diff options
| author | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
| commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
| tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /net-libs/gnutls | |
| download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.xz | |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'net-libs/gnutls')
20 files changed, 1671 insertions, 0 deletions
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest new file mode 100644 index 00000000000..a8eb18c12c1 --- /dev/null +++ b/net-libs/gnutls/Manifest @@ -0,0 +1,4 @@ +DIST gnutls-2.12.23.tar.bz2 7279415 SHA256 dfa67a7e40727eb0913e75f3c44911d5d8cd58d1ead5acfe73dd933fc0d17ed2 SHA512 7780e9ca7b592350ce9b11e53a63d3212320402d8ad2462bfbc0e69aec4a48bb372a1925627abb7996535c87c90e3d79537ea118c8bb36d26aae8e19eaae3a06 WHIRLPOOL 8cab909c961760c72b478d5cbe75633ce0d26190fdece018e9f33b171879753ed38348c33c00fda7b5f3a6b596a5439fb62f1c82a891e9e62fee5bb784cf7e11 +DIST gnutls-3.3.15.tar.xz 6286288 SHA256 8961227852911a1974e15bc017ddbcd4779876c867226d199f06648d8b27ba4b SHA512 0d112f20fd1a010c278ecc5c0e9e22a040c5a765073ea722329e9d5d7b4c661c6bd2fc6749903ea562fe44caf9a1643c6d95e2e193bb8c444e2e6418f73d5445 WHIRLPOOL 4a7b28952bcbe837d4f9e9b62b9254a43510363634daa1c9dc61bf07c7734699011bf5963d4556d3f53c45f63cdf6d2447f7b101e026d0d21c94d827bff9c6dc +DIST gnutls-3.3.16.tar.xz 6298460 SHA256 80a471c723572a43ddbe75d7825a3275f640650cc99eae42963ab39b9d0b7552 SHA512 bf9b8f9e51abc1292602bf3a577bdb0d87461ee66d13c840916d83ce59fb67c395dec97a185aacced8af526bd5d845a5c92839d4c91c18b042d86f470feb0779 WHIRLPOOL de17d7b4157e330dfcad9aa2f0ea2e86ee4e6fa7e368b4dba2abdd4a00b86ac435d1b5149c17494dd6e7618bc128e5f3af94657cfceffb8e4a53fb2494e45058 +DIST gnutls-3.4.3.tar.xz 6546268 SHA256 65dd55e6de709203b698a729a4a2a7aa07367b63c1615a198ef2436fdd28e928 SHA512 f877500c6d3a731c3560a5f68554532818c87538ba91324957eb2bb85fc2212acfd6dee8f6dd9c5c006d8bd0e311ee17b517e86caca26239b571701e26d623e2 WHIRLPOOL caaf6461b840197bd2c0f9300576cf6065193ba4003640bbd28b15e0dad93db12e9ae8d6298f134ead5b147a9ad8f31e91f96ba561ade296caee9494d1b5f63f diff --git a/net-libs/gnutls/files/gnutls-2.12.20-AF_UNIX.patch b/net-libs/gnutls/files/gnutls-2.12.20-AF_UNIX.patch new file mode 100644 index 00000000000..719baf37b21 --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.20-AF_UNIX.patch @@ -0,0 +1,37 @@ +Backport of commit 60a13b98e9f410c3b1019252f271d3c0f20b2e61 for 2.12.20 + +From 60a13b98e9f410c3b1019252f271d3c0f20b2e61 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@gnutls.org> +Date: Fri, 23 Sep 2011 14:39:29 +0000 +Subject: a hack to allow compilation on systems without AF_LOCAL. + +--- lib/nettle/egd.c ++++ lib/nettle/egd.c +@@ -33,6 +33,12 @@ + + #include <gnutls_errors.h> + ++#ifdef AF_UNIX ++# define LOCAL_SOCKET_TYPE AF_UNIX ++#else ++# define LOCAL_SOCKET_TYPE AF_LOCAL ++#endif ++ + #ifndef offsetof + #define offsetof(type, member) ((size_t) &((type *)0)->member) + #endif +@@ -141,12 +147,12 @@ + } + + memset (&addr, 0, sizeof addr); +- addr.sun_family = AF_LOCAL; ++ addr.sun_family = LOCAL_SOCKET_TYPE; + strcpy (addr.sun_path, name); + addr_len = (offsetof (struct sockaddr_un, sun_path) + + strlen (addr.sun_path)); + +- fd = socket (AF_LOCAL, SOCK_STREAM, 0); ++ fd = socket (LOCAL_SOCKET_TYPE, SOCK_STREAM, 0); + if (fd == -1) + { + _gnutls_debug_log ("can't create unix domain socket: %s\n", diff --git a/net-libs/gnutls/files/gnutls-2.12.20-guile-parallelmake.patch b/net-libs/gnutls/files/gnutls-2.12.20-guile-parallelmake.patch new file mode 100644 index 00000000000..5bb085793de --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.20-guile-parallelmake.patch @@ -0,0 +1,9 @@ +--- a/guile/src/Makefile.am ++++ b/guile/src/Makefile.am +@@ -124,4 +124,7 @@ + + .c.x: $(BUILT_SOURCES) + $(guile_snarf) -o $@ $< $(snarfcppopts) ++core.x: core.c enums.h enum-map.i.c priorities.i.c smobs.h smob-types.i.c ++errors.x: errors.c enums.h ++extra.x: extra.c enums.h extra-enums.h extra-enum-map.i.c extra-smobs.h extra-smob-types.i.c smobs.h diff --git a/net-libs/gnutls/files/gnutls-2.12.20-libadd.patch b/net-libs/gnutls/files/gnutls-2.12.20-libadd.patch new file mode 100644 index 00000000000..fe5f1964ddd --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.20-libadd.patch @@ -0,0 +1,36 @@ +--- gnutls-2.12.20/libextra/Makefile.am ++++ gnutls-2.12.20/libextra/Makefile.am +@@ -69,7 +69,7 @@ + if ENABLE_MINITASN1 + libgnutls_openssl_la_LIBADD += ../lib/minitasn1/libminitasn1.la + else +-libgnutls_openssl_la_LDFLAGS += $(LTLIBTASN1) ++libgnutls_openssl_la_LIBADD += $(LTLIBTASN1) + endif + + if HAVE_LD_OUTPUT_DEF +@@ -89,8 +89,9 @@ + libgnutls_extra_la_SOURCES += \ + ext_inner_application.h ext_inner_application.c gnutls_ia.c + ++cryptolib_ldadd = + if !ENABLE_NETTLE +-libgnutls_extra_la_LIBADD += $(LTLIBGCRYPT) ++cryptolib_ldadd = $(LTLIBGCRYPT) + endif + + # Rest +@@ -104,11 +105,10 @@ + DISTCLEANFILES += $(defexec_DATA) + + libgnutls_extra_la_LDFLAGS += \ +- -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) \ +- $(LZO_LIBS) ++ -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) + + libgnutls_extra_la_LIBADD += ../lib/gl/liblgnu.la gl/libxgnu.la \ +- ../lib/libgnutls.la ++ ../lib/libgnutls.la $(cryptolib_ldadd) $(LZO_LIBS) + + if HAVE_LD_VERSION_SCRIPT + libgnutls_extra_la_LDFLAGS += \ diff --git a/net-libs/gnutls/files/gnutls-2.12.23-CVE-2013-2116.patch b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2013-2116.patch new file mode 100644 index 00000000000..2223e708a60 --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2013-2116.patch @@ -0,0 +1,25 @@ +From 5164d5a1d57cd0372a5dd074382ca960ca18b27d Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@gnutls.org> +Date: Thu, 23 May 2013 09:54:37 +0200 +Subject: [PATCH] re-applied sanity check patch + +--- + lib/gnutls_cipher.