diff options
-rw-r--r-- | net-libs/neon/ChangeLog | 7 | ||||
-rw-r--r-- | net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch | 120 | ||||
-rw-r--r-- | net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch | 57 | ||||
-rw-r--r-- | net-libs/neon/neon-0.29.6-r1.ebuild | 4 |
4 files changed, 186 insertions, 2 deletions
diff --git a/net-libs/neon/ChangeLog b/net-libs/neon/ChangeLog index 0c44ca99beb2..2e1331d266d4 100644 --- a/net-libs/neon/ChangeLog +++ b/net-libs/neon/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for net-libs/neon # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/neon/ChangeLog,v 1.44 2012/09/05 19:43:54 floppym Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-libs/neon/ChangeLog,v 1.45 2012/11/01 15:52:27 qnikst Exp $ + + 01 Nov 2012; Alexander Vershilov <qnikst@gentoo.org> + +files/neon-0.29.6-gnutls-3-functions.patch, + +files/neon-0.29.6-gnutls-3-types.patch, neon-0.29.6-r1.ebuild: + fix gnutls-3 breakage #421441, thanks to Bartosz Brachaczek 05 Sep 2012; Mike Gilbert <floppym@gentoo.org> neon-0.29.6-r1.ebuild: Fix handling of EPREFIX with whitespace. Patch by Arfrever. diff --git a/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch b/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch new file mode 100644 index 000000000000..77fe9320228d --- /dev/null +++ b/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch @@ -0,0 +1,120 @@ +From d7516e56dc854308349419b81904e9a61751cde4 Mon Sep 17 00:00:00 2001 +From: Alexander V Vershilov <alexander.vershilov@gmail.com> +Date: Thu, 1 Nov 2012 11:44:10 +0400 +Subject: [PATCH 1/2] neon gnutls-3 fixes + +--- + macros/neon.m4 | 9 ++++++++- + src/ne_gnutls.c | 13 +++++++++++-- + src/ne_socket.c | 10 +++++++--- + 3 files changed, 26 insertions(+), 6 deletions(-) + +diff --git a/macros/neon.m4 b/macros/neon.m4 +index 32111c7..40f1d71 100644 +--- a/macros/neon.m4 ++++ b/macros/neon.m4 +@@ -982,13 +982,20 @@ gnutls) + # Check for functions in later releases + NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \ + gnutls_sign_callback_set \ ++ gnutls_certificate_get_issuer \ + gnutls_certificate_get_x509_cas \ +- gnutls_certificate_verify_peers2]) ++ gnutls_certificate_verify_peers2 \ ++ gnutls_x509_crt_sign2]) + + # fail if gnutls_certificate_verify_peers2 is not found + if test x${ac_cv_func_gnutls_certificate_verify_peers2} != xyes; then + AC_MSG_ERROR([GnuTLS version predates gnutls_certificate_verify_peers2, newer version required]) + fi ++ ++ # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required) ++ if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then ++ AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)]) ++ fi + + # Check for iconv support if using the new RDN access functions: + if test ${ac_cv_func_gnutls_x509_dn_get_rdn_ava}X${ac_cv_header_iconv_h} = yesXyes; then +diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c +index eec5655..d50c6ce 100644 +--- a/src/ne_gnutls.c ++++ b/src/ne_gnutls.c +@@ -692,7 +692,7 @@ void ne_ssl_context_destroy(ne_ssl_context *ctx) + ne_free(ctx); + } + +-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS ++#if !defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) && defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS) + /* Return the issuer of the given certificate, or NULL if none can be + * found. */ + static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list, +@@ -747,20 +747,29 @@ static ne_ssl_certificate *make_peers_chain(gnutls_session sock, + } + } + +-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS ++#if defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) || defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS) + /* GnuTLS only returns the peers which were *sent* by the server + * in the Certificate list during the handshake. Fill in the + * complete chain manually against the certs we trust: */ + if (current->issuer == NULL) { + gnutls_x509_crt issuer; ++ ++#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER + gnutls_x509_crt *ca_list; + unsigned int num_cas; + + gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas); ++#endif + + do { + /* Look up the issuer. */ ++#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER + issuer = find_issuer(ca_list, num_cas, current->subject); ++#else ++ if (gnutls_certificate_get_issuer(crd, current->subject, &issuer, 