net-libs/gnutls: version bump
authorAlon Bar-Lev <alonbl@gentoo.org>
Fri, 7 Apr 2017 08:42:01 +0000 (11:42 +0300)
committerAlon Bar-Lev <alonbl@gentoo.org>
Fri, 7 Apr 2017 10:40:36 +0000 (13:40 +0300)
Package-Manager: Portage-2.3.3, Repoman-2.3.1

net-libs/gnutls/Manifest
net-libs/gnutls/files/gnutls-3.5.11-tests.patch [new file with mode: 0644]
net-libs/gnutls/gnutls-3.5.11.ebuild [new file with mode: 0644]
net-libs/gnutls/metadata.xml

index 297f7cb04c1d045f7bb033d0cf5fc24828afc86d..266b29e661743212b0d96cab32c58e99a1ae1f7d 100644 (file)
@@ -1,3 +1,4 @@
 DIST gnutls-3.3.26.tar.xz 6361068 SHA256 6a7d882b6b581d684883fde195abf930dab37dfbe6aaea88ab164252bec720d9 SHA512 41259f760f5ed9b87d4203de567efb1a2087e01a025f2ea0f14167f146ecd640fbddeab390fbae6acc262507229894774db883d0892d448068ee73abb110738f WHIRLPOOL afca5aabebf36064847933662736c7713b837375db2c91c416d43a980407d912edf8fb64f53615c0bed770f46a9d2e0a3eb309f6a66281f5377e50a02863c8e7
 DIST gnutls-3.3.27.tar.xz 6364824 SHA256 8dfda16c158ef5c134010d51d1a91d02aa5d43b8cb711b1572650a7ffb56b17f SHA512 2cc5706b502a500375f706d1a7321af4c55554d3052f35cf24cbb288f9568ce891999d0f401119d04f594e9bc79e2e68d3c008648604032222ad2a6d8224bbdf WHIRLPOOL 508ac8939e471155bd5d49510111fca4eb5b5362f0bae8ec16f98eb16aeaa44ff06448fd7793398e56f9713b344b0b27a32e66c24cbdc062d33bc74dd6b83f57
 DIST gnutls-3.5.10.tar.xz 7194752 SHA256 af443e86ba538d4d3e37c4732c00101a492fe4b56a55f4112ff0ab39dbe6579d SHA512 60fc3409ee81932bc2672c68eb65748b88da4b9307764fb395dbadc06120e1011207a04d5f540e77a4d07649ffaed0789c04d57692eeca6ab24ac79d72418906 WHIRLPOOL c711bff10bcfa1ba8df82307d9fab30e08ed56d10bc87ae9ffbf8646d5d2fbd6c036db0335188cd6cb4b042ef616e342d3712715a6cb0ac3e6be934a5ea9c5f5
+DIST gnutls-3.5.11.tar.xz 7208068 SHA256 51765cc5579e250da77fbd7871507c517d01b15353cc40af7b67e9ec7b6fe28f SHA512 ce7e68bae417c114dcd8d2d8f84a69c233e41aa0591cb35f3872db29164031b53e1688553eb1c829602512954066aef6b0894ce50deb556723b93fd8e5817ac5 WHIRLPOOL 0c237b924148aef3fdee82567962c379293054f2b73e7740fc73aef9dc70f19007992a3d69bd2b3b0939c5ef4b34350fe69c99e94f46f3784d326eb6ddce9c01
diff --git a/net-libs/gnutls/files/gnutls-3.5.11-tests.patch b/net-libs/gnutls/files/gnutls-3.5.11-tests.patch
new file mode 100644 (file)
index 0000000..e81eced
--- /dev/null
@@ -0,0 +1,166 @@
+From e03782b6ce2f5b909ebb65ff1682126302200c80 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Tue, 7 Mar 2017 22:39:20 +0100
+Subject: [PATCH] tests: do not run tests which require openpgp when it is
+ disabled
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+---
+ tests/openpgp-callback.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/openpgp-callback.c b/tests/openpgp-callback.c
+index c3f2c4c..3df10ac 100644
+--- a/tests/openpgp-callback.c
++++ b/tests/openpgp-callback.c
+@@ -27,7 +27,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+-#if defined(_WIN32)
++#if defined(_WIN32) || !defined(ENABLED_OPENPGP)
+ /* socketpair isn't supported on Win32. */
+ int main(int argc, char **argv)
+-- 
+2.10.2
+
+From 72e9bc6f807924ae563f247272ebd8437f7fd5db Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 8 Mar 2017 16:00:02 +0100
+Subject: [PATCH] tests: dtls-stress: use X.509 certificates instead of openpgp
+
+This will allow the test tool to operate even after openpgp certificates
+are deprecated.
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ tests/dtls/Makefile.am   |  1 +
+ tests/dtls/dtls-stress.c | 67 ++++++------------------------------------------
+ 2 files changed, 9 insertions(+), 59 deletions(-)
+
+diff --git a/tests/dtls/Makefile.am b/tests/dtls/Makefile.am
+index 8f56408..6c8f411 100644
+--- a/tests/dtls/Makefile.am
++++ b/tests/dtls/Makefile.am
+@@ -30,6 +30,7 @@ AM_CPPFLAGS = \
+       -I$(top_srcdir)/extra/includes  \
+       -I$(top_builddir)/extra/includes        \
+       -I$(top_srcdir)/lib                     \
++      -I$(top_srcdir)/tests                   \
+       -I$(top_srcdir)/doc/examples
+ AM_LDFLAGS = -no-install
+diff --git a/tests/dtls/dtls-stress.c b/tests/dtls/dtls-stress.c
+index c9493af..01e5eca 100644
+--- a/tests/dtls/dtls-stress.c
++++ b/tests/dtls/dtls-stress.c
+@@ -101,6 +101,7 @@
+ #include <errno.h>
+ #include <poll.h>
+ #include <time.h>
++#include <assert.h>
+ #include <sys/wait.h>
+ #if _POSIX_TIMERS && (_POSIX_TIMERS - 200112L) >= 0
+@@ -232,56 +233,7 @@ static const char *filter_names_full[12]
+       "SFinished"
+ };
+-static const unsigned char PUBKEY[] =
+-    "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
+-    "\n"
+-    "mI0ETz0XRAEEAKXSU/tg2yGvoKf/r1pdzj7dnfPHeS+BRiT34763uUhibAbTgMkp\n"
+-    "v44OlBPiAaZ54uuXVkz8e4pgvrBgQwIRtNp3xPaWF1CfC4F+V4LdZV8l8IG+AfES\n"
+-    "K0GbfUS4q8vjnPJ0TyxnXE2KtbcRdzZzWBshJ8KChKwbH2vvrMrlmEeZABEBAAG0\n"
+-    "CHRlc3Qga2V5iLgEEwECACIFAk89F0QCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B\n"
+-    "AheAAAoJEMNjhmkfkLY9J/YD+wYZ2BD/0/c5gkkDP2NlVvrLGyFmEwQcR7DcaQYB\n"
+-    "P3/Teq2gnscZ5Xm/z1qgGEpwmaVfVHY8mfEj8bYI8jAu0v1C1jCtJPUTmxf9tmkZ\n"
+-    "QYFNR8T+F5Xae2XseOH70lSN/AEiW02BEBFlGBx0a3T30muFfqi/KawaE7KKn2e4\n"
+-    "uNWvuI0ETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1\n"
+-    "Ao9g+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw\n"
+-    "1PUl/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEB\n"
+-    "AAGInwQYAQIACQUCTz0XRAIbDAAKCRDDY4ZpH5C2PTBtBACVsR6l4HtuzQb5WFQt\n"
+-    "sD/lQEk6BEY9aVfK957Oj+A4alGEGObToqVJFo/nq+P7aWExIXucJQRL8lYnC7u+\n"
+-    "GjPVCun5TYzKMiryxHPkQr9NBx4hh8JjkDCc8nAgI3il49uPYkmsv70CgqJFFtT8\n"
+-    "NfM+8fS537I+XA+hfjt20NUFIA==\n"
+-    "=oD3a\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
+-
+-static const unsigned char PRIVKEY[] =
+-    "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
+-    "\n"
+-    "lQHYBE89F0QBBACl0lP7YNshr6Cn/69aXc4+3Z3zx3kvgUYk9+O+t7lIYmwG04DJ\n"
+-    "Kb+ODpQT4gGmeeLrl1ZM/HuKYL6wYEMCEbTad8T2lhdQnwuBfleC3WVfJfCBvgHx\n"
+-    "EitBm31EuKvL45zydE8sZ1xNirW3EXc2c1gbISfCgoSsGx9r76zK5ZhHmQARAQAB\n"
+-    "AAP6A6VhRVi22MHE1YzQrTr8yvMSgwayynGcOjndHxdpEodferLx1Pp/BL+bT+ib\n"
+-    "Qq7RZ363Xg/7I2rHJpenQYdkI5SI4KrXIV57p8G+isyTtsxU38SY84WoB5os8sfT\n"
+-    "YhxG+edoTfDzXkRSWFB8EUjRaLa2b//nvLpxNRyqDSzzUxECAMtEnL5H/8gHbpZf\n"
+-    "D98TSJVxdAl9rBAQaVMgrFgcU/IlmxCyVEh9eh/P261tefgOnyVcGFYHxdZvJ3td\n"
+-    "miM+DNUCANDW1S9t7IiqflDpQIS2wGTZ/rLKPoE1F3285EaYAd0FQUq0O4/Nu31D\n"
+-    "5pz/S7D+PfXn9oEZH3Dvl3EVIDyq4bUB+QEzFc3BsH2uueD3g42RoBfMGl6m3LI9\n"
+-    "yWOnrUmIW+h9Fu8W9mcU6y82Q1G7OPIxA1me/Qtzo20lGQa8jAyzLhuit7QIdGVz\n"
+-    "dCBrZXmIuAQTAQIAIgUCTz0XRAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA\n"
+-    "CgkQw2OGaR+Qtj0n9gP7BhnYEP/T9zmCSQM/Y2VW+ssbIWYTBBxHsNxpBgE/f9N6\n"
+-    "raCexxnleb/PWqAYSnCZpV9UdjyZ8SPxtgjyMC7S/ULWMK0k9RObF/22aRlBgU1H\n"
+-    "xP4Xldp7Zex44fvSVI38ASJbTYEQEWUYHHRrdPfSa4V+qL8prBoTsoqfZ7i41a+d\n"
+-    "AdgETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1Ao9g\n"
+-    "+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw1PUl\n"
+-    "/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEBAAEA\n"
+-    "A/4wX+brqkGZQTv8lateHn3PRHM3O34nPjgiNeo/SV9EKZg1e1PdRx9ZTAJrGK9y\n"
+-    "uZ03BKn7vZIy7fD4ufVzV/s/BaypVmvwjZud8fdMgsMQAJYtoMhozbOtUelCFpja\n"
+-    "I1xAbDBx1PAAbS8Sh022/0jvOGnZhvkgZMG90z7AEANUYQIAwzywU087TcJk8Bzd\n"
+-    "37JGWyE4f3iYFGA+r8BoIOrxvvgfUHKxdhG0gaT8SDeRAwNY6D43dCBZkG7Uel1F\n"
+-    "x9MlLQIA3Goaz58hEN0fdm4TM7A8crtMB+f8/h87EneBgMl+Yj/3sklhyahR6Itm\n"
+-    "lGuAAGTAOmD7i8OmS/a1ac5MtHAGtwH6A0B5GjaL8VnLQo4vFnuR7JuCQaLqGadV\n"
+-    "mBmKxVHElduLf/VauBQPD5KZA+egpg+laJ4JLVXMmKIZGqRzopcIWZnKiJ8EGAEC\n"
+-    "AAkFAk89F0QCGwwACgkQw2OGaR+Qtj0wbQQAlbEepeB7bs0G+VhULbA/5UBJOgRG\n"
+-    "PWlXyveezo/gOGpRhBjm06KlSRaP56vj+2lhMSF7nCUES/JWJwu7vhoz1Qrp+U2M\n"
+-    "yjIq8sRz5EK/TQceIYfCY5AwnPJwICN4pePbj2JJrL+9AoKiRRbU/DXzPvH0ud+y\n"
+-    "PlwPoX47dtDVBSA=\n" "=EVlv\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
++#include "cert-common.h"
+ // }}}
+@@ -736,13 +688,10 @@ static void await(int fd, int timeout)
+ static void cred_init(void)
+ {
+-      gnutls_datum_t key = { (unsigned char *)PUBKEY, sizeof(PUBKEY) };
+-      gnutls_datum_t sec = { (unsigned char *)PRIVKEY, sizeof(PRIVKEY) };
++      assert(gnutls_certificate_allocate_credentials(&cred)>=0);
+-      gnutls_certificate_allocate_credentials(&cred);
+-
+-      gnutls_certificate_set_openpgp_key_mem(cred, &key, &sec,
+-                                             GNUTLS_OPENPGP_FMT_BASE64);
++      gnutls_certificate_set_x509_key_mem(cred, &cli_ca3_cert, &cli_ca3_key,
++                                             GNUTLS_X509_FMT_PEM);
+ }
+ static void session_init(int sock, int server)
+@@ -751,7 +700,7 @@ static void session_init(int sock, int server)
+                   GNUTLS_DATAGRAM | (server ? GNUTLS_SERVER : GNUTLS_CLIENT)
+                   | GNUTLS_NONBLOCK * nonblock);
+       gnutls_priority_set_direct(session,
+-                                 "+CTYPE-OPENPGP:+CIPHER-ALL:+MAC-ALL:+ECDHE-RSA:+ANON-ECDH",
++                                 "NORMAL:+ECDHE-RSA:+ANON-ECDH",
+                                  0);
+       gnutls_transport_set_int(session, sock);
+@@ -763,11 +712,11 @@ static void session_init(int sock, int server)
+               }
+       } else if (server) {
