diff options
author | Stefan Strogin <stefan.strogin@gmail.com> | 2019-04-24 07:42:13 +0300 |
---|---|---|
committer | Aaron Bauman <bman@gentoo.org> | 2019-04-24 00:56:31 -0400 |
commit | 5a85fb190b37206caed168691ad569c5c63932f7 (patch) | |
tree | d5abc709e2847e97a8b5f5e57aa4b855aeeaddea /net-misc | |
parent | dev-python/openstackdocstheme: arm64 stable (diff) | |
download | gentoo-5a85fb190b37206caed168691ad569c5c63932f7.tar.gz gentoo-5a85fb190b37206caed168691ad569c5c63932f7.tar.bz2 gentoo-5a85fb190b37206caed168691ad569c5c63932f7.zip |
net-misc/stunnel: update LibreSSL patch for 5.51
Closes: https://bugs.gentoo.org/682894
Package-Manager: Portage-2.3.64, Repoman-2.3.12
Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/11807
Signed-off-by: Aaron Bauman <bman@gentoo.org>
Diffstat (limited to 'net-misc')
-rw-r--r-- | net-misc/stunnel/files/stunnel-5.51-libressl.patch | 268 | ||||
-rw-r--r-- | net-misc/stunnel/stunnel-5.51-r1.ebuild (renamed from net-misc/stunnel/stunnel-5.51.ebuild) | 4 |
2 files changed, 270 insertions, 2 deletions
diff --git a/net-misc/stunnel/files/stunnel-5.51-libressl.patch b/net-misc/stunnel/files/stunnel-5.51-libressl.patch new file mode 100644 index 000000000000..7ca8ace454d8 --- /dev/null +++ b/net-misc/stunnel/files/stunnel-5.51-libressl.patch @@ -0,0 +1,268 @@ +diff --git a/src/client.c b/src/client.c +index b67544a..6676529 100644 +--- a/src/client.c ++++ b/src/client.c +@@ -680,7 +680,7 @@ NOEXPORT void transfer(CLI *c) { + } + + /****************************** wait for an event */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + pending=SSL_pending(c->ssl) || SSL_has_pending(c->ssl); + #else + pending=SSL_pending(c->ssl); +diff --git a/src/ctx.c b/src/ctx.c +index b3dc684..0186968 100644 +--- a/src/ctx.c ++++ b/src/ctx.c +@@ -91,7 +91,7 @@ NOEXPORT void set_prompt(const char *); + NOEXPORT int ui_retry(); + + /* session tickets */ +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) + NOEXPORT int generate_session_ticket_cb(SSL *, void *); + NOEXPORT int decrypt_session_ticket_cb(SSL *, SSL_SESSION *, + const unsigned char *, size_t, SSL_TICKET_STATUS, void *); +@@ -125,7 +125,7 @@ NOEXPORT void sslerror_log(unsigned long, const char *, int, char *); + + /**************************************** initialize section->ctx */ + +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + typedef long unsigned SSL_OPTIONS_TYPE; + #else + typedef long SSL_OPTIONS_TYPE; +@@ -133,7 +133,7 @@ typedef long SSL_OPTIONS_TYPE; + + int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ + /* create TLS context */ +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + if(section->option.client) + section->ctx=SSL_CTX_new(TLS_client_method()); + else /* server mode */ +@@ -229,7 +229,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ + #endif + + /* setup session tickets */ +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) + SSL_CTX_set_session_ticket_cb(section->ctx, generate_session_ticket_cb, + decrypt_session_ticket_cb, NULL); + #endif /* OpenSSL 1.1.1 or later */ +@@ -483,7 +483,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) { + /**************************************** initialize OpenSSL CONF */ + + NOEXPORT int conf_init(SERVICE_OPTIONS *section) { +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + SSL_CONF_CTX *cctx; + NAME_LIST *curr; + char *cmd, *param; +@@ -969,7 +969,7 @@ NOEXPORT int ui_retry() { + + /**************************************** session tickets */ + +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) + + typedef struct { + void *session_authenticated; +@@ -1412,7 +1412,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where, int ret) { + + c=SSL_get_ex_data((SSL *)ssl, index_ssl_cli); + if(c) { +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl); + #else + int state=SSL_get_state((SSL *)ssl); +diff --git a/src/options.c b/src/options.c +index c7bd5c5..5441b80 100644 +--- a/src/options.c ++++ b/src/options.c +@@ -81,7 +81,7 @@ NOEXPORT char *sni_init(SERVICE_OPTIONS *); + NOEXPORT void sni_free(SERVICE_OPTIONS *); + #endif /* !defined(OPENSSL_NO_TLSEXT) */ + +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + NOEXPORT int str_to_proto_version(const char *); + #else /* OPENSSL_VERSION_NUMBER<0x10100000L */ + NOEXPORT char *tls_methods_set(SERVICE_OPTIONS *, const char *); +@@ -3098,7 +3098,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr, + break; + } + +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + + /* sslVersion */ + switch(cmd) { +@@ -3671,7 +3671,7 @@ NOEXPORT void sni_free(SERVICE_OPTIONS *section) { + + /**************************************** modern TLS version handling */ + +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + + NOEXPORT int str_to_proto_version(const char *name) { + if(!strcasecmp(name, "all")) +diff --git a/src/prototypes.h b/src/prototypes.h +index 4a5d9af..057d3b9 100644 +--- a/src/prototypes.h ++++ b/src/prototypes.h +@@ -226,7 +226,7 @@ typedef struct service_options_struct { + #if OPENSSL_VERSION_NUMBER>=0x009080dfL + long unsigned ssl_options_clear; + #endif /* OpenSSL 0.9.8m or later */ +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + int min_proto_version, max_proto_version; + #else /* OPENSSL_VERSION_NUMBER<0x10100000L */ + SSL_METHOD *client_method, *server_method; +@@ -666,7 +666,7 @@ int getnameinfo(const struct sockaddr *, socklen_t, + #define USE_OS_THREADS + #endif + +-#if OPENSSL_VERSION_NUMBER<0x10100004L ++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) + + #ifdef USE_OS_THREADS + +@@ -714,7 +714,7 @@ typedef enum { + + extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS]; + +-#if OPENSSL_VERSION_NUMBER<0x10100004L ++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) + /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */ + CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); + int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *); +diff --git a/src/ssl.c b/src/ssl.c +index 60e31c1..10b0658 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -39,7 +39,7 @@ + #include "prototypes.h" + + /* global OpenSSL initialization: compression, engine, entropy */ +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp); + #else +@@ -114,7 +114,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { + #endif + #endif + +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp) { + #else +@@ -177,7 +177,7 @@ int ssl_configure(GLOBAL_OPTIONS *global) { /* configure global TLS settings */ + + #ifndef OPENSSL_NO_COMP + +-#if OPENSSL_VERSION_NUMBER<0x10100000L ++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + NOEXPORT int COMP_get_type(const COMP_METHOD *meth) { + return meth->type; +diff --git a/src/sthreads.c b/src/sthreads.c +index 37a1398..750e312 100644 +--- a/src/sthreads.c ++++ b/src/sthreads.c +@@ -97,14 +97,16 @@ unsigned long stunnel_thread_id(void) { + + #endif /* USE_WIN32 */ + +-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L ++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L) || \ ++ defined(LIBRESSL_VERSION_NUMBER) + NOEXPORT void threadid_func(CRYPTO_THREADID *tid) { + CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id()); + } + #endif + + void thread_id_init(void) { +-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L ++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L) || \ ++ defined(LIBRESSL_VERSION_NUMBER) + CRYPTO_THREADID_set_callback(threadid_func); + #endif + #if OPENSSL_VERSION_NUMBER<0x10000000L || !defined(OPENSSL_NO_DEPRECATED) +@@ -115,7 +117,7 @@ void thread_id_init(void) { + /**************************************** locking */ + + /* we only need to initialize locking with OpenSSL older than 1.1.0 */ +-#if OPENSSL_VERSION_NUMBER<0x10100004L ++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) + + #ifdef USE_PTHREAD + +@@ -224,7 +226,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO_RWLOCK *lock) { + + CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS]; + +-#if OPENSSL_VERSION_NUMBER<0x10100004L ++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) + + #ifdef USE_OS_THREADS + +@@ -334,7 +336,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) { + + void locking_init(void) { + size_t i; +-#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L ++#if defined(USE_OS_THREADS) && \ ++ (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)) + size_t num; + + /* initialize the OpenSSL static locking */ +diff --git a/src/tls.c b/src/tls.c +index 6c92b96..5e60a95 100644 +--- a/src/tls.c ++++ b/src/tls.c +@@ -41,7 +41,7 @@ + volatile int tls_initialized=0; + + NOEXPORT void tls_platform_init(); +-#if OPENSSL_VERSION_NUMBER<0x10100000L ++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + NOEXPORT void free_function(void *); + #endif + +@@ -52,7 +52,7 @@ void tls_init() { + tls_platform_init(); + tls_initialized=1; + ui_tls=tls_alloc(NULL, NULL, "ui"); +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + CRYPTO_set_mem_functions(str_alloc_detached_debug, + str_realloc_detached_debug, str_free_debug); + #else +@@ -184,7 +184,7 @@ TLS_DATA *tls_get() { + + /**************************************** OpenSSL allocator hook */ + +-#if OPENSSL_VERSION_NUMBER<0x10100000L ++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + NOEXPORT void free_function(void *ptr) { + /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */ + /* unfortunately, OpenSSL provides no file:line information here */ +diff --git a/src/verify.c b/src/verify.c +index acdfb5b..d7b7655 100644 +--- a/src/verify.c ++++ b/src/verify.c +@@ -346,7 +346,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) { + cert=X509_STORE_CTX_get_current_cert(callback_ctx); + subject=X509_get_subject_name(cert); + +-#if OPENSSL_VERSION_NUMBER<0x10100006L ++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) + #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs + #endif + /* modern API allows retrieving multiple matching certificates */ diff --git a/net-misc/stunnel/stunnel-5.51.ebuild b/net-misc/stunnel/stunnel-5.51-r1.ebuild index e3b397589b46..0c9f131d6371 100644 --- a/net-misc/stunnel/stunnel-5.51.ebuild +++ b/net-misc/stunnel/stunnel-5.51-r1.ebuild @@ -39,8 +39,8 @@ src_prepare() { sed -i -e "s/^install-data-local:/do-not-run-this:/" \ tools/Makefile.in || die "sed failed" - # bug 656420 - eapply "${FILESDIR}"/${PN}-5.50-libressl.patch + # bugs 656420, 682894 + eapply "${FILESDIR}"/${P}-libressl.patch echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel |