#
-# Copyright (C) 2014 OpenWrt.org
+# Copyright (C) 2014 - 2017 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
PKG_NAME:=iksemel
PKG_VERSION:=1.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://iksemel.googlecode.com/files/
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Iksemel Jabber Library
- URL:=http://code.google.com/p/iksemel/
- DEPENDS:= +libgnutls +libtasn1 +libgcrypt +libgpg-error
+ URL:=https://github.com/meduketto/iksemel
+ DEPENDS:=+libgnutls
endef
define Package/libiksemel/description
highly portable.
endef
-TARGET_CFLAGS += $(FPIC)
-TARGET_LDFLAGS += \
- -Wl,-rpath-link,$(STAGING_DIR)/usr/lib \
- -lgnutls -lgcrypt -lgpg-error
-
-define Build/Configure
- $(call Build/Configure/Default, \
- --enable-shared \
- --enable-static \
- --with-libgnutls-prefix="$(STAGING_DIR)/usr" \
- , \
- LIBS="$(TARGET_LDFLAGS)" \
- )
-endef
-
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include/
$(CP) $(PKG_INSTALL_DIR)/usr/include/iksemel.h $(1)/usr/include/
+++ /dev/null
---- /dev/null
-+++ b/gnutls.m4
-@@ -0,0 +1,160 @@
-+dnl Autoconf macros for libgnutls
-+dnl $id$
-+
-+# Modified for LIBGNUTLS -- nmav
-+# Configure paths for LIBGCRYPT
-+# Shamelessly stolen from the one of XDELTA by Owen Taylor
-+# Werner Koch 99-12-09
-+
-+dnl AM_PATH_LIBGNUTLS([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
-+dnl Test for libgnutls, and define LIBGNUTLS_CFLAGS and LIBGNUTLS_LIBS
-+dnl
-+AC_DEFUN([AM_PATH_LIBGNUTLS],
-+[dnl
-+dnl Get the cflags and libraries from the libgnutls-config script
-+dnl
-+AC_ARG_WITH(libgnutls-prefix,
-+ [ --with-libgnutls-prefix=PFX Prefix where libgnutls is installed (optional)],
-+ libgnutls_config_prefix="$withval", libgnutls_config_prefix="")
-+
-+ if test x$libgnutls_config_prefix != x ; then
-+ if test x${LIBGNUTLS_CONFIG+set} != xset ; then
-+ LIBGNUTLS_CONFIG=$libgnutls_config_prefix/bin/libgnutls-config
-+ fi
-+ fi
-+
-+ AC_PATH_PROG(LIBGNUTLS_CONFIG, libgnutls-config, no)
-+ min_libgnutls_version=ifelse([$1], ,0.1.0,$1)
-+ AC_MSG_CHECKING(for libgnutls - version >= $min_libgnutls_version)
-+ no_libgnutls=""
-+ if test "$LIBGNUTLS_CONFIG" = "no" ; then
-+ no_libgnutls=yes
-+ else
-+ LIBGNUTLS_CFLAGS=`$LIBGNUTLS_CONFIG $libgnutls_config_args --cflags`
-+ LIBGNUTLS_LIBS=`$LIBGNUTLS_CONFIG $libgnutls_config_args --libs`
-+ libgnutls_config_version=`$LIBGNUTLS_CONFIG $libgnutls_config_args --version`
-+
-+
-+ ac_save_CFLAGS="$CFLAGS"
-+ ac_save_LIBS="$LIBS"
-+ CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
-+ LIBS="$LIBS $LIBGNUTLS_LIBS"
-+dnl
-+dnl Now check if the installed libgnutls is sufficiently new. Also sanity
-+dnl checks the results of libgnutls-config to some extent
-+dnl
-+ rm -f conf.libgnutlstest
-+ AC_TRY_RUN([
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <gnutls/gnutls.h>
-+
-+int
-+main ()
-+{
-+ system ("touch conf.libgnutlstest");
-+
-+ if( strcmp( gnutls_check_version(NULL), "$libgnutls_config_version" ) )
-+ {
-+ printf("\n*** 'libgnutls-config --version' returned %s, but LIBGNUTLS (%s)\n",
-+ "$libgnutls_config_version", gnutls_check_version(NULL) );
-+ printf("*** was found! If libgnutls-config was correct, then it is best\n");
-+ printf("*** to remove the old version of LIBGNUTLS. You may also be able to fix the error\n");
-+ printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing\n");
-+ printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that is\n");
-+ printf("*** required on your system.\n");
-+ printf("*** If libgnutls-config was wrong, set the environment variable LIBGNUTLS_CONFIG\n");
-+ printf("*** to point to the correct copy of libgnutls-config, and remove the file config.cache\n");
-+ printf("*** before re-running configure\n");
-+ }
-+ else if ( strcmp(gnutls_check_version(NULL), LIBGNUTLS_VERSION ) )
-+ {
-+ printf("\n*** LIBGNUTLS header file (version %s) does not match\n", LIBGNUTLS_VERSION);
-+ printf("*** library (version %s)\n", gnutls_check_version(NULL) );
-+ }
-+ else
-+ {
-+ if ( gnutls_check_version( "$min_libgnutls_version" ) )
-+ {
-+ return 0;
-+ }
-+ else
-+ {
-+ printf("no\n*** An old version of LIBGNUTLS (%s) was found.\n",
-+ gnutls_check_version(NULL) );
-+ printf("*** You need a version of LIBGNUTLS newer than %s. The latest version of\n",
-+ "$min_libgnutls_version" );
-+ printf("*** LIBGNUTLS is always available from ftp://gnutls.hellug.gr/pub/gnutls.\n");
-+ printf("*** \n");
-+ printf("*** If you have already installed a sufficiently new version, this error\n");
-+ printf("*** probably means that the wrong copy of the libgnutls-config shell script is\n");
-+ printf("*** being found. The easiest way to fix this is to remove the old version\n");
-+ printf("*** of LIBGNUTLS, but you can also set the LIBGNUTLS_CONFIG environment to point to the\n");
-+ printf("*** correct copy of libgnutls-config. (In this case, you will have to\n");
-+ printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n");
-+ printf("*** so that the correct libraries are found at run-time))\n");
-+ }
-+ }
-+ return 1;
-+}
-+],, no_libgnutls=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"])
-+ CFLAGS="$ac_save_CFLAGS"
-+ LIBS="$ac_save_LIBS"
-+ fi
-+
-+ if test "x$no_libgnutls" = x ; then
-+ AC_MSG_RESULT(yes)
-+ ifelse([$2], , :, [$2])
-+ else
-+ if test -f conf.libgnutlstest ; then
-+ :
-+ else
-+ AC_MSG_RESULT(no)
-+ fi
-+ if test "$LIBGNUTLS_CONFIG" = "no" ; then
-+ echo "*** The libgnutls-config script installed by LIBGNUTLS could not be found"
-+ echo "*** If LIBGNUTLS was installed in PREFIX, make sure PREFIX/bin is in"
-+ echo "*** your path, or set the LIBGNUTLS_CONFIG environment variable to the"
-+ echo "*** full path to libgnutls-config."
-+ else
-+ if test -f conf.libgnutlstest ; then
-+ :
-+ else
-+ echo "*** Could not run libgnutls test program, checking why..."
-+ CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
-+ LIBS="$LIBS $LIBGNUTLS_LIBS"
-+ AC_TRY_LINK([
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <gnutls/gnutls.h>
-+], [ return !!gnutls_check_version(NULL); ],
-+ [ echo "*** The test program compiled, but did not run. This usually means"
-+ echo "*** that the run-time linker is not finding LIBGNUTLS or finding the wrong"
-+ echo "*** version of LIBGNUTLS. If it is not finding LIBGNUTLS, you'll need to set your"
-+ echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point"
-+ echo "*** to the installed location Also, make sure you have run ldconfig if that"
-+ echo "*** is required on your system"
-+ echo "***"
-+ echo "*** If you have an old version installed, it is best to remove it, although"
-+ echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH"
-+ echo "***" ],
-+ [ echo "*** The test program failed to compile or link. See the file config.log for the"
-+ echo "*** exact error that occured. This usually means LIBGNUTLS was incorrectly installed"
-+ echo "*** or that you have moved LIBGNUTLS since it was installed. In the latter case, you"
-+ echo "*** may want to edit the libgnutls-config script: $LIBGNUTLS_CONFIG" ])
-+ CFLAGS="$ac_save_CFLAGS"
-+ LIBS="$ac_save_LIBS"
-+ fi
-+ fi
-+ LIBGNUTLS_CFLAGS=""
-+ LIBGNUTLS_LIBS=""
-+ ifelse([$3], , :, [$3])
-+ fi
-+ rm -f conf.libgnutlstest
-+ AC_SUBST(LIBGNUTLS_CFLAGS)
-+ AC_SUBST(LIBGNUTLS_LIBS)
-+])
-+
-+dnl *-*wedit:notab*-* Please keep this as the last line.
--- /dev/null
+Last-Update: 2013-07-29
+Forwarded: not-needed
+Origin: upstream, commit:4652af9cf119145af3a90c632f8a6db215946784
+Bug-Iksemel: https://code.google.com/p/iksemel/issues/detail?id=20
+Author: Dmitry Smirnov <onlyjob@member.fsf.org>
+Description: use pkgconfig for checking gnutls
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -44,9 +44,17 @@
+ AC_SEARCH_LIBS(recv,socket)
+ AC_CHECK_FUNCS(getopt_long)
+ AC_CHECK_FUNCS(getaddrinfo)
+
+-AM_PATH_LIBGNUTLS(,AC_DEFINE(HAVE_GNUTLS,,"Use libgnutls"))
++dnl Check GNU TLS
++PKG_CHECK_MODULES(GNUTLS, gnutls >= 2.0.0, have_gnutls=yes, have_gnutls=no)
++if test "x$have_gnutls" = "xyes"; then
++ LIBGNUTLS_CFLAGS="$GNUTLS_CFLAGS"
++ LIBGNUTLS_LIBS="$GNUTLS_LIBS"
++ AC_SUBST(LIBGNUTLS_CFLAGS)
++ AC_SUBST(LIBGNUTLS_LIBS)
++ AC_DEFINE(HAVE_GNUTLS, 1, [whether to use GnuTSL support.])
++fi
+
+ dnl Check -Wall flag of GCC
+ if test "x$GCC" = "xyes"; then
+ if test -z "`echo "$CFLAGS" | grep "\-Wall" 2> /dev/null`" ; then
--- /dev/null
+Last-Update: 2015-10-28
+Bug-Upstream: https://github.com/meduketto/iksemel/issues/48
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803204
+From: Marc Dequènes (duck) <duck@duckcorp.org>
+Description: fix security problem (and compatibility problem with servers rejecting low grade ciphers).
+
+--- a/src/stream.c
++++ b/src/stream.c
+@@ -62,13 +62,9 @@
+
+ static int
+ handshake (struct stream_data *data)
+ {
+- const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
+- const int kx_priority[] = { GNUTLS_KX_RSA, 0 };
+- const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0};
+- const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
+- const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
++ const char *priority_string = "SECURE256:+SECURE192:-VERS-TLS-ALL:+VERS-TLS1.2";
+ int ret;
+
+ if (gnutls_global_init () != 0)
+ return IKS_NOMEM;
+@@ -79,13 +75,9 @@
+ if (gnutls_init (&data->sess, GNUTLS_CLIENT) != 0) {
+ gnutls_certificate_free_credentials (data->cred);
+ return IKS_NOMEM;
+ }
+- gnutls_protocol_set_priority (data->sess, protocol_priority);
+- gnutls_cipher_set_priority(data->sess, cipher_priority);
+- gnutls_compression_set_priority(data->sess, comp_priority);
+- gnutls_kx_set_priority(data->sess, kx_priority);
+- gnutls_mac_set_priority(data->sess, mac_priority);
++ gnutls_priority_set_direct(data->sess, priority_string, NULL);
+ gnutls_credentials_set (data->sess, GNUTLS_CRD_CERTIFICATE, data->cred);
+
+ gnutls_transport_set_push_function (data->sess, (gnutls_push_func) tls_push);
+ gnutls_transport_set_pull_function (data->sess, (gnutls_pull_func) tls_pull);
+++ /dev/null
-From 6b213b593c5b499679506a8c169ff3f0f4d6a34f Mon Sep 17 00:00:00 2001
-From: John Papandriopoulos <jpap@users.noreply.github.com>
-Date: Thu, 20 Aug 2015 16:55:39 -0700
-Subject: [PATCH] Use of newer gnutls_priority_set_direct API
-
----
- configure.ac | 1 +
- src/stream.c | 13 +++++++++++++
- 2 files changed, 14 insertions(+)
-
-diff --git a/configure.ac b/configure.ac
-index 91e69e3..281a044 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -46,6 +46,7 @@ AC_CHECK_FUNCS(getopt_long)
- AC_CHECK_FUNCS(getaddrinfo)
-
- AM_PATH_LIBGNUTLS(,AC_DEFINE(HAVE_GNUTLS,,"Use libgnutls"))
-+AM_PATH_LIBGNUTLS(,AC_CHECK_FUNCS(gnutls_priority_set_direct))
-
- dnl Check -Wall flag of GCC
- if test "x$GCC" = "xyes"; then
-diff --git a/src/stream.c b/src/stream.c
-index e8a1e8c..7d19a82 100644
---- a/src/stream.c
-+++ b/src/stream.c
-@@ -63,11 +63,20 @@ tls_pull (iksparser *prs, char *buffer, size_t len)
- static int
- handshake (struct stream_data *data)
- {
-+#if HAVE_GNUTLS_PRIORITY_SET_DIRECT
-+ const char *priorities =
-+ "NONE"
-+ ":+VERS-TLS1.0:+VERS-SSL3.0"
-+ ":+RSA"
-+ ":+3DES-CBC:+ARCFOUR-128"
-+ ":+SHA1:+SHA256:+SHA384:+MD5";
-+#else
- const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
- const int kx_priority[] = { GNUTLS_KX_RSA, 0 };
- const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0};
- const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
- const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
-+#endif
- int ret;
-
- if (gnutls_global_init () != 0)
-@@ -80,11 +89,15 @@ handshake (struct stream_data *data)
- gnutls_certificate_free_credentials (data->cred);
- return IKS_NOMEM;
- }
-+#if HAVE_GNUTLS_PRIORITY_SET_DIRECT
-+ gnutls_priority_set_direct (data->sess, priorities, NULL);
-+#else
- gnutls_protocol_set_priority (data->sess, protocol_priority);
- gnutls_cipher_set_priority(data->sess, cipher_priority);
- gnutls_compression_set_priority(data->sess, comp_priority);
- gnutls_kx_set_priority(data->sess, kx_priority);
- gnutls_mac_set_priority(data->sess, mac_priority);
-+#endif
- gnutls_credentials_set (data->sess, GNUTLS_CRD_CERTIFICATE, data->cred);
-
- gnutls_transport_set_push_function (data->sess, (gnutls_push_func) tls_push);
---
-2.1.4
projects / feed / telephony.git / commitdiff