4 files changed, 186 insertions, 2 deletions

diff --git a/net-libs/neon/ChangeLog b/net-libs/neon/ChangeLog
index 0c44ca99beb2..2e1331d266d4 100644
--- a/net-libs/neon/ChangeLog
+++ b/net-libs/neon/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for net-libs/neon
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-libs/neon/ChangeLog,v 1.44 2012/09/05 19:43:54 floppym Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-libs/neon/ChangeLog,v 1.45 2012/11/01 15:52:27 qnikst Exp $
+
+  01 Nov 2012; Alexander Vershilov <qnikst@gentoo.org>
+  +files/neon-0.29.6-gnutls-3-functions.patch,
+  +files/neon-0.29.6-gnutls-3-types.patch, neon-0.29.6-r1.ebuild:
+  fix gnutls-3 breakage #421441, thanks to Bartosz Brachaczek
 
   05 Sep 2012; Mike Gilbert <floppym@gentoo.org> neon-0.29.6-r1.ebuild:
   Fix handling of EPREFIX with whitespace. Patch by Arfrever.
diff --git a/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch b/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch
new file mode 100644
index 000000000000..77fe9320228d
--- /dev/null
+++ b/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch
@@ -0,0 +1,120 @@
+From d7516e56dc854308349419b81904e9a61751cde4 Mon Sep 17 00:00:00 2001
+From: Alexander V Vershilov <alexander.vershilov@gmail.com>
+Date: Thu, 1 Nov 2012 11:44:10 +0400
+Subject: [PATCH 1/2] neon gnutls-3 fixes
+
+---
+ macros/neon.m4  |  9 ++++++++-
+ src/ne_gnutls.c | 13 +++++++++++--
+ src/ne_socket.c | 10 +++++++---
+ 3 files changed, 26 insertions(+), 6 deletions(-)
+
+diff --git a/macros/neon.m4 b/macros/neon.m4
+index 32111c7..40f1d71 100644
+--- a/macros/neon.m4
++++ b/macros/neon.m4
+@@ -982,13 +982,20 @@ gnutls)
+    # Check for functions in later releases
+    NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \
+                   gnutls_sign_callback_set \
++                  gnutls_certificate_get_issuer \
+                   gnutls_certificate_get_x509_cas \
+-                  gnutls_certificate_verify_peers2])
++                  gnutls_certificate_verify_peers2 \
++                  gnutls_x509_crt_sign2])
+ 
+    # fail if gnutls_certificate_verify_peers2 is not found
+    if test x${ac_cv_func_gnutls_certificate_verify_peers2} != xyes; then
+        AC_MSG_ERROR([GnuTLS version predates gnutls_certificate_verify_peers2, newer version required])
+    fi
++
++   # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required)
++   if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then
++       AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)])
++   fi
+                   
+    # Check for iconv support if using the new RDN access functions:
+    if test ${ac_cv_func_gnutls_x509_dn_get_rdn_ava}X${ac_cv_header_iconv_h} = yesXyes; then
+diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
+index eec5655..d50c6ce 100644
+--- a/src/ne_gnutls.c
++++ b/src/ne_gnutls.c
+@@ -692,7 +692,7 @@ void ne_ssl_context_destroy(ne_ssl_context *ctx)
+     ne_free(ctx);
+ }
+ 
+-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
++#if !defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) && defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS)
+ /* Return the issuer of the given certificate, or NULL if none can be
+  * found. */
+ static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list,
+@@ -747,20 +747,29 @@ static ne_ssl_certificate *make_peers_chain(gnutls_session sock,
+         }
+     }
+ 
+-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
++#if defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) || defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS)
+     /* GnuTLS only returns the peers which were *sent* by the server
+      * in the Certificate list during the handshake.  Fill in the
+      * complete chain manually against the certs we trust: */
+     if (current->issuer == NULL) {
+         gnutls_x509_crt issuer;
++
++#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
+         gnutls_x509_crt *ca_list;
+         unsigned int num_cas;
+         
+         gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas);
++#endif
+ 
+         do { 
+             /* Look up the issuer. */
++#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
+             issuer = find_issuer(ca_list, num_cas, current->subject);
++#else
++            if (gnutls_certificate_get_issuer(crd, current->subject, &issuer, 0))
++                issuer = NULL;
++#endif
++
+             if (issuer) {
+                 issuer = x509_crt_copy(issuer);
+                 cert = populate_cert(ne_calloc(sizeof *cert), issuer);
+diff --git a/src/ne_socket.c b/src/ne_socket.c
+index 12cf020..faee20c 100644
+--- a/src/ne_socket.c
++++ b/src/ne_socket.c
+@@ -721,9 +721,11 @@ static ssize_t error_gnutls(ne_socket *sock, ssize_t sret)
+                     _("SSL alert received: %s"),
+                     gnutls_alert_get_name(gnutls_alert_get(sock->ssl)));
+         break;
++#if GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 99)
++    case GNUTLS_E_PREMATURE_TERMINATION:
++#else
+     case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
+-        /* It's not exactly an API guarantee but this error will
+-         * always mean a premature EOF. */
++#endif
+         ret = NE_SOCK_TRUNC;
+         set_error(sock, _("Secure connection truncated"));
+         break;
+@@ -1678,6 +1680,8 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx)
+         NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n");
+     }
+ #elif defined(HAVE_GNUTLS)
++    unsigned int verify_status;
++
+     gnutls_init(&ssl, GNUTLS_SERVER);
+     gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred);
+     gnutls_set_default_priority(ssl);
+@@ -1697,7 +1701,7 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx)
+     if (ret < 0) {
+         return error_gnutls(sock, ret);
+     }
+-    if (ctx->verify && gnutls_certificate_verify_peers(ssl)) {
++    if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) {
+         set_error(sock, _("Client certificate verification failed"));
+         return NE_SOCK_ERROR;
+     }
+-- 
+1.7.12.3
+
diff --git a/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch b/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch
new file mode 100644
index 000000000000..861207d4b600
--- /dev/null
+++ b/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch
@@ -0,0 +1,57 @@
+From 9033b72dc4fa250519379cb39142a3e42141d3f5 Mon Sep 17 00:00:00 2001
+From: Alexander V Vershilov <alexander.vershilov@gmail.com>
+Date: Thu, 1 Nov 2012 11:44:36 +0400
+Subject: [PATCH 2/2] neon gnutls types fix
+
+---
+ src/ne_gnutls.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
+index d50c6ce..11dfd8e 100644
+--- a/src/ne_gnutls.c
++++ b/src/ne_gnutls.c
+@@ -83,7 +83,7 @@ struct ne_ssl_certificate_s {
+ };
+ 
+ struct ne_ssl_client_cert_s {
+-    gnutls_pkcs12 p12;
++    gnutls_pkcs12_t p12;
+     int decrypted; /* non-zero if successfully decrypted. */
+     int keyless;
+     ne_ssl_certificate cert;
+@@ -1041,11 +1041,11 @@ static int read_to_datum(const char *filename, gnutls_datum *datum)
+ /* Parses a PKCS#12 structure and loads the certificate, private key
+  * and friendly name if possible.  Returns zero on success, non-zero
+  * on error. */
+-static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,
++static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey *pkey,
+                         gnutls_x509_crt *x5, char **friendly_name,
+                         const char *password)
+ {
+-    gnutls_pkcs12_bag bag = NULL;
++    gnutls_pkcs12_bag_t bag = NULL;
+     int i, j, ret = 0;
+ 
+     for (i = 0; ret == 0; ++i) {
+@@ -1060,7 +1060,7 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,
+         gnutls_pkcs12_bag_decrypt(bag, password);
+ 
+         for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) {
+-            gnutls_pkcs12_bag_type type;
++            gnutls_pkcs12_bag_type_t type;
+             gnutls_datum data;
+ 
+             if (friendly_name && *friendly_name == NULL) {
+@@ -1130,7 +1130,7 @@ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename)
+ {
+     int ret;
+     gnutls_datum data;
+-    gnutls_pkcs12 p12;
++    gnutls_pkcs12_t p12;
+     ne_ssl_client_cert *cc;
+     char *friendly_name = NULL;
+     gnutls_x509_crt cert = NULL;
+-- 
+1.7.12.3
+
diff --git a/net-libs/neon/neon-0.29.6-r1.ebuild b/net-libs/neon/neon-0.29.6-r1.ebuild
index e4e9a90495fe..56b8a93c6417 100644
--- a/net-libs/neon/neon-0.29.6-r1.ebuild
+++ b/net-libs/neon/neon-0.29.6-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-libs/neon/neon-0.29.6-r1.ebuild,v 1.14 2012/09/05 19:43:54 floppym Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-libs/neon/neon-0.29.6-r1.ebuild,v 1.15 2012/11/01 15:52:27 qnikst Exp $
 
 EAPI="4"
 
@@ -47,6 +47,8 @@ src_prepare() {
 	sed -i -e "s/ALL_LINGUAS=.*/ALL_LINGUAS=\"${linguas}\"/g" configure.in
 
 	epatch "${FILESDIR}"/${PN}-0.29.6-no-ssl-check.patch
+	epatch "${FILESDIR}"/${PN}-0.29.6-gnutls-3-functions.patch
+	epatch "${FILESDIR}"/${PN}-0.29.6-gnutls-3-types.patch
 	AT_M4DIR="macros" eautoreconf
 
 	elibtoolize