closes: https://bugs.gentoo.org/675330
Package-Manager: Portage-2.3.55, Repoman-2.3.12
Signed-off-by: Pacho Ramos <pacho@gentoo.org>
Diffstat (limited to 'net-ftp/tlswrap')
-rw-r--r-- | net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch | 16 | ||||
-rw-r--r-- | net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch | 60 | ||||
-rw-r--r-- | net-ftp/tlswrap/tlswrap-1.04-r3.ebuild | 17 |
3 files changed, 69 insertions, 24 deletions
diff --git a/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch b/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch deleted file mode 100644 index 5c1f1083005f..000000000000 --- a/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -Naur a/tls.c b/tls.c ---- a/tls.c 2006-11-25 19:52:08.000000000 +0100 -+++ b/tls.c 2015-11-10 16:16:25.000000000 +0100 -@@ -73,10 +73,12 @@ - printf("egd_sock is %s\n", egd_sock); - #ifdef HAVE_RAND_STATUS - if (RAND_status() != 1) { -+#ifndef OPENSSL_NO_EGD - if ( RAND_egd(egd_sock) == -1 ) { - fprintf(stderr, "egd_sock is %s\n", egd_sock); - sys_err("RAND_egd failed\n"); - } -+#endif - if (RAND_status() != 1) - sys_err("ssl_init: System without /dev/urandom, PRNG seeding must be done manually.\r\n"); - } diff --git a/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch b/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch new file mode 100644 index 000000000000..e8d0941d7434 --- /dev/null +++ b/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch @@ -0,0 +1,60 @@ +diff -wru tlswrap-1.04.orig/tls.c tlswrap-1.04/tls.c +--- tlswrap-1.04.orig/tls.c 2006-11-25 19:52:08.000000000 +0100 ++++ tlswrap-1.04/tls.c 2017-12-05 04:43:56.757223948 +0100 +@@ -73,10 +73,12 @@ + printf("egd_sock is %s\n", egd_sock); + #ifdef HAVE_RAND_STATUS + if (RAND_status() != 1) { ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || OPENSSL_NO_EGD + if ( RAND_egd(egd_sock) == -1 ) { + fprintf(stderr, "egd_sock is %s\n", egd_sock); + sys_err("RAND_egd failed\n"); + } ++#endif + if (RAND_status() != 1) + sys_err("ssl_init: System without /dev/urandom, PRNG seeding must be done manually.\r\n"); + } +@@ -262,7 +264,8 @@ + int ok, extcount, i, j; + char *extstr; + SSL *ssl; +-#if (OPENSSL_VERSION_NUMBER > 0x00908000L) ++#if (OPENSSL_VERSION_NUMBER > 0x10100000L) ++#elif (OPENSSL_VERSION_NUMBER > 0x00908000L) + unsigned char const *data1; + #else + unsigned char *data1; +@@ -279,6 +282,16 @@ + if (debug) + printf("tls_cert2\n"); + ++#if (OPENSSL_VERSION_NUMBER > 0x10100000L) ++ if (ud->sec_level > 3) { ++ X509_VERIFY_PARAM *param = SSL_get0_param(ssl); ++ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ++ X509_VERIFY_PARAM_set1_host(param, ud->serv_dns.hostname, 0); ++ X509_VERIFY_PARAM_set1_ip_asc(param, ud->serv_data_host); ++ SSL_set_verify(ssl, SSL_VERIFY_PEER, 0); ++ } ++#endif ++ + if ((x509_peer = SSL_get_peer_certificate(ssl)) == NULL) + return X509_V_ERR_APPLICATION_VERIFICATION; /* SSL_get_peer* can only be NULL on 'anonymous DH connections' so shouldn't happen. */ + +@@ -287,6 +300,8 @@ + return SSL_get_verify_result(ssl); + } + ++ ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + if ((extcount = X509_get_ext_count(x509_peer)) > 0) { + if (debug) printf("extcount = %d\n", extcount); + for (i = 0; i < extcount; i++) { +@@ -333,6 +348,7 @@ + return X509_V_ERR_APPLICATION_VERIFICATION; + } + } ++#endif + X509_free(x509_peer); + return SSL_get_verify_result(ssl); + } diff --git a/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild b/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild index 4bb88bbe38ec..07e388e8f258 100644 --- a/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild +++ b/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild @@ -1,8 +1,7 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=6 - +EAPI=7 inherit autotools DESCRIPTION="FTP wrapper which supports TLS with every FTP client" @@ -15,15 +14,17 @@ SLOT="0" KEYWORDS="~amd64 ~x86" IUSE="libressl" -DEPEND="!libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:= )" -RDEPEND="${DEPEND}" +RDEPEND=" + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:= ) +" +DEPEND="${RDEPEND}" PATCHES=( - "${FILESDIR}/${P}-libressl.patch" "${FILESDIR}/respect-cflags.patch" "${FILESDIR}/modernize-am_init_automake.patch" "${FILESDIR}/fix-Wformat-security-warnings.patch" + "${FILESDIR}/${P}-openssl11.patch" ) src_prepare() { @@ -33,6 +34,6 @@ src_prepare() { src_install() { emake prefix="${D}/usr" install - dodoc ChangeLog README + einstalldocs newinitd "${FILESDIR}/tlswrap.init" tlswrap } |