Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Stefan Strogin <steils@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/stunnel/files/, net-misc/stunnel/
Date: Wed, 22 May 2019 05:49:23
Message-Id: 1558503893.6d65515da00c16636e1d6f10f0482b29afe4cf9b.steils@gentoo
1 commit: 6d65515da00c16636e1d6f10f0482b29afe4cf9b
2 Author: Stefan Strogin <steils <AT> gentoo <DOT> org>
3 AuthorDate: Wed May 22 05:43:50 2019 +0000
4 Commit: Stefan Strogin <steils <AT> gentoo <DOT> org>
5 CommitDate: Wed May 22 05:44:53 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d65515d
7
8 net-misc/stunnel: restore LibreSSL support; add patch for 5.54
9
10 Package-Manager: Portage-2.3.66, Repoman-2.3.12
11 Signed-off-by: Stefan Strogin <steils <AT> gentoo.org>
12
13 net-misc/stunnel/files/stunnel-5.54-libressl.patch | 313 +++++++++++++++++++++
14 net-misc/stunnel/stunnel-5.54.ebuild | 11 +-
15 2 files changed, 320 insertions(+), 4 deletions(-)
16
17 diff --git a/net-misc/stunnel/files/stunnel-5.54-libressl.patch b/net-misc/stunnel/files/stunnel-5.54-libressl.patch
18 new file mode 100644
19 index 00000000000..1965f47bca2
20 --- /dev/null
21 +++ b/net-misc/stunnel/files/stunnel-5.54-libressl.patch
22 @@ -0,0 +1,313 @@
23 +diff --git a/src/client.c b/src/client.c
24 +index 21fa273..e500d62 100644
25 +--- a/src/client.c
26 ++++ b/src/client.c
27 +@@ -657,7 +657,7 @@ NOEXPORT void print_cipher(CLI *c) { /* print negotiated cipher */
28 + NOEXPORT void transfer(CLI *c) {
29 + int timeout; /* s_poll_wait timeout in seconds */
30 + int pending; /* either processed on unprocessed TLS data */
31 +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
32 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
33 + int has_pending=0, prev_has_pending;
34 + #endif
35 + int watchdog=0; /* a counter to detect an infinite loop */
36 +@@ -705,7 +705,7 @@ NOEXPORT void transfer(CLI *c) {
37 +
38 + /****************************** wait for an event */
39 + pending=SSL_pending(c->ssl);
40 +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
41 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
42 + /* only attempt to process SSL_has_pending() data once */
43 + prev_has_pending=has_pending;
44 + has_pending=SSL_has_pending(c->ssl);
45 +@@ -1109,7 +1109,7 @@ NOEXPORT void transfer(CLI *c) {
46 + s_log(LOG_ERR,
47 + "please report the problem to Michal.Trojnara@×××××××.org");
48 + stunnel_info(LOG_ERR);
49 +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
50 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
51 + s_log(LOG_ERR, "protocol=%s, SSL_pending=%d, SSL_has_pending=%d",
52 + SSL_get_version(c->ssl),
53 + SSL_pending(c->ssl), SSL_has_pending(c->ssl));
54 +diff --git a/src/ctx.c b/src/ctx.c
55 +index 01119f3..b73fdcb 100644
56 +--- a/src/ctx.c
57 ++++ b/src/ctx.c
58 +@@ -91,7 +91,7 @@ NOEXPORT void set_prompt(const char *);
59 + NOEXPORT int ui_retry();
60 +
61 + /* session tickets */
62 +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
63 ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
64 + NOEXPORT int generate_session_ticket_cb(SSL *, void *);
65 + NOEXPORT int decrypt_session_ticket_cb(SSL *, SSL_SESSION *,
66 + const unsigned char *, size_t, SSL_TICKET_STATUS, void *);
67 +@@ -130,7 +130,7 @@ NOEXPORT void sslerror_log(unsigned long, const char *, int, char *);
68 +
69 + /**************************************** initialize section->ctx */
70 +
71 +-#if OPENSSL_VERSION_NUMBER>=0x10100000L
72 ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
73 + typedef long unsigned SSL_OPTIONS_TYPE;
74 + #else
75 + typedef long SSL_OPTIONS_TYPE;
76 +@@ -138,7 +138,7 @@ typedef long SSL_OPTIONS_TYPE;
77 +
78 + int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
79 + /* create TLS context */
