From 2c192b69163fe8809a79b422abea06b41f9be1fb Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sat, 14 Apr 2018 23:33:41 +0200 Subject: tools/libressl: update to version 2.7.2 Libressl version 2.7.0 and later implement more of the OpenSSL 1.1 API and this needs some modifications of the code using it. Signed-off-by: Hauke Mehrtens --- .../patches/120-curl-fix-libressl-linking.patch | 6 +- tools/cmake/patches/140-curl-fix-libressl.patch | 68 ++++++++++++++++++++++ .../patches/150-libarchive-fix-libressl.patch | 37 ++++++++++++ 3 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 tools/cmake/patches/140-curl-fix-libressl.patch create mode 100644 tools/cmake/patches/150-libarchive-fix-libressl.patch (limited to 'tools/cmake/patches') diff --git a/tools/cmake/patches/120-curl-fix-libressl-linking.patch b/tools/cmake/patches/120-curl-fix-libressl-linking.patch index ad5b89750e..a345a8c16a 100644 --- a/tools/cmake/patches/120-curl-fix-libressl-linking.patch +++ b/tools/cmake/patches/120-curl-fix-libressl-linking.patch @@ -20,13 +20,17 @@ Signed-off-by: Jo-Philipp Wich --- --- a/Utilities/cmcurl/CMakeLists.txt +++ b/Utilities/cmcurl/CMakeLists.txt -@@ -461,6 +461,10 @@ if(CMAKE_USE_OPENSSL) +@@ -461,6 +461,14 @@ if(CMAKE_USE_OPENSSL) set(USE_OPENSSL ON) set(HAVE_LIBCRYPTO ON) set(HAVE_LIBSSL ON) + check_library_exists("rt" clock_gettime "" HAVE_LIBRT) + if(HAVE_LIBRT) + list(APPEND OPENSSL_LIBRARIES rt) ++ endif() ++ check_library_exists("pthread" pthread_once "" HAVE_PTHREAD) ++ if(HAVE_PTHREAD) ++ list(APPEND OPENSSL_LIBRARIES pthread) + endif() list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES}) include_directories(${OPENSSL_INCLUDE_DIR}) diff --git a/tools/cmake/patches/140-curl-fix-libressl.patch b/tools/cmake/patches/140-curl-fix-libressl.patch new file mode 100644 index 0000000000..9caed96f53 --- /dev/null +++ b/tools/cmake/patches/140-curl-fix-libressl.patch @@ -0,0 +1,68 @@ +From 7c90c93c0b061da81f69fabdd57125b2783c15fb Mon Sep 17 00:00:00 2001 +From: Bernard Spil +Date: Mon, 2 Apr 2018 19:04:06 +0200 +Subject: [PATCH] openssl: fix build with LibreSSL 2.7 + + - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API + +Fixes #2319 +Closes #2447 +Closes #2448 + +Signed-off-by: Bernard Spil +--- + lib/vtls/openssl.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +--- a/Utilities/cmcurl/lib/vtls/openssl.c ++++ b/Utilities/cmcurl/lib/vtls/openssl.c +@@ -104,7 +104,8 @@ + #endif + + #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \ +- !defined(LIBRESSL_VERSION_NUMBER) ++ !(defined(LIBRESSL_VERSION_NUMBER) && \ ++ LIBRESSL_VERSION_NUMBER < 0x20700000L) + #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER + #define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */ + #define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */ +@@ -128,7 +129,8 @@ static unsigned long OpenSSL_version_num + #endif + + #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \ +- !defined(LIBRESSL_VERSION_NUMBER) ++ !(defined(LIBRESSL_VERSION_NUMBER) && \ ++ LIBRESSL_VERSION_NUMBER < 0x20700000L) + #define HAVE_X509_GET0_SIGNATURE 1 + #endif + +@@ -147,7 +149,7 @@ static unsigned long OpenSSL_version_num + * Whether SSL_CTX_set_keylog_callback is available. + * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287 + * BoringSSL: supported since d28f59c27bac (committed 2015-11-19) +- * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it ++ * LibreSSL: unsupported in at least 2.7.2 (explicitly check for it since it + * lies and pretends to be OpenSSL 2.0.0). + */ + #if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \ +@@ -259,7 +261,9 @@ static void tap_ssl_key(const SSL *ssl, + if(!session || !keylog_file_fp) + return; + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ ++ !(defined(LIBRESSL_VERSION_NUMBER) && \ ++ LIBRESSL_VERSION_NUMBER < 0x20700000L) + /* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that + * we have a valid SSL context if we have a non-NULL session. */ + SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE); +@@ -2082,8 +2086,7 @@ static CURLcode ossl_connect_step1(struc + case CURL_SSLVERSION_TLSv1_2: + case CURL_SSLVERSION_TLSv1_3: + /* it will be handled later with the context options */ +-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ +- !defined(LIBRESSL_VERSION_NUMBER) ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) + req_method = TLS_client_method(); + #else + req_method = SSLv23_client_method(); diff --git a/tools/cmake/patches/150-libarchive-fix-libressl.patch b/tools/cmake/patches/150-libarchive-fix-libressl.patch new file mode 100644 index 0000000000..ad8a0969a8 --- /dev/null +++ b/tools/cmake/patches/150-libarchive-fix-libressl.patch @@ -0,0 +1,37 @@ +From 5da00ad75b09e262774ec3675bbe4d5a4502a852 Mon Sep 17 00:00:00 2001 +From: Bernard Spil +Date: Sun, 1 Apr 2018 23:01:44 +0200 +Subject: [PATCH] fix build with LibreSSL 2.7 + +LibreSSL 2.7 adds OpenSSL 1.1 API leading to conflicts on method names + +See also: https://bugs.freebsd.org/226853 +Signed-off-by: Bernard Spil +--- + libarchive/archive_openssl_hmac_private.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/Utilities/cmlibarchive/libarchive/archive_openssl_hmac_private.h ++++ b/Utilities/cmlibarchive/libarchive/archive_openssl_hmac_private.h +@@ -28,7 +28,8 @@ + #include + #include + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) + #include /* malloc, free */ + #include /* memset */ + static inline HMAC_CTX *HMAC_CTX_new(void) +--- a/Utilities/cmlibarchive/libarchive/archive_openssl_evp_private.h ++++ b/Utilities/cmlibarchive/libarchive/archive_openssl_evp_private.h +@@ -28,7 +28,8 @@ + #include + #include + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) + #include /* malloc, free */ + #include /* memset */ + static inline EVP_MD_CTX *EVP_MD_CTX_new(void) -- cgit v1.2.3