From c93d8f356b0bb3e709ea1b8a4eaa33739401fda1 Mon Sep 17 00:00:00 2001 From: Enno Boland Date: Mon, 23 Apr 2018 16:08:02 +0200 Subject: [PATCH] stunnel: fix libressl-2.7 --- srcpkgs/stunnel/patches/patch-src_ctx_c.patch | 41 ++++++++ srcpkgs/stunnel/patches/patch-src_ssl_c.patch | 13 +++ .../stunnel/patches/patch-src_verify_c.patch | 13 +++ srcpkgs/stunnel/patches/stunnel-3.40.patch | 11 --- srcpkgs/stunnel/patches/stunnel-5.39.patch | 11 --- srcpkgs/stunnel/patches/stunnel-5.43.patch | 11 --- .../stunnel-CRYPTO_set_mem_functions.patch | 29 ------ .../stunnel/patches/stunnel-libressl.patch | 49 ---------- srcpkgs/stunnel/patches/stunnel-openbsd.patch | 96 ------------------- srcpkgs/stunnel/template | 2 +- 10 files changed, 68 insertions(+), 208 deletions(-) create mode 100644 srcpkgs/stunnel/patches/patch-src_ctx_c.patch create mode 100644 srcpkgs/stunnel/patches/patch-src_ssl_c.patch create mode 100644 srcpkgs/stunnel/patches/patch-src_verify_c.patch delete mode 100644 srcpkgs/stunnel/patches/stunnel-3.40.patch delete mode 100644 srcpkgs/stunnel/patches/stunnel-5.39.patch delete mode 100644 srcpkgs/stunnel/patches/stunnel-5.43.patch delete mode 100644 srcpkgs/stunnel/patches/stunnel-CRYPTO_set_mem_functions.patch delete mode 100644 srcpkgs/stunnel/patches/stunnel-libressl.patch delete mode 100644 srcpkgs/stunnel/patches/stunnel-openbsd.patch diff --git a/srcpkgs/stunnel/patches/patch-src_ctx_c.patch b/srcpkgs/stunnel/patches/patch-src_ctx_c.patch new file mode 100644 index 00000000000..2fdcdbacca1 --- /dev/null +++ b/srcpkgs/stunnel/patches/patch-src_ctx_c.patch @@ -0,0 +1,41 @@ +$OpenBSD: patch-src_ctx_c,v 1.7 2018/02/23 10:26:56 sthen Exp $ +Index: src/ctx.c +--- src/ctx.c.orig ++++ src/ctx.c +@@ -93,7 +93,7 @@ NOEXPORT int ui_retry(); + /* session callbacks */ + NOEXPORT int sess_new_cb(SSL *, SSL_SESSION *); + NOEXPORT SSL_SESSION *sess_get_cb(SSL *, +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + const + #endif + unsigned char *, int, int *); +@@ -295,7 +295,8 @@ NOEXPORT int matches_wildcard(char *servername, char * + + #ifndef OPENSSL_NO_DH + +-#if OPENSSL_VERSION_NUMBER<0x10100000L ++#if OPENSSL_VERSION_NUMBER<0x10100000L || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) + NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) { + return ctx->cipher_list; + } +@@ -398,7 +399,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) { + /**************************************** initialize OpenSSL CONF */ + + NOEXPORT int conf_init(SERVICE_OPTIONS *section) { +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + SSL_CONF_CTX *cctx; + NAME_LIST *curr; + char *cmd, *param; +@@ -907,7 +908,7 @@ NOEXPORT int sess_new_cb(SSL *ssl, SSL_SESSION *sess) + } + + NOEXPORT SSL_SESSION *sess_get_cb(SSL *ssl, +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + const + #endif + unsigned char *key, int key_len, int *do_copy) { diff --git a/srcpkgs/stunnel/patches/patch-src_ssl_c.patch b/srcpkgs/stunnel/patches/patch-src_ssl_c.patch new file mode 100644 index 00000000000..a2ca0c16c77 --- /dev/null +++ b/srcpkgs/stunnel/patches/patch-src_ssl_c.patch @@ -0,0 +1,13 @@ +$OpenBSD: patch-src_ssl_c,v 1.8 2018/04/14 09:05:14 tb Exp $ +Index: src/ssl.c +--- src/ssl.c.orig ++++ src/ssl.c +@@ -51,7 +51,7 @@ int index_ssl_cli, index_ssl_ctx_opt; + int index_session_authenticated, index_session_connect_address; + + int ssl_init(void) { /* init TLS before parsing configuration file */ +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | + OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_LOAD_CONFIG, NULL); + #else diff --git a/srcpkgs/stunnel/patches/patch-src_verify_c.patch b/srcpkgs/stunnel/patches/patch-src_verify_c.patch new file mode 100644 index 00000000000..f4ee8c595dc --- /dev/null +++ b/srcpkgs/stunnel/patches/patch-src_verify_c.patch @@ -0,0 +1,13 @@ +$OpenBSD: patch-src_verify_c,v 1.6 2017/09/12 16:15:24 gsoares Exp $ +Index: src/verify.c +--- src/verify.c.orig ++++ src/verify.c +@@ -353,7 +353,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback + cert=X509_STORE_CTX_get_current_cert(callback_ctx); + subject=X509_get_subject_name(cert); + +-#if OPENSSL_VERSION_NUMBER<0x10100006L ++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) + #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs + #endif + /* modern API allows retrieving multiple matching certificates */ diff --git a/srcpkgs/stunnel/patches/stunnel-3.40.patch b/srcpkgs/stunnel/patches/stunnel-3.40.patch deleted file mode 100644 index f24010cac14..00000000000 --- a/srcpkgs/stunnel/patches/stunnel-3.40.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- src/ctx.c.orig 2017-01-19 03:51:32.000000000 -0500 -+++ src/ctx.c 2017-01-28 22:07:17.978178595 -0500 -@@ -287,7 +287,7 @@ - - #ifndef OPENSSL_NO_DH - --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) { - return ctx->cipher_list; - } diff --git a/srcpkgs/stunnel/patches/stunnel-5.39.patch b/srcpkgs/stunnel/patches/stunnel-5.39.patch deleted file mode 100644 index d93fccb9eb9..00000000000 --- a/srcpkgs/stunnel/patches/stunnel-5.39.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- src/ssl.c.orig 2017-01-25 00:19:22.320035678 -0500 -+++ src/ssl.c 2017-01-25 00:19:26.536104001 -0500 -@@ -50,7 +50,7 @@ - int index_cli, index_opt, index_redirect, index_addr; - - int ssl_init(void) { /* init TLS before parsing configuration file */ --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | - OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); - #else diff --git a/srcpkgs/stunnel/patches/stunnel-5.43.patch b/srcpkgs/stunnel/patches/stunnel-5.43.patch deleted file mode 100644 index 1f9ba7c1c17..00000000000 --- a/srcpkgs/stunnel/patches/stunnel-5.43.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- src/options.c -+++ src/options.c -@@ -3656,7 +3656,7 @@ NOEXPORT char *engine_init(void) { - } - #endif - /* engines can add new algorithms */ --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS| - OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); - #else diff --git a/srcpkgs/stunnel/patches/stunnel-CRYPTO_set_mem_functions.patch b/srcpkgs/stunnel/patches/stunnel-CRYPTO_set_mem_functions.patch deleted file mode 100644 index 8959e513f42..00000000000 --- a/srcpkgs/stunnel/patches/stunnel-CRYPTO_set_mem_functions.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- src/tls.c 2016-12-09 06:15:59.000000000 -0500 -+++ src/tls.c.new 2017-01-25 01:11:44.264271049 -0500 -@@ -41,7 +41,7 @@ - volatile int tls_initialized=0; - - NOEXPORT void tls_platform_init(); --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT void free_function(void *); - #endif - -@@ -52,7 +52,7 @@ - tls_platform_init(); - tls_initialized=1; - ui_tls=tls_alloc(NULL, NULL, "ui"); --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - CRYPTO_set_mem_functions(str_alloc_detached_debug, - str_realloc_detached_debug, str_free_debug); - #else -@@ -184,7 +184,7 @@ - - /**************************************** OpenSSL allocator hook */ - --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT void free_function(void *ptr) { - /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */ - /* unfortunately, OpenSSL provides no file:line information here */ diff --git a/srcpkgs/stunnel/patches/stunnel-libressl.patch b/srcpkgs/stunnel/patches/stunnel-libressl.patch deleted file mode 100644 index 7fdda8f7386..00000000000 --- a/srcpkgs/stunnel/patches/stunnel-libressl.patch +++ /dev/null @@ -1,49 +0,0 @@ ---- src/verify.c 2015-11-26 13:32:51.458101892 +0100 -+++ src/verify.c 2015-11-26 13:37:51.442682192 +0100 -@@ -51,7 +51,7 @@ - NOEXPORT int verify_callback(int, X509_STORE_CTX *); - NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *); - NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int); --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *); - #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ - NOEXPORT int cert_check_local(X509_STORE_CTX *); -@@ -280,7 +280,7 @@ - } - - if(depth==0) { /* additional peer certificate checks */ --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - if(!cert_check_subject(c, callback_ctx)) - return 0; /* reject */ - #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ -@@ -291,7 +291,7 @@ - return 1; /* accept */ - } - --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) { - X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx); - NAME_LIST *ptr; ---- src/options.c 2015-11-26 13:32:51.457101897 +0100 -+++ src/options.c 2015-11-26 13:39:04.422336822 +0100 -@@ -1261,7 +1261,7 @@ - break; - } - --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - - /* checkEmail */ - switch(cmd) { -@@ -1398,7 +1398,7 @@ - break; - } - --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - - /* config */ - switch(cmd) { diff --git a/srcpkgs/stunnel/patches/stunnel-openbsd.patch b/srcpkgs/stunnel/patches/stunnel-openbsd.patch deleted file mode 100644 index 9ee8a9271a1..00000000000 --- a/srcpkgs/stunnel/patches/stunnel-openbsd.patch +++ /dev/null @@ -1,96 +0,0 @@ -$OpenBSD: patch-src_verify_c,v 1.5 2016/11/10 10:10:50 gsoares Exp $ ---- src/verify.c.orig 2017-04-04 20:02:57.168123782 -0400 -+++ src/verify.c 2017-04-04 20:51:08.931284080 -0400 -@@ -352,7 +352,7 @@ - cert=X509_STORE_CTX_get_current_cert(callback_ctx); - subject=X509_get_subject_name(cert); - --#if OPENSSL_VERSION_NUMBER<0x10100006L -+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) - #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs - #endif - /* modern API allows retrieving multiple matching certificates */ - -$OpenBSD: patch-src_sthreads_c,v 1.2 2016/11/10 10:10:50 gsoares Exp $ ---- src/sthreads.c.orig Sat Oct 29 05:25:37 2016 -+++ src/sthreads.c Wed Nov 9 20:22:39 2016 -@@ -47,7 +47,7 @@ - STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS]; - #endif - --#if OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid() - #endif - - -$OpenBSD: patch-src_ssl_c,v 1.4 2016/11/09 23:14:31 gsoares Exp $ ---- src/ssl.c.orig Fri Aug 5 06:39:57 2016 -+++ src/ssl.c Thu Nov 3 23:50:50 2016 -@@ -83,7 +83,7 @@ int ssl_init(void) { /* init SSL before parsing config - } - - #ifndef OPENSSL_NO_DH --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0 - * to be linked against the older versions */ - int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { - -$OpenBSD: patch-src_prototypes_h,v 1.2 2016/11/10 10:10:50 gsoares Exp $ ---- src/options.c.orig Fri Aug 5 06:39:57 2016 -+++ src/options.c Thu Nov 3 23:13:15 2016 -@@ -2617,7 +2617,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_O - /* sslVersion */ - switch(cmd) { - case CMD_BEGIN: --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - section->client_method=(SSL_METHOD *)TLS_client_method(); - section->server_method=(SSL_METHOD *)TLS_server_method(); - #else -@@ -2629,7 +2629,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_O - if(strcasecmp(opt, "sslVersion")) - break; - if(!strcasecmp(arg, "all")) { --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - section->client_method=(SSL_METHOD *)TLS_client_method(); - section->server_method=(SSL_METHOD *)TLS_server_method(); - #else - -$OpenBSD: patch-src_ctx_c,v 1.4 2016/11/09 23:14:31 gsoares Exp $ ---- src/ctx.c.orig Tue Jun 21 12:06:14 2016 -+++ src/ctx.c Thu Nov 3 23:13:15 2016 -@@ -366,7 +366,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) { - /**************************************** initialize OpenSSL CONF */ - - NOEXPORT int conf_init(SERVICE_OPTIONS *section) { --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - SSL_CONF_CTX *cctx; - NAME_LIST *curr; - char *cmd, *param; - -$OpenBSD: patch-src_common_h,v 1.1 2016/11/09 23:14:31 gsoares Exp $ ---- src/common.h.orig Mon Jun 27 04:29:32 2016 -+++ src/common.h Thu Nov 3 23:57:29 2016 -@@ -448,7 +448,7 @@ extern char *sys_errlist[]; - #define OPENSSL_NO_TLS1_2 - #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */ - --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - #ifndef OPENSSL_NO_SSL2 - #define OPENSSL_NO_SSL2 - #endif /* !defined(OPENSSL_NO_SSL2) */ -@@ -474,7 +474,7 @@ extern char *sys_errlist[]; - #include - #ifndef OPENSSL_NO_DH - #include --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); - #endif /* OpenSSL older than 1.1.0 */ - #endif /* !defined(OPENSSL_NO_DH) */ - diff --git a/srcpkgs/stunnel/template b/srcpkgs/stunnel/template index 51865a5362a..848d0a58007 100644 --- a/srcpkgs/stunnel/template +++ b/srcpkgs/stunnel/template @@ -1,7 +1,7 @@ # Template file for 'stunnel' pkgname=stunnel version=5.44 -revision=2 +revision=3 build_style=gnu-configure configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr" hostmakedepends="perl"