From 07b8f5a9fb1b67aac3337ed7de8acdfdac7dc8f7 Mon Sep 17 00:00:00 2001 From: Alon Bar-Lev Date: Fri, 7 Apr 2017 11:42:01 +0300 Subject: [PATCH] net-libs/gnutls: version bump Package-Manager: Portage-2.3.3, Repoman-2.3.1 --- net-libs/gnutls/Manifest | 1 + .../gnutls/files/gnutls-3.5.11-tests.patch | 166 ++++++++++++++++++ net-libs/gnutls/gnutls-3.5.11.ebuild | 138 +++++++++++++++ net-libs/gnutls/metadata.xml | 3 + 4 files changed, 308 insertions(+) create mode 100644 net-libs/gnutls/files/gnutls-3.5.11-tests.patch create mode 100644 net-libs/gnutls/gnutls-3.5.11.ebuild diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest index 297f7cb04c1d..266b29e66174 100644 --- a/net-libs/gnutls/Manifest +++ b/net-libs/gnutls/Manifest @@ -1,3 +1,4 @@ DIST gnutls-3.3.26.tar.xz 6361068 SHA256 6a7d882b6b581d684883fde195abf930dab37dfbe6aaea88ab164252bec720d9 SHA512 41259f760f5ed9b87d4203de567efb1a2087e01a025f2ea0f14167f146ecd640fbddeab390fbae6acc262507229894774db883d0892d448068ee73abb110738f WHIRLPOOL afca5aabebf36064847933662736c7713b837375db2c91c416d43a980407d912edf8fb64f53615c0bed770f46a9d2e0a3eb309f6a66281f5377e50a02863c8e7 DIST gnutls-3.3.27.tar.xz 6364824 SHA256 8dfda16c158ef5c134010d51d1a91d02aa5d43b8cb711b1572650a7ffb56b17f SHA512 2cc5706b502a500375f706d1a7321af4c55554d3052f35cf24cbb288f9568ce891999d0f401119d04f594e9bc79e2e68d3c008648604032222ad2a6d8224bbdf WHIRLPOOL 508ac8939e471155bd5d49510111fca4eb5b5362f0bae8ec16f98eb16aeaa44ff06448fd7793398e56f9713b344b0b27a32e66c24cbdc062d33bc74dd6b83f57 DIST gnutls-3.5.10.tar.xz 7194752 SHA256 af443e86ba538d4d3e37c4732c00101a492fe4b56a55f4112ff0ab39dbe6579d SHA512 60fc3409ee81932bc2672c68eb65748b88da4b9307764fb395dbadc06120e1011207a04d5f540e77a4d07649ffaed0789c04d57692eeca6ab24ac79d72418906 WHIRLPOOL c711bff10bcfa1ba8df82307d9fab30e08ed56d10bc87ae9ffbf8646d5d2fbd6c036db0335188cd6cb4b042ef616e342d3712715a6cb0ac3e6be934a5ea9c5f5 +DIST gnutls-3.5.11.tar.xz 7208068 SHA256 51765cc5579e250da77fbd7871507c517d01b15353cc40af7b67e9ec7b6fe28f SHA512 ce7e68bae417c114dcd8d2d8f84a69c233e41aa0591cb35f3872db29164031b53e1688553eb1c829602512954066aef6b0894ce50deb556723b93fd8e5817ac5 WHIRLPOOL 0c237b924148aef3fdee82567962c379293054f2b73e7740fc73aef9dc70f19007992a3d69bd2b3b0939c5ef4b34350fe69c99e94f46f3784d326eb6ddce9c01 diff --git a/net-libs/gnutls/files/gnutls-3.5.11-tests.patch b/net-libs/gnutls/files/gnutls-3.5.11-tests.patch new file mode 100644 index 000000000000..e81ecedbc34b --- /dev/null +++ b/net-libs/gnutls/files/gnutls-3.5.11-tests.patch @@ -0,0 +1,166 @@ +From e03782b6ce2f5b909ebb65ff1682126302200c80 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Tue, 7 Mar 2017 22:39:20 +0100 +Subject: [PATCH] tests: do not run tests which require openpgp when it is + disabled + +Signed-off-by: Nikos Mavrogiannopoulos +--- + tests/openpgp-callback.