[arch-commits] Commit in opensips/repos (16 files)
Sergej Pupykin
spupykin at archlinux.org
Tue Apr 25 12:11:44 UTC 2017
Date: Tuesday, April 25, 2017 @ 12:11:43
Author: spupykin
Revision: 225289
archrelease: copy trunk to community-i686, community-x86_64
Added:
opensips/repos/community-i686/PKGBUILD
(from rev 225288, opensips/trunk/PKGBUILD)
opensips/repos/community-i686/opensips.install
(from rev 225288, opensips/trunk/opensips.install)
opensips/repos/community-i686/opensips.service
(from rev 225288, opensips/trunk/opensips.service)
opensips/repos/community-i686/port-tls-1.1.0.patch
(from rev 225288, opensips/trunk/port-tls-1.1.0.patch)
opensips/repos/community-x86_64/PKGBUILD
(from rev 225288, opensips/trunk/PKGBUILD)
opensips/repos/community-x86_64/opensips.install
(from rev 225288, opensips/trunk/opensips.install)
opensips/repos/community-x86_64/opensips.service
(from rev 225288, opensips/trunk/opensips.service)
opensips/repos/community-x86_64/port-tls-1.1.0.patch
(from rev 225288, opensips/trunk/port-tls-1.1.0.patch)
Deleted:
opensips/repos/community-i686/PKGBUILD
opensips/repos/community-i686/opensips.install
opensips/repos/community-i686/opensips.service
opensips/repos/community-i686/port-tls-1.1.0.patch
opensips/repos/community-x86_64/PKGBUILD
opensips/repos/community-x86_64/opensips.install
opensips/repos/community-x86_64/opensips.service
opensips/repos/community-x86_64/port-tls-1.1.0.patch
---------------------------------------+
/PKGBUILD | 172 ++++++
/opensips.install | 6
/opensips.service | 22
/port-tls-1.1.0.patch | 892 ++++++++++++++++++++++++++++++++
community-i686/PKGBUILD | 86 ---
community-i686/opensips.install | 3
community-i686/opensips.service | 11
community-i686/port-tls-1.1.0.patch | 446 ----------------
community-x86_64/PKGBUILD | 86 ---
community-x86_64/opensips.install | 3
community-x86_64/opensips.service | 11
community-x86_64/port-tls-1.1.0.patch | 446 ----------------
12 files changed, 1092 insertions(+), 1092 deletions(-)
Deleted: community-i686/PKGBUILD
===================================================================
--- community-i686/PKGBUILD 2017-04-25 12:11:19 UTC (rev 225288)
+++ community-i686/PKGBUILD 2017-04-25 12:11:43 UTC (rev 225289)
@@ -1,86 +0,0 @@
-# $Id$
-# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
-
-pkgname=opensips
-pkgver=2.2.2
-pkgrel=4
-pkgdesc="An Open Source SIP Server able to act as a SIP proxy, registrar, location server, redirect server ..."
-url="http://www.opensips.org"
-depends=('gcc-libs' 'openssl' 'db' 'attr' 'libxml2')
-makedepends=('postgresql-libs>=8.4.1' 'unixodbc' 'libldap>=2.4.18' 'libmariadbclient'
- 'lynx' 'libxslt' 'libmicrohttpd')
-optdepends=('postgresql-libs'
- 'unixodbc'
- 'libldap'
- 'libmariadbclient'
- 'libsasl'
- 'python2'
- 'pcre')
-backup=("etc/opensips/opensips.cfg"
- "etc/opensips/osipsconsolerc"
- "etc/opensips/opensipsctlrc")
-arch=('i686' 'x86_64')
-license=('GPL')
-install=opensips.install
-options=('!emptydirs' 'zipman' '!makeflags' 'docs')
-source=(https://opensips.org/pub/opensips/${pkgver}/opensips-${pkgver}.tar.gz
- opensips.service
- port-tls-1.1.0.patch)
-sha256sums=('a21777b37c3669617d24b97697dc3f4e613ec87b292f4541cf956a2d539e70c4'
- 'c2fec4be085b108db10834fa9832e98d696c2de6408f85f96cf89c13bf6be819'
- '1ad2558c329a1b41948ff9ef1c8169289b38500ce8183e50bae653ef82afdbec')
-
-prepare() {
- cd "$srcdir"/$pkgname-$pkgver/
-
- # python2 fix
- for file in $(find . -name '*.py' -print); do
- sed -i 's_^#!.*/usr/bin/python_#!/usr/bin/python2_' $file
- sed -i 's_^#!.*/usr/bin/env.*python_#!/usr/bin/env python2_' $file
- done
-
- sed -i 's|sbin|bin|g' Makefile
- sed -i 's|bin-dir = sbin/|bin-dir = bin/|' Makefile.defs
-
- patch -Np1 -i ../port-tls-1.1.0.patch
-}
-
-_modules="ldap db_mysql db_postgres db_unixodbc presence presence_xml h350 proto_tls tlsops tls_mgm db_http httpd tm rr"
-
-build() {
- cd "$srcdir"/$pkgname-$pkgver/
-
- make \
- include_modules="${_modules}" \
- LIBDIR=lib PREFIX=/usr
-}
-
-package() {
- cd "$srcdir"/$pkgname-$pkgver/
-
- make \
- include_modules="${_modules}" \
- BASEDIR="$pkgdir" PREFIX=/usr LIBDIR=lib install
-
- # Conforms to the arch packaging standards (http://wiki.archlinux.org/index.php/Arch_Packaging_Standards)
- mkdir -p "$pkgdir"/etc/
- mv "$pkgdir"/usr/etc/opensips/ "$pkgdir"/etc/
- sed -i 's#mpath=".*lib/opensips/modules/"#mpath="/usr/lib/opensips/modules/"#' "$pkgdir"/etc/opensips/opensips.cfg
-
- # fix bad paths
- cd "$pkgdir"/usr/share
- find -type f -exec sed -i "s#"$pkgdir"##" {} \;
-
- cd "$pkgdir"/usr/lib/opensips/opensipsctl
- find -type f -exec sed -i "s#"$pkgdir"##" {} \;
-
- mv "$pkgdir"/usr/sbin "$pkgdir"/usr/bin
-
- cd "$pkgdir"/usr/bin
- sed -i "s#"$pkgdir"##" opensipsctl opensipsdbctl osipsconsole
-
- cd "$pkgdir"/etc
- find -type f -exec sed -i "s#"$pkgdir"##" {} \;
-
- install -Dm0644 "$srcdir"/$pkgname.service "$pkgdir"/usr/lib/systemd/system/$pkgname.service
-}
Copied: opensips/repos/community-i686/PKGBUILD (from rev 225288, opensips/trunk/PKGBUILD)
===================================================================
--- community-i686/PKGBUILD (rev 0)
+++ community-i686/PKGBUILD 2017-04-25 12:11:43 UTC (rev 225289)
@@ -0,0 +1,86 @@
+# $Id$
+# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
+
+pkgname=opensips
+pkgver=2.2.3
+pkgrel=1
+pkgdesc="An Open Source SIP Server able to act as a SIP proxy, registrar, location server, redirect server ..."
+url="http://www.opensips.org"
+depends=('gcc-libs' 'openssl' 'db' 'attr' 'libxml2')
+makedepends=('postgresql-libs>=8.4.1' 'unixodbc' 'libldap>=2.4.18' 'libmariadbclient'
+ 'lynx' 'libxslt' 'libmicrohttpd')
+optdepends=('postgresql-libs'
+ 'unixodbc'
+ 'libldap'
+ 'libmariadbclient'
+ 'libsasl'
+ 'python2'
+ 'pcre')
+backup=("etc/opensips/opensips.cfg"
+ "etc/opensips/osipsconsolerc"
+ "etc/opensips/opensipsctlrc")
+arch=('i686' 'x86_64')
+license=('GPL')
+install=opensips.install
+options=('!emptydirs' 'zipman' '!makeflags' 'docs')
+source=(https://opensips.org/pub/opensips/${pkgver}/opensips-${pkgver}.tar.gz
+ opensips.service
+ port-tls-1.1.0.patch)
+sha256sums=('ccf540f7aae4335a8319b83f6cb87b562e665991fe1c2adc4e8eb4d4f3042dd7'
+ 'c2fec4be085b108db10834fa9832e98d696c2de6408f85f96cf89c13bf6be819'
+ '1ad2558c329a1b41948ff9ef1c8169289b38500ce8183e50bae653ef82afdbec')
+
+prepare() {
+ cd "$srcdir"/$pkgname-$pkgver/
+
+ # python2 fix
+ for file in $(find . -name '*.py' -print); do
+ sed -i 's_^#!.*/usr/bin/python_#!/usr/bin/python2_' $file
+ sed -i 's_^#!.*/usr/bin/env.*python_#!/usr/bin/env python2_' $file
+ done
+
+ sed -i 's|sbin|bin|g' Makefile
+ sed -i 's|bin-dir = sbin/|bin-dir = bin/|' Makefile.defs
+
+ patch -Np1 -i ../port-tls-1.1.0.patch
+}
+
+_modules="ldap db_mysql db_postgres db_unixodbc presence presence_xml h350 proto_tls tlsops tls_mgm db_http httpd tm rr"
+
+build() {
+ cd "$srcdir"/$pkgname-$pkgver/
+
+ make \
+ include_modules="${_modules}" \
+ LIBDIR=lib PREFIX=/usr
+}
+
+package() {
+ cd "$srcdir"/$pkgname-$pkgver/
+
+ make \
+ include_modules="${_modules}" \
+ BASEDIR="$pkgdir" PREFIX=/usr LIBDIR=lib install
+
+ # Conforms to the arch packaging standards (http://wiki.archlinux.org/index.php/Arch_Packaging_Standards)
+ mkdir -p "$pkgdir"/etc/
+ mv "$pkgdir"/usr/etc/opensips/ "$pkgdir"/etc/
+ sed -i 's#mpath=".*lib/opensips/modules/"#mpath="/usr/lib/opensips/modules/"#' "$pkgdir"/etc/opensips/opensips.cfg
+
+ # fix bad paths
+ cd "$pkgdir"/usr/share
+ find -type f -exec sed -i "s#"$pkgdir"##" {} \;
+
+ cd "$pkgdir"/usr/lib/opensips/opensipsctl
+ find -type f -exec sed -i "s#"$pkgdir"##" {} \;
+
+ mv "$pkgdir"/usr/sbin "$pkgdir"/usr/bin
+
+ cd "$pkgdir"/usr/bin
+ sed -i "s#"$pkgdir"##" opensipsctl opensipsdbctl osipsconsole
+
+ cd "$pkgdir"/etc
+ find -type f -exec sed -i "s#"$pkgdir"##" {} \;
+
+ install -Dm0644 "$srcdir"/$pkgname.service "$pkgdir"/usr/lib/systemd/system/$pkgname.service
+}
Deleted: community-i686/opensips.install
===================================================================
--- community-i686/opensips.install 2017-04-25 12:11:19 UTC (rev 225288)
+++ community-i686/opensips.install 2017-04-25 12:11:43 UTC (rev 225289)
@@ -1,3 +0,0 @@
-post_install() {
- echo "To use MySQL, you should install mysql package and run 'opensipsdbctl create'"
-}
Copied: opensips/repos/community-i686/opensips.install (from rev 225288, opensips/trunk/opensips.install)
===================================================================
--- community-i686/opensips.install (rev 0)
+++ community-i686/opensips.install 2017-04-25 12:11:43 UTC (rev 225289)
@@ -0,0 +1,3 @@
+post_install() {
+ echo "To use MySQL, you should install mysql package and run 'opensipsdbctl create'"
+}
Deleted: community-i686/opensips.service
===================================================================
--- community-i686/opensips.service 2017-04-25 12:11:19 UTC (rev 225288)
+++ community-i686/opensips.service 2017-04-25 12:11:43 UTC (rev 225289)
@@ -1,11 +0,0 @@
-[Unit]
-Description=OpenSIPS daemon
-After=network.target remote-fs.target nss-lookup.target
-
-[Service]
-Type=forking
-PIDFile=/run/opensips.pid
-ExecStart=/usr/bin/opensips -f /etc/opensips/opensips.cfg -w /var/tmp -P /run/opensips.pid
-
-[Install]
-WantedBy=multi-user.target
Copied: opensips/repos/community-i686/opensips.service (from rev 225288, opensips/trunk/opensips.service)
===================================================================
--- community-i686/opensips.service (rev 0)
+++ community-i686/opensips.service 2017-04-25 12:11:43 UTC (rev 225289)
@@ -0,0 +1,11 @@
+[Unit]
+Description=OpenSIPS daemon
+After=network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=forking
+PIDFile=/run/opensips.pid
+ExecStart=/usr/bin/opensips -f /etc/opensips/opensips.cfg -w /var/tmp -P /run/opensips.pid
+
+[Install]
+WantedBy=multi-user.target
Deleted: community-i686/port-tls-1.1.0.patch
===================================================================
--- community-i686/port-tls-1.1.0.patch 2017-04-25 12:11:19 UTC (rev 225288)
+++ community-i686/port-tls-1.1.0.patch 2017-04-25 12:11:43 UTC (rev 225289)
@@ -1,446 +0,0 @@
-Description: Port tls_mgm module to openssl 1.1.0.
-Author: Răzvan Crainea <razvan at opensips.org>
-Last-Update: 2016-12-01
---- a/modules/tls_mgm/tls.h
-+++ b/modules/tls_mgm/tls.h
-@@ -64,41 +64,50 @@
- #warning ""
- #endif
-
--static int tls_static_locks_no=0;
--static gen_lock_set_t* tls_static_locks=NULL;
--
- static SSL_METHOD *ssl_methods[TLS_USE_TLSv1_2 + 1];
-
- #define VERIFY_DEPTH_S 3
-
-
--struct CRYPTO_dynlock_value {
-- gen_lock_t lock;
--};
--
--static unsigned long tls_get_id(void)
--{
-- return my_pid();
--}
--
- /*
- * Wrappers around OpenSIPS shared memory functions
- * (which can be macros)
- */
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+static void* os_malloc(size_t size, const char *file, int line)
-+#else
- static void* os_malloc(size_t size)
-+#endif
- {
-+#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L)
-+ return _shm_malloc(size, file, __FUNCTION__, line);
-+#else
- return shm_malloc(size);
-+#endif
- }
-
-
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+static void* os_realloc(void *ptr, size_t size, const char *file, int line)
-+#else
- static void* os_realloc(void *ptr, size_t size)
-+#endif
- {
-+#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L)
-+ return _shm_realloc(ptr, size, file, __FUNCTION__, line);
-+#else
- return shm_realloc(ptr, size);
-+#endif
- }
-
-
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+static void os_free(void *ptr, const char *file, int line)
-+#else
- static void os_free(void *ptr)
-+#endif
- {
-+ /* TODO: also handle free file and line */
- if (ptr)
- shm_free(ptr);
- }
-@@ -106,21 +115,17 @@
-
-
-
--static void tls_static_locks_ops(int mode, int n, const char* file, int line)
--{
-- if (n<0 || n>tls_static_locks_no) {
-- LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n");
-- abort();
-- }
-+/* these locks can not be used in 1.1.0, because the interface has changed */
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+struct CRYPTO_dynlock_value {
-+ gen_lock_t lock;
-+};
-
-- if (mode & CRYPTO_LOCK) {
-- lock_set_get(tls_static_locks,n);
-- } else {
-- lock_set_release(tls_static_locks,n);
-- }
-+static unsigned long tls_get_id(void)
-+{
-+ return my_pid();
- }
-
--
- static struct CRYPTO_dynlock_value* tls_dyn_lock_create(const char* file,
- int line)
- {
-@@ -158,5 +163,6 @@
- lock_destroy(&dyn_lock->lock);
- shm_free(dyn_lock);
- }
-+#endif
-
- #endif /* _PROTO_TLS_H_ */
---- a/modules/tls_mgm/tls_conn_ops.h
-+++ b/modules/tls_mgm/tls_conn_ops.h
-@@ -116,12 +116,14 @@
- return -1;
- }
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- #ifndef OPENSSL_NO_KRB5
- if ( ((SSL *)c->extra_data)->kssl_ctx ) {
- kssl_ctx_free( ((SSL *)c->extra_data)->kssl_ctx );
- ((SSL *)c->extra_data)->kssl_ctx = 0;
- }
- #endif
-+#endif
-
- if ( c->proto_flags & F_TLS_DO_ACCEPT ) {
- LM_DBG("Setting in ACCEPT mode (server)\n");
---- a/modules/tls_mgm/tls_conn_server.h
-+++ b/modules/tls_mgm/tls_conn_server.h
-@@ -148,17 +148,21 @@
- }
-
- ssl = (SSL *) c->extra_data;
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- #ifndef OPENSSL_NO_KRB5
- if ( ssl->kssl_ctx==NULL )
- ssl->kssl_ctx = kssl_ctx_new( );
- #endif
-+#endif
- ret = SSL_accept(ssl);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- #ifndef OPENSSL_NO_KRB5
- if ( ssl->kssl_ctx ) {
- kssl_ctx_free( ssl->kssl_ctx );
- ssl->kssl_ctx = 0;
- }
- #endif
-+#endif
- if (ret > 0) {
- LM_INFO("New TLS connection from %s:%d accepted\n",
- ip_addr2a(&c->rcv.src_ip), c->rcv.src_port);
---- a/modules/tls_mgm/tls_mgm.c
