diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2016-10-08 13:17:37 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2016-10-10 12:04:45 +0000 |
commit | ba2b9dc16f3f154935ac692a00d40e147dc9b484 (patch) | |
tree | f80d9d59bdadc6e6d1a68506aa045a7064576685 /community/stunnel | |
parent | 0b1602287307210acaefbf636332a41805c8f744 (diff) | |
download | aports-ba2b9dc16f3f154935ac692a00d40e147dc9b484.tar.bz2 aports-ba2b9dc16f3f154935ac692a00d40e147dc9b484.tar.xz |
community/libressl: rebuild with libressl
Diffstat (limited to 'community/stunnel')
-rw-r--r-- | community/stunnel/APKBUILD | 8 | ||||
-rw-r--r-- | community/stunnel/stunnel-libressl.patch | 252 |
2 files changed, 258 insertions, 2 deletions
diff --git a/community/stunnel/APKBUILD b/community/stunnel/APKBUILD index 41bcb45700..224ce311aa 100644 --- a/community/stunnel/APKBUILD +++ b/community/stunnel/APKBUILD @@ -4,16 +4,17 @@ # Maintainer: Jakub Jirutka <jakub@jirutka.cz> pkgname=stunnel pkgver=5.35 -pkgrel=1 +pkgrel=2 pkgdesc="SSL encryption wrapper between network client and server." url="http://www.stunnel.org/" arch="all" license="GPL2+ with OpenSSL exception" depends="openssl" -makedepends="openssl-dev" +makedepends="libressl-dev" subpackages="$pkgname-doc" install="$pkgname.pre-install" source="https://www.stunnel.org/downloads/$pkgname-$pkgver.tar.gz + stunnel-libressl.patch stunnel.initd stunnel.conf" builddir="$srcdir/$pkgname-$pkgver" @@ -48,11 +49,14 @@ package() { } md5sums="9079f5fafbccaf88b7d92b227d78249a stunnel-5.35.tar.gz +ee6cd228bb9628336624e2261f3032b5 stunnel-libressl.patch da32978d82c03158d7b947e10b1ba284 stunnel.initd f1227c57d136eb7db3853844f683916a stunnel.conf" sha256sums="ffa386ae4c825f35f35157c285e7402a6d58779ad8c3822f74a9d355b54aba1d stunnel-5.35.tar.gz +05df599689d23175ab9450ecc3a73a181e9ac2d9e3800d66e758fe5f0b51bc32 stunnel-libressl.patch 01c7c7f43cebb299659cd344a98bc64418d516f6530d0b24772d70bb1d56847e stunnel.initd 42971d32e5e79490564d2f71d6a47bbe4aaabd740ba75b75e38207ea0845fec1 stunnel.conf" sha512sums="cdec7ddafbfac4a1d420704baec72fedbd655871137ec8283c066203c0859019c6e11ce00647e5b471a019409e4eb5e9525166eddd7ddffa25055b95c0cacd9e stunnel-5.35.tar.gz +42d180aeca48ea5d154f7561445ab7d7bb13598e859f914b71bba8ebf439ed02e0693798aad2b6cf3236844a5da1984bc74fd3827f7639b1e9da48c8589795ee stunnel-libressl.patch 33e215413e08fdd5783cc76e6ba6a2342fb6d0573f801815c4d3022625e71be6c9739d47a7a61bf7c803f27911b9c92cf6ae3e522add040f83802e1aaeaee000 stunnel.initd a72bfddeb74787d58c9fd24782d86c0498ce3530a43fbdd4ec4c4b57baa6257b6ef21005aca274b22c4a22cdbbbcee63dd3d841f458af248db9c69e8d59fa56f stunnel.conf" diff --git a/community/stunnel/stunnel-libressl.patch b/community/stunnel/stunnel-libressl.patch new file mode 100644 index 0000000000..9b39720c9f --- /dev/null +++ b/community/stunnel/stunnel-libressl.patch @@ -0,0 +1,252 @@ +diff --git a/src/common.h b/src/common.h +index f7d38b0..6b81341 100644 +--- a/src/common.h ++++ b/src/common.h +@@ -448,7 +448,7 @@ extern char *sys_errlist[]; + #define OPENSSL_NO_TLS1_2 + #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */ + +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + #ifndef OPENSSL_NO_SSL2 + #define OPENSSL_NO_SSL2 + #endif /* !defined(OPENSSL_NO_SSL2) */ +@@ -474,7 +474,7 @@ extern char *sys_errlist[]; + #include <openssl/des.h> + #ifndef OPENSSL_NO_DH + #include <openssl/dh.h> +-#if OPENSSL_VERSION_NUMBER<0x10100000L ++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); + #endif /* OpenSSL older than 1.1.0 */ + #endif /* !defined(OPENSSL_NO_DH) */ +diff --git a/src/ctx.c b/src/ctx.c +index 5b282e9..7984f32 100644 +--- a/src/ctx.c ++++ b/src/ctx.c +@@ -366,7 +366,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) { + /**************************************** initialize OpenSSL CONF */ + + NOEXPORT int conf_init(SERVICE_OPTIONS *section) { +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + SSL_CONF_CTX *cctx; + NAME_LIST *curr; + char *cmd, *param; +diff --git a/src/options.c b/src/options.c +index 22e00dd..5674284 100644 +--- a/src/options.c ++++ b/src/options.c +@@ -1291,7 +1291,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section, + break; + } + +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + + /* checkEmail */ + switch(cmd) { +@@ -1428,7 +1428,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section, + break; + } + +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + + /* config */ + switch(cmd) { +@@ -2617,7 +2617,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section, + /* sslVersion */ + switch(cmd) { + case CMD_BEGIN: +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + section->client_method=(SSL_METHOD *)TLS_client_method(); + section->server_method=(SSL_METHOD *)TLS_server_method(); + #else +@@ -2629,7 +2629,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section, + if(strcasecmp(opt, "sslVersion")) + break; + if(!strcasecmp(arg, "all")) { +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + section->client_method=(SSL_METHOD *)TLS_client_method(); + section->server_method=(SSL_METHOD *)TLS_server_method(); + #else +diff --git a/src/prototypes.h b/src/prototypes.h +index 182c764..d57aff2 100644 +--- a/src/prototypes.h ++++ b/src/prototypes.h +@@ -206,7 +206,7 @@ typedef struct service_options_struct { + char *ocsp_url; + unsigned long ocsp_flags; + #endif /* !defined(OPENSSL_NO_OCSP) */ +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + NAME_LIST *check_host, *check_email, *check_ip; /* cert subject checks */ + NAME_LIST *config; /* OpenSSL CONF options */ + #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ +@@ -650,13 +650,13 @@ typedef enum { + #endif /* OPENSSL_NO_DH */ + STUNNEL_LOCKS /* number of locks */ + } LOCK_TYPE; +-#if OPENSSL_VERSION_NUMBER < 0x10100004L ++#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER) + typedef int STUNNEL_RWLOCK; + #else + typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK; + #endif + extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS]; +-#if OPENSSL_VERSION_NUMBER>=0x10100004L ++#if OPENSSL_VERSION_NUMBER>=0x10100004L && !defined(LIBRESSL_VERSION_NUMBER) + #define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type) + #define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type) + #else +diff --git a/src/ssl.c b/src/ssl.c +index d5b27bd..8dae820 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -78,7 +78,7 @@ int ssl_init(void) { /* init SSL before parsing configuration file */ + } + + #ifndef OPENSSL_NO_DH +-#if OPENSSL_VERSION_NUMBER<0x10100000L ++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0 + * to be linked against the older versions */ + int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { +diff --git a/src/sthreads.c b/src/sthreads.c +index 4e4e0e9..f61f230 100644 +--- a/src/sthreads.c ++++ b/src/sthreads.c +@@ -45,7 +45,7 @@ + + STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS]; + +-#if OPENSSL_VERSION_NUMBER<0x10100004L ++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) + #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid() + #endif + +@@ -203,7 +203,7 @@ int create_client(SOCKET ls, SOCKET s, CLI *arg, void *(*cli)(void *)) { + + #ifdef USE_PTHREAD + +-#if OPENSSL_VERSION_NUMBER<0x10100004L ++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) + + struct CRYPTO_dynlock_value { + pthread_rwlock_t rwlock; +@@ -263,7 +263,8 @@ unsigned long stunnel_thread_id(void) { + #endif + } + +-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L ++#if OPENSSL_VERSION_NUMBER>=0x10000000L && \ ++ (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)) + NOEXPORT void threadid_func(CRYPTO_THREADID *tid) { + CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id()); + } +@@ -272,7 +273,7 @@ NOEXPORT void threadid_func(CRYPTO_THREADID *tid) { + int sthreads_init(void) { + int i; + +-#if OPENSSL_VERSION_NUMBER<0x10100004L ++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) + /* initialize the OpenSSL dynamic locking */ + CRYPTO_set_dynlock_create_callback(dyn_create_function); + CRYPTO_set_dynlock_lock_callback(dyn_lock_function); +@@ -345,7 +346,7 @@ int create_client(SOCKET ls, SOCKET s, CLI *arg, void *(*cli)(void *)) { + * but it is unsupported on Windows XP (and earlier versions of Windows): + * https://msdn.microsoft.com/en-us/library/windows/desktop/aa904937%28v=vs.85%29.aspx */ + +-#if OPENSSL_VERSION_NUMBER<0x10100004L ++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) + + struct CRYPTO_dynlock_value { + CRITICAL_SECTION mutex; +@@ -398,7 +399,7 @@ unsigned long stunnel_thread_id(void) { + int sthreads_init(void) { + int i; + +-#if OPENSSL_VERSION_NUMBER<0x10100004L ++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) + /* initialize the OpenSSL dynamic locking */ + CRYPTO_set_dynlock_create_callback(dyn_create_function); + CRYPTO_set_dynlock_lock_callback(dyn_lock_function); +diff --git a/src/verify.c b/src/verify.c +index 9fc0ff9..5c7ff26 100644 +--- a/src/verify.c ++++ b/src/verify.c +@@ -51,7 +51,7 @@ NOEXPORT int add_dir_lookup(X509_STORE *, char *); + NOEXPORT int verify_callback(int, X509_STORE_CTX *); + NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *); + NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int); +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *); + #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ + NOEXPORT int cert_check_local(X509_STORE_CTX *); +@@ -120,7 +120,7 @@ NOEXPORT int crl_init(SERVICE_OPTIONS *section) { + return 1; /* FAILED */ + } + if(section->crl_dir) { +-#if OPENSSL_VERSION_NUMBER<0x10100000L ++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* do not cache CRLs (only required with OpenSSL version < 1.0.0) */ + store->cache=0; + #endif +@@ -178,7 +178,7 @@ NOEXPORT void auth_warnings(SERVICE_OPTIONS *section) { + if(section->option.verify_peer) /* verify_peer does not depend on PKI */ + return; + if(section->option.verify_chain) { +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + if(section->check_email || section->check_host || section->check_ip) + return; + #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ +@@ -277,7 +277,7 @@ NOEXPORT int cert_check(CLI *c, X509_STORE_CTX *callback_ctx, + } + + if(depth==0) { /* additional peer certificate checks */ +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + if(!cert_check_subject(c, callback_ctx)) + return 0; /* reject */ + #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ +@@ -288,7 +288,7 @@ NOEXPORT int cert_check(CLI *c, X509_STORE_CTX *callback_ctx, + return 1; /* accept */ + } + +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) { + X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx); + NAME_LIST *ptr; +@@ -340,7 +340,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) { + STACK_OF(X509) *sk; + int i; + #endif +-#if OPENSSL_VERSION_NUMBER<0x10100000L ++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + X509_OBJECT obj; + int success; + #endif +@@ -349,7 +349,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) { + subject=X509_get_subject_name(cert); + + #if OPENSSL_VERSION_NUMBER>=0x10000000L +-#if OPENSSL_VERSION_NUMBER<0x10100006L ++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) + #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs + #endif + /* modern API allows retrieving multiple matching certificates */ +@@ -364,7 +364,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) { + } + #endif + +-#if OPENSSL_VERSION_NUMBER<0x10100000L ++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* pre-1.0.0 API only returns a single matching certificate */ + /* we also invoke it for other OpenSSL versions before 1.1.0 */ + memset((char *)&obj, 0, sizeof obj); |