FreeBSD Bugzilla – Attachment 206956 Details for
Bug 224148
security/stunnel: fix build with LibreSSL
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
svn-diff-stunnel_new
svn-diff-stunnel (text/plain), 12.57 KB, created by
Walter Schwarzenfeld
on 2019-08-27 14:34:43 UTC
(
hide
)
Description:
svn-diff-stunnel_new
Filename:
MIME Type:
Creator:
Walter Schwarzenfeld
Created:
2019-08-27 14:34:43 UTC
Size:
12.57 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 510014) >+++ Makefile (working copy) >@@ -3,7 +3,7 @@ > > PORTNAME= stunnel > PORTVERSION= 5.55 >-PORTEPOCH= 1 >+PORTEPOCH= 2 > CATEGORIES= security > MASTER_SITES= https://www.stunnel.org/downloads/%SUBDIR%/ \ > https://www.stunnel.org/downloads/beta/ \ >Index: files/patch-libressl >=================================================================== >--- files/patch-libressl (nonexistent) >+++ files/patch-libressl (working copy) >@@ -0,0 +1,297 @@ >+--- src/client.c >++++ src/client.c >+@@ -657,7 +657,7 @@ NOEXPORT void print_cipher(CLI *c) { /* print negotiated cipher */ >+ NOEXPORT void transfer(CLI *c) { >+ int timeout; /* s_poll_wait timeout in seconds */ >+ int pending; /* either processed on unprocessed TLS data */ >+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L >++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ int has_pending=0, prev_has_pending; >+ #endif >+ int watchdog=0; /* a counter to detect an infinite loop */ >+@@ -705,7 +705,7 @@ NOEXPORT void transfer(CLI *c) { >+ >+ /****************************** wait for an event */ >+ pending=SSL_pending(c->ssl); >+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L >++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ /* only attempt to process SSL_has_pending() data once */ >+ prev_has_pending=has_pending; >+ has_pending=SSL_has_pending(c->ssl); >+@@ -1109,7 +1109,7 @@ NOEXPORT void transfer(CLI *c) { >+ s_log(LOG_ERR, >+ "please report the problem to Michal.Trojnara@stunnel.org"); >+ stunnel_info(LOG_ERR); >+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L >++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ s_log(LOG_ERR, "protocol=%s, SSL_pending=%d, SSL_has_pending=%d", >+ SSL_get_version(c->ssl), >+ SSL_pending(c->ssl), SSL_has_pending(c->ssl)); >+--- src/ctx.c >++++ src/ctx.c >+@@ -91,7 +91,7 @@ NOEXPORT void set_prompt(const char *); >+ NOEXPORT int ui_retry(); >+ >+ /* session tickets */ >+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L >++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT int generate_session_ticket_cb(SSL *, void *); >+ NOEXPORT int decrypt_session_ticket_cb(SSL *, SSL_SESSION *, >+ const unsigned char *, size_t, SSL_TICKET_STATUS, void *); >+@@ -130,7 +130,7 @@ NOEXPORT void sslerror_log(unsigned long, const char *, int, char *); >+ >+ /**************************************** initialize section->ctx */ >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ typedef long unsigned SSL_OPTIONS_TYPE; >+ #else >+ typedef long SSL_OPTIONS_TYPE; >+@@ -138,7 +138,7 @@ typedef long SSL_OPTIONS_TYPE; >+ >+ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ >+ /* create TLS context */ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ if(section->option.client) >+ section->ctx=SSL_CTX_new(TLS_client_method()); >+ else /* server mode */ >+@@ -234,7 +234,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ >+ #endif >+ >+ /* setup session tickets */ >+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L >++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) >+ SSL_CTX_set_session_ticket_cb(section->ctx, generate_session_ticket_cb, >+ decrypt_session_ticket_cb, NULL); >+ #endif /* OpenSSL 1.1.1 or later */ >+@@ -493,7 +493,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) { >+ /**************************************** initialize OpenSSL CONF */ >+ >+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) { >+-#if OPENSSL_VERSION_NUMBER>=0x10002000L >++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) >+ SSL_CONF_CTX *cctx; >+ NAME_LIST *curr; >+ char *cmd, *param; >+@@ -979,7 +979,7 @@ NOEXPORT int ui_retry() { >+ >+ /**************************************** session tickets */ >+ >+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L >++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) >+ >+ typedef struct { >+ void *session_authenticated; >+@@ -1470,7 +1470,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where, int ret) { >+ >+ c=SSL_get_ex_data((SSL *)ssl, index_ssl_cli); >+ if(c) { >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl); >+ #else >+ int state=SSL_get_state((SSL *)ssl); >+--- src/options.c >++++ src/options.c >+@@ -81,7 +81,7 @@ NOEXPORT char *sni_init(SERVICE_OPTIONS *); >+ NOEXPORT void sni_free(SERVICE_OPTIONS *); >+ #endif /* !defined(OPENSSL_NO_TLSEXT) */ >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT int str_to_proto_version(const char *); >+ #else /* OPENSSL_VERSION_NUMBER<0x10100000L */ >+ NOEXPORT char *tls_methods_set(SERVICE_OPTIONS *, const char *); >+@@ -96,7 +96,7 @@ NOEXPORT PSK_KEYS *psk_dup(PSK_KEYS *); >+ NOEXPORT void psk_free(PSK_KEYS *); >+ #endif /* !defined(OPENSSL_NO_PSK) */ >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10000000L >++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT TICKET_KEY *key_read(char *, char *); >+ NOEXPORT TICKET_KEY *key_dup(TICKET_KEY *); >+ NOEXPORT void key_free(TICKET_KEY *); >+@@ -3104,7 +3104,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr, >+ break; >+ } >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ >+ /* sslVersion */ >+ switch(cmd) { >+@@ -3273,7 +3273,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr, >+ } >+ #endif >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10000000L >++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) >+ >+ /* ticketKeySecret */ >+ switch(cmd) { >+@@ -3755,7 +3755,7 @@ NOEXPORT void sni_free(SERVICE_OPTIONS *section) { >+ >+ /**************************************** modern TLS version handling */ >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ >+ NOEXPORT int str_to_proto_version(const char *name) { >+ if(!strcasecmp(name, "all")) >+@@ -4079,7 +4079,7 @@ NOEXPORT void psk_free(PSK_KEYS *head) { >+ >+ /**************************************** read ticket key */ >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10000000L >++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) >+ >+ NOEXPORT TICKET_KEY *key_read(char *arg, char *option) { >+ char *key_str; >+--- src/prototypes.h >++++ src/prototypes.h >+@@ -244,7 +244,7 @@ typedef struct service_options_struct { >+ #if OPENSSL_VERSION_NUMBER>=0x009080dfL >+ long unsigned ssl_options_clear; >+ #endif /* OpenSSL 0.9.8m or later */ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ int min_proto_version, max_proto_version; >+ #else /* OPENSSL_VERSION_NUMBER<0x10100000L */ >+ SSL_METHOD *client_method, *server_method; >+@@ -706,7 +706,7 @@ int getnameinfo(const struct sockaddr *, socklen_t, >+ extern CLI *thread_head; >+ #endif >+ >+-#if OPENSSL_VERSION_NUMBER<0x10100004L >++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) >+ >+ #ifdef USE_OS_THREADS >+ >+@@ -755,7 +755,7 @@ typedef enum { >+ >+ extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS]; >+ >+-#if OPENSSL_VERSION_NUMBER<0x10100004L >++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) >+ /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */ >+ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); >+ int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *); >+--- src/ssl.c >++++ src/ssl.c >+@@ -39,7 +39,7 @@ >+ #include "prototypes.h" >+ >+ /* global OpenSSL initialization: compression, engine, entropy */ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, >+ void *from_d, int idx, long argl, void *argp); >+ #else >+@@ -114,7 +114,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { >+ #endif >+ #endif >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, >+ void *from_d, int idx, long argl, void *argp) { >+ #else >+@@ -177,7 +177,7 @@ int ssl_configure(GLOBAL_OPTIONS *global) { /* configure global TLS settings */ >+ >+ #ifndef OPENSSL_NO_COMP >+ >+-#if OPENSSL_VERSION_NUMBER<0x10100000L >++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ >+ NOEXPORT int COMP_get_type(const COMP_METHOD *meth) { >+ return meth->type; >+--- src/sthreads.c >++++ src/sthreads.c >+@@ -102,14 +102,16 @@ unsigned long stunnel_thread_id(void) { >+ >+ #endif /* USE_WIN32 */ >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L >++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L) || \ >++ defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT void threadid_func(CRYPTO_THREADID *tid) { >+ CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id()); >+ } >+ #endif >+ >+ void thread_id_init(void) { >+-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L >++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L) || \ >++ defined(LIBRESSL_VERSION_NUMBER) >+ CRYPTO_THREADID_set_callback(threadid_func); >+ #endif >+ #if OPENSSL_VERSION_NUMBER<0x10000000L || !defined(OPENSSL_NO_DEPRECATED) >+@@ -120,7 +122,7 @@ void thread_id_init(void) { >+ /**************************************** locking */ >+ >+ /* we only need to initialize locking with OpenSSL older than 1.1.0 */ >+-#if OPENSSL_VERSION_NUMBER<0x10100004L >++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) >+ >+ #ifdef USE_PTHREAD >+ >+@@ -229,7 +231,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO_RWLOCK *lock) { >+ >+ CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS]; >+ >+-#if OPENSSL_VERSION_NUMBER<0x10100004L >++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) >+ >+ #ifdef USE_OS_THREADS >+ >+@@ -339,7 +341,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) { >+ >+ void locking_init(void) { >+ size_t i; >+-#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L >++#if defined(USE_OS_THREADS) && \ >++ (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)) >+ size_t num; >+ >+ /* initialize the OpenSSL static locking */ >+--- src/tls.c >++++ src/tls.c >+@@ -41,7 +41,7 @@ >+ volatile int tls_initialized=0; >+ >+ NOEXPORT void tls_platform_init(); >+-#if OPENSSL_VERSION_NUMBER<0x10100000L >++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT void free_function(void *); >+ #endif >+ >+@@ -52,7 +52,7 @@ void tls_init() { >+ tls_platform_init(); >+ tls_initialized=1; >+ ui_tls=tls_alloc(NULL, NULL, "ui"); >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ CRYPTO_set_mem_functions(str_alloc_detached_debug, >+ str_realloc_detached_debug, str_free_debug); >+ #else >+@@ -184,7 +184,7 @@ TLS_DATA *tls_get() { >+ >+ /**************************************** OpenSSL allocator hook */ >+ >+-#if OPENSSL_VERSION_NUMBER<0x10100000L >++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT void free_function(void *ptr) { >+ /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */ >+ /* unfortunately, OpenSSL provides no file:line information here */ >+--- src/verify.c >++++ src/verify.c >+@@ -346,7 +346,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) { >+ cert=X509_STORE_CTX_get_current_cert(callback_ctx); >+ subject=X509_get_subject_name(cert); >+ >+-#if OPENSSL_VERSION_NUMBER<0x10100006L >++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) >+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs >+ #endif >+ /* moder > >Property changes on: files/patch-libressl >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=206956">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 224148
:
188593
|
194092
|
194951
|
206956
|
211224