summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2011-02-20 18:30:02 +0000
committerMike Frysinger <vapier@gentoo.org>2011-02-20 18:30:02 +0000
commitd22974785edc8f4bf554c0571c7f964df7457dd0 (patch)
tree8cb6f50a4c28b2ace4460a2f432216b7902040db
parentCorrect -berkdb option to configure script. Thanks to Jan Psota. Remove old. (diff)
downloadhistorical-d22974785edc8f4bf554c0571c7f964df7457dd0.tar.gz
historical-d22974785edc8f4bf554c0571c7f964df7457dd0.tar.bz2
historical-d22974785edc8f4bf554c0571c7f964df7457dd0.zip
Add patch from Debian to fix SSL verification issues #253847 by Bruno Buss.
Package-Manager: portage-2.2.0_alpha24/cvs/Linux x86_64
-rw-r--r--www-client/links/ChangeLog8
-rw-r--r--www-client/links/Manifest10
-rw-r--r--www-client/links/files/links-2.3_pre1-verify-ssl-certs.patch65
-rw-r--r--www-client/links/links-2.3_pre1-r1.ebuild131
4 files changed, 209 insertions, 5 deletions
diff --git a/www-client/links/ChangeLog b/www-client/links/ChangeLog
index 8f43cfc9c839..962d32255829 100644
--- a/www-client/links/ChangeLog
+++ b/www-client/links/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for www-client/links
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-client/links/ChangeLog,v 1.126 2011/02/20 17:59:29 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-client/links/ChangeLog,v 1.127 2011/02/20 18:30:01 vapier Exp $
+
+*links-2.3_pre1-r1 (20 Feb 2011)
+
+ 20 Feb 2011; Mike Frysinger <vapier@gentoo.org> +links-2.3_pre1-r1.ebuild,
+ +files/links-2.3_pre1-verify-ssl-certs.patch:
+ Add patch from Debian to fix SSL verification issues #253847 by Bruno Buss.
20 Feb 2011; Mike Frysinger <vapier@gentoo.org> links-2.3_pre1.ebuild,
+files/links-2.3_pre1-libpng-1.5.patch:
diff --git a/www-client/links/Manifest b/www-client/links/Manifest
index 8a1a128c81d6..89f42618f72c 100644
--- a/www-client/links/Manifest
+++ b/www-client/links/Manifest
@@ -3,17 +3,19 @@ Hash: SHA256
AUX configure-LANG.patch 2052 RMD160 91f5b90600dfccb10c4e2308a5a1485275fdfeee SHA1 56ecd1d6f2e4bd0b35ac108be72a4f6f60212c38 SHA256 63de6d2dcfe14f21d147abeb1390405b9220c03f8e968f482d4b4c1cf279c88b
AUX links-2.3_pre1-libpng-1.5.patch 1232 RMD160 999358a40826d30d55eb4222358f71a7f30af9a1 SHA1 13018fbd6e89d3d64bfe436f1e681dec03b5cb15 SHA256 9109075a010ffe68f5b295a70adf573f5ec77d2ff204a7768b8f78e64eb6256a
+AUX links-2.3_pre1-verify-ssl-certs.patch 1840 RMD160 7f38e7ddb1af06fc55cd23a749c02a7afbc0f8c3 SHA1 4726405578261027c3d28177eae02d4d808c480f SHA256 5fb7df573de849a2bfa7ad9b7c6ce150afe3f2c42a862945fabd57ca5ae66c34
DIST links-2.1pre33-utf8.diff.bz2 4793 RMD160 e946efd34031bd1176b39278ef19b6536214738a SHA1 bc6800c89d5a33caffdb69f20e14126885eee7bc SHA256 a34de30b787e6bab984cd5000c7a576f157437f622e9fe3a076808769a56db75
DIST links-2.2.tar.bz2 3832115 RMD160 fe051b2655a67e004fdf682045349664611a3101 SHA1 7588c151e98057f83a2e0b81b3f467e7eee9f824 SHA256 d3c60ff425bec5aacd1b15578a643c03090ad73fbb404f6ce8ee8c6219bdbc6d
DIST links-2.3pre1.tar.bz2 3832651 RMD160 f0cfc8c48c7d5fb759ac58b7f7a00275480ac3de SHA1 6d420a5c4514b45ee245fd3933d2a8cfa6eae76d SHA256 21ab49f2f24359ef2d0e634a7926f76419084bd792af28746323b2f16c229bde
EBUILD links-2.2.ebuild 3709 RMD160 dc6be1dee2fd49038e38b774268ded2b2ab33038 SHA1 1b38bbc5b54204bdbcb93727da8f7a1cc4705949 SHA256 16643bf5c60048806cd586960a4bac7a7fc70c1c2700bd976fa00bb921bc6ae1
+EBUILD links-2.3_pre1-r1.ebuild 3478 RMD160 c97c88961311b628cb0a45c65c349f653f6a3f2c SHA1 b50a553f395b9945a52b6eefea64574ecf4c5090 SHA256 1170b16a06b57774c4e20af8fd8ad3230585bd7a584501387a90daed147bafd4
EBUILD links-2.3_pre1.ebuild 3417 RMD160 f38281f12fba9658860422c093eaecebfa39f100 SHA1 9a08e1ef145f49f49093f059ab839b20077e8f65 SHA256 b30f06eb343fa1c5023ecf7a0170b881acdee47e84b690bf45bd8beda427e7df
-MISC ChangeLog 27593 RMD160 209e4baa32ec308b5e00504b5801adab0c4f5c73 SHA1 40d860766494b4330aa23d4c73336cb4bd28e830 SHA256 0e016d34e2f6c707b259c03632ff82670a7abd33aaea88d47e23303520cf3445
+MISC ChangeLog 27831 RMD160 3499c4b547253480a6fddf50f94e98e49c56435b SHA1 e9e35ef34e0c4c89b2803f8c2b0bcb069abec99d SHA256 b13c8cb37dfb1bb543466f57635699f0ca948787e987fb49c38f9589479b8d7b
MISC metadata.xml 258 RMD160 0b90768495f1b1c9526868f42acb9d57a7755f8a SHA1 832935fff75730ec522cf03fb8f9b349f5cf2be0 SHA256 8d2e5dab18805dccb701c1d05eddedc6b16233bf3dd3d0b2fbd05321359e56e3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
-iF4EAREIAAYFAk1hVogACgkQaC/OocHi7JbXmwD/V8BWp8GtdPwk8DdTwBOmS+dq
-1KwBbLdeQOK7zPt/w74A/1q2qUZgmwq+R+Bcq8sFF5YYCBbf3Izfitq9P+Pyz7Hh
-=9FIx
+iF4EAREIAAYFAk1hXbEACgkQaC/OocHi7JZhXwD7BWBW2NKzkechN9bHxRFpI+ZI
+bR5Ak0fXny+SRtY4g5cA/i84k675GX047rJG6vsRcLW62SQj153SxHl7U2o1M0P0
+=65ky
-----END PGP SIGNATURE-----
diff --git a/www-client/links/files/links-2.3_pre1-verify-ssl-certs.patch b/www-client/links/files/links-2.3_pre1-verify-ssl-certs.patch
new file mode 100644
index 000000000000..05975972e5f1
--- /dev/null
+++ b/www-client/links/files/links-2.3_pre1-verify-ssl-certs.patch
@@ -0,0 +1,65 @@
+snipped from Debian
+http://bugs.gentoo.org/253847
+
+Patch to abort if SSL certificate isn't valid to fix #510417.
+
+Patch by Mats Erik Andersson <mats.andersson@gisladisker.se> as posted at
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510417
+
+Index: links2-2.3pre1/https.c
+===================================================================
+--- links2-2.3pre1.orig/https.c 2009-05-17 21:33:01.000000000 +0200
++++ links2-2.3pre1/https.c 2010-07-08 18:36:22.000000000 +0200
+@@ -25,8 +25,40 @@
+
+ #ifdef HAVE_SSL
+
++#define VERIFY_DEPTH 10
++
+ SSL_CTX *context = NULL;
+
++static int verify_cert(int code, X509_STORE_CTX *context)
++{
++ int error, depth;
++
++ error = X509_STORE_CTX_get_error(context);
++ depth = X509_STORE_CTX_get_error_depth(context);
++
++ if (depth > VERIFY_DEPTH) {
++ error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
++ code = 0;
++ }
++
++ if (!code) {
++ /* Judge self signed certificates as acceptable. */
++ if (error == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
++ error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) {
++ code = 1;
++ } else {
++ fprintf(stderr, "Verification failure: %s\n",
++ X509_verify_cert_error_string(error));
++ if (depth > VERIFY_DEPTH) {
++ fprintf(stderr, "Excessive depth %d, set depth %d.\n",
++ depth, VERIFY_DEPTH);
++ }
++ }
++ }
++
++ return code;
++} /* verify_cert */
++
+ SSL *getSSL(void)
+ {
+ if (!context) {
+@@ -44,8 +76,10 @@
+ if (!m) return NULL;
+ context = SSL_CTX_new(m);
+ if (!context) return NULL;
+- SSL_CTX_set_options(context, SSL_OP_ALL);
++ SSL_CTX_set_options(context, SSL_OP_NO_SSLv2 | SSL_OP_ALL);
++ SSL_CTX_set_mode(context, SSL_MODE_AUTO_RETRY);
+ SSL_CTX_set_default_verify_paths(context);
++ SSL_CTX_set_verify(context, SSL_VERIFY_PEER, verify_cert);
+ /* needed for systems without /dev/random, but obviously kills security. */
+ /*{
+ char pool[32768];
diff --git a/www-client/links/links-2.3_pre1-r1.ebuild b/www-client/links/links-2.3_pre1-r1.ebuild
new file mode 100644
index 000000000000..e8442bb420f8
--- /dev/null
+++ b/www-client/links/links-2.3_pre1-r1.ebuild
@@ -0,0 +1,131 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-client/links/links-2.3_pre1-r1.ebuild,v 1.1 2011/02/20 18:30:01 vapier Exp $
+
+# SDL support is disabled in this version by upstream
+
+EAPI="2"
+
+inherit eutils autotools
+
+# To handle pre-version ...
+MY_P="${P/_/}"
+DESCRIPTION="links is a fast lightweight text and graphic web-browser"
+HOMEPAGE="http://links.twibright.com/"
+SRC_URI="http://links.twibright.com/download/${MY_P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x86-fbsd ~ia64-hpux ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 directfb fbcon gpm jpeg livecd ssl svga tiff unicode X zlib"
+
+# Note: if X or fbcon usegflag are enabled, links will be built in graphic
+# mode. libpng is required to compile links in graphic mode
+# (not required in text mode), so let's add libpng for X? and fbcon?
+
+# We've also made USE=livecd compile in graphics mode. This closes bug #75685.
+
+# sdl? ( >=media-libs/libsdl-1.2.0 )
+RDEPEND="ssl? ( >=dev-libs/openssl-0.9.6c )
+ gpm? ( sys-libs/gpm )
+ jpeg? ( virtual/jpeg )
+ fbcon? (
+ >=media-libs/libpng-1.4
+ virtual/jpeg
+ sys-libs/gpm
+ )
+ tiff? ( >=media-libs/tiff-3.5.7 )
+ svga? (
+ >=media-libs/svgalib-1.4.3
+ >=media-libs/libpng-1.4
+ )
+ X? (
+ x11-libs/libXext
+ >=media-libs/libpng-1.4
+ )
+ directfb? ( dev-libs/DirectFB )
+ sys-libs/ncurses
+ livecd? (
+ >=media-libs/libpng-1.4
+ virtual/jpeg
+ sys-libs/gpm
+ )"
+DEPEND="${RDEPEND}
+ dev-util/pkgconfig"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-libpng-1.5.patch
+ epatch "${FILESDIR}"/${P}-verify-ssl-certs.patch #253847
+
+ if use unicode ; then
+ pushd intl >/dev/null
+ ./gen-intl || die
+ ./synclang || die
+ popd >/dev/null
+ fi
+
+ # Upstream configure produced by broken autoconf-2.13. See #131440 and
+ # #103483#c23. This also fixes toolchain detection.
+ eautoconf || die
+}
+
+src_configure() {
+ local myconf
+
+ if use X || use fbcon || use directfb || use svga || use livecd ; then
+ myconf="${myconf} --enable-graphics"
+ fi
+
+ # Note: --enable-static breaks.
+
+ # Note: ./configure only support 'gpm' features auto-detection, so
+ # we use the autoconf trick
+ ( use gpm || use fbcon || use livecd ) || export ac_cv_lib_gpm_Gpm_Open="no"
+
+ if use fbcon || use livecd ; then
+ myconf="${myconf} --with-fb"
+ else
+ myconf="${myconf} --without-fb"
+ fi
+
+ # force --with-libjpeg if livecd flag is set
+ if use livecd ; then
+ myconf="${myconf} --with-libjpeg"
+ fi
+
+ # $(use_with sdl)
+ econf \
+ $(use_with X x) \
+ $(use_with jpeg libjpeg) \
+ $(use_with tiff libtiff) \
+ $(use_with svga svgalib) \
+ $(use_with directfb) \
+ $(use_with ssl) \
+ $(use_with zlib) \
+ $(use_with bzip2) \
+ ${myconf}
+}
+
+src_install() {
+ emake install DESTDIR="${D}" || die
+
+ # Only install links icon if X driver was compiled in ...
+ use X && doicon graphics/links.xpm
+
+ dodoc AUTHORS BUGS ChangeLog NEWS README SITES TODO
+ dohtml doc/links_cal/*
+
+ # Install a compatibility symlink links2:
+ dosym links /usr/bin/links2
+}
+
+pkg_postinst() {
+ if use svga ; then
+ elog "You had the svga USE flag enabled, but for security reasons"
+ elog "the links2 binary is NOT setuid by default. In order to"
+ elog "enable links2 to work in SVGA, please change the permissions"
+ elog "of /usr/bin/links2 to enable suid."
+ fi
+}