80 +-#if OPENSSL_VERSION_NUMBER>=0x10100000L
81 ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
82 + if(section->option.client)
83 + section->ctx=SSL_CTX_new(TLS_client_method());
84 + else /* server mode */
85 +@@ -234,7 +234,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
86 + #endif
87 +
88 + /* setup session tickets */
89 +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
90 ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
91 + SSL_CTX_set_session_ticket_cb(section->ctx, generate_session_ticket_cb,
92 + decrypt_session_ticket_cb, NULL);
93 + #endif /* OpenSSL 1.1.1 or later */
94 +@@ -493,7 +493,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
95 + /**************************************** initialize OpenSSL CONF */
96 +
97 + NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
98 +-#if OPENSSL_VERSION_NUMBER>=0x10002000L
99 ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
100 + SSL_CONF_CTX *cctx;
101 + NAME_LIST *curr;
102 + char *cmd, *param;
103 +@@ -979,7 +979,7 @@ NOEXPORT int ui_retry() {
104 +
105 + /**************************************** session tickets */
106 +
107 +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
108 ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
109 +
110 + typedef struct {
111 + void *session_authenticated;
112 +@@ -1470,7 +1470,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where, int ret) {
113 +
114 + c=SSL_get_ex_data((SSL *)ssl, index_ssl_cli);
115 + if(c) {
116 +-#if OPENSSL_VERSION_NUMBER>=0x10100000L
117 ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
118 + OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl);
119 + #else
120 + int state=SSL_get_state((SSL *)ssl);
121 +diff --git a/src/options.c b/src/options.c
122 +index 670adbe..a10cecd 100644
123 +--- a/src/options.c
124 ++++ b/src/options.c
125 +@@ -81,7 +81,7 @@ NOEXPORT char *sni_init(SERVICE_OPTIONS *);
126 + NOEXPORT void sni_free(SERVICE_OPTIONS *);
127 + #endif /* !defined(OPENSSL_NO_TLSEXT) */
128 +
129 +-#if OPENSSL_VERSION_NUMBER>=0x10100000L
130 ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
131 + NOEXPORT int str_to_proto_version(const char *);
132 + #else /* OPENSSL_VERSION_NUMBER<0x10100000L */
133 + NOEXPORT char *tls_methods_set(SERVICE_OPTIONS *, const char *);
134 +@@ -96,7 +96,7 @@ NOEXPORT PSK_KEYS *psk_dup(PSK_KEYS *);
135 + NOEXPORT void psk_free(PSK_KEYS *);
136 + #endif /* !defined(OPENSSL_NO_PSK) */
137 +
138 +-#if OPENSSL_VERSION_NUMBER>=0x10000000L
139 ++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER)
140 + NOEXPORT TICKET_KEY *key_read(char *, char *);
141 + NOEXPORT TICKET_KEY *key_dup(TICKET_KEY *);
142 + NOEXPORT void key_free(TICKET_KEY *);
143 +@@ -3104,7 +3104,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr,
144 + break;
145 + }
146 +
147 +-#if OPENSSL_VERSION_NUMBER>=0x10100000L
148 ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
149 +
150 + /* sslVersion */
151 + switch(cmd) {
152 +@@ -3273,7 +3273,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr,
153 + }
154 + #endif
155 +
156 +-#if OPENSSL_VERSION_NUMBER>=0x10000000L
157 ++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER)
158 +
159 + /* ticketKeySecret */
160 + switch(cmd) {
161 +@@ -3755,7 +3755,7 @@ NOEXPORT void sni_free(SERVICE_OPTIONS *section) {
162 +
163 + /**************************************** modern TLS version handling */
164 +
165 +-#if OPENSSL_VERSION_NUMBER>=0x10100000L
166 ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
167 +
168 + NOEXPORT int str_to_proto_version(const char *name) {
169 + if(!strcasecmp(name, "all"))
170 +@@ -4079,7 +4079,7 @@ NOEXPORT void psk_free(PSK_KEYS *head) {
171 +
172 + /**************************************** read ticket key */
