1 |
commit: 992eb4bfc2d96201fbc5587b5f29c9d81b278eb5 |
2 |
Author: Stefan Strogin <stefan.strogin <AT> gmail <DOT> com> |
3 |
AuthorDate: Tue Feb 26 20:12:10 2019 +0000 |
4 |
Commit: Aaron Bauman <bman <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Feb 26 22:28:20 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=992eb4bf |
7 |
|
8 |
net-misc/stunnel: update patch for LibreSSL support |
9 |
|
10 |
Probably won't work with <dev-libs/libressl-2.7.0 (if it ever worked). |
11 |
|
12 |
Closes: https://bugs.gentoo.org/656420 |
13 |
Package-Manager: Portage-2.3.62, Repoman-2.3.12 |
14 |
Signed-off-by: Stefan Strogin <stefan.strogin <AT> gmail.com> |
15 |
Closes: https://github.com/gentoo/gentoo/pull/11164 |
16 |
Signed-off-by: Aaron Bauman <bman <AT> gentoo.org> |
17 |
|
18 |
net-misc/stunnel/files/stunnel-5.50-libressl.patch | 228 +++++++++++++++++++++ |
19 |
...{stunnel-5.50.ebuild => stunnel-5.50-r1.ebuild} | 6 +- |
20 |
2 files changed, 231 insertions(+), 3 deletions(-) |
21 |
|
22 |
diff --git a/net-misc/stunnel/files/stunnel-5.50-libressl.patch b/net-misc/stunnel/files/stunnel-5.50-libressl.patch |
23 |
new file mode 100644 |
24 |
index 00000000000..4481220c268 |
25 |
--- /dev/null |
26 |
+++ b/net-misc/stunnel/files/stunnel-5.50-libressl.patch |
27 |
@@ -0,0 +1,228 @@ |
28 |
+diff --git a/src/ctx.c b/src/ctx.c |
29 |
+index cd59f4e..b41be1b 100644 |
30 |
+--- a/src/ctx.c |
31 |
++++ b/src/ctx.c |
32 |
+@@ -118,7 +118,7 @@ NOEXPORT void sslerror_log(unsigned long, char *); |
33 |
+ |
34 |
+ /**************************************** initialize section->ctx */ |
35 |
+ |
36 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
37 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
38 |
+ typedef long unsigned SSL_OPTIONS_TYPE; |
39 |
+ #else |
40 |
+ typedef long SSL_OPTIONS_TYPE; |
41 |
+@@ -126,7 +126,7 @@ typedef long SSL_OPTIONS_TYPE; |
42 |
+ |
43 |
+ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ |
44 |
+ /* create TLS context */ |
45 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
46 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
47 |
+ if(section->option.client) |
48 |
+ section->ctx=SSL_CTX_new(TLS_client_method()); |
49 |
+ else /* server mode */ |
50 |
+@@ -437,7 +437,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) { |
51 |
+ /**************************************** initialize OpenSSL CONF */ |
52 |
+ |
53 |
+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) { |
54 |
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L |
55 |
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) |
56 |
+ SSL_CONF_CTX *cctx; |
57 |
+ NAME_LIST *curr; |
58 |
+ char *cmd, *param; |
59 |
+@@ -1247,7 +1247,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where, int ret) { |
60 |
+ |
61 |
+ c=SSL_get_ex_data((SSL *)ssl, index_ssl_cli); |
62 |
+ if(c) { |
63 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
64 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
65 |
+ OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl); |
66 |
+ #else |
67 |
+ int state=SSL_get_state((SSL *)ssl); |
68 |
+diff --git a/src/options.c b/src/options.c |
69 |
+index 103ea6c..756e48c 100644 |
70 |
+--- a/src/options.c |
71 |
++++ b/src/options.c |
72 |
+@@ -75,7 +75,7 @@ NOEXPORT char *sni_init(SERVICE_OPTIONS *); |
73 |
+ NOEXPORT void sni_free(SERVICE_OPTIONS *); |
74 |
+ #endif /* !defined(OPENSSL_NO_TLSEXT) */ |
75 |
+ |
76 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
77 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
78 |
+ NOEXPORT int str_to_proto_version(const char *); |
79 |
+ #else /* OPENSSL_VERSION_NUMBER<0x10100000L */ |
80 |
+ NOEXPORT char *tls_methods_set(SERVICE_OPTIONS *, const char *); |
81 |
+@@ -3048,7 +3048,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr, |
82 |
+ break; |
83 |
+ } |
84 |
+ |
85 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
86 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
87 |
+ |
88 |
+ /* sslVersion */ |
89 |
+ switch(cmd) { |
90 |
+@@ -3621,7 +3621,7 @@ NOEXPORT void sni_free(SERVICE_OPTIONS *section) { |
91 |
+ |
92 |
+ /**************************************** modern TLS version handling */ |
93 |
+ |
94 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
95 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
96 |
+ |
97 |
+ NOEXPORT int str_to_proto_version(const char *name) { |
98 |
+ if(!strcasecmp(name, "all")) |
99 |
+diff --git a/src/prototypes.h b/src/prototypes.h |
100 |
+index aaf50fc..01343bf 100644 |
101 |
+--- a/src/prototypes.h |
102 |
++++ b/src/prototypes.h |
103 |
+@@ -223,7 +223,7 @@ typedef struct service_options_struct { |
104 |
+ #if OPENSSL_VERSION_NUMBER>=0x009080dfL |
105 |
+ long unsigned ssl_options_clear; |
106 |
+ #endif /* OpenSSL 0.9.8m or later */ |
107 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
108 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
109 |
+ int min_proto_version, max_proto_version; |
110 |
+ #else /* OPENSSL_VERSION_NUMBER<0x10100000L */ |
111 |
+ SSL_METHOD *client_method, *server_method; |
112 |
+@@ -663,7 +663,7 @@ int getnameinfo(const struct sockaddr *, socklen_t, |
113 |
+ #define USE_OS_THREADS |
114 |
+ #endif |
115 |
+ |
116 |
+-#if OPENSSL_VERSION_NUMBER<0x10100004L |
117 |
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) |
118 |
+ |
119 |
+ #ifdef USE_OS_THREADS |
120 |
+ |
121 |
+@@ -711,7 +711,7 @@ typedef enum { |
122 |
+ |
123 |
+ extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS]; |
124 |
+ |
125 |
+-#if OPENSSL_VERSION_NUMBER<0x10100004L |
126 |
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) |
127 |
+ /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */ |
128 |
+ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); |
129 |
+ int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *); |
130 |
+diff --git a/src/ssl.c b/src/ssl.c |
131 |
+index ad06cb5..0b45769 100644 |
132 |
+--- a/src/ssl.c |
133 |
++++ b/src/ssl.c |
134 |
+@@ -39,7 +39,7 @@ |
135 |
+ #include "prototypes.h" |
136 |
+ |
137 |
+ /* global OpenSSL initialization: compression, engine, entropy */ |
138 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
139 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
140 |
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, |
141 |
+ void *from_d, int idx, long argl, void *argp); |
142 |
+ #else |
143 |
+@@ -114,7 +114,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { |
144 |
+ #endif |
145 |
+ #endif |
146 |
+ |
147 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
148 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
149 |
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, |
150 |
+ void *from_d, int idx, long argl, void *argp) { |
151 |
+ #else |
152 |
+@@ -177,7 +177,7 @@ int ssl_configure(GLOBAL_OPTIONS *global) { /* configure global TLS settings */ |
153 |
+ |
154 |
+ #ifndef OPENSSL_NO_COMP |
155 |
+ |
156 |
+-#if OPENSSL_VERSION_NUMBER<0x10100000L |
157 |
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
158 |
+ |
159 |
+ NOEXPORT int COMP_get_type(const COMP_METHOD *meth) { |
160 |
+ return meth->type; |
161 |
+diff --git a/src/sthreads.c b/src/sthreads.c |
162 |
+index 412a31a..e12a330 100644 |
163 |
+--- a/src/sthreads.c |
164 |
++++ b/src/sthreads.c |
165 |
+@@ -97,14 +97,16 @@ unsigned long stunnel_thread_id(void) { |
166 |
+ |
167 |
+ #endif /* USE_WIN32 */ |
168 |
+ |
169 |
+-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L |
170 |
++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L) || \ |
171 |
++ defined(LIBRESSL_VERSION_NUMBER) |
172 |
+ NOEXPORT void threadid_func(CRYPTO_THREADID *tid) { |
173 |
+ CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id()); |
174 |
+ } |
175 |
+ #endif |
176 |
+ |
177 |
+ void thread_id_init(void) { |
178 |
+-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L |
179 |
++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L) || \ |
180 |
++ defined(LIBRESSL_VERSION_NUMBER) |
181 |
+ CRYPTO_THREADID_set_callback(threadid_func); |
182 |
+ #endif |
183 |
+ #if OPENSSL_VERSION_NUMBER<0x10000000L || !defined(OPENSSL_NO_DEPRECATED) |
184 |
+@@ -115,7 +117,7 @@ void thread_id_init(void) { |
185 |
+ /**************************************** locking */ |
186 |
+ |
187 |
+ /* we only need to initialize locking with OpenSSL older than 1.1.0 */ |
188 |
+-#if OPENSSL_VERSION_NUMBER<0x10100004L |
189 |
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) |
190 |
+ |
191 |
+ #ifdef USE_PTHREAD |
192 |
+ |
193 |
+@@ -224,7 +226,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO_RWLOCK *lock) { |
194 |
+ |
195 |
+ CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS]; |
196 |
+ |
197 |
+-#if OPENSSL_VERSION_NUMBER<0x10100004L |
198 |
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) |
199 |
+ |
200 |
+ #ifdef USE_OS_THREADS |
201 |
+ |
202 |
+@@ -334,7 +336,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) { |
203 |
+ |
204 |
+ void locking_init(void) { |
205 |
+ size_t i; |
206 |
+-#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L |
207 |
++#if defined(USE_OS_THREADS) && \ |
208 |
++ (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)) |
209 |
+ size_t num; |
210 |
+ |
211 |
+ /* initialize the OpenSSL static locking */ |
212 |
+diff --git a/src/tls.c b/src/tls.c |
213 |
+index 9616df3..b89c61e 100644 |
214 |
+--- a/src/tls.c |
215 |
++++ b/src/tls.c |
216 |
+@@ -41,7 +41,7 @@ |
217 |
+ volatile int tls_initialized=0; |
218 |
+ |
219 |
+ NOEXPORT void tls_platform_init(); |
220 |
+-#if OPENSSL_VERSION_NUMBER<0x10100000L |
221 |
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
222 |
+ NOEXPORT void free_function(void *); |
223 |
+ #endif |
224 |
+ |
225 |
+@@ -52,7 +52,7 @@ void tls_init() { |
226 |
+ tls_platform_init(); |
227 |
+ tls_initialized=1; |
228 |
+ ui_tls=tls_alloc(NULL, NULL, "ui"); |
229 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
230 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
231 |
+ CRYPTO_set_mem_functions(str_alloc_detached_debug, |
232 |
+ str_realloc_detached_debug, str_free_debug); |
233 |
+ #else |
234 |
+@@ -184,7 +184,7 @@ TLS_DATA *tls_get() { |
235 |
+ |
236 |
+ /**************************************** OpenSSL allocator hook */ |
237 |
+ |
238 |
+-#if OPENSSL_VERSION_NUMBER<0x10100000L |
239 |
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
240 |
+ NOEXPORT void free_function(void *ptr) { |
241 |
+ /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */ |
242 |
+ /* unfortunately, OpenSSL provides no file:line information here */ |
243 |
+diff --git a/src/verify.c b/src/verify.c |
244 |
+index b4b5115..0457ce0 100644 |
245 |
+--- a/src/verify.c |
246 |
++++ b/src/verify.c |
247 |
+@@ -346,7 +346,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) { |
248 |
+ cert=X509_STORE_CTX_get_current_cert(callback_ctx); |
249 |
+ subject=X509_get_subject_name(cert); |
250 |
+ |
251 |
+-#if OPENSSL_VERSION_NUMBER<0x10100006L |
252 |
++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) |
253 |
+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs |
254 |
+ #endif |
255 |
+ /* modern API allows retrieving multiple matching certificates */ |
256 |
|
257 |
diff --git a/net-misc/stunnel/stunnel-5.50.ebuild b/net-misc/stunnel/stunnel-5.50-r1.ebuild |
258 |
similarity index 96% |
259 |
rename from net-misc/stunnel/stunnel-5.50.ebuild |
260 |
rename to net-misc/stunnel/stunnel-5.50-r1.ebuild |
261 |
index 428e58d9d2b..c2c51a0ff50 100644 |
262 |
--- a/net-misc/stunnel/stunnel-5.50.ebuild |
263 |
+++ b/net-misc/stunnel/stunnel-5.50-r1.ebuild |
264 |
@@ -1,4 +1,4 @@ |
265 |
-# Copyright 1999-2018 Gentoo Authors |
266 |
+# Copyright 1999-2019 Gentoo Authors |
267 |
# Distributed under the terms of the GNU General Public License v2 |
268 |
|
269 |
EAPI="6" |
270 |
@@ -39,8 +39,8 @@ src_prepare() { |
271 |
sed -i -e "s/^install-data-local:/do-not-run-this:/" \ |
272 |
tools/Makefile.in || die "sed failed" |
273 |
|
274 |
- # libressl compat |
275 |
- eapply "${FILESDIR}"/${PN}-5.48-compat-libressl.patch |
276 |
+ # bug 656420 |
277 |
+ eapply "${FILESDIR}"/${P}-libressl.patch |
278 |
|
279 |
echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel |