diff --git a/net-libs/gloox/gloox-1.0.27.recipe b/net-libs/gloox/gloox-1.0.27.recipe index 6f4413f54..fd39cf62a 100644 --- a/net-libs/gloox/gloox-1.0.27.recipe +++ b/net-libs/gloox/gloox-1.0.27.recipe @@ -3,7 +3,7 @@ DESCRIPTION="Rock-solid, full-featured Jabber/XMPP client library, written in cl HOMEPAGE="https://camaya.net/gloox/" COPYRIGHT="2002-2023 Jakob Schröter" LICENSE="GNU GPL v2" -REVISION="1" +REVISION="2" SOURCE_URI="http://camaya.net/download/gloox-$portVersion.tar.bz2" CHECKSUM_SHA256="0b8b7371439bc58d9e51384b616c964b18b7b41b87af1b7855104380eda86ffb" PATCHES="gloox-$portVersion.patchset" diff --git a/net-libs/gloox/patches/gloox-1.0.27.patchset b/net-libs/gloox/patches/gloox-1.0.27.patchset index 85eec6554..0b5568183 100644 --- a/net-libs/gloox/patches/gloox-1.0.27.patchset +++ b/net-libs/gloox/patches/gloox-1.0.27.patchset @@ -1,11 +1,11 @@ -From d18dc2f6032970e03a440208d4effa7b3290892d Mon Sep 17 00:00:00 2001 +From 14aca6f824c3fa48a0042609083ffa2bb08d9711 Mon Sep 17 00:00:00 2001 From: Adrien Destugues Date: Sat, 28 Mar 2020 10:17:16 +0100 Subject: Search for network functions in libnetwork diff --git a/configure.ac b/configure.ac -index 261a78c..2d1c210 100644 +index 6e707e5..fe84d53 100644 --- a/configure.ac +++ b/configure.ac @@ -330,7 +330,7 @@ AC_ARG_ENABLE( getaddrinfo, @@ -29,7 +29,7 @@ index 261a78c..2d1c210 100644 2.37.3 -From 735c2d5e13b7412c2cc93edac11cabada62ac1b1 Mon Sep 17 00:00:00 2001 +From f93d15f6b273aabbcd81cf4e8e9e96820a319f25 Mon Sep 17 00:00:00 2001 From: Adrien Destugues Date: Sat, 28 Mar 2020 13:10:43 +0100 Subject: Hack for detecting libnetwork internal functions @@ -38,7 +38,7 @@ These functions are found indirectly through #defines in the headers. So a normal AC_SEARCH_LIBS does not work. diff --git a/configure.ac b/configure.ac -index 2d1c210..cc03de2 100644 +index fe84d53..91bd9e0 100644 --- a/configure.ac +++ b/configure.ac @@ -220,7 +220,7 @@ else @@ -70,3 +70,122 @@ index 2d1c210..cc03de2 100644 AC_DEFINE(HAVE_RES_QUERY) -- 2.37.3 + + +From 73268b719739c73b5a4e4ecda2bdd9dffa7f1bea Mon Sep 17 00:00:00 2001 +From: PulkoMandy +Date: Tue, 26 Sep 2023 20:31:10 +0200 +Subject: Implement TLS-exporter channel binding type + +As defined in RFC 9266. + +Implemented in the OpenSSL backend only. Enabled when TLS 1.3 is in use, in other cases the +previous TLS-unique is used. + +diff --git a/src/clientbase.cpp b/src/clientbase.cpp +index 3fe66f8..b08653b 100644 +--- a/src/clientbase.cpp ++++ b/src/clientbase.cpp +@@ -503,7 +503,7 @@ namespace gloox + } + else // SaslMechScramSha1Plus + { +- m_gs2Header = "p=tls-unique,"; ++ m_gs2Header = "p=" + m_encryption->channelBindingType() + ","; + a->addAttribute( "mechanism", "SCRAM-SHA-1-PLUS" ); + } + +diff --git a/src/tlsbase.h b/src/tlsbase.h +index d0b6dc6..e7c6cf6 100644 +--- a/src/tlsbase.h ++++ b/src/tlsbase.h +@@ -116,6 +116,8 @@ namespace gloox + */ + virtual const std::string channelBinding() const { return EmptyString; } + ++ virtual const std::string channelBindingType() const { return "tls-unique"; } ++ + /** + * Use this function to set a number of trusted root CA certificates which shall be + * used to verify a servers certificate. +diff --git a/src/tlsdefault.cpp b/src/tlsdefault.cpp +index adcd644..3d545ee 100644 +--- a/src/tlsdefault.cpp ++++ b/src/tlsdefault.cpp +@@ -136,6 +136,11 @@ namespace gloox + return m_impl ? m_impl->channelBinding() : EmptyString; + } + ++ const std::string TLSDefault::channelBindingType() const ++ { ++ return m_impl ? m_impl->channelBindingType() : "tls-unique"; ++ } ++ + void TLSDefault::setCACerts( const StringList& cacerts ) + { + if( m_impl ) +diff --git a/src/tlsdefault.h b/src/tlsdefault.h +index 50432b9..9bce81d 100644 +--- a/src/tlsdefault.h ++++ b/src/tlsdefault.h +@@ -87,6 +87,9 @@ namespace gloox + // reimplemented from TLSBase + virtual const std::string channelBinding() const; + ++ // reimplemented from TLSBase ++ virtual const std::string channelBindingType() const; ++ + // reimplemented from TLSBase + virtual void setCACerts( const StringList& cacerts ); + +diff --git a/src/tlsopensslclient.cpp b/src/tlsopensslclient.cpp +index ac30e18..d0fb3ff 100644 +--- a/src/tlsopensslclient.cpp ++++ b/src/tlsopensslclient.cpp +@@ -46,9 +46,26 @@ namespace gloox + + const std::string OpenSSLClient::channelBinding() const + { +- unsigned char* buf[128]; +- long res = SSL_get_finished( m_ssl, buf, 128 ); +- return std::string( reinterpret_cast( buf ), res ); ++ ++ if (SSL_version(m_ssl) == TLS1_3_VERSION) { ++ unsigned char buf[32]; ++ const char* const label = "EXPORTER-Channel-Binding"; ++ SSL_export_keying_material( m_ssl, buf, 32, label, strlen(label), { 0 }, 1, 0); ++ return std::string( reinterpret_cast( buf ), 32); ++ } else { ++ unsigned char* buf[128]; ++ long res = SSL_get_finished( m_ssl, buf, 128 ); ++ return std::string( reinterpret_cast( buf ), res ); ++ } ++ } ++ ++ const std::string OpenSSLClient::channelBindingType() const ++ { ++ if (SSL_version(m_ssl) == TLS1_3_VERSION) { ++ return "tls-exporter"; ++ } else { ++ return "tls-unique"; ++ } + } + + int OpenSSLClient::handshakeFunction() +diff --git a/src/tlsopensslclient.h b/src/tlsopensslclient.h +index e8ac22d..81463d5 100644 +--- a/src/tlsopensslclient.h ++++ b/src/tlsopensslclient.h +@@ -53,6 +53,9 @@ namespace gloox + // reimplemented from TLSBase + virtual const std::string channelBinding() const; + ++ // reimplemented from TLSBase ++ virtual const std::string channelBindingType() const; ++ + private: + // reimplemented from OpenSSLBase + virtual bool setType(); +-- +2.37.3 +