[gentoo-commits] repo/gentoo:master commit in: net-im/coturn/, net-im/coturn/files/

[gentoo-commits] repo/gentoo:master commit in: net-im/coturn/, net-im/coturn/files/

[Andreas Schuerch]

commit:     781c7df3a4d765bb6f592f1d4b4e521a9de56a60
Author:     Andreas Schuerch <nativemad <AT> gentoo <DOT> org>
AuthorDate: Sat Apr  1 10:44:07 2017 +0000
Commit:     Andreas Schuerch <nativemad <AT> gentoo <DOT> org>
CommitDate: Sat Apr  1 10:45:42 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=781c7df3

net-im/coturn: sane logging defaults thanks to Andrey Utkin. New systemd unit, see bug 605302

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 .../{coturn-4.5.0.4.ebuild => coturn-4.5.0.4-r1.ebuild} | 16 +++++++++++-----
 net-im/coturn/coturn-9999.ebuild                        | 16 +++++++++++-----
 net-im/coturn/files/coturn.service                      | 17 +++++++++++++++++
 net-im/coturn/files/logrotate.coturn                    | 15 +++++++++++++++
 net-im/coturn/files/turnserver.init                     |  3 ++-
 5 files changed, 56 insertions(+), 11 deletions(-)

diff --git a/net-im/coturn/coturn-4.5.0.4.ebuild b/net-im/coturn/coturn-4.5.0.4-r1.ebuild
similarity index 68%
rename from net-im/coturn/coturn-4.5.0.4.ebuild
rename to net-im/coturn/coturn-4.5.0.4-r1.ebuild
index 6fa8344cd79..2ffd86380e4 100644
--- a/net-im/coturn/coturn-4.5.0.4.ebuild
+++ b/net-im/coturn/coturn-4.5.0.4-r1.ebuild
@@ -1,8 +1,8 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
-inherit eutils user
+inherit eutils user systemd
 DESCRIPTION="coturn TURN server project"
 HOMEPAGE="https://github.com/${PN}/${PN}"
 
@@ -30,6 +30,10 @@ RDEPEND="dev-libs/libevent[ssl]
 DEPEND="${RDEPEND}"
 
 src_configure() {
+	sed 's:#log-file=/var/tmp/turn.log:log-file=/var/log/turnserver.log:' \
+	    -i "${S}/examples/etc/turnserver.conf"  || die "sed for logdir failed"
+	sed 's:#simple-log:simple-log:' -i "${S}/examples/etc/turnserver.conf" \
+	    || die "sed for simple-log failed"
 	if ! use mongodb; then
 		export TURN_NO_MONGO=yes
 	fi
@@ -52,12 +56,14 @@ src_configure() {
 src_install() {
 	default
 	newinitd "${FILESDIR}/turnserver.init" turnserver
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/logrotate.${PN}" "${PN}"
+	systemd_dounit "${FILESDIR}/${PN}.service"
 }
 
 pkg_postinst() {
 	enewgroup turnserver
 	enewuser turnserver -1 -1 -1 turnserver
-	elog "Be aware that the default path for logfiles in coturn is /var/tmp!"
-	elog "You should copy /etc/turnserver.conf.default to"
-	elog "/etc/turnserver.conf and change not only the log option."
+	elog "You need to copy /etc/turnserver.conf.default to"
+	elog "/etc/turnserver.conf and do your settings there."
 }

diff --git a/net-im/coturn/coturn-9999.ebuild b/net-im/coturn/coturn-9999.ebuild
index 6fa8344cd79..2ffd86380e4 100644
--- a/net-im/coturn/coturn-9999.ebuild
+++ b/net-im/coturn/coturn-9999.ebuild
@@ -1,8 +1,8 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
-inherit eutils user
+inherit eutils user systemd
 DESCRIPTION="coturn TURN server project"
 HOMEPAGE="https://github.com/${PN}/${PN}"
 
@@ -30,6 +30,10 @@ RDEPEND="dev-libs/libevent[ssl]
 DEPEND="${RDEPEND}"
 
 src_configure() {
+	sed 's:#log-file=/var/tmp/turn.log:log-file=/var/log/turnserver.log:' \
+	    -i "${S}/examples/etc/turnserver.conf"  || die "sed for logdir failed"
+	sed 's:#simple-log:simple-log:' -i "${S}/examples/etc/turnserver.conf" \
+	    || die "sed for simple-log failed"
 	if ! use mongodb; then
 		export TURN_NO_MONGO=yes
 	fi
@@ -52,12 +56,14 @@ src_configure() {
 src_install() {
 	default
 	newinitd "${FILESDIR}/turnserver.init" turnserver
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/logrotate.${PN}" "${PN}"
+	systemd_dounit "${FILESDIR}/${PN}.service"
 }
 
 pkg_postinst() {
 	enewgroup turnserver
 	enewuser turnserver -1 -1 -1 turnserver
-	elog "Be aware that the default path for logfiles in coturn is /var/tmp!"
-	elog "You should copy /etc/turnserver.conf.default to"
-	elog "/etc/turnserver.conf and change not only the log option."
+	elog "You need to copy /etc/turnserver.conf.default to"
+	elog "/etc/turnserver.conf and do your settings there."
 }

diff --git a/net-im/coturn/files/coturn.service b/net-im/coturn/files/coturn.service
new file mode 100644
index 00000000000..81465f589d8
--- /dev/null
+++ b/net-im/coturn/files/coturn.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=turnserver daemon
+After=networking.target
+
+[Service]
+Type=simple
+User=turnserver
+Group=turnserver
+PermissionsStartOnly=true
+ExecStartPre=/bin/bash -c "[ -f /var/log/turnserver.log ] || touch /var/log/turnserver.log && chown turnserver:turnserver /var/log/turnserver.log && chmod 660 /var/log/turnserver.log"
+ExecStartPre=/bin/bash -c "[ -d /var/run/turnserver ] || mkdir /var/run/turnserver && chown turnserver:turnserver /var/run/turnserver"
+ExecStart=/usr/bin/turnserver --pidfile /var/run/turnserver/turnserver.pid
+Restart=always
+RestartSec=30s
+
+[Install]
+WantedBy=multi-user.target

diff --git a/net-im/coturn/files/logrotate.coturn b/net-im/coturn/files/logrotate.coturn
new file mode 100644
index 00000000000..06b4d74ec3a
--- /dev/null
+++ b/net-im/coturn/files/logrotate.coturn
@@ -0,0 +1,15 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+/var/log/turnserver.log {
+daily
+rotate 7
+create 660 turnserver turnserver
+notifempty
+size 50M
+sharedscripts
+missingok
+postrotate
+[ -f /var/run/turnserver/turnserver.pid ] && kill -HUP `cat /var/run/turnserver/turnserver.pid`
+endscript
+}

diff --git a/net-im/coturn/files/turnserver.init b/net-im/coturn/files/turnserver.init
index 9be7711a850..682e4f12202 100755
--- a/net-im/coturn/files/turnserver.init
+++ b/net-im/coturn/files/turnserver.init
@@ -1,5 +1,5 @@
 #!/sbin/openrc-run
-# Copyright 1999-2013 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 
@@ -13,6 +13,7 @@ depend() {
 start() {
 	ebegin "Starting turnserver"
 	checkpath -q -d -m 0755 -o turnserver:turnserver /var/run/turnserver
+	checkpath -q -f -m 0660 -o turnserver:turnserver /var/log/turnserver.log
 	start-stop-daemon --start --user turnserver --exec /usr/bin/turnserver -- -o \
 	--pidfile /var/run/turnserver/turnserver.pid >/dev/null
 	eend $?

[gentoo-commits] repo/gentoo:master commit in: net-im/coturn/, net-im/coturn/files/

[Andreas Schuerch]

commit:     6062ad6ab9032d245a846cb81e188575dae4b876
Author:     Andreas Schuerch <nativemad <AT> gentoo <DOT> org>
AuthorDate: Tue May 30 14:39:08 2017 +0000
Commit:     Andreas Schuerch <nativemad <AT> gentoo <DOT> org>
CommitDate: Tue May 30 14:39:08 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6062ad6a

net-im/coturn: bump to 4.5.0.6 and use of systemd tmpfiles.d

Package-Manager: Portage-2.3.5, Repoman-2.3.1

 net-im/coturn/Manifest                                            | 1 +
 net-im/coturn/coturn-4.5.0.4-r1.ebuild                            | 4 +++-
 net-im/coturn/{coturn-4.5.0.4-r1.ebuild => coturn-4.5.0.6.ebuild} | 4 +++-
 net-im/coturn/coturn-9999.ebuild                                  | 4 +++-
 net-im/coturn/files/coturn.conf                                   | 1 +
 net-im/coturn/files/coturn.service                                | 1 -
 6 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/net-im/coturn/Manifest b/net-im/coturn/Manifest
index 0546106ac25..59f230fb683 100644
--- a/net-im/coturn/Manifest
+++ b/net-im/coturn/Manifest
@@ -1 +1,2 @@
 DIST coturn-4.5.0.4.tar.gz 381015 SHA256 582c5816b115b403f980f3c38edb12b74d3b2500b7cde190cfb292ae5c056c36 SHA512 1d267b715b08853a5434d0a10cffd49e035624353e6733ff7349c549ef3f69240c2488097d81e33f7a551e02d72a26f1f430aefb9cbacda511a2ae6f883cd414 WHIRLPOOL 7ff9b31c3a1a0e2fbc7ae0580df00476e803160fd7f92f3a02ab611c6f940a39334ea5efccb576b348f87c87ff690087af3c9304560caf8215fb14bef9a45f8f
+DIST coturn-4.5.0.6.tar.gz 394071 SHA256 5ad976e142daf392351f86623b217be7ca91322105e0500c379a9dcdbbc466e8 SHA512 4ad7d482af675033d050258e2af04b813561414d4ba926cfd336c6548200dbf1a90f9511983b8cad20713c7edff2a424c9d6b11d401717794e3d1af6b7ed9208 WHIRLPOOL 517353ce5cd90aca4f3991d87cdb0835e97eecf0c6529e93360b9506194f4c0cb1f3cc47e207510bbf3e4f465ab088303cdcd235cccbb11555940a8fa60f0478

diff --git a/net-im/coturn/coturn-4.5.0.4-r1.ebuild b/net-im/coturn/coturn-4.5.0.4-r1.ebuild
index 2ffd86380e4..02115af3223 100644
--- a/net-im/coturn/coturn-4.5.0.4-r1.ebuild
+++ b/net-im/coturn/coturn-4.5.0.4-r1.ebuild
@@ -2,7 +2,7 @@
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
-inherit eutils user systemd
+inherit eutils user systemd tmpfiles
 DESCRIPTION="coturn TURN server project"
 HOMEPAGE="https://github.com/${PN}/${PN}"
 
@@ -59,9 +59,11 @@ src_install() {
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}/logrotate.${PN}" "${PN}"
 	systemd_dounit "${FILESDIR}/${PN}.service"
+	dotmpfiles "${FILESDIR}/${PN}.conf"
 }
 
 pkg_postinst() {
+	tmpfiles_process "${PN}.conf"
 	enewgroup turnserver
 	enewuser turnserver -1 -1 -1 turnserver
 	elog "You need to copy /etc/turnserver.conf.default to"

diff --git a/net-im/coturn/coturn-4.5.0.4-r1.ebuild b/net-im/coturn/coturn-4.5.0.6.ebuild
similarity index 94%
copy from net-im/coturn/coturn-4.5.0.4-r1.ebuild
copy to net-im/coturn/coturn-4.5.0.6.ebuild
index 2ffd86380e4..02115af3223 100644
--- a/net-im/coturn/coturn-4.5.0.4-r1.ebuild
+++ b/net-im/coturn/coturn-4.5.0.6.ebuild
@@ -2,7 +2,7 @@
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
-inherit eutils user systemd
+inherit eutils user systemd tmpfiles
 DESCRIPTION="coturn TURN server project"
 HOMEPAGE="https://github.com/${PN}/${PN}"
 
@@ -59,9 +59,11 @@ src_install() {
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}/logrotate.${PN}" "${PN}"
 	systemd_dounit "${FILESDIR}/${PN}.service"
+	dotmpfiles "${FILESDIR}/${PN}.conf"
 }
 
 pkg_postinst() {
+	tmpfiles_process "${PN}.conf"
 	enewgroup turnserver
 	enewuser turnserver -1 -1 -1 turnserver
 	elog "You need to copy /etc/turnserver.conf.default to"

diff --git a/net-im/coturn/coturn-9999.ebuild b/net-im/coturn/coturn-9999.ebuild
index 2ffd86380e4..02115af3223 100644
--- a/net-im/coturn/coturn-9999.ebuild
+++ b/net-im/coturn/coturn-9999.ebuild
@@ -2,7 +2,7 @@
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
-inherit eutils user systemd
+inherit eutils user systemd tmpfiles
 DESCRIPTION="coturn TURN server project"
 HOMEPAGE="https://github.com/${PN}/${PN}"
 
@@ -59,9 +59,11 @@ src_install() {
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}/logrotate.${PN}" "${PN}"
 	systemd_dounit "${FILESDIR}/${PN}.service"
+	dotmpfiles "${FILESDIR}/${PN}.conf"
 }
 
 pkg_postinst() {
+	tmpfiles_process "${PN}.conf"
 	enewgroup turnserver
 	enewuser turnserver -1 -1 -1 turnserver
 	elog "You need to copy /etc/turnserver.conf.default to"

diff --git a/net-im/coturn/files/coturn.conf b/net-im/coturn/files/coturn.conf
new file mode 100644
index 00000000000..0097a3b49a6
--- /dev/null
+++ b/net-im/coturn/files/coturn.conf
@@ -0,0 +1 @@
+d	/run/turnserver	-	turnserver	turnserver	-	-

diff --git a/net-im/coturn/files/coturn.service b/net-im/coturn/files/coturn.service
index 81465f589d8..e072759e61b 100644
--- a/net-im/coturn/files/coturn.service
+++ b/net-im/coturn/files/coturn.service
@@ -8,7 +8,6 @@ User=turnserver
 Group=turnserver
 PermissionsStartOnly=true
 ExecStartPre=/bin/bash -c "[ -f /var/log/turnserver.log ] || touch /var/log/turnserver.log && chown turnserver:turnserver /var/log/turnserver.log && chmod 660 /var/log/turnserver.log"
-ExecStartPre=/bin/bash -c "[ -d /var/run/turnserver ] || mkdir /var/run/turnserver && chown turnserver:turnserver /var/run/turnserver"
 ExecStart=/usr/bin/turnserver --pidfile /var/run/turnserver/turnserver.pid
 Restart=always
 RestartSec=30s

[gentoo-commits] repo/gentoo:master commit in: net-im/coturn/, net-im/coturn/files/

[Andreas Schuerch]

commit:     9dd19782a4400174b4f33b36a21be137de341e69
Author:     Andreas Schuerch <nativemad <AT> gentoo <DOT> org>
AuthorDate: Fri Jan  3 11:04:10 2020 +0000
Commit:     Andreas Schuerch <nativemad <AT> gentoo <DOT> org>
CommitDate: Fri Jan  3 11:04:10 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9dd19782

net-im/coturn: version bump and chmod -x on initscript

Package-Manager: Portage-2.3.79, Repoman-2.3.16
Signed-off-by: Andreas Schuerch <nativemad <AT> gentoo.org>

 net-im/coturn/Manifest                                      |  1 +
 net-im/coturn/{coturn-9999.ebuild => coturn-4.5.1.1.ebuild} | 10 +++++-----
 net-im/coturn/coturn-9999.ebuild                            | 10 +++++-----
 net-im/coturn/files/turnserver.init                         |  2 +-
 4 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/net-im/coturn/Manifest b/net-im/coturn/Manifest
index a8812e377e7..5484deb1c6e 100644
--- a/net-im/coturn/Manifest
+++ b/net-im/coturn/Manifest
@@ -1,2 +1,3 @@
 DIST coturn-4.5.0.7.tar.gz 396579 BLAKE2B ac66fbac772ad4b182f0c4b64178a780bfb364e4c1cf105fc340ac60da0a4c2e2b186c3ce08cade347a5d1a4b233bfed604db74eacd81967c3090e00bc1e36e8 SHA512 4e6e4efb456449752b2cd242c9be7c5dc2298472e338293d3de21c3a9da968f2f304625663372bb4d857c092c694aa4681630773a46e4928b9c60c69378adacc
 DIST coturn-4.5.0.8.tar.gz 403711 BLAKE2B 1bc6a145117ffb3a5ea7d6730524d0ad8857755a3d8a59588ec61df9fcf21c1c68a15efb588c73f659c4e855cb7fdce145a83a8a0e10c0bfae2d0a54d1120475 SHA512 2bf32f72223bcb1ee57254def423a6f6d385df8e20661f79a789b08324d432269eeeb4a6a551769f1f9147447bcf1b4471fc634e9d91ca979947119ae76cec9e
+DIST coturn-4.5.1.1.tar.gz 420069 BLAKE2B fe0e0334658d2a69132d7a83667ee52927e888f8978bd03eb099e61f17a4516d10a36d2abb1c93e2b25bc4192c342fba581b85892e99b139016e09c77a365cc2 SHA512 a5e1aecdab5a7060ffbc73cc8dd294cafa701f2e0d2a827e40901cb6001af5a2c5ecbafdf14662410713818aad0ad259133f0dc9b34730bf7911863e1e255f70

diff --git a/net-im/coturn/coturn-9999.ebuild b/net-im/coturn/coturn-4.5.1.1.ebuild
similarity index 88%
copy from net-im/coturn/coturn-9999.ebuild
copy to net-im/coturn/coturn-4.5.1.1.ebuild
index a1fe9ad57b2..9978e282984 100644
--- a/net-im/coturn/coturn-9999.ebuild
+++ b/net-im/coturn/coturn-4.5.1.1.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI=7
 inherit eutils user systemd tmpfiles
 DESCRIPTION="coturn TURN server project"
 HOMEPAGE="https://github.com/${PN}/${PN}"
@@ -20,7 +20,9 @@ fi
 LICENSE="BSD"
 SLOT="0"
 IUSE="mongodb mysql postgres redis sqlite"
-RDEPEND="|| ( dev-libs/libevent[-ssl,libressl] dev-libs/libevent[ssl,-libressl] >dev-libs/libevent-2.1.8[ssl,libressl] )
+RDEPEND="acct-group/turnserver
+	 acct-user/turnserver
+	 || ( dev-libs/libevent[-ssl,libressl] dev-libs/libevent[ssl,-libressl] >dev-libs/libevent-2.1.8[ssl,libressl] )
 	 mongodb? ( dev-libs/mongo-c-driver )
 	 mysql?  ( dev-db/mysql-connector-c )
 	 postgres? ( dev-db/postgresql:* )
@@ -64,8 +66,6 @@ src_install() {
 
 pkg_postinst() {
 	tmpfiles_process "${PN}.conf"
-	enewgroup turnserver
-	enewuser turnserver -1 -1 -1 turnserver
 	elog "You need to copy /etc/turnserver.conf.default to"
 	elog "/etc/turnserver.conf and do your settings there."
 }

diff --git a/net-im/coturn/coturn-9999.ebuild b/net-im/coturn/coturn-9999.ebuild
index a1fe9ad57b2..9978e282984 100644
--- a/net-im/coturn/coturn-9999.ebuild
+++ b/net-im/coturn/coturn-9999.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI=7
 inherit eutils user systemd tmpfiles
 DESCRIPTION="coturn TURN server project"
 HOMEPAGE="https://github.com/${PN}/${PN}"
@@ -20,7 +20,9 @@ fi
 LICENSE="BSD"
 SLOT="0"
 IUSE="mongodb mysql postgres redis sqlite"
-RDEPEND="|| ( dev-libs/libevent[-ssl,libressl] dev-libs/libevent[ssl,-libressl] >dev-libs/libevent-2.1.8[ssl,libressl] )
+RDEPEND="acct-group/turnserver
+	 acct-user/turnserver
+	 || ( dev-libs/libevent[-ssl,libressl] dev-libs/libevent[ssl,-libressl] >dev-libs/libevent-2.1.8[ssl,libressl] )
 	 mongodb? ( dev-libs/mongo-c-driver )
 	 mysql?  ( dev-db/mysql-connector-c )
 	 postgres? ( dev-db/postgresql:* )
@@ -64,8 +66,6 @@ src_install() {
 
 pkg_postinst() {
 	tmpfiles_process "${PN}.conf"
-	enewgroup turnserver
-	enewuser turnserver -1 -1 -1 turnserver
 	elog "You need to copy /etc/turnserver.conf.default to"
 	elog "/etc/turnserver.conf and do your settings there."
 }

diff --git a/net-im/coturn/files/turnserver.init b/net-im/coturn/files/turnserver.init
old mode 100755
new mode 100644
index 682e4f12202..676fe1037ad
--- a/net-im/coturn/files/turnserver.init
+++ b/net-im/coturn/files/turnserver.init
@@ -1,5 +1,5 @@
 #!/sbin/openrc-run
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 

[gentoo-commits] repo/gentoo:master commit in: net-im/coturn/, net-im/coturn/files/

[Sam James]

commit:     23af4fed2d7cc961e7df0ccb0765e590e673f9ab
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu May 19 03:41:36 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu May 19 03:41:36 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23af4fed

net-im/coturn: fix automagic OpenSSL dep

Also:
- Fix calling AR, CC directly
- Fix TMPDIR usage

Bug: https://bugs.gentoo.org/729820
Closes: https://bugs.gentoo.org/835652
Closes: https://bugs.gentoo.org/724918
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-im/coturn/coturn-4.5.2-r1.ebuild               | 17 +++++++++---
 net-im/coturn/coturn-9999.ebuild                   | 31 +++++++++++++++-------
 .../coturn/files/coturn-4.5.2-respect-TMPDIR.patch | 24 +++++++++++++++++
 3 files changed, 59 insertions(+), 13 deletions(-)

diff --git a/net-im/coturn/coturn-4.5.2-r1.ebuild b/net-im/coturn/coturn-4.5.2-r1.ebuild
index 37dde1c42c28..d3a3c8813604 100644
--- a/net-im/coturn/coturn-4.5.2-r1.ebuild
+++ b/net-im/coturn/coturn-4.5.2-r1.ebuild
@@ -2,14 +2,14 @@
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
-inherit systemd tmpfiles
+
+inherit toolchain-funcs systemd tmpfiles
 DESCRIPTION="coturn TURN server project"
 HOMEPAGE="https://github.com/coturn/coturn"
 
 if [ ${PV} = 9999 ]; then
 	EGIT_REPO_URI="https://github.com/${PN}/${PN}.git"
 	inherit git-r3
-	DEPEND="dev-vcs/git"
 #	S="${WORKDIR}/${PN}-master"
 else
 	KEYWORDS="~amd64 ~x86"
@@ -22,13 +22,18 @@ IUSE="mongodb mysql postgres redis sqlite"
 RDEPEND="acct-group/turnserver
 	acct-user/turnserver
 	>dev-libs/libevent-2.1.8:=
+	dev-libs/openssl:=
 	mongodb? ( dev-libs/mongo-c-driver )
 	mysql?  ( dev-db/mysql-connector-c:= )
 	postgres? ( dev-db/postgresql:* )
 	redis? ( dev-libs/hiredis:= )
 	sqlite? ( dev-db/sqlite )"
-
 DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-4.5.2-respect-TMPDIR.patch
+)
 
 src_configure() {
 	if [ -n "${AR}" ]; then
@@ -56,7 +61,13 @@ src_configure() {
 	if ! use sqlite; then
 		export TURN_NO_SQLITE=yes
 	fi
+
+	tc-export CC
+
+	export ARCHIVERCMD="$(tc-getAR) -r"
+	export PKGCONFIG="$(tc-getPKG_CONFIG)"
 	export DOCSDIR="/usr/share/doc/${PN}-${PV}"
+
 	econf $(use_with sqlite)
 }
 

diff --git a/net-im/coturn/coturn-9999.ebuild b/net-im/coturn/coturn-9999.ebuild
index 4f65686782b4..d3a3c8813604 100644
--- a/net-im/coturn/coturn-9999.ebuild
+++ b/net-im/coturn/coturn-9999.ebuild
@@ -2,14 +2,14 @@
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
-inherit systemd tmpfiles
+
+inherit toolchain-funcs systemd tmpfiles
 DESCRIPTION="coturn TURN server project"
 HOMEPAGE="https://github.com/coturn/coturn"
 
 if [ ${PV} = 9999 ]; then
 	EGIT_REPO_URI="https://github.com/${PN}/${PN}.git"
 	inherit git-r3
-	DEPEND="dev-vcs/git"
 #	S="${WORKDIR}/${PN}-master"
 else
 	KEYWORDS="~amd64 ~x86"
@@ -20,15 +20,20 @@ LICENSE="BSD"
 SLOT="0"
 IUSE="mongodb mysql postgres redis sqlite"
 RDEPEND="acct-group/turnserver
-	 acct-user/turnserver
-	 >dev-libs/libevent-2.1.8:=
-	 mongodb? ( dev-libs/mongo-c-driver )
-	 mysql?  ( dev-db/mysql-connector-c:= )
-	 postgres? ( dev-db/postgresql:* )
-	 redis? ( dev-libs/hiredis:= )
-	 sqlite? ( dev-db/sqlite )"
-
+	acct-user/turnserver
+	>dev-libs/libevent-2.1.8:=
+	dev-libs/openssl:=
+	mongodb? ( dev-libs/mongo-c-driver )
+	mysql?  ( dev-db/mysql-connector-c:= )
+	postgres? ( dev-db/postgresql:* )
+	redis? ( dev-libs/hiredis:= )
+	sqlite? ( dev-db/sqlite )"
 DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-4.5.2-respect-TMPDIR.patch
+)
 
 src_configure() {
 	if [ -n "${AR}" ]; then
@@ -56,7 +61,13 @@ src_configure() {
 	if ! use sqlite; then
 		export TURN_NO_SQLITE=yes
 	fi
+
+	tc-export CC
+
+	export ARCHIVERCMD="$(tc-getAR) -r"
+	export PKGCONFIG="$(tc-getPKG_CONFIG)"
 	export DOCSDIR="/usr/share/doc/${PN}-${PV}"
+
 	econf $(use_with sqlite)
 }
 

diff --git a/net-im/coturn/files/coturn-4.5.2-respect-TMPDIR.patch b/net-im/coturn/files/coturn-4.5.2-respect-TMPDIR.patch
new file mode 100644
index 000000000000..036705afc1f2
--- /dev/null
+++ b/net-im/coturn/files/coturn-4.5.2-respect-TMPDIR.patch
@@ -0,0 +1,24 @@
+diff --git a/configure b/configure
+index caf11f5..003da8d 100755
+--- a/configure
++++ b/configure
+@@ -513,12 +513,13 @@ fi
+ # Temporary DIR location:
+ #########################
+ 
+-TMPDIR="."
+-
+-if [ -d /var/tmp ] ; then
+-  TMPDIR="/var/tmp"
+-elif [ -d /tmp ] ; then
+-  TMPDIR=/tmp
++TMPDIR=${TMPDIR:-.}
++if test x"${TMPDIR}" = "." ; then
++  if [ -d /var/tmp ] ; then
++    TMPDIR="/var/tmp"
++  elif [ -d /tmp ] ; then
++    TMPDIR=/tmp
++  fi
+ fi
+ 
+ ${ECHO_CMD} Use TMP dir ${TMPDIR}

