net-misc/openconnect: Reintroduce libressl USE.

Closes: https://github.com/gentoo/gentoo/pull/2727

4 files changed, 258 insertions, 7 deletions

diff --git a/net-misc/openconnect/files/openconnect-7.07-libressl.patch b/net-misc/openconnect/files/openconnect-7.07-libressl.patch
new file mode 100644
index 000000000000..4f9d34bceee1
--- /dev/null
+++ b/net-misc/openconnect/files/openconnect-7.07-libressl.patch
@@ -0,0 +1,77 @@
+From d4a8afc2e8693628f2de554e717458e08bcc2fcf Mon Sep 17 00:00:00 2001
+From: Aric Belsito <lluixhi@gmail.com>
+Date: Thu, 3 Nov 2016 11:37:23 -0700
+Subject: [PATCH] Fix LibreSSL Build.
+
+From Voidlinux:
+
+From d51ab5615e11af4a2c160b2b8240e5d9f3c15422 Mon Sep 17 00:00:00 2001
+From: Duncaen <duncaen@voidlinux.eu>
+Date: Wed, 13 Jul 2016 15:21:16 +0200
+Subject: [PATCH] openconnect: update to 7.07.
+---
+ openssl-esp.c | 4 ++--
+ openssl.c     | 8 ++++----
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/openssl-esp.c b/openssl-esp.c
+index 2c1aa49..bd4dce3 100644
+--- a/openssl-esp.c
++++ b/openssl-esp.c
+@@ -27,7 +27,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/rand.h>
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ #define EVP_CIPHER_CTX_free(c) do {				\
+ 				    EVP_CIPHER_CTX_cleanup(c);	\
+@@ -85,7 +85,7 @@ static int init_esp_ciphers(struct openconnect_info *vpninfo, struct esp *esp,
+ 	}
+ 	EVP_CIPHER_CTX_set_padding(esp->cipher, 0);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	esp->hmac = malloc(sizeof(*esp->hmac));
+ 	esp->pkt_hmac = malloc(sizeof(*esp->pkt_hmac));
+ 	if (!esp->hmac || &esp->pkt_hmac) {
+diff --git a/openssl.c b/openssl.c
+index 785fd2a..6007cef 100644
+--- a/openssl.c
++++ b/openssl.c
+@@ -36,11 +36,11 @@
+ #include <openssl/ui.h>
+ #include <openssl/rsa.h>
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define X509_up_ref(x) 	CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509)
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define EVP_MD_CTX_new EVP_MD_CTX_create
+ #define EVP_MD_CTX_free EVP_MD_CTX_destroy
+ #define X509_STORE_CTX_get0_chain(ctx) ((ctx)->chain)
+@@ -991,7 +991,7 @@ static int set_peer_cert_hash(struct openconnect_info *vpninfo)
+ 	return 0;
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10002000L
++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+ static int match_hostname_elem(const char *hostname, int helem_len,
+ 			       const char *match, int melem_len)
+ {
+@@ -1653,7 +1653,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
+ 	 * 4fcdd66fff5fea0cfa1055c6680a76a4303f28a2
+ 	 * cd6bd5ffda616822b52104fee0c4c7d623fd4f53
+ 	 */
+-#if OPENSSL_VERSION_NUMBER >= 0x10001070
++#if OPENSSL_VERSION_NUMBER >= 0x10001070 || defined(LIBRESSL_VERSION_NUMBER)
+ 	if (string_is_hostname(vpninfo->hostname))
+ 		SSL_set_tlsext_host_name(https_ssl, vpninfo->hostname);
+ #endif
+-- 
+2.10.2
+
diff --git a/net-misc/openconnect/openconnect-7.06-r4.ebuild b/net-misc/openconnect/openconnect-7.06-r4.ebuild
index c2727fafc799..101a61185105 100644
--- a/net-misc/openconnect/openconnect-7.06-r4.ebuild
+++ b/net-misc/openconnect/openconnect-7.06-r4.ebuild
@@ -18,7 +18,7 @@ SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz
 LICENSE="LGPL-2.1 GPL-2"
 SLOT="0/5"
 KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
-IUSE="doc +gnutls gssapi java libproxy nls smartcard static-libs stoken"
+IUSE="doc +gnutls gssapi java libproxy libressl nls smartcard static-libs stoken"
 ILINGUAS="ar cs de el en_GB en_US es eu fi fr gl id lt nl pa pl pt pt_BR sk sl tg ug uk zh_CN zh_TW"
 for lang in $ILINGUAS; do
 	IUSE="${IUSE} linguas_${lang}"
@@ -27,11 +27,13 @@ done
 DEPEND="dev-libs/libxml2
 	sys-libs/zlib
 	!gnutls? (
-		>=dev-libs/openssl-1.0.1h:0[static-libs?]
+		!libressl? ( >=dev-libs/openssl-1.0.1h:0=[static-libs?] )
+		libressl? ( dev-libs/libressl:0=[static-libs?] )
 	)
 	gnutls? (
-		>=net-libs/gnutls-3:0=[static-libs?] dev-libs/nettle
 		app-misc/ca-certificates
+		dev-libs/nettle
+		>=net-libs/gnutls-3:0=[static-libs?]
 	)
 	gssapi? ( virtual/krb5 )
 	libproxy? ( net-libs/libproxy )
diff --git a/net-misc/openconnect/openconnect-7.07-r3.ebuild b/net-misc/openconnect/openconnect-7.07-r3.ebuild
new file mode 100644
index 000000000000..b7ffa4ead534
--- /dev/null
