From 4f448e1304b28bf555b250143cfbe94632a077e4 Mon Sep 17 00:00:00 2001
From: Alexandre Lision <alexandre.lision@gmail.com>
Date: Thu, 22 Sep 2016 20:16:32 +0200
Subject: [PATCH] contrib: deactivate getentropy for macOS

getentropy function as been added to MacOS 10.12 and iOS 10.
During GnuTLS compilation, the function can be detected in the new
10.12 SDK, but at runtime it fails to find the appropriate method on
the system.

It means that we can produce packages that won't work on some OS
versions. For precaution this commit patches GnuTLS to stop trying to
enable this function on all macOS versions.

It also removes another patch in GnuTLS for OSX that wasn't used anymore

Change-Id: I3af8b111f65e38d2d01da600c899d5717e82d8e9
Tuleap: #911
---
 .../gnutls-disable-getentropy-osx.patch       | 45 ++++++++++++++++
 contrib/src/gnutls/gnutls-pkgconfig-osx.patch | 51 -------------------
 contrib/src/gnutls/rules.mak                  |  6 +--
 3 files changed, 48 insertions(+), 54 deletions(-)
 create mode 100644 contrib/src/gnutls/gnutls-disable-getentropy-osx.patch
 delete mode 100644 contrib/src/gnutls/gnutls-pkgconfig-osx.patch

diff --git a/contrib/src/gnutls/gnutls-disable-getentropy-osx.patch b/contrib/src/gnutls/gnutls-disable-getentropy-osx.patch
new file mode 100644
index 0000000000..34a5965bab
--- /dev/null
+++ b/contrib/src/gnutls/gnutls-disable-getentropy-osx.patch
@@ -0,0 +1,45 @@
+From f200037c244cd355310d0bde1d0699abda82b71d Mon Sep 17 00:00:00 2001
+From: Alexandre Lision <alexandre.lision@gmail.com>
+Date: Thu, 22 Sep 2016 20:07:58 +0200
+Subject: [PATCH] disable getentropy
+
+---
+ configure.ac | 22 +++++++++++++---------
+ 1 file changed, 13 insertions(+), 9 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index c690adf..808e779 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -175,15 +175,19 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ 		   enable_getrandom=getrandom],
+ 		  [AC_MSG_RESULT(no)])
+ 
+-AC_MSG_CHECKING([for getentropy])
+-AC_LINK_IFELSE([AC_LANG_PROGRAM([
+-	   #include <unistd.h>],[
+-		   getentropy(0, 0);
+-		  ])],
+-		  [AC_MSG_RESULT(yes)
+-		   AC_DEFINE([HAVE_GETENTROPY], 1, [Enable the OpenBSD getentropy function])
+-		   enable_getrandom=getentropy],
+-		  [AC_MSG_RESULT(no)])
++if test "$have_macosx" = yes; then
++    AC_MSG_CHECKING([entropy disabled for OSX])
++else
++    AC_MSG_CHECKING([for getentropy])
++    AC_LINK_IFELSE([AC_LANG_PROGRAM([
++        #include <unistd.h>],[
++            getentropy(0, 0);
++        ])],
++        [AC_MSG_RESULT(yes)
++        AC_DEFINE([HAVE_GETENTROPY], 1, [Enable the OpenBSD getentropy function])
++            enable_getrandom=getentropy],
++        [AC_MSG_RESULT(no)])
++fi
+ 
+ dnl Try the hooks.m4
+ LIBGNUTLS_HOOKS
+-- 
+2.9.3
+
diff --git a/contrib/src/gnutls/gnutls-pkgconfig-osx.patch b/contrib/src/gnutls/gnutls-pkgconfig-osx.patch
deleted file mode 100644
index 785de1e87d..0000000000
--- a/contrib/src/gnutls/gnutls-pkgconfig-osx.patch
+++ /dev/null
@@ -1,51 +0,0 @@
---- a/m4/intlmacosx.m4.orig	2014-06-25 17:40:22.000000000 -0400
-+++ b/m4/intlmacosx.m4	2014-06-25 17:40:29.000000000 -0400
-@@ -43,9 +43,25 @@
-     AC_DEFINE([HAVE_CFLOCALECOPYCURRENT], [1],
-       [Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the CoreFoundation framework.])
-   fi
-+  AC_CACHE_CHECK([for SecTrustCopyAnchorCertificates],
-+    [SecTrustCopyAnchorCertificates],
-+    [gt_save_LIBS="$LIBS"
-+     LIBS="$LIBS -Wl,-framework -Wl,Security"
-+     AC_TRY_LINK([#include <Security/SecTrust.h>],
-+       [SecTrustCopyAnchorCertificates(NULL)],
-+       [gt_cv_func_SecTrustCopyAnchorCertificates=yes],
-+       [gt_cv_func_SecTrustCopyAnchorCertificates=no])
-+     LIBS="$gt_save_LIBS"])
-+  if test $gt_cv_func_SecTrustCopyAnchorCertificates = yes; then
-+    AC_DEFINE([HAVE_SecTrustCopyAnchorCertificates], [1],
-+      [Define to 1 if you have the MacOS X function SecTrustCopyAnchorCertificates in the Security framework.])
-+  fi
-   INTL_MACOSX_LIBS=
-   if test $gt_cv_func_CFPreferencesCopyAppValue = yes || test $gt_cv_func_CFLocaleCopyCurrent = yes; then
--    INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation"
-+    INTL_MACOSX_LIBS+="-Wl,-framework -Wl,CoreFoundation "
-+  fi
-+  if test $gt_cv_func_SecTrustCopyAnchorCertificates = yes; then
-+    INTL_MACOSX_LIBS+="-Wl,-framework -Wl,Security "
-   fi
-   AC_SUBST([INTL_MACOSX_LIBS])
- ])
-
---- a/lib/gnutls.pc.in.orig	2014-06-25 17:42:26.000000000 -0400
-+++ b/lib/gnutls.pc.in	2014-06-25 17:42:35.000000000 -0400
-@@ -19,6 +19,6 @@
- Version: @VERSION@
- Libs: -L${libdir} -lgnutls
--Libs.private: @LTLIBZ@ @LTLIBINTL@ @LIBSOCKET@ @LTLIBPTHREAD@ @LTLIBICONV@ @P11_KIT_LIBS@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@
-+Libs.private: @LTLIBZ@ @LTLIBINTL@ @LIBSOCKET@ @LTLIBPTHREAD@ @LTLIBICONV@ @P11_KIT_LIBS@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @INTL_MACOSX_LIBS@
- @GNUTLS_REQUIRES_PRIVATE@
- Cflags: -I${includedir}
-
---- a/libdane/gnutls-dane.pc.in.orig	2014-06-25 17:57:29.000000000 -0400
-+++ b/libdane/gnutls-dane.pc.in	2014-06-25 17:57:39.000000000 -0400
-@@ -19,7 +19,7 @@
- Description: DANE security library for the GNU system
- URL: http://www.gnu.org/software/gnutls/
- Version: @VERSION@
--Libs: -L${libdir} -lgnutls-dane
-+Libs: -L${libdir} -lgnutls-dane @INTL_MACOSX_LIBS@
- Libs.private: @UNBOUND_LIBS@
- Requires.private: gnutls
- Cflags: -I${includedir}
diff --git a/contrib/src/gnutls/rules.mak b/contrib/src/gnutls/rules.mak
index 547084f05a..5cac94c312 100644
--- a/contrib/src/gnutls/rules.mak
+++ b/contrib/src/gnutls/rules.mak
@@ -24,9 +24,9 @@ endif
 ifdef HAVE_ANDROID
 	$(APPLY) $(SRC)/gnutls/no-create-time-h.patch
 endif
-#ifdef HAVE_MACOSX
-#	$(APPLY) $(SRC)/gnutls/gnutls-pkgconfig-osx.patch
-#endif
+ifdef HAVE_MACOSX
+	$(APPLY) $(SRC)/gnutls/gnutls-disable-getentropy-osx.patch
+endif
 	$(APPLY) $(SRC)/gnutls/gnutls-no-egd.patch
 	$(APPLY) $(SRC)/gnutls/read-file-limits.h.patch
 ifndef HAVE_IOS
-- 
GitLab