summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-libs/neon')
-rw-r--r--net-libs/neon/ChangeLog11
-rw-r--r--net-libs/neon/files/neon-0.29.6-doc.patch15
-rw-r--r--net-libs/neon/files/neon-0.29.6-gnutls-3-backport.patch96
-rw-r--r--net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch120
-rw-r--r--net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch57
-rw-r--r--net-libs/neon/files/neon-0.29.6-no-ssl-check.patch22
-rw-r--r--net-libs/neon/neon-0.29.6-r5.ebuild105
7 files changed, 425 insertions, 1 deletions
diff --git a/net-libs/neon/ChangeLog b/net-libs/neon/ChangeLog
index 38b87edb81bf..c412876f05cd 100644
--- a/net-libs/neon/ChangeLog
+++ b/net-libs/neon/ChangeLog
@@ -1,6 +1,15 @@
# ChangeLog for net-libs/neon
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-libs/neon/ChangeLog,v 1.69 2014/01/26 18:40:15 floppym Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-libs/neon/ChangeLog,v 1.70 2014/01/26 23:36:39 floppym Exp $
+
+*neon-0.29.6-r5 (26 Jan 2014)
+
+ 26 Jan 2014; Mike Gilbert <floppym@gentoo.org> +files/neon-0.29.6-doc.patch,
+ +files/neon-0.29.6-gnutls-3-backport.patch,
+ +files/neon-0.29.6-gnutls-3-functions.patch,
+ +files/neon-0.29.6-gnutls-3-types.patch,
+ +files/neon-0.29.6-no-ssl-check.patch, +neon-0.29.6-r5.ebuild:
+ Restore old version to satisfy www-misc/litmus.
26 Jan 2014; Mike Gilbert <floppym@gentoo.org> -files/neon-0.29.6-doc.patch,
-files/neon-0.29.6-gnutls-3-backport.patch,
diff --git a/net-libs/neon/files/neon-0.29.6-doc.patch b/net-libs/neon/files/neon-0.29.6-doc.patch
new file mode 100644
index 000000000000..194bb8e66d4f
--- /dev/null
+++ b/net-libs/neon/files/neon-0.29.6-doc.patch
@@ -0,0 +1,15 @@
+This patch fixes docdir path
+
+Patch by Chris Mayo <aklhfex@gmail.com>
+see https://bugs.gentoo.org/show_bug.cgi?id=458628
+--- Makefile.in.orig
++++ Makefile.in
+@@ -22,7 +22,7 @@
+ man3dir = $(mandir)/man3
+ datarootdir = @datarootdir@
+ datadir = @datadir@
+-docdir = $(datadir)/doc/neon-@NEON_VERSION@
++docdir = @docdir@
+ includedir = @includedir@
+ neonincludes = $(includedir)/neon
+ pkgconfigdir = $(libdir)/pkgconfig
diff --git a/net-libs/neon/files/neon-0.29.6-gnutls-3-backport.patch b/net-libs/neon/files/neon-0.29.6-gnutls-3-backport.patch
new file mode 100644
index 000000000000..e699741ea4a2
--- /dev/null
+++ b/net-libs/neon/files/neon-0.29.6-gnutls-3-backport.patch
@@ -0,0 +1,96 @@
+BUGZILLA-GENTOO: https://bugs.gentoo.org/show_bug.cgi?id=440936,
+BUGZILLA-GNUTLS: https://savannah.gnu.org/support/index.php?108189
+
+This patch fixes situation when subversion fails on some https sources
+due incorrect handing of issuers in neon library.
+
+Patch is backported from upstream.
+
+diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
+index 5a5dca9..0eef990 100644
+--- a/src/ne_gnutls.c
++++ b/src/ne_gnutls.c
+@@ -1,6 +1,6 @@
+ /*
+ neon SSL/TLS support using GNU TLS
+- Copyright (C) 2002-2010, Joe Orton <joe@manyfish.co.uk>
++ Copyright (C) 2002-2011, Joe Orton <joe@manyfish.co.uk>
+ Copyright (C) 2004, Aleix Conchillo Flaque <aleix@member.fsf.org>
+
+ This library is free software; you can redistribute it and/or
+@@ -486,7 +486,7 @@ static ne_ssl_certificate *populate_cert(ne_ssl_certificate *cert,
+ static gnutls_x509_crt x509_crt_copy(gnutls_x509_crt src)
+ {
+ int ret;
+- size_t size;
++ size_t size = 0;
+ gnutls_datum tmp;
+ gnutls_x509_crt dest;
+
+@@ -680,6 +680,11 @@ void ne_ssl_context_set_flag(ne_ssl_context *ctx, int flag, int value)
+ /* SSLv2 not supported. */
+ }
+
++int ne_ssl_context_get_flag(ne_ssl_context *ctx, int flag)
++{
++ return 0;
++}
++
+ void ne_ssl_context_destroy(ne_ssl_context *ctx)
+ {
+ gnutls_certificate_free_credentials(ctx->cred);
+@@ -1128,6 +1133,21 @@ static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey *pkey,
+
+ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename)
+ {
++ gnutls_datum datum;
++ ne_ssl_client_cert *cc;
++
++ if (read_to_datum(filename, &datum))
++ return NULL;
++
++ cc = ne_ssl_clicert_import(datum.data, datum.size);
++
++ ne_free(datum.data);
++
++ return cc;
++}
++
++ne_ssl_client_cert *ne_ssl_clicert_import(const unsigned char *buffer, size_t buflen)
++{
+ int ret;
+ gnutls_datum data;
+ gnutls_pkcs12_t p12;
+@@ -1136,15 +1156,14 @@ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename)
+ gnutls_x509_crt cert = NULL;
+ gnutls_x509_privkey pkey = NULL;
+
+- if (read_to_datum(filename, &data))
+- return NULL;
++ data.data = buffer;
++ data.size = buflen;
+
+ if (gnutls_pkcs12_init(&p12) != 0) {
+ return NULL;
+ }
+
+ ret = gnutls_pkcs12_import(p12, &data, GNUTLS_X509_FMT_DER, 0);
+- ne_free(data.data);
+ if (ret < 0) {
+ gnutls_pkcs12_deinit(p12);
+ return NULL;
+
+diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
+index 0eef990..2ed90c2 100644
+--- a/src/ne_gnutls.c
++++ b/src/ne_gnutls.c
+@@ -60,6 +60,9 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL;
+ #include "ne_private.h"
+ #include "ne_privssl.h"
+
++
++ne_ssl_client_cert *ne_ssl_clicert_import(const unsigned char *buffer, size_t buflen);
++
+ #if LIBGNUTLS_VERSION_NUMBER >= 0x020302
+ /* The GnuTLS DN functions in 2.3.2 and later allow a simpler DN
+ * abstraction to be used. */
diff --git a/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch b/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch
new file mode 100644
index 000000000000..77fe9320228d
--- /dev/null
+++ b/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch
@@ -0,0 +1,120 @@
+From d7516e56dc854308349419b81904e9a61751cde4 Mon Sep 17 00:00:00 2001
+From: Alexander V Vershilov <alexander.vershilov@gmail.com>
+Date: Thu, 1 Nov 2012 11:44:10 +0400
+Subject: [PATCH 1/2] neon gnutls-3 fixes
+
+---
+ macros/neon.m4 | 9 ++++++++-
+ src/ne_gnutls.c | 13 +++++++++++--
+ src/ne_socket.c | 10 +++++++---
+ 3 files changed, 26 insertions(+), 6 deletions(-)
+
+diff --git a/macros/neon.m4 b/macros/neon.m4
+index 32111c7..40f1d71 100644
+--- a/macros/neon.m4
++++ b/macros/neon.m4
+@@ -982,13 +982,20 @@ gnutls)
+ # Check for functions in later releases
+ NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \
+ gnutls_sign_callback_set \
++ gnutls_certificate_get_issuer \
+ gnutls_certificate_get_x509_cas \
+- gnutls_certificate_verify_peers2])
++ gnutls_certificate_verify_peers2 \
++ gnutls_x509_crt_sign2])
+
+ # fail if gnutls_certificate_verify_peers2 is not found
+ if test x${ac_cv_func_gnutls_certificate_verify_peers2} != xyes; then
+ AC_MSG_ERROR([GnuTLS version predates gnutls_certificate_verify_peers2, newer version required])
+ fi
++
++ # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required)
++ if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then
++ AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)])
++ fi
+
+ # Check for iconv support if using the new RDN access functions:
+ if test ${ac_cv_func_gnutls_x509_dn_get_rdn_ava}X${ac_cv_header_iconv_h} = yesXyes; then
+diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
+index eec5655..d50c6ce 100644
+--- a/src/ne_gnutls.c
++++ b/src/ne_gnutls.c
+@@ -692,7 +692,7 @@ void ne_ssl_context_destroy(ne_ssl_context *ctx)
+ ne_free(ctx);
+ }
+
+-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
++#if !defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) && defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS)
+ /* Return the issuer of the given certificate, or NULL if none can be
+ * found. */
+ static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list,
+@@ -747,20 +747,29 @@ static ne_ssl_certificate *make_peers_chain(gnutls_session sock,
+ }
+ }
+
+-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
++#if defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) || defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS)
+ /* GnuTLS only returns the peers which were *sent* by the server
+ * in the Certificate list during the handshake. Fill in the
+ * complete chain manually against the certs we trust: */
+ if (current->issuer == NULL) {
+ gnutls_x509_crt issuer;
++
++#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
+ gnutls_x509_crt *ca_list;
+ unsigned int num_cas;
+
+ gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas);
++#endif
+
+ do {
+ /* Look up the issuer. */
++#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
+ issuer = find_issuer(ca_list, num_cas, current->subject);
++#else
++ if (gnutls_certificate_get_issuer(crd, current->subject, &issuer, 0))
++ issuer = NULL;
++#endif
++
+ if (issuer) {
+ issuer = x509_crt_copy(issuer);
+ cert = populate_cert(ne_calloc(sizeof *cert), issuer);
+diff --git a/src/ne_socket.c b/src/ne_socket.c
+index 12cf020..faee20c 100644
+--- a/src/ne_socket.c
++++ b/src/ne_socket.c
+@@ -721,9 +721,11 @@ static ssize_t error_gnutls(ne_socket *sock, ssize_t sret)
+ _("SSL alert received: %s"),
+ gnutls_alert_get_name(gnutls_alert_get(sock->ssl)));
+ break;
++#if GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 99)
++ case GNUTLS_E_PREMATURE_TERMINATION:
++#else
+ case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
+- /* It's not exactly an API guarantee but this error will
+- * always mean a premature EOF. */
++#endif
+ ret = NE_SOCK_TRUNC;
+ set_error(sock, _("Secure connection truncated"));
+ break;
+@@ -1678,6 +1680,8 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx)
+ NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n");
+ }
+ #elif defined(HAVE_GNUTLS)
++ unsigned int verify_status;
++
+ gnutls_init(&ssl, GNUTLS_SERVER);
+ gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred);
+ gnutls_set_default_priority(ssl);
+@@ -1697,7 +1701,7 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx)
+ if (ret < 0) {
+ return error_gnutls(sock, ret);
+ }
+- if (ctx->verify && gnutls_certificate_verify_peers(ssl)) {
++ if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) {
+ set_error(sock, _("Client certificate verification failed"));
+ return NE_SOCK_ERROR;
+ }
+--
+1.7.12.3
+
diff --git a/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch b/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch
new file mode 100644
index 000000000000..861207d4b600
--- /dev/null
+++ b/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch
@@ -0,0 +1,57 @@
+From 9033b72dc4fa250519379cb39142a3e42141d3f5 Mon Sep 17 00:00:00 2001
+From: Alexander V Vershilov <alexander.vershilov@gmail.com>
+Date: Thu, 1 Nov 2012 11:44:36 +0400
+Subject: [PATCH 2/2] neon gnutls types fix
+
+---
+ src/ne_gnutls.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
+index d50c6ce..11dfd8e 100644
+--- a/src/ne_gnutls.c
++++ b/src/ne_gnutls.c
+@@ -83,7 +83,7 @@ struct ne_ssl_certificate_s {
+ };
+
+ struct ne_ssl_client_cert_s {
+- gnutls_pkcs12 p12;
++ gnutls_pkcs12_t p12;
+ int decrypted; /* non-zero if successfully decrypted. */
+ int keyless;
+ ne_ssl_certificate cert;
+@@ -1041,11 +1041,11 @@ static int read_to_datum(const char *filename, gnutls_datum *datum)
+ /* Parses a PKCS#12 structure and loads the certificate, private key
+ * and friendly name if possible. Returns zero on success, non-zero
+ * on error. */
+-static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,
++static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey *pkey,
+ gnutls_x509_crt *x5, char **friendly_name,
+ const char *password)
+ {
+- gnutls_pkcs12_bag bag = NULL;
++ gnutls_pkcs12_bag_t bag = NULL;
+ int i, j, ret = 0;
+
+ for (i = 0; ret == 0; ++i) {
+@@ -1060,7 +1060,7 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,
+ gnutls_pkcs12_bag_decrypt(bag, password);
+
+ for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) {
+- gnutls_pkcs12_bag_type type;
++ gnutls_pkcs12_bag_type_t type;
+ gnutls_datum data;
+
+ if (friendly_name && *friendly_name == NULL) {
+@@ -1130,7 +1130,7 @@ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename)
+ {
+ int ret;
+ gnutls_datum data;
+- gnutls_pkcs12 p12;
++ gnutls_pkcs12_t p12;
+ ne_ssl_client_cert *cc;
+ char *friendly_name = NULL;
+ gnutls_x509_crt cert = NULL;
+--
+1.7.12.3
+
diff --git a/net-libs/neon/files/neon-0.29.6-no-ssl-check.patch b/net-libs/neon/files/neon-0.29.6-no-ssl-check.patch
new file mode 100644
index 000000000000..a4b815a5d1a2
--- /dev/null
+++ b/net-libs/neon/files/neon-0.29.6-no-ssl-check.patch
@@ -0,0 +1,22 @@
+newer versions of openssl have started to be compatible across minor versions
+too, so this sanity check fails. since we already handle compatibility with
+openssl via SONAME checks, we don't need this openssl check at all.
