gentoo resync : 03.03.2019

2 files changed, 114 insertions, 0 deletions

diff --git a/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch b/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch
new file mode 100644
index 000000000000..210189cd4d4d
--- /dev/null
+++ b/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch
@@ -0,0 +1,49 @@
+From 4faf695e3c42a81131c2aae96c4a60228aa237a5 Mon Sep 17 00:00:00 2001
+From: Stefan Strogin <stefan.strogin@gmail.com>
+Date: Sat, 23 Feb 2019 20:13:41 +0200
+Subject: [PATCH] Fix compilation with LibreSSL
+
+TLS 1.3 is not ready yet in LibreSSL.
+Also SSL_get1_supported_ciphers() has been just added into master (not yet
+released).
+
+Upstream-Status: Submitted [https://github.com/OpenVPN/openvpn/pull/123]
+Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com>
+---
+ src/openvpn/ssl_openssl.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
+index a78dae99..6a8fcef3 100644
+--- a/src/openvpn/ssl_openssl.c
++++ b/src/openvpn/ssl_openssl.c
+@@ -459,7 +459,7 @@ tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
+         return;
+     }
+ 
+-#if (OPENSSL_VERSION_NUMBER < 0x1010100fL)
++#if (OPENSSL_VERSION_NUMBER < 0x1010100fL) || defined(LIBRESSL_VERSION_NUMBER)
+         crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "
+                        "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
+                         ciphers);
+@@ -1846,7 +1846,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
+         crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
+     }
+ 
+-#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL)
++#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER))
+     if (tls13)
+     {
+         SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION);
+@@ -1867,7 +1867,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
+         crypto_msg(M_FATAL, "Cannot create SSL object");
+     }
+ 
+-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
++#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
+     STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
+ #else
+     STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
+-- 
+2.20.1
+
diff --git a/net-vpn/openvpn/files/openvpn-2.5-external-cmocka.patch b/net-vpn/openvpn/files/openvpn-2.5-external-cmocka.patch
new file mode 100644
index 000000000000..d339dcd558b1
--- /dev/null
+++ b/net-vpn/openvpn/files/openvpn-2.5-external-cmocka.patch
@@ -0,0 +1,65 @@
+diff --git a/configure.ac b/configure.ac
+index 1e6891b1..c801789c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1312,6 +1312,21 @@ if test "${enable_async_push}" = "yes"; then
+        )
+ fi
+
++AC_ARG_ENABLE(
++       [tests],
++       AS_HELP_STRING([--enable-tests], [enable unit tests @<:@default=no@:>@])
++)
++
++if test "${enable_tests}" = "yes"; then
++       PKG_CHECK_MODULES([CMOCKA], [cmocka])
++       TEST_CFLAGS="${CMOCKA_CFLAGS}"
++       TEST_LDFLAGS="${CMOCKA_LIBS}"
++       AC_SUBST([TEST_CFLAGS])
++       AC_SUBST([TEST_LDFLAGS])
++fi
++AM_CONDITIONAL([ENABLE_TESTS], [test "${enable_tests}" = "yes"])
++AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
++
+ CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
+ AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
+
+@@ -1360,27 +1375,6 @@ AC_SUBST([VENDOR_SRC_ROOT])
+ AC_SUBST([VENDOR_BUILD_ROOT])
+ AC_SUBST([VENDOR_DIST_ROOT])
+
+-TEST_LDFLAGS="${OPTIONAL_CRYPTO_LIBS} ${OPTIONAL_PKCS11_LIBS} -lcmocka -L\$(abs_top_builddir)/vendor/dist/lib -Wl,-rpath,\$(abs_top_builddir)/vendor/dist/lib"
+-TEST_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${OPTIONAL_PKCS11_CFLAGS} -I\$(top_srcdir)/include -I\$(abs_top_builddir)/vendor/dist/include"
+-
+-AC_SUBST([TEST_LDFLAGS])
+-AC_SUBST([TEST_CFLAGS])
+-
+-# Check if cmake is available and cmocka git submodule is initialized,
+-# needed for unit testing
+-AC_CHECK_PROGS([CMAKE], [cmake])
+-if test -n "${CMAKE}"; then
+-   if test -f "${srcdir}/vendor/cmocka/CMakeLists.txt"; then
+-      AM_CONDITIONAL([CMOCKA_INITIALIZED], [true])
+-   else
+-      AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
+-      AC_MSG_RESULT([!! WARNING !! The cmoka git submodule has not been initialized or updated.  Unit testing cannot be performed.])
+-   fi
+-else
+-   AC_MSG_RESULT([!! WARNING !! CMake is NOT available.  Unit testing cannot be performed.])
+-   AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
+-fi
+-
+
+ AC_CONFIG_FILES([
+        version.sh
+diff --git a/tests/unit_tests/Makefile.am b/tests/unit_tests/Makefile.am
+index 31d37b89..4b7fb41d 100644
+--- a/tests/unit_tests/Makefile.am
++++ b/tests/unit_tests/Makefile.am
+@@ -1,5 +1,5 @@
+ AUTOMAKE_OPTIONS = foreign
+
+-if CMOCKA_INITIALIZED
++if ENABLE_TESTS
+ SUBDIRS = example_test openvpn plugins
+ endif