svn commit: r467605 - head/net/openldap24-server/files

Bernard Spil brnrd at FreeBSD.org
Tue Apr 17 13:47:04 UTC 2018 

Author: brnrd
Date: Tue Apr 17 13:47:03 2018
New Revision: 467605
URL: https://svnweb.freebsd.org/changeset/ports/467605

Log:
  security/openldap-server: Fix build with LibreSSL 2.7
  
   - LibreSSL 2.7 implements OpenSSL 1.1 API
  
  PR:		227192
  Approved by:	delphij (maintainer)

Modified:
  head/net/openldap24-server/files/patch-libressl

Modified: head/net/openldap24-server/files/patch-libressl
==============================================================================
--- head/net/openldap24-server/files/patch-libressl	Tue Apr 17 13:46:31 2018	(r467604)
+++ head/net/openldap24-server/files/patch-libressl	Tue Apr 17 13:47:03 2018	(r467605)
@@ -1,101 +1,56 @@
---- libraries/libldap/tls_o.c.orig	2018-03-22 08:44:27.000000000 -0700
-+++ libraries/libldap/tls_o.c	2018-03-29 20:41:39.574182742 -0700
+--- libraries/libldap/tls_o.c.orig	2018-03-30 09:32:58 UTC
++++ libraries/libldap/tls_o.c
 @@ -47,7 +47,7 @@
  #include <ssl.h>
  #endif
  
 -#if OPENSSL_VERSION_NUMBER >= 0x10100000
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000)
  #define ASN1_STRING_data(x)	ASN1_STRING_get0_data(x)
  #endif
  
-@@ -65,7 +65,7 @@
- static int tlso_verify_cb( int ok, X509_STORE_CTX *ctx );
- static int tlso_verify_ok( int ok, X509_STORE_CTX *ctx );
- static int tlso_seed_PRNG( const char *randfile );
--#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
- /*
-  * OpenSSL 1.1 API and later has new locking code
- */
-@@ -116,7 +116,7 @@
- #endif
- #endif /* OpenSSL 1.1 */
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
- /*
-  * OpenSSL 1.1 API and later makes the BIO method concrete types internal.
-  */
-@@ -197,7 +197,7 @@
+@@ -157,7 +157,7 @@ tlso_init( void )
  	(void) tlso_seed_PRNG( lo->ldo_tls_randfile );
  #endif
  
 -#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000)
  	SSL_load_error_strings();
  	SSL_library_init();
  	OpenSSL_add_all_digests();
-@@ -223,7 +223,7 @@
- 
- 	BIO_meth_free( tlso_bio_method );
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
- 	EVP_cleanup();
- #if OPENSSL_VERSION_NUMBER < 0x10000000
- 	ERR_remove_state(0);
-@@ -249,7 +249,7 @@
+@@ -205,7 +205,7 @@ static void
  tlso_ctx_ref( tls_ctx *ctx )
  {
  	tlso_ctx *c = (tlso_ctx *)ctx;
 -#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000)
  #define	SSL_CTX_up_ref(ctx)	CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX )
  #endif
  	SSL_CTX_up_ref( c );
-@@ -411,7 +411,7 @@
- 	SSL_CTX_set_verify( ctx, i,
- 		lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW ?
- 		tlso_verify_ok : tlso_verify_cb );
--#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
- 	SSL_CTX_set_tmp_rsa_callback( ctx, tlso_tmp_rsa_cb );
- #endif
- #ifdef HAVE_OPENSSL_CRL
-@@ -508,7 +508,7 @@
+@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, s
  	if (!x) return LDAP_INVALID_CREDENTIALS;
  	
  	xn = X509_get_subject_name(x);
 -#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000)
  	der_dn->bv_len = i2d_X509_NAME( xn, NULL );
  	der_dn->bv_val = xn->bytes->data;
  #else
-@@ -544,7 +544,7 @@
+@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess,
  		return LDAP_INVALID_CREDENTIALS;
  
  	xn = X509_get_subject_name(x);
 -#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000)
  	der_dn->bv_len = i2d_X509_NAME( xn, NULL );
  	der_dn->bv_val = xn->bytes->data;
  #else
-@@ -765,7 +765,7 @@
+@@ -721,7 +721,7 @@ struct tls_data {
  	Sockbuf_IO_Desc		*sbiod;
  };
  
 -#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000)
  #define BIO_set_init(b, x)	b->init = x
  #define BIO_set_data(b, x)	b->ptr = x
  #define BIO_clear_flags(b, x)	b->flags &= ~(x)
-@@ -1170,7 +1170,7 @@
- 	}
- }
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
- static RSA *
- tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length )
- {

More information about the svn-ports-all mailing list