From a9463d1b7df6264b901cd57515835087bc793d7e Mon Sep 17 00:00:00 2001
From: Omar Vega Ramos <ovruni@gnu.org.pe>
Date: Tue, 2 May 2017 11:58:23 -0500
Subject: netsurf-3.6-3.parabola1: openssl 1.1 rebuild

---
 libre/netsurf/PKGBUILD      | 23 ++++++++-------
 libre/netsurf/openssl.patch | 72 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 84 insertions(+), 11 deletions(-)
 create mode 100644 libre/netsurf/openssl.patch

diff --git a/libre/netsurf/PKGBUILD b/libre/netsurf/PKGBUILD
index b96cfc417..ead80412d 100644
--- a/libre/netsurf/PKGBUILD
+++ b/libre/netsurf/PKGBUILD
@@ -7,7 +7,7 @@
 
 pkgname=netsurf
 pkgver=3.6
-pkgrel=1.parabola1
+pkgrel=3.parabola1
 pkgdesc='Lightweight and fast web browser, without non-privacy search engines'
 arch=('x86_64' 'i686' 'armv7h')
 url='http://www.netsurf-browser.org/'
@@ -21,23 +21,28 @@ depends=('libmng' 'librsvg' 'curl' 'lcms' 'desktop-file-utils'
 makedepends=('re2c' 'netsurf-buildsystem' 'perl-html-parser' 'nsgenbind>=0.3'
              'inetutils' 'libutf8proc>1.3.1' 'git' 'setconf' 'check' 'gtk3'
              'duktape')
-source=("git://git.netsurf-browser.org/netsurf.git#tag=release/$pkgver"
-        netsurf.sh
-        remove_nonprivacy_options.patch)
+# git.netsurf-browser.org has an invalid https certificate
+source=("git://git.netsurf-browser.org/netsurf.git#commit=c56ecfd924b16d15bf74385c4d556a6b7002e8a6"
+        'openssl.patch'
+        'netsurf.sh'
+        'remove_nonprivacy_options.patch')
 sha256sums=('SKIP'
+            '0601ca86e59a40aa6feaaab9db0e79c4952b018c724f7255279d902a79d090d9'
             'f2e2f61f1864da57cafa74ffdbefac2f9e1d55d9627e82ef923d4931684c5c49'
             '61bec340c47a089b1b5c33d3ae330a340999a1e40be7fc8768fa572c6ca3b617')
 
 prepare() {
   cd "$pkgname"
 
+  patch -p1 -i "$srcdir/openssl.patch"
   sed 's:netsurf-gtk:netsurf:' -i frontends/gtk/res/netsurf-gtk.desktop
   sed 's:libutf8proc/::' -i utils/idna.c
   sed 's:UTF8PROC_CCC_VIRAMA:UTF8PROC_BIDI_CLASS_EN:' -i utils/idna.c
   sed 's:utf8proc_normalise:utf8proc_reencode:' -i utils/idna.c
 
-  setconf Makefile.defaults NETSURF_UA_FORMAT_STRING '"NetSurf/%d.%d (%s; Parabola GNU/Linux-libre)"'
   setconf Makefile.defaults NETSURF_USE_DUKTAPE YES
+  setconf Makefile.defaults NETSURF_UA_FORMAT_STRING \
+    '"NetSurf/%d.%d (%s; Parabola GNU/Linux-libre)"'
 
   # remove non-privacy search engines
   sed -i '\|Google|d
@@ -119,10 +124,10 @@ package() {
   make install LIBDIR=lib INCLUDEDIR=include PREFIX=/usr TARGET=gtk \
     NETSURF_GTK_MAJOR=3 DESTDIR="$pkgdir"
 
-  # Script
+  # Launcher script
   install -Dm755 "../$pkgname.sh" "$pkgdir/usr/bin/$pkgname"
 
-  # Desktop shortcut
+  # Desktop icon and shortcut
   install -Dm644 "frontends/gtk/res/$pkgname.xpm" \
     "$pkgdir/usr/share/pixmaps/$pkgname.xpm"
   install -Dm644 "frontends/gtk/res/$pkgname-gtk.desktop" \
@@ -131,10 +136,6 @@ package() {
   # License
   install -Dm644 COPYING \
     "$pkgdir/usr/share/licenses/$pkgname/COPYING"
-
-  # Fix path
-  #mv "$pkgdir/usr/share/netsurf/:./gtk/res/"* "$pkgdir/usr/share/netsurf/"
-  #rmdir "$pkgdir/usr/share/netsurf/"{:./gtk/res,:./gtk,:.}
 }
 
 # vim:set ts=2 sw=2 et:
diff --git a/libre/netsurf/openssl.patch b/libre/netsurf/openssl.patch
new file mode 100644
index 000000000..2d914dd36
--- /dev/null
+++ b/libre/netsurf/openssl.patch
@@ -0,0 +1,72 @@
+From e8a9e3744523671228fef385ce7e1e11f93283b0 Mon Sep 17 00:00:00 2001
+From: Vincent Sanders <vince@kyllikki.org>
+Date: Sun, 20 Nov 2016 12:14:36 +0000
+Subject: fix openSSL 1.1.0 X509 certificate handling
+
+---
+diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
+index 66970ef..7ddf512 100644
+--- a/content/fetchers/curl.c
++++ b/content/fetchers/curl.c
+@@ -128,6 +128,26 @@ static char fetch_error_buffer[CURL_ERROR_SIZE];
+ static char fetch_proxy_userpwd[100];
+ 
+ 
++/* OpenSSL 1.0.x to 1.1.0 certificate reference counting changed */
++#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
++static int ns_X509_up_ref(X509 *cert)
++{
++	cert->references++;
++	return 1;
++}
++
++static void ns_X509_free(X509 *cert)
++{
++	cert->references--;
++	if (cert->references == 0) {
++		X509_free(cert);
++	}
++}
++#else
++#define ns_X509_up_ref X509_up_ref
++#define ns_X509_free X509_free
++#endif
++
+ /**
+  * Initialise a cURL fetcher.
+  */
+@@ -438,7 +458,7 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX *x509_ctx)
+ 	 */
+ 	if (!fetch->cert_data[depth].cert) {
+ 		fetch->cert_data[depth].cert = X509_STORE_CTX_get_current_cert(x509_ctx);
+-		fetch->cert_data[depth].cert->references++;
++		ns_X509_up_ref(fetch->cert_data[depth].cert);
+ 		fetch->cert_data[depth].err = X509_STORE_CTX_get_error(x509_ctx);
+ 	}
+ 
+@@ -815,10 +835,7 @@ static void fetch_curl_free(void *vf)
+ 	}
+ 
+ 	for (i = 0; i < MAX_CERTS && f->cert_data[i].cert; i++) {
+-		f->cert_data[i].cert->references--;
+-		if (f->cert_data[i].cert->references == 0) {
+-			X509_free(f->cert_data[i].cert);
+-		}
++		ns_X509_free(f->cert_data[i].cert);
+ 	}
+ 
+ 	free(f);
+@@ -986,10 +1003,7 @@ curl_start_cert_validate(struct curl_fetch_info *f,
+ 					      X509_get_pubkey(certs[depth].cert));
+ 
+ 		/* and clean up */
+-		certs[depth].cert->references--;
+-		if (certs[depth].cert->references == 0) {
+-			X509_free(certs[depth].cert);
+-		}
++		ns_X509_free(certs[depth].cert);
+ 	}
+ 
+ 	msg.type = FETCH_CERT_ERR;
+--
+cgit v0.9.0.3-65-g4555
-- 
cgit v1.2.3