0)) ++ issuer = NULL; ++#endif ++ + if (issuer) { + issuer = x509_crt_copy(issuer); + cert = populate_cert(ne_calloc(sizeof *cert), issuer); +diff --git a/src/ne_socket.c b/src/ne_socket.c +index 12cf020..faee20c 100644 +--- a/src/ne_socket.c ++++ b/src/ne_socket.c +@@ -721,9 +721,11 @@ static ssize_t error_gnutls(ne_socket *sock, ssize_t sret) + _("SSL alert received: %s"), + gnutls_alert_get_name(gnutls_alert_get(sock->ssl))); + break; ++#if GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 99) ++ case GNUTLS_E_PREMATURE_TERMINATION: ++#else + case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: +- /* It's not exactly an API guarantee but this error will +- * always mean a premature EOF. */ ++#endif + ret = NE_SOCK_TRUNC; + set_error(sock, _("Secure connection truncated")); + break; +@@ -1678,6 +1680,8 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx) + NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n"); + } + #elif defined(HAVE_GNUTLS) ++ unsigned int verify_status; ++ + gnutls_init(&ssl, GNUTLS_SERVER); + gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); + gnutls_set_default_priority(ssl); +@@ -1697,7 +1701,7 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx) + if (ret < 0) { + return error_gnutls(sock, ret); + } +- if (ctx->verify && gnutls_certificate_verify_peers(ssl)) { ++ if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) { + set_error(sock, _("Client certificate verification failed")); + return NE_SOCK_ERROR; + } +-- +1.7.12.3 + diff --git a/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch b/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch new file mode 100644 index 000000000000..861207d4b600 --- /dev/null +++ b/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch @@ -0,0 +1,57 @@ +From 9033b72dc4fa250519379cb39142a3e42141d3f5 Mon Sep 17 00:00:00 2001 +From: Alexander V Vershilov <alexander.vershilov@gmail.com> +Date: Thu, 1 Nov 2012 11:44:36 +0400 +Subject: [PATCH 2/2] neon gnutls types fix + +--- + src/ne_gnutls.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c +index d50c6ce..11dfd8e 100644 +--- a/src/ne_gnutls.c ++++ b/src/ne_gnutls.c +@@ -83,7 +83,7 @@ struct ne_ssl_certificate_s { + }; + + struct ne_ssl_client_cert_s { +- gnutls_pkcs12 p12; ++ gnutls_pkcs12_t p12; + int decrypted; /* non-zero if successfully decrypted. */ + int keyless; + ne_ssl_certificate cert; +@@ -1041,11 +1041,11 @@ static int read_to_datum(const char *filename, gnutls_datum *datum) + /* Parses a PKCS#12 structure and loads the certificate, private key + * and friendly name if possible. Returns zero on success, non-zero + * on error. */ +-static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, ++static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey *pkey, + gnutls_x509_crt *x5, char **friendly_name, + const char *password) + { +- gnutls_pkcs12_bag bag = NULL; ++ gnutls_pkcs12_bag_t bag = NULL; + int i, j, ret = 0; + + for (i = 0; ret == 0; ++i) { +@@ -1060,7 +1060,7 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, + gnutls_pkcs12_bag_decrypt(bag, password); + + for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) { +- gnutls_pkcs12_bag_type type; ++ gnutls_pkcs12_bag_type_t type; + gnutls_datum data; + + if (friendly_name && *friendly_name == NULL) { +@@ -1130,7 +1130,7 @@ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) + { + int ret; + gnutls_datum data; +- gnutls_pkcs12 p12; ++ gnutls_pkcs12_t p12; + ne_ssl_client_cert *cc; + char *friendly_name = NULL; + gnutls_x509_crt cert = NULL; +-- +1.7.12.3 + diff --git a/net-libs/neon/neon-0.29.6-r1.ebuild b/net-libs/neon/neon-0.29.6-r1.ebuild index e4e9a90495fe..56b8a93c6417 100644 --- a/net-libs/neon/neon-0.29.6-r1.ebuild +++ b/net-libs/neon/neon-0.29.6-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/neon/neon-0.29.6-r1.ebuild,v 1.14 2012/09/05 19:43:54 floppym Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-libs/neon/neon-0.29.6-r1.ebuild,v 1.15 2012/11/01 15:52:27 qnikst Exp $ EAPI="4" @@ -47,6 +47,8 @@ src_prepare() { sed -i -e "s/ALL_LINGUAS=.*/ALL_LINGUAS=\"${linguas}\"/g" configure.in epatch "${FILESDIR}"/${PN}-0.29.6-no-ssl-check.patch + epatch "${FILESDIR}"/${PN}-0.29.6-gnutls-3-functions.patch + epatch "${FILESDIR}"/${PN}-0.29.6-gnutls-3-types.patch AT_M4DIR="macros" eautoreconf elibtoolize |