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c +index 2835121..71f5a98 100644 +--- a/lib/gnutls_cipher.c ++++ b/lib/gnutls_cipher.c +@@ -561,6 +561,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, + return GNUTLS_E_DECRYPTION_FAILED; + } + pad = ciphertext.data[ciphertext.size - 1]; /* pad */ ++ if (pad+1 > ciphertext.size-hash_size) ++ pad_failed = GNUTLS_E_DECRYPTION_FAILED; + + /* Check the pading bytes (TLS 1.x). + * Note that we access all 256 bytes of ciphertext for padding check +-- +1.7.1 + diff --git a/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-0092.patch b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-0092.patch new file mode 100644 index 00000000000..21d3f3b9c46 --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-0092.patch @@ -0,0 +1,102 @@ +From 6aa26f78150ccbdf0aec1878a41c17c41d358a3b Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@gnutls.org> +Date: Thu, 27 Feb 2014 19:42:26 +0100 +Subject: [PATCH] corrected return codes + +--- + lib/x509/verify.c | 16 ++++++++++------ + 1 files changed, 10 insertions(+), 6 deletions(-) + +diff --git a/lib/x509/verify.c b/lib/x509/verify.c +index c9a6b0d..eef85a8 100644 +--- a/lib/x509/verify.c ++++ b/lib/x509/verify.c +@@ -141,7 +141,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + result = +@@ -150,7 +150,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + result = +@@ -158,7 +158,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + result = +@@ -166,7 +166,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + /* If the subject certificate is the same as the issuer +@@ -206,6 +206,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + else + gnutls_assert (); + ++fail: + result = 0; + + cleanup: +@@ -330,7 +331,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + gnutls_datum_t cert_signed_data = { NULL, 0 }; + gnutls_datum_t cert_signature = { NULL, 0 }; + gnutls_x509_crt_t issuer = NULL; +- int issuer_version, result; ++ int issuer_version, result = 0; + + if (output) + *output = 0; +@@ -363,7 +364,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + if (issuer_version < 0) + { + gnutls_assert (); +- return issuer_version; ++ return 0; + } + + if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && +@@ -385,6 +386,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + if (result < 0) + { + gnutls_assert (); ++ result = 0; + goto cleanup; + } + +@@ -393,6 +395,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + if (result < 0) + { + gnutls_assert (); ++ result = 0; + goto cleanup; + } + +@@ -410,6 +413,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + else if (result < 0) + { + gnutls_assert(); ++ result = 0; + goto cleanup; + } + +-- +1.7.1 + diff --git a/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-1959.patch b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-1959.patch new file mode 100644 index 00000000000..28989c97ceb --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-1959.patch @@ -0,0 +1,14 @@ +--- a/lib/x509/verify.c ++++ b/lib/x509/verify.c +@@ -692,8 +693,10 @@ + /* note that here we disable this V1 CA flag. So that no version 1 + * certificates can exist in a supplied chain. + */ +- if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) ++ if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) { + flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); ++ flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT; ++ } + if ((ret = + _gnutls_verify_certificate2(certificate_list[i - 1], + &certificate_list[i], 1,
\ No newline at end of file diff --git a/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-3466.patch b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-3466.patch new file mode 100644 index 00000000000..9e32296e86d --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-3466.patch @@ -0,0 +1,311 @@ +From e47d30e272a0b3977db8dae09327acad45b931d8 Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@zoho.com> +Date: Sun, 1 Jun 2014 +Subject: CVE-2014-3466 + +This is a backport adaptation for use with GnuTLS 2.12.23. + +Relevant upstream commit(s): +------------------------- +https://gitorious.org/gnutls/gnutls/commit/688ea6428a432c +https://gitorious.org/gnutls/gnutls/commit/a7be326f0e33cf + +--- + lib/gnutls_handshake.c | 2 + tests/Makefile.am | 2 + tests/long-session-id.c | 268 ++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 270 insertions(+), 2 deletions(-) + +--- a/lib/gnutls_handshake.c ++++ b/lib/gnutls_handshake.c +@@ -1797,7 +1797,7 @@ _gnutls_read_server_hello (gnutls_sessio + DECR_LEN (len, 1); + session_id_len = data[pos++]; + +- if (len < session_id_len) ++ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -64,7 +64,7 @@ ctests = simple gc set_pkcs12_cred certd + crq_key_id x509sign-verify cve-2009-1415 cve-2009-1416 \ + crq_apis init_roundtrip pkcs12_s2k_pem dn2 mini-eagain \ + nul-in-x509-names x509_altname pkcs12_encode mini-x509 \ +- mini-x509-rehandshake rng-fork x509cert gendh ++ mini-x509-rehandshake rng-fork x509cert gendh long-session-id + + if ENABLE_OPENSSL + ctests += openssl +--- /dev/null ++++ b/tests/long-session-id.c +@@ -0,0 +1,268 @@ ++/* ++ * Copyright (C) 2012 Free Software Foundation, Inc. ++ * ++ * Author: Nikos Mavrogiannopoulos ++ * ++ * This file is part of GnuTLS. ++ * ++ * GnuTLS is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GnuTLS is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GnuTLS; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA ++ */ ++ ++#ifdef HAVE_CONFIG_H ++#include <config.h> ++#endif ++ ++#include <stdio.h> ++#include <stdlib.h> ++ ++#if defined(_WIN32) ++ ++int main() ++{ ++ exit(77); ++} ++ ++#else ++ ++#include <string.h> ++#include <sys/types.h> ++#include <netinet/in.h> ++#include <sys/socket.h> ++#include <sys/wait.h> ++#include <arpa/inet.h> ++#include <unistd.h> ++#include <gnutls/gnutls.h> ++#include <signal.h> ++ ++static int debug = 0; ++static void terminate(int); ++ ++/* This program tests the robustness of record ++ * decoding. ++ */ ++ ++static void client_log_func(int level, const char *str) ++{ ++ fprintf(stderr, "client|<%d>| %s", level, str); ++} ++ ++static unsigned char server_cert_pem[] = ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" ++ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" ++ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" ++ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" ++ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" ++ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" ++ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" ++ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" ++ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" ++ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" ++ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" ++ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" ++ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; ++ ++const gnutls_datum_t server_cert = { server_cert_pem, ++ sizeof(server_cert_pem) ++}; ++ ++static unsigned char server_key_pem[] = ++ "-----BEGIN RSA PRIVATE