[gentoo-commits] repo/gentoo:master commit in: net-im/coturn/, net-im/coturn/files/

[Sam James]

commit:     c0ca7de3d5a6cf9272978d19b813c5697abba710
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 31 01:24:28 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 31 01:42:25 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0ca7de3

net-im/coturn: add 4.6.0

Closes: https://bugs.gentoo.org/729820
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-im/coturn/Manifest                             |   1 +
 .../{coturn-9999.ebuild => coturn-4.6.0.ebuild}    |  31 +-
 net-im/coturn/coturn-9999.ebuild                   |  31 +-
 net-im/coturn/files/coturn-4.6.0-openssl3.patch    | 356 +++++++++++++++++++++
 4 files changed, 399 insertions(+), 20 deletions(-)

diff --git a/net-im/coturn/Manifest b/net-im/coturn/Manifest
index f6b191a10c62..b7be62479570 100644
--- a/net-im/coturn/Manifest
+++ b/net-im/coturn/Manifest
@@ -1 +1,2 @@
 DIST coturn-4.5.2.tar.gz 442745 BLAKE2B c18d5f5cfedd600875c0bfa08b874ef6316a5aa9af34c27e2901825da412b794d437e08f0706f9651bdf6d3d19e151486af39a42f2326c7ab6bb802d33fd0ba4 SHA512 00e86a3a273a8e4e69deaefd338bdd6c44739a807f21a72a2d68efc089053e16efd1d5b34b0c6dea7a0fa2b66f70821d8c3e1107561e1f08dfac2c93933a6121
+DIST coturn-4.6.0.tar.gz 474423 BLAKE2B b70ecd1f333f4f9f37adcab6f5fd3406aa0eb962488b7cae4a30c9339cf7b11b2bfedd1fa70bd3b0c32bf82702d39eb22278506521f71e0cb6aaadee9d3c3d05 SHA512 a80ea1b8d9c78b8f9fc632517a0246cb0d2d4ff21c59d53827f026fb3a145a01b3bec637af94a96b525c35251cb5e9e209ba7f368f08e12ef61220bcb784637c

diff --git a/net-im/coturn/coturn-9999.ebuild b/net-im/coturn/coturn-4.6.0.ebuild
similarity index 80%
copy from net-im/coturn/coturn-9999.ebuild
copy to net-im/coturn/coturn-4.6.0.ebuild
index d3a3c8813604..8c10c10306aa 100644
--- a/net-im/coturn/coturn-9999.ebuild
+++ b/net-im/coturn/coturn-4.6.0.ebuild
@@ -4,22 +4,25 @@
 EAPI=7
 
 inherit toolchain-funcs systemd tmpfiles
+
 DESCRIPTION="coturn TURN server project"
 HOMEPAGE="https://github.com/coturn/coturn"
 
-if [ ${PV} = 9999 ]; then
-	EGIT_REPO_URI="https://github.com/${PN}/${PN}.git"
+if [[ ${PV} == *9999 ]]; then
+	EGIT_REPO_URI="https://github.com/coturn/coturn.git"
 	inherit git-r3
-#	S="${WORKDIR}/${PN}-master"
+	#S="${WORKDIR}/${PN}-master"
 else
+	SRC_URI="https://github.com/coturn/coturn/archive/${PV}.tar.gz -> ${P}.tar.gz"
 	KEYWORDS="~amd64 ~x86"
-	SRC_URI="https://github.com/${PN}/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
 fi
 
 LICENSE="BSD"
 SLOT="0"
 IUSE="mongodb mysql postgres redis sqlite"
-RDEPEND="acct-group/turnserver
+
+RDEPEND="
+	acct-group/turnserver
 	acct-user/turnserver
 	>dev-libs/libevent-2.1.8:=
 	dev-libs/openssl:=
@@ -27,18 +30,21 @@ RDEPEND="acct-group/turnserver
 	mysql?  ( dev-db/mysql-connector-c:= )
 	postgres? ( dev-db/postgresql:* )
 	redis? ( dev-libs/hiredis:= )
-	sqlite? ( dev-db/sqlite )"
+	sqlite? ( dev-db/sqlite )
+"
 DEPEND="${RDEPEND}"
 BDEPEND="virtual/pkgconfig"
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-4.5.2-respect-TMPDIR.patch
+	"${FILESDIR}"/${P}-openssl3.patch
 )
 
 src_configure() {
-	if [ -n "${AR}" ]; then
+	if [[ -n "${AR}" ]]; then
 		sed 's:ARCHIVERCMD="ar -r":ARCHIVERCMD="${AR} -r":g' -i "${S}/configure"
 	fi
+
 	sed 's:MANPREFIX}/man/:MANPREFIX}/:g' -i "${S}/Makefile.in" || die "sed for mandir failed"
 	sed 's:#log-file=/var/tmp/turn.log:log-file=/var/log/turnserver.log:' \
 	    -i "${S}/examples/etc/turnserver.conf"  || die "sed for logdir failed"
@@ -46,6 +52,7 @@ src_configure() {
 	    || die "sed for simple-log failed"
 	sed '/INSTALL_DIR} examples\/script/a \	\${INSTALL_DIR} examples\/ca \${DESTDIR}${EXAMPLESDIR}' \
 	    -i "${S}/Makefile.in" || die "sed for example ca failed"
+
 	if ! use mongodb; then
 		export TURN_NO_MONGO=yes
 	fi
@@ -73,15 +80,19 @@ src_configure() {
 
 src_install() {
 	default
+
 	newinitd "${FILESDIR}/turnserver.init" turnserver
+
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}/logrotate.${PN}" "${PN}"
+
 	systemd_dounit "${FILESDIR}/${PN}.service"
 	dotmpfiles "${FILESDIR}/${PN}.conf"
 }
 
 pkg_postinst() {
-	tmpfiles_process "${PN}.conf"
-	elog "You need to copy /etc/turnserver.conf.default to"
-	elog "/etc/turnserver.conf and do your settings there."
+	tmpfiles_process ${PN}.conf
+
+	elog "You need to copy ${EROOT}/etc/turnserver.conf.default to"
+	elog "${EROOT}/etc/turnserver.conf and do your settings there."
 }

diff --git a/net-im/coturn/coturn-9999.ebuild b/net-im/coturn/coturn-9999.ebuild
index d3a3c8813604..8c10c10306aa 100644
--- a/net-im/coturn/coturn-9999.ebuild
+++ b/net-im/coturn/coturn-9999.ebuild
@@ -4,22 +4,25 @@
 EAPI=7
 
 inherit toolchain-funcs systemd tmpfiles
+
 DESCRIPTION="coturn TURN server project"
 HOMEPAGE="https://github.com/coturn/coturn"
 
-if [ ${PV} = 9999 ]; then
-	EGIT_REPO_URI="https://github.com/${PN}/${PN}.git"
+if [[ ${PV} == *9999 ]]; then
+	EGIT_REPO_URI="https://github.com/coturn/coturn.git"
 	inherit git-r3
-#	S="${WORKDIR}/${PN}-master"
+	#S="${WORKDIR}/${PN}-master"
 else
+	SRC_URI="https://github.com/coturn/coturn/archive/${PV}.tar.gz -> ${P}.tar.gz"
 	KEYWORDS="~amd64 ~x86"
-	SRC_URI="https://github.com/${PN}/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
 fi
 
 LICENSE="BSD"
 SLOT="0"
 IUSE="mongodb mysql postgres redis sqlite"
-RDEPEND="acct-group/turnserver
+
+RDEPEND="
+	acct-group/turnserver
 	acct-user/turnserver
 	>dev-libs/libevent-2.1.8:=
 	dev-libs/openssl:=
@@ -27,18 +30,21 @@ RDEPEND="acct-group/turnserver
 	mysql?  ( dev-db/mysql-connector-c:= )
 	postgres? ( dev-db/postgresql:* )
 	redis? ( dev-libs/hiredis:= )
-	sqlite? ( dev-db/sqlite )"
+	sqlite? ( dev-db/sqlite )
+"
 DEPEND="${RDEPEND}"
 BDEPEND="virtual/pkgconfig"
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-4.5.2-respect-TMPDIR.patch
+	"${FILESDIR}"/${P}-openssl3.patch
 )
 
 src_configure() {
-	if [ -n "${AR}" ]; then
+	if [[ -n "${AR}" ]]; then
 		sed 's:ARCHIVERCMD="ar -r":ARCHIVERCMD="${AR} -r":g' -i "${S}/configure"
 	fi
+
 	sed 's:MANPREFIX}/man/:MANPREFIX}/:g' -i "${S}/Makefile.in" || die "sed for mandir failed"
 	sed 's:#log-file=/var/tmp/turn.log:log-file=/var/log/turnserver.log:' \
 	    -i "${S}/examples/etc/turnserver.conf"  || die "sed for logdir failed"
@@ -46,6 +52,7 @@ src_configure() {
 	    || die "sed for simple-log failed"
 	sed '/INSTALL_DIR} examples\/script/a \	\${INSTALL_DIR} examples\/ca \${DESTDIR}${EXAMPLESDIR}' \
 	    -i "${S}/Makefile.in" || die "sed for example ca failed"
+
 	if ! use mongodb; then
 		export TURN_NO_MONGO=yes
 	fi
@@ -73,15 +80,19 @@ src_configure() {
 
 src_install() {
 	default
+
 	newinitd "${FILESDIR}/turnserver.init" turnserver
+
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}/logrotate.${PN}" "${PN}"
+
 	systemd_dounit "${FILESDIR}/${PN}.service"
 	dotmpfiles "${FILESDIR}/${PN}.conf"
 }
 
 pkg_postinst() {
-	tmpfiles_process "${PN}.conf"
-	elog "You need to copy /etc/turnserver.conf.default to"
-	elog "/etc/turnserver.conf and do your settings there."
+	tmpfiles_process ${PN}.conf
+
+	elog "You need to copy ${EROOT}/etc/turnserver.conf.default to"
+	elog "${EROOT}/etc/turnserver.conf and do your settings there."
 }

diff --git a/net-im/coturn/files/coturn-4.6.0-openssl3.patch b/net-im/coturn/files/coturn-4.6.0-openssl3.patch
new file mode 100644
index 000000000000..19b88048af50
--- /dev/null
+++ b/net-im/coturn/files/coturn-4.6.0-openssl3.patch
@@ -0,0 +1,356 @@
+https://github.com/coturn/coturn/commit/9af9f6306ab73c3403f9e11086b1936e9148f7de
+https://github.com/coturn/coturn/commit/4ce784a8781ab086c150e2b9f5641b1a37fd9b31
+https://github.com/coturn/coturn/commit/9370bb742d976166a51032760da1ecedefb92267
+https://github.com/coturn/coturn/commit/d72a2a8920b80ce66b36e22b2c22f308ad06c424
+
+From 9af9f6306ab73c3403f9e11086b1936e9148f7de Mon Sep 17 00:00:00 2001
+From: Pavel Punsky <eakraly@users.noreply.github.com>
+Date: Wed, 14 Sep 2022 03:29:26 -0700
+Subject: [PATCH] Fix renegotiation flag for older version of openssl (#978)
+
+`SSL_OP_NO_RENEGOTIATION` is only supported in openssl-1.1.0 and above
+Older versions have `SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS `
+
+Fixes #977 and #952
+
+Test:
+Build in a docker container running running openssl-1.0.2g (ubuntu
+16.04) successfully (without the fix getting the same errors)
+--- a/src/apps/relay/dtls_listener.c
++++ b/src/apps/relay/dtls_listener.c
+@@ -295,8 +295,17 @@ static ioa_socket_handle dtls_server_input_handler(dtls_listener_relay_server_ty
+ 	SSL_set_accept_state(connecting_ssl);
+ 
+ 	SSL_set_bio(connecting_ssl, NULL, wbio);
+-	SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION);
+-
++	SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
++		| SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
++#endif
++#else
++#if defined(SSL_OP_NO_RENEGOTIATION)
++		| SSL_OP_NO_RENEGOTIATION
++#endif
++#endif
++	);
+ 	SSL_set_max_cert_list(connecting_ssl, 655350);
+ 
+ 	ioa_socket_handle rc = dtls_accept_client_connection(server, s, connecting_ssl,
+@@ -581,7 +590,17 @@ static int create_new_connected_udp_socket(
+ 
+ 		SSL_set_bio(connecting_ssl, NULL, wbio);
+ 
+-		SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION);
++		SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
++			| SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
++#endif
++#else
++#if defined(SSL_OP_NO_RENEGOTIATION)
++			| SSL_OP_NO_RENEGOTIATION
++#endif
++#endif
++		);
+ 
+ 		SSL_set_max_cert_list(connecting_ssl, 655350);
+ 		int rc = ssl_read(ret->fd, connecting_ssl, server->sm.m.sm.nd.nbh,
+--- a/src/apps/relay/ns_ioalib_engine_impl.c
++++ b/src/apps/relay/ns_ioalib_engine_impl.c
+@@ -1428,7 +1428,17 @@ static void set_socket_ssl(ioa_socket_handle s, SSL *ssl)
+ 		if(ssl) {
+ 			SSL_set_app_data(ssl,s);
+ 			SSL_set_info_callback(ssl, (ssl_info_callback_t)ssl_info_callback);
+-			SSL_set_options(ssl, SSL_OP_NO_RENEGOTIATION);
++			SSL_set_options(ssl, 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
++				SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
++#endif
++#else
++#if defined(SSL_OP_NO_RENEGOTIATION)
++				SSL_OP_NO_RENEGOTIATION
++#endif
++#endif
++			);
+ 		}
+ 	}
+ }
+
+From 4ce784a8781ab086c150e2b9f5641b1a37fd9b31 Mon Sep 17 00:00:00 2001
+From: Pavel Punsky <eakraly@users.noreply.github.com>
+Date: Fri, 16 Sep 2022 00:46:45 -0700
+Subject: [PATCH] Improve openssl3 and FIPS support (#955)
+
+openssl-3.0 deprecated some APIs and introduced new APIs instead:
+
+`SSL_get_peer_certificate ` -> `SSL_get1_peer_certificate `
+`FIPS_mode()`->`EVP_default_properties_is_fips_enabled()`
+`EVP_MD_CTX_set_flags()`->`EVP_default_properties_enable_fips()`
+specifically for enabling FIPS mode
+
+This change should workaround that by ifdef-ing old/new versions of
+openssl and APIs - so pre-3.0 use existing APIs (so not change there)
+and >=3.0 will use new APIs (whether it actually works or not is still
+TBD as this is just a first step in openssl-3.0 support)
+
+Should fix #886
+
+Test Plan:
+Run CI build that supports ubuntu-20.04 (openssl-1.1.1) and ubuntu-22.04
+(openssl-3.0.2)
+Both builds pass
+None of them have FIPS support (which for 1.1.x stays the same as
+before)
+
+Co-authored-by: Pavel Punsky <pavel.punsky@epicgames.com>
+--- a/src/apps/relay/ns_ioalib_engine_impl.c
++++ b/src/apps/relay/ns_ioalib_engine_impl.c
+@@ -1868,7 +1868,11 @@ int ssl_read(evutil_socket_t fd, SSL* ssl, ioa_network_buffer_handle nbh, int ve
+ 
+ 	} else if (!if1 && if2) {
+ 
++#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
++		if(verbose && SSL_get1_peer_certificate(ssl)) {
++#else
+ 		if(verbose && SSL_get_peer_certificate(ssl)) {
++#endif
+ 		  printf("\n------------------------------------------------------------\n");
+ 		  X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)), 1,
+ 					XN_FLAG_MULTILINE);
+--- a/src/apps/uclient/startuclient.c
++++ b/src/apps/uclient/startuclient.c
+@@ -138,7 +138,11 @@ static SSL* tls_connect(ioa_socket_raw fd, ioa_addr *remote_addr, int *try_again
+ 		if (rc > 0) {
+ 		  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO,"%s: client session connected with cipher %s, method=%s\n",__FUNCTION__,
+ 				  SSL_get_cipher(ssl),turn_get_ssl_method(ssl,NULL));
++#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
++		  if(clnet_verbose && SSL_get1_peer_certificate(ssl)) {
++#else
+ 		  if(clnet_verbose && SSL_get_peer_certificate(ssl)) {
++#endif
+ 			  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "------------------------------------------------------------\n");
+ 		  	X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)), 1,
+ 		  						XN_FLAG_MULTILINE);
+--- a/src/client/ns_turn_msg.c
++++ b/src/client/ns_turn_msg.c
+@@ -248,12 +248,22 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm, c
+ 		if (FIPS_mode()) {
+ 			EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ 		}
+-#endif
++#endif // defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER)
+ 		EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
+ 		EVP_DigestUpdate(&ctx,str,strl);
+ 		EVP_DigestFinal(&ctx,key,&keylen);
+ 		EVP_MD_CTX_cleanup(&ctx);
+-#else
++#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
++ 		unsigned int keylen = 0;
++ 		EVP_MD_CTX *ctx = EVP_MD_CTX_new();
++		if (EVP_default_properties_is_fips_enabled(NULL)) {
++			EVP_default_properties_enable_fips(NULL, 0);
++ 		}
++ 		EVP_DigestInit_ex(ctx,EVP_md5(), NULL);
++ 		EVP_DigestUpdate(ctx,str,strl);
++ 		EVP_DigestFinal(ctx,key,&keylen);
++ 		EVP_MD_CTX_free(ctx);
++#else // OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		unsigned int keylen = 0;
+ 		EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+ #if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && ! defined(LIBRESSL_VERSION_NUMBER)
+@@ -265,7 +275,7 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm, c
+ 		EVP_DigestUpdate(ctx,str,strl);
+ 		EVP_DigestFinal(ctx,key,&keylen);
+ 		EVP_MD_CTX_free(ctx);
+-#endif
++#endif // OPENSSL_VERSION_NUMBER < 0X10100000L
+ 		ret = 0;
+ 	}
+ 
+
+From 9370bb742d976166a51032760da1ecedefb92267 Mon Sep 17 00:00:00 2001
+From: Pavel Punsky <eakraly@users.noreply.github.com>
+Date: Fri, 16 Sep 2022 23:29:32 -0700
+Subject: [PATCH] Fix a warning (#988)
+
+There are too many defines that are, eventually, used in one place so
+just inlining.
+
+Current code generates following warning:
+```
+warning: macro expansion producing 'defined' has undefined behavior [-Wexpansion-to-defined]
+```
+
+With the fix there is no warning
+
+Co-authored-by: Pavel Punsky <pavel.punsky@epicgames.com>
+--- a/src/apps/relay/netengine.c
++++ b/src/apps/relay/netengine.c
+@@ -31,13 +31,7 @@
+ #include "mainrelay.h"
+ 
+ //////////// Backward compatibility with OpenSSL 1.0.x //////////////
+-#define HAVE_OPENSSL11_API (!(OPENSSL_VERSION_NUMBER < 0x10100001L || defined LIBRESSL_VERSION_NUMBER))
+-
+-#ifndef HAVE_SSL_CTX_UP_REF
+-#define HAVE_SSL_CTX_UP_REF HAVE_OPENSSL11_API
+-#endif
+-
+-#if !HAVE_SSL_CTX_UP_REF
++#if (OPENSSL_VERSION_NUMBER < 0x10100001L || defined LIBRESSL_VERSION_NUMBER)
+ #define SSL_CTX_up_ref(ctx) CRYPTO_add(&(ctx)->references, 1, CRYPTO_LOCK_SSL_CTX)
+ #endif
+ 
+
+From d72a2a8920b80ce66b36e22b2c22f308ad06c424 Mon Sep 17 00:00:00 2001
+From: Pavel Punsky <eakraly@users.noreply.github.com>
+Date: Mon, 24 Oct 2022 13:06:35 -0700
+Subject: [PATCH] Cleanup openssl initialization (#1012)
+
+Rewriting openssl initialization code (threading support to make it
+cleaner
+
+- Regroup functions so that there is one ifdef (for old code and new
+code)
+- Modern openssl (>1.0.2) does not need any synchornization routines so
+they are empty
+- Old openssl (<=1.0.2) now require `OPENSSL_THREADS` which allows
+running multiple threads in turnserver. Not having turnserver
+multi-threaded is a huge waste. `OPENSSL_THREADS` is now a requirement.
+
+
+Test Plan:
+- CI builds pass for openssl versions 1.0.2, 1.1.1, 3.0, including tests
+--- a/src/apps/relay/mainrelay.c
++++ b/src/apps/relay/mainrelay.c
+@@ -1345,7 +1345,6 @@ static void set_option(int c, char *value)
+ 		STRCPY(turn_params.relay_ifname, value);
+ 		break;
+ 	case 'm':
+-#if defined(OPENSSL_THREADS)
+ 		if(atoi(value)>MAX_NUMBER_OF_GENERAL_RELAY_SERVERS) {
+ 			TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: max number of relay threads is 128.\n");
+ 			turn_params.general_relay_servers_number = MAX_NUMBER_OF_GENERAL_RELAY_SERVERS;
+@@ -1354,9 +1353,6 @@ static void set_option(int c, char *value)
+ 		} else {
+ 			turn_params.general_relay_servers_number = atoi(value);
+ 		}
+-#else
+-		TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: OpenSSL version is too old OR does not support threading,\n I am using single thread for relaying.\n");
+-#endif
+ 		break;
+ 	case 'd':
+ 		STRCPY(turn_params.listener_ifname, value);
+@@ -2645,9 +2641,8 @@ int main(int argc, char **argv)
+ 
+ ////////// OpenSSL locking ////////////////////////////////////////
+ 
+-#if defined(OPENSSL_THREADS)
+-
+-static char some_buffer[65536];
++#if defined(OPENSSL_THREADS) 
++#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0
+ 
+ //array larger than anything that OpenSSL may need:
+ static pthread_mutex_t mutex_buf[256];
+@@ -2665,76 +2660,52 @@ void coturn_locking_function(int mode, int n, const char *file, int line) {
+   }
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+ void coturn_id_function(CRYPTO_THREADID *ctid);
+ void coturn_id_function(CRYPTO_THREADID *ctid)
+ {
+ 	UNUSED_ARG(ctid);
+     CRYPTO_THREADID_set_numeric(ctid, (unsigned long)pthread_self());
+ }
+-#else
+-unsigned long coturn_id_function(void);
+-unsigned long coturn_id_function(void)
+-{
+-    return (unsigned long)pthread_self();
+-}
+-#endif
+-
+-#endif
+ 
+ static int THREAD_setup(void) {
+-
+-#if defined(OPENSSL_THREADS)
+-
+-	int i;
+-
+-	some_buffer[0] = 0;
+-
++    int i;
+ 	for (i = 0; i < CRYPTO_num_locks(); i++) {
+ 		pthread_mutex_init(&(mutex_buf[i]), NULL);
+ 	}
+ 
+ 	mutex_buf_initialized = 1;
+-
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1
+ 	CRYPTO_THREADID_set_callback(coturn_id_function);
+-#else
+-	CRYPTO_set_id_callback(coturn_id_function);
+-#endif
+-
+ 	CRYPTO_set_locking_callback(coturn_locking_function);
+-#endif
+-
+ 	return 1;
+ }
+ 
+ int THREAD_cleanup(void);
+ int THREAD_cleanup(void) {
++    int i;
+ 
+-#if defined(OPENSSL_THREADS)
++    if (!mutex_buf_initialized)
++        return 0;
+ 
+-  int i;
+-
+-  if (!mutex_buf_initialized)
+-    return 0;
++    CRYPTO_THREADID_set_callback(NULL);
++    CRYPTO_set_locking_callback(NULL);
++    for (i = 0; i < CRYPTO_num_locks(); i++) {
++        pthread_mutex_destroy(&(mutex_buf[i]));
++    }
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1
+-	CRYPTO_THREADID_set_callback(NULL);
++    mutex_buf_initialized = 0;
++  return 1;
++}
+ #else
+-	CRYPTO_set_id_callback(NULL);
+-#endif
+-
+-  CRYPTO_set_locking_callback(NULL);
+-  for (i = 0; i < CRYPTO_num_locks(); i++) {
+-	  pthread_mutex_destroy(&(mutex_buf[i]));
+-  }
+-
+-  mutex_buf_initialized = 0;
+-
+-#endif
++static int THREAD_setup(void) {
++    return 1;
++}
+ 
+-  return 1;
++int THREAD_cleanup(void);
++int THREAD_cleanup(void){
++    return 1;
+ }
++#endif /* OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0 */
++#endif /* defined(OPENSSL_THREADS) */
+ 
+ static void adjust_key_file_name(char *fn, const char* file_title, int critical)
+ {
+

[gentoo-commits] repo/gentoo:master commit in: net-im/coturn/, net-im/coturn/files/

[Petr Vaněk]

commit:     cd0419b27573bf5dca336298305822a6435201c4
Author:     Petr Vaněk <arkamar <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  7 09:07:20 2024 +0000
Commit:     Petr Vaněk <arkamar <AT> gentoo <DOT> org>
CommitDate: Thu Nov  7 09:08:00 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd0419b2

net-im/coturn: drop 4.6.0

Signed-off-by: Petr Vaněk <arkamar <AT> gentoo.org>

 net-im/coturn/Manifest                          |   1 -
 net-im/coturn/coturn-4.6.0.ebuild               |  98 -------
 net-im/coturn/files/coturn-4.6.0-openssl3.patch | 356 ------------------------
 3 files changed, 455 deletions(-)

diff --git a/net-im/coturn/Manifest b/net-im/coturn/Manifest
index b3201c354154..e9b58ef076e4 100644
--- a/net-im/coturn/Manifest
+++ b/net-im/coturn/Manifest
@@ -1,2 +1 @@
-DIST coturn-4.6.0.tar.gz 474423 BLAKE2B b70ecd1f333f4f9f37adcab6f5fd3406aa0eb962488b7cae4a30c9339cf7b11b2bfedd1fa70bd3b0c32bf82702d39eb22278506521f71e0cb6aaadee9d3c3d05 SHA512 a80ea1b8d9c78b8f9fc632517a0246cb0d2d4ff21c59d53827f026fb3a145a01b3bec637af94a96b525c35251cb5e9e209ba7f368f08e12ef61220bcb784637c
 DIST coturn-4.6.2.tar.gz 506275 BLAKE2B 0755e5ab8a5aa87606a604f7ebda81dfd1e5ae04e394316d841954f2d45caafccab43c17aee6de241b7b3e8483a4f7b54f68b915921b36621929d60127d1084b SHA512 ab8457921952a00b34111c03f2e5a2a9035977566270fdf9c8b9b777346645a8b233574134c0ef1c3aa2cf84bd89fbc82648678144c68ac0dff1712ce503b731

diff --git a/net-im/coturn/coturn-4.6.0.ebuild b/net-im/coturn/coturn-4.6.0.ebuild
deleted file mode 100644
index 92b69c62eba0..000000000000
--- a/net-im/coturn/coturn-4.6.0.ebuild
+++ /dev/null
@@ -1,98 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit toolchain-funcs systemd tmpfiles
-
-DESCRIPTION="coturn TURN server project"
-HOMEPAGE="https://github.com/coturn/coturn"
-
-if [[ ${PV} == *9999 ]]; then
-	EGIT_REPO_URI="https://github.com/coturn/coturn.git"
-	inherit git-r3
-	#S="${WORKDIR}/${PN}-master"
-else
-	SRC_URI="https://github.com/coturn/coturn/archive/${PV}.tar.gz -> ${P}.tar.gz"
-	KEYWORDS="~amd64 ~arm64 ~x86"
-fi
-
-LICENSE="BSD"
-SLOT="0"
-IUSE="mongodb mysql postgres redis sqlite"
-
-RDEPEND="
-	acct-group/turnserver
-	acct-user/turnserver
-	>dev-libs/libevent-2.1.8:=
-	dev-libs/openssl:=
-	mongodb? ( dev-libs/mongo-c-driver )
-	mysql?  ( dev-db/mysql-connector-c:= )
-	postgres? ( dev-db/postgresql:* )
-	redis? ( dev-libs/hiredis:= )
-	sqlite? ( dev-db/sqlite )
-"
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-4.5.2-respect-TMPDIR.patch
-	"${FILESDIR}"/${P}-openssl3.patch
-)
-
-src_configure() {
-	if [[ -n "${AR}" ]]; then
-		sed 's:ARCHIVERCMD="ar -r":ARCHIVERCMD="${AR} -r":g' -i "${S}/configure"
-	fi
-
-	sed 's:MANPREFIX}/man/:MANPREFIX}/:g' -i "${S}/Makefile.in" || die "sed for mandir failed"
-	sed 's:#log-file=/var/tmp/turn.log:log-file=/var/log/turnserver.log:' \
-	    -i "${S}/examples/etc/turnserver.conf"  || die "sed for logdir failed"
-	sed 's:#simple-log:simple-log:' -i "${S}/examples/etc/turnserver.conf" \
-	    || die "sed for simple-log failed"
-	sed '/INSTALL_DIR} examples\/script/a \	\${INSTALL_DIR} examples\/ca \${DESTDIR}${EXAMPLESDIR}' \
-	    -i "${S}/Makefile.in" || die "sed for example ca failed"
-
-	if ! use mongodb; then
-		export TURN_NO_MONGO=yes
-	fi
-	if ! use mysql; then
-		export TURN_NO_MYSQL=yes
-	fi
-	if ! use postgres; then
-		export TURN_NO_PQ=yes
-	fi
-	if ! use redis; then
-		export TURN_NO_HIREDIS=yes
-	fi
-	if ! use sqlite; then
-		export TURN_NO_SQLITE=yes
-	fi
-
-	tc-export CC
-
-	export ARCHIVERCMD="$(tc-getAR) -r"
-	export PKGCONFIG="$(tc-getPKG_CONFIG)"
-	export DOCSDIR="/usr/share/doc/${PN}-${PV}"
-
-	econf $(use_with sqlite)
-}
-
-src_install() {
-	default
-
-	newinitd "${FILESDIR}/turnserver.init" turnserver
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/logrotate.${PN}" "${PN}"
-
-	systemd_dounit "${FILESDIR}/${PN}.service"
-	dotmpfiles "${FILESDIR}/${PN}.conf"
-}
-
-pkg_postinst() {
-	tmpfiles_process ${PN}.conf
-
-	elog "You need to copy ${EROOT}/etc/turnserver.conf.default to"
-	elog "${EROOT}/etc/turnserver.conf and do your settings there."
-}

diff --git a/net-im/coturn/files/coturn-4.6.0-openssl3.patch b/net-im/coturn/files/coturn-4.6.0-openssl3.patch
deleted file mode 100644
index 19b88048af50..000000000000
--- a/net-im/coturn/files/coturn-4.6.0-openssl3.patch
+++ /dev/null
@@ -1,356 +0,0 @@
-https://github.com/coturn/coturn/commit/9af9f6306ab73c3403f9e11086b1936e9148f7de
-https://github.com/coturn/coturn/commit/4ce784a8781ab086c150e2b9f5641b1a37fd9b31
-https://github.com/coturn/coturn/commit/9370bb742d976166a51032760da1ecedefb92267
-https://github.com/coturn/coturn/commit/d72a2a8920b80ce66b36e22b2c22f308ad06c424
-
-From 9af9f6306ab73c3403f9e11086b1936e9148f7de Mon Sep 17 00:00:00 2001
-From: Pavel Punsky <eakraly@users.noreply.github.com>
-Date: Wed, 14 Sep 2022 03:29:26 -0700
-Subject: [PATCH] Fix renegotiation flag for older version of openssl (#978)
-
-`SSL_OP_NO_RENEGOTIATION` is only supported in openssl-1.1.0 and above
-Older versions have `SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS `
-
-Fixes #977 and #952
-
-Test:
-Build in a docker container running running openssl-1.0.2g (ubuntu
-16.04) successfully (without the fix getting the same errors)
---- a/src/apps/relay/dtls_listener.c
-+++ b/src/apps/relay/dtls_listener.c
-@@ -295,8 +295,17 @@ static ioa_socket_handle dtls_server_input_handler(dtls_listener_relay_server_ty
- 	SSL_set_accept_state(connecting_ssl);
- 
- 	SSL_set_bio(connecting_ssl, NULL, wbio);
--	SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION);
--
-+	SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-+		| SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
-+#endif
-+#else
-+#if defined(SSL_OP_NO_RENEGOTIATION)
-+		| SSL_OP_NO_RENEGOTIATION
-+#endif
-+#endif
-+	);
- 	SSL_set_max_cert_list(connecting_ssl, 655350);
- 
- 	ioa_socket_handle rc = dtls_accept_client_connection(server, s, connecting_ssl,
-@@ -581,7 +590,17 @@ static int create_new_connected_udp_socket(
- 
- 		SSL_set_bio(connecting_ssl, NULL, wbio);
- 
--		SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION);
-+		SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-+			| SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
-+#endif
-+#else
-+#if defined(SSL_OP_NO_RENEGOTIATION)
-+			| SSL_OP_NO_RENEGOTIATION
-+#endif
-+#endif
-+		);
- 
- 		SSL_set_max_cert_list(connecting_ssl, 655350);
- 		int rc = ssl_read(ret->fd, connecting_ssl, server->sm.m.sm.nd.nbh,
---- a/src/apps/relay/ns_ioalib_engine_impl.c
-+++ b/src/apps/relay/ns_ioalib_engine_impl.c
-@@ -1428,7 +1428,17 @@ static void set_socket_ssl(ioa_socket_handle s, SSL *ssl)
- 		if(ssl) {
- 			SSL_set_app_data(ssl,s);
- 			SSL_set_info_callback(ssl, (ssl_info_callback_t)ssl_info_callback);
--			SSL_set_options(ssl, SSL_OP_NO_RENEGOTIATION);
-+			SSL_set_options(ssl, 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-+				SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
-+#endif
-+#else
-+#if defined(SSL_OP_NO_RENEGOTIATION)
-+				SSL_OP_NO_RENEGOTIATION
-+#endif
-+#endif
-+			);
- 		}
- 	}
- }
-
-From 4ce784a8781ab086c150e2b9f5641b1a37fd9b31 Mon Sep 17 00:00:00 2001
-From: Pavel Punsky <eakraly@users.noreply.github.com>
-Date: Fri, 16 Sep 2022 00:46:45 -0700
-Subject: [PATCH] Improve openssl3 and FIPS support (#955)
-
-openssl-3.0 deprecated some APIs and introduced new APIs instead:
-
-`SSL_get_peer_certificate ` -> `SSL_get1_peer_certificate `
-`FIPS_mode()`->`EVP_default_properties_is_fips_enabled()`
-`EVP_MD_CTX_set_flags()`->`EVP_default_properties_enable_fips()`
-specifically for enabling FIPS mode
-
-This change should workaround that by ifdef-ing old/new versions of
-openssl and APIs - so pre-3.0 use existing APIs (so not change there)
-and >=3.0 will use new APIs (whether it actually works or not is still
-TBD as this is just a first step in openssl-3.0 support)
-
-Should fix #886
-
-Test Plan:
-Run CI build that supports ubuntu-20.04 (openssl-1.1.1) and ubuntu-22.04
-(openssl-3.0.2)
-Both builds pass
-None of them have FIPS support (which for 1.1.x stays the same as
-before)
-
-Co-authored-by: Pavel Punsky <pavel.punsky@epicgames.com>
---- a/src/apps/relay/ns_ioalib_engine_impl.c
-+++ b/src/apps/relay/ns_ioalib_engine_impl.c
-@@ -1868,7 +1868,11 @@ int ssl_read(evutil_socket_t fd, SSL* ssl, ioa_network_buffer_handle nbh, int ve
- 
- 	} else if (!if1 && if2) {
- 
-+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-+		if(verbose && SSL_get1_peer_certificate(ssl)) {
-+#else
- 		if(verbose && SSL_get_peer_certificate(ssl)) {
-+#endif
- 		  printf("\n------------------------------------------------------------\n");
- 		  X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)), 1,
- 					XN_FLAG_MULTILINE);
---- a/src/apps/uclient/startuclient.c
-+++ b/src/apps/uclient/startuclient.c
-@@ -138,7 +138,11 @@ static SSL* tls_connect(ioa_socket_raw fd, ioa_addr *remote_addr, int *try_again
- 		if (rc > 0) {
- 		  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO,"%s: client session connected with cipher %s, method=%s\n",__FUNCTION__,
- 				  SSL_get_cipher(ssl),turn_get_ssl_method(ssl,NULL));
-+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-+		  if(clnet_verbose && SSL_get1_peer_certificate(ssl)) {
-+#else
- 		  if(clnet_verbose && SSL_get_peer_certificate(ssl)) {
-+#endif
- 			  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "------------------------------------------------------------\n");
- 		  	X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)), 1,
- 		  						XN_FLAG_MULTILINE);
---- a/src/client/ns_turn_msg.c
-+++ b/src/client/ns_turn_msg.c
-@@ -248,12 +248,22 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm, c
- 		if (FIPS_mode()) {
- 			EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- 		}
--#endif
-+#endif // defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER)
- 		EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
- 		EVP_DigestUpdate(&ctx,str,strl);
- 		EVP_DigestFinal(&ctx,key,&keylen);
- 		EVP_MD_CTX_cleanup(&ctx);
--#else
-+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
-+ 		unsigned int keylen = 0;
-+ 		EVP_MD_CTX *ctx = EVP_MD_CTX_new();
-+		if (EVP_default_properties_is_fips_enabled(NULL)) {
-+			EVP_default_properties_enable_fips(NULL, 0);
-+ 		}
-+ 		EVP_DigestInit_ex(ctx,EVP_md5(), NULL);
-+ 		EVP_DigestUpdate(ctx,str,strl);
-+ 		EVP_DigestFinal(ctx,key,&keylen);
-+ 		EVP_MD_CTX_free(ctx);
-+#else // OPENSSL_VERSION_NUMBER < 0x10100000L
- 		unsigned int keylen = 0;
- 		EVP_MD_CTX *ctx = EVP_MD_CTX_new();
- #if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && ! defined(LIBRESSL_VERSION_NUMBER)
-@@ -265,7 +275,7 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm, c
- 		EVP_DigestUpdate(ctx,str,strl);
- 		EVP_DigestFinal(ctx,key,&keylen);
- 		EVP_MD_CTX_free(ctx);
--#endif
-+#endif // OPENSSL_VERSION_NUMBER < 0X10100000L
- 		ret = 0;
- 	}
- 
-
-From 9370bb742d976166a51032760da1ecedefb92267 Mon Sep 17 00:00:00 2001
-From: Pavel Punsky <eakraly@users.noreply.github.com>
-Date: Fri, 16 Sep 2022 23:29:32 -0700
-Subject: [PATCH] Fix a warning (#988)
-
-There are too many defines that are, eventually, used in one place so
-just inlining.
-
-Current code generates following warning:
-```
-warning: macro expansion producing 'defined' has undefined behavior [-Wexpansion-to-defined]
-```
-
-With the fix there is no warning
-
-Co-authored-by: Pavel Punsky <pavel.punsky@epicgames.com>
---- a/src/apps/relay/netengine.c
-+++ b/src/apps/relay/netengine.c
-@@ -31,13 +31,7 @@
- #include "mainrelay.h"
- 
- //////////// Backward compatibility with OpenSSL 1.0.x //////////////
--#define HAVE_OPENSSL11_API (!(OPENSSL_VERSION_NUMBER < 0x10100001L || defined LIBRESSL_VERSION_NUMBER))
--
--#ifndef HAVE_SSL_CTX_UP_REF
--#define HAVE_SSL_CTX_UP_REF HAVE_OPENSSL11_API
--#endif
--
--#if !HAVE_SSL_CTX_UP_REF
-+#if (OPENSSL_VERSION_NUMBER < 0x10100001L || defined LIBRESSL_VERSION_NUMBER)
- #define SSL_CTX_up_ref(ctx) CRYPTO_add(&(ctx)->references, 1, CRYPTO_LOCK_SSL_CTX)
- #endif
- 
-
-From d72a2a8920b80ce66b36e22b2c22f308ad06c424 Mon Sep 17 00:00:00 2001
-From: Pavel Punsky <eakraly@users.noreply.github.com>
-Date: Mon, 24 Oct 2022 13:06:35 -0700
-Subject: [PATCH] Cleanup openssl initialization (#1012)
-
-Rewriting openssl initialization code (threading support to make it
-cleaner
-
-- Regroup functions so that there is one ifdef (for old code and new
-code)
-- Modern openssl (>1.0.2) does not need any synchornization routines so
-they are empty
-- Old openssl (<=1.0.2) now require `OPENSSL_THREADS` which allows
-running multiple threads in turnserver. Not having turnserver
-multi-threaded is a huge waste. `OPENSSL_THREADS` is now a requirement.
-
-
-Test Plan:
-- CI builds pass for openssl versions 1.0.2, 1.1.1, 3.0, including tests
---- a/src/apps/relay/mainrelay.c
-+++ b/src/apps/relay/mainrelay.c
-@@ -1345,7 +1345,6 @@ static void set_option(int c, char *value)
- 		STRCPY(turn_params.relay_ifname, value);
- 		break;
- 	case 'm':
--#if defined(OPENSSL_THREADS)
- 		if(atoi(value)>MAX_NUMBER_OF_GENERAL_RELAY_SERVERS) {
- 			TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: max number of relay threads is 128.\n");
- 			turn_params.general_relay_servers_number = MAX_NUMBER_OF_GENERAL_RELAY_SERVERS;
-@@ -1354,9 +1353,6 @@ static void set_option(int c, char *value)
- 		} else {
- 			turn_params.general_relay_servers_number = atoi(value);
- 		}
--#else
--		TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: OpenSSL version is too old OR does not support threading,\n I am using single thread for relaying.\n");
--#endif
- 		break;
- 	case 'd':
- 		STRCPY(turn_params.listener_ifname, value);
-@@ -2645,9 +2641,8 @@ int main(int argc, char **argv)
- 
- ////////// OpenSSL locking ////////////////////////////////////////
- 
--#if defined(OPENSSL_THREADS)
--
--static char some_buffer[65536];
-+#if defined(OPENSSL_THREADS) 
-+#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0
- 
- //array larger than anything that OpenSSL may need:
- static pthread_mutex_t mutex_buf[256];
-@@ -2665,76 +2660,52 @@ void coturn_locking_function(int mode, int n, const char *file, int line) {
-   }
- }
- 
--#if OPENSSL_VERSION_NUMBER >= 0x10000000L
- void coturn_id_function(CRYPTO_THREADID *ctid);
- void coturn_id_function(CRYPTO_THREADID *ctid)
- {
- 	UNUSED_ARG(ctid);
-     CRYPTO_THREADID_set_numeric(ctid, (unsigned long)pthread_self());
- }
--#else
--unsigned long coturn_id_function(void);
--unsigned long coturn_id_function(void)
--{
--    return (unsigned long)pthread_self();
--}
--#endif
--
--#endif
- 
- static int THREAD_setup(void) {
--
--#if defined(OPENSSL_THREADS)
--
--	int i;
--
--	some_buffer[0] = 0;
--
-+    int i;
- 	for (i = 0; i < CRYPTO_num_locks(); i++) {
- 		pthread_mutex_init(&(mutex_buf[i]), NULL);
- 	}
- 
- 	mutex_buf_initialized = 1;
--
--#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1
- 	CRYPTO_THREADID_set_callback(coturn_id_function);
--#else
--	CRYPTO_set_id_callback(coturn_id_function);
--#endif
--
- 	CRYPTO_set_locking_callback(coturn_locking_function);
--#endif
--
- 	return 1;
- }
- 
- int THREAD_cleanup(void);
- int THREAD_cleanup(void) {
-+    int i;
- 
--#if defined(OPENSSL_THREADS)
-+    if (!mutex_buf_initialized)
-+        return 0;
- 
--  int i;
--
--  if (!mutex_buf_initialized)
--    return 0;
-+    CRYPTO_THREADID_set_callback(NULL);
-+    CRYPTO_set_locking_callback(NULL);
-+    for (i = 0; i < CRYPTO_num_locks(); i++) {
-+        pthread_mutex_destroy(&(mutex_buf[i]));
-+    }
- 
--#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1
--	CRYPTO_THREADID_set_callback(NULL);
-+    mutex_buf_initialized = 0;
-+  return 1;
-+}
- #else
--	CRYPTO_set_id_callback(NULL);
--#endif
--
--  CRYPTO_set_locking_callback(NULL);
--  for (i = 0; i < CRYPTO_num_locks(); i++) {
--	  pthread_mutex_destroy(&(mutex_buf[i]));
--  }
--
--  mutex_buf_initialized = 0;
--
--#endif
-+static int THREAD_setup(void) {
-+    return 1;
-+}
- 
--  return 1;
-+int THREAD_cleanup(void);
-+int THREAD_cleanup(void){
-+    return 1;
- }
-+#endif /* OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0 */
-+#endif /* defined(OPENSSL_THREADS) */
- 
- static void adjust_key_file_name(char *fn, const char* file_title, int critical)
- {
-