commit: 180ca9f16a555d6e4b66f13411c12fe3eea5eb5b Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Sat May 1 17:20:13 2021 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sat May 1 18:06:21 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=180ca9f1
app-crypt/mit-krb5: drop obsolete LibreSSL patches Signed-off-by: Sam James <sam <AT> gentoo.org> .../files/mit-krb5-1.16.3-libressl-r1.patch | 101 --------------------- .../mit-krb5/files/mit-krb5-1.18-libressl.patch | 42 --------- app-crypt/mit-krb5/mit-krb5-1.18.2-r3.ebuild | 2 - app-crypt/mit-krb5/mit-krb5-1.18.3-r1.ebuild | 2 - 4 files changed, 147 deletions(-) diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl-r1.patch b/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl-r1.patch deleted file mode 100644 index ca74b88bb0f..00000000000 --- a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl-r1.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 58263cbf3106f4c9c9a2252794093014a2f9c01f Mon Sep 17 00:00:00 2001 -From: Stefan Strogin <[email protected]> -Date: Thu, 25 Apr 2019 03:48:10 +0300 -Subject: [PATCH] Fix build for LibreSSL 2.9.x - -asn1_mac.h is removed from LibreSSL 2.9.0, but static_ASN1_*() methods -are not defined. Define them. - -Upstream-Status: Pending -[Needs to be amended if -https://github.com/libressl-portable/openbsd/pull/109 is accepted] -Signed-off-by: Stefan Strogin <[email protected]> ---- - .../preauth/pkinit/pkinit_crypto_openssl.c | 13 ++++++++---- - .../preauth/pkinit/pkinit_crypto_openssl.h | 20 ++++++++++++++++++- - 2 files changed, 28 insertions(+), 5 deletions(-) - -diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -index 2064eb7bd..81d5d3cf2 100644 ---- a/plugins/preauth/pkinit/pkinit_crypto_openssl.c -+++ b/plugins/preauth/pkinit/pkinit_crypto_openssl.c -@@ -188,14 +188,16 @@ pkinit_pkcs11_code_to_text(int err); - (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) - #endif - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - --/* 1.1 standardizes constructor and destructor names, renaming -- * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ -+/* 1.1 (and LibreSSL 2.7) standardizes constructor and destructor names, -+ * renaming EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ - -+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL - #define EVP_MD_CTX_new EVP_MD_CTX_create - #define EVP_MD_CTX_free EVP_MD_CTX_destroy - #define ASN1_STRING_get0_data ASN1_STRING_data -+#endif - - /* 1.1 makes many handle types opaque and adds accessors. Add compatibility - * versions of the new accessors we use for pre-1.1. */ -@@ -203,6 +205,7 @@ pkinit_pkcs11_code_to_text(int err); - #define OBJ_get0_data(o) ((o)->data) - #define OBJ_length(o) ((o)->length) - -+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL - #define DH_set0_pqg compat_dh_set0_pqg - static int compat_dh_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) - { -@@ -235,6 +238,7 @@ static void compat_dh_get0_key(const DH *dh, const BIGNUM **pub, - if (priv != NULL) - *priv = dh->priv_key; - } -+#endif /* LIBRESSL_VERSION_NUMBER */ - - /* Return true if the cert c includes a key usage which doesn't include u. - * Define using direct member access for pre-1.1. */ -@@ -3040,7 +3044,8 @@ cleanup: - return retval; - } - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \ -+ LIBRESSL_VERSION_NUMBER >= 0x2090000fL - - /* - * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would -diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h -index 7411348fa..ac91408c4 100644 ---- a/plugins/preauth/pkinit/pkinit_crypto_openssl.h -+++ b/plugins/preauth/pkinit/pkinit_crypto_openssl.h -@@ -46,7 +46,25 @@ - #include <openssl/asn1.h> - #include <openssl/pem.h> - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \ -+ LIBRESSL_VERSION_NUMBER >= 0x2090000fL -+ -+#ifndef static_ASN1_SEQUENCE_END_name -+#define static_ASN1_ITEM_start(itname) \ -+ static const ASN1_ITEM itname##_it = { -+#define static_ASN1_SEQUENCE_END_name(stname, tname) \ -+ ;\ -+ static_ASN1_ITEM_start(tname) \ -+ ASN1_ITYPE_SEQUENCE,\ -+ V_ASN1_SEQUENCE,\ -+ tname##_seq_tt,\ -+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ -+ NULL,\ -+ sizeof(stname),\ -+ #stname \ -+ ASN1_ITEM_end(tname) -+#endif /* !defined(static_ASN1_SEQUENCE_END_name) */ -+ - #include <openssl/asn1t.h> - #else - #include <openssl/asn1_mac.h> --- -2.21.0 - diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.18-libressl.patch b/app-crypt/mit-krb5/files/mit-krb5-1.18-libressl.patch deleted file mode 100644 index 1522d42a730..00000000000 --- a/app-crypt/mit-krb5/files/mit-krb5-1.18-libressl.patch +++ /dev/null @@ -1,42 +0,0 @@ -From e3e3bc2a20795becda6e130d511fe59f04635624 Mon Sep 17 00:00:00 2001 -From: Stefan Strogin <[email protected]> -Date: Sat, 15 Feb 2020 10:27:20 +0200 -Subject: [PATCH] Fix compilation for LibreSSL 3.0.2 - -RSA_PKCS1_OpenSSL() is provided in LibreSSL the master branch, -expected to be in the next release. -See: https://github.com/libressl-portable/openbsd/commit/3a8c41f3a84868337fde01ec1122198ec60bdc8e - -Bug: https://bugs.gentoo.org/709640 -Signed-off-by: Stefan Strogin <[email protected]> ---- - tests/softpkcs11/main.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/tests/softpkcs11/main.c b/tests/softpkcs11/main.c -index 1cccdfb43..a5099fbe4 100644 ---- a/tests/softpkcs11/main.c -+++ b/tests/softpkcs11/main.c -@@ -47,7 +47,6 @@ - - #if OPENSSL_VERSION_NUMBER < 0x10100000L - #define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa) --#define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay - #define RSA_get0_key compat_rsa_get0_key - static void - compat_rsa_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, -@@ -62,6 +61,11 @@ compat_rsa_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, - } - #endif - -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \ -+ defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER <= 0x3000200fL) -+#define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay -+#endif -+ - #define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \ - { \ - unsigned char *p; \ --- -2.25.0 - diff --git a/app-crypt/mit-krb5/mit-krb5-1.18.2-r3.ebuild b/app-crypt/mit-krb5/mit-krb5-1.18.2-r3.ebuild index 3b7ff7d91e9..a80fe2ba685 100644 --- a/app-crypt/mit-krb5/mit-krb5-1.18.2-r3.ebuild +++ b/app-crypt/mit-krb5/mit-krb5-1.18.2-r3.ebuild @@ -59,9 +59,7 @@ S=${WORKDIR}/${MY_P}/src PATCHES=( "${FILESDIR}/${PN}-1.12_warn_cflags.patch" "${FILESDIR}/${PN}-config_LDFLAGS-r1.patch" - "${FILESDIR}/${PN}-1.16.3-libressl-r1.patch" "${FILESDIR}/${PN}_dont_create_run.patch" - "${FILESDIR}/${PN}-1.18-libressl.patch" "${FILESDIR}/CVE-2020-28196.patch" "${FILESDIR}/${PN}-1.18.2-krb5-config.patch" "${FILESDIR}/${PN}-1.18.2-autoconf-2.70.patch" diff --git a/app-crypt/mit-krb5/mit-krb5-1.18.3-r1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.18.3-r1.ebuild index 901b431b246..a20eb9604cb 100644 --- a/app-crypt/mit-krb5/mit-krb5-1.18.3-r1.ebuild +++ b/app-crypt/mit-krb5/mit-krb5-1.18.3-r1.ebuild @@ -59,9 +59,7 @@ S=${WORKDIR}/${MY_P}/src PATCHES=( "${FILESDIR}/${PN}-1.12_warn_cflags.patch" "${FILESDIR}/${PN}-config_LDFLAGS-r1.patch" - "${FILESDIR}/${PN}-1.16.3-libressl-r1.patch" "${FILESDIR}/${PN}_dont_create_run.patch" - "${FILESDIR}/${PN}-1.18-libressl.patch" "${FILESDIR}/${PN}-1.18.2-krb5-config.patch" )
