From 4de6483d4d86f078277e88c910cf47d7d2835d3e Mon Sep 17 00:00:00 2001
From: Cem Keylan <cem@ckyln.com>
Date: Wed, 23 Mar 2022 13:51:18 +0100
Subject: glib-networking: bump to 2.72.0

---
 extra/glib-networking/build                  |   4 +-
 extra/glib-networking/checksums              |   3 +-
 extra/glib-networking/patches/libressl.patch | 121 +++++++++++++++++++++++++++
 extra/glib-networking/sources                |   3 +-
 extra/glib-networking/version                |   2 +-
 5 files changed, 128 insertions(+), 5 deletions(-)
 create mode 100644 extra/glib-networking/patches/libressl.patch

(limited to 'extra')

diff --git a/extra/glib-networking/build b/extra/glib-networking/build
index c981ccba..4b06ac82 100755
--- a/extra/glib-networking/build
+++ b/extra/glib-networking/build
@@ -2,8 +2,8 @@
 
 export DESTDIR="$1"
 
-# The new version requires openssl TLS1.3, which libressl hasn't fully
-# implemented yet. We now need gnutls, sadly.
+patch -p1 < libressl.patch
+
 cl-meson \
     -Dgnutls=enabled \
     . output
diff --git a/extra/glib-networking/checksums b/extra/glib-networking/checksums
index 8d47742d..177bcab7 100644
--- a/extra/glib-networking/checksums
+++ b/extra/glib-networking/checksums
@@ -1,2 +1,3 @@
 %BLAKE3
-a556aae48ce505774e984d0a566d9452cd3c8dcded0db20cfe63871c61002db8  glib-networking-2.70.1.tar.xz
+175c8c47aca7ca729ecedd68cc042dccabde73a96584585cd0300291a9e21885  glib-networking-2.72.0.tar.xz
+ed0366e9e1df448074e139fc4bc0696ed22f35ef9f34edfe7f740ebcba65828b  libressl.patch
diff --git a/extra/glib-networking/patches/libressl.patch b/extra/glib-networking/patches/libressl.patch
new file mode 100644
index 00000000..6f92662b
--- /dev/null
+++ b/extra/glib-networking/patches/libressl.patch
@@ -0,0 +1,121 @@
+diff --git a/tls/base/gtlsconnection-base.c b/tls/base/gtlsconnection-base.c
+index bcbdf49..dc896c0 100644
+--- a/tls/base/gtlsconnection-base.c
++++ b/tls/base/gtlsconnection-base.c
+@@ -1678,7 +1678,7 @@ finish_handshake (GTlsConnectionBase  *tls,
+       if (priv->peer_certificate && !priv->peer_certificate_accepted)
+         {
+           g_set_error_literal (&my_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+-                               _("Unacceptable TLS certificate"));
++                               _("Nonnacceptable TLS certificate"));
+           success = FALSE;
+         }
+     }
+diff --git a/tls/openssl/gtlscertificate-openssl.c b/tls/openssl/gtlscertificate-openssl.c
+index 2e3148c..cef9dd6 100644
+--- a/tls/openssl/gtlscertificate-openssl.c
++++ b/tls/openssl/gtlscertificate-openssl.c
+@@ -55,8 +55,10 @@ enum
+   PROP_PRIVATE_KEY,
+   PROP_PRIVATE_KEY_PEM,
+   PROP_ISSUER,
++  #ifndef LIBRESSL_VERSION_NUMBER
+   PROP_NOT_VALID_BEFORE,
+   PROP_NOT_VALID_AFTER,
++  #endif
+   PROP_SUBJECT_NAME,
+   PROP_ISSUER_NAME,
+   PROP_DNS_NAMES,
+@@ -219,10 +221,12 @@ g_tls_certificate_openssl_get_property (GObject    *object,
+   char *certificate_pem;
+   long size;
+ 
++  #ifndef LIBRESSL_VERSION_NUMBER
+   const ASN1_TIME *time_asn1;
+   struct tm time_tm;
+   GDateTime *time;
+   GTimeZone *tz;
++  #endif
+   X509_NAME *name;
+   const char *name_string;
+ 
+@@ -279,6 +283,7 @@ g_tls_certificate_openssl_get_property (GObject    *object,
+       g_value_set_object (value, openssl->issuer);
+       break;
+ 
++    #ifndef LIBRESSL_VERSION_NUMBER
+     case PROP_NOT_VALID_BEFORE:
+       time_asn1 = X509_get0_notBefore (openssl->cert);
+       ASN1_TIME_to_tm (time_asn1, &time_tm);
+@@ -296,6 +301,7 @@ g_tls_certificate_openssl_get_property (GObject    *object,
+       g_value_take_boxed (value, time);
+       g_time_zone_unref (tz);
+       break;
++    #endif
+ 
+     case PROP_SUBJECT_NAME:
