[gentoo-commits] repo/gentoo:master commit in: net-libs/c-client/, net-libs/c-client/files/
commit: bcd6b6d96343c2a56ed7f0df97dc9ec13daa94c9 Author: Sam James gentoo org> AuthorDate: Mon Feb 6 03:56:03 2023 + Commit: Sam James gentoo org> CommitDate: Mon Feb 6 03:58:50 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcd6b6d9 net-libs/c-client: add 2007f_p7 One of our patches (c-client-2007f-openssl-1.1.patch, which seems to have been from - or derived from at least - openwrt at https://github.com/openwrt/packages/commit/b087da8530a8889bd7c765dddbbe218116d11643) has been causing issues with OpenSSL 1.1 by not giving proper regard to the return value of ssl_validate_cert. There's a suggested alternative fixed patch in the bug, but given that c-client is one of those zombie packages we need to keep but isn't active upstream, let's try switching to Debian's patchset, as it works for them, and the effective diff comparing prepared sources before/after is pretty small overall. (We also end up cleaning up a few things, like the library stops exporting 'Gethostbyname' (with a capital G) and such.) Scott Tester smbc.edu.au> deserves a special mention for being persistent here. Thank you! Bug: https://bugs.gentoo.org/647616 Closes: https://bugs.gentoo.org/683708 Signed-off-by: Sam James gentoo.org> net-libs/c-client/Manifest | 1 + net-libs/c-client/c-client-2007f_p7.ebuild | 172 + .../files/c-client-2007f_GENTOO_amd64-so-fix.patch | 12 ++ ...-client-2007f_p7-implicit-declaration-fix.patch | 46 ++ .../c-client/files/c-client-2007f_p7-ldflags.patch | 33 5 files changed, 264 insertions(+) diff --git a/net-libs/c-client/Manifest b/net-libs/c-client/Manifest index a84c4a83e18d..6a0e06458996 100644 --- a/net-libs/c-client/Manifest +++ b/net-libs/c-client/Manifest @@ -1,2 +1,3 @@ DIST c-client-2007f-chappa-115-all.patch.gz 30571 BLAKE2B 707ec7718f764d5fea4142a4e0c4dd561d0a387cb72fea16de656a01bc21a0b30600dc121c8af090b76188d0131852ca6f3d40b9bba8745696faed5a79fb8c59 SHA512 f44489ec38aa6a3dc682872a6857154254c23352db81ee380dfdfad39743234d97a8bcc07a74459f7532efe2fc073cf7d9c078433e11a95de19beeb387ff8b65 DIST imap-2007f.tar.Z 2793529 BLAKE2B f5b597551ef56d284180cd49cf6b7d01a63ee60bcb513a354bd7ec63428184b854e3ea666a9f3ce1f5b27699cf81d2f1d0e66e5cfc7fee93d723bb146d113ec7 SHA512 2c728deaf66d23158c61ae55ff94f05d2a1cf0168002760321ca30c6ee1c58c0a4c7bc14ece0097ea662df6c7c49be3b91c8e5e943724c9e2736800fa9298dae +DIST uw-imap_2007f~dfsg-7.debian.tar.xz 44960 BLAKE2B 836dfd9a5922cd3043278a89c87276c974c8e91c5831a94caef6e73b2839d246bda879f67bdad88ae59888b5dc8b6ca366aa48b6d197508cd10cdc68f1e7027f SHA512 3a903062c782c942d4c7a1122be686e301ea4d4c6f6ff1dbc78ae29c7ee7b8e02fb25a903401e6a7047ddccaf6bcceba953f6cad1c1890cd6410ea909b014af6 diff --git a/net-libs/c-client/c-client-2007f_p7.ebuild b/net-libs/c-client/c-client-2007f_p7.ebuild new file mode 100644 index ..c3fd74b4a8a9 --- /dev/null +++ b/net-libs/c-client/c-client-2007f_p7.ebuild @@ -0,0 +1,172 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit flag-o-matic libtool toolchain-funcs + +MY_PN=imap +MY_P="${MY_PN}-${PV}" + +CHAPPA_PL=115 +DESCRIPTION="UW IMAP c-client library" +HOMEPAGE="http://www.washington.edu/imap/; +SRC_URI=" + ftp://ftp.cac.washington.edu/imap/${MY_PN}-$(ver_cut 1-2).tar.Z + mirror://debian/pool/main/u/uw-${MY_PN}/uw-${MY_PN}_${PV/_p/"~dfsg-"}.debian.tar.xz + chappa? ( mirror://gentoo/${PN}-$(ver_cut 1-2)-chappa-${CHAPPA_PL}-all.patch.gz ) +" +S="${WORKDIR}"/${MY_PN}-$(ver_cut 1-2) + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="doc +ipv6 kerberos pam ssl static-libs topal chappa" + +RDEPEND=" + ssl? ( + dev-libs/openssl:= + ) + kernel_linux? ( + pam? ( >=sys-libs/pam-0.72 ) + !pam? ( virtual/libcrypt:= ) + ) + kerberos? ( app-crypt/mit-krb5 ) +" +DEPEND="${RDEPEND}" + +PATCHES=( + "${WORKDIR}"/debian/patches + + # Apply a patch to only build the stuff we need for c-client + "${FILESDIR}/${PN}-2006k_GENTOO_Makefile.patch" + + # Apply patch to add the compilation of a .so for PHP + # This was previously conditional, but is more widely useful. + "${FILESDIR}/${PN}-2007f_GENTOO_amd64-so-fix.patch" + + # Respect LDFLAGS + "${FILESDIR}/${PN}-2007f_p7-ldflags.patch" + + # build fix for -Werror=implicit-function-declaration and + # incompatible function pointer types, bug #870478 + "${FILESDIR}/${PN}-2007f-scandir-callback-types.patch" + "${FILESDIR}/${PN}-2007f_p7-implicit-declaration-fix.patch" +) + +src_prepare() { + use topal && PATCHES+=( "${FILESDIR}/${P}-topal.patch" ) + + default + + use chappa && eapply -p2 "${WORKDIR}/${P}-chappa-${CHAPPA_PL}-all.patch" + +
