1 |
commit: ed175c5284d66d77c891808de3239f187ee636f4 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Jan 28 13:22:36 2017 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Jan 28 13:22:36 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed175c52 |
7 |
|
8 |
net-misc/stunnel: fix build on libressl, bug #584298 |
9 |
|
10 |
Package-Manager: portage-2.3.3 |
11 |
|
12 |
.../files/stunnel-5.39-compat-libressl.patch | 132 +++++++++++++++++++++ |
13 |
net-misc/stunnel/stunnel-5.39.ebuild | 2 +- |
14 |
2 files changed, 133 insertions(+), 1 deletion(-) |
15 |
|
16 |
diff --git a/net-misc/stunnel/files/stunnel-5.39-compat-libressl.patch b/net-misc/stunnel/files/stunnel-5.39-compat-libressl.patch |
17 |
new file mode 100644 |
18 |
index 00000000..7c4f743 |
19 |
--- /dev/null |
20 |
+++ b/net-misc/stunnel/files/stunnel-5.39-compat-libressl.patch |
21 |
@@ -0,0 +1,132 @@ |
22 |
+diff -Naur stunnel-5.30.orig/src/ctx.c stunnel-5.30/src/ctx.c |
23 |
+--- stunnel-5.30.orig/src/ctx.c 2016-01-15 16:45:23.000000000 +0000 |
24 |
++++ stunnel-5.30/src/ctx.c 2016-05-14 15:16:47.392859450 +0000 |
25 |
+@@ -359,7 +359,7 @@ |
26 |
+ /**************************************** initialize OpenSSL CONF */ |
27 |
+ |
28 |
+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) { |
29 |
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L |
30 |
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) |
31 |
+ SSL_CONF_CTX *cctx; |
32 |
+ NAME_LIST *curr; |
33 |
+ char *cmd, *param; |
34 |
+diff -Naur stunnel-5.30.orig/src/verify.c stunnel-5.30/src/verify.c |
35 |
+--- stunnel-5.30.orig/src/verify.c 2016-01-15 16:45:23.000000000 +0000 |
36 |
++++ stunnel-5.30/src/verify.c 2016-05-14 15:16:10.369860180 +0000 |
37 |
+@@ -51,7 +51,7 @@ |
38 |
+ NOEXPORT int verify_callback(int, X509_STORE_CTX *); |
39 |
+ NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *); |
40 |
+ NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int); |
41 |
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L |
42 |
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) |
43 |
+ NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *); |
44 |
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ |
45 |
+ NOEXPORT int cert_check_local(X509_STORE_CTX *); |
46 |
+@@ -280,7 +280,7 @@ |
47 |
+ } |
48 |
+ |
49 |
+ if(depth==0) { /* additional peer certificate checks */ |
50 |
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L |
51 |
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) |
52 |
+ if(!cert_check_subject(c, callback_ctx)) |
53 |
+ return 0; /* reject */ |
54 |
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ |
55 |
+@@ -291,7 +291,7 @@ |
56 |
+ return 1; /* accept */ |
57 |
+ } |
58 |
+ |
59 |
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L |
60 |
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) |
61 |
+ NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) { |
62 |
+ X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx); |
63 |
+ NAME_LIST *ptr; |
64 |
+diff --git a/src/common.h b/src/common.h |
65 |
+index 93f165e..491d9de 100644 |
66 |
+--- a/src/common.h |
67 |
++++ b/src/common.h |
68 |
+@@ -448,7 +448,7 @@ extern char *sys_errlist[]; |
69 |
+ #define OPENSSL_NO_TLS1_2 |
70 |
+ #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */ |
71 |
+ |
72 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
73 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
74 |
+ #ifndef OPENSSL_NO_SSL2 |
75 |
+ #define OPENSSL_NO_SSL2 |
76 |
+ #endif /* !defined(OPENSSL_NO_SSL2) */ |
77 |
+@@ -474,7 +474,7 @@ extern char *sys_errlist[]; |
78 |
+ #include <openssl/des.h> |
79 |
+ #ifndef OPENSSL_NO_DH |
80 |
+ #include <openssl/dh.h> |
81 |
+-#if OPENSSL_VERSION_NUMBER<0x10100000L |
82 |
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
83 |