-+++ b/modules/tls_mgm/tls_mgm.c
-@@ -557,11 +557,10 @@
- LM_NOTICE("subject = %s\n", buf);
- LM_NOTICE("verify error:num=%d:%s\n",
- err, X509_verify_cert_error_string(err));
-- LM_NOTICE("error code is %d\n", ctx->error);
-
-- switch (ctx->error) {
-+ switch (err) {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),
-+ X509_NAME_oneline(X509_get_issuer_name(err_cert),
- buf,sizeof buf);
- LM_NOTICE("issuer= %s\n",buf);
- break;
-@@ -611,7 +610,7 @@
-
- default:
- LM_NOTICE("something wrong with the cert"
-- " ... error code is %d (check x509_vfy.h)\n", ctx->error);
-+ " ... error code is %d (check x509_vfy.h)\n", err);
- break;
- }
-
-@@ -1074,9 +1073,11 @@
- return 0;
- }
-
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- static int check_for_krb(void)
- {
- SSL_CTX *xx;
-+
- int j;
-
- xx = SSL_CTX_new(ssl_methods[tls_default_method - 1]);
-@@ -1096,6 +1097,27 @@
- SSL_CTX_free(xx);
- return 0;
- }
-+#endif
-+
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+static int tls_static_locks_no=0;
-+static gen_lock_set_t* tls_static_locks=NULL;
-+
-+static void tls_static_locks_ops(int mode, int n, const char* file, int line)
-+{
-+ if (n<0 || n>tls_static_locks_no) {
-+ LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n");
-+ abort();
-+ }
-+
-+ if (mode & CRYPTO_LOCK) {
-+ lock_set_get(tls_static_locks,n);
-+ } else {
-+ lock_set_release(tls_static_locks,n);
-+ }
-+}
-+
-+
-
- static int tls_init_multithread(void)
- {
-@@ -1126,6 +1148,7 @@
-
- return 0;
- }
-+#endif
-
- /*
- * initialize ssl methods
-@@ -1135,19 +1158,31 @@
- {
- LM_DBG("entered\n");
-
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLS_client_method();
-+ ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLS_server_method();
-+ ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLS_method();
-+#else
- ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLSv1_client_method();
- ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLSv1_server_method();
- ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLSv1_method();
-+#endif
-
- ssl_methods[TLS_USE_SSLv23_cli-1] = (SSL_METHOD*)SSLv23_client_method();
- ssl_methods[TLS_USE_SSLv23_srv-1] = (SSL_METHOD*)SSLv23_server_method();
- ssl_methods[TLS_USE_SSLv23-1] = (SSL_METHOD*)SSLv23_method();
-
- #if OPENSSL_VERSION_NUMBER >= 0x10001000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLS_client_method();
-+ ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLS_server_method();
-+ ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLS_method();
-+#else
- ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLSv1_2_client_method();
- ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLSv1_2_server_method();
- ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLSv1_2_method();
- #endif
-+#endif
- }
-
- /* reloads data from the db */
-@@ -1273,10 +1308,10 @@
- * CRYPTO_malloc will set allow_customize in openssl to 0
- */
- if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) {
-- LM_ERR("unable to set the memory allocation functions\n");
-- LM_ERR("NOTE: check if you have openssl 1.0.1e-fips, as this "
-- "version is know to be broken; if so, you need to upgrade or "
-- "downgrade to a differen openssl version !!\n");
-+ LM_ERR("NOTE: check if you are using openssl 1.0.1e-fips, (or other "
-+ "FIPS version of openssl, as this is known to be broken; if so, "
-+ "you need to upgrade or downgrade to a different openssl version!\n");
-+ LM_ERR("current version: %s\n", SSLeay_version(SSLEAY_VERSION));
- return -1;
- }
-
-@@ -1291,15 +1326,18 @@
- sk_SSL_COMP_zero(comp_methods);
- }
- #endif
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- if (tls_init_multithread() < 0) {
- LM_ERR("failed to init multi-threading support\n");
- return -1;
- }
-+#endif
-
- SSL_library_init();
- SSL_load_error_strings();
- init_ssl_methods();
-
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- n = check_for_krb();
- if (n==-1) {
- LM_ERR("kerberos check failed\n");
-@@ -1318,6 +1356,7 @@
- (n==1)?"":"no ",(n!=1)?"no ":"");
- return -1;
- }
-+#endif
-
- /*
- * finish setting up the tls default domains
---- a/modules/identity/identity.c
-+++ b/modules/identity/identity.c
-@@ -107,6 +107,9 @@
- #include "identity.h"
-
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#define EVP_MD_CTX_free EVP_MD_CTX_cleanup
-+#endif
-
- /* parameters */
-
-@@ -831,7 +834,11 @@
- {
- #define IDENTITY_HDR_S "Identity: \""
- #define IDENTITY_HDR_L (sizeof(IDENTITY_HDR_S)-1)
-- EVP_MD_CTX ctx;
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ EVP_MD_CTX *pctx;
-+#else
-+ EVP_MD_CTX ctx, *pctx = &ctx;
-+#endif
- unsigned int siglen = 0;
- int b64len = 0;
- unsigned char * sig = NULL;
-@@ -843,27 +850,30 @@
- LM_ERR("error making digest string\n");
- return 0;
- }
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ pctx = EVP_MD_CTX_new();
-+#endif
-
-- EVP_SignInit(&ctx, EVP_sha1());
-+ EVP_SignInit(pctx, EVP_sha1());
-
-- EVP_SignUpdate(&ctx, digestString, strlen(digestString));
-+ EVP_SignUpdate(pctx, digestString, strlen(digestString));
-
- sig = pkg_malloc(EVP_PKEY_size(privKey_evp));
- if(!sig)
- {
-- EVP_MD_CTX_cleanup(&ctx);
-+ EVP_MD_CTX_free(pctx);
- LM_ERR("failed allocating memory\n");
- return 0;
- }
-
-- if(!EVP_SignFinal(&ctx, sig, &siglen, privKey_evp))
-+ if(!EVP_SignFinal(pctx, sig, &siglen, privKey_evp))
- {
-- EVP_MD_CTX_cleanup(&ctx);
-+ EVP_MD_CTX_free(pctx);
- pkg_free(sig);
- LM_ERR("error calculating signature\n");
- return 0;
- }
-- EVP_MD_CTX_cleanup(&ctx);
-+ EVP_MD_CTX_free(pctx);
-
- /* ###Base64-encoding### */
- /* annotation: The next few lines are based on example 7-11 of [VIE-02] */
-@@ -1138,6 +1148,10 @@
- const unsigned char * data;
- STACK_OF(CONF_VALUE) * val;
- CONF_VALUE * nval;
-+ int len;
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ ASN1_OCTET_STRING *adata;
-+#endif
-
- if(!cert || !msg)
- {
-@@ -1190,15 +1204,22 @@
- LM_ERR("X509V3_EXT_get failed\n");
- return 0;
- }
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ adata = X509_EXTENSION_get_data(cext);
-+ data = ASN1_STRING_get0_data(adata);
-+ len = ASN1_STRING_length(adata);
-+#else
- data = cext->value->data;
-+ len = cext->value->length;
-+#endif
- if(meth->it)
- {
- ext_str = ASN1_item_d2i(NULL, &data,
-- cext->value->length, ASN1_ITEM_ptr(meth->it));
-+ len, ASN1_ITEM_ptr(meth->it));
- }
- else
- {
-- ext_str = meth->d2i(NULL, &data, cext->value->length);
-+ ext_str = meth->d2i(NULL, &data, len);
- }
-
- val = meth->i2v(meth, ext_str, NULL);
-@@ -1251,7 +1272,11 @@
- int siglen = -1;
- unsigned char * sigbuf = NULL;
- int b64len = 0;
-- EVP_MD_CTX ctx;
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ EVP_MD_CTX *pctx;
-+#else
-+ EVP_MD_CTX ctx, *pctx = &ctx;
-+#endif
- int result = 0;
- char *p;
- unsigned long err;
-@@ -1295,22 +1320,25 @@
- p=strstr(identityHF , "=");
- siglen-=strspn(p , "=");
-
-- EVP_VerifyInit(&ctx, EVP_sha1());
-- EVP_VerifyUpdate(&ctx, digestString, strlen(digestString));
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ pctx = EVP_MD_CTX_new();
-+#endif
-+ EVP_VerifyInit(pctx, EVP_sha1());
-+ EVP_VerifyUpdate(pctx, digestString, strlen(digestString));
-
- pubkey = X509_get_pubkey(cert);
- if(!pubkey)
- {
-- EVP_MD_CTX_cleanup(&ctx);
-+ EVP_MD_CTX_free(pctx);
- pkg_free(sigbuf);
- LM_ERR("error reading pubkey from cert\n");
- return 0;
- }
-
-- result = EVP_VerifyFinal(&ctx, sigbuf, siglen, pubkey);
-+ result = EVP_VerifyFinal(pctx, sigbuf, siglen, pubkey);
-
- EVP_PKEY_free(pubkey);
-- EVP_MD_CTX_cleanup(&ctx);
-+ EVP_MD_CTX_free(pctx);
- pkg_free(sigbuf);
-
- switch(result)
-@@ -1715,8 +1743,9 @@
- {
- if (!ok)
- {
-+ int err = X509_STORE_CTX_get_error(stor);
- LM_INFO("certificate validation failed: %s\n",
-- X509_verify_cert_error_string(stor->error));
-+ X509_verify_cert_error_string(err));
- }
-
- return ok;
Copied: opensips/repos/community-i686/port-tls-1.1.0.patch (from rev 225288, opensips/trunk/port-tls-1.1.0.patch)
===================================================================
--- community-i686/port-tls-1.1.0.patch (rev 0)
+++ community-i686/port-tls-1.1.0.patch 2017-04-25 12:11:43 UTC (rev 225289)
@@ -0,0 +1,446 @@
+Description: Port tls_mgm module to openssl 1.1.0.
+Author: Răzvan Crainea <razvan at opensips.org>
+Last-Update: 2016-12-01
+--- a/modules/tls_mgm/tls.h
++++ b/modules/tls_mgm/tls.h
+@@ -64,41 +64,50 @@
+ #warning ""
+ #endif
+
+-static int tls_static_locks_no=0;
+-static gen_lock_set_t* tls_static_locks=NULL;
+-
+ static SSL_METHOD *ssl_methods[TLS_USE_TLSv1_2 + 1];
+
+ #define VERIFY_DEPTH_S 3
+
+
+-struct CRYPTO_dynlock_value {
+- gen_lock_t lock;
+-};
+-
+-static unsigned long tls_get_id(void)
+-{
+- return my_pid();
+-}
+-
+ /*
+ * Wrappers around OpenSIPS shared memory functions
+ * (which can be macros)
+ */
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++static void* os_malloc(size_t size, const char *file, int line)
++#else
+ static void* os_malloc(size_t size)
++#endif
+ {
++#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L)
++ return _shm_malloc(size, file, __FUNCTION__, line);
++#else
+ return shm_malloc(size);
++#endif
+ }
+
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++static void* os_realloc(void *ptr, size_t size, const char *file, int line)
++#else
+ static void* os_realloc(void *ptr, size_t size)
++#endif
+ {
++#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L)
++ return _shm_realloc(ptr, size, file, __FUNCTION__, line);
++#else
+ return shm_realloc(ptr, size);
++#endif
+ }
+
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++static void os_free(void *ptr, const char *file, int line)
++#else
+ static void os_free(void *ptr)
++#endif
+ {
++ /* TODO: also handle free file and line */
+ if (ptr)
+ shm_free(ptr);
+ }
+@@ -106,21 +115,17 @@
+
+
+
+-static void tls_static_locks_ops(int mode, int n, const char* file, int line)
+-{
+- if (n<0 || n>tls_static_locks_no) {
+- LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n");
+- abort();
+- }
++/* these locks can not be used in 1.1.0, because the interface has changed */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++struct CRYPTO_dynlock_value {
++ gen_lock_t lock;
++};
+
+- if (mode & CRYPTO_LOCK) {
+- lock_set_get(tls_static_locks,n);
+- } else {
+- lock_set_release(tls_static_locks,n);
+- }
++static unsigned long tls_get_id(void)
++{
++ return my_pid();
+ }
+
+-
+ static struct CRYPTO_dynlock_value* tls_dyn_lock_create(const char* file,
+ int line)
+ {
+@@ -158,5 +163,6 @@
+ lock_destroy(&dyn_lock->lock);
+ shm_free(dyn_lock);
+ }
++#endif
+
+ #endif /* _PROTO_TLS_H_ */
+--- a/modules/tls_mgm/tls_conn_ops.h
++++ b/modules/tls_mgm/tls_conn_ops.h
+@@ -116,12 +116,14 @@
+ return -1;
+ }
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #ifndef OPENSSL_NO_KRB5
+ if ( ((SSL *)c->extra_data)->kssl_ctx ) {
+ kssl_ctx_free( ((SSL *)c->extra_data)->kssl_ctx );
+ ((SSL *)c->extra_data)->kssl_ctx = 0;
+ }
+ #endif
++#endif
+
+ if ( c->proto_flags & F_TLS_DO_ACCEPT ) {
+ LM_DBG("Setting in ACCEPT mode (server)\n");
+--- a/modules/tls_mgm/tls_conn_server.h
++++ b/modules/tls_mgm/tls_conn_server.h
+@@ -148,17 +148,21 @@
+ }
+
+ ssl = (SSL *) c->extra_data;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #ifndef OPENSSL_NO_KRB5
+ if ( ssl->kssl_ctx==NULL )
+ ssl->kssl_ctx = kssl_ctx_new( );
+ #endif
++#endif
+ ret = SSL_accept(ssl);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #ifndef OPENSSL_NO_KRB5
+ if ( ssl->kssl_ctx ) {
+ kssl_ctx_free( ssl->kssl_ctx );
+ ssl->kssl_ctx = 0;
+ }
+ #endif
++#endif
+ if (ret > 0) {
+ LM_INFO("New TLS connection from %s:%d accepted\n",
+ ip_addr2a(&c->rcv.src_ip), c->rcv.src_port);
+--- a/modules/tls_mgm/tls_mgm.c
++++ b/modules/tls_mgm/tls_mgm.c
+@@ -557,11 +557,10 @@
+ LM_NOTICE("subject = %s\n", buf);
+ LM_NOTICE("verify error:num=%d:%s\n",
+ err, X509_verify_cert_error_string(err));
+- LM_NOTICE("error code is %d\n", ctx->error);
+
+- switch (ctx->error) {
++ switch (err) {
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),
++ X509_NAME_oneline(X509_get_issuer_name(err_cert),
+ buf,sizeof buf);
+ LM_NOTICE("issuer= %s\n",buf);
+ break;
+@@ -611,7 +610,7 @@
+
+ default:
+ LM_NOTICE("something wrong with the cert"
+- " ... error code is %d (check x509_vfy.h)\n", ctx->error);
++ " ... error code is %d (check x509_vfy.h)\n", err);
+ break;
+ }
+
+@@ -1074,9 +1073,11 @@
+ return 0;
+ }
+
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ static int check_for_krb(void)
+ {
+ SSL_CTX *xx;
++
+ int j;
+
+ xx = SSL_CTX_new(ssl_methods[tls_default_method - 1]);
+@@ -1096,6 +1097,27 @@
+ SSL_CTX_free(xx);
+ return 0;
+ }
++#endif
++
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++static int tls_static_locks_no=0;
++static gen_lock_set_t* tls_static_locks=NULL;
++
++static void tls_static_locks_ops(int mode, int n, const char* file, int line)
++{
++ if (n<0 || n>tls_static_locks_no) {
++ LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n");
++ abort();
++ }
++
++ if (mode & CRYPTO_LOCK) {
++ lock_set_get(tls_static_locks,n);
++ } else {
++ lock_set_release(tls_static_locks,n);
++ }
++}
++
++
+
+ static int tls_init_multithread(void)
+ {
+@@ -1126,6 +1148,7 @@
+
+ return 0;
+ }
++#endif
+
+ /*
+ * initialize ssl methods
+@@ -1135,19 +1158,31 @@
+ {
+ LM_DBG("entered\n");
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLS_client_method();
++ ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLS_server_method();
++ ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLS_method();
++#else
+ ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLSv1_client_method();
+ ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLSv1_server_method();
+ ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLSv1_method();
++#endif
+
+ ssl_methods[TLS_USE_SSLv23_cli-1] = (SSL_METHOD*)SSLv23_client_method();
+ ssl_methods[TLS_USE_SSLv23_srv-1] = (SSL_METHOD*)SSLv23_server_method();
+ ssl_methods[TLS_USE_SSLv23-1] = (SSL_METHOD*)SSLv23_method();
+
+ #if OPENSSL_VERSION_NUMBER >= 0x10001000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLS_client_method();
++ ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLS_server_method();
++ ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLS_method();
++#else
+ ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLSv1_2_client_method();
+ ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLSv1_2_server_method();
+ ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLSv1_2_method();
+ #endif
++#endif
+ }
+
+ /* reloads data from the db */
+@@ -1273,10 +1308,10 @@
+ * CRYPTO_malloc will set allow_customize in openssl to 0
+ */
+ if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) {
+- LM_ERR("unable to set the memory allocation functions\n");
+- LM_ERR("NOTE: check if you have openssl 1.0.1e-fips, as this "
+- "version is know to be broken; if so, you need to upgrade or "
+- "downgrade to a differen openssl version !!\n");
++ LM_ERR("NOTE: check if you are using openssl 1.0.1e-fips, (or other "
++ "FIPS version of openssl, as this is known to be broken; if so, "
++ "you need to upgrade or downgrade to a different openssl version!\n");
++ LM_ERR("current version: %s\n", SSLeay_version(SSLEAY_VERSION));
+ return -1;
+ }
+
+@@ -1291,15 +1326,18 @@
+ sk_SSL_COMP_zero(comp_methods);
+ }
+ #endif
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ if (tls_init_multithread() < 0) {
+ LM_ERR("failed to init multi-threading support\n");
+ return -1;
+ }
++#endif
+
+ SSL_library_init();
+ SSL_load_error_strings();
+ init_ssl_methods();
+
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ n = check_for_krb();
+ if (n==-1) {
+ LM_ERR("kerberos check failed\n");
+@@ -1318,6 +1356,7 @@
+ (n==1)?"":"no ",(n!=1)?"no ":"");
+ return -1;
+ }
++#endif
+
+ /*
+ * finish setting up the tls default domains
+--- a/modules/identity/identity.c
++++ b/modules/identity/identity.c
+@@ -107,6 +107,9 @@
+ #include "identity.h"
+
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define EVP_MD_CTX_free EVP_MD_CTX_cleanup
++#endif
+
+ /* parameters */
+
+@@ -831,7 +834,11 @@
+ {
+ #define IDENTITY_HDR_S "Identity: \""
+ #define IDENTITY_HDR_L (sizeof(IDENTITY_HDR_S)-1)
+- EVP_MD_CTX ctx;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ EVP_MD_CTX *pctx;
++#else
++ EVP_MD_CTX ctx, *pctx = &ctx;
++#endif
+ unsigned int siglen = 0;
+ int b64len = 0;
+ unsigned char * sig = NULL;
+@@ -843,27 +850,30 @@
+ LM_ERR("error making digest string\n");
+ return 0;
+ }
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ pctx = EVP_MD_CTX_new();
++#endif
+
+- EVP_SignInit(&ctx, EVP_sha1());
++ EVP_SignInit(pctx, EVP_sha1());
+
+- EVP_SignUpdate(&ctx, digestString, strlen(digestString));
++ EVP_SignUpdate(pctx, digestString, strlen(digestString));
+
+ sig = pkg_malloc(EVP_PKEY_size(privKey_evp));
+ if(!sig)
+ {
+- EVP_MD_CTX_cleanup(&ctx);
++ EVP_MD_CTX_free(pctx);
+ LM_ERR("failed allocating memory\n");
+ return 0;
+ }
+
+- if(!EVP_SignFinal(&ctx, sig, &siglen, privKey_evp))
++ if(!EVP_SignFinal(pctx, sig, &siglen, privKey_evp))
+ {
+- EVP_MD_CTX_cleanup(&ctx);
++ EVP_MD_CTX_free(pctx);
+ pkg_free(sig);
+ LM_ERR("error calculating signature\n");
+ return 0;
+ }
+- EVP_MD_CTX_cleanup(&ctx);
++ EVP_MD_CTX_free(pctx);
+
+ /* ###Base64-encoding### */
+ /* annotation: The next few lines are based on example 7-11 of [VIE-02] */
+@@ -1138,6 +1148,10 @@
+ const unsigned char * data;
+ STACK_OF(CONF_VALUE) * val;
+ CONF_VALUE * nval;
++ int len;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ ASN1_OCTET_STRING *adata;
++#endif
+
+ if(!cert || !msg)
+ {
+@@ -1190,15 +1204,22 @@
+ LM_ERR("X509V3_EXT_get failed\n");
+ return 0;
+ }
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ adata = X509_EXTENSION_get_data(cext);
++ data = ASN1_STRING_get0_data(adata);
++ len = ASN1_STRING_length(adata);
++#else
+ data = cext->value->data;
++ len = cext->value->length;
++#endif
+ if(meth->it)
+ {
+ ext_str = ASN1_item_d2i(NULL, &data,
+- cext->value->length, ASN1_ITEM_ptr(meth->it));
++ len, ASN1_ITEM_ptr(meth->it));
+ }
+ else
+ {
+- ext_str = meth->d2i(NULL, &data, cext->value->length);
++ ext_str = meth->d2i(NULL, &data, len);
+ }
+
+ val = meth->i2v(meth, ext_str, NULL);
+@@ -1251,7 +1272,11 @@
+ int siglen = -1;
+ unsigned char * sigbuf = NULL;
+ int b64len = 0;
+- EVP_MD_CTX ctx;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ EVP_MD_CTX *pctx;
++#else
++ EVP_MD_CTX ctx, *pctx = &ctx;
++#endif
+ int result = 0;
+ char *p;
+ unsigned long err;
+@@ -1295,22 +1320,25 @@
+ p=strstr(identityHF , "=");
+ siglen-=strspn(p , "=");
+
+- EVP_VerifyInit(&ctx, EVP_sha1());
+- EVP_VerifyUpdate(&ctx, digestString, strlen(digestString));
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ pctx = EVP_MD_CTX_new();
++#endif
++ EVP_VerifyInit(pctx, EVP_sha1());
++ EVP_VerifyUpdate(pctx, digestString, strlen(digestString));
+
+ pubkey = X509_get_pubkey(cert);
+ if(!pubkey)
+ {
+- EVP_MD_CTX_cleanup(&ctx);
++ EVP_MD_CTX_free(pctx);
+ pkg_free(sigbuf);
+ LM_ERR("error reading pubkey from cert\n");
+ return 0;
+ }
+
+- result = EVP_VerifyFinal(&ctx, sigbuf, siglen, pubkey);
++ result = EVP_VerifyFinal(pctx, sigbuf, siglen, pubkey);
+
+ EVP_PKEY_free(pubkey);
+- EVP_MD_CTX_cleanup(&ctx);
++ EVP_MD_CTX_free(pctx);
+ pkg_free(sigbuf);
+
+ switch(result)
+@@ -1715,8 +1743,9 @@
+ {
+ if (!ok)
+ {
++ int err = X509_STORE_CTX_get_error(stor);
+ LM_INFO("certificate validation failed: %s\n",
+- X509_verify_cert_error_string(stor->error));
++ X509_verify_cert_error_string(err));
+ }
+
+ return ok;
Deleted: community-x86_64/PKGBUILD
===================================================================
--- community-x86_64/PKGBUILD 2017-04-25 12:11:19 UTC (rev 225288)
+++ community-x86_64/PKGBUILD 2017-04-25 12:11:43 UTC (rev 225289)
@@ -1,86 +0,0 @@
-# $Id$
-# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
-
-pkgname=opensips
-pkgver=2.2.2
-pkgrel=4
-pkgdesc="An Open Source SIP Server able to act as a SIP proxy, registrar, location server, redirect server ..."
-url="http://www.opensips.org"
-depends=('gcc-libs' 'openssl' 'db' 'attr' 'libxml2')
-makedepends=('postgresql-libs>=8.4.1' 'unixodbc' 'libldap>=2.4.18' 'libmariadbclient'
- 'lynx' 'libxslt' 'libmicrohttpd')
-optdepends=('postgresql-libs'
- 'unixodbc'
- 'libldap'
- 'libmariadbclient'
- 'libsasl'
- 'python2'
- 'pcre')
-backup=("etc/opensips/opensips.cfg"
- "etc/opensips/osipsconsolerc"
- "etc/opensips/opensipsctlrc")
-arch=('i686' 'x86_64')
-license=('GPL')
-install=opensips.install
-options=('!emptydirs' 'zipman' '!makeflags' 'docs')
-source=(https://opensips.org/pub/opensips/${pkgver}/opensips-${pkgver}.tar.gz
- opensips.service
- port-tls-1.1.0.patch)
-sha256sums=('a21777b37c3669617d24b97697dc3f4e613ec87b292f4541cf956a2d539e70c4'
- 'c2fec4be085b108db10834fa9832e98d696c2de6408f85f96cf89c13bf6be819'
- '1ad2558c329a1b41948ff9ef1c8169289b38500ce8183e50bae653ef82afdbec')
-
-prepare() {
- cd "$srcdir"/$pkgname-$pkgver/
-
- # python2 fix
- for file in $(find . -name '*.py' -print); do
- sed -i 's_^#!.*/usr/bin/python_#!/usr/bin/python2_' $file
- sed -i 's_^#!.*/usr/bin/env.*python_#!/usr/bin/env python2_' $file
- done
-
- sed -i 's|sbin|bin|g' Makefile
- sed -i 's|bin-dir = sbin/|bin-dir = bin/|' Makefile.defs
-
- patch -Np1 -i ../port-tls-1.1.0.patch
-}
-
-_modules="ldap db_mysql db_postgres db_unixodbc presence presence_xml h350 proto_tls tlsops tls_mgm db_http httpd tm rr"
-
-build() {
- cd "$srcdir"/$pkgname-$pkgver/
-
- make \
- include_modules="${_modules}" \
- LIBDIR=lib PREFIX=/usr
-}
-
-package() {
- cd "$srcdir"/$pkgname-$pkgver/
-
- make \
- include_modules="${_modules}" \
- BASEDIR="$pkgdir" PREFIX=/usr LIBDIR=lib install
-
- # Conforms to the arch packaging standards (http://wiki.archlinux.org/index.php/Arch_Packaging_Standards)
- mkdir -p "$pkgdir"/etc/
- mv "$pkgdir"/usr/etc/opensips/ "$pkgdir"/etc/
- sed -i 's#mpath=".*lib/opensips/modules/"#mpath="/usr/lib/opensips/modules/"#' "$pkgdir"/etc/opensips/opensips.cfg
-
- # fix bad paths
- cd "$pkgdir"/usr/share
- find -type f -exec sed -i "s#"$pkgdir"##" {} \;
-
- cd "$pkgdir"/usr/lib/opensips/opensipsctl
- find -type f -exec sed -i "s#"$pkgdir"##" {} \;
-
- mv "$pkgdir"/usr/sbin "$pkgdir"/usr/bin
-
- cd "$pkgdir"/usr/bin
- sed -i "s#"$pkgdir"##" opensipsctl opensipsdbctl osipsconsole
-
- cd "$pkgdir"/etc
- find -type f -exec sed -i "s#"$pkgdir"##" {} \;
-
- install -Dm0644 "$srcdir"/$pkgname.service "$pkgdir"/usr/lib/systemd/system/$pkgname.service
-}
Copied: opensips/repos/community-x86_64/PKGBUILD (from rev 225288, opensips/trunk/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD (rev 0)
+++ community-x86_64/PKGBUILD 2017-04-25 12:11:43 UTC (rev 225289)
@@ -0,0 +1,86 @@
+# $Id$
+# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
+
+pkgname=opensips
+pkgver=2.2.3
+pkgrel=1
+pkgdesc="An Open Source SIP Server able to act as a SIP proxy, registrar, location server, redirect server ..."
+url="http://www.opensips.org"
+depends=('gcc-libs' 'openssl' 'db' 'attr' 'libxml2')
+makedepends=('postgresql-libs>=8.4.1' 'unixodbc' 'libldap>=2.4.18' 'libmariadbclient'
+ 'lynx' 'libxslt' 'libmicrohttpd')
+optdepends=('postgresql-libs'
+ 'unixodbc'
+ 'libldap'
+ 'libmariadbclient'
+ 'libsasl'
+ 'python2'
+ 'pcre')
+backup=("etc/opensips/opensips.cfg"
+ "etc/opensips/osipsconsolerc"
+ "etc/opensips/opensipsctlrc")
+arch=('i686' 'x86_64')
+license=('GPL')
+install=opensips.install
+options=('!emptydirs' 'zipman' '!makeflags' 'docs')
+source=(https://opensips.org/pub/opensips/${pkgver}/opensips-${pkgver}.tar.gz
+ opensips.service
+ port-tls-1.1.0.patch)
+sha256sums=('ccf540f7aae4335a8319b83f6cb87b562e665991fe1c2adc4e8eb4d4f3042dd7'
+ 'c2fec4be085b108db10834fa9832e98d696c2de6408f85f96cf89c13bf6be819'
+ '1ad2558c329a1b41948ff9ef1c8169289b38500ce8183e50bae653ef82afdbec')
+
+prepare() {
+ cd "$srcdir"/$pkgname-$pkgver/
+
+ # python2 fix
+ for file in $(find . -name '*.py' -print); do
+ sed -i 's_^#!.*/usr/bin/python_#!/usr/bin/python2_' $file
+ sed -i 's_^#!.*/usr/bin/env.*python_#!/usr/bin/env python2_' $file
+ done
+
+ sed -i 's|sbin|bin|g' Makefile
+ sed -i 's|bin-dir = sbin/|bin-dir = bin/|' Makefile.defs
+
+ patch -Np1 -i ../port-tls-1.1.0.patch
+}
+
+_modules="ldap db_mysql db_postgres db_unixodbc presence presence_xml h350 proto_tls tlsops tls_mgm db_http httpd tm rr"
+
+build() {
+ cd "$srcdir"/$pkgname-$pkgver/
+
+ make \
+ include_modules="${_modules}" \
+ LIBDIR=lib PREFIX=/usr
+}
+
+package() {
+ cd "$srcdir"/$pkgname-$pkgver/
+
+ make \
+ include_modules="${_modules}" \
+ BASEDIR="$pkgdir" PREFIX=/usr LIBDIR=lib install
+
+ # Conforms to the arch packaging standards (http://wiki.archlinux.org/index.php/Arch_Packaging_Standards)
+ mkdir -p "$pkgdir"/etc/
+ mv "$pkgdir"/usr/etc/opensips/ "$pkgdir"/etc/
+ sed -i 's#mpath=".*lib/opensips/modules/"#mpath="/usr/lib/opensips/modules/"#' "$pkgdir"/etc/opensips/opensips.cfg
+
+ # fix bad paths
+ cd "$pkgdir"/usr/share
+ find -type f -exec sed -i "s#"$pkgdir"##" {} \;
+
+ cd "$pkgdir"/usr/lib/opensips/opensipsctl
+ find -type f -exec sed -i "s#"$pkgdir"##" {} \;
+
+ mv "$pkgdir"/usr/sbin "$pkgdir"/usr/bin
+
+ cd "$pkgdir"/usr/bin
+ sed -i "s#"$pkgdir"##" opensipsctl opensipsdbctl osipsconsole
+
+ cd "$pkgdir"/etc
+ find -type f -exec sed -i "s#"$pkgdir"##" {} \;
+
+ install -Dm0644 "$srcdir"/$pkgname.service "$pkgdir"/usr/lib/systemd/system/$pkgname.service
+}
Deleted: community-x86_64/opensips.install
===================================================================
--- community-x86_64/opensips.install 2017-04-25 12:11:19 UTC (rev 225288)
+++ community-x86_64/opensips.install 2017-04-25 12:11:43 UTC (rev 225289)
@@ -1,3 +0,0 @@
-post_install() {
- echo "To use MySQL, you should install mysql package and run 'opensipsdbctl create'"
-}
Copied: opensips/repos/community-x86_64/opensips.install (from rev 225288, opensips/trunk/opensips.install)
===================================================================
--- community-x86_64/opensips.install (rev 0)
+++ community-x86_64/opensips.install 2017-04-25 12:11:43 UTC (rev 225289)
@@ -0,0 +1,3 @@
+post_install() {
+ echo "To use MySQL, you should install mysql package and run 'opensipsdbctl create'"
+}
Deleted: community-x86_64/opensips.service
===================================================================
--- community-x86_64/opensips.service 2017-04-25 12:11:19 UTC (rev 225288)
+++ community-x86_64/opensips.service 2017-04-25 12:11:43 UTC (rev 225289)
@@ -1,11 +0,0 @@
-[Unit]
-Description=OpenSIPS daemon
-After=network.target remote-fs.target nss-lookup.target
-
-[Service]
-Type=forking
-PIDFile=/run/opensips.pid
-ExecStart=/usr/bin/opensips -f /etc/opensips/opensips.cfg -w /var/tmp -P /run/opensips.pid
-
-[Install]
-WantedBy=multi-user.target
Copied: opensips/repos/community-x86_64/opensips.service (from rev 225288, opensips/trunk/opensips.service)
===================================================================
--- community-x86_64/opensips.service (rev 0)
+++ community-x86_64/opensips.service 2017-04-25 12:11:43 UTC (rev 225289)
@@ -0,0 +1,11 @@
+[Unit]
+Description=OpenSIPS daemon
+After=network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=forking
+PIDFile=/run/opensips.pid
+ExecStart=/usr/bin/opensips -f /etc/opensips/opensips.cfg -w /var/tmp -P /run/opensips.pid
+
+[Install]
+WantedBy=multi-user.target
Deleted: community-x86_64/port-tls-1.1.0.patch
===================================================================
--- community-x86_64/port-tls-1.1.0.patch 2017-04-25 12:11:19 UTC (rev 225288)
+++ community-x86_64/port-tls-1.1.0.patch 2017-04-25 12:11:43 UTC (rev 225289)
@@ -1,446 +0,0 @@
-Description: Port tls_mgm module to openssl 1.1.0.
-Author: Răzvan Crainea <razvan at opensips.org>
-Last-Update: 2016-12-01
---- a/modules/tls_mgm/tls.h
-+++ b/modules/tls_mgm/tls.h
-@@ -64,41 +64,50 @@
- #warning ""
- #endif
-
--static int tls_static_locks_no=0;
--static gen_lock_set_t* tls_static_locks=NULL;
--
- static SSL_METHOD *ssl_methods[TLS_USE_TLSv1_2 + 1];
-
- #define VERIFY_DEPTH_S 3
-
-
--struct CRYPTO_dynlock_value {
-- gen_lock_t lock;
--};
--
--static unsigned long tls_get_id(void)
--{
-- return my_pid();
--}
--
- /*
- * Wrappers around OpenSIPS shared memory functions
- * (which can be macros)
- */
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+static void* os_malloc(size_t size, const char *file, int line)
-+#else
- static void* os_malloc(size_t size)
-+#endif
- {
-+#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L)
-+ return _shm_malloc(size, file, __FUNCTION__, line);
-+#else
- return shm_malloc(size);
-+#endif
- }
-
-
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+static void* os_realloc(void *ptr, size_t size, const char *file, int line)
-+#else
- static void* os_realloc(void *ptr, size_t size)
-+#endif
- {
-+#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L)
-+ return _shm_realloc(ptr, size, file, __FUNCTION__, line);
-+#else
- return shm_realloc(ptr, size);
-+#endif
- }
-
-
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+static void os_free(void *ptr, const char *file, int line)
-+#else
- static void os_free(void *ptr)
-+#endif
- {
-+ /* TODO: also handle free file and line */
- if (ptr)
- shm_free(ptr);
- }
-@@ -106,21 +115,17 @@
-
-
-
--static void tls_static_locks_ops(int mode, int n, const char* file, int line)
--{
-- if (n<0 || n>tls_static_locks_no) {
-- LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n");
-- abort();
-- }
-+/* these locks can not be used in 1.1.0, because the interface has changed */
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+struct CRYPTO_dynlock_value {
-+ gen_lock_t lock;
-+};
-
-- if (mode & CRYPTO_LOCK) {
-- lock_set_get(tls_static_locks,n);
-- } else {
-- lock_set_release(tls_static_locks,n);
-- }
-+static unsigned long tls_get_id(void)
-+{
-+ return my_pid();
- }
-
--
- static struct CRYPTO_dynlock_value* tls_dyn_lock_create(const char* file,
- int line)
- {
-@@ -158,5 +163,6 @@
- lock_destroy(&dyn_lock->lock);
- shm_free(dyn_lock);
- }
-+#endif
-
- #endif /* _PROTO_TLS_H_ */
---- a/modules/tls_mgm/tls_conn_ops.h
-+++ b/modules/tls_mgm/tls_conn_ops.h
-@@ -116,12 +116,14 @@
- return -1;
- }
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- #ifndef OPENSSL_NO_KRB5
- if ( ((SSL *)c->extra_data)->kssl_ctx ) {
- kssl_ctx_free( ((SSL *)c->extra_data)->kssl_ctx );
- ((SSL *)c->extra_data)->kssl_ctx = 0;
- }
- #endif
-+#endif
-
- if ( c->proto_flags & F_TLS_DO_ACCEPT ) {
- LM_DBG("Setting in ACCEPT mode (server)\n");
---- a/modules/tls_mgm/tls_conn_server.h
-+++ b/modules/tls_mgm/tls_conn_server.h
-@@ -148,17 +148,21 @@
- }
-
- ssl = (SSL *) c->extra_data;
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- #ifndef OPENSSL_NO_KRB5
- if ( ssl->kssl_ctx==NULL )
- ssl->kssl_ctx = kssl_ctx_new( );
- #endif
-+#endif
- ret = SSL_accept(ssl);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- #ifndef OPENSSL_NO_KRB5
- if ( ssl->kssl_ctx ) {
- kssl_ctx_free( ssl->kssl_ctx );
- ssl->kssl_ctx = 0;
- }
- #endif
-+#endif
- if (ret > 0) {
- LM_INFO("New TLS connection from %s:%d accepted\n",
- ip_addr2a(&c->rcv.src_ip), c->rcv.src_port);
---- a/modules/tls_mgm/tls_mgm.c
-+++ b/modules/tls_mgm/tls_mgm.c
-@@ -557,11 +557,10 @@
- LM_NOTICE("subject = %s\n", buf);
- LM_NOTICE("verify error:num=%d:%s\n",
- err, X509_verify_cert_error_string(err));
-- LM_NOTICE("error code is %d\n", ctx->error);
-
-- switch (ctx->error) {
-+ switch (err) {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),
-+ X509_NAME_oneline(X509_get_issuer_name(err_cert),
- buf,sizeof buf);
- LM_NOTICE("issuer= %s\n",buf);
- break;
-@@ -611,7 +610,7 @@
-
- default:
- LM_NOTICE("something wrong with the cert"
-- " ... error code is %d (check x509_vfy.h)\n", ctx->error);
-+ " ... error code is %d (check x509_vfy.h)\n", err);
- break;
- }
-
-@@ -1074,9 +1073,11 @@
- return 0;
- }
-
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- static int check_for_krb(void)
- {
- SSL_CTX *xx;
-+
- int j;
-
- xx = SSL_CTX_new(ssl_methods[tls_default_method - 1]);
-@@ -1096,6 +1097,27 @@
- SSL_CTX_free(xx);
- return 0;
- }
-+#endif
-+
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+static int tls_static_locks_no=0;
-+static gen_lock_set_t* tls_static_locks=NULL;
-+
-+static void tls_static_locks_ops(int mode, int n, const char* file, int line)
-+{
-+ if (n<0 || n>tls_static_locks_no) {
-+ LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n");
-+ abort();
-+ }
-+
-+ if (mode & CRYPTO_LOCK) {
-+ lock_set_get(tls_static_locks,n);
-+ } else {
-+ lock_set_release(tls_static_locks,n);
-+ }
-+}
-+
-+
-
- static int tls_init_multithread(void)
- {
-@@ -1126,6 +1148,7 @@
-
- return 0;
- }
-+#endif
-
- /*
- * initialize ssl methods
-@@ -1135,19 +1158,31 @@
- {
- LM_DBG("entered\n");
-
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLS_client_method();
-+ ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLS_server_method();
-+ ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLS_method();
-+#else
- ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLSv1_client_method();
- ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLSv1_server_method();
- ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLSv1_method();
-+#endif
-
- ssl_methods[TLS_USE_SSLv23_cli-1] = (SSL_METHOD*)SSLv23_client_method();
- ssl_methods[TLS_USE_SSLv23_srv-1] = (SSL_METHOD*)SSLv23_server_method();
- ssl_methods[TLS_USE_SSLv23-1] = (SSL_METHOD*)SSLv23_method();
-
- #if OPENSSL_VERSION_NUMBER >= 0x10001000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLS_client_method();
-+ ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLS_server_method();
-+ ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLS_method();
-+#else
- ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLSv1_2_client_method();
- ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLSv1_2_server_method();
- ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLSv1_2_method();
- #endif
-+#endif
- }
-
- /* reloads data from the db */
-@@ -1273,10 +1308,10 @@
- * CRYPTO_malloc will set allow_customize in openssl to 0
- */
- if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) {
-- LM_ERR("unable to set the memory allocation functions\n");
-- LM_ERR("NOTE: check if you have openssl 1.0.1e-fips, as this "
-- "version is know to be broken; if so, you need to upgrade or "
-- "downgrade to a differen openssl version !!\n");
-+ LM_ERR("NOTE: check if you are using openssl 1.0.1e-fips, (or other "
-+ "FIPS version of openssl, as this is known to be broken; if so, "
-+ "you need to upgrade or downgrade to a different openssl version!\n");
-+ LM_ERR("current version: %s\n", SSLeay_version(SSLEAY_VERSION));
- return -1;
- }
-
-@@ -1291,15 +1326,18 @@
- sk_SSL_COMP_zero(comp_methods);
- }
- #endif
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- if (tls_init_multithread() < 0) {
- LM_ERR("failed to init multi-threading support\n");
- return -1;
- }
-+#endif
-
- SSL_library_init();
- SSL_load_error_strings();
- init_ssl_methods();
-
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- n = check_for_krb();
- if (n==-1) {
- LM_ERR("kerberos check failed\n");
-@@ -1318,6 +1356,7 @@
- (n==1)?"":"no ",(n!=1)?"no ":"");
- return -1;
- }
-+#endif
-
- /*
- * finish setting up the tls default domains
---- a/modules/identity/identity.c
-+++ b/modules/identity/identity.c
-@@ -107,6 +107,9 @@
- #include "identity.h"
-
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#define EVP_MD_CTX_free EVP_MD_CTX_cleanup
-+#endif
-
- /* parameters */
-
-@@ -831,7 +834,11 @@
- {
- #define IDENTITY_HDR_S "Identity: \""
- #define IDENTITY_HDR_L (sizeof(IDENTITY_HDR_S)-1)
-- EVP_MD_CTX ctx;
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ EVP_MD_CTX *pctx;
-+#else
-+ EVP_MD_CTX ctx, *pctx = &ctx;
-+#endif
- unsigned int siglen = 0;
- int b64len = 0;
- unsigned char * sig = NULL;
-@@ -843,27 +850,30 @@
- LM_ERR("error making digest string\n");
- return 0;
- }
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ pctx = EVP_MD_CTX_new();
-+#endif
-
-- EVP_SignInit(&ctx, EVP_sha1());
-+ EVP_SignInit(pctx, EVP_sha1());
-
-- EVP_SignUpdate(&ctx, digestString, strlen(digestString));
-+ EVP_SignUpdate(pctx, digestString, strlen(digestString));
-
- sig = pkg_malloc(EVP_PKEY_size(privKey_evp));
- if(!sig)
- {
-- EVP_MD_CTX_cleanup(&ctx);
-+ EVP_MD_CTX_free(pctx);
- LM_ERR("failed allocating memory\n");
- return 0;
- }
-
-- if(!EVP_SignFinal(&ctx, sig, &siglen, privKey_evp))
-+ if(!EVP_SignFinal(pctx, sig, &siglen, privKey_evp))
- {
-- EVP_MD_CTX_cleanup(&ctx);
-+ EVP_MD_CTX_free(pctx);
- pkg_free(sig);
- LM_ERR("error calculating signature\n");
- return 0;
- }
-- EVP_MD_CTX_cleanup(&ctx);
-+ EVP_MD_CTX_free(pctx);
-
- /* ###Base64-encoding### */
- /* annotation: The next few lines are based on example 7-11 of [VIE-02] */
-@@ -1138,6 +1148,10 @@
- const unsigned char * data;
- STACK_OF(CONF_VALUE) * val;
- CONF_VALUE * nval;
-+ int len;
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ ASN1_OCTET_STRING *adata;
-+#endif
-
- if(!cert || !msg)
- {
-@@ -1190,15 +1204,22 @@
- LM_ERR("X509V3_EXT_get failed\n");
- return 0;
- }
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ adata = X509_EXTENSION_get_data(cext);
-+ data = ASN1_STRING_get0_data(adata);
-+ len = ASN1_STRING_length(adata);
-+#else
- data = cext->value->data;
-+ len = cext->value->length;
-+#endif
- if(meth->it)
- {
- ext_str = ASN1_item_d2i(NULL, &data,
-- cext->value->length, ASN1_ITEM_ptr(meth->it));
-+ len, ASN1_ITEM_ptr(meth->it));
- }
- else
- {
-- ext_str = meth->d2i(NULL, &data, cext->value->length);
-+ ext_str = meth->d2i(NULL, &data, len);
- }
-
- val = meth->i2v(meth, ext_str, NULL);
-@@ -1251,7 +1272,11 @@
- int siglen = -1;
- unsigned char * sigbuf = NULL;
- int b64len = 0;
-- EVP_MD_CTX ctx;
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ EVP_MD_CTX *pctx;
-+#else
-+ EVP_MD_CTX ctx, *pctx = &ctx;
-+#endif
- int result = 0;
- char *p;
- unsigned long err;
-@@ -1295,22 +1320,25 @@
- p=strstr(identityHF , "=");
- siglen-=strspn(p , "=");
-
-- EVP_VerifyInit(&ctx, EVP_sha1());
-- EVP_VerifyUpdate(&ctx, digestString, strlen(digestString));
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ pctx = EVP_MD_CTX_new();
-+#endif
-+ EVP_VerifyInit(pctx, EVP_sha1());
-+ EVP_VerifyUpdate(pctx, digestString, strlen(digestString));
-
- pubkey = X509_get_pubkey(cert);
- if(!pubkey)
- {
-- EVP_MD_CTX_cleanup(&ctx);
-+ EVP_MD_CTX_free(pctx);
- pkg_free(sigbuf);
- LM_ERR("error reading pubkey from cert\n");
- return 0;
- }
-
-- result = EVP_VerifyFinal(&ctx, sigbuf, siglen, pubkey);
-+ result = EVP_VerifyFinal(pctx, sigbuf, siglen, pubkey);
-
- EVP_PKEY_free(pubkey);
-- EVP_MD_CTX_cleanup(&ctx);
-+ EVP_MD_CTX_free(pctx);
- pkg_free(sigbuf);
-
- switch(result)
-@@ -1715,8 +1743,9 @@
- {
- if (!ok)
- {
-+ int err = X509_STORE_CTX_get_error(stor);
- LM_INFO("certificate validation failed: %s\n",
-- X509_verify_cert_error_string(stor->error));
-+ X509_verify_cert_error_string(err));
- }
-
- return ok;
Copied: opensips/repos/community-x86_64/port-tls-1.1.0.patch (from rev 225288, opensips/trunk/port-tls-1.1.0.patch)
===================================================================
--- community-x86_64/port-tls-1.1.0.patch (rev 0)
+++ community-x86_64/port-tls-1.1.0.patch 2017-04-25 12:11:43 UTC (rev 225289)
@@ -0,0 +1,446 @@
+Description: Port tls_mgm module to openssl 1.1.0.
+Author: Răzvan Crainea <razvan at opensips.org>
+Last-Update: 2016-12-01
+--- a/modules/tls_mgm/tls.h
++++ b/modules/tls_mgm/tls.h
+@@ -64,41 +64,50 @@
+ #warning ""
+ #endif
+
+-static int tls_static_locks_no=0;
+-static gen_lock_set_t* tls_static_locks=NULL;
+-
+ static SSL_METHOD *ssl_methods[TLS_USE_TLSv1_2 + 1];
+
+ #define VERIFY_DEPTH_S 3
+
+
+-struct CRYPTO_dynlock_value {
+- gen_lock_t lock;
+-};
+-
+-static unsigned long tls_get_id(void)
+-{
+- return my_pid();
+-}
+-
+ /*
+ * Wrappers around OpenSIPS shared memory functions
+ * (which can be macros)
+ */
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++static void* os_malloc(size_t size, const char *file, int line)
++#else
+ static void* os_malloc(size_t size)
++#endif
+ {
++#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L)
++ return _shm_malloc(size, file, __FUNCTION__, line);
++#else
+ return shm_malloc(size);
++#endif
+ }
+
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++static void* os_realloc(void *ptr, size_t size, const char *file, int line)
++#else
+ static void* os_realloc(void *ptr, size_t size)
++#endif
+ {
++#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L)
++ return _shm_realloc(ptr, size, file, __FUNCTION__, line);
++#else
+ return shm_realloc(ptr, size);
++#endif
+ }
+
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++static void os_free(void *ptr, const char *file, int line)
++#else
+ static void os_free(void *ptr)
++#endif
+ {
++ /* TODO: also handle free file and line */
+ if (ptr)
+ shm_free(ptr);
+ }
+@@ -106,21 +115,17 @@
+
+
+
+-static void tls_static_locks_ops(int mode, int n, const char* file, int line)
+-{
+- if (n<0 || n>tls_static_locks_no) {
+- LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n");
+- abort();
+- }
++/* these locks can not be used in 1.1.0, because the interface has changed */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++struct CRYPTO_dynlock_value {
++ gen_lock_t lock;
++};
+
+- if (mode & CRYPTO_LOCK) {
+- lock_set_get(tls_static_locks,n);
+- } else {
+- lock_set_release(tls_static_locks,n);
+- }
++static unsigned long tls_get_id(void)
++{
++ return my_pid();
+ }
+
+-
+ static struct CRYPTO_dynlock_value* tls_dyn_lock_create(const char* file,
+ int line)
+ {
+@@ -158,5 +163,6 @@
+ lock_destroy(&dyn_lock->lock);
+ shm_free(dyn_lock);
+ }
++#endif
+
+ #endif /* _PROTO_TLS_H_ */
+--- a/modules/tls_mgm/tls_conn_ops.h
++++ b/modules/tls_mgm/tls_conn_ops.h
+@@ -116,12 +116,14 @@
+ return -1;
+ }
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #ifndef OPENSSL_NO_KRB5
+ if ( ((SSL *)c->extra_data)->kssl_ctx ) {
+ kssl_ctx_free( ((SSL *)c->extra_data)->kssl_ctx );
+ ((SSL *)c->extra_data)->kssl_ctx = 0;
+ }
+ #endif
++#endif
+
+ if ( c->proto_flags & F_TLS_DO_ACCEPT ) {
+ LM_DBG("Setting in ACCEPT mode (server)\n");
+--- a/modules/tls_mgm/tls_conn_server.h
++++ b/modules/tls_mgm/tls_conn_server.h
+@@ -148,17 +148,21 @@
+ }
+
+ ssl = (SSL *) c->extra_data;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #ifndef OPENSSL_NO_KRB5
+ if ( ssl->kssl_ctx==NULL )
+ ssl->kssl_ctx = kssl_ctx_new( );
+ #endif
++#endif
+ ret = SSL_accept(ssl);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #ifndef OPENSSL_NO_KRB5
+ if ( ssl->kssl_ctx ) {
+ kssl_ctx_free( ssl->kssl_ctx );
+ ssl->kssl_ctx = 0;
+ }
+ #endif
++#endif
+ if (ret > 0) {
+ LM_INFO("New TLS connection from %s:%d accepted\n",
+ ip_addr2a(&c->rcv.src_ip), c->rcv.src_port);
+--- a/modules/tls_mgm/tls_mgm.c
++++ b/modules/tls_mgm/tls_mgm.c
+@@ -557,11 +557,10 @@
+ LM_NOTICE("subject = %s\n", buf);
+ LM_NOTICE("verify error:num=%d:%s\n",
+ err, X509_verify_cert_error_string(err));
+- LM_NOTICE("error code is %d\n", ctx->error);
+
+- switch (ctx->error) {
++ switch (err) {
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),
++ X509_NAME_oneline(X509_get_issuer_name(err_cert),
+ buf,sizeof buf);
+ LM_NOTICE("issuer= %s\n",buf);
+ break;
+@@ -611,7 +610,7 @@
+
+ default:
+ LM_NOTICE("something wrong with the cert"
+- " ... error code is %d (check x509_vfy.h)\n", ctx->error);
++ " ... error code is %d (check x509_vfy.h)\n", err);
+ break;
+ }
+
+@@ -1074,9 +1073,11 @@
+ return 0;
+ }
+
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ static int check_for_krb(void)
+ {
+ SSL_CTX *xx;
++
+ int j;
+
+ xx = SSL_CTX_new(ssl_methods[tls_default_method - 1]);
+@@ -1096,6 +1097,27 @@
+ SSL_CTX_free(xx);
+ return 0;
+ }
++#endif
++
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++static int tls_static_locks_no=0;
++static gen_lock_set_t* tls_static_locks=NULL;
++
++static void tls_static_locks_ops(int mode, int n, const char* file, int line)
++{
++ if (n<0 || n>tls_static_locks_no) {
++ LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n");
++ abort();
++ }
++
++ if (mode & CRYPTO_LOCK) {
++ lock_set_get(tls_static_locks,n);
++ } else {
++ lock_set_release(tls_static_locks,n);
++ }
++}
++
++
+
+ static int tls_init_multithread(void)
+ {
+@@ -1126,6 +1148,7 @@
+
+ return 0;
+ }
++#endif
+
+ /*
+ * initialize ssl methods
+@@ -1135,19 +1158,31 @@
+ {
+ LM_DBG("entered\n");
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLS_client_method();
++ ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLS_server_method();
++ ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLS_method();
++#else
+ ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLSv1_client_method();
+ ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLSv1_server_method();
+ ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLSv1_method();
++#endif
+
+ ssl_methods[TLS_USE_SSLv23_cli-1] = (SSL_METHOD*)SSLv23_client_method();
+ ssl_methods[TLS_USE_SSLv23_srv-1] = (SSL_METHOD*)SSLv23_server_method();
+ ssl_methods[TLS_USE_SSLv23-1] = (SSL_METHOD*)SSLv23_method();
+
+ #if OPENSSL_VERSION_NUMBER >= 0x10001000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLS_client_method();
++ ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLS_server_method();
++ ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLS_method();
++#else
+ ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLSv1_2_client_method();
+ ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLSv1_2_server_method();
+ ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLSv1_2_method();
+ #endif
++#endif
+ }
+
+ /* reloads data from the db */
+@@ -1273,10 +1308,10 @@
+ * CRYPTO_malloc will set allow_customize in openssl to 0
+ */
+ if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) {
+- LM_ERR("unable to set the memory allocation functions\n");
+- LM_ERR("NOTE: check if you have openssl 1.0.1e-fips, as this "
+- "version is know to be broken; if so, you need to upgrade or "
+- "downgrade to a differen openssl version !!\n");
++ LM_ERR("NOTE: check if you are using openssl 1.0.1e-fips, (or other "
++ "FIPS version of openssl, as this is known to be broken; if so, "
++ "you need to upgrade or downgrade to a different openssl version!\n");
++ LM_ERR("current version: %s\n", SSLeay_version(SSLEAY_VERSION));
+ return -1;
+ }
+
+@@ -1291,15 +1326,18 @@
+ sk_SSL_COMP_zero(comp_methods);
+ }
+ #endif
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ if (tls_init_multithread() < 0) {
+ LM_ERR("failed to init multi-threading support\n");
+ return -1;
+ }
++#endif
+
+ SSL_library_init();
+ SSL_load_error_strings();
+ init_ssl_methods();
+
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ n = check_for_krb();
+ if (n==-1) {
+ LM_ERR("kerberos check failed\n");
+@@ -1318,6 +1356,7 @@
+ (n==1)?"":"no ",(n!=1)?"no ":"");
+ return -1;
+ }
++#endif
+
+ /*
+ * finish setting up the tls default domains
+--- a/modules/identity/identity.c
++++ b/modules/identity/identity.c
+@@ -107,6 +107,9 @@
+ #include "identity.h"
+
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define EVP_MD_CTX_free EVP_MD_CTX_cleanup
++#endif
+
+ /* parameters */
+
+@@ -831,7 +834,11 @@
+ {
+ #define IDENTITY_HDR_S "Identity: \""
+ #define IDENTITY_HDR_L (sizeof(IDENTITY_HDR_S)-1)
+- EVP_MD_CTX ctx;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ EVP_MD_CTX *pctx;
++#else
++ EVP_MD_CTX ctx, *pctx = &ctx;
++#endif
+ unsigned int siglen = 0;
+ int b64len = 0;
+ unsigned char * sig = NULL;
+@@ -843,27 +850,30 @@
+ LM_ERR("error making digest string\n");
+ return 0;
+ }
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ pctx = EVP_MD_CTX_new();
++#endif
+
+- EVP_SignInit(&ctx, EVP_sha1());
++ EVP_SignInit(pctx, EVP_sha1());
+
+- EVP_SignUpdate(&ctx, digestString, strlen(digestString));
++ EVP_SignUpdate(pctx, digestString, strlen(digestString));
+
+ sig = pkg_malloc(EVP_PKEY_size(privKey_evp));
+ if(!sig)
+ {
+- EVP_MD_CTX_cleanup(&ctx);
++ EVP_MD_CTX_free(pctx);
+ LM_ERR("failed allocating memory\n");
+ return 0;
+ }
+
+- if(!EVP_SignFinal(&ctx, sig, &siglen, privKey_evp))
++ if(!EVP_SignFinal(pctx, sig, &siglen, privKey_evp))
+ {
+- EVP_MD_CTX_cleanup(&ctx);
++ EVP_MD_CTX_free(pctx);
+ pkg_free(sig);
+ LM_ERR("error calculating signature\n");
+ return 0;
+ }
+- EVP_MD_CTX_cleanup(&ctx);
++ EVP_MD_CTX_free(pctx);
+
+ /* ###Base64-encoding### */
+ /* annotation: The next few lines are based on example 7-11 of [VIE-02] */
+@@ -1138,6 +1148,10 @@
+ const unsigned char * data;
+ STACK_OF(CONF_VALUE) * val;
+ CONF_VALUE * nval;
++ int len;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ ASN1_OCTET_STRING *adata;
++#endif
+
+ if(!cert || !msg)
+ {
+@@ -1190,15 +1204,22 @@
+ LM_ERR("X509V3_EXT_get failed\n");
+ return 0;
+ }
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ adata = X509_EXTENSION_get_data(cext);
++ data = ASN1_STRING_get0_data(adata);
++ len = ASN1_STRING_length(adata);
++#else
+ data = cext->value->data;
++ len = cext->value->length;
++#endif
+ if(meth->it)
+ {
+ ext_str = ASN1_item_d2i(NULL, &data,
+- cext->value->length, ASN1_ITEM_ptr(meth->it));
++ len, ASN1_ITEM_ptr(meth->it));
+ }
+ else
+ {
+- ext_str = meth->d2i(NULL, &data, cext->value->length);
++ ext_str = meth->d2i(NULL, &data, len);
+ }
+
+ val = meth->i2v(meth, ext_str, NULL);
+@@ -1251,7 +1272,11 @@
+ int siglen = -1;
+ unsigned char * sigbuf = NULL;
+ int b64len = 0;
+- EVP_MD_CTX ctx;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ EVP_MD_CTX *pctx;
++#else
++ EVP_MD_CTX ctx, *pctx = &ctx;
++#endif
+ int result = 0;
+ char *p;
+ unsigned long err;
+@@ -1295,22 +1320,25 @@
+ p=strstr(identityHF , "=");
+ siglen-=strspn(p , "=");
+
+- EVP_VerifyInit(&ctx, EVP_sha1());
+- EVP_VerifyUpdate(&ctx, digestString, strlen(digestString));
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ pctx = EVP_MD_CTX_new();
++#endif
++ EVP_VerifyInit(pctx, EVP_sha1());
++ EVP_VerifyUpdate(pctx, digestString, strlen(digestString));
+
+ pubkey = X509_get_pubkey(cert);
+ if(!pubkey)
+ {
+- EVP_MD_CTX_cleanup(&ctx);
++ EVP_MD_CTX_free(pctx);
+ pkg_free(sigbuf);
+ LM_ERR("error reading pubkey from cert\n");
+ return 0;
+ }
+
+- result = EVP_VerifyFinal(&ctx, sigbuf, siglen, pubkey);
++ result = EVP_VerifyFinal(pctx, sigbuf, siglen, pubkey);
+
+ EVP_PKEY_free(pubkey);
+- EVP_MD_CTX_cleanup(&ctx);
++ EVP_MD_CTX_free(pctx);
+ pkg_free(sigbuf);
+
+ switch(result)
+@@ -1715,8 +1743,9 @@
+ {
+ if (!ok)
+ {
++ int err = X509_STORE_CTX_get_error(stor);
+ LM_INFO("certificate validation failed: %s\n",
+- X509_verify_cert_error_string(stor->error));
++ X509_verify_cert_error_string(err));
+ }
+
+ return ok;
More information about the arch-commits
mailing list