173 +
174 +-#if OPENSSL_VERSION_NUMBER>=0x10000000L
175 ++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER)
176 +
177 + NOEXPORT TICKET_KEY *key_read(char *arg, char *option) {
178 + char *key_str;
179 +diff --git a/src/prototypes.h b/src/prototypes.h
180 +index ebd413c..edd4341 100644
181 +--- a/src/prototypes.h
182 ++++ b/src/prototypes.h
183 +@@ -244,7 +244,7 @@ typedef struct service_options_struct {
184 + #if OPENSSL_VERSION_NUMBER>=0x009080dfL
185 + long unsigned ssl_options_clear;
186 + #endif /* OpenSSL 0.9.8m or later */
187 +-#if OPENSSL_VERSION_NUMBER>=0x10100000L
188 ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
189 + int min_proto_version, max_proto_version;
190 + #else /* OPENSSL_VERSION_NUMBER<0x10100000L */
191 + SSL_METHOD *client_method, *server_method;
192 +@@ -706,7 +706,7 @@ int getnameinfo(const struct sockaddr *, socklen_t,
193 + extern CLI *thread_head;
194 + #endif
195 +
196 +-#if OPENSSL_VERSION_NUMBER<0x10100004L
197 ++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
198 +
199 + #ifdef USE_OS_THREADS
200 +
201 +@@ -755,7 +755,7 @@ typedef enum {
202 +
203 + extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
204 +
205 +-#if OPENSSL_VERSION_NUMBER<0x10100004L
206 ++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
207 + /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */
208 + CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
209 + int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *);
210 +diff --git a/src/ssl.c b/src/ssl.c
211 +index 60e31c1..10b0658 100644
212 +--- a/src/ssl.c
213 ++++ b/src/ssl.c
214 +@@ -39,7 +39,7 @@
215 + #include "prototypes.h"
216 +
217 + /* global OpenSSL initialization: compression, engine, entropy */
218 +-#if OPENSSL_VERSION_NUMBER>=0x10100000L
219 ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
220 + NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
221 + void *from_d, int idx, long argl, void *argp);
222 + #else
223 +@@ -114,7 +114,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
224 + #endif
225 + #endif
226 +
227 +-#if OPENSSL_VERSION_NUMBER>=0x10100000L
228 ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
229 + NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
230 + void *from_d, int idx, long argl, void *argp) {
231 + #else
232 +@@ -177,7 +177,7 @@ int ssl_configure(GLOBAL_OPTIONS *global) { /* configure global TLS settings */
233 +
234 + #ifndef OPENSSL_NO_COMP
235 +
236 +-#if OPENSSL_VERSION_NUMBER<0x10100000L
237 ++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
238 +
239 + NOEXPORT int COMP_get_type(const COMP_METHOD *meth) {
240 + return meth->type;
241 +diff --git a/src/sthreads.c b/src/sthreads.c
242 +index dc2cd43..7a01f2e 100644
243 +--- a/src/sthreads.c
244 ++++ b/src/sthreads.c
245 +@@ -102,14 +102,16 @@ unsigned long stunnel_thread_id(void) {
246 +
247 + #endif /* USE_WIN32 */
248 +
249 +-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L
250 ++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L) || \
251 ++ defined(LIBRESSL_VERSION_NUMBER)
252 + NOEXPORT void threadid_func(CRYPTO_THREADID *tid) {
253 + CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id());
254 + }
255 + #endif
256 +
257 + void thread_id_init(void) {
258 +-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L
259 ++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L) || \
260 ++ defined(LIBRESSL_VERSION_NUMBER)
261 + CRYPTO_THREADID_set_callback(threadid_func);
262 + #endif
263 + #if OPENSSL_VERSION_NUMBER<0x10000000L || !defined(OPENSSL_NO_DEPRECATED)
264 +@@ -120,7 +122,7 @@ void thread_id_init(void) {
265 + /**************************************** locking */
266 +
267 + /* we only need to initialize locking with OpenSSL older than 1.1.0 */
268 +-#if OPENSSL_VERSION_NUMBER<0x10100004L
269 ++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
270 +
271 + #ifdef USE_PTHREAD
272 +
273 +@@ -229,7 +231,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO_RWLOCK *lock) {
274 +
275 + CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
276 +
277 +-#if OPENSSL_VERSION_NUMBER<0x10100004L
278 ++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
279 +
280 + #ifdef USE_OS_THREADS
281 +
282 +@@ -339,7 +341,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) {
283 +
284 + void locking_init(void) {
285 + size_t i;
286 +-#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L
287 ++#if defined(USE_OS_THREADS) && \
288 ++ (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER))
289 + size_t num;
290 +
291 + /* initialize the OpenSSL static locking */
292 +diff --git a/src/tls.c b/src/tls.c
293 +index 6c92b96..5e60a95 100644
294 +--- a/src/tls.c
295 ++++ b/src/tls.c
296 +@@ -41,7 +41,7 @@
297 + volatile int tls_initialized=0;
298 +
299 + NOEXPORT void tls_platform_init();
300 +-#if OPENSSL_VERSION_NUMBER<0x10100000L
301 ++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
302 + NOEXPORT void free_function(void *);
303 + #endif
304 +
305 +@@ -52,7 +52,7 @@ void tls_init() {
306 + tls_platform_init();
307 + tls_initialized=1;
308 + ui_tls=tls_alloc(NULL, NULL, "ui");
309 +-#if OPENSSL_VERSION_NUMBER>=0x10100000L
310 ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
311 + CRYPTO_set_mem_functions(str_alloc_detached_debug,
312 + str_realloc_detached_debug, str_free_debug);
313 + #else
314 +@@ -184,7 +184,7 @@ TLS_DATA *tls_get() {
315 +
316 + /**************************************** OpenSSL allocator hook */
317 +
318 +-#if OPENSSL_VERSION_NUMBER<0x10100000L
319 ++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
320 + NOEXPORT void free_function(void *ptr) {
321 + /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */
322 + /* unfortunately, OpenSSL provides no file:line information here */
323 +diff --git a/src/verify.c b/src/verify.c
324 +index 1d1eccb..dfd9bff 100644
325 +--- a/src/verify.c
326 ++++ b/src/verify.c
327 +@@ -346,7 +346,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
328 + cert=X509_STORE_CTX_get_current_cert(callback_ctx);
329 + subject=X509_get_subject_name(cert);
330 +
331 +-#if OPENSSL_VERSION_NUMBER<0x10100006L
332 ++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
333 + #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
334 + #endif
335 + /* modern API allows retrieving multiple matching certificates */
336
337 diff --git a/net-misc/stunnel/stunnel-5.54.ebuild b/net-misc/stunnel/stunnel-5.54.ebuild
338 index 8e7f7da16ba..a36f2872e78 100644
339 --- a/net-misc/stunnel/stunnel-5.54.ebuild
340 +++ b/net-misc/stunnel/stunnel-5.54.ebuild
341 @@ -18,11 +18,11 @@ SRC_URI="ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
342 LICENSE="GPL-2"
343 SLOT="0"
344 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos"
345 -IUSE="ipv6 selinux stunnel3 tcpd"
346 +IUSE="ipv6 libressl selinux stunnel3 tcpd"
347
348 -DEPEND="
349 - tcpd? ( sys-apps/tcp-wrappers )
350 - dev-libs/openssl:0="
351 +DEPEND="!libressl? ( dev-libs/openssl:0= )
352 + libressl? ( dev-libs/libressl:0= )
353 + tcpd? ( sys-apps/tcp-wrappers )"
354 RDEPEND="${DEPEND}
355 stunnel3? ( dev-lang/perl )
356 selinux? ( sec-policy/selinux-stunnel )"
357 @@ -39,6 +39,9 @@ src_prepare() {
358 sed -i -e "s/^install-data-local:/do-not-run-this:/" \
359 tools/Makefile.in || die "sed failed"
360
361 + # bugs 656420, 682894
362 + eapply "${FILESDIR}"/${P}-libressl.patch
363 +
364 echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel
365
366 eapply_user
Report Message
Find on MARC Find on Google Groups