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/openpgp-callback.c b/tests/openpgp-callback.c +index c3f2c4c..3df10ac 100644 +--- a/tests/openpgp-callback.c ++++ b/tests/openpgp-callback.c +@@ -27,7 +27,7 @@ + #include + #include + +-#if defined(_WIN32) ++#if defined(_WIN32) || !defined(ENABLED_OPENPGP) + + /* socketpair isn't supported on Win32. */ + int main(int argc, char **argv) +-- +2.10.2 + +From 72e9bc6f807924ae563f247272ebd8437f7fd5db Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Wed, 8 Mar 2017 16:00:02 +0100 +Subject: [PATCH] tests: dtls-stress: use X.509 certificates instead of openpgp + +This will allow the test tool to operate even after openpgp certificates +are deprecated. + +Signed-off-by: Nikos Mavrogiannopoulos +--- + tests/dtls/Makefile.am | 1 + + tests/dtls/dtls-stress.c | 67 ++++++------------------------------------------ + 2 files changed, 9 insertions(+), 59 deletions(-) + +diff --git a/tests/dtls/Makefile.am b/tests/dtls/Makefile.am +index 8f56408..6c8f411 100644 +--- a/tests/dtls/Makefile.am ++++ b/tests/dtls/Makefile.am +@@ -30,6 +30,7 @@ AM_CPPFLAGS = \ + -I$(top_srcdir)/extra/includes \ + -I$(top_builddir)/extra/includes \ + -I$(top_srcdir)/lib \ ++ -I$(top_srcdir)/tests \ + -I$(top_srcdir)/doc/examples + + AM_LDFLAGS = -no-install +diff --git a/tests/dtls/dtls-stress.c b/tests/dtls/dtls-stress.c +index c9493af..01e5eca 100644 +--- a/tests/dtls/dtls-stress.c ++++ b/tests/dtls/dtls-stress.c +@@ -101,6 +101,7 @@ + #include + #include + #include ++#include + #include + + #if _POSIX_TIMERS && (_POSIX_TIMERS - 200112L) >= 0 +@@ -232,56 +233,7 @@ static const char *filter_names_full[12] + "SFinished" + }; + +-static const unsigned char PUBKEY[] = +- "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +- "\n" +- "mI0ETz0XRAEEAKXSU/tg2yGvoKf/r1pdzj7dnfPHeS+BRiT34763uUhibAbTgMkp\n" +- "v44OlBPiAaZ54uuXVkz8e4pgvrBgQwIRtNp3xPaWF1CfC4F+V4LdZV8l8IG+AfES\n" +- "K0GbfUS4q8vjnPJ0TyxnXE2KtbcRdzZzWBshJ8KChKwbH2vvrMrlmEeZABEBAAG0\n" +- "CHRlc3Qga2V5iLgEEwECACIFAk89F0QCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B\n" +- "AheAAAoJEMNjhmkfkLY9J/YD+wYZ2BD/0/c5gkkDP2NlVvrLGyFmEwQcR7DcaQYB\n" +- "P3/Teq2gnscZ5Xm/z1qgGEpwmaVfVHY8mfEj8bYI8jAu0v1C1jCtJPUTmxf9tmkZ\n" +- "QYFNR8T+F5Xae2XseOH70lSN/AEiW02BEBFlGBx0a3T30muFfqi/KawaE7KKn2e4\n" +- "uNWvuI0ETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1\n" +- "Ao9g+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw\n" +- "1PUl/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEB\n" +- "AAGInwQYAQIACQUCTz0XRAIbDAAKCRDDY4ZpH5C2PTBtBACVsR6l4HtuzQb5WFQt\n" +- "sD/lQEk6BEY9aVfK957Oj+A4alGEGObToqVJFo/nq+P7aWExIXucJQRL8lYnC7u+\n" +- "GjPVCun5TYzKMiryxHPkQr9NBx4hh8JjkDCc8nAgI3il49uPYkmsv70CgqJFFtT8\n" +- "NfM+8fS537I+XA+hfjt20NUFIA==\n" +- "=oD3a\n" "-----END