net-voip/telepathy-gabble: Fix build with openssl-1.1

Closes: https://bugs.gentoo.org/658902
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

2 files changed, 314 insertions, 0 deletions

diff --git a/net-voip/telepathy-gabble/files/telepathy-gabble-0.18.4-openssl-1.1.patch b/net-voip/telepathy-gabble/files/telepathy-gabble-0.18.4-openssl-1.1.patch
new file mode 100644
index 000000000000..0e0d647b700c
--- /dev/null
+++ b/net-voip/telepathy-gabble/files/telepathy-gabble-0.18.4-openssl-1.1.patch
@@ -0,0 +1,223 @@
+From 68e7fb2f17dd9348e586ef676d8138c4b849a1ce Mon Sep 17 00:00:00 2001
+From: Roel Aaij <roel.aaij@nikhef.nl>
+Date: Fri, 26 Oct 2018 15:01:37 +0200
+Subject: [PATCH] openssl: fix build with openssl >= 1.1.0
+
+---
+ wocky/wocky-openssl-dh1024.c | 10 ++++++++++
+ wocky/wocky-openssl-dh2048.c | 10 ++++++++++
+ wocky/wocky-openssl-dh4096.c | 10 ++++++++++
+ wocky/wocky-openssl-dh512.c  | 10 ++++++++++
+ wocky/wocky-openssl.c        | 38 ++++++++++++++++++++++++++++++++----
+ 5 files changed, 74 insertions(+), 4 deletions(-)
+
+diff --git a/lib/ext/wocky/wocky/wocky-openssl-dh1024.c b/lib/ext/wocky/wocky/wocky-openssl-dh1024.c
+index b77fb4c..bb50523 100644
+--- a/lib/ext/wocky/wocky/wocky-openssl-dh1024.c
++++ b/lib/ext/wocky/wocky/wocky-openssl-dh1024.c
+@@ -25,11 +25,21 @@ DH *get_dh1024(void)
+ 		0x02,
+ 		};
+ 	DH *dh;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++	int r = 0;
++#endif
+ 
+ 	if ((dh=DH_new()) == NULL) return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++	r = DH_set0_pqg(dh, BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL),
++					NULL, BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL));
++	if (!r)
++		{ DH_free(dh); return(NULL); }
++#else
+ 	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+ 	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+ 	if ((dh->p == NULL) || (dh->g == NULL))
+ 		{ DH_free(dh); return(NULL); }
++#endif
+ 	return(dh);
+ 	}
+diff --git a/lib/ext/wocky/wocky/wocky-openssl-dh2048.c b/lib/ext/wocky/wocky/wocky-openssl-dh2048.c
+index c16deb7..d53ceda 100644
+--- a/lib/ext/wocky/wocky/wocky-openssl-dh2048.c
++++ b/lib/ext/wocky/wocky/wocky-openssl-dh2048.c
+@@ -36,11 +36,21 @@ DH *get_dh2048(void)
+ 		0x02,
+ 		};
+ 	DH *dh;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++	int r = 0;
++#endif
+ 
+ 	if ((dh=DH_new()) == NULL) return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++	r = DH_set0_pqg(dh, BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL),
++						NULL, BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL));
++	if (!r)
++		{ DH_free(dh); return(NULL); }
++#else
+ 	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+ 	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+ 	if ((dh->p == NULL) || (dh->g == NULL))
+ 		{ DH_free(dh); return(NULL); }
++#endif
+ 	return(dh);
+ 	}
+diff --git a/lib/ext/wocky/wocky/wocky-openssl-dh4096.c b/lib/ext/wocky/wocky/wocky-openssl-dh4096.c
+index 2854385..93fa7e5 100644
+--- a/lib/ext/wocky/wocky/wocky-openssl-dh4096.c
++++ b/lib/ext/wocky/wocky/wocky-openssl-dh4096.c
+@@ -57,11 +57,21 @@ DH *get_dh4096(void)
+ 		0x02,
+ 		};
+ 	DH *dh;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++	int r = 0;
++#endif
+ 
+ 	if ((dh=DH_new()) == NULL) return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++	r = DH_set0_pqg(dh, BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL),
++						NULL, BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL));
++	if (!r)
++		{ DH_free(dh); return(NULL); }
++#else
+ 	dh->p=BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL);
+ 	dh->g=BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL);
+ 	if ((dh->p == NULL) || (dh->g == NULL))
+ 		{ DH_free(dh); return(NULL); }
++#endif
+ 	return(dh);
+ 	}
+diff --git a/lib/ext/wocky/wocky/wocky-openssl-dh512.c b/lib/ext/wocky/wocky/wocky-openssl-dh512.c
+index 8e7a278..c2891cd 100644
+--- a/lib/ext/wocky/wocky/wocky-openssl-dh512.c
++++ b/lib/ext/wocky/wocky/wocky-openssl-dh512.c
+@@ -20,11 +20,21 @@ DH *get_dh512(void)
+ 		0x02,
+ 		};
+ 	DH *dh;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++	int r = 0;
++#endif
+ 
+ 	if ((dh=DH_new()) == NULL) return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++	r = DH_set0_pqg(dh, BN_bin2bn(dh512_p,sizeof(dh512_p),NULL),
++					NULL, BN_bin2bn(dh512_g,sizeof(dh512_g),NULL));
++	if (!r)
++	   { DH_free(dh); return(NULL); }
++#else
+ 	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+ 	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+ 	if ((dh->p == NULL) || (dh->g == NULL))
+ 		{ DH_free(dh); return(NULL); }
++#endif
+ 	return(dh);
+ 	}
+diff --git a/lib/ext/wocky/wocky/wocky-openssl.c b/lib/ext/wocky/wocky/wocky-openssl.c
+index 2201213..18f9981 100644
+--- a/lib/ext/wocky/wocky/wocky-openssl.c
++++ b/lib/ext/wocky/wocky/wocky-openssl.c
+@@ -885,7 +885,11 @@ check_peer_name (const char *target, X509 *cert)
+   int i;
+   gboolean rval = FALSE;
+   X509_NAME *subject = X509_get_subject_name (cert);
+-  X509_CINF *ci = cert->cert_info;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++  const STACK_OF(X509_EXTENSION)* extensions = X509_get0_extensions(cert);
++#else
++  const STACK_OF(X509_EXTENSION)* extensions = cert->cert_info->extensions;
++#endif
+   static const long nid[] = { NID_commonName, NID_subject_alt_name, NID_undef };
+ 
+   /* first, see if the x509 name contains the info we want: */
+@@ -906,16 +910,21 @@ check_peer_name (const char *target, X509 *cert)
+    * and extract the subject_alt_name from the x509 v3 extensions: if that   *
+    * extension is present, and a string, use that. If it is present, and     *
+    * a multi-value stack, trawl it for the "DNS" entry and use that          */
+-  if (!rval && (ci->extensions != NULL))
+-    for (i = 0; i < sk_X509_EXTENSION_num(ci->extensions) && !rval; i++)
++  if (!rval && (extensions != NULL))
++    for (i = 0; i < sk_X509_EXTENSION_num(extensions) && !rval; i++)
+       {
+-        X509_EXTENSION *ext = sk_X509_EXTENSION_value (ci->extensions, i);
++        X509_EXTENSION *ext = sk_X509_EXTENSION_value (extensions, i);
+         ASN1_OBJECT *obj = X509_EXTENSION_get_object (ext);
+         X509V3_EXT_METHOD *convert = NULL;
+         long ni = OBJ_obj2nid (obj);
+         const guchar *p;
+         char *value = NULL;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++        const ASN1_OCTET_STRING* ext_value = X509_EXTENSION_get_data(ext);
++        int len = ASN1_STRING_length(ext_value);
++#else
+         int len = ext->value->length;
++#endif
+         void *ext_str = NULL;
+ 
+         if (ni != NID_subject_alt_name)
+@@ -927,7 +936,11 @@ check_peer_name (const char *target, X509 *cert)
+         if ((convert = (X509V3_EXT_METHOD *) X509V3_EXT_get (ext)) == NULL)
+           continue;
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++        p = ASN1_STRING_get0_data(ext_value);
++#else
+         p = ext->value->data;
++#endif
+         ext_str = ((convert->it != NULL) ?
