From b7ebc951da8800f711142f69d9d958bde67a112d Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 28 Apr 2019 09:54:45 +0100 Subject: gentoo resync : 28.04.2019 --- app-crypt/mit-krb5/Manifest | 3 +- .../mit-krb5/files/mit-krb5-1.16.3-libressl.patch | 101 +++++++++++++++++++++ app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild | 2 +- 3 files changed, 104 insertions(+), 2 deletions(-) create mode 100644 app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch (limited to 'app-crypt/mit-krb5') diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest index 9a783977fddb..36a5b7649283 100644 --- a/app-crypt/mit-krb5/Manifest +++ b/app-crypt/mit-krb5/Manifest @@ -1,6 +1,7 @@ AUX CVE-2018-5729-5730.patch 11896 BLAKE2B 324bbd80acf4a2520909fc26f90f67cec06148ee0effecc43fbadd6c6445b57ee17eae57864c92a5ce0cdc3dbfb0540758910133195fd2078d334bc6e209a452 SHA512 b59ba6cb5d40cca6c8f539c028ba24c2fa6bd1750133545e912f519b91043d426cecf782209c373598fd895c6294e44fc2bc27af34c033ff367bdfb2cb4f91c4 AUX kpropd.xinetd 194 BLAKE2B cfc40af2e75b0ce5a71e0dfdcfe076d13d996b25d2cb50d4282bc88d7b33b317a202d57df0bb4a2b47113f0d38cb508614e122e4a3bb7dfd2397e2daa3178396 SHA512 c9bbd13f2fadfd2a925bfae834ba61f227cd4386b4c4466b5227d93c792f4549778ef4d6e08353372df99804459277c71f61b41ec71f3afcc600d73c5705f72f AUX mit-krb5-1.12_warn_cflags.patch 448 BLAKE2B cd9793866173b394bab3497d19653ca3296924cc49aaf540499b149254265af1d995b4d7493b76185ce35d123e70827cb5fcb221efc6499b86a346cfad7478ab SHA512 42364d9cd8c0a6fd28ae661eeac4d0dd3f2001fe290bf9731ee99c2c786a6488805fc93057d59e201e2cef1e5280af4c170187aa5603f4cf542906abc0fccc2b +AUX mit-krb5-1.16.3-libressl.patch 3831 BLAKE2B 1f386529069a08e100154640387354644e6e2e64475980af7c1a5be67c8880160f8532cdf4c4d677199a67b7131c495a02370edff08b5ac291d3f0a5adc369ab SHA512 655ce5f28688d06e57bf808f5363ae1bf3276a9c4aad7c08629a459f24efe07b462e8b56f9aaafe3e9cbe54e1846e3d97bd7857e420a7e7268f3a7c89d212383 AUX mit-krb5-config_LDFLAGS.patch 466 BLAKE2B 2dd4f1cfc20bea229d08201d66e3de71472dccfa45dee9b260c51578187e706b864c0b4ff81c0c5a09fd29401c2abdbe334441ca075208299b02d5e1d49aff94 SHA512 9a1ca9b33e7708346eda78d199fdc51f0d7bd08d3d65ea15a19955a6155ab71b8ee0c8989859d6dff293a141f197ea19394a91b3b641181140a289b743e0f0e7 AUX mit-krb5-libressl-version-check.patch 1123 BLAKE2B ca8bad504949c8dcbffe5f9906a38287a2483ffef8b0326cf361f7a07c44787aa0972a24a832aa4da9a1450fa41035bf216c55e1aafb8a890cc8d88f1e210e88 SHA512 cec03ab3577fd8f96f34e51e9380622b09ac5964687b2e8e45e066d16846a9add71c3fd44f6de305ee5c5be5a27a07e4758b6752afdd8a70149b3f191be609f8 AUX mit-krb5kadmind.confd 76 BLAKE2B ca69357a77ddaf67e2f9c104b17d49af5da9891b13bd855f8b04d54bfb6ccf07ae8c5cb694f65a47646675c844c8f8c7224e8487081df678c73c554498259516 SHA512 dbf968800959f0463899031e823f003e9ece90132f452ebf03df08caf0e6a6e6ca2cfdee91491d269cfa24bef19e72dd33c7d818a4bb13ef85edfb6f0e8299f3 @@ -21,5 +22,5 @@ DIST krb5-1.16.tar.gz 9474479 BLAKE2B 0c5caa0a0d2308a447d47ab94d7b8dc92a67ad78b3 EBUILD mit-krb5-1.16-r2.ebuild 4212 BLAKE2B eac567c47b44a75e06ea412da95ecfb5e65278132cca0757cc83804b71a61a55c6e6c226c2033eac323d237bcb804f674b033403c95caadd7fc35a8d6b5a57a7 SHA512 8c0d1dfb71cd9d5c08bbad176b1ed1b232f31da0e6dc09c1f239f6c90f55879774ef0b9b41b9a4ad5ab67896d1dbb2138bb13087152cb348bd52ea639de78a98 EBUILD mit-krb5-1.16.1.ebuild 4172 BLAKE2B 4b120ec5bb2d750c6d76c1f6fda2cd21aedbfe771eb234e4d7b392868b6e9d9bcef4b6897df456d8ae30b9cc96a8b83636028d854cb2646172c4f0c27ecc0087 SHA512 af0736e57376a42e44e4a2d97587386590c5a3c5de56485b6db2016494b2bc392ba4bf573462576de5a909fd963da8095d349eaa5866f3ec3ffd427224650eb3 EBUILD mit-krb5-1.16.2.ebuild 4294 BLAKE2B 4e36bfd702bf28bf73d81265a4d410ce53631c012b9090b6296f1ccb0b923b598ba7bf378451a3490d7018b0681fc9a882805707feb165975ef9ee072536cc89 SHA512 f026e3e3f59e6d4747a3bc3e71292092668f388b61a6d53db437b6fc79311f11c95f6d70e21c36911733900556015a4ebbfa01fc7bcca073561359ce72e9659f -EBUILD mit-krb5-1.16.3.ebuild 4298 BLAKE2B 1c34349a18af2a0172b64011bd45f5421f3f39b9c36817a10e99be32b212c337446ef55ae4544e8baad32e706d74942e59d9022aa20153aeb98d2cd27df0fdd8 SHA512 5e0534a45cc859ef7226c75817949f9c3b0d0cc336930ceeb2482016db022769e83015b7f9201879986fb3c6ae2fae1f64b45eca22802003fe39d567608b7794 +EBUILD mit-krb5-1.16.3.ebuild 4287 BLAKE2B adfa76bf62c6c9ebd4d854307e77ded4dc6a061e54249332f3ea0ea16863063a18bb142ee02a4fc253ad6a0dc199242796b8b085b324800a12712a98753fc6c4 SHA512 0858f94f587c452c23952f533418ff134723c76061dd244e7ed800ca5d7d16bda1ab3c24494e989c1c6c2f11176c4dda3715d48b54862b643080d05d8d4481cb MISC metadata.xml 828 BLAKE2B f317440eac9d164e0640cb059dee0c3bdcfeaeb2d0e346d962f09b7152224efc10084611768663b84c67fdf73c9d89481370fe0b70ffe14aa10a360f60bd00f6 SHA512 c0f45699280d49b91eab24de6cbb28900170c3c4526b8c6ef0f6a996d3e53abd49911ce4f6ce7b28c69d37e86cc9e5b830977b9640809734e7fccf078886685c diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch b/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch new file mode 100644 index 000000000000..7a655fb9a1d8 --- /dev/null +++ b/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch @@ -0,0 +1,101 @@ +From 58263cbf3106f4c9c9a2252794093014a2f9c01f Mon Sep 17 00:00:00 2001 +From: Stefan Strogin +Date: Thu, 25 Apr 2019 03:48:10 +0300 +Subject: [PATCH] Fix build for LibreSSL 2.9.x + +asn1_mac.h is removed from LibreSSL 2.9.0, but static_ASN1_*() methods +are not defined. Define them. + +Upstream-Status: Pending +[Needs to be amended if +https://github.com/libressl-portable/openbsd/pull/109 is accepted] +Signed-off-by: Stefan Strogin +--- + .../preauth/pkinit/pkinit_crypto_openssl.c | 13 ++++++++---- + .../preauth/pkinit/pkinit_crypto_openssl.h | 20 ++++++++++++++++++- + 2 files changed, 28 insertions(+), 5 deletions(-) + +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +index 2064eb7bd..81d5d3cf2 100644 +--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c ++++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -188,14 +188,16 @@ pkinit_pkcs11_code_to_text(int err); + (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + +-/* 1.1 standardizes constructor and destructor names, renaming +- * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ ++/* 1.1 (and LibreSSL 2.7) standardizes constructor and destructor names, ++ * renaming EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ + ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL + #define EVP_MD_CTX_new EVP_MD_CTX_create + #define EVP_MD_CTX_free EVP_MD_CTX_destroy + #define ASN1_STRING_get0_data ASN1_STRING_data ++#endif + + /* 1.1 makes many handle types opaque and adds accessors. Add compatibility + * versions of the new accessors we use for pre-1.1. */ +@@ -203,6 +205,7 @@ pkinit_pkcs11_code_to_text(int err); + #define OBJ_get0_data(o) ((o)->data) + #define OBJ_length(o) ((o)->length) + ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL + #define DH_set0_pqg compat_dh_set0_pqg + static int compat_dh_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) + { +@@ -235,6 +238,7 @@ static void compat_dh_get0_key(const DH *dh, const BIGNUM **pub, + if (priv != NULL) + *priv = dh->priv_key; + } ++#endif /* LIBRESSL_VERSION_NUMBER */ + + /* Return true if the cert c includes a key usage which doesn't include u. + * Define using direct member access for pre-1.1. */ +@@ -3040,7 +3044,8 @@ cleanup: + return retval; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \ ++ LIBRESSL_VERSION_NUMBER >= 0x2090000fL + + /* + * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h +index 7411348fa..ac91408c4 100644 +--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h ++++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h +@@ -46,7 +46,25 @@ + #include + #include + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \ ++ LIBRESSL_VERSION_NUMBER >= 0x2090000fL ++ ++#ifndef static_ASN1_SEQUENCE_END_name ++#define static_ASN1_ITEM_start(itname) \ ++ static const ASN1_ITEM itname##_it = { ++#define static_ASN1_SEQUENCE_END_name(stname, tname) \ ++ ;\ ++ static_ASN1_ITEM_start(tname) \ ++ ASN1_ITYPE_SEQUENCE,\ ++ V_ASN1_SEQUENCE,\ ++ tname##_seq_tt,\ ++ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ ++ NULL,\ ++ sizeof(stname),\ ++ #stname \ ++ ASN1_ITEM_end(tname) ++#endif /* !defined(static_ASN1_SEQUENCE_END_name) */ ++ + #include + #else + #include +-- +2.21.0 + diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild index 4aeaa219ada8..9d8b99116396 100644 --- a/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild +++ b/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild @@ -63,7 +63,7 @@ MULTILIB_CHOST_TOOLS=( src_prepare() { eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch" eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch" - eapply "${FILESDIR}/${PN}-libressl-version-check.patch" + eapply -p2 "${FILESDIR}/${P}-libressl.patch" # Make sure we always use the system copies. rm -rf util/{et,ss,verto} -- cgit v1.2.3