PGP PUBLIC KEY BLOCK-----\n"; +- +-static const unsigned char PRIVKEY[] = +- "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" +- "\n" +- "lQHYBE89F0QBBACl0lP7YNshr6Cn/69aXc4+3Z3zx3kvgUYk9+O+t7lIYmwG04DJ\n" +- "Kb+ODpQT4gGmeeLrl1ZM/HuKYL6wYEMCEbTad8T2lhdQnwuBfleC3WVfJfCBvgHx\n" +- "EitBm31EuKvL45zydE8sZ1xNirW3EXc2c1gbISfCgoSsGx9r76zK5ZhHmQARAQAB\n" +- "AAP6A6VhRVi22MHE1YzQrTr8yvMSgwayynGcOjndHxdpEodferLx1Pp/BL+bT+ib\n" +- "Qq7RZ363Xg/7I2rHJpenQYdkI5SI4KrXIV57p8G+isyTtsxU38SY84WoB5os8sfT\n" +- "YhxG+edoTfDzXkRSWFB8EUjRaLa2b//nvLpxNRyqDSzzUxECAMtEnL5H/8gHbpZf\n" +- "D98TSJVxdAl9rBAQaVMgrFgcU/IlmxCyVEh9eh/P261tefgOnyVcGFYHxdZvJ3td\n" +- "miM+DNUCANDW1S9t7IiqflDpQIS2wGTZ/rLKPoE1F3285EaYAd0FQUq0O4/Nu31D\n" +- "5pz/S7D+PfXn9oEZH3Dvl3EVIDyq4bUB+QEzFc3BsH2uueD3g42RoBfMGl6m3LI9\n" +- "yWOnrUmIW+h9Fu8W9mcU6y82Q1G7OPIxA1me/Qtzo20lGQa8jAyzLhuit7QIdGVz\n" +- "dCBrZXmIuAQTAQIAIgUCTz0XRAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA\n" +- "CgkQw2OGaR+Qtj0n9gP7BhnYEP/T9zmCSQM/Y2VW+ssbIWYTBBxHsNxpBgE/f9N6\n" +- "raCexxnleb/PWqAYSnCZpV9UdjyZ8SPxtgjyMC7S/ULWMK0k9RObF/22aRlBgU1H\n" +- "xP4Xldp7Zex44fvSVI38ASJbTYEQEWUYHHRrdPfSa4V+qL8prBoTsoqfZ7i41a+d\n" +- "AdgETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1Ao9g\n" +- "+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw1PUl\n" +- "/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEBAAEA\n" +- "A/4wX+brqkGZQTv8lateHn3PRHM3O34nPjgiNeo/SV9EKZg1e1PdRx9ZTAJrGK9y\n" +- "uZ03BKn7vZIy7fD4ufVzV/s/BaypVmvwjZud8fdMgsMQAJYtoMhozbOtUelCFpja\n" +- "I1xAbDBx1PAAbS8Sh022/0jvOGnZhvkgZMG90z7AEANUYQIAwzywU087TcJk8Bzd\n" +- "37JGWyE4f3iYFGA+r8BoIOrxvvgfUHKxdhG0gaT8SDeRAwNY6D43dCBZkG7Uel1F\n" +- "x9MlLQIA3Goaz58hEN0fdm4TM7A8crtMB+f8/h87EneBgMl+Yj/3sklhyahR6Itm\n" +- "lGuAAGTAOmD7i8OmS/a1ac5MtHAGtwH6A0B5GjaL8VnLQo4vFnuR7JuCQaLqGadV\n" +- "mBmKxVHElduLf/VauBQPD5KZA+egpg+laJ4JLVXMmKIZGqRzopcIWZnKiJ8EGAEC\n" +- "AAkFAk89F0QCGwwACgkQw2OGaR+Qtj0wbQQAlbEepeB7bs0G+VhULbA/5UBJOgRG\n" +- "PWlXyveezo/gOGpRhBjm06KlSRaP56vj+2lhMSF7nCUES/JWJwu7vhoz1Qrp+U2M\n" +- "yjIq8sRz5EK/TQceIYfCY5AwnPJwICN4pePbj2JJrL+9AoKiRRbU/DXzPvH0ud+y\n" +- "PlwPoX47dtDVBSA=\n" "=EVlv\n" "-----END PGP PRIVATE KEY BLOCK-----\n"; ++#include "cert-common.h" + + // }}} + +@@ -736,13 +688,10 @@ static void await(int fd, int timeout) + + static void cred_init(void) + { +- gnutls_datum_t key = { (unsigned char *)PUBKEY, sizeof(PUBKEY) }; +- gnutls_datum_t sec = { (unsigned char *)PRIVKEY, sizeof(PRIVKEY) }; ++ assert(gnutls_certificate_allocate_credentials(&cred)>=0); + +- gnutls_certificate_allocate_credentials(&cred); +- +- gnutls_certificate_set_openpgp_key_mem(cred, &key, &sec, +- GNUTLS_OPENPGP_FMT_BASE64); ++ gnutls_certificate_set_x509_key_mem(cred, &cli_ca3_cert, &cli_ca3_key, ++ GNUTLS_X509_FMT_PEM); + } + + static void session_init(int sock, int server) +@@ -751,7 +700,7 @@ static void session_init(int sock, int server) + GNUTLS_DATAGRAM | (server ? GNUTLS_SERVER : GNUTLS_CLIENT) + | GNUTLS_NONBLOCK * nonblock); + gnutls_priority_set_direct(session, +- "+CTYPE-OPENPGP:+CIPHER-ALL:+MAC-ALL:+ECDHE-RSA:+ANON-ECDH", ++ "NORMAL:+ECDHE-RSA:+ANON-ECDH", + 0); + gnutls_transport_set_int(session, sock); + +@@ -763,11 +712,11 @@ static void session_init(int sock, int server) + } + } else if (server) { + gnutls_anon_server_credentials_t acred; +- gnutls_anon_allocate_server_credentials(&acred); ++ assert(gnutls_anon_allocate_server_credentials(&acred)>=0); + gnutls_credentials_set(session, GNUTLS_CRD_ANON, acred); + } else { + gnutls_anon_client_credentials_t acred; +- gnutls_anon_allocate_client_credentials(&acred); ++ assert(gnutls_anon_allocate_client_credentials(&acred)>=0); + gnutls_credentials_set(session, GNUTLS_CRD_ANON, acred); + } + +-- +2.10.2 + diff --git a/net-libs/gnutls/gnutls-3.5.11.ebuild b/net-libs/gnutls/gnutls-3.5.11.ebuild new file mode 100644 index 000000000000..0a31cb65abee --- /dev/null +++ b/net-libs/gnutls/gnutls-3.5.11.ebuild @@ -0,0 +1,138 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit libtool ltprune multilib-minimal versionator + +DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project" +HOMEPAGE="http://www.gnutls.org/" +SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz" + +LICENSE="GPL-3 LGPL-2.1" +SLOT="0/30" # libgnutls.so number +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN" +IUSE="+cxx dane doc examples guile +idn nls openpgp +openssl pkcs11 sslv2 +sslv3 seccomp static-libs test test-full +tls-heartbeat tools valgrind zlib ${IUSE_LINGUAS// / linguas_}" + +REQUIRED_USE=" + test-full? ( guile pkcs11 openpgp openssl idn seccomp tools zlib )" + +# NOTICE: sys-devel/autogen is required at runtime as we +# use system libopts +RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}] + dev-libs/libunistring:=[${MULTILIB_USEDEP}] + >=dev-libs/nettle-3.1:=[gmp,${MULTILIB_USEDEP}] + >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}] + tools? ( sys-devel/autogen ) + dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] ) + guile? ( >=dev-scheme/guile-1.8:=[networking] ) + nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] ) + pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] ) + zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) + idn? ( >=net-dns/libidn2-0.16-r1[${MULTILIB_USEDEP}] ) + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20140508 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" +DEPEND="${RDEPEND} + >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] + doc? ( dev-util/gtk-doc ) + nls? ( sys-devel/gettext ) + valgrind? ( dev-util/valgrind ) + test? ( + guile? ( >=dev-scheme/guile-2 ) + seccomp? ( sys-libs/libseccomp ) + ) + test-full? ( + app-crypt/dieharder + app-misc/datefudge + dev-libs/softhsm:2[-bindist] + net-dialup/ppp + net-misc/socat + )" + +DOCS=( + README.md + doc/certtool.cfg +) + +HTML_DOCS=() + +PATCHES=( + "${FILESDIR}/${P}-tests.patch" +) + +pkg_setup() { + # bug#520818 + export TZ=UTC + + use doc && HTML_DOCS+=( + doc/gnutls.html + ) +} + +src_prepare() { + default + + # force regeneration of autogen-ed files + local file + for file in $(grep -l AutoGen-ed src/*.c) ; do + rm src/$(basename ${file} .c).{c,h} || die + done + + # Use sane .so versioning on FreeBSD. + elibtoolize +} + +multilib_src_configure() { + LINGUAS="${LINGUAS//en/en@boldquot en@quot}" + + # remove magic of library detection + # bug#438222 + local libconf=($("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g')) + + # TPM needs to be tested before being enabled + # hardware-accell is disabled on OSX because the asm files force + # GNU-stack (as doesn't support that) and when that's removed ld + # complains about duplicate symbols + ECONF_SOURCE=${S} econf \ + --without-included-libtasn1 \ + $(use_enable cxx) \ + $(use_enable dane libdane) \ + $(multilib_native_enable manpages) \ + $(multilib_native_use_enable tools) \ + $(multilib_native_use_enable doc) \ + $(multilib_native_use_enable doc gtk-doc) \ + $(multilib_native_use_enable guile) \ + $(multilib_native_use_enable test tests) \ + $(multilib_native_use_enable seccomp seccomp-tests) \ + $(multilib_native_use_enable valgrind valgrind-tests) \ + $(multilib_native_use_enable test-full full-test-suite) \ + $(use_enable nls) \ + $(use_enable openpgp openpgp-authentication) \ + $(use_enable openssl openssl-compatibility) \ + $(use_enable openssl openssl-compatibility) \ + $(use_enable tls-heartbeat heartbeat-support) \ + $(use_enable sslv2 ssl2-support) \ + $(use_enable sslv3 ssl3-support) \ + $(use_enable static-libs static) \ + $(use_with pkcs11 p11-kit) \ + $(use_with zlib) \ + $(use_with idn) \ + $(use_with idn libidn2) \ + --without-tpm \ + --with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt" \ + "${libconf[@]}" \ + $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration) +} + +multilib_src_install_all() { + einstalldocs + prune_libtool_files --all + + if use examples; then + docinto examples + dodoc doc/examples/*.c + fi +} diff --git a/net-libs/gnutls/metadata.xml b/net-libs/gnutls/metadata.xml index 050220181932..536d49f0da3f 100644 --- a/net-libs/gnutls/metadata.xml +++ b/net-libs/gnutls/metadata.xml @@ -13,6 +13,9 @@ Build libgnutls-dane, implementing DNS-based Authentication of Named Entities. Requires net-dns/unbound + + Enable openpgp support + Build openssl compatibility libraries -- 2.26.2