[gentoo-commits] repo/gentoo:master commit in: net-ftp/tlswrap/, net-ftp/tlswrap/files/

[Pacho Ramos]

commit: 6bc6d001a0fff7ea3ef374a9a5a1de885b2ff8cb
Author: Pacho Ramos  gentoo  org>
AuthorDate: Sun Jan 13 19:33:17 2019 +
Commit: Pacho Ramos  gentoo  org>
CommitDate: Sun Jan 13 19:33:17 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6bc6d001

net-ftp/tlswrap: Fix compat with openssl-1.1 and libressl

Closes: https://bugs.gentoo.org/675330
Package-Manager: Portage-2.3.55, Repoman-2.3.12
Signed-off-by: Pacho Ramos  gentoo.org>

 net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch  | 16 --
 net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch | 60 ++
 net-ftp/tlswrap/tlswrap-1.04-r3.ebuild | 17 +++---
 3 files changed, 69 insertions(+), 24 deletions(-)

diff --git a/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch 
b/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch
deleted file mode 100644
index 5c1f1083005..000
--- a/net-ftp/tlswrap/files/tlswrap-1.04-libressl.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -Naur a/tls.c b/tls.c
 a/tls.c2006-11-25 19:52:08.0 +0100
-+++ b/tls.c2015-11-10 16:16:25.0 +0100
-@@ -73,10 +73,12 @@
-   printf("egd_sock is %s\n", egd_sock);
- #ifdef HAVE_RAND_STATUS
-   if (RAND_status() != 1) {
-+#ifndef OPENSSL_NO_EGD
-   if ( RAND_egd(egd_sock) == -1 ) {
-   fprintf(stderr, "egd_sock is %s\n", egd_sock);
-   sys_err("RAND_egd failed\n");
-   }
-+#endif
-   if (RAND_status() != 1)
-   sys_err("ssl_init: System without /dev/urandom, PRNG 
seeding must be done manually.\r\n");
-   }

diff --git a/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch 
b/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch
new file mode 100644
index 000..e8d0941d743
--- /dev/null
+++ b/net-ftp/tlswrap/files/tlswrap-1.04-openssl11.patch
@@ -0,0 +1,60 @@
+diff -wru tlswrap-1.04.orig/tls.c tlswrap-1.04/tls.c
+--- tlswrap-1.04.orig/tls.c2006-11-25 19:52:08.0 +0100
 tlswrap-1.04/tls.c 2017-12-05 04:43:56.757223948 +0100
+@@ -73,10 +73,12 @@
+   printf("egd_sock is %s\n", egd_sock);
+ #ifdef HAVE_RAND_STATUS
+   if (RAND_status() != 1) {
++#if (OPENSSL_VERSION_NUMBER < 0x1010L) || OPENSSL_NO_EGD
+   if ( RAND_egd(egd_sock) == -1 ) {
+   fprintf(stderr, "egd_sock is %s\n", egd_sock);
+   sys_err("RAND_egd failed\n");
+   }
++#endif
+   if (RAND_status() != 1)
+   sys_err("ssl_init: System without /dev/urandom, PRNG 
seeding must be done manually.\r\n");
+   }
+@@ -262,7 +264,8 @@
+   int ok, extcount, i, j;
+   char*extstr;
+   SSL *ssl;
+-#if (OPENSSL_VERSION_NUMBER > 0x00908000L)
++#if (OPENSSL_VERSION_NUMBER > 0x1010L)
++#elif (OPENSSL_VERSION_NUMBER > 0x00908000L)
+   unsigned char const *data1;
+ #else
+   unsigned char   *data1;
+@@ -279,6 +282,16 @@
+   if (debug)
+   printf("tls_cert2\n");
+   
++#if (OPENSSL_VERSION_NUMBER > 0x1010L)
++  if (ud->sec_level > 3) {
++  X509_VERIFY_PARAM *param = SSL_get0_param(ssl);
++  X509_VERIFY_PARAM_set_hostflags(param, 
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
++  X509_VERIFY_PARAM_set1_host(param, ud->serv_dns.hostname, 0);
++  X509_VERIFY_PARAM_set1_ip_asc(param, ud->serv_data_host);
++  SSL_set_verify(ssl, SSL_VERIFY_PEER, 0);
++  }
++#endif
++
+   if ((x509_peer = SSL_get_peer_certificate(ssl)) == NULL)
+   return X509_V_ERR_APPLICATION_VERIFICATION; /* SSL_get_peer* 
can only be NULL on  'anonymous DH connections' so shouldn't happen. */
+ 
+@@ -287,6 +300,8 @@
+   return SSL_get_verify_result(ssl);
+   }
+   
++
++#if (OPENSSL_VERSION_NUMBER < 0x1010L)
+   if ((extcount = X509_get_ext_count(x509_peer)) > 0) {
+   if (debug) printf("extcount = %d\n", extcount);
+   for (i = 0; i < extcount; i++) {
+@@ -333,6 +348,7 @@
+   return X509_V_ERR_APPLICATION_VERIFICATION;
+   }
+   }
++#endif
+   X509_free(x509_peer);
+   return SSL_get_verify_result(ssl);
+ }