+               gnutls_anon_server_credentials_t acred;
+-              gnutls_anon_allocate_server_credentials(&acred);
++              assert(gnutls_anon_allocate_server_credentials(&acred)>=0);
+               gnutls_credentials_set(session, GNUTLS_CRD_ANON, acred);
+       } else {
+               gnutls_anon_client_credentials_t acred;
+-              gnutls_anon_allocate_client_credentials(&acred);
++              assert(gnutls_anon_allocate_client_credentials(&acred)>=0);
+               gnutls_credentials_set(session, GNUTLS_CRD_ANON, acred);
+       }
+-- 
+2.10.2
+
diff --git a/net-libs/gnutls/gnutls-3.5.11.ebuild b/net-libs/gnutls/gnutls-3.5.11.ebuild
new file mode 100644 (file)
index 0000000..0a31cb6
--- /dev/null
@@ -0,0 +1,138 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit libtool ltprune multilib-minimal versionator
+
+DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
+
+LICENSE="GPL-3 LGPL-2.1"
+SLOT="0/30" # libgnutls.so number
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
+IUSE="+cxx dane doc examples guile +idn nls openpgp +openssl pkcs11 sslv2 +sslv3 seccomp static-libs test test-full +tls-heartbeat tools valgrind zlib ${IUSE_LINGUAS// / linguas_}"
+
+REQUIRED_USE="
+       test-full? ( guile pkcs11 openpgp openssl idn seccomp tools zlib )"
+
+# NOTICE: sys-devel/autogen is required at runtime as we
+# use system libopts
+RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
+       dev-libs/libunistring:=[${MULTILIB_USEDEP}]
+       >=dev-libs/nettle-3.1:=[gmp,${MULTILIB_USEDEP}]
+       >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
+       tools? ( sys-devel/autogen )
+       dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
+       guile? ( >=dev-scheme/guile-1.8:=[networking] )
+       nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+       pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
+       zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+       idn? ( >=net-dns/libidn2-0.16-r1[${MULTILIB_USEDEP}] )
+       abi_x86_32? (
+               !<=app-emulation/emul-linux-x86-baselibs-20140508
+               !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+       )"
+DEPEND="${RDEPEND}
+       >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+       doc? ( dev-util/gtk-doc )
+       nls? ( sys-devel/gettext )
+       valgrind? ( dev-util/valgrind )
+       test? (
+               guile? ( >=dev-scheme/guile-2 )
+               seccomp? ( sys-libs/libseccomp )
+       )
+       test-full? (
+               app-crypt/dieharder
+               app-misc/datefudge
+               dev-libs/softhsm:2[-bindist]
+               net-dialup/ppp
+               net-misc/socat
+       )"
+
+DOCS=(
+       README.md
+       doc/certtool.cfg
+)
+
+HTML_DOCS=()
+
+PATCHES=(
+       "${FILESDIR}/${P}-tests.patch"
+)
+
+pkg_setup() {
+       # bug#520818
+       export TZ=UTC
+
+       use doc && HTML_DOCS+=(
+               doc/gnutls.html
