gentoo resync : 22.01.2019

2 files changed, 46 insertions, 81 deletions

diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl.patch
deleted file mode 100644
index 0394ab545b16..000000000000
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From d53b107120af86a0c711bac950bfc2fa728cb4e6 Mon Sep 17 00:00:00 2001
-From: Julian Ospald <hasufell@hasufell.de>
-Date: Fri, 7 Oct 2016 17:45:46 +0200
-Subject: [PATCH] Fix LibreSSL compatibility
-Upstream: pending, http://lists.infradead.org/pipermail/hostap/2016-October/036458.html
-
-This basically just follows
-587b0457e0238b7b1800d46f5cdd5e1d2b06732f
-with the same pattern, which was missed here.
-
-Signed-off-by: Julian Ospald <hasufell@hasufell.de>
----
- src/crypto/crypto_openssl.c | 4 ++--
- src/crypto/tls_openssl.c    | 8 ++++----
- 2 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
-index 19e0e2b..b3d1b07 100644
---- a/src/crypto/crypto_openssl.c
-+++ b/src/crypto/crypto_openssl.c
-@@ -611,7 +611,7 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx)
- 
- void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	DH *dh;
- 	struct wpabuf *pubkey = NULL, *privkey = NULL;
- 	size_t publen, privlen;
-@@ -712,7 +712,7 @@ err:
- 
- void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	DH *dh;
- 
- 	dh = DH_new();
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
-index 23ac64b..a7d4880 100644
---- a/src/crypto/tls_openssl.c
-+++ b/src/crypto/tls_openssl.c
-@@ -919,7 +919,7 @@ void * tls_init(const struct tls_config *conf)
- 		}
- #endif /* OPENSSL_FIPS */
- #endif /* CONFIG_FIPS */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 		SSL_load_error_strings();
- 		SSL_library_init();
- #ifndef OPENSSL_NO_SHA256
-@@ -1043,7 +1043,7 @@ void tls_deinit(void *ssl_ctx)
- 
- 	tls_openssl_ref_count--;
- 	if (tls_openssl_ref_count == 0) {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- #ifndef OPENSSL_NO_ENGINE
- 		ENGINE_cleanup();
- #endif /* OPENSSL_NO_ENGINE */
-@@ -2334,7 +2334,7 @@ static int tls_connection_client_cert(struct tls_connection *conn,
- 		return 0;
- 
- #ifdef PKCS12_FUNCS
--#if OPENSSL_VERSION_NUMBER < 0x10002000L
-+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
- 	/*
- 	 * Clear previously set extra chain certificates, if any, from PKCS#12
- 	 * processing in tls_parse_pkcs12() to allow OpenSSL to build a new
-@@ -3976,7 +3976,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
- 		engine_id = "pkcs11";
- 
- #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	if (params->flags & TLS_CONN_EAP_FAST) {
- 		wpa_printf(MSG_DEBUG,
- 			   "OpenSSL: Use TLSv1_method() for EAP-FAST");
--- 
-2.10.1
-
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch
new file mode 100644
index 000000000000..45a1cf3701f9
--- /dev/null
+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch
@@ -0,0 +1,46 @@
+From 2643a056bb7d0737f63f42a11c308b2804d9ebe5 Mon Sep 17 00:00:00 2001
+From: Andrey Utkin <andrey_utkin@gentoo.org>
+Date: Tue, 11 Dec 2018 17:41:10 +0000
+Subject: [PATCH] Fix build with LibreSSL
+
+When using LibreSSL instead of OpenSSL, linkage of hostapd executable
+fails with the following error when using some LibreSSL versions
+
+    ../src/crypto/tls_openssl.o: In function `tls_verify_cb':
+    tls_openssl.c:(.text+0x1273): undefined reference to `ASN1_STRING_get0_data'
+    ../src/crypto/tls_openssl.o: In function `tls_connection_peer_serial_num':
+    tls_openssl.c:(.text+0x3023): undefined reference to `ASN1_STRING_get0_data'
+    collect2: error: ld returned 1 exit status
+    make: *** [Makefile:1278: hostapd] Error 1
+
+ASN1_STRING_get0_data is present in recent OpenSSL, but absent in some
+versions of LibreSSL (confirmed for version 2.6.5), so fallback needs to
+be defined in this case, just like for old OpenSSL.
+
+This patch was inspired by similar patches to other projects, such as
+spice-gtk, pjsip.
+
+Link: https://bugs.gentoo.org/672834
+Signed-off-by: Andrey Utkin <andrey_utkin@gentoo.org>
+---
+ src/crypto/tls_openssl.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 608818310..cb70e2c47 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -104,7 +104,9 @@ static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+ 
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++	(defined(LIBRESSL_VERSION_NUMBER) && \
++	 LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ #ifdef CONFIG_SUITEB
+ static int RSA_bits(const RSA *r)
+ {
+-- 
+2.20.1
+