diff --git a/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild 
b/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild
index 4bb88bbe38e..07e388e8f25 100644
--- a/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild
+++ b/net-ftp/tlswrap/tlswrap-1.04-r3.ebuild
@@ -1,8 +1,7 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
-
+EAPI=7
 inherit autotools
 
 DESCRIPTION="FTP wrapper which supports TLS with every FTP client"
@@ -15,15 +14,17 @@ SLOT="0"
 KEYWORDS="~amd64 ~x86"
 IUSE="libressl"
 
-DEPEND="!libressl? ( dev-libs/openssl:0= )
-   libressl? ( 

[gentoo-commits] repo/gentoo:master commit in: net-ftp/tlswrap/, net-ftp/tlswrap/files/

[Michael Orlitzky]

commit: 4699e319cf956c040a73eae249c3392964263ac0
Author: Michael Orlitzky  gentoo  org>
AuthorDate: Thu Aug 11 17:25:14 2016 +
Commit: Michael Orlitzky  gentoo  org>
CommitDate: Thu Aug 11 17:27:25 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4699e319

net-ftp/tlswrap: new revision that respects CFLAGS.

This new revision comes with a few patches, the first of which updates
configure.ac to respect the user's CFLAGS. After that, the second
patch modernizes the AM_INIT_AUTOMAKE call to avoid an ugly
warning. Finally -- now that the build respects CFLAGS -- the package
needed to be updated to build with -Werror=format-security. Those
fixes were trivial and come in a third patch.

The only change to the ebuild itself (aside from the patches) was a
new call to eautoreconf, to pick up the aforementioned changes.

Gentoo-Bug: 240898

Package-Manager: portage-2.2.28

 .../files/fix-Wformat-security-warnings.patch  | 67 ++
 .../tlswrap/files/modernize-am_init_automake.patch | 30 ++
 net-ftp/tlswrap/files/respect-cflags.patch | 66 +
 ...swrap-1.04-r2.ebuild => tlswrap-1.04-r3.ebuild} | 17 --
 4 files changed, 176 insertions(+), 4 deletions(-)

diff --git a/net-ftp/tlswrap/files/fix-Wformat-security-warnings.patch 
b/net-ftp/tlswrap/files/fix-Wformat-security-warnings.patch
new file mode 100644
index 000..e90
--- /dev/null
+++ b/net-ftp/tlswrap/files/fix-Wformat-security-warnings.patch
@@ -0,0 +1,67 @@
+From dbbc4b17b5fdd08b11b0f285cfc99a28be8a89e5 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky 
+Date: Thu, 11 Aug 2016 13:05:43 -0400
+Subject: [PATCH 3/3] Fix -Wformat-security warnings by adding trivial format
+ strings.
+
+Newer versions of GCC have the option to output warnings for insecure
+(e.g. missing) format string usage. A few places were making calls to
+the printf family of functions, and passing in a string variable
+without a format string. In all cases, the desired format string was
+simply "%s", intended to print the sole argument, and that "%s" has
+been added.
+
+This eliminates the warnings, and allows the build to complete when
+-Werror=format-security is used.
+---
+ misc.c  | 4 ++--
+ parse.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/misc.c b/misc.c
+index ebaabb2..d9bb150 100644
+--- a/misc.c
 b/misc.c
+@@ -164,7 +164,7 @@ int print_to_ud(struct user_data *ud, const char *s) {
+   size_t slen;
+   char str[1024];
+   
+-  snprintf(str, sizeof(str), s);
++  snprintf(str, sizeof(str), "%s", s);
+ 
+   slen = strlen(str); /* NOT including null char */
+   
+@@ -184,7 +184,7 @@ int print_to_serv(struct user_data *ud, const char *s) {
+   size_t slen;
+   char str[130];
+ 
+-  snprintf(str, sizeof(str), s);
++  snprintf(str, sizeof(str), "%s", s);
+   slen = strlen(str); /* NOT including null char */
+   if ( (>u2s_buf[U2S_SIZE]-ud->u2s_i)serv_status = SERV_PBSZ;
+   snprintf(s, sizeof(s), "PROT %c\r\n", ud->prot);
+   if (debug)
+-  printf(s);
++  printf("%s", s);
+   print_to_serv(ud,s);
+   } else if ((ud->serv_status == SERV_PBSZ) && (strncasecmp(dst,"200 ",4) 
== 0) ) {
+   ud->serv_status = SERV_PROT;
+@@ -365,7 +365,7 @@ parse_serv_buf(struct user_data *ud, int index, char 
*ucertspath, char *cafile)
+   } else if (ud->delay_prot && (ud->serv_status == SERV_PROT) && 
(strncasecmp(dst,"230 ",4) == 0) ) {
+   snprintf(s, sizeof(s), "PROT %c\r\n", ud->prot);
+   if (debug)
+-  printf(s);
++  printf("%s", s);
+   print_to_serv(ud,s);
+   } else if (ud->delay_prot && (ud->serv_status == SERV_PROT) && 
(strncasecmp(dst,"200 ",4) == 0) ) {
+   write(ud->user_fd, "230 Bypassed login text because the ftpd 
can't handle PROT before USER.\r\n", 73);
+-- 
+2.7.3
+

diff --git a/net-ftp/tlswrap/files/modernize-am_init_automake.patch 
b/net-ftp/tlswrap/files/modernize-am_init_automake.patch
new file mode 100644
index 000..6171e45
--- /dev/null
+++ b/net-ftp/tlswrap/files/modernize-am_init_automake.patch
@@ -0,0 +1,30 @@
+From 4d6541b108ab59e30e7413a5bc62f29bbc1fd2ab Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky 
+Date: Thu, 11 Aug 2016 13:00:53 -0400
+Subject: [PATCH 2/3] Modernize the AM_INIT_AUTOMAKE invocation.
+
+The existing call to AM_INIT_AUTOMAKE, which passed both the project
+name and its version, had been deprecated. These days, you're supposed
+to pass those things to 

[gentoo-commits] repo/gentoo:master commit in: net-ftp/tlswrap/, net-ftp/tlswrap/files/

[Austin English]

commit: bc0dddc68464b315fdb6a8d313be58e22281efcd
Author: Austin English  gentoo  org>
AuthorDate: Wed Apr 27 23:44:32 2016 +
Commit: Austin English  gentoo  org>
CommitDate: Wed Apr 27 23:44:32 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc0dddc6

net-ftp/tlswrap: use #!/sbin/openrc-run instead of #!/sbin/runscript

Gentoo-Bug: https://bugs.gentoo.org/573846

Package-Manager: portage-2.2.26

 net-ftp/tlswrap/files/tlswrap.init |  4 ++--
 net-ftp/tlswrap/tlswrap-1.04-r2.ebuild | 30 ++
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/net-ftp/tlswrap/files/tlswrap.init 
b/net-ftp/tlswrap/files/tlswrap.init
index fd4eea9..7219d8e 100644
--- a/net-ftp/tlswrap/files/tlswrap.init
+++ b/net-ftp/tlswrap/files/tlswrap.init
@@ -1,5 +1,5 @@
-#!/sbin/runscript
-# Copyright 1999-2006 Gentoo Foundation
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 

diff --git a/net-ftp/tlswrap/tlswrap-1.04-r2.ebuild 
b/net-ftp/tlswrap/tlswrap-1.04-r2.ebuild
new file mode 100644
index 000..472ed9e
--- /dev/null
+++ b/net-ftp/tlswrap/tlswrap-1.04-r2.ebuild
@@ -0,0 +1,30 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+inherit eutils
+
+DESCRIPTION="a TLS/SSL FTP wrapper/proxy which allows to use TLS with every 
FTP client"
+HOMEPAGE="http://www.tlswrap.com;
+SRC_URI="http://www.tlswrap.com/${P}.tar.gz;
+
+# GPL-2 for Gentoo init script
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="libressl"
+
+DEPEND="!libressl? ( dev-libs/openssl:0= )
+   libressl? ( dev-libs/libressl:= )"
+RDEPEND=${DEPEND}
+
+src_prepare() {
+   epatch "${FILESDIR}/${P}-libressl.patch"
+}
+
+src_install() {
+   emake prefix="${D}/usr" install
+   dodoc ChangeLog README
+   newinitd "${FILESDIR}/tlswrap.init" tlswrap
+}