[gentoo-commits] repo/gentoo:master commit in: net-libs/c-client/, net-libs/c-client/files/
commit: c2626757b304cbe1ba5da551b0db496989e95cc0 Author: Lars Wendler gentoo org> AuthorDate: Wed Oct 24 15:07:24 2018 + Commit: Lars Wendler gentoo org> CommitDate: Wed Oct 24 15:07:39 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2626757 net-libs/c-client: Fixed build with openssl-1.1 Closes: https://bugs.gentoo.org/647616 Signed-off-by: Lars Wendler gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-libs/c-client/c-client-2007f-r6.ebuild | 33 ++- .../files/c-client-2007f-openssl-1.1.patch | 66 ++ 2 files changed, 86 insertions(+), 13 deletions(-) diff --git a/net-libs/c-client/c-client-2007f-r6.ebuild b/net-libs/c-client/c-client-2007f-r6.ebuild index 6f539a98487..bd9925412df 100644 --- a/net-libs/c-client/c-client-2007f-r6.ebuild +++ b/net-libs/c-client/c-client-2007f-r6.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -30,9 +30,28 @@ DEPEND="${RDEPEND} kernel_linux? ( pam? ( >=sys-libs/pam-0.72 ) ) " +PATCHES=( + # Apply a patch to only build the stuff we need for c-client + "${FILESDIR}/${PN}-2006k_GENTOO_Makefile.patch" + + # Apply patch to add the compilation of a .so for PHP + # This was previously conditional, but is more widely useful. + "${FILESDIR}/${PN}-2006k_GENTOO_amd64-so-fix.patch" + + # Respect LDFLAGS + "${FILESDIR}/${PN}-2007f-ldflags.patch" + + # openssl-1.1 build fix #647616 + "${FILESDIR}/${PN}-2007f-openssl-1.1.patch" +) + src_prepare() { + use topal && PATCHES+=( "${FILESDIR}/${P}-topal.patch" ) + default + use chappa && eapply -p2 "${WORKDIR}/${P}-chappa-${CHAPPA_PL}-all.patch" + # Tarball packed with bad file perms chmod -R u+rwX,go-w . || die "failed to fix permissions" @@ -60,28 +79,16 @@ src_prepare() { -i src/osdep/unix/Makefile \ || die "failed to fix the FreeBSD ACTIVEFILE path in the Makefile" - # Apply a patch to only build the stuff we need for c-client - eapply "${FILESDIR}/${PN}-2006k_GENTOO_Makefile.patch" - - # Apply patch to add the compilation of a .so for PHP - # This was previously conditional, but is more widely useful. - eapply "${FILESDIR}/${PN}-2006k_GENTOO_amd64-so-fix.patch" - # Remove the pesky checks about SSL stuff sed -e '/read.*exit/d' -i Makefile \ || die "failed to disable SSL warning in the Makefile" - # Respect LDFLAGS - eapply "${FILESDIR}/${PN}-2007f-ldflags.patch" sed -e "s:CC=cc:CC=$(tc-getCC):" \ -e "s:ARRC=ar:ARRC=$(tc-getAR):" \ -e "s:RANLIB=ranlib:RANLIB=$(tc-getRANLIB):" \ -i src/osdep/unix/Makefile \ || die "failed to fix build flags support in the Makefile" - use topal && eapply "${FILESDIR}/${P}-topal.patch" - use chappa && epatch "${DISTDIR}/${P}-chappa-${CHAPPA_PL}-all.patch.gz" - elibtoolize } diff --git a/net-libs/c-client/files/c-client-2007f-openssl-1.1.patch b/net-libs/c-client/files/c-client-2007f-openssl-1.1.patch new file mode 100644 index 000..918f0bd3fbd --- /dev/null +++ b/net-libs/c-client/files/c-client-2007f-openssl-1.1.patch @@ -0,0 +1,66 @@ +diff -Nru a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c +--- a/src/osdep/unix/ssl_unix.c2011-07-23 02:20:10.0 +0200 b/src/osdep/unix/ssl_unix.c2018-09-22 09:34:26.492765776 +0200 +@@ -59,7 +59,7 @@ + static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags); + static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags); + static int ssl_open_verify (int ok,X509_STORE_CTX *ctx); +-static char *ssl_validate_cert (X509 *cert,char *host); ++static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj); + static long ssl_compare_hostnames (unsigned char *s,unsigned char *pat); + static char *ssl_getline_work (SSLSTREAM *stream,unsigned long *size, + long *contd); +@@ -210,6 +210,7 @@ + BIO *bio; + X509 *cert; + unsigned long sl,tl; ++ char cert_subj[250]; + char *s,*t,*err,tmp[MAILTMPLEN]; + sslcertificatequery_t scq = + (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL); +@@ -266,13 +267,17 @@ + if (SSL_write (stream->con,"",0) < 0) + return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; + /* need to validate host names? */ +- if (!(flags & NET_NOVALIDATECERT) && +- (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), +- host))) { +- /* application callback */ +-if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL :