diff options
Diffstat (limited to 'net-libs/neon')
-rw-r--r-- | net-libs/neon/ChangeLog | 11 | ||||
-rw-r--r-- | net-libs/neon/files/neon-0.29.6-doc.patch | 15 | ||||
-rw-r--r-- | net-libs/neon/files/neon-0.29.6-gnutls-3-backport.patch | 96 | ||||
-rw-r--r-- | net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch | 120 | ||||
-rw-r--r-- | net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch | 57 | ||||
-rw-r--r-- | net-libs/neon/files/neon-0.29.6-no-ssl-check.patch | 22 | ||||
-rw-r--r-- | net-libs/neon/neon-0.29.6-r5.ebuild | 105 |
7 files changed, 425 insertions, 1 deletions
diff --git a/net-libs/neon/ChangeLog b/net-libs/neon/ChangeLog index 38b87edb81bf..c412876f05cd 100644 --- a/net-libs/neon/ChangeLog +++ b/net-libs/neon/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for net-libs/neon # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/neon/ChangeLog,v 1.69 2014/01/26 18:40:15 floppym Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-libs/neon/ChangeLog,v 1.70 2014/01/26 23:36:39 floppym Exp $ + +*neon-0.29.6-r5 (26 Jan 2014) + + 26 Jan 2014; Mike Gilbert <floppym@gentoo.org> +files/neon-0.29.6-doc.patch, + +files/neon-0.29.6-gnutls-3-backport.patch, + +files/neon-0.29.6-gnutls-3-functions.patch, + +files/neon-0.29.6-gnutls-3-types.patch, + +files/neon-0.29.6-no-ssl-check.patch, +neon-0.29.6-r5.ebuild: + Restore old version to satisfy www-misc/litmus. 26 Jan 2014; Mike Gilbert <floppym@gentoo.org> -files/neon-0.29.6-doc.patch, -files/neon-0.29.6-gnutls-3-backport.patch, diff --git a/net-libs/neon/files/neon-0.29.6-doc.patch b/net-libs/neon/files/neon-0.29.6-doc.patch new file mode 100644 index 000000000000..194bb8e66d4f --- /dev/null +++ b/net-libs/neon/files/neon-0.29.6-doc.patch @@ -0,0 +1,15 @@ +This patch fixes docdir path + +Patch by Chris Mayo <aklhfex@gmail.com> +see https://bugs.gentoo.org/show_bug.cgi?id=458628 +--- Makefile.in.orig ++++ Makefile.in +@@ -22,7 +22,7 @@ + man3dir = $(mandir)/man3 + datarootdir = @datarootdir@ + datadir = @datadir@ +-docdir = $(datadir)/doc/neon-@NEON_VERSION@ ++docdir = @docdir@ + includedir = @includedir@ + neonincludes = $(includedir)/neon + pkgconfigdir = $(libdir)/pkgconfig diff --git a/net-libs/neon/files/neon-0.29.6-gnutls-3-backport.patch b/net-libs/neon/files/neon-0.29.6-gnutls-3-backport.patch new file mode 100644 index 000000000000..e699741ea4a2 --- /dev/null +++ b/net-libs/neon/files/neon-0.29.6-gnutls-3-backport.patch @@ -0,0 +1,96 @@ +BUGZILLA-GENTOO: https://bugs.gentoo.org/show_bug.cgi?id=440936, +BUGZILLA-GNUTLS: https://savannah.gnu.org/support/index.php?108189 + +This patch fixes situation when subversion fails on some https sources +due incorrect handing of issuers in neon library. + +Patch is backported from upstream. + +diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c +index 5a5dca9..0eef990 100644 +--- a/src/ne_gnutls.c ++++ b/src/ne_gnutls.c +@@ -1,6 +1,6 @@ + /* + neon SSL/TLS support using GNU TLS +- Copyright (C) 2002-2010, Joe Orton <joe@manyfish.co.uk> ++ Copyright (C) 2002-2011, Joe Orton <joe@manyfish.co.uk> + Copyright (C) 2004, Aleix Conchillo Flaque <aleix@member.fsf.org> + + This library is free software; you can redistribute it and/or +@@ -486,7 +486,7 @@ static ne_ssl_certificate *populate_cert(ne_ssl_certificate *cert, + static gnutls_x509_crt x509_crt_copy(gnutls_x509_crt src) + { + int ret; +- size_t size; ++ size_t size = 0; + gnutls_datum tmp; + gnutls_x509_crt dest; + +@@ -680,6 +680,11 @@ void ne_ssl_context_set_flag(ne_ssl_context *ctx, int flag, int value) + /* SSLv2 not supported. */ + } + ++int ne_ssl_context_get_flag(ne_ssl_context *ctx, int flag) ++{ ++ return 0; ++} ++ + void ne_ssl_context_destroy(ne_ssl_context *ctx) + { + gnutls_certificate_free_credentials(ctx->cred); +@@ -1128,6 +1133,21 @@ static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey *pkey, + + ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) + { ++ gnutls_datum datum; ++ ne_ssl_client_cert *cc; ++ ++ if (read_to_datum(filename, &datum)) ++ return NULL; ++ ++ cc = ne_ssl_clicert_import(datum.data, datum.size); ++ ++ ne_free(datum.data); ++ ++ return cc; ++} ++ ++ne_ssl_client_cert *ne_ssl_clicert_import(const unsigned char *buffer, size_t buflen) ++{ + int ret; + gnutls_datum data; + gnutls_pkcs12_t p12; +@@ -1136,15 +1156,14 @@ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) + gnutls_x509_crt cert = NULL; + gnutls_x509_privkey pkey = NULL; + +- if (read_to_datum(filename, &data)) +- return NULL; ++ data.data = buffer; ++ data.size = buflen; + + if (gnutls_pkcs12_init(&p12) != 0) { + return NULL; + } + + ret = gnutls_pkcs12_import(p12, &data, GNUTLS_X509_FMT_DER, 0); +- ne_free(data.data); + if (ret < 0) { + gnutls_pkcs12_deinit(p12); + return NULL; + +diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c +index 0eef990..2ed90c2 100644 +--- a/src/ne_gnutls.c ++++ b/src/ne_gnutls.c +@@ -60,6 +60,9 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL; + #include "ne_private.h" + #include "ne_privssl.h" + ++ ++ne_ssl_client_cert *ne_ssl_clicert_import(const unsigned char *buffer, size_t buflen); ++ + #if LIBGNUTLS_VERSION_NUMBER >= 0x020302 + /* The GnuTLS DN functions in 2.3.2 and later allow a simpler DN + * abstraction to be used. */ diff --git a/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch b/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch new file mode 100644 index 000000000000..77fe9320228d --- /dev/null +++ b/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch @@ -0,0 +1,120 @@ +From d7516e56dc854308349419b81904e9a61751cde4 Mon Sep 17 00:00:00 2001 +From: Alexander V Vershilov <alexander.vershilov@gmail.com> +Date: Thu, 1 Nov 2012 11:44:10 +0400 +Subject: [PATCH 1/2] neon gnutls-3 fixes + +--- + macros/neon.m4 | 9 ++++++++- + src/ne_gnutls.c | 13 +++++++++++-- + src/ne_socket.c | 10 +++++++--- + 3 files changed, 26 insertions(+), 6 deletions(-) + +diff --git a/macros/neon.m4 b/macros/neon.m4 +index 32111c7..40f1d71 100644 +--- a/macros/neon.m4 ++++ b/macros/neon.m4 +@@ -982,13 +982,20 @@ gnutls) + # Check for functions in later releases + NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \ + gnutls_sign_callback_set \ ++ gnutls_certificate_get_issuer \ + gnutls_certificate_get_x509_cas \ +- gnutls_certificate_verify_peers2]) ++ gnutls_certificate_verify_peers2 \ ++ gnutls_x509_crt_sign2]) + + # fail if gnutls_certificate_verify_peers2 is not found + if test x${ac_cv_func_gnutls_certificate_verify_peers2} != xyes; then + AC_MSG_ERROR([GnuTLS version predates gnutls_certificate_verify_peers2, newer version required]) + fi ++ ++ # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required) ++ if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then ++ AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)]) ++ fi + + # Check for iconv support if using the new RDN access functions: + if test ${ac_cv_func_gnutls_x509_dn_get_rdn_ava}X${ac_cv_header_iconv_h} = yesXyes; then +diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c +index eec5655..d50c6ce 100644 +--- a/src/ne_gnutls.c ++++ b/src/ne_gnutls.c +@@ -692,7 +692,7 @@ void ne_ssl_context_destroy(ne_ssl_context *ctx) + ne_free(ctx); + } + +-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS ++#if !defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) && defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS) + /* Return the issuer of the given certificate, or NULL if none can be + * found. */ + static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list, +@@ -747,20 +747,29 @@ static ne_ssl_certificate *make_peers_chain(gnutls_session sock, + } + } + +-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS ++#if defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) || defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS) + /* GnuTLS only returns the peers which were *sent* by the server + * in the Certificate list during the handshake. Fill in the + * complete chain manually against the certs we trust: */ + if (current->issuer == NULL) { + gnutls_x509_crt issuer; ++ ++#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER + gnutls_x509_crt *ca_list; + unsigned int num_cas; + + gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas); ++#endif + + do { + /* Look up the issuer. */ ++#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER + issuer = find_issuer(ca_list, num_cas, current->subject); ++#else ++ if (gnutls_certificate_get_issuer(crd, current->subject, &issuer, 0)) ++ issuer = NULL; ++#endif ++ + if (issuer) { + issuer = x509_crt_copy(issuer); + cert = populate_cert(ne_calloc(sizeof *cert), issuer); +diff --git a/src/ne_socket.c b/src/ne_socket.c +index 12cf020..faee20c 100644 +--- a/src/ne_socket.c ++++ b/src/ne_socket.c +@@ -721,9 +721,11 @@ static ssize_t error_gnutls(ne_socket *sock, ssize_t sret) + _("SSL alert received: %s"), + gnutls_alert_get_name(gnutls_alert_get(sock->ssl))); + break; ++#if GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 99) ++ case GNUTLS_E_PREMATURE_TERMINATION: ++#else + case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: +- /* It's not exactly an API guarantee but this error will +- * always mean a premature EOF. */ ++#endif + ret = NE_SOCK_TRUNC; + set_error(sock, _("Secure connection truncated")); + break; +@@ -1678,6 +1680,8 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx) + NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n"); + } + #elif defined(HAVE_GNUTLS) ++ unsigned int verify_status; ++ + gnutls_init(&ssl, GNUTLS_SERVER); + gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); + gnutls_set_default_priority(ssl); +@@ -1697,7 +1701,7 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx) + if (ret < 0) { + return error_gnutls(sock, ret); + } +- if (ctx->verify && gnutls_certificate_verify_peers(ssl)) { ++ if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) { + set_error(sock, _("Client certificate verification failed")); + return NE_SOCK_ERROR; + } +-- +1.7.12.3 + diff --git a/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch b/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch new file mode 100644 index 000000000000..861207d4b600 --- /dev/null +++ b/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch @@ -0,0 +1,57 @@ +From 9033b72dc4fa250519379cb39142a3e42141d3f5 Mon Sep 17 00:00:00 2001 +From: Alexander V Vershilov <alexander.vershilov@gmail.com> +Date: Thu, 1 Nov 2012 11:44:36 +0400 +Subject: [PATCH 2/2] neon gnutls types fix + +--- + src/ne_gnutls.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c +index d50c6ce..11dfd8e 100644 +--- a/src/ne_gnutls.c ++++ b/src/ne_gnutls.c +@@ -83,7 +83,7 @@ struct ne_ssl_certificate_s { + }; + + struct ne_ssl_client_cert_s { +- gnutls_pkcs12 p12; ++ gnutls_pkcs12_t p12; + int decrypted; /* non-zero if successfully decrypted. */ + int keyless; + ne_ssl_certificate cert; +@@ -1041,11 +1041,11 @@ static int read_to_datum(const char *filename, gnutls_datum *datum) + /* Parses a PKCS#12 structure and loads the certificate, private key + * and friendly name if possible. Returns zero on success, non-zero + * on error. */ +-static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, ++static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey *pkey, + gnutls_x509_crt *x5, char **friendly_name, + const char *password) + { +- gnutls_pkcs12_bag bag = NULL; ++ gnutls_pkcs12_bag_t bag = NULL; + int i, j, ret = 0; + + for (i = 0; ret == 0; ++i) { +@@ -1060,7 +1060,7 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, + gnutls_pkcs12_bag_decrypt(bag, password); + + for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) { +- gnutls_pkcs12_bag_type type; ++ gnutls_pkcs12_bag_type_t type; + gnutls_datum data; + + if (friendly_name && *friendly_name == NULL) { +@@ -1130,7 +1130,7 @@ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) + { + int ret; + gnutls_datum data; +- gnutls_pkcs12 p12; ++ gnutls_pkcs12_t p12; + ne_ssl_client_cert *cc; + char *friendly_name = NULL; + gnutls_x509_crt cert = NULL; +-- +1.7.12.3 + diff --git a/net-libs/neon/files/neon-0.29.6-no-ssl-check.patch b/net-libs/neon/files/neon-0.29.6-no-ssl-check.patch new file mode 100644 index 000000000000..a4b815a5d1a2 --- /dev/null +++ b/net-libs/neon/files/neon-0.29.6-no-ssl-check.patch @@ -0,0 +1,22 @@ +newer versions of openssl have started to be compatible across minor versions +too, so this sanity check fails. since we already handle compatibility with +openssl via SONAME checks, we don't need this openssl check at all. + +http://marc.info/?l=openssl-dev&m=133176786215023&w=2 + +--- src/ne_socket.c ++++ src/ne_socket.c +@@ -1745,13 +1745,6 @@ int ne_sock_connect_ssl(ne_socket *sock, + return NE_SOCK_ERROR; + } + +- /* If runtime library version differs from compile-time version +- * number in major/minor/fix level, abort soon. */ +- if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & 0xFFFFF000) { +- set_error(sock, _("SSL disabled due to library version mismatch")); +- return NE_SOCK_ERROR; +- } +- + sock->ssl = ssl = SSL_new(ctx->ctx); + if (!ssl) { + set_error(sock, _("Could not create SSL structure")); diff --git a/net-libs/neon/neon-0.29.6-r5.ebuild b/net-libs/neon/neon-0.29.6-r5.ebuild new file mode 100644 index 000000000000..2d775edcc87d --- /dev/null +++ b/net-libs/neon/neon-0.29.6-r5.ebuild @@ -0,0 +1,105 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-libs/neon/neon-0.29.6-r5.ebuild,v 1.3 2014/01/26 23:36:39 floppym Exp $ + +EAPI="4" + +inherit autotools eutils libtool + +DESCRIPTION="HTTP and WebDAV client library" +HOMEPAGE="http://www.webdav.org/neon/" +SRC_URI="http://www.webdav.org/neon/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="doc expat gnutls kerberos libproxy nls pkcs11 ssl static-libs zlib" +IUSE_LINGUAS="cs de fr ja nn pl ru tr zh_CN" +for lingua in ${IUSE_LINGUAS}; do + IUSE+=" linguas_${lingua}" +done +unset lingua +RESTRICT="test" + +RDEPEND="expat? ( dev-libs/expat ) + !expat? ( dev-libs/libxml2 ) + gnutls? ( + app-misc/ca-certificates + >=net-libs/gnutls-2.0 + pkcs11? ( dev-libs/pakchois ) + ) + !gnutls? ( ssl? ( + >=dev-libs/openssl-0.9.6f + pkcs11? ( dev-libs/pakchois ) + ) ) + kerberos? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + nls? ( virtual/libintl ) + zlib? ( sys-libs/zlib )" +DEPEND="${RDEPEND} + virtual/pkgconfig" + +src_prepare() { + local lingua linguas + for lingua in ${IUSE_LINGUAS}; do + use linguas_${lingua} && linguas+=" ${lingua}" + done + sed -i -e "s/ALL_LINGUAS=.*/ALL_LINGUAS=\"${linguas}\"/g" configure.in + + epatch "${FILESDIR}"/${PN}-0.29.6-no-ssl-check.patch + epatch "${FILESDIR}"/${PN}-0.29.6-gnutls-3-functions.patch + epatch "${FILESDIR}"/${PN}-0.29.6-gnutls-3-types.patch + epatch "${FILESDIR}"/${PN}-0.29.6-gnutls-3-backport.patch + epatch "${FILESDIR}"/${PN}-0.29.6-doc.patch + AT_M4DIR="macros" eautoreconf + + elibtoolize +} + +src_configure() { + local myconf=() + + if has_version sys-libs/glibc; then + einfo "Enabling SSL library thread-safety using POSIX threads..." + myconf+=(--enable-threadsafe-ssl=posix) + fi + + if use expat; then + myconf+=(--with-expat) + else + myconf+=(--with-libxml2) + fi + + if use gnutls; then + myconf+=(--with-ssl=gnutls --with-ca-bundle="${EPREFIX}/etc/ssl/certs/ca-certificates.crt") + elif use ssl; then + myconf+=(--with-ssl=openssl) + fi + + # work around broken check, we really need -lintl on Solaris + [[ ${CHOST} == *-solaris* ]] && export ne_cv_libsfor_bindtextdomain=-lintl + + econf \ + --enable-shared \ + --docdir=/usr/share/doc/${PF} \ + $(use_with kerberos gssapi) \ + $(use_with libproxy) \ + $(use_enable nls) \ + $(use_with pkcs11 pakchois) \ + $(use_enable static-libs static) \ + $(use_with zlib) \ + "${myconf[@]}" +} + +src_install() { + emake DESTDIR="${D}" install-lib install-headers install-config install-nls || die "emake install failed" + + find "${ED}" -name "*.la" -print0 | xargs -0 rm -f + + if use doc; then + emake DESTDIR="${D}" install-docs || die "emake install-docs failed" + fi + + dodoc AUTHORS BUGS NEWS README THANKS TODO + doman doc/man/*.[1-8] +} |