net-firewall/nufw: support gnutls-3.4 + eapi bump

Bug: 583608 Package-Manager: Portage-2.3.3, Repoman-2.3.1
author: Alon Bar-Lev <alonbl@gentoo.org> 2017-03-04 01:32:47 +0200
committer: Alon Bar-Lev <alonbl@gentoo.org> 2017-03-04 01:49:31 +0200
commit: 1ec4d4652ae9c38e33c8ba59eba3eb43af4fc0fd (patch)
tree: ad04d5fdcf974e57dc24fae215cd6d022b20e25e /net-firewall/nufw
parent: profiles: mask x11-misc/oroborus-desklaunch for removal (diff)
download: gentoo-1ec4d4652ae9c38e33c8ba59eba3eb43af4fc0fd.tar.gz
gentoo-1ec4d4652ae9c38e33c8ba59eba3eb43af4fc0fd.tar.bz2
gentoo-1ec4d4652ae9c38e33c8ba59eba3eb43af4fc0fd.zip
2 files changed, 208 insertions, 0 deletions
diff --git a/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch
new file mode 100644
index 000000000000..e75d2b3fd61d
--- /dev/null
+++ b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch
@@ -0,0 +1,103 @@
+From cbe4cfe90322e5add59433d9dd8394f46e341fab Mon Sep 17 00:00:00 2001
+From: Alon Bar-Lev <alon.barlev@gmail.com>
+Date: Sat, 4 Mar 2017 01:00:40 +0200
+Subject: [PATCH] ssl: drop call of deprecated
+ gnutls_certificate_type_set_priority()
+
+CTYPE-X.509 is the default value. Closes: #624077
+
+Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+---
+ src/clients/lib/libnuclient.c | 15 ++-------------
+ src/nufw/tls.c                | 14 --------------
+ 2 files changed, 2 insertions(+), 27 deletions(-)
+
+diff --git a/src/clients/lib/libnuclient.c b/src/clients/lib/libnuclient.c
+index 917e75a..6e78c96 100644
+--- a/src/clients/lib/libnuclient.c
++++ b/src/clients/lib/libnuclient.c
+@@ -62,9 +62,6 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL;
+ #  define DH_BITS 1024
+ #endif
+ 
+-static const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 };
+-
+-
+ void nu_exit_clean(nuauth_session_t * session)
+ {
+ 	if (session->ct) {
+@@ -270,7 +267,7 @@ int check_key_perms(const char* filename)
+ 	return 1;
+ }
+ 
+-static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st)
++static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st)
+ {
+ 	printf("TLS error: server requests certificate, none configured\n");
+ 	return 0;
+@@ -518,7 +515,7 @@ int nu_client_setup_tls(nuauth_session_t * session,
+ 			SET_ERROR(err, INTERNAL_ERROR, FILE_ACCESS_ERR);
+ 			return 0;
+ 		}
+-		gnutls_certificate_client_set_retrieve_function(session->cred,
++		gnutls_certificate_set_retrieve_function(session->cred,
+ 				&_cb_request_cert);
+ 	}
+ 
+@@ -604,12 +601,6 @@ int nu_client_reset_tls(nuauth_session_t *session)
+ 		return 0;
+ 	}
+ 
+-	ret =
+-	    gnutls_certificate_type_set_priority(session->tls,
+-						 cert_type_priority);
+-	if (ret < 0) {
+-		return 0;
+-	}
+ 	return 1;
+ }
+ 
+@@ -776,8 +767,6 @@ void nu_client_reset(nuauth_session_t * session)
+ 	gnutls_deinit(session->tls);
+ 	gnutls_init(&session->tls, GNUTLS_CLIENT);
+ 	gnutls_set_default_priority(session->tls);
+-	gnutls_certificate_type_set_priority(session->tls,
+-					     cert_type_priority);
+ 	session->need_set_cred = 1;
+ 
+ 	/* close socket */
+diff --git a/src/nufw/tls.c b/src/nufw/tls.c
+index e7223eb..2d46820 100644
+--- a/src/nufw/tls.c
++++ b/src/nufw/tls.c
+@@ -506,8 +506,6 @@ void tls_connect()
+ 	gnutls_session *tls_session;
+ 	int tls_socket, ret;
+ #if USE_X509
+-	const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 };
+-
+ 	tls.session = NULL;
+ 
+ 	/* compute patch key_file */
+@@ -655,18 +653,6 @@ void tls_connect()
+ 		return;
+ 	}
+ #if USE_X509
+-	ret = gnutls_certificate_type_set_priority(*(tls_session),
+-						   cert_type_priority);
+-	if (ret < 0) {
+-		log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING,
+-				"TLS: gnutls_certificate_type_set_priority() failed: %s",
+-				gnutls_strerror(ret));
+-		gnutls_certificate_free_credentials(tls.xcred);
+-		gnutls_deinit(*tls_session);
+-		free(tls_session);
+-		return;
+-	}
+-
+ 	/* put the x509 credentials to the current session */
+ 	ret = gnutls_credentials_set(*(tls_session), GNUTLS_CRD_CERTIFICATE,
+ 				   tls.xcred);
+-- 
+2.10.2
+
diff --git a/net-firewall/nufw/nufw-2.2.22-r2.ebuild b/net-firewall/nufw/nufw-2.2.22-r2.ebuild
new file mode 100644
index 000000000000..98a634420c3f
--- /dev/null
+++ b/net-firewall/nufw/nufw-2.2.22-r2.ebuild
@@ -0,0 +1,105 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+SSL_CERT_MANDATORY=1
+inherit autotools eutils multilib pam ssl-cert
+
+DESCRIPTION="An enterprise grade authenticating firewall based on netfilter"
+HOMEPAGE="http://www.nufw.org/"
+SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug ldap mysql pam pam_nuauth plaintext postgres prelude unicode nfqueue nfconntrack static syslog test"
+
+REQUIRED_USE="pam_nuauth? ( plaintext )"
+DEPEND="
+	dev-libs/cyrus-sasl
+	dev-libs/glib:2
+	dev-libs/libgcrypt:0
+	dev-python/ipy
+	net-firewall/iptables
+	net-libs/gnutls
+	ldap? ( >=net-nds/openldap-2 )
+	mysql? ( virtual/mysql )
+	nfconntrack? ( net-libs/libnetfilter_conntrack )
+	nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue )
+	pam? ( sys-libs/pam )
+	pam_nuauth? ( sys-libs/pam )
+	postgres? ( dev-db/postgresql:*[server] )
+	prelude? ( dev-libs/libprelude )
+"
+RDEPEND=${DEPEND}
+
+PATCHES=(
+	"${FILESDIR}/${P}-var-run.patch"
+	"${FILESDIR}/${P}-gnutls-3.4.patch"
+)
+
+RESTRICT="test"
+
+src_prepare() {
+	default
+	sed -i \
+		-e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \
+		-e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \
+		conf/nuauth.conf || die
+	sed -i \
+		-e "/^modulesdir/s|=.*|= /$(get_libdir)/security|g" \
+		src/clients/pam_nufw/Makefile.am || die
+	eautoreconf
+}
+
+src_configure() {
+	econf \
+		$(use_enable debug) \
+		$(use_enable pam_nuauth pam-nufw) \
+		$(use_enable static) \
+		$(use_with ldap) \
+		$(use_with mysql mysql-auth) \
+		$(use_with mysql mysql-log) \
+		$(use_with nfconntrack) \
+		$(use_with nfqueue) \
+		$(use_with pam system-auth) \
+		$(use_with plaintext plaintext-auth) \
+		$(use_with postgres pgsql-log) \
+		$(use_with prelude prelude-log) \
+		$(use_with syslog syslog-log) \
+		$(use_with unicode utf8) \
+		--enable-shared \
+		--includedir="/usr/include/nufw" \
+		--localstatedir="/var" \
+		--sysconfdir="/etc/nufw" \
+		--with-mark-group \
+		--with-user-mark
+}
+
+src_install() {
+	default
+	prune_libtool_files
+
+	newinitd "${FILESDIR}"/nufw-init.d nufw
+	newconfd "${FILESDIR}"/nufw-conf.d nufw
+
+	newinitd "${FILESDIR}"/nuauth-init.d nuauth
+	newconfd "${FILESDIR}"/nuauth-conf.d nuauth
+
+	insinto /etc/nufw
+	doins conf/nuauth.conf
+
+	docinto scripts
+	dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh}
+	docinto conf
+	dodoc conf/*.{nufw,schema,conf,dump,xml}
+
+	if use pam; then
+		pamd_mimic system-auth nufw auth account password session
+	fi
+}
+
+pkg_postinst() {
+	install_cert /etc/nufw/{nufw,nuauth}
+}
author	Alon Bar-Lev <alonbl@gentoo.org>	2017-03-04 01:32:47 +0200
committer	Alon Bar-Lev <alonbl@gentoo.org>	2017-03-04 01:49:31 +0200
commit	1ec4d4652ae9c38e33c8ba59eba3eb43af4fc0fd (patch)
tree	ad04d5fdcf974e57dc24fae215cd6d022b20e25e /net-firewall/nufw
parent	profiles: mask x11-misc/oroborus-desklaunch for removal (diff)
download	gentoo-1ec4d4652ae9c38e33c8ba59eba3eb43af4fc0fd.tar.gz gentoo-1ec4d4652ae9c38e33c8ba59eba3eb43af4fc0fd.tar.bz2 gentoo-1ec4d4652ae9c38e33c8ba59eba3eb43af4fc0fd.zip