+
+http://marc.info/?l=openssl-dev&m=133176786215023&w=2
+
+--- src/ne_socket.c
++++ src/ne_socket.c
+@@ -1745,13 +1745,6 @@ int ne_sock_connect_ssl(ne_socket *sock,
+ return NE_SOCK_ERROR;
+ }
+
+- /* If runtime library version differs from compile-time version
+- * number in major/minor/fix level, abort soon. */
+- if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & 0xFFFFF000) {
+- set_error(sock, _("SSL disabled due to library version mismatch"));
+- return NE_SOCK_ERROR;
+- }
+-
+ sock->ssl = ssl = SSL_new(ctx->ctx);
+ if (!ssl) {
+ set_error(sock, _("Could not create SSL structure"));
diff --git a/net-libs/neon/neon-0.29.6-r5.ebuild b/net-libs/neon/neon-0.29.6-r5.ebuild
new file mode 100644
index 000000000000..2d775edcc87d
--- /dev/null
+++ b/net-libs/neon/neon-0.29.6-r5.ebuild
@@ -0,0 +1,105 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-libs/neon/neon-0.29.6-r5.ebuild,v 1.3 2014/01/26 23:36:39 floppym Exp $
+
+EAPI="4"
+
+inherit autotools eutils libtool
+
+DESCRIPTION="HTTP and WebDAV client library"
+HOMEPAGE="http://www.webdav.org/neon/"
+SRC_URI="http://www.webdav.org/neon/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="doc expat gnutls kerberos libproxy nls pkcs11 ssl static-libs zlib"
+IUSE_LINGUAS="cs de fr ja nn pl ru tr zh_CN"
+for lingua in ${IUSE_LINGUAS}; do
+ IUSE+=" linguas_${lingua}"
+done
+unset lingua
+RESTRICT="test"
+
+RDEPEND="expat? ( dev-libs/expat )
+ !expat? ( dev-libs/libxml2 )
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-2.0
+ pkcs11? ( dev-libs/pakchois )
+ )
+ !gnutls? ( ssl? (
+ >=dev-libs/openssl-0.9.6f
+ pkcs11? ( dev-libs/pakchois )
+ ) )
+ kerberos? ( virtual/krb5 )
+ libproxy? ( net-libs/libproxy )
+ nls? ( virtual/libintl )
+ zlib? ( sys-libs/zlib )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+src_prepare() {
+ local lingua linguas
+ for lingua in ${IUSE_LINGUAS}; do
+ use linguas_${lingua} && linguas+=" ${lingua}"
+ done
+ sed -i -e "s/ALL_LINGUAS=.*/ALL_LINGUAS=\"${linguas}\"/g" configure.in
+
+ epatch "${FILESDIR}"/${PN}-0.29.6-no-ssl-check.patch
+ epatch "${FILESDIR}"/${PN}-0.29.6-gnutls-3-functions.patch
+ epatch "${FILESDIR}"/${PN}-0.29.6-gnutls-3-types.patch
+ epatch "${FILESDIR}"/${PN}-0.29.6-gnutls-3-backport.patch
+ epatch "${FILESDIR}"/${PN}-0.29.6-doc.patch
+ AT_M4DIR="macros" eautoreconf
+
+ elibtoolize
+}
+
+src_configure() {
+ local myconf=()
+
+ if has_version sys-libs/glibc; then
+ einfo "Enabling SSL library thread-safety using POSIX threads..."
+ myconf+=(--enable-threadsafe-ssl=posix)
+ fi
+
+ if use expat; then
+ myconf+=(--with-expat)
+ else
+ myconf+=(--with-libxml2)
+ fi
+
+ if use gnutls; then
+ myconf+=(--with-ssl=gnutls --with-ca-bundle="${EPREFIX}/etc/ssl/certs/ca-certificates.crt")
+ elif use ssl; then
+ myconf+=(--with-ssl=openssl)
+ fi
+
+ # work around broken check, we really need -lintl on Solaris
+ [[ ${CHOST} == *-solaris* ]] && export ne_cv_libsfor_bindtextdomain=-lintl
+
+ econf \
+ --enable-shared \
+ --docdir=/usr/share/doc/${PF} \
+ $(use_with kerberos gssapi) \
+ $(use_with libproxy) \
+ $(use_enable nls) \
+ $(use_with pkcs11 pakchois) \
+ $(use_enable static-libs static) \
+ $(use_with zlib) \
+ "${myconf[@]}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install-lib install-headers install-config install-nls || die "emake install failed"
+
+ find "${ED}" -name "*.la" -print0 | xargs -0 rm -f
+
+ if use doc; then
+ emake DESTDIR="${D}" install-docs || die "emake install-docs failed"
+ fi
+
+ dodoc AUTHORS BUGS NEWS README THANKS TODO
+ doman doc/man/*.[1-8]
+}