[gentoo-commits] repo/gentoo:master commit in: net-misc/stunnel/files/, net-misc/stunnel/

["Anthony G. Basile" <blueness@gentoo.org>]

commit:     ed175c5284d66d77c891808de3239f187ee636f4
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 28 13:22:36 2017 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Jan 28 13:22:36 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed175c52

net-misc/stunnel: fix build on libressl, bug #584298

Package-Manager: portage-2.3.3

 .../files/stunnel-5.39-compat-libressl.patch       | 132 +++++++++++++++++++++
 net-misc/stunnel/stunnel-5.39.ebuild               |   2 +-
 2 files changed, 133 insertions(+), 1 deletion(-)

diff --git a/net-misc/stunnel/files/stunnel-5.39-compat-libressl.patch b/net-misc/stunnel/files/stunnel-5.39-compat-libressl.patch
new file mode 100644
index 00000000..7c4f743
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-5.39-compat-libressl.patch
@@ -0,0 +1,132 @@
+diff -Naur stunnel-5.30.orig/src/ctx.c stunnel-5.30/src/ctx.c
+--- stunnel-5.30.orig/src/ctx.c	2016-01-15 16:45:23.000000000 +0000
++++ stunnel-5.30/src/ctx.c	2016-05-14 15:16:47.392859450 +0000
+@@ -359,7 +359,7 @@
+ /**************************************** initialize OpenSSL CONF */
+ 
+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+     SSL_CONF_CTX *cctx;
+     NAME_LIST *curr;
+     char *cmd, *param;
+diff -Naur stunnel-5.30.orig/src/verify.c stunnel-5.30/src/verify.c
+--- stunnel-5.30.orig/src/verify.c	2016-01-15 16:45:23.000000000 +0000
++++ stunnel-5.30/src/verify.c	2016-05-14 15:16:10.369860180 +0000
+@@ -51,7 +51,7 @@
+ NOEXPORT int verify_callback(int, X509_STORE_CTX *);
+ NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
+ NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+ NOEXPORT int cert_check_local(X509_STORE_CTX *);
+@@ -280,7 +280,7 @@
+     }
+ 
+     if(depth==0) { /* additional peer certificate checks */
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+         if(!cert_check_subject(c, callback_ctx))
+             return 0; /* reject */
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+@@ -291,7 +291,7 @@
+     return 1; /* accept */
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
+     X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
+     NAME_LIST *ptr;
+diff --git a/src/common.h b/src/common.h
+index 93f165e..491d9de 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -448,7 +448,7 @@ extern char *sys_errlist[];
+ #define OPENSSL_NO_TLS1_2
+ #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
+ 
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #ifndef OPENSSL_NO_SSL2
+ #define OPENSSL_NO_SSL2
+ #endif /* !defined(OPENSSL_NO_SSL2) */
+@@ -474,7 +474,7 @@ extern char *sys_errlist[];
+ #include <openssl/des.h>
+ #ifndef OPENSSL_NO_DH
+ #include <openssl/dh.h>
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+ #endif /* OpenSSL older than 1.1.0 */
+ #endif /* !defined(OPENSSL_NO_DH) */
+diff --git a/src/prototypes.h b/src/prototypes.h
+index 303ff77..ae22598 100644
+--- a/src/prototypes.h
++++ b/src/prototypes.h
+@@ -664,13 +664,13 @@ typedef enum {
+ #endif /* OPENSSL_NO_DH */
+     STUNNEL_LOCKS                           /* number of locks */
+ } LOCK_TYPE;
+-#if OPENSSL_VERSION_NUMBER < 0x10100004L
++#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ typedef int STUNNEL_RWLOCK;
+ #else
+ typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK;
+ #endif
+ extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
+-#if OPENSSL_VERSION_NUMBER>=0x10100004L
++#if OPENSSL_VERSION_NUMBER>=0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
+ #define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type)
+ #define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type)
+ #else
+diff --git a/src/ssl.c b/src/ssl.c
+index a7af7e6..1483734 100644
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -50,7 +50,7 @@ NOEXPORT int add_rand_file(GLOBAL_OPTIONS *, const char *);
+ int index_cli, index_opt, index_redirect, index_addr;
+ 
+ int ssl_init(void) { /* init TLS before parsing configuration file */
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
+         OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ #else
+@@ -83,7 +83,7 @@ int ssl_init(void) { /* init TLS before parsing configuration file */
+ }
+ 
+ #ifndef OPENSSL_NO_DH
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0
+  * to be linked against the older versions */
+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
+diff --git a/src/sthreads.c b/src/sthreads.c
+index 59c24a2..04fb256 100644
+--- a/src/sthreads.c
++++ b/src/sthreads.c
+@@ -47,7 +47,7 @@
+ STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid()
+ #endif
+ 
+diff --git a/src/verify.c b/src/verify.c
+index ac1c3ee..3e3bda4 100644
+--- a/src/verify.c
++++ b/src/verify.c
+@@ -348,7 +348,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
+     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
+     subject=X509_get_subject_name(cert);
+ 
+-#if OPENSSL_VERSION_NUMBER>=0x10000000L
++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #if OPENSSL_VERSION_NUMBER<0x10100006L
+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
+ #endif

diff --git a/net-misc/stunnel/stunnel-5.39.ebuild b/net-misc/stunnel/stunnel-5.39.ebuild
index 4275ec9..b1e4715 100644
--- a/net-misc/stunnel/stunnel-5.39.ebuild
+++ b/net-misc/stunnel/stunnel-5.39.ebuild
@@ -41,7 +41,7 @@ src_prepare() {
 		tools/Makefile.in || die "sed failed"
 
 	# libressl compat
-	eapply "${FILESDIR}"/stunnel-compat-libressl.patch
+	eapply "${FILESDIR}"/${P}-compat-libressl.patch
 
 	echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel