[gentoo-commits] repo/gentoo:master commit in: net-ftp/tlswrap/, net-ftp/tlswrap/files/

Sun, 13 Jan 2019 11:35:04 -0800 

commit:     6bc6d001a0fff7ea3ef374a9a5a1de885b2ff8cb
Author:     Pacho Ramos <pacho <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 13 19:33:17 2019 +0000
Commit:     Pacho Ramos <pacho <AT> gentoo <DOT> org>
CommitDate: Sun Jan 13 19:33:17 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6bc6d001

net-ftp/tlswrap: Fix compat with openssl-1.1 and libressl

Closes: https://bugs.gentoo.org/675330
Package-Manager: Portage-2.3.55, Repoman-2.3.12
Signed-off-by: Pacho Ramos <pacho <AT> gentoo.org>

 net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch  | 16 ------
 net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch | 60 ++++++++++++++++++++++
 net-ftp/tlswrap/tlswrap-1.04-r3.ebuild             | 17 +++---
 3 files changed, 69 insertions(+), 24 deletions(-)

diff --git a/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch 
b/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch
deleted file mode 100644
index 5c1f1083005..00000000000
--- a/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -Naur a/tls.c b/tls.c
---- a/tls.c    2006-11-25 19:52:08.000000000 +0100
-+++ b/tls.c    2015-11-10 16:16:25.000000000 +0100
-@@ -73,10 +73,12 @@
-               printf("egd_sock is %s\n", egd_sock);
- #ifdef HAVE_RAND_STATUS
-       if (RAND_status() != 1) {
-+#ifndef OPENSSL_NO_EGD
-               if ( RAND_egd(egd_sock) == -1 ) {
-                       fprintf(stderr, "egd_sock is %s\n", egd_sock);
-                       sys_err("RAND_egd failed\n");
-               }
-+#endif
-               if (RAND_status() != 1)
-                       sys_err("ssl_init: System without /dev/urandom, PRNG 
seeding must be done manually.\r\n");
-       }

diff --git a/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch 
b/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch
new file mode 100644
index 00000000000..e8d0941d743
--- /dev/null
+++ b/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch
@@ -0,0 +1,60 @@
+diff -wru tlswrap-1.04.orig/tls.c tlswrap-1.04/tls.c
+--- tlswrap-1.04.orig/tls.c    2006-11-25 19:52:08.000000000 +0100
++++ tlswrap-1.04/tls.c 2017-12-05 04:43:56.757223948 +0100
+@@ -73,10 +73,12 @@
+               printf("egd_sock is %s\n", egd_sock);
+ #ifdef HAVE_RAND_STATUS
+       if (RAND_status() != 1) {
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || OPENSSL_NO_EGD
+               if ( RAND_egd(egd_sock) == -1 ) {
+                       fprintf(stderr, "egd_sock is %s\n", egd_sock);
+                       sys_err("RAND_egd failed\n");
+               }
++#endif
+               if (RAND_status() != 1)
+                       sys_err("ssl_init: System without /dev/urandom, PRNG 
seeding must be done manually.\r\n");
+       }
+@@ -262,7 +264,8 @@
+       int                                     ok, extcount, i, j;
+       char                            *extstr;
+       SSL                                     *ssl;
+-#if (OPENSSL_VERSION_NUMBER > 0x00908000L)
++#if (OPENSSL_VERSION_NUMBER > 0x10100000L)
++#elif (OPENSSL_VERSION_NUMBER > 0x00908000L)
+       unsigned char const             *data1;
+ #else
+       unsigned char   *data1;
+@@ -279,6 +282,16 @@
+       if (debug)
+               printf("tls_cert2\n");
+       
++#if (OPENSSL_VERSION_NUMBER > 0x10100000L)
++      if (ud->sec_level > 3) {
++              X509_VERIFY_PARAM *param = SSL_get0_param(ssl);
++              X509_VERIFY_PARAM_set_hostflags(param, 
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
++              X509_VERIFY_PARAM_set1_host(param, ud->serv_dns.hostname, 0);
++              X509_VERIFY_PARAM_set1_ip_asc(param, ud->serv_data_host);
++              SSL_set_verify(ssl, SSL_VERIFY_PEER, 0);
++      }
++#endif
++
+       if ((x509_peer = SSL_get_peer_certificate(ssl)) == NULL)
+               return X509_V_ERR_APPLICATION_VERIFICATION; /* SSL_get_peer* 
can only be NULL on  'anonymous DH connections' so shouldn't happen. */
+ 
+@@ -287,6 +300,8 @@
+               return SSL_get_verify_result(ssl);
+       }
+       
++
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+       if ((extcount = X509_get_ext_count(x509_peer)) > 0) {
+               if (debug) printf("extcount = %d\n", extcount);
+               for (i = 0; i < extcount; i++) {
+@@ -333,6 +348,7 @@
+               return X509_V_ERR_APPLICATION_VERIFICATION;
+       }
+   }
++#endif
+   X509_free(x509_peer);
+       return SSL_get_verify_result(ssl);
+ }

diff --git a/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild 
b/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild
index 4bb88bbe38e..07e388e8f25 100644
--- a/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild
+++ b/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild
@@ -1,8 +1,7 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
-
+EAPI=7
 inherit autotools
 
 DESCRIPTION="FTP wrapper which supports TLS with every FTP client"
@@ -15,15 +14,17 @@ SLOT="0"
 KEYWORDS="~amd64 ~x86"
 IUSE="libressl"
 
-DEPEND="!libressl? ( dev-libs/openssl:0= )
-       libressl? ( dev-libs/libressl:= )"
-RDEPEND="${DEPEND}"
+RDEPEND="
+       !libressl? ( dev-libs/openssl:0= )
+       libressl? ( dev-libs/libressl:= )
+"
+DEPEND="${RDEPEND}"
 
 PATCHES=(
-       "${FILESDIR}/${P}-libressl.patch"
        "${FILESDIR}/respect-cflags.patch"
        "${FILESDIR}/modernize-am_init_automake.patch"
        "${FILESDIR}/fix-Wformat-security-warnings.patch"
+       "${FILESDIR}/${P}-openssl11.patch"
 )
 
 src_prepare() {
@@ -33,6 +34,6 @@ src_prepare() {
 
 src_install() {
        emake prefix="${D}/usr" install
-       dodoc ChangeLog README
+       einstalldocs
        newinitd "${FILESDIR}/tlswrap.init" tlswrap
 }

Reply via email to