+                    ASN1_item_d2i (NULL, &p, len, ASN1_ITEM_ptr(convert->it)) :
+                    convert->d2i (NULL, &p, len) );
+@@ -1120,13 +1133,22 @@ _cert_status (WockyTLSSession *session,
+           X509_STORE *store = SSL_CTX_get_cert_store(session->ctx);
+           X509 *cert = SSL_get_peer_certificate (session->ssl);
+           STACK_OF(X509) *chain = SSL_get_peer_cert_chain (session->ssl);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++          X509_VERIFY_PARAM* param = X509_STORE_get0_param(store);
++          long old_flags = X509_VERIFY_PARAM_get_flags(param);
++#else
+           long old_flags = store->param->flags;
++#endif
+           long new_flags = old_flags;
+           DEBUG("No CRL available, but not in strict mode - re-verifying");
+ 
+           new_flags &= ~(X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++          X509_VERIFY_PARAM_set_flags(param, new_flags);
++#else
+           store->param->flags = new_flags;
++#endif
+           X509_STORE_CTX_init (xctx, store, cert, chain);
+           X509_STORE_CTX_set_flags (xctx, new_flags);
+ 
+@@ -1136,7 +1158,11 @@ _cert_status (WockyTLSSession *session,
+               status = _cert_status (session, new_code, level, ssl_code);
+             }
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++          X509_VERIFY_PARAM_set_flags(param, old_flags);
++#else
+           store->param->flags = old_flags;
++#endif
+           X509_STORE_CTX_free (xctx);
+           X509_free (cert);
+ 
+@@ -1675,12 +1701,16 @@ wocky_tls_session_init (WockyTLSSession *session)
+ 
+   if G_UNLIKELY (g_once_init_enter (&initialised))
+     {
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++      DEBUG ("initialising SSL library and error strings");
++#else
+       gint malloc_init_succeeded;
+ 
+       DEBUG ("initialising SSL library and error strings");
+ 
+       malloc_init_succeeded = CRYPTO_malloc_init ();
+       g_warn_if_fail (malloc_init_succeeded);
++#endif
+ 
+       SSL_library_init ();
+       SSL_load_error_strings ();
diff --git a/net-voip/telepathy-gabble/telepathy-gabble-0.18.4-r1.ebuild b/net-voip/telepathy-gabble/telepathy-gabble-0.18.4-r1.ebuild
new file mode 100644
index 000000000000..fee27c8404b3
--- /dev/null
+++ b/net-voip/telepathy-gabble/telepathy-gabble-0.18.4-r1.ebuild
@@ -0,0 +1,91 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+# Python is used during build for some scripted source files generation (and twisted tests)
+PYTHON_COMPAT=( python2_7 )
+
+inherit gnome2 python-any-r1
+
+DESCRIPTION="A XMPP connection manager, handles single and multi user chats and voice calls"
+HOMEPAGE="https://telepathy.freedesktop.org/"
+SRC_URI="https://telepathy.freedesktop.org/releases/${PN}/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-linux"
+IUSE="gnutls +jingle libressl plugins test"
+
+# Prevent false positives due nested configure
+QA_CONFIGURE_OPTIONS=".*"
+
+# FIXME: missing sasl-2 for tests ? (automagic)
+# missing libiphb for wocky ?
+# x11-libs/gtksourceview:3.0 needed by telepathy-gabble-xmpp-console, bug #495184
+# Keep in mind some deps or higher minimum versions are in ext/wocky/configure.ac
+RDEPEND="
+	>=dev-libs/glib-2.44:2
+	>=sys-apps/dbus-1.1.0
+	>=dev-libs/dbus-glib-0.82
+	>=net-libs/telepathy-glib-0.19.9
+
+	dev-libs/libxml2
+	dev-db/sqlite:3
+
+	gnutls? ( >=net-libs/gnutls-2.10.2 )
+	!gnutls? (
+		libressl? ( dev-libs/libressl:0= )
+		!libressl? ( >=dev-libs/openssl-0.9.8g:0=[-bindist] )
+	)
+	jingle? (
+		>=net-libs/libsoup-2.42
+		>=net-libs/libnice-0.0.11 )
+	plugins? ( x11-libs/gtksourceview:3.0[introspection] )
+
+	!<net-im/telepathy-mission-control-5.5.0
+"
+DEPEND="${RDEPEND}
+	${PYTHON_DEPS}
+	dev-util/glib-utils
+	>=dev-util/gtk-doc-am-1.17
+	dev-libs/libxslt
+	virtual/pkgconfig
+"
+# Twisted tests fail if bad ipv6 setup, upstream bug #30565
+# Random twisted tests fail with org.freedesktop.DBus.Error.NoReply for some reason
+# pygobject:2 is needed by twisted-17 for gtk2reactor usage by gabble
+#test? (
+#	dev-python/pygobject:2
+#	|| (
+#	>=dev-python/twisted-16.0.0
+#	(	>=dev-python/twisted-core-0.8.2
+#		>=dev-python/twisted-words-0.8.2
+#		>=dev-python/dbus-python-0.83
+#	) )
+#)
+
+PATCHES=(
+	"${FILESDIR}"/${P}-build-fix-no-jingle.patch # build with USE=-jingle, bug #523230
+	"${FILESDIR}"/${P}-openssl-1.1.patch # bug #658902
+)
+
+pkg_setup() {
+	python-any-r1_pkg_setup
+}
+
+src_configure() {
+	gnome2_src_configure \
+		--disable-coding-style-checks \
+		--disable-static \
+		--disable-Werror \
+		--enable-file-transfer \
+		$(use_enable jingle voip) \
+		$(use_enable jingle google-relay) \
+		$(use_enable plugins) \
+		--with-tls=$(usex gnutls gnutls openssl)
+}
+
+src_test() {
+	# This runs only C tests (see tests/README):
+	emake -C tests check-TESTS
+}