+++ b/net-misc/openconnect/openconnect-7.07-r3.ebuild
@@ -0,0 +1,168 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="xml"
+
+inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1
+
+if [[ ${PV} == 9999 ]]; then
+	EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git"
+	inherit git-r3 autotools
+else
+	ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+fi
+VPNC_VER=20160829
+SRC_URI="${ARCHIVE_URI}
+	ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz"
+
+DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
+HOMEPAGE="http://www.infradead.org/openconnect.html"
+
+LICENSE="LGPL-2.1 GPL-2"
+SLOT="0/5"
+IUSE="doc +gnutls gssapi java libproxy libressl lz4 nls smartcard static-libs stoken"
+
+DEPEND="
+	dev-libs/libxml2
+	sys-libs/zlib
+	!gnutls? (
+		!libressl? ( >=dev-libs/openssl-1.0.1h:0=[static-libs?] )
+		libressl? ( dev-libs/libressl:0=[static-libs?] )
+	)
+	gnutls? (
+		app-misc/ca-certificates
+		dev-libs/nettle
+		>=net-libs/gnutls-3:0=[static-libs?]
+	)
+	gssapi? ( virtual/krb5 )
+	libproxy? ( net-libs/libproxy )
+	lz4? ( app-arch/lz4:= )
+	nls? ( virtual/libintl )
+	smartcard? ( sys-apps/pcsc-lite:0= )
+	stoken? ( app-crypt/stoken )"
+RDEPEND="${DEPEND}
+	sys-apps/iproute2
+	!<sys-apps/openrc-0.13"
+DEPEND="${DEPEND}
+	virtual/pkgconfig
+	doc? ( ${PYTHON_DEPS} sys-apps/groff )
+	java? ( >=virtual/jdk-1.6 )
+	nls? ( sys-devel/gettext )"
+
+CONFIG_CHECK="~TUN"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-mimic-pulse-client.patch
+	"${FILESDIR}"/${P}-libressl.patch
+)
+
+pkg_pretend() {
+	check_extra_config
+}
+
+pkg_setup() {
+	java-pkg-opt-2_pkg_setup
+}
+
+src_unpack() {
+	if [[ ${PV} == 9999 ]]; then
+		git-r3_src_unpack
+	fi
+	default
+}
+
+src_prepare() {
+	default
+	if [[ ${PV} == 9999 ]]; then
+		eautoreconf
+	fi
+}
+
+src_configure() {
+	if [[ ${LINGUAS+set} == set ]]; then
+		strip-linguas -u po
+		echo "${LINGUAS}" > po/LINGUAS || die
+	fi
+
+	if use doc; then
+		python_setup
+	else
+		# If the python cannot be found, the docs will not build
+		sed -e 's#"${ac_cv_path_PYTHON}"#""#' -i configure || die
+	fi
+
+	# liboath not in portage
+	econf \
+		--with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" \
+		$(use_enable static-libs static) \
+		$(use_enable nls ) \
+		$(use_with !gnutls openssl) \
+		$(use_with gnutls ) \
+		$(use_with libproxy) \
+		$(use_with lz4) \
+		$(use_with gssapi) \
+		$(use_with smartcard libpcsclite) \
+		$(use_with stoken) \
+		$(use_with java)
+}
+
+DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels.
+
+You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d
+instead of calling it directly:
+
+ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0
+
+You can then start the vpn tunnel like this:
+
+/etc/init.d/openconnect.vpn0 start
+
+If you would like to run preup, postup, predown, and/or postdown scripts,
+You need to create a directory in /etc/openconnect with the name of the vpn:
+
+mkdir /etc/openconnect/vpn0
+
+Then add executable shell files:
+
+mkdir /etc/openconnect/vpn0
+cd /etc/openconnect/vpn0
+echo '#!/bin/sh' > preup.sh
+cp preup.sh predown.sh
+cp preup.sh postup.sh
+cp preup.sh postdown.sh
+chmod 755 /etc/openconnect/vpn0/*
+"
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	dodoc AUTHORS TODO
+	newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect
+	dodir /etc/openconnect
+	insinto /etc/openconnect
+	newconfd "${FILESDIR}"/openconnect.conf.in openconnect
+	exeinto /etc/openconnect
+	newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/openconnect.logrotate openconnect
+	keepdir /var/log/openconnect
+
+	# Remove useless .la files
+	prune_libtool_files --all
+
+	readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	readme.gentoo_print_elog
+	if [[ -z ${REPLACING_VERSIONS} ]]; then
+		elog
+		elog "You may want to consider installing the following optional packages."
+		optfeature "resolvconf support" net-dns/openresolv
+	fi
+}
diff --git a/net-misc/openconnect/openconnect-9999.ebuild b/net-misc/openconnect/openconnect-9999.ebuild
index 4abd3db278a0..7e5fb543bcb6 100644
--- a/net-misc/openconnect/openconnect-9999.ebuild
+++ b/net-misc/openconnect/openconnect-9999.ebuild
@@ -25,16 +25,19 @@ HOMEPAGE="http://www.infradead.org/openconnect.html"
 
