community/xmlsec/libressl.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

From e834054c1a6adcc927c34c803eb22c24db69fd76 Mon Sep 17 00:00:00 2001
From: Bernard Spil <brnrd@FreeBSD.org>
Date: Sat, 8 Oct 2016 12:58:37 +0200
Subject: [PATCH] configure: Fix LibreSSL version detection

  - LibreSSL:
    * defines OPENSSL_VERSION_NUMBER as 0x20000000L
    * deFines LIBRESS_VERSION_NUMBER in opensslv.h
    * was forked from 1.0.1f / 0x1000107fL

PR:		https://bugs.freebsd.org/213301
Reported by:	Michael Gmelin <grembo@freebsd.org>
---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index ab69e16..94caf5f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -495,7 +495,7 @@ if test "z$OPENSSL_FOUND" = "zyes" -a "z$OPENSSL_VERSION" = "z" ; then
     if test "z$OPENSSL_VERSION" = "z" ; then
         AC_EGREP_CPP(yes,[
             #include <openssl/opensslv.h>
-        #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+        #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
         yes
         #endif
     ],[
From 51f5a3775dd51aeb13e50e8a428b0f40ab060d48 Mon Sep 17 00:00:00 2001
From: Eric Sproul <esproul@omniti.com>
Date: Tue, 31 May 2016 17:19:15 +0000
Subject: [PATCH] Fix mismatched conditional for XMLSEC_NO_ECDSA

Without this fix, we fail to compile on CentOS 6.x which lacks ECDSA
support.
---
 src/openssl/signatures.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/openssl/signatures.c b/src/openssl/signatures.c
index 5cb6f7b..95d3691 100644
--- a/src/openssl/signatures.c
+++ b/src/openssl/signatures.c
@@ -31,7 +31,7 @@
 #define EVP_MD_CTX_free(x)     EVP_MD_CTX_destroy((x))
 #define EVP_MD_CTX_md_data(x)  ((x)->md_data)
 
-#ifndef XMLSEC_NO_DSA
+#ifndef XMLSEC_NO_ECDSA
 /* we expect the r/s to be NOT NULL */
 static void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, ECDSA_SIG *sig) {
     if (pr != NULL) {
--- a/src/openssl/app.c.orig	Wed Apr 20 17:26:22 2016
+++ b/src/openssl/app.c	Sat Sep  3 14:33:48 2016
@@ -1487,11 +1487,6 @@ xmlSecOpenSSLAppLoadRANDFile(const char *file) {
 
     if(file == NULL) {
         file = RAND_file_name(buffer, sizeof(buffer));
-    }else if(RAND_egd(file) > 0) {
-        /* we try if the given filename is an EGD socket.
-         * if it is, we don't write anything back to the file. */
-        egdsocket = 1;
-        return 1;
     }
 
     if((file == NULL) || !RAND_load_file(file, -1)) {