snailed
/
void-packages
2
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

stunnel: fix libressl-2.7

This commit is contained in:
Enno Boland 2018-04-23 16:08:02 +02:00
parent 9d126edde7
commit c93d8f356b
No known key found for this signature in database
GPG Key ID: D09964719BDE9971
10 changed files with 68 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
srcpkgs/stunnel/patches/patch-src_ctx_c.patch Normal file
View File

@ -0,0 +1,41 @@
$OpenBSD: patch-src_ctx_c,v 1.7 2018/02/23 10:26:56 sthen Exp $
Index: src/ctx.c
--- src/ctx.c.orig
+++ src/ctx.c
@@ -93,7 +93,7 @@ NOEXPORT int ui_retry();
/* session callbacks */
NOEXPORT int sess_new_cb(SSL *, SSL_SESSION *);
NOEXPORT SSL_SESSION *sess_get_cb(SSL *,
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
const
#endif
unsigned char *, int, int *);
@@ -295,7 +295,8 @@ NOEXPORT int matches_wildcard(char *servername, char *
#ifndef OPENSSL_NO_DH
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || \
+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
return ctx->cipher_list;
}
@@ -398,7 +399,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
/**************************************** initialize OpenSSL CONF */
NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
SSL_CONF_CTX *cctx;
NAME_LIST *curr;
char *cmd, *param;
@@ -907,7 +908,7 @@ NOEXPORT int sess_new_cb(SSL *ssl, SSL_SESSION *sess)
}
NOEXPORT SSL_SESSION *sess_get_cb(SSL *ssl,
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
const
#endif
unsigned char *key, int key_len, int *do_copy) {

13
srcpkgs/stunnel/patches/patch-src_ssl_c.patch Normal file
View File

@ -0,0 +1,13 @@
$OpenBSD: patch-src_ssl_c,v 1.8 2018/04/14 09:05:14 tb Exp $
Index: src/ssl.c
--- src/ssl.c.orig
+++ src/ssl.c
@@ -51,7 +51,7 @@ int index_ssl_cli, index_ssl_ctx_opt;
int index_session_authenticated, index_session_connect_address;
int ssl_init(void) { /* init TLS before parsing configuration file */
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_LOAD_CONFIG, NULL);
#else

13
srcpkgs/stunnel/patches/patch-src_verify_c.patch Normal file
View File

@ -0,0 +1,13 @@
$OpenBSD: patch-src_verify_c,v 1.6 2017/09/12 16:15:24 gsoares Exp $
Index: src/verify.c
--- src/verify.c.orig
+++ src/verify.c
@@ -353,7 +353,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback
cert=X509_STORE_CTX_get_current_cert(callback_ctx);
subject=X509_get_subject_name(cert);
-#if OPENSSL_VERSION_NUMBER<0x10100006L
+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
#define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
#endif
/* modern API allows retrieving multiple matching certificates */

11
srcpkgs/stunnel/patches/stunnel-3.40.patch
View File

@ -1,11 +0,0 @@
--- src/ctx.c.orig 2017-01-19 03:51:32.000000000 -0500
+++ src/ctx.c 2017-01-28 22:07:17.978178595 -0500
@@ -287,7 +287,7 @@
#ifndef OPENSSL_NO_DH
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
return ctx->cipher_list;
}

11
srcpkgs/stunnel/patches/stunnel-5.39.patch
View File

@ -1,11 +0,0 @@
--- src/ssl.c.orig 2017-01-25 00:19:22.320035678 -0500
+++ src/ssl.c 2017-01-25 00:19:26.536104001 -0500
@@ -50,7 +50,7 @@
int index_cli, index_opt, index_redirect, index_addr;
int ssl_init(void) { /* init TLS before parsing configuration file */
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
#else

11
srcpkgs/stunnel/patches/stunnel-5.43.patch
View File

@ -1,11 +0,0 @@
--- src/options.c
+++ src/options.c
@@ -3656,7 +3656,7 @@ NOEXPORT char *engine_init(void) {
}
#endif
/* engines can add new algorithms */
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS|
OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
#else

29
srcpkgs/stunnel/patches/stunnel-CRYPTO_set_mem_functions.patch
View File

@ -1,29 +0,0 @@
--- src/tls.c 2016-12-09 06:15:59.000000000 -0500
+++ src/tls.c.new 2017-01-25 01:11:44.264271049 -0500
@@ -41,7 +41,7 @@
volatile int tls_initialized=0;
NOEXPORT void tls_platform_init();
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
NOEXPORT void free_function(void *);
#endif
@@ -52,7 +52,7 @@
tls_platform_init();
tls_initialized=1;
ui_tls=tls_alloc(NULL, NULL, "ui");
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
CRYPTO_set_mem_functions(str_alloc_detached_debug,
str_realloc_detached_debug, str_free_debug);
#else
@@ -184,7 +184,7 @@
/**************************************** OpenSSL allocator hook */
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
NOEXPORT void free_function(void *ptr) {
/* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */
/* unfortunately, OpenSSL provides no file:line information here */

49
srcpkgs/stunnel/patches/stunnel-libressl.patch
View File

@ -1,49 +0,0 @@
--- src/verify.c 2015-11-26 13:32:51.458101892 +0100
+++ src/verify.c 2015-11-26 13:37:51.442682192 +0100
@@ -51,7 +51,7 @@
NOEXPORT int verify_callback(int, X509_STORE_CTX *);
NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
NOEXPORT int cert_check_local(X509_STORE_CTX *);
@@ -280,7 +280,7 @@
}
if(depth==0) { /* additional peer certificate checks */
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
if(!cert_check_subject(c, callback_ctx))
return 0; /* reject */
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
@@ -291,7 +291,7 @@
return 1; /* accept */
}
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
NAME_LIST *ptr;
--- src/options.c 2015-11-26 13:32:51.457101897 +0100
+++ src/options.c 2015-11-26 13:39:04.422336822 +0100
@@ -1261,7 +1261,7 @@
break;
}
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
/* checkEmail */
switch(cmd) {
@@ -1398,7 +1398,7 @@
break;
}
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
/* config */
switch(cmd) {

96
srcpkgs/stunnel/patches/stunnel-openbsd.patch
View File

@ -1,96 +0,0 @@
$OpenBSD: patch-src_verify_c,v 1.5 2016/11/10 10:10:50 gsoares Exp $
--- src/verify.c.orig 2017-04-04 20:02:57.168123782 -0400
+++ src/verify.c 2017-04-04 20:51:08.931284080 -0400
@@ -352,7 +352,7 @@
cert=X509_STORE_CTX_get_current_cert(callback_ctx);
subject=X509_get_subject_name(cert);
-#if OPENSSL_VERSION_NUMBER<0x10100006L
+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
#define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
#endif
/* modern API allows retrieving multiple matching certificates */
$OpenBSD: patch-src_sthreads_c,v 1.2 2016/11/10 10:10:50 gsoares Exp $
--- src/sthreads.c.orig Sat Oct 29 05:25:37 2016
+++ src/sthreads.c Wed Nov 9 20:22:39 2016
@@ -47,7 +47,7 @@
STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
#endif
-#if OPENSSL_VERSION_NUMBER<0x10100004L
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
#define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid()
#endif
$OpenBSD: patch-src_ssl_c,v 1.4 2016/11/09 23:14:31 gsoares Exp $
--- src/ssl.c.orig Fri Aug 5 06:39:57 2016
+++ src/ssl.c Thu Nov 3 23:50:50 2016
@@ -83,7 +83,7 @@ int ssl_init(void) { /* init SSL before parsing config
}
#ifndef OPENSSL_NO_DH
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/* this is needed for dhparam.c generated with OpenSSL >= 1.1.0
* to be linked against the older versions */
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
$OpenBSD: patch-src_prototypes_h,v 1.2 2016/11/10 10:10:50 gsoares Exp $
--- src/options.c.orig Fri Aug 5 06:39:57 2016
+++ src/options.c Thu Nov 3 23:13:15 2016
@@ -2617,7 +2617,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_O
/* sslVersion */
switch(cmd) {
case CMD_BEGIN:
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
section->client_method=(SSL_METHOD *)TLS_client_method();
section->server_method=(SSL_METHOD *)TLS_server_method();
#else
@@ -2629,7 +2629,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_O
if(strcasecmp(opt, "sslVersion"))
break;
if(!strcasecmp(arg, "all")) {
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
section->client_method=(SSL_METHOD *)TLS_client_method();
section->server_method=(SSL_METHOD *)TLS_server_method();
#else
$OpenBSD: patch-src_ctx_c,v 1.4 2016/11/09 23:14:31 gsoares Exp $
--- src/ctx.c.orig Tue Jun 21 12:06:14 2016
+++ src/ctx.c Thu Nov 3 23:13:15 2016
@@ -366,7 +366,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
/**************************************** initialize OpenSSL CONF */
NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
SSL_CONF_CTX *cctx;
NAME_LIST *curr;
char *cmd, *param;
$OpenBSD: patch-src_common_h,v 1.1 2016/11/09 23:14:31 gsoares Exp $
--- src/common.h.orig Mon Jun 27 04:29:32 2016
+++ src/common.h Thu Nov 3 23:57:29 2016
@@ -448,7 +448,7 @@ extern char *sys_errlist[];
#define OPENSSL_NO_TLS1_2
#endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
#ifndef OPENSSL_NO_SSL2
#define OPENSSL_NO_SSL2
#endif /* !defined(OPENSSL_NO_SSL2) */
@@ -474,7 +474,7 @@ extern char *sys_errlist[];
#include <openssl/des.h>
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
#endif /* OpenSSL older than 1.1.0 */
#endif /* !defined(OPENSSL_NO_DH) */

2
srcpkgs/stunnel/template
View File

@ -1,7 +1,7 @@
# Template file for 'stunnel'
pkgname=stunnel
version=5.44
revision=2
revision=3
build_style=gnu-configure
configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr"
hostmakedepends="perl"