| 1 |
commit: 98e54164b037b4503834159711595bfa4eb4d76c |
| 2 |
Author: Stefan Strogin <stefan.strogin <AT> gmail <DOT> com> |
| 3 |
AuthorDate: Thu Nov 1 15:31:53 2018 +0000 |
| 4 |
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sat Nov 3 08:17:24 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98e54164 |
| 7 |
|
| 8 |
media-libs/opusfile: add LibreSSL support |
| 9 |
|
| 10 |
Closes: https://bugs.gentoo.org/588768 |
| 11 |
Package-Manager: Portage-2.3.51, Repoman-2.3.11 |
| 12 |
Signed-off-by: Stefan Strogin <stefan.strogin <AT> gmail.com> |
| 13 |
Closes: https://github.com/gentoo/gentoo/pull/9979 |
| 14 |
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> |
| 15 |
|
| 16 |
.../opusfile/files/opusfile-0.11-libressl.patch | 142 +++++++++++++++++++++ |
| 17 |
media-libs/opusfile/opusfile-0.11.ebuild | 4 +- |
| 18 |
2 files changed, 145 insertions(+), 1 deletion(-) |
| 19 |
|
| 20 |
diff --git a/media-libs/opusfile/files/opusfile-0.11-libressl.patch b/media-libs/opusfile/files/opusfile-0.11-libressl.patch |
| 21 |
new file mode 100644 |
| 22 |
index 00000000000..72d807623a8 |
| 23 |
--- /dev/null |
| 24 |
+++ b/media-libs/opusfile/files/opusfile-0.11-libressl.patch |
| 25 |
@@ -0,0 +1,142 @@ |
| 26 |
+From 27ab318babb96e10a9f007b7c7936fd42425f488 Mon Sep 17 00:00:00 2001 |
| 27 |
+From: Stefan Strogin <stefan.strogin@×××××.com> |
| 28 |
+Date: Thu, 27 Sep 2018 04:53:29 +0300 |
| 29 |
+Subject: [PATCH] http: fix compilation with LibreSSL |
| 30 |
+ |
| 31 |
+LibreSSL defines OPENSSL_VERSION_NUMBER to 0x20000000L, but its API is |
| 32 |
+compatible with OpenSSL 1.0.1. |
| 33 |
+Therefore redefine OPENSSL_VERSION_NUMBER to 0x1000115fL (1.0.1u) if |
| 34 |
+LibreSSL is used. |
| 35 |
+ |
| 36 |
+Fixes: #2327 |
| 37 |
+ |
| 38 |
+http: use new API with LibreSSL >=2.7.0 |
| 39 |
+ |
| 40 |
+LibreSSL is not yet fully API compatible with OpenSSL 1.0.2 and later, |
| 41 |
+However many APIs from OpenSSL 1.0.2 and 1.1 are already implemented in |
| 42 |
+LibreSSL 2.7.0 and later. Old approach works in newer LibreSSL version |
| 43 |
+as well, but it's not nice to force deprecated functions on LibreSSL |
| 44 |
+users. |
| 45 |
+ |
| 46 |
+Add additional conditionals for new LibreSSL versions to use the |
| 47 |
+available new APIs. |
| 48 |
+--- |
| 49 |
+ src/http.c | 27 ++++++++++++++++----------- |
| 50 |
+ 1 file changed, 16 insertions(+), 11 deletions(-) |
| 51 |
+ |
| 52 |
+diff --git a/src/http.c b/src/http.c |
| 53 |
+index 8ba9b28..a47648f 100644 |
| 54 |
+--- a/src/http.c |
| 55 |
++++ b/src/http.c |
| 56 |
+@@ -358,6 +358,11 @@ typedef int op_sock; |
| 57 |
+ # include <sys/timeb.h> |
| 58 |
+ # include <openssl/x509v3.h> |
| 59 |
+ |
| 60 |
++# if (defined(LIBRESSL_VERSION_NUMBER)&&OPENSSL_VERSION_NUMBER==0x20000000L) |
| 61 |
++# undef OPENSSL_VERSION_NUMBER |
| 62 |
++# define OPENSSL_VERSION_NUMBER 0x1000115fL |
| 63 |
++# endif |
| 64 |
++ |
| 65 |
+ /*The maximum number of simultaneous connections. |
| 66 |
+ RFC 2616 says this SHOULD NOT be more than 2, but everyone on the modern web |
| 67 |
+ ignores that (e.g., IE 8 bumped theirs up from 2 to 6, Firefox uses 15). |
| 68 |
+@@ -1530,7 +1535,7 @@ static long op_bio_retry_ctrl(BIO *_b,int _cmd,long _num,void *_ptr){ |
| 69 |
+ return ret; |
| 70 |
+ } |
| 71 |
+ |
| 72 |
+-# if OPENSSL_VERSION_NUMBER<0x10100000L |
| 73 |
++# if (OPENSSL_VERSION_NUMBER<0x10100000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL) |
| 74 |
+ # define BIO_set_data(_b,_ptr) ((_b)->ptr=(_ptr)) |
| 75 |
+ # define BIO_set_init(_b,_init) ((_b)->init=(_init)) |
| 76 |
+ # define ASN1_STRING_get0_data ASN1_STRING_data |
| 77 |
+@@ -1538,7 +1543,7 @@ static long op_bio_retry_ctrl(BIO *_b,int _cmd,long _num,void *_ptr){ |
| 78 |
+ |
| 79 |
+ static int op_bio_retry_new(BIO *_b){ |
| 80 |
+ BIO_set_init(_b,1); |
| 81 |
+-# if OPENSSL_VERSION_NUMBER<0x10100000L |
| 82 |
++# if (OPENSSL_VERSION_NUMBER<0x10100000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL) |
| 83 |
+ _b->num=0; |
| 84 |
+ # endif |
| 85 |
+ BIO_set_data(_b,NULL); |
| 86 |
+@@ -1549,7 +1554,7 @@ static int op_bio_retry_free(BIO *_b){ |
| 87 |
+ return _b!=NULL; |
| 88 |
+ } |
| 89 |
+ |
| 90 |
+-# if OPENSSL_VERSION_NUMBER<0x10100000L |
| 91 |
++# if (OPENSSL_VERSION_NUMBER<0x10100000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL) |
| 92 |
+ /*This is not const because OpenSSL doesn't allow it, even though it won't |
| 93 |
+ write to it.*/ |
| 94 |
+ static BIO_METHOD op_bio_retry_method={ |
| 95 |
+@@ -1570,7 +1575,7 @@ static BIO_METHOD op_bio_retry_method={ |
| 96 |
+ proxying https URL requests.*/ |
| 97 |
+ static int op_http_conn_establish_tunnel(OpusHTTPStream *_stream, |
| 98 |
+ OpusHTTPConn *_conn,op_sock _fd,SSL *_ssl_conn,BIO *_ssl_bio){ |
| 99 |
+-# if OPENSSL_VERSION_NUMBER>=0x10100000L |
| 100 |
++# if (OPENSSL_VERSION_NUMBER>=0x10100000L||LIBRESSL_VERSION_NUMBER>=0x2070000fL) |
| 101 |
+ BIO_METHOD *bio_retry_method; |
| 102 |
+ # endif |
| 103 |
+ BIO *retry_bio; |
| 104 |
+@@ -1583,7 +1588,7 @@ static int op_http_conn_establish_tunnel(OpusHTTPStream *_stream, |
| 105 |
+ ret=op_http_conn_write_fully(_conn, |
| 106 |
+ _stream->proxy_connect.buf,_stream->proxy_connect.nbuf); |
| 107 |
+ if(OP_UNLIKELY(ret<0))return ret; |
| 108 |
+-# if OPENSSL_VERSION_NUMBER>=0x10100000L |
| 109 |
++# if (OPENSSL_VERSION_NUMBER>=0x10100000L||LIBRESSL_VERSION_NUMBER>=0x2070000fL) |
| 110 |
+ bio_retry_method=BIO_meth_new(BIO_TYPE_NULL,"retry"); |
| 111 |
+ if(bio_retry_method==NULL)return OP_EFAULT; |
| 112 |
+ BIO_meth_set_write(bio_retry_method,op_bio_retry_write); |
| 113 |
+@@ -1606,7 +1611,7 @@ static int op_http_conn_establish_tunnel(OpusHTTPStream *_stream, |
| 114 |
+ /*This shouldn't succeed, since we can't read yet.*/ |
| 115 |
+ OP_ALWAYS_TRUE(SSL_connect(_ssl_conn)<0); |
| 116 |
+ SSL_set_bio(_ssl_conn,_ssl_bio,_ssl_bio); |
| 117 |
+-# if OPENSSL_VERSION_NUMBER>=0x10100000L |
| 118 |
++# if (OPENSSL_VERSION_NUMBER>=0x10100000L||LIBRESSL_VERSION_NUMBER>=0x2070000fL) |
| 119 |
+ BIO_meth_free(bio_retry_method); |
| 120 |
+ # endif |
| 121 |
+ /*Only now do we disable write coalescing, to allow the CONNECT |
| 122 |
+@@ -1635,7 +1640,7 @@ static struct addrinfo *op_inet_pton(const char *_host){ |
| 123 |
+ return NULL; |
| 124 |
+ } |
| 125 |
+ |
| 126 |
+-# if OPENSSL_VERSION_NUMBER<0x10002000L |
| 127 |
++# if (OPENSSL_VERSION_NUMBER<0x10002000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL) |
| 128 |
+ /*Match a host name against a host with a possible wildcard pattern according |
| 129 |
+ to the rules of RFC 6125 Section 6.4.3. |
| 130 |
+ Return: 0 if the pattern doesn't match, and a non-zero value if it does.*/ |
| 131 |
+@@ -1893,7 +1898,7 @@ static int op_http_conn_start_tls(OpusHTTPStream *_stream,OpusHTTPConn *_conn, |
| 132 |
+ SSL_set_tlsext_host_name(_ssl_conn,_stream->url.host); |
| 133 |
+ # endif |
| 134 |
+ skip_certificate_check=_stream->skip_certificate_check; |
| 135 |
+-# if OPENSSL_VERSION_NUMBER>=0x10002000L |
| 136 |
++# if (OPENSSL_VERSION_NUMBER>=0x10002000L||LIBRESSL_VERSION_NUMBER>=0x2070000fL) |
| 137 |
+ /*As of version 1.0.2, OpenSSL can finally do hostname checks automatically. |
| 138 |
+ Of course, they make it much more complicated than it needs to be.*/ |
| 139 |
+ if(!skip_certificate_check){ |
| 140 |
+@@ -1956,13 +1961,13 @@ static int op_http_conn_start_tls(OpusHTTPStream *_stream,OpusHTTPConn *_conn, |
| 141 |
+ if(OP_UNLIKELY(ret<=0))return OP_FALSE; |
| 142 |
+ ssl_session=_stream->ssl_session; |
| 143 |
+ if(ssl_session==NULL |
| 144 |
+-# if OPENSSL_VERSION_NUMBER<0x10002000L |
| 145 |
++# if (OPENSSL_VERSION_NUMBER<0x10002000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL) |
| 146 |
+ ||!skip_certificate_check |
| 147 |
+ # endif |
| 148 |
+ ){ |
| 149 |
+ ret=op_do_ssl_step(_ssl_conn,_fd,SSL_do_handshake); |
| 150 |
+ if(OP_UNLIKELY(ret<=0))return OP_FALSE; |
| 151 |
+-# if OPENSSL_VERSION_NUMBER<0x10002000L |
| 152 |
++# if (OPENSSL_VERSION_NUMBER<0x10002000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL) |
| 153 |
+ /*OpenSSL before version 1.0.2 does not do automatic hostname verification, |
| 154 |
+ despite the fact that we just passed it the hostname above in the call |
| 155 |
+ to SSL_set_tlsext_host_name(). |
| 156 |
+@@ -2314,7 +2319,7 @@ static int op_http_stream_open(OpusHTTPStream *_stream,const char *_url, |
| 157 |
+ /*Initialize the SSL library if necessary.*/ |
| 158 |
+ if(OP_URL_IS_SSL(&_stream->url)&&_stream->ssl_ctx==NULL){ |
| 159 |
+ SSL_CTX *ssl_ctx; |
| 160 |
+-# if OPENSSL_VERSION_NUMBER<0x10100000L |
| 161 |
++# if (OPENSSL_VERSION_NUMBER<0x10100000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL) |
| 162 |
+ # if !defined(OPENSSL_NO_LOCKING) |
| 163 |
+ /*The documentation says SSL_library_init() is not reentrant. |
| 164 |
+ We don't want to add our own depenencies on a threading library, and it |
| 165 |
+-- |
| 166 |
+2.19.1 |
| 167 |
+ |
| 168 |
|
| 169 |
diff --git a/media-libs/opusfile/opusfile-0.11.ebuild b/media-libs/opusfile/opusfile-0.11.ebuild |
| 170 |
index bff77dbcf7e..92e3dbb30f6 100644 |
| 171 |
--- a/media-libs/opusfile/opusfile-0.11.ebuild |
| 172 |
+++ b/media-libs/opusfile/opusfile-0.11.ebuild |
| 173 |
@@ -16,7 +16,7 @@ RDEPEND="media-libs/libogg |
| 174 |
media-libs/opus |
| 175 |
http? ( |
| 176 |
!libressl? ( dev-libs/openssl:0= ) |
| 177 |
- libressl? ( dev-libs/libressl:= ) |
| 178 |
+ libressl? ( dev-libs/libressl:0= ) |
| 179 |
)" |
| 180 |
|
| 181 |
DEPEND="${RDEPEND} |
| 182 |
@@ -24,6 +24,8 @@ DEPEND="${RDEPEND} |
| 183 |
|
| 184 |
REQUIRED_USE="^^ ( fixed-point float )" |
| 185 |
|
| 186 |
+PATCHES=( "${FILESDIR}/opusfile-0.11-libressl.patch" ) |
| 187 |
+ |
| 188 |
src_configure() { |
| 189 |
local myeconfargs=( |
| 190 |
--docdir="${EPREFIX}/usr/share/doc/${PF}" |
Archives