[gentoo-commits] repo/gentoo:master commit in: dev-libs/iksemel/, dev-libs/iksemel/files/

Patrice Clement Thu, 02 Jun 2016 01:46:03 -0700

commit:     6f6313a970a74e43d7d983f71da91ae1c20c6091
Author:     Craig Andrews <candrews <AT> integralblue <DOT> com>
AuthorDate: Mon May 30 22:16:54 2016 +0000
Commit:     Patrice Clement <monsieurp <AT> gentoo <DOT> org>
CommitDate: Thu Jun  2 08:16:59 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f6313a9


dev-libs/iksemel: Fix building with >=net-libs/gnutls-3.4.0

Package-Manager: portage-2.3.0_rc1
Gentoo-Bug: https://bugs.gentoo.org/582752
Closes: https://github.com/gentoo/gentoo/pull/1561

Signed-off-by: Patrice Clement <monsieurp <AT> gentoo.org>

 .../iksemel/files/iksemel-1.4-gnutls-3.4.patch     | 38 ++++++++++++++++++++++
 dev-libs/iksemel/iksemel-1.4.ebuild                |  3 +-
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/dev-libs/iksemel/files/iksemel-1.4-gnutls-3.4.patch 
b/dev-libs/iksemel/files/iksemel-1.4-gnutls-3.4.patch
new file mode 100644
index 0000000..bf09e17
--- /dev/null
+++ b/dev-libs/iksemel/files/iksemel-1.4-gnutls-3.4.patch
@@ -0,0 +1,38 @@
+Last-Update: 2015-10-28
+Bug-Upstream: https://github.com/meduketto/iksemel/issues/48
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803204
+From: Marc Dequènes (duck) <[email protected]>
+Description: fix security problem (and compatibility problem with servers 
rejecting low grade ciphers).
+
+--- a/src/stream.c
++++ b/src/stream.c
+@@ -62,13 +62,9 @@
+ 
+ static int
+ handshake (struct stream_data *data)
+ {
+-      const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
+-      const int kx_priority[] = { GNUTLS_KX_RSA, 0 };
+-      const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, 
GNUTLS_CIPHER_ARCFOUR, 0};
+-      const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
+-      const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
++      const char *priority_string = 
"SECURE256:+SECURE192:-VERS-TLS-ALL:+VERS-TLS1.2";
+       int ret;
+ 
+       if (gnutls_global_init () != 0)
+               return IKS_NOMEM;
+@@ -79,13 +75,9 @@
+       if (gnutls_init (&data->sess, GNUTLS_CLIENT) != 0) {
+               gnutls_certificate_free_credentials (data->cred);
+               return IKS_NOMEM;
+       }
+-      gnutls_protocol_set_priority (data->sess, protocol_priority);
+-      gnutls_cipher_set_priority(data->sess, cipher_priority);
+-      gnutls_compression_set_priority(data->sess, comp_priority);
+-      gnutls_kx_set_priority(data->sess, kx_priority);
+-      gnutls_mac_set_priority(data->sess, mac_priority);
++      gnutls_priority_set_direct(data->sess, priority_string, NULL);
+       gnutls_credentials_set (data->sess, GNUTLS_CRD_CERTIFICATE, data->cred);
+ 
+       gnutls_transport_set_push_function (data->sess, (gnutls_push_func) 
tls_push);
+       gnutls_transport_set_pull_function (data->sess, (gnutls_pull_func) 
tls_pull);

diff --git a/dev-libs/iksemel/iksemel-1.4.ebuild 
b/dev-libs/iksemel/iksemel-1.4.ebuild
index 068c794..9496f09 100644
--- a/dev-libs/iksemel/iksemel-1.4.ebuild
+++ b/dev-libs/iksemel/iksemel-1.4.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2012 Gentoo Foundation
+# Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
@@ -21,6 +21,7 @@ DEPEND="${RDEPEND}
 
 src_prepare() {
        epatch "${FILESDIR}/${PN}-1.3-gnutls-2.8.patch"
+       epatch "${FILESDIR}/${PN}-1.4-gnutls-3.4.patch"
        eautoreconf
 }

[gentoo-commits] repo/gentoo:master commit in: dev-libs/iksemel/, dev-libs/iksemel/files/

Reply via email to