+       )
+}
+
+src_prepare() {
+       default
+
+       # force regeneration of autogen-ed files
+       local file
+       for file in $(grep -l AutoGen-ed src/*.c) ; do
+               rm src/$(basename ${file} .c).{c,h} || die
+       done
+
+       # Use sane .so versioning on FreeBSD.
+       elibtoolize
+}
+
+multilib_src_configure() {
+       LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+       # remove magic of library detection
+       # bug#438222
+       local libconf=($("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g'))
+
+       # TPM needs to be tested before being enabled
+       # hardware-accell is disabled on OSX because the asm files force
+       #   GNU-stack (as doesn't support that) and when that's removed ld
+       #   complains about duplicate symbols
+       ECONF_SOURCE=${S} econf \
+               --without-included-libtasn1 \
+               $(use_enable cxx) \
+               $(use_enable dane libdane) \
+               $(multilib_native_enable manpages) \
+               $(multilib_native_use_enable tools) \
+               $(multilib_native_use_enable doc) \
+               $(multilib_native_use_enable doc gtk-doc) \
+               $(multilib_native_use_enable guile) \
+               $(multilib_native_use_enable test tests) \
+               $(multilib_native_use_enable seccomp seccomp-tests) \
+               $(multilib_native_use_enable valgrind valgrind-tests) \
+               $(multilib_native_use_enable test-full full-test-suite) \
+               $(use_enable nls) \
+               $(use_enable openpgp openpgp-authentication) \
+               $(use_enable openssl openssl-compatibility) \
+               $(use_enable openssl openssl-compatibility) \
+               $(use_enable tls-heartbeat heartbeat-support) \
+               $(use_enable sslv2 ssl2-support) \
+               $(use_enable sslv3 ssl3-support) \
+               $(use_enable static-libs static) \
+               $(use_with pkcs11 p11-kit) \
+               $(use_with zlib) \
+               $(use_with idn) \
+               $(use_with idn libidn2) \
+               --without-tpm \
+               --with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt" \
+               "${libconf[@]}" \
+               $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
+}
+
+multilib_src_install_all() {
+       einstalldocs
+       prune_libtool_files --all
+
+       if use examples; then
+               docinto examples
+               dodoc doc/examples/*.c
+       fi
+}
index 0502201819323dd6ed5fbcd95fed5ddd5d2cb769..536d49f0da3f85d3eb2b554fb2c6633b784dbdde 100644 (file)
@@ -13,6 +13,9 @@
       Build libgnutls-dane, implementing DNS-based Authentication of
       Named Entities. Requires <pkg>net-dns/unbound</pkg>
     </flag>
+    <flag name="openpgp">
+         Enable openpgp support
+    </flag>
     <flag name="openssl">
       Build openssl compatibility libraries
     </flag>