+       bio = BIO_new (BIO_s_mem ());
+@@ -538,8 +544,10 @@ g_tls_certificate_openssl_class_init (GTlsCertificateOpensslClass *klass)
+   g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY, "private-key");
+   g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY_PEM, "private-key-pem");
+   g_object_class_override_property (gobject_class, PROP_ISSUER, "issuer");
++  #ifndef LIBRESSL_VERSION_NUMBER
+   g_object_class_override_property (gobject_class, PROP_NOT_VALID_BEFORE, "not-valid-before");
+   g_object_class_override_property (gobject_class, PROP_NOT_VALID_AFTER, "not-valid-after");
++  #endif
+   g_object_class_override_property (gobject_class, PROP_SUBJECT_NAME, "subject-name");
+   g_object_class_override_property (gobject_class, PROP_ISSUER_NAME, "issuer-name");
+   g_object_class_override_property (gobject_class, PROP_DNS_NAMES, "dns-names");
+diff --git a/tls/openssl/gtlsconnection-openssl.c b/tls/openssl/gtlsconnection-openssl.c
+index 9cf6ad7..6953a34 100644
+--- a/tls/openssl/gtlsconnection-openssl.c
++++ b/tls/openssl/gtlsconnection-openssl.c
+@@ -206,7 +206,7 @@ end_openssl_io (GTlsConnectionOpenssl  *openssl,
+     {
+       g_clear_error (&my_error);
+       g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+-                   _("Unacceptable TLS certificate"));
++                   _("Nonnacceptable TLS certificate"));
+       return G_TLS_CONNECTION_BASE_ERROR;
+     }
+ 
+@@ -581,10 +581,8 @@ perform_rehandshake (SSL      *ssl,
+   GTlsConnectionBase *tls = user_data;
+   int ret = 1; /* always look on the bright side of life */
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+-  if (SSL_version(ssl) >= TLS1_3_VERSION)
+-    ret = SSL_key_update (ssl, SSL_KEY_UPDATE_REQUESTED);
+-  else if (SSL_get_secure_renegotiation_support (ssl) && !(SSL_get_options(ssl) & SSL_OP_NO_RENEGOTIATION))
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
++  if (SSL_get_secure_renegotiation_support (ssl))
+     /* remote and local peers both can rehandshake */
+     ret = SSL_renegotiate (ssl);
+   else
+@@ -827,7 +825,7 @@ g_tls_connection_openssl_handshake_thread_handshake (GTlsConnectionBase  *tls,
+       if (!g_tls_connection_base_handshake_thread_verify_certificate (tls))
+         {
+           g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+-                               _("Unacceptable TLS certificate"));
++                               _("Notnacceptable TLS certificate"));
+           return G_TLS_CONNECTION_BASE_ERROR;
+         }
+     }
+diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
+index d24de05..54c607a 100644
+--- a/tls/openssl/gtlsserverconnection-openssl.c
++++ b/tls/openssl/gtlsserverconnection-openssl.c
+@@ -274,11 +274,13 @@ ssl_info_callback (const SSL *ssl,
+                    int        type,
+                    int        val)
+ {
++  #ifndef LIBRESSL_VERSION_NUMBER
+   if ((type & SSL_CB_HANDSHAKE_DONE) != 0)
+     {
+       /* Disable renegotiation (CVE-2009-3555) */
+       ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
+     }
++  #endif
+ }
+ #endif
+ 
diff --git a/extra/glib-networking/sources b/extra/glib-networking/sources
index 443f459d..4faa69e3 100644
--- a/extra/glib-networking/sources
+++ b/extra/glib-networking/sources
@@ -1 +1,2 @@
-https://download.gnome.org/sources/glib-networking/2.70/glib-networking-2.70.1.tar.xz
+https://download.gnome.org/sources/glib-networking/2.72/glib-networking-2.72.0.tar.xz
+patches/libressl.patch
diff --git a/extra/glib-networking/version b/extra/glib-networking/version
index 26375b8b..84ab5dab 100644
--- a/extra/glib-networking/version
+++ b/extra/glib-networking/version
@@ -1 +1 @@
-2.70.1 1
+2.72.0 1
-- 
cgit v1.2.3