KEY-----\n" ++ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" ++ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" ++ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" ++ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" ++ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" ++ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" ++ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" ++ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" ++ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" ++ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" ++ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" ++ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" ++ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" ++ "-----END RSA PRIVATE KEY-----\n"; ++ ++const gnutls_datum_t server_key = { server_key_pem, ++ sizeof(server_key_pem) ++}; ++ ++ ++/* A very basic TLS client, with anonymous authentication. ++ */ ++ ++static void client(int fd, const char *prio) ++{ ++ int ret; ++ gnutls_anon_client_credentials_t anoncred; ++ gnutls_certificate_credentials_t x509_cred; ++ gnutls_session_t session; ++ /* Need to enable anonymous KX specifically. */ ++ ++ gnutls_global_init(); ++ ++ if (debug) { ++ gnutls_global_set_log_function(client_log_func); ++ gnutls_global_set_log_level(7); ++ } ++ ++ gnutls_anon_allocate_client_credentials(&anoncred); ++ gnutls_certificate_allocate_credentials(&x509_cred); ++ ++ /* Initialize TLS session ++ */ ++ gnutls_init(&session, GNUTLS_CLIENT); ++ ++ /* Use default priorities */ ++ gnutls_priority_set_direct(session, prio, NULL); ++ ++ /* put the anonymous credentials to the current session ++ */ ++ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); ++ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); ++ ++ gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd); ++ ++ /* Perform the TLS handshake ++ */ ++ do { ++ ret = gnutls_handshake(session); ++ } ++ while (ret < 0 && gnutls_error_is_fatal(ret) == 0); ++ ++ if (ret < 0) { ++ fprintf(stderr, "client: Handshake failed (expected)\n"); ++ gnutls_perror(ret); ++ exit(0); ++ } else { ++ if (debug) ++ fprintf(stderr, "client: Handshake was completed\n"); ++ } ++ ++ close(fd); ++ ++ gnutls_deinit(session); ++ ++ gnutls_anon_free_client_credentials(anoncred); ++ gnutls_certificate_free_credentials(x509_cred); ++ ++ gnutls_global_deinit(); ++} ++ ++ ++/* These are global */ ++pid_t child; ++ ++static void terminate(int ret) ++{ ++ kill(child, SIGTERM); ++ exit(ret); ++} ++ ++static void server(int fd, const char *prio) ++{ ++ int ret; ++ uint8_t id[255]; ++ uint8_t buffer[] = "\x16\x03\x00\x01\x25" ++ "\x02\x00\x01\x21" ++ "\x03\x00"/*Server Version */ ++ /*Random*/"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00" ++ /*SessionID*/"\xfe"; ++ ++ ret = read(fd, id, sizeof(id)); ++ if (ret < 0) { ++ abort(); ++ } ++ ++ ret = write(fd, buffer, sizeof(buffer)); ++ if (ret < 0) { ++ return; ++ } ++ ++ memset(id, 0xff, sizeof(id)); ++ ret = write(fd, id, sizeof(id)); ++ if (ret < 0) { ++ return; ++ } ++ ++ memset(id, 0xff, sizeof(id)); ++ ret = write(fd, id, sizeof(id)); ++ if (ret < 0) { ++ return; ++ } ++ sleep(3); ++ ++ return; ++} ++ ++static void start(const char *prio) ++{ ++ int fd[2]; ++ int ret; ++ ++ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); ++ if (ret < 0) { ++ perror("socketpair"); ++ exit(1); ++ } ++ ++ child = fork(); ++ if (child < 0) { ++ perror("fork"); ++ exit(1); ++ } ++ ++ if (child) { ++ /* parent */ ++ close(fd[1]); ++ server(fd[0], prio); ++ kill(child, SIGTERM); ++ } else { ++ close(fd[0]); ++ client(fd[1], prio); ++ exit(0); ++ } ++} ++ ++static void ch_handler(int sig) ++{ ++ int status, ret = 0; ++ wait(&status); ++ if (WEXITSTATUS(status) != 0 || ++ (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) { ++ if (WIFSIGNALED(status)) { ++ fprintf(stderr, "Child died with sigsegv\n"); ++ ret = 1; ++ } else { ++ fprintf(stderr, "Child died with status %d\n", ++ WEXITSTATUS(status)); ++ } ++ terminate(ret); ++ } ++ return; ++} ++ ++int main(int argc, char **argv) ++{ ++ signal(SIGCHLD, ch_handler); ++ ++ if (argc > 1) ++ debug = 1; ++ ++ start("NORMAL"); ++ return 0; ++} ++ ++#endif /* _WIN32 */ diff --git a/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-3467.patch b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-3467.patch new file mode 100644 index 00000000000..e52965e2b82 --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-3467.patch @@ -0,0 +1,45 @@ +From d4ff19de527cd3eb444c560639324cda35bc838e Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@zoho.com> +Date: Sun, 1 Jun 2014 +Subject: CVE-2014-3467 + +This is a backport adaptation for use with GnuTLS 2.12.23. + +Relevant upstream commit(s): +------------------------- +http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=ff3b5c68cc32e3 +http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=51612fca32dda4 + +--- + lib/minitasn1/decoding.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/lib/minitasn1/decoding.c ++++ b/lib/minitasn1/decoding.c +@@ -149,7 +149,7 @@ asn1_get_tag_der (const unsigned char *d + /* Long form */ + punt = 1; + ris = 0; +- while (punt <= der_len && der[punt] & 128) ++ while (punt < der_len && der[punt] & 128) + { + last = ris; + +@@ -259,7 +259,7 @@ _asn1_get_time_der (const unsigned char + if (der_len <= 0 || str == NULL) + return ASN1_DER_ERROR; + str_len = asn1_get_length_der (der, der_len, &len_len); +- if (str_len < 0 || str_size < str_len) ++ if (str_len <= 0 || str_size < str_len) + return ASN1_DER_ERROR; + memcpy (str, der + len_len, str_len); + str[str_len] = 0; +@@ -285,7 +285,7 @@ _asn1_get_objectid_der (const unsigned c + return ASN1_GENERIC_ERROR; + len = asn1_get_length_der (der, der_len, &len_len); + +- if (len < 0 || len > der_len || len_len > der_len) ++ if (len <= 0 || len > der_len || len_len > der_len) + return ASN1_DER_ERROR; + + val1 = der[len_len] / 40; diff --git a/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-3468.patch b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-3468.patch new file mode 100644 index 00000000000..bd324094c29 --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-3468.patch @@ -0,0 +1,45 @@ +From 24ed1d41707f873f3b7a22159e4bb3942f319fac Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@zoho.com> +Date: Sun, 1 Jun 2014 +Subject: CVE-2014-3468 + +This is a backport adaptation for use with GnuTLS 2.12.23. + +Relevant upstream commit(s): +------------------------- +http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf1 + +--- + lib/minitasn1/decoding.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/lib/minitasn1/decoding.c ++++ b/lib/minitasn1/decoding.c +@@ -226,7 +226,7 @@ asn1_get_octet_der (const unsigned char + int *ret_len, unsigned char *str, int str_size, + int *str_len) + { +- int len_len; ++ int len_len = 0; + + if (der_len <= 0) + return ASN1_GENERIC_ERROR; +@@ -347,7 +347,7 @@ asn1_get_bit_der (const unsigned char *d + int *ret_len, unsigned char *str, int str_size, + int *bit_len) + { +- int len_len, len_byte; ++ int len_len = 0, len_byte; + + if (der_len <= 0) + return ASN1_GENERIC_ERROR; +@@ -358,6 +358,9 @@ asn1_get_bit_der (const unsigned char *d + *ret_len = len_byte + len_len + 1; + *bit_len = len_byte * 8 - der[len_len]; + ++ if (*bit_len <= 0) ++ return ASN1_DER_ERROR; ++ + if (str_size >= len_byte) + memcpy (str, der + len_len + 1, len_byte); + else diff --git a/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-3469.patch b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-3469.patch new file mode 100644 index 00000000000..a99b433b3c9 --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-3469.patch @@ -0,0 +1,122 @@ +From 7f5a6256231e278aa7d00b6851c22fb457537262 Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@zoho.com> +Date: Sun, 1 Jun 2014 +Subject: CVE-2014-3469 + +This is a backport adaptation for use with GnuTLS 2.12.23. + +Relevant upstream commit(s): +------------------------- +http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=a8b3e14f84174e +http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=3d6a02f19ff15a +http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=53958290ab731c + +--- + lib/minitasn1/decoding.c | 11 ++++++++--- + lib/minitasn1/element.c | 27 ++++++++++++++++++--------- + 2 files changed, 26 insertions(+), 12 deletions(-) + +--- a/lib/minitasn1/decoding.c ++++ b/lib/minitasn1/decoding.c +@@ -231,7 +231,6 @@ asn1_get_octet_der (const unsigned char + if (der_len <= 0) + return ASN1_GENERIC_ERROR; + +- /* if(str==NULL) return ASN1_SUCCESS; */ + *str_len = asn1_get_length_der (der, der_len, &len_len); + + if (*str_len < 0) +@@ -239,7 +238,10 @@ asn1_get_octet_der (const unsigned char + + *ret_len = *str_len + len_len; + if (str_size >= *str_len) +- memcpy (str, der + len_len, *str_len); ++ { ++ if (*str_len > 0 && str != NULL) ++ memcpy (str, der + len_len, *str_len); ++ } + else + { + return ASN1_MEM_ERROR; +@@ -362,7 +364,10 @@ asn1_get_bit_der (const unsigned char *d + return ASN1_DER_ERROR; + + if (str_size >= len_byte) +- memcpy (str, der + len_len + 1, len_byte); ++ { ++ if (len_byte > 0 && str) ++ memcpy (str, der + len_len + 1, len_byte); ++ } + else + { + return ASN1_MEM_ERROR; +--- a/lib/minitasn1/element.c ++++ b/lib/minitasn1/element.c +@@ -112,8 +112,11 @@ _asn1_convert_integer (const unsigned ch + /* VALUE_OUT is too short to contain the value conversion */ + return ASN1_MEM_ERROR; + +- for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++) +- value_out[k2 - k] = val[k2]; ++ if (value_out != NULL) ++ { ++ for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++) ++ value_out[k2 - k] = val[k2]; ++ } + + #if 0 + printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len); +@@ -611,7 +614,8 @@ asn1_write_value (asn1_node node_root, c + if (ptr_size < data_size) { \ + return ASN1_MEM_ERROR; \ + } else { \ +- memcpy( ptr, data, data_size); \ ++ if (ptr && data_size > 0) \ ++ memcpy( ptr, data, data_size); \ + } + + #define PUT_STR_VALUE( ptr, ptr_size, data) \ +@@ -620,16 +624,19 @@ asn1_write_value (asn1_node node_root, c + return ASN1_MEM_ERROR; \ + } else { \ + /* this strcpy is checked */ \ +- _asn1_strcpy(ptr, data); \ ++ if (ptr) { \ ++ _asn1_strcpy(ptr, data); \ ++ } \ + } + + #define ADD_STR_VALUE( ptr, ptr_size, data) \ +- *len = (int) _asn1_strlen(data) + 1; \ +- if (ptr_size < (int) _asn1_strlen(ptr)+(*len)) { \ ++ *len += _asn1_strlen(data); \ ++ if (ptr_size < (int) *len) { \ ++ (*len)++; \ + return ASN1_MEM_ERROR; \ + } else { \ + /* this strcat is checked */ \ +- _asn1_strcat(ptr, data); \ ++ if (ptr) _asn1_strcat (ptr, data); \ + } + + /** +@@ -786,7 +793,9 @@ asn1_read_value (asn1_node root, const c + case TYPE_OBJECT_ID: + if (node->type & CONST_ASSIGN) + { +- value[0] = 0; ++ *len = 0; ++ if (value) ++ value[0] = 0; + p = node->down; + while (p) + { +@@ -800,7 +809,7 @@ asn1_read_value (asn1_node root, const c + } + p = p->right; + } +- *len = _asn1_strlen (value) + 1; ++ (*len)++; + } + else if ((node->type & CONST_DEFAULT) && (node->value == NULL)) + { diff --git a/net-libs/gnutls/files/gnutls-2.12.23-cross-compile.patch b/net-libs/gnutls/files/gnutls-2.12.23-cross-compile.patch new file mode 100644 index 00000000000..31178fcd8c4 --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.23-cross-compile.patch @@ -0,0 +1,69 @@ +use pkg-config to locate zlib rather than hardcoding system -L/-I paths + +for pthreads, just hardcode it enabled + +for gnutls, don't hardcode -L/-I all the time to the host paths + +--- a/lib/configure.ac ++++ b/lib/configure.ac +@@ -70,26 +70,23 @@ AC_ARG_WITH(zlib, AS_HELP_STRING([--without-zlib], + AC_MSG_CHECKING([whether to include zlib compression support]) + if test x$ac_zlib != xno; then + AC_MSG_RESULT(yes) +- AC_LIB_HAVE_LINKFLAGS(z,, [#include <zlib.h>], [compress (0, 0, 0, 0);]) +- if test "$ac_cv_libz" != yes; then +- AC_MSG_WARN( +-*** +-*** ZLIB was not found. You will not be able to use ZLIB compression.) +- fi + else + AC_MSG_RESULT(no) + fi + +-PKG_CHECK_EXISTS(zlib, ZLIB_HAS_PKGCONFIG=y, ZLIB_HAS_PKGCONFIG=n) +- + if test x$ac_zlib != xno; then ++ PKG_CHECK_MODULES(ZLIB, zlib, ZLIB_HAS_PKGCONFIG=y, ZLIB_HAS_PKGCONFIG=n) + if test "$ZLIB_HAS_PKGCONFIG" = "y" ; then ++ LTLIBZ=$ZLIB_LIBS ++ AC_DEFINE([HAVE_LIBZ], [1], [zlib is enabled]) ++ AC_SUBST(LTLIBZ) + if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then + GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib" + else + GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE , zlib" + fi + else ++ AC_LIB_HAVE_LINKFLAGS(z,, [#include <zlib.h>], [compress (0, 0, 0, 0);]) + GNUTLS_ZLIB_LIBS_PRIVATE="$LTLIBZ" + fi + fi +@@ -124,10 +121,12 @@ fi + lgl_INIT + + AC_CHECK_FUNCS(getrusage,,) +-AC_LIB_HAVE_LINKFLAGS(pthread,, [#include <pthread.h>], [pthread_mutex_lock (0);]) ++LTLIBPTHREAD='-pthread' ++AC_DEFINE([HAVE_LIBPTHREAD], [1], [pthread enabled]) ++AC_SUBST(LTLIBPTHREAD) + +-LIBGNUTLS_LIBS="-L${libdir} -lgnutls $LIBS" +-LIBGNUTLS_CFLAGS="-I${includedir}" ++LIBGNUTLS_LIBS="-lgnutls $LIBS" ++LIBGNUTLS_CFLAGS="" + AC_SUBST(LIBGNUTLS_LIBS) + AC_SUBST(LIBGNUTLS_CFLAGS) + +--- a/libextra/configure.ac ++++ b/libextra/configure.ac +@@ -41,8 +41,8 @@ LIBGNUTLS_EXTRA_HOOKS + + xgl_INIT + +-LIBGNUTLS_EXTRA_LIBS="-L${libdir} -lgnutls-extra $LZO_LIBS $LIBGNUTLS_LIBS" +-LIBGNUTLS_EXTRA_CFLAGS="-I${includedir}" ++LIBGNUTLS_EXTRA_LIBS="-lgnutls-extra $LZO_LIBS $LIBGNUTLS_LIBS" ++LIBGNUTLS_EXTRA_CFLAGS="" + AC_SUBST(LIBGNUTLS_EXTRA_LIBS) + AC_SUBST(LIBGNUTLS_EXTRA_CFLAGS) + diff --git a/net-libs/gnutls/files/gnutls-2.12.23-gdoc-perl-5.18.patch b/net-libs/gnutls/files/gnutls-2.12.23-gdoc-perl-5.18.patch new file mode 100644 index 00000000000..a89e8f25305 --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.23-gdoc-perl-5.18.patch @@ -0,0 +1,137 @@ +--- gnutls-2.12.23.orig/doc/scripts/gdoc 2011-04-08 02:30:44.000000000 +0200 ++++ gnutls-2.12.23/doc/scripts/gdoc 2014-03-10 01:53:28.899566076 +0200 +@@ -7,6 +7,8 @@ + ## Copyright (c) 2001, 2002 Nikos Mavrogiannopoulos + ## added -tex + ## Copyright (c) 1998 Michael Zucchi ++## Copyright (c) 2013 Adam Sampson ++## made highlighting not depend on hash order, for Perl 5.18 + + # This program is free software: you can redistribute it and/or modify + # it under the terms of the GNU General Public License as published by +@@ -143,44 +145,44 @@ + # One for each output format + + # these work fairly well +-%highlights_html = ( $type_constant, "<i>\$2</i>", +- $type_func, "<b>\$1</b>", +- $type_struct, "<i>\$1</i>", +- $type_param, "<tt><b>\$1</b></tt>" ); ++@highlights_html = ( [$type_constant, "<i>\$2</i>"], ++ [$type_func, "<b>\$1</b>"], ++ [$type_struct, "<i>\$1</i>"], ++ [$type_param, "<tt><b>\$1</b></tt>"] ); + $blankline_html = "<p>"; + +-%highlights_texinfo = ( $type_constant, "\\\@code{\$2}", +- $type_func, "\\\@code{\$1}", +- $type_struct, "\\\@code{\$1}", +- $type_param, "\\\@code{\$1}" ); ++@highlights_texinfo = ( [$type_constant, "\\\@code{\$2}"], ++ [$type_func, "\\\@code{\$1}"], ++ [$type_struct, "\\\@code{\$1}"], ++ [$type_param, "\\\@code{\$1}"] ); + $blankline_texinfo = ""; + +-%highlights_tex = ( $type_constant, "{\\\\it \$2}", +- $type_func, "{\\\\bf \$1}", +- $type_struct, "{\\\\it \$1}", +- $type_param, "{\\\\bf \$1}" ); ++@highlights_tex = ( [$type_constant, "{\\\\it \$2}"], ++ [$type_func, "{\\\\bf \$1}"], ++ [$type_struct, "{\\\\it \$1}"], ++ [$type_param, "{\\\\bf \$1}"] ); + $blankline_tex = "\\\\"; + + # sgml, docbook format +-%highlights_sgml = ( $type_constant, "<replaceable class=\"option\">\$2</replaceable>", +- $type_func, "<function>\$1</function>", +- $type_struct, "<structname>\$1</structname>", +- $type_env, "<envar>\$1</envar>", +- $type_param, "<parameter>\$1</parameter>" ); ++@highlights_sgml = ( [$type_constant, "<replaceable class=\"option\">\$2</replaceable>"], ++ [$type_func, "<function>\$1</function>"], ++ [$type_struct, "<structname>\$1</structname>"], ++ [$type_env, "<envar>\$1</envar>"], ++ [$type_param, "<parameter>\$1</parameter>"] ); + $blankline_sgml = "</para><para>\n"; + + # these are pretty rough +-%highlights_man = ( $type_constant, "\\\\fB\$2\\\\fP", +- $type_func, "\\\\fB\$1\\\\fP", +- $type_struct, "\\\\fB\$1\\\\fP", +- $type_param, "\\\\fI\$1\\\\fP" ); ++@highlights_man = ( [$type_constant, "\\\\fB\$2\\\\fP"], ++ [$type_func, "\\\\fB\$1\\\\fP"], ++ [$type_struct, "\\\\fB\$1\\\\fP"], ++ [$type_param, "\\\\fI\$1\\\\fP"] ); + $blankline_man = ""; + + # text-mode +-%highlights_text = ( $type_constant, "\$2", +- $type_func, "\$1", +- $type_struct, "\$1", +- $type_param, "\$1" ); ++@highlights_text = ( [$type_constant, "\$2"], ++ [$type_func, "\$1"], ++ [$type_struct, "\$1"], ++ [$type_param, "\$1"] ); + $blankline_text = ""; + + +@@ -201,7 +203,7 @@ + + $verbose = 0; + $output_mode = "man"; +-%highlights = %highlights_man; ++@highlights = @highlights_man; + $blankline = $blankline_man; + $modulename = "API Documentation"; + $sourceversion = strftime "%Y-%m-%d", localtime; +@@ -210,27 +212,27 @@ + $cmd = shift @ARGV; + if ($cmd eq "-html") { + $output_mode = "html"; +- %highlights = %highlights_html; ++ @highlights = @highlights_html; + $blankline = $blankline_html; + } elsif ($cmd eq "-man") { + $output_mode = "man"; +- %highlights = %highlights_man; ++ @highlights = @highlights_man; + $blankline = $blankline_man; + } elsif ($cmd eq "-tex") { + $output_mode = "tex"; +- %highlights = %highlights_tex; ++ @highlights = @highlights_tex; + $blankline = $blankline_tex; + } elsif ($cmd eq "-texinfo") { + $output_mode = "texinfo"; + %highlights = %highlights_texinfo; +- $blankline = $blankline_texinfo; ++ @blankline = @blankline_texinfo; + } elsif ($cmd eq "-text") { + $output_mode = "text"; + %highlights = %highlights_text; +- $blankline = $blankline_text; ++ @blankline = @blankline_text; + } elsif ($cmd eq "-docbook") { + $output_mode = "sgml"; +- %highlights = %highlights_sgml; ++ @highlights = @highlights_sgml; + $blankline = $blankline_sgml; + } elsif ($cmd eq "-listfunc") { + $output_mode = "listfunc"; +@@ -322,9 +324,10 @@ + my $line; + my $ret = ""; + +- foreach $pattern (keys %highlights) { ++ foreach $highlight (@highlights) { ++ my ($pattern, $replace) = @$highlight; + # print "scanning pattern $pattern ($highlights{$pattern})\n"; +- $contents =~ s:$pattern:repstr($pattern, $highlights{$pattern}, $1, $2, $3, $4):gse; ++ $contents =~ s:$pattern:repstr($pattern, $replace, $1, $2, $3, $4):gse; + } + foreach $line (split "\n", $contents) { + if ($line eq ""){ diff --git a/net-libs/gnutls/files/gnutls-2.12.23-gl-tests-getaddrinfo-skip-if-no-network.patch b/net-libs/gnutls/files/gnutls-2.12.23-gl-tests-getaddrinfo-skip-if-no-network.patch new file mode 100644 index 00000000000..6d04ccbdcd8 --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.23-gl-tests-getaddrinfo-skip-if-no-network.patch @@ -0,0 +1,30 @@ +From 4b3252d59ef2d73118e2de6743ba58e2cbafa008 Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev <alon.barlev@gmail.com> +Date: Sat, 8 Mar 2014 22:13:51 +0200 +Subject: [PATCH] tests: getaddrinfo: skip if no network + +When running tests under network sandbox, there is no connectivity to +the DNS, in this case function returns system error and ECONNREFUSED +this should result in skipping test. + +Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> +--- + tests/test-getaddrinfo.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gl/tests/test-getaddrinfo.c b/gl/tests/test-getaddrinfo.c +index acf9cd6..b155410 100644 +--- a/gl/tests/test-getaddrinfo.c ++++ b/gl/tests/test-getaddrinfo.c +@@ -85,7 +85,7 @@ simple (char const *host, char const *service) + /* EAI_AGAIN is returned if no network is available. Don't fail + the test merely because someone is down the country on their + in-law's farm. */ +- if (res == EAI_AGAIN) ++ if (res == EAI_AGAIN || (res == EAI_SYSTEM && err == ECONNREFUSED)) + { + skip++; + fprintf (stderr, "skipping getaddrinfo test: no network?\n"); +-- +1.8.3.2 + diff --git a/net-libs/gnutls/files/gnutls-2.12.23-hppa.patch b/net-libs/gnutls/files/gnutls-2.12.23-hppa.patch new file mode 100644 index 00000000000..16981cf2e91 --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.23-hppa.patch @@ -0,0 +1,44 @@ +From 043fe2c28a5f6b3ec6202090faaf7933b247e40c Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev <alon.barlev@gmail.com> +Date: Mon, 17 Jun 2013 13:27:55 +0300 +Subject: [PATCH] build: fix hppa compile + +gentoo#471914 + +O_SYNC : 262144 +O_DSYNC: 262144 +O_RSYNC: 524288 +--- + gl/tests/test-fcntl-h.c | 2 +- + lib/gl/tests/test-fcntl-h.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/gl/tests/test-fcntl-h.c b/gl/tests/test-fcntl-h.c +index a6c9621..9e13491 100644 +--- a/gl/tests/test-fcntl-h.c ++++ b/gl/tests/test-fcntl-h.c +@@ -111,7 +111,7 @@ main (void) + #if O_RSYNC && O_RSYNC != O_DSYNC + case O_RSYNC: + #endif +-#if O_SYNC && O_SYNC != O_RSYNC ++#if O_SYNC && O_SYNC != O_RSYNC && O_SYNC != O_DSYNC + case O_SYNC: + #endif + #if O_TTY_INIT +diff --git a/lib/gl/tests/test-fcntl-h.c b/lib/gl/tests/test-fcntl-h.c +index a6c9621..9e13491 100644 +--- a/lib/gl/tests/test-fcntl-h.c ++++ b/lib/gl/tests/test-fcntl-h.c +@@ -111,7 +111,7 @@ main (void) + #if O_RSYNC && O_RSYNC != O_DSYNC + case O_RSYNC: + #endif +-#if O_SYNC && O_SYNC != O_RSYNC ++#if O_SYNC && O_SYNC != O_RSYNC && O_SYNC != O_DSYNC + case O_SYNC: + #endif + #if O_TTY_INIT +-- +1.8.1.5 + diff --git a/net-libs/gnutls/gnutls-2.12.23-r6.ebuild b/net-libs/gnutls/gnutls-2.12.23-r6.ebuild new file mode 100644 index 00000000000..cc0fcb211d1 --- /dev/null +++ b/net-libs/gnutls/gnutls-2.12.23-r6.ebuild @@ -0,0 +1,126 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools libtool eutils versionator + +DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project" +HOMEPAGE="http://www.gnutls.org/" +SRC_URI="ftp://ftp.gnutls.org/gcrypt/gnutls/v$(get_version_component_range 1-2)/${P}.tar.bz2" + +# LGPL-2.1 for libgnutls library and GPL-3 for libgnutls-extra library. +LICENSE="GPL-3 LGPL-2.1" +SLOT="0" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris" +IUSE="bindist +cxx doc examples guile lzo +nettle nls pkcs11 static-libs test zlib" + +RDEPEND=">=dev-libs/libtasn1-0.3.4 + guile? ( >=dev-scheme/guile-1.8[networking] ) + nettle? ( >=dev-libs/nettle-2.1[gmp] ) + !nettle? ( >=dev-libs/libgcrypt-1.4.0:0 ) + nls? ( virtual/libintl ) + pkcs11? ( >=app-crypt/p11-kit-0.11 ) + zlib? ( >=sys-libs/zlib-1.2.3.1 ) + !bindist? ( lzo? ( >=dev-libs/lzo-2 ) )" +DEPEND="${RDEPEND} + virtual/pkgconfig + sys-devel/libtool + doc? ( dev-util/gtk-doc ) + nls? ( sys-devel/gettext ) + test? ( app-misc/datefudge )" + +DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO ) + +pkg_setup() { + if use lzo && use bindist; then + ewarn "lzo support is disabled for binary distribution of GnuTLS due to licensing issues." + fi +} + +src_prepare() { + # tests/suite directory is not distributed + sed -i -e 's|AC_CONFIG_FILES(\[tests/suite/Makefile\])|:|' \ + configure.ac || die + + sed -i -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \ + doc/Makefile.am || die + + for dir in . lib libextra; do + sed -i -e '/^AM_INIT_AUTOMAKE/s/-Werror//' "${dir}/configure.ac" || die + done + + epatch "${FILESDIR}"/${PN}-2.12.20-AF_UNIX.patch + epatch "${FILESDIR}"/${PN}-2.12.20-libadd.patch + epatch "${FILESDIR}"/${PN}-2.12.20-guile-parallelmake.patch + epatch "${FILESDIR}"/${P}-hppa.patch + epatch "${FILESDIR}"/${P}-gl-tests-getaddrinfo-skip-if-no-network.patch + epatch "${FILESDIR}"/${P}-gdoc-perl-5.18.patch + epatch "${FILESDIR}"/${P}-CVE-2013-2116.patch + epatch "${FILESDIR}"/${P}-CVE-2014-0092.patch + epatch "${FILESDIR}"/${P}-CVE-2014-1959.patch + epatch "${FILESDIR}"/${P}-CVE-2014-3466.patch + epatch "${FILESDIR}"/${P}-CVE-2014-3467.patch + epatch "${FILESDIR}"/${P}-CVE-2014-3468.patch + epatch "${FILESDIR}"/${P}-CVE-2014-3469.patch + epatch "${FILESDIR}"/${P}-cross-compile.patch + + # support user patches + epatch_user + + eautoreconf + + # Use sane .so versioning on FreeBSD. + elibtoolize +} + +src_configure() { + local myconf + use bindist && myconf="--without-lzo" || myconf="$(use_with lzo)" + [[ "${VALGRIND_TESTS}" != "1" ]] && myconf+=" --disable-valgrind-tests" + + econf \ + --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \ + --without-libgcrypt-prefix \ + --without-libnettle-prefix \ + --without-libpth-prefix \ + --without-libreadline-prefix \ + $(use_enable cxx) \ + $(use_enable doc gtk-doc) \ + $(use_enable doc gtk-doc-pdf) \ + $(use_enable guile) \ + $(use_with !nettle libgcrypt) \ + $(use_enable nls) \ + $(use_with pkcs11 p11-kit) \ + $(use_enable static-libs static) \ + $(use_with zlib) \ + ${myconf} +} + +src_test() { + if has_version dev-util/valgrind && [[ ${VALGRIND_TESTS} != 1 ]]; then + elog + elog "You can set VALGRIND_TESTS=\"1\" to enable Valgrind tests." + elog + fi + + # parallel testing often fails + emake -j1 check +} + +src_install() { + default + + prune_libtool_files + + if use doc; then + dodoc doc/gnutls.{pdf,ps} + dohtml doc/gnutls.html + fi + + if use examples; then + docinto examples + dodoc doc/examples/*.c + fi +} diff --git a/net-libs/gnutls/gnutls-3.3.15.ebuild b/net-libs/gnutls/gnutls-3.3.15.ebuild new file mode 100644 index 00000000000..4f21b35a335 --- /dev/null +++ b/net-libs/gnutls/gnutls-3.3.15.ebuild @@ -0,0 +1,175 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools libtool eutils multilib-minimal versionator + +DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project" +HOMEPAGE="http://www.gnutls.org/" +SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz" + +# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library. +# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled. +LICENSE="GPL-3 LGPL-3" +SLOT="0" +KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris" +IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN" +IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test zlib ${IUSE_LINGUAS// / linguas_}" +# heartbeat support is not disabled until re-licensing happens fullyf + +# NOTICE: sys-devel/autogen is required at runtime as we +# use system libopts +RDEPEND=">=dev-libs/libtasn1-3.9[${MULTILIB_USEDEP}] + >=dev-libs/nettle-2.7[gmp,${MULTILIB_USEDEP}] + <dev-libs/nettle-3[gmp,${MULTILIB_USEDEP}] + >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] + sys-devel/autogen + crywrap? ( net-dns/libidn ) + dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] ) + guile? ( >=dev-scheme/guile-1.8:*[networking] ) + nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] ) + pkcs11? ( >=app-crypt/p11-kit-0.20.7[${MULTILIB_USEDEP}] ) + zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20140508 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" +DEPEND="${RDEPEND} + >=sys-devel/automake-1.11.6 + >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] + doc? ( dev-util/gtk-doc ) + nls? ( sys-devel/gettext ) + test? ( app-misc/datefudge )" + +DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO ) + +S="${WORKDIR}/${PN}-$(get_version_component_range 1-3)" + +pkg_setup() { + # bug#520818 + export TZ=UTC +} + +src_prepare() { + sed -i \ + -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \ + doc/Makefile.am || die + + # force regeneration of autogen-ed files + local file + for file in $(grep -l AutoGen-ed src/*.c) ; do + rm src/$(basename ${file} .c).{c,h} || die + done + + # force regeneration of makeinfo files + # have no idea why on some system these files are not + # accepted as-is, see bug#520818 + for file in $(grep -l "produced by makeinfo" doc/*.info) ; do + rm "${file}" || die + done + + # support user patches + epatch_user + + eautoreconf + + # Use sane .so versioning on FreeBSD. + elibtoolize + + # bug 497472 + use cxx || epunt_cxx +} + +multilib_src_configure() { + LINGUAS="${LINGUAS//en/en@boldquot en@quot}" + + # TPM needs to be tested before being enabled + # hardware-accell is disabled on OSX because the asm files force + # GNU-stack (as doesn't support that) and when that's removed ld + # complains about duplicate symbols + ECONF_SOURCE=${S} \ + econf \ + --htmldir="${EPREFIX}/usr/share/doc/${PF}/html" \ + --disable-valgrind-tests \ + --without-included-libtasn1 \ + --enable-heartbeat-support \ + $(use_enable cxx) \ + $(use_enable dane libdane) \ + $(multilib_native_use_enable doc gtk-doc) \ + $(multilib_native_use_enable doc gtk-doc-pdf) \ + $(multilib_native_use_enable guile) \ + $(multilib_native_use_enable crywrap) \ + $(use_enable nls) \ + $(use_enable openssl openssl-compatibility) \ + $(use_enable static-libs static) \ + $(use_with pkcs11 p11-kit) \ + $(use_with zlib) \ + --without-tpm \ + --with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \ + $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration) + + if multilib_is_native_abi; then + ln -s "${S}"/doc/reference/html doc/reference/html || die + fi +} + +multilib_src_compile() { + if multilib_is_native_abi; then + default + + # symlink certtool for use in other ABIs + if use test; then + ln -s "${BUILD_DIR}"/src "${T}"/native-tools || die + fi + else + emake -C gl + emake -C lib + emake -C extra + use dane && emake -C libdane + fi +} + +multilib_src_test() { + if multilib_is_native_abi; then + # parallel testing often fails + emake -j1 check + else + # use native ABI tools + ln -s "${T}"/native-tools/{certtool,gnutls-{serv,cli}} \ + "${BUILD_DIR}"/src/ || die + + emake -C gl -j1 check + emake -C tests -j1 check + fi +} + +multilib_src_install() { + if multilib_is_native_abi; then + emake DESTDIR="${D}" install + else + emake -C lib DESTDIR="${D}" install + emake -C extra DESTDIR="${D}" install + use dane && emake -C libdane DESTDIR="${D}" install + fi +} + +multilib_src_install_all() { + einstalldocs + prune_libtool_files --all + + dodoc doc/certtool.cfg + + if use doc; then + dodoc doc/gnutls.pdf + dohtml doc/gnutls.html + else + rm -fr "${ED}/usr/share/doc/${PF}/html" + fi + + if use examples; then + docinto examples + dodoc doc/examples/*.c + fi +} diff --git a/net-libs/gnutls/gnutls-3.3.16-r1.ebuild b/net-libs/gnutls/gnutls-3.3.16-r1.ebuild new file mode 100644 index 00000000000..1337f5f652e --- /dev/null +++ b/net-libs/gnutls/gnutls-3.3.16-r1.ebuild @@ -0,0 +1,176 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools libtool eutils multilib-minimal versionator + +DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project" +HOMEPAGE="http://www.gnutls.org/" +SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz" + +# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library. +# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled. +LICENSE="GPL-3 LGPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris" +IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN" +IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test zlib ${IUSE_LINGUAS// / linguas_}" +# heartbeat support is not disabled until re-licensing happens fullyf + +# NOTICE: sys-devel/autogen is required at runtime as we +# use system libopts +RDEPEND=">=dev-libs/libtasn1-3.9[${MULTILIB_USEDEP}] + >=dev-libs/nettle-2.7[gmp,${MULTILIB_USEDEP}] + >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] + sys-devel/autogen + crywrap? ( net-dns/libidn ) + dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] ) + guile? ( >=dev-scheme/guile-1.8:*[networking] ) + nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] ) + pkcs11? ( >=app-crypt/p11-kit-0.20.7[${MULTILIB_USEDEP}] ) + zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20140508 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" +DEPEND="${RDEPEND} + >=sys-devel/automake-1.11.6 + >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] + doc? ( + sys-apps/texinfo + dev-util/gtk-doc + ) + nls? ( sys-devel/gettext ) + test? ( app-misc/datefudge )" + +DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO ) + +S="${WORKDIR}/${PN}-$(get_version_component_range 1-3)" + +pkg_setup() { + # bug#520818 + export TZ=UTC +} + +src_prepare() { + sed -i \ + -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \ + doc/Makefile.am || die + + # force regeneration of autogen-ed files + local file + for file in $(grep -l AutoGen-ed src/*.c) ; do + rm src/$(basename ${file} .c).{c,h} || die + done + + # force regeneration of makeinfo files + # have no idea why on some system these files are not + # accepted as-is, see bug#520818 + for file in $(grep -l "produced by makeinfo" doc/*.info) ; do + rm "${file}" || die + done + + # support user patches + epatch_user + + eautoreconf + + # Use sane .so versioning on FreeBSD. + elibtoolize + + # bug 497472 + use cxx || epunt_cxx +} + +multilib_src_configure() { + LINGUAS="${LINGUAS//en/en@boldquot en@quot}" + + # TPM needs to be tested before being enabled + # hardware-accell is disabled on OSX because the asm files force + # GNU-stack (as doesn't support that) and when that's removed ld + # complains about duplicate symbols + ECONF_SOURCE=${S} \ + econf \ + --htmldir="${EPREFIX}/usr/share/doc/${PF}/html" \ + --disable-valgrind-tests \ + --without-included-libtasn1 \ + --enable-heartbeat-support \ + $(use_enable cxx) \ + $(use_enable dane libdane) \ + $(multilib_native_use_enable doc) \ + $(multilib_native_use_enable doc gtk-doc) \ + $(multilib_native_use_enable guile) \ + $(multilib_native_use_enable crywrap) \ + $(use_enable nls) \ + $(use_enable openssl openssl-compatibility) \ + $(use_enable static-libs static) \ + $(use_with pkcs11 p11-kit) \ + $(use_with zlib) \ + --without-tpm \ + --with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \ + $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration) + + if multilib_is_native_abi; then + ln -s "${S}"/doc/reference/html doc/reference/html || die + fi +} + +multilib_src_compile() { + if multilib_is_native_abi; then + default + + # symlink certtool for use in other ABIs + if use test; then + ln -s "${BUILD_DIR}"/src "${T}"/native-tools || die + fi + else + emake -C gl + emake -C lib + emake -C extra + use dane && emake -C libdane + fi +} + +multilib_src_test() { + if multilib_is_native_abi; then + # parallel testing often fails + emake -j1 check + else + # use native ABI tools + ln -s "${T}"/native-tools/{certtool,gnutls-{serv,cli}} \ + "${BUILD_DIR}"/src/ || die + + emake -C gl -j1 check + emake -C tests -j1 check + fi +} + +multilib_src_install() { + if multilib_is_native_abi; then + emake DESTDIR="${D}" install + else + emake -C lib DESTDIR="${D}" install + emake -C extra DESTDIR="${D}" install + use dane && emake -C libdane DESTDIR="${D}" install + fi +} + +multilib_src_install_all() { + einstalldocs + prune_libtool_files --all + + dodoc doc/certtool.cfg + + if use doc; then + dohtml doc/gnutls.html + else + rm -fr "${ED}/usr/share/doc/${PF}/html" + fi + + if use examples; then + docinto examples + dodoc doc/examples/*.c + fi +} diff --git a/net-libs/gnutls/gnutls-3.4.3-r1.ebuild b/net-libs/gnutls/gnutls-3.4.3-r1.ebuild new file mode 100644 index 00000000000..5a601f95246 --- /dev/null +++ b/net-libs/gnutls/gnutls-3.4.3-r1.ebuild @@ -0,0 +1,134 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools libtool eutils multilib-minimal versionator + +DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project" +HOMEPAGE="http://www.gnutls.org/" +SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz" + +# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library. +# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled. +LICENSE="GPL-3 LGPL-3" +SLOT="0/30" # libgnutls.so number +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris" +IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN" +IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test +tools zlib ${IUSE_LINGUAS// / linguas_}" +# heartbeat support is not disabled until re-licensing happens fullyf + +# NOTICE: sys-devel/autogen is required at runtime as we +# use system libopts +RDEPEND=">=dev-libs/libtasn1-3.9[${MULTILIB_USEDEP}] + >=dev-libs/nettle-3.1[gmp,${MULTILIB_USEDEP}] + >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] + tools? ( sys-devel/autogen ) + crywrap? ( net-dns/libidn ) + dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] ) + guile? ( >=dev-scheme/guile-1.8:*[networking] ) + nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] ) + pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] ) + zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20140508 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" +DEPEND="${RDEPEND} + >=sys-devel/automake-1.11.6 + >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] + doc? ( + sys-apps/texinfo + dev-util/gtk-doc + ) + nls? ( sys-devel/gettext ) + test? ( app-misc/datefudge )" + +DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO ) + +S="${WORKDIR}/${PN}-$(get_version_component_range 1-3)" + +pkg_setup() { + # bug#520818 + export TZ=UTC +} + +src_prepare() { + sed -i \ + -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \ + doc/Makefile.am || die + + # force regeneration of autogen-ed files + local file + for file in $(grep -l AutoGen-ed src/*.c) ; do + rm src/$(basename ${file} .c).{c,h} || die + done + + # force regeneration of makeinfo files + # have no idea why on some system these files are not + # accepted as-is, see bug#520818 + for file in $(grep -l "produced by makeinfo" doc/*.info) ; do + rm "${file}" || die + done + + # support user patches + epatch_user + + eautoreconf + + # Use sane .so versioning on FreeBSD. + elibtoolize + + # bug 497472 + use cxx || epunt_cxx +} + +multilib_src_configure() { + LINGUAS="${LINGUAS//en/en@boldquot en@quot}" + + # TPM needs to be tested before being enabled + # hardware-accell is disabled on OSX because the asm files force + # GNU-stack (as doesn't support that) and when that's removed ld + # complains about duplicate symbols + ECONF_SOURCE=${S} \ + econf \ + --htmldir="${EPREFIX}/usr/share/doc/${PF}/html" \ + --disable-valgrind-tests \ + --without-included-libtasn1 \ + --enable-heartbeat-support \ + $(use_enable cxx) \ + $(use_enable dane libdane) \ + $(multilib_native_use_enable tools) \ + $(multilib_native_use_enable doc) \ + $(multilib_native_use_enable doc gtk-doc) \ + $(multilib_native_use_enable guile) \ + $(multilib_native_use_enable crywrap) \ + $(multilib_native_use_enable test tests) \ + $(use_enable nls) \ + $(use_enable openssl openssl-compatibility) \ + $(use_enable static-libs static) \ + $(use_with pkcs11 p11-kit) \ + $(use_with zlib) \ + --without-tpm \ + --with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \ + $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration) +} + +multilib_src_install_all() { + einstalldocs + prune_libtool_files --all + + dodoc doc/certtool.cfg + + if use doc; then + dohtml doc/gnutls.html + else + rm -fr "${ED}/usr/share/doc/${PF}/html" + fi + + if use examples; then + docinto examples + dodoc doc/examples/*.c + fi +} diff --git a/net-libs/gnutls/metadata.xml b/net-libs/gnutls/metadata.xml new file mode 100644 index 00000000000..33c4adde8c1 --- /dev/null +++ b/net-libs/gnutls/metadata.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>crypto</herd> + <use> + <flag name="bindist"> + Disallow building LZO support, because of a license + incompatibility with <pkg>dev-libs/lzo</pkg> + </flag> + <flag name="crywrap" restrict=">=net-libs/gnutls-3.2.10"> + Build the crywrap TLS proxy service + </flag> + <flag name="dane" restrict=">=net-libs/gnutls-3.1.3"> + Build libgnutls-dane, implementing DNS-based Authentication of + Named Entities. Requires <pkg>net-dns/unbound</pkg> + </flag> + <flag name="nettle" restrict="<net-libs/gnutls-3"> + Use <pkg>dev-libs/nettle</pkg> as crypto backend + </flag> + <flag name="openssl"> + Build openssl compatibility libraries + </flag> + <flag name="pkcs11"> + Add support for PKCS#11 through <pkg>app-crypt/p11-kit</pkg> + </flag> + <flag name="tools"> + Build extra tools + </flag> + </use> +</pkgmetadata> |