 LICENSE="LGPL-2.1 GPL-2"
 SLOT="0/5"
-IUSE="doc +gnutls gssapi java libproxy lz4 nls smartcard static-libs stoken"
+IUSE="doc +gnutls gssapi java libproxy libressl lz4 nls smartcard static-libs stoken"
 
-DEPEND="dev-libs/libxml2
+DEPEND="
+	dev-libs/libxml2
 	sys-libs/zlib
 	!gnutls? (
-		>=dev-libs/openssl-1.0.1h:0[static-libs?]
+		!libressl? ( >=dev-libs/openssl-1.0.1h:0=[static-libs?] )
+		libressl? ( dev-libs/libressl:0=[static-libs?] )
 	)
 	gnutls? (
-		>=net-libs/gnutls-3:0=[static-libs?] dev-libs/nettle
 		app-misc/ca-certificates
+		dev-libs/nettle
+		>=net-libs/gnutls-3:0=[static-libs?]
 	)
 	gssapi? ( virtual/krb5 )
 	libproxy? ( net-libs/libproxy )
@@ -91,6 +94,7 @@ src_configure() {
 	# liboath not in portage
 	econf \
 		--with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" \
+		--without-openssl-version-check \
 		$(use_enable static-libs static) \
 		$(use_enable nls ) \
 		$(use_with !gnutls openssl) \