aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSergey Safarov <s.safarov@gmail.com>2017-07-28 07:50:03 +0000
committerJakub Jirutka <jakub@jirutka.cz>2017-07-28 23:20:00 +0200
commit29b8e946b311e0f2712874bb73891477f8a74eaf (patch)
tree2d76847ef6674f5d4ca5f146731effc41ca764fd
parent74812a3edc3b97ac8458b998d85e6208f54bd490 (diff)
downloadaports-29b8e946b311e0f2712874bb73891477f8a74eaf.tar.bz2
aports-29b8e946b311e0f2712874bb73891477f8a74eaf.tar.xz
main/kamailio: backport TLS mod patches for LibreSSL from OpenBSD
-rw-r--r--main/kamailio/0003-src_modules_tls_tls_init_c.patch111
-rw-r--r--main/kamailio/0004-src_core_tcp_read_c.patch20
-rw-r--r--main/kamailio/APKBUILD6
3 files changed, 136 insertions, 1 deletions
diff --git a/main/kamailio/0003-src_modules_tls_tls_init_c.patch b/main/kamailio/0003-src_modules_tls_tls_init_c.patch
new file mode 100644
index 0000000000..485b01a6bb
--- /dev/null
+++ b/main/kamailio/0003-src_modules_tls_tls_init_c.patch
@@ -0,0 +1,111 @@
+$OpenBSD: patch-src_modules_tls_tls_init_c,v 1.1 2017/07/03 22:14:20 sthen Exp $
+
+Index: a/src/modules/tls/tls_init.c
+--- a/src/modules/tls/tls_init.c
++++ b/src/modules/tls/tls_init.c
+@@ -139,7 +139,7 @@ const SSL_METHOD* ssl_methods[TLS_METHOD_MAX];
+ */
+
+
+-
++#ifndef LIBRESSL_VERSION_NUMBER
+ inline static char* buf_append(char* buf, char* end, char* str, int str_len)
+ {
+ if ( (buf+str_len)<end){
+@@ -317,6 +317,7 @@ static void ser_free(void *ptr, const char *fname, int
+ }
+ #endif
+
++#endif /* LIBRESSL_VERSION_NUMBER */
+
+ /*
+ * Initialize TLS socket
+@@ -360,7 +361,7 @@ static void init_ssl_methods(void)
+ ssl_methods[TLS_USE_SSLv23 - 1] = SSLv23_method();
+
+ /* only specific SSL or TLS version */
+-#if OPENSSL_VERSION_NUMBER < 0x010100000L
++#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #ifndef OPENSSL_NO_SSL2
+ ssl_methods[TLS_USE_SSLv2_cli - 1] = SSLv2_client_method();
+ ssl_methods[TLS_USE_SSLv2_srv - 1] = SSLv2_server_method();
+@@ -378,13 +379,13 @@ static void init_ssl_methods(void)
+ ssl_methods[TLS_USE_TLSv1_srv - 1] = TLSv1_server_method();
+ ssl_methods[TLS_USE_TLSv1 - 1] = TLSv1_method();
+
+-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
++#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(LIBRESSL_VERSION_NUMBER)
+ ssl_methods[TLS_USE_TLSv1_1_cli - 1] = TLSv1_1_client_method();
+ ssl_methods[TLS_USE_TLSv1_1_srv - 1] = TLSv1_1_server_method();
+ ssl_methods[TLS_USE_TLSv1_1 - 1] = TLSv1_1_method();
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER >= 0x1000105fL
++#if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(LIBRESSL_VERSION_NUMBER)
+ ssl_methods[TLS_USE_TLSv1_2_cli - 1] = TLSv1_2_client_method();
+ ssl_methods[TLS_USE_TLSv1_2_srv - 1] = TLSv1_2_server_method();
+ ssl_methods[TLS_USE_TLSv1_2 - 1] = TLSv1_2_method();
+@@ -393,11 +394,11 @@ static void init_ssl_methods(void)
+ /* ranges of TLS versions (require a minimum TLS version) */
+ ssl_methods[TLS_USE_TLSv1_PLUS - 1] = (void*)TLS_OP_TLSv1_PLUS;
+
+-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
++#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(LIBRESSL_VERSION_NUMBER)
+ ssl_methods[TLS_USE_TLSv1_1_PLUS - 1] = (void*)TLS_OP_TLSv1_1_PLUS;
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER >= 0x1000105fL
++#if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(LIBRESSL_VERSION_NUMBER)
+ ssl_methods[TLS_USE_TLSv1_2_PLUS - 1] = (void*)TLS_OP_TLSv1_2_PLUS;
+ #endif
+ }
+@@ -408,6 +409,7 @@ static void init_ssl_methods(void)
+ */
+ static int init_tls_compression(void)
+ {
++#ifndef LIBRESSL_VERSION_NUMBER
+ #if OPENSSL_VERSION_NUMBER < 0x010100000L
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+ int n, r;
+@@ -494,6 +496,7 @@ static int init_tls_compression(void)
+ end:
+ #endif /* OPENSSL_VERSION_NUMBER >= 0.9.8 */
+ #endif /* OPENSSL_VERSION_NUMBER < 1.1.0 */
++#endif /* LIBRESSL_VERSION_NUMBER */
+ return 0;
+ }
+
+@@ -504,6 +507,7 @@ end:
+ */
+ int tls_pre_init(void)
+ {
++#ifndef LIBRESSL_VERSION_NUMBER
+ #if OPENSSL_VERSION_NUMBER < 0x010100000L
+ void *(*mf)(size_t) = NULL;
+ void *(*rf)(void *, size_t) = NULL;
+@@ -530,6 +534,7 @@ int tls_pre_init(void)
+ " (can be loaded first to be safe)\n");
+ return -1;
+ }
++#endif /* LIBRESSL_VERSION_NUMBER */
+
+ if (tls_init_locks()<0)
+ return -1;
+@@ -563,7 +568,7 @@ int init_tls_h(void)
+ {
+ /*struct socket_info* si;*/
+ long ssl_version;
+-#if OPENSSL_VERSION_NUMBER < 0x010100000L
++#if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ int lib_kerberos;
+ int lib_zlib;
+ int kerberos_support;
+@@ -607,7 +612,7 @@ int init_tls_h(void)
+ }
+
+ /* check kerberos support using compile flags only for version < 1.1.0 */
+-#if OPENSSL_VERSION_NUMBER < 0x010100000L
++#if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
+
+ #ifdef TLS_KERBEROS_SUPPORT
+ kerberos_support=1;
diff --git a/main/kamailio/0004-src_core_tcp_read_c.patch b/main/kamailio/0004-src_core_tcp_read_c.patch
new file mode 100644
index 0000000000..08308f77b1
--- /dev/null
+++ b/main/kamailio/0004-src_core_tcp_read_c.patch
@@ -0,0 +1,20 @@
+$OpenBSD: patch-src_core_tcp_read_c,v 1.1 2017/07/03 22:14:20 sthen Exp $
+
+Index: a/src/core/tcp_read.c
+--- a/src/core/tcp_read.c.orig
++++ a/src/core/tcp_read.c
+@@ -1497,6 +1497,14 @@ void release_tcpconn(struct tcp_connection* c, long st
+ ip_addr2a(&c->rcv.src_ip), c->rcv.src_port,
+ ip_addr2a(&c->rcv.dst_ip), c->rcv.dst_port);
+ LM_DBG("extra_data %p\n", c->extra_data);
++
++ /* experimental fix tls crash with libressl */
++ /* add cleanup SSL structure in child process, in parent process SSL structure is empty */
++ if ((c->type==PROTO_TLS || c->type==PROTO_WSS) && (c->extra_data) && c->fd != -1) {
++ tls_close(c, c->fd);
++ tls_tcpconn_clean(c);
++ }
++
+ /* release req & signal the parent */
+ c->reader_pid=0; /* reset it */
+ if (c->fd!=-1){
diff --git a/main/kamailio/APKBUILD b/main/kamailio/APKBUILD
index a08459c1f2..3743474b5e 100644
--- a/main/kamailio/APKBUILD
+++ b/main/kamailio/APKBUILD
@@ -13,7 +13,7 @@ _gittag=HEAD
pkgver=5.0.2
-pkgrel=0
+pkgrel=1
[ -z "${_gitcommit}" ] && _suffix="_src" || _suffix="-${_gitcommit}"
pkgdesc="Open Source SIP Server"
@@ -238,6 +238,8 @@ done
source="http://www.kamailio.org/pub/kamailio/$pkgver/src/${pkgname}-${pkgver}${_suffix}.tar.gz
0001-kamdbctl.base.patch
0002-remove-spurious-execinfo.patch
+ 0003-src_modules_tls_tls_init_c.patch
+ 0004-src_core_tcp_read_c.patch
kamailio.cfg
kamailio.initd
"
@@ -509,5 +511,7 @@ kazoo() {
sha512sums="d2bd320edb9612006277979f96079c8a01b8fef3774af5847aab78529dbe61880be6a4e596af1ce6c67fa34142a0f200e7728ff3a725691f081fccd51cd11f16 kamailio-5.0.2_src.tar.gz
6badfb611c02ffcb4c2e9937731162ea1a4b737f042ed52120e2f96ebb80b5b7d240b5612c9ca565e693eec9b8c52c1ee5db04dfc47d204501021f984b4b11db 0001-kamdbctl.base.patch
e60e8d41e55008f0473e4d645af3b43f2bc097e341bb3bb81daec8bc47abcd6d037cbb56082675c24ffb1c50b2eb93e3c4fc50b0dc2df9cdfe4f28ad7b9fbf9e 0002-remove-spurious-execinfo.patch
+84b8645e551a41737863085dad6c2c865e60bbe505bfdf750dec530cdd0501025a69e60a48b54971f0d0daaf5f52d1cc0aa8d275395f5c110a3563bb269bb6df 0003-src_modules_tls_tls_init_c.patch
+af8362201957eae6b66baf7368c9ca884024209a396d77c5c52180c9aabe13772e9c6513e59721d39503e5bb7a8c1030f5c10301ea9055bddafb7f01ee2f3076 0004-src_core_tcp_read_c.patch
c1abf69b48847dc8c7ab0d11ef9adb531aa4635f9d44db6933981edc5a47df374664fb24867b19aa64abbcc9777bf1cd0360d9aea54e27b081065928c61e0f0b kamailio.cfg
cd6e3b677d803cd78561ad14d9b2589fd35ad0096f48047fdcb4ddc7d9103871357efba3b350946844cb53dbb081210746421fc420c22ac845b90251168a628e kamailio.initd"