From 2c8aa849bba22e1a7d9368f22caa386224d076d2 Mon Sep 17 00:00:00 2001 From: Bernard Spil Date: Mon, 13 Feb 2017 13:58:55 +0000 Subject: [PATCH] www/squid-devel: Update to 4.0.18 - Update to version 4.0.18 - Fix build with LibreSSL PR: 217045 Approved by: timp87@gmail.com (maintainer) --- www/squid-devel/Makefile | 2 +- www/squid-devel/distinfo | 4 +- www/squid-devel/files/patch-src_ssl_bio.cc | 38 +++++++++++++ www/squid-devel/files/patch-src_ssl_bio.h | 11 ++++ .../files/patch-src_ssl_gadgets.cc | 11 ++++ .../files/patch-src_ssl_support.cc | 56 +++++++++++++++++++ 6 files changed, 119 insertions(+), 3 deletions(-) create mode 100644 www/squid-devel/files/patch-src_ssl_bio.cc create mode 100644 www/squid-devel/files/patch-src_ssl_bio.h create mode 100644 www/squid-devel/files/patch-src_ssl_gadgets.cc create mode 100644 www/squid-devel/files/patch-src_ssl_support.cc diff --git a/www/squid-devel/Makefile b/www/squid-devel/Makefile index 8dd3ae39fbe0..c1ba1c66d700 100644 --- a/www/squid-devel/Makefile +++ b/www/squid-devel/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= squid -PORTVERSION= 4.0.17 +PORTVERSION= 4.0.18 CATEGORIES= www ipv6 MASTER_SITES= http://www.squid-cache.org/Versions/v4/ \ http://www2.us.squid-cache.org/Versions/v4/ \ diff --git a/www/squid-devel/distinfo b/www/squid-devel/distinfo index 0da058a98379..d16b06ab6599 100644 --- a/www/squid-devel/distinfo +++ b/www/squid-devel/distinfo @@ -1,3 +1,3 @@ TIMESTAMP = 1467941699 -SHA256 (squid4.0/squid-4.0.17.tar.xz) = 8b1f3487495d1b02892bd63d6bdd97862be62a9cebc27245426de4543876239c -SIZE (squid4.0/squid-4.0.17.tar.xz) = 2410244 +SHA256 (squid4.0/squid-4.0.18.tar.xz) = 6e5d2dd9477085b023c4c8ebfc2124ed2bc9795fdc74d190c9273c70ba6f2560 +SIZE (squid4.0/squid-4.0.18.tar.xz) = 2411340 diff --git a/www/squid-devel/files/patch-src_ssl_bio.cc b/www/squid-devel/files/patch-src_ssl_bio.cc new file mode 100644 index 000000000000..443e8c65743e --- /dev/null +++ b/www/squid-devel/files/patch-src_ssl_bio.cc @@ -0,0 +1,38 @@ +--- src/ssl/bio.cc.orig 2017-02-05 21:15:41 UTC ++++ src/ssl/bio.cc +@@ -43,7 +43,7 @@ static int squid_bio_destroy(BIO *data); + /* SSL callbacks */ + static void squid_ssl_info(const SSL *ssl, int where, int ret); + +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) + /// Initialization structure for the BIO table with + /// Squid-specific methods and BIO method wrappers. + static BIO_METHOD SquidMethods = { +@@ -65,7 +65,7 @@ static BIO_METHOD *SquidMethods = NULL; + BIO * + Ssl::Bio::Create(const int fd, Ssl::Bio::Type type) + { +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) + BIO_METHOD *useMethod = &SquidMethods; + #else + if (!SquidMethods) { +@@ -562,7 +562,7 @@ Ssl::ServerBio::resumingSession() + static int + squid_bio_create(BIO *bi) + { +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) + bi->init = 0; // set when we store Bio object and socket fd (BIO_C_SET_FD) + bi->num = 0; + bi->flags = 0; +@@ -706,7 +706,7 @@ applyTlsDetailsToSSL(SSL *ssl, Security: + cbytes[0] = (cipherId >> 8) & 0xFF; + cbytes[1] = cipherId & 0xFF; + cbytes[2] = 0; +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) + const SSL_METHOD *method = SSLv23_method(); + const SSL_CIPHER *c = method->get_cipher_by_char(cbytes); + #else diff --git a/www/squid-devel/files/patch-src_ssl_bio.h b/www/squid-devel/files/patch-src_ssl_bio.h new file mode 100644 index 000000000000..3bdbc222c673 --- /dev/null +++ b/www/squid-devel/files/patch-src_ssl_bio.h @@ -0,0 +1,11 @@ +--- src/ssl/bio.h.orig 2017-02-05 21:15:41 UTC ++++ src/ssl/bio.h +@@ -205,7 +205,7 @@ private: + void + applyTlsDetailsToSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, Ssl::BumpMode bumpMode); + +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) + // OpenSSL v1.0 bio compatibility functions + inline void *BIO_get_data(BIO *table) { return table->ptr; } + inline void BIO_set_data(BIO *table, void *data) { table->ptr = data; } diff --git a/www/squid-devel/files/patch-src_ssl_gadgets.cc b/www/squid-devel/files/patch-src_ssl_gadgets.cc new file mode 100644 index 000000000000..405a08c4d5ce --- /dev/null +++ b/www/squid-devel/files/patch-src_ssl_gadgets.cc @@ -0,0 +1,11 @@ +--- src/ssl/gadgets.cc.orig 2017-02-05 21:15:41 UTC ++++ src/ssl/gadgets.cc +@@ -387,7 +387,7 @@ mimicExtensions(Security::CertPointer & + DecipherOnly + }; + +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) + const int mimicAlgo = OBJ_obj2nid(mimicCert.get()->cert_info->key->algor->algorithm); + const bool rsaPkey = (mimicAlgo == NID_rsaEncryption); + #else diff --git a/www/squid-devel/files/patch-src_ssl_support.cc b/www/squid-devel/files/patch-src_ssl_support.cc new file mode 100644 index 000000000000..ebfe47902d15 --- /dev/null +++ b/www/squid-devel/files/patch-src_ssl_support.cc @@ -0,0 +1,56 @@ +--- src/ssl/support.cc.orig 2017-02-12 21:14:36 UTC ++++ src/ssl/support.cc +@@ -235,7 +235,7 @@ bool Ssl::checkX509ServerValidity(X509 * + return matchX509CommonNames(cert, (void *)server, check_domain); + } + +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) + static inline X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) + { + return ctx->cert; +@@ -379,7 +379,7 @@ ssl_verify_cb(int ok, X509_STORE_CTX * c + } + + // "dup" function for SSL_get_ex_new_index("cert_err_check") +-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) + static int + ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, + int, long, void *) +@@ -1116,7 +1116,7 @@ hasAuthorityInfoAccessCaIssuers(X509 *ce + if (ad->location->type == GEN_URI) { + xstrncpy(uri, + reinterpret_cast( +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) + ASN1_STRING_data(ad->location->d.uniformResourceIdentifier) + #else + ASN1_STRING_get0_data(ad->location->d.uniformResourceIdentifier) +@@ -1291,7 +1291,7 @@ untrustedToStoreCtx_cb(X509_STORE_CTX *c + // OpenSSL already maintains ctx->untrusted but we cannot modify + // internal OpenSSL list directly. We have to give OpenSSL our own + // list, but it must include certificates on the OpenSSL ctx->untrusted +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) + STACK_OF(X509) *oldUntrusted = ctx->untrusted; + #else + STACK_OF(X509) *oldUntrusted = X509_STORE_CTX_get0_untrusted(ctx); +@@ -1310,7 +1310,7 @@ untrustedToStoreCtx_cb(X509_STORE_CTX *c + + X509_STORE_CTX_set_chain(ctx, sk); // No locking/unlocking, just sets ctx->untrusted + int ret = X509_verify_cert(ctx); +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) + X509_STORE_CTX_set_chain(ctx, oldUntrusted); // Set back the old untrusted list + #else + X509_STORE_CTX_set0_untrusted(ctx, oldUntrusted); +@@ -1535,7 +1535,7 @@ remove_session_cb(SSL_CTX *, SSL_SESSION + } + + static SSL_SESSION * +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) + get_session_cb(SSL *, unsigned char *sessionID, int len, int *copy) + #else + get_session_cb(SSL *, const unsigned char *sessionID, int len, int *copy)