+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); |
84 |
+ #endif /* OpenSSL older than 1.1.0 */ |
85 |
+ #endif /* !defined(OPENSSL_NO_DH) */ |
86 |
+diff --git a/src/prototypes.h b/src/prototypes.h |
87 |
+index 303ff77..ae22598 100644 |
88 |
+--- a/src/prototypes.h |
89 |
++++ b/src/prototypes.h |
90 |
+@@ -664,13 +664,13 @@ typedef enum { |
91 |
+ #endif /* OPENSSL_NO_DH */ |
92 |
+ STUNNEL_LOCKS /* number of locks */ |
93 |
+ } LOCK_TYPE; |
94 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100004L |
95 |
++#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER) |
96 |
+ typedef int STUNNEL_RWLOCK; |
97 |
+ #else |
98 |
+ typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK; |
99 |
+ #endif |
100 |
+ extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS]; |
101 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100004L |
102 |
++#if OPENSSL_VERSION_NUMBER>=0x10100004L && !defined(LIBRESSL_VERSION_NUMBER) |
103 |
+ #define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type) |
104 |
+ #define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type) |
105 |
+ #else |
106 |
+diff --git a/src/ssl.c b/src/ssl.c |
107 |
+index a7af7e6..1483734 100644 |
108 |
+--- a/src/ssl.c |
109 |
++++ b/src/ssl.c |
110 |
+@@ -50,7 +50,7 @@ NOEXPORT int add_rand_file(GLOBAL_OPTIONS *, const char *); |
111 |
+ int index_cli, index_opt, index_redirect, index_addr; |
112 |
+ |
113 |
+ int ssl_init(void) { /* init TLS before parsing configuration file */ |
114 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
115 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
116 |
+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | |
117 |
+ OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); |
118 |
+ #else |
119 |
+@@ -83,7 +83,7 @@ int ssl_init(void) { /* init TLS before parsing configuration file */ |
120 |
+ } |
121 |
+ |
122 |
+ #ifndef OPENSSL_NO_DH |
123 |
+-#if OPENSSL_VERSION_NUMBER<0x10100000L |
124 |
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
125 |
+ /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0 |
126 |
+ * to be linked against the older versions */ |
127 |
+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { |
128 |
+diff --git a/src/sthreads.c b/src/sthreads.c |
129 |
+index 59c24a2..04fb256 100644 |
130 |
+--- a/src/sthreads.c |
131 |
++++ b/src/sthreads.c |
132 |
+@@ -47,7 +47,7 @@ |
133 |
+ STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS]; |
134 |
+ #endif |
135 |
+ |
136 |
+-#if OPENSSL_VERSION_NUMBER<0x10100004L |
137 |
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) |
138 |
+ #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid() |
139 |
+ #endif |
140 |
+ |
141 |
+diff --git a/src/verify.c b/src/verify.c |
142 |
+index ac1c3ee..3e3bda4 100644 |
143 |
+--- a/src/verify.c |
144 |
++++ b/src/verify.c |
145 |
+@@ -348,7 +348,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) { |
146 |
+ cert=X509_STORE_CTX_get_current_cert(callback_ctx); |
147 |
+ subject=X509_get_subject_name(cert); |
148 |
+ |
149 |
+-#if OPENSSL_VERSION_NUMBER>=0x10000000L |
150 |
++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) |
151 |
+ #if OPENSSL_VERSION_NUMBER<0x10100006L |
152 |
+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs |
153 |
+ #endif |
154 |
|
155 |
diff --git a/net-misc/stunnel/stunnel-5.39.ebuild b/net-misc/stunnel/stunnel-5.39.ebuild |
156 |
index 4275ec9..b1e4715 100644 |
157 |
--- a/net-misc/stunnel/stunnel-5.39.ebuild |
158 |
+++ b/net-misc/stunnel/stunnel-5.39.ebuild |
159 |
@@ -41,7 +41,7 @@ src_prepare() { |
160 |
tools/Makefile.in || die "sed failed" |
161 |
|
162 |
# libressl compat |
163 |
- eapply "${FILESDIR}"/stunnel-compat-libressl.patch |
164 |
+ eapply "${FILESDIR}"/${P}-compat-libressl.patch |
165 |
|
166 |
echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel |