[arch-commits] Commit in pgbouncer/repos (16 files)

Levente Polyak anthraxx at archlinux.org
Tue Jun 13 21:29:57 UTC 2017


    Date: Tuesday, June 13, 2017 @ 21:29:57
  Author: anthraxx
Revision: 298782

archrelease: copy trunk to staging-i686, staging-x86_64

Added:
  pgbouncer/repos/staging-i686/
  pgbouncer/repos/staging-i686/PKGBUILD
    (from rev 298781, pgbouncer/trunk/PKGBUILD)
  pgbouncer/repos/staging-i686/pgbouncer.ini
    (from rev 298781, pgbouncer/trunk/pgbouncer.ini)
  pgbouncer/repos/staging-i686/pgbouncer.install
    (from rev 298781, pgbouncer/trunk/pgbouncer.install)
  pgbouncer/repos/staging-i686/pgbouncer.logrotate
    (from rev 298781, pgbouncer/trunk/pgbouncer.logrotate)
  pgbouncer/repos/staging-i686/pgbouncer.service
    (from rev 298781, pgbouncer/trunk/pgbouncer.service)
  pgbouncer/repos/staging-i686/pgbouncer.tmpfiles.conf
    (from rev 298781, pgbouncer/trunk/pgbouncer.tmpfiles.conf)
  pgbouncer/repos/staging-i686/usual-openssl.patch
    (from rev 298781, pgbouncer/trunk/usual-openssl.patch)
  pgbouncer/repos/staging-x86_64/
  pgbouncer/repos/staging-x86_64/PKGBUILD
    (from rev 298781, pgbouncer/trunk/PKGBUILD)
  pgbouncer/repos/staging-x86_64/pgbouncer.ini
    (from rev 298781, pgbouncer/trunk/pgbouncer.ini)
  pgbouncer/repos/staging-x86_64/pgbouncer.install
    (from rev 298781, pgbouncer/trunk/pgbouncer.install)
  pgbouncer/repos/staging-x86_64/pgbouncer.logrotate
    (from rev 298781, pgbouncer/trunk/pgbouncer.logrotate)
  pgbouncer/repos/staging-x86_64/pgbouncer.service
    (from rev 298781, pgbouncer/trunk/pgbouncer.service)
  pgbouncer/repos/staging-x86_64/pgbouncer.tmpfiles.conf
    (from rev 298781, pgbouncer/trunk/pgbouncer.tmpfiles.conf)
  pgbouncer/repos/staging-x86_64/usual-openssl.patch
    (from rev 298781, pgbouncer/trunk/usual-openssl.patch)

----------------------------------------+
 staging-i686/PKGBUILD                  |   49 ++++++
 staging-i686/pgbouncer.ini             |   52 ++++++
 staging-i686/pgbouncer.install         |   25 +++
 staging-i686/pgbouncer.logrotate       |    8 +
 staging-i686/pgbouncer.service         |   11 +
 staging-i686/pgbouncer.tmpfiles.conf   |    1 
 staging-i686/usual-openssl.patch       |  242 +++++++++++++++++++++++++++++++
 staging-x86_64/PKGBUILD                |   49 ++++++
 staging-x86_64/pgbouncer.ini           |   52 ++++++
 staging-x86_64/pgbouncer.install       |   25 +++
 staging-x86_64/pgbouncer.logrotate     |    8 +
 staging-x86_64/pgbouncer.service       |   11 +
 staging-x86_64/pgbouncer.tmpfiles.conf |    1 
 staging-x86_64/usual-openssl.patch     |  242 +++++++++++++++++++++++++++++++
 14 files changed, 776 insertions(+)

Copied: pgbouncer/repos/staging-i686/PKGBUILD (from rev 298781, pgbouncer/trunk/PKGBUILD)
===================================================================
--- staging-i686/PKGBUILD	                        (rev 0)
+++ staging-i686/PKGBUILD	2017-06-13 21:29:57 UTC (rev 298782)
@@ -0,0 +1,49 @@
+# Maintainer: Dan McGee <dan at archlinux.org>
+
+pkgname=pgbouncer
+pkgver=1.7.2
+pkgrel=3
+pkgdesc="A lightweight connection pooler for PostgreSQL"
+arch=('i686' 'x86_64')
+url="https://wiki.postgresql.org/wiki/PgBouncer"
+license=('BSD')
+depends=('libevent>=2.0' 'c-ares' 'systemd')
+makedepends=('asciidoc' 'xmlto')
+backup=('etc/pgbouncer/pgbouncer.ini' 'etc/logrotate.d/pgbouncer')
+install=$pkgname.install
+source=("https://pgbouncer.github.io/downloads/files/$pkgver/$pkgname-$pkgver.tar.gz"
+        pgbouncer.ini
+        pgbouncer.logrotate
+        pgbouncer.service
+        pgbouncer.tmpfiles.conf
+        usual-openssl.patch)
+sha256sums=('de36b318fe4a2f20a5f60d1c5ea62c1ca331f6813d2c484866ecb59265a160ba'
+            '4f30e4a3eb76acdd233ebc7dd099dff6976299ba958e40a8429b74112e804b05'
+            '8da38746d9c9dfc2433a8cfe22fdaf517e14492672d09e3c48cd4745fc03e9bd'
+            '274a3d447c151323f2d297aae881ec69be1477f16e30b0bba469afe68c2d122a'
+            '476ea0400ba063e932a58f1f49ae401d65b22add521894872c09ec6985e0960d'
+            '46d2d1c421ccd9893af4f6fde28d796b7910d2385efd3e27cca118d8e484ca7b')
+
+prepare() {
+  cd "$srcdir/$pkgname-$pkgver/lib"
+  patch -Np1 -i ../../usual-openssl.patch
+}
+
+build() {
+  cd "$srcdir/$pkgname-$pkgver"
+  ./configure --prefix=/usr --disable-debug
+  make
+}
+
+package() {
+  cd "$srcdir/$pkgname-$pkgver"
+  make DESTDIR="$pkgdir/" install
+  install -D -m644 COPYRIGHT "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+  install -D -m644 ../pgbouncer.ini "$pkgdir/etc/pgbouncer/pgbouncer.ini"
+  install -D -m644 ../pgbouncer.logrotate "$pkgdir/etc/logrotate.d/pgbouncer"
+  install -D -m644 ../pgbouncer.service "$pkgdir/usr/lib/systemd/system/pgbouncer.service"
+  install -D -m644 ../pgbouncer.tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/pgbouncer.conf"
+  mkdir -p "$pkgdir/var/log/pgbouncer"
+}
+
+# vim:set ts=2 sw=2 et:

Copied: pgbouncer/repos/staging-i686/pgbouncer.ini (from rev 298781, pgbouncer/trunk/pgbouncer.ini)
===================================================================
--- staging-i686/pgbouncer.ini	                        (rev 0)
+++ staging-i686/pgbouncer.ini	2017-06-13 21:29:57 UTC (rev 298782)
@@ -0,0 +1,52 @@
+[pgbouncer]
+logfile = /var/log/pgbouncer/pgbouncer.log
+pidfile = /run/pgbouncer/pgbouncer.pid
+
+;; ip address or * which means all ip-s
+;listen_addr = 127.0.0.1
+;listen_port = 6432
+
+unix_socket_dir = /run/postgresql
+unix_socket_mode = 0777
+
+; any, trust, plain, crypt, md5
+auth_type = trust
+auth_file = /etc/pgbouncer/userlist.txt
+
+; comma-separated list of users, who are allowed to change settings
+admin_users = postgres
+
+; comma-separated list of users who are just allowed to use SHOW command
+stats_users = stats, postgres
+
+; total number of clients that can connect
+max_client_conn = 100
+
+; default pool size.  20 is good number when transaction pooling
+; is in use, in session pooling it needs to be the number of
+; max clients you want to handle at any moment
+default_pool_size = 20
+
+
+;; database name = connect string
+;;
+;; connect string params:
+;;   dbname= host= port= user= password=
+;;   client_encoding= datestyle= timezone=
+;;   pool_size= connect_query=
+[databases]
+
+; foodb over unix socket
+;foodb =
+
+; redirect bardb to bazdb on localhost
+;bardb = host=localhost dbname=bazdb
+
+; acceess to dest database will go with single user
+;forcedb = host=127.0.0.1 port=300 user=baz password=foo client_encoding=UNICODE datestyle=ISO connect_query='SELECT 1'
+
+; use custom pool sizes
+;nondefaultdb = pool_size=50 reserve_pool=10
+
+; fallback connect string
+;* = host=testserver

Copied: pgbouncer/repos/staging-i686/pgbouncer.install (from rev 298781, pgbouncer/trunk/pgbouncer.install)
===================================================================
--- staging-i686/pgbouncer.install	                        (rev 0)
+++ staging-i686/pgbouncer.install	2017-06-13 21:29:57 UTC (rev 298782)
@@ -0,0 +1,25 @@
+post_install() {
+  if [ ! -d '/var/lib/postgres' ]; then
+    mkdir -p '/var/lib/postgres'
+  fi
+  if ! getent group postgres >/dev/null; then
+    groupadd -g 88 postgres
+  fi
+  if ! getent passwd postgres >/dev/null; then
+    useradd -c 'PostgreSQL user' -u 88 -g postgres -d '/var/lib/postgres' -s /bin/bash postgres
+    passwd -l postgres >/dev/null
+  fi
+  if ! getent group pgbouncer >/dev/null; then
+    groupadd -r pgbouncer
+  fi
+  if ! getent passwd pgbouncer >/dev/null; then
+    useradd -c 'PGBouncer user' -r -g pgbouncer -d '/etc/pgbouncer' -s /bin/bash pgbouncer
+    passwd -l pgbouncer >/dev/null
+  fi
+  chown pgbouncer:pgbouncer /var/log/pgbouncer
+  gpasswd -a pgbouncer postgres
+}
+
+post_upgrade() {
+  post_install $1
+}

Copied: pgbouncer/repos/staging-i686/pgbouncer.logrotate (from rev 298781, pgbouncer/trunk/pgbouncer.logrotate)
===================================================================
--- staging-i686/pgbouncer.logrotate	                        (rev 0)
+++ staging-i686/pgbouncer.logrotate	2017-06-13 21:29:57 UTC (rev 298782)
@@ -0,0 +1,8 @@
+/var/log/pgbouncer/pgbouncer.log {
+   copytruncate
+   missingok
+   notifempty
+   postrotate
+      /bin/kill -HUP $(cat /run/pgbouncer/pgbouncer.pid 2>/dev/null) 2> /dev/null || true
+   endscript
+}

Copied: pgbouncer/repos/staging-i686/pgbouncer.service (from rev 298781, pgbouncer/trunk/pgbouncer.service)
===================================================================
--- staging-i686/pgbouncer.service	                        (rev 0)
+++ staging-i686/pgbouncer.service	2017-06-13 21:29:57 UTC (rev 298782)
@@ -0,0 +1,11 @@
+[Unit]
+Description=A lightweight connection pooler for PostgreSQL
+After=network.target
+
+[Service]
+User=pgbouncer
+ExecStart=/usr/bin/pgbouncer /etc/pgbouncer/pgbouncer.ini
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target

Copied: pgbouncer/repos/staging-i686/pgbouncer.tmpfiles.conf (from rev 298781, pgbouncer/trunk/pgbouncer.tmpfiles.conf)
===================================================================
--- staging-i686/pgbouncer.tmpfiles.conf	                        (rev 0)
+++ staging-i686/pgbouncer.tmpfiles.conf	2017-06-13 21:29:57 UTC (rev 298782)
@@ -0,0 +1 @@
+d /run/pgbouncer  0755 pgbouncer pgbouncer -

Copied: pgbouncer/repos/staging-i686/usual-openssl.patch (from rev 298781, pgbouncer/trunk/usual-openssl.patch)
===================================================================
--- staging-i686/usual-openssl.patch	                        (rev 0)
+++ staging-i686/usual-openssl.patch	2017-06-13 21:29:57 UTC (rev 298782)
@@ -0,0 +1,242 @@
+From 0e56f729d74e4af6c19fe60f6e2b47f5e717dcac Mon Sep 17 00:00:00 2001
+From: Marko Kreen <markokr at gmail.com>
+Date: Tue, 6 Dec 2016 20:05:17 +0200
+Subject: [PATCH] tls: additional openssl 1.1 compat
+
+Fixes: #15
+---
+ test/connect-tls.c     |  2 +-
+ usual/tls/tls.c        |  2 ++
+ usual/tls/tls_cert.c   | 12 ++++++------
+ usual/tls/tls_compat.h | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ usual/tls/tls_ocsp.c   | 28 +++++++++++++++++-----------
+ usual/tls/tls_util.c   |  2 +-
+ usual/tls/tls_verify.c |  8 ++++----
+ 7 files changed, 76 insertions(+), 23 deletions(-)
+
+diff --git a/usual/tls/tls.c b/usual/tls/tls.c
+index 3377cb4..1843e44 100644
+--- a/usual/tls/tls.c
++++ b/usual/tls/tls.c
+@@ -67,7 +67,9 @@ tls_deinit(void)
+ 		CRYPTO_cleanup_all_ex_data();
+ 		BIO_sock_cleanup();
+ 		ERR_clear_error();
++#ifdef USE_LIBSSL_INTERNALS
+ 		ERR_remove_thread_state(NULL);
++#endif
+ 		ERR_free_strings();
+ 
+ 		tls_initialised = 0;
+diff --git a/usual/tls/tls_cert.c b/usual/tls/tls_cert.c
+index ca6668a..9a81e2f 100644
+--- a/usual/tls/tls_cert.c
++++ b/usual/tls/tls_cert.c
+@@ -86,7 +86,7 @@ tls_parse_bigint(struct tls *ctx, const ASN1_INTEGER *asn1int, const char **dst_
+  */
+ 
+ static int
+-check_invalid_bytes(struct tls *ctx, unsigned char *data, unsigned int len,
++check_invalid_bytes(struct tls *ctx, const unsigned char *data, unsigned int len,
+ 		    int ascii_only, const char *desc)
+ {
+ 	unsigned int i, c;
+@@ -125,7 +125,7 @@ static int
+ tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, int minchars, int maxchars, const char *desc)
+ {
+ 	int format, len, ret = -1;
+-	unsigned char *data;
++	const unsigned char *data;
+ 	ASN1_STRING *a1utf = NULL;
+ 	int ascii_only = 0;
+ 	char *cstr = NULL;
+@@ -134,7 +134,7 @@ tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, in
+ 	*dst_p = NULL;
+ 
+ 	format = ASN1_STRING_type(a1str);
+-	data = ASN1_STRING_data(a1str);
++	data = ASN1_STRING_get0_data(a1str);
+ 	len = ASN1_STRING_length(a1str);
+ 	if (len < minchars) {
+ 		tls_set_errorx(ctx, "invalid %s: string too short", desc);
+@@ -188,7 +188,7 @@ tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, in
+ 			tls_set_errorx(ctx, "multibyte conversion failed: expected UTF8 result");
+ 			goto failed;
+ 		}
+-		data = ASN1_STRING_data(a1utf);
++		data = ASN1_STRING_get0_data(a1utf);
+ 		len = ASN1_STRING_length(a1utf);
+ 	}
+ 
+@@ -275,12 +275,12 @@ static int
+ tls_load_alt_ipaddr(struct tls *ctx, ASN1_OCTET_STRING *bin, struct tls_cert *cert)
+ {
+ 	struct tls_cert_general_name *slot;
+-	void *data;
++	const void *data;
+ 	int len;
+ 
+ 	slot = &cert->subject_alt_names[cert->subject_alt_name_count];
+ 	len = ASN1_STRING_length(bin);
+-	data = ASN1_STRING_data(bin);
++	data = ASN1_STRING_get0_data(bin);
+ 	if (len < 0) {
+ 		tls_set_errorx(ctx, "negative length for ipaddress");
+ 		return -1;
+diff --git a/usual/tls/tls_compat.h b/usual/tls/tls_compat.h
+index 40ca5cf..8305958 100644
+--- a/usual/tls/tls_compat.h
++++ b/usual/tls/tls_compat.h
+@@ -12,6 +12,7 @@
+ #include <usual/time.h>
+ 
+ #include <openssl/ssl.h>
++#include <openssl/err.h>
+ 
+ /* OpenSSL 1.1+ has hidden struct fields */
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+@@ -21,6 +22,50 @@
+ #define X509_get_key_usage(x509) ((x509)->ex_kusage)
+ #define X509_get_extended_key_usage(x509) ((x509)->ex_xkusage)
+ #define SSL_CTX_get0_param(ssl_ctx) ((ssl_ctx)->param)
++#define ASN1_STRING_get0_data(x) ((const unsigned char*)ASN1_STRING_data(x))
++#define X509_OBJECT_get0_X509(x) ((x)->data.x509)
++
++#ifndef OPENSSL_VERSION
++#define OPENSSL_VERSION SSLEAY_VERSION
++#define OpenSSL_version(x) SSLeay_version(x)
++#endif
++
++static inline X509_OBJECT *X509_OBJECT_new(void)
++{
++	X509_OBJECT *obj = OPENSSL_malloc(sizeof(*obj));
++	if (obj) {
++		memset(obj, 0, sizeof(*obj));
++	} else {
++		X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
++	}
++	return obj;
++}
++
++static inline void X509_OBJECT_free(X509_OBJECT *obj)
++{
++	if (obj) {
++		if (obj->type == X509_LU_X509) {
++			X509_free(obj->data.x509);
++		} else if (obj->type == X509_LU_CRL) {
++			X509_CRL_free(obj->data.crl);
++		}
++		OPENSSL_free(obj);
++	}
++}
++
++static inline X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *ctx, int lookup, X509_NAME *name)
++{
++	X509_OBJECT *obj = X509_OBJECT_new();
++	if (obj) {
++		if (X509_STORE_get_by_subject(ctx, lookup, name, obj)) {
++			return obj;
++		}
++		X509_OBJECT_free(obj);
++	}
++	return NULL;
++}
++
++
+ #endif
+ 
+ /* ecdh_auto is broken - ignores main EC key */
+diff --git a/usual/tls/tls_ocsp.c b/usual/tls/tls_ocsp.c
+index 1e41d48..0b21e32 100644
+--- a/usual/tls/tls_ocsp.c
++++ b/usual/tls/tls_ocsp.c
+@@ -164,8 +164,8 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs, SSL_CTX *ssl_c
+ {
+ 	X509_NAME *issuer_name;
+ 	X509 *issuer;
+-	X509_STORE_CTX storectx;
+-	X509_OBJECT tmpobj;
++	X509_STORE_CTX *storectx = NULL;
++	X509_OBJECT *tmpobj;
+ 	OCSP_CERTID *cid = NULL;
+ 	X509_STORE *store;
+ 	int ok;
+@@ -182,17 +182,23 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs, SSL_CTX *ssl_c
+ 
+ 	store = SSL_CTX_get_cert_store(ssl_ctx);
+ 	if (!store)
+-		return NULL;
+-	ok = X509_STORE_CTX_init(&storectx, store, main_cert, extra_certs);
++		goto error;
++	ok = X509_STORE_CTX_init(storectx, store, main_cert, extra_certs);
+ 	if (ok != 1)
+-		return NULL;
+-	ok = X509_STORE_get_by_subject(&storectx, X509_LU_X509, issuer_name, &tmpobj);
+-	if (ok == 1) {
+-		cid = OCSP_cert_to_id(NULL, main_cert, tmpobj.data.x509);
+-		X509_free(tmpobj.data.x509);
+-	}
+-	X509_STORE_CTX_cleanup(&storectx);
++		goto error;
++
++	tmpobj = X509_STORE_CTX_get_obj_by_subject(storectx, X509_LU_X509, issuer_name);
++	if (!tmpobj)
++		goto error;
++        cid = OCSP_cert_to_id(NULL, main_cert, X509_OBJECT_get0_X509(tmpobj));
++	X509_OBJECT_free(tmpobj);
++	X509_STORE_CTX_free(storectx);
+ 	return cid;
++error:
++	if (storectx) {
++		X509_STORE_CTX_free(storectx);
++	}
++	return NULL;
+ }
+ 
+ static int
+diff --git a/usual/tls/tls_util.c b/usual/tls/tls_util.c
+index 2b91c64..823ccd1 100644
+--- a/usual/tls/tls_util.c
++++ b/usual/tls/tls_util.c
+@@ -30,7 +30,7 @@
+ const char *
+ tls_backend_version(void)
+ {
+-	return SSLeay_version(SSLEAY_VERSION);
++	return OpenSSL_version(OPENSSL_VERSION);
+ }
+ 
+ /*
+diff --git a/usual/tls/tls_verify.c b/usual/tls/tls_verify.c
+index 1c94b7c..9e5cce6 100644
+--- a/usual/tls/tls_verify.c
++++ b/usual/tls/tls_verify.c
+@@ -116,12 +116,12 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name)
+ 			continue;
+ 
+ 		if (type == GEN_DNS) {
+-			void		*data;
++			const void	*data;
+ 			int		 format, len;
+ 
+ 			format = ASN1_STRING_type(altname->d.dNSName);
+ 			if (format == V_ASN1_IA5STRING) {
+-				data = ASN1_STRING_data(altname->d.dNSName);
++				data = ASN1_STRING_get0_data(altname->d.dNSName);
+ 				len = ASN1_STRING_length(altname->d.dNSName);
+ 
+ 				if (len < 0 || len != (int)strlen(data)) {
+@@ -161,11 +161,11 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name)
+ 			}
+ 
+ 		} else if (type == GEN_IPADD) {
+-			unsigned char	*data;
++			const unsigned char *data;
+ 			int		 datalen;
+ 
+ 			datalen = ASN1_STRING_length(altname->d.iPAddress);
+-			data = ASN1_STRING_data(altname->d.iPAddress);
++			data = ASN1_STRING_get0_data(altname->d.iPAddress);
+ 
+ 			if (datalen < 0) {
+ 				tls_set_errorx(ctx,

Copied: pgbouncer/repos/staging-x86_64/PKGBUILD (from rev 298781, pgbouncer/trunk/PKGBUILD)
===================================================================
--- staging-x86_64/PKGBUILD	                        (rev 0)
+++ staging-x86_64/PKGBUILD	2017-06-13 21:29:57 UTC (rev 298782)
@@ -0,0 +1,49 @@
+# Maintainer: Dan McGee <dan at archlinux.org>
+
+pkgname=pgbouncer
+pkgver=1.7.2
+pkgrel=3
+pkgdesc="A lightweight connection pooler for PostgreSQL"
+arch=('i686' 'x86_64')
+url="https://wiki.postgresql.org/wiki/PgBouncer"
+license=('BSD')
+depends=('libevent>=2.0' 'c-ares' 'systemd')
+makedepends=('asciidoc' 'xmlto')
+backup=('etc/pgbouncer/pgbouncer.ini' 'etc/logrotate.d/pgbouncer')
+install=$pkgname.install
+source=("https://pgbouncer.github.io/downloads/files/$pkgver/$pkgname-$pkgver.tar.gz"
+        pgbouncer.ini
+        pgbouncer.logrotate
+        pgbouncer.service
+        pgbouncer.tmpfiles.conf
+        usual-openssl.patch)
+sha256sums=('de36b318fe4a2f20a5f60d1c5ea62c1ca331f6813d2c484866ecb59265a160ba'
+            '4f30e4a3eb76acdd233ebc7dd099dff6976299ba958e40a8429b74112e804b05'
+            '8da38746d9c9dfc2433a8cfe22fdaf517e14492672d09e3c48cd4745fc03e9bd'
+            '274a3d447c151323f2d297aae881ec69be1477f16e30b0bba469afe68c2d122a'
+            '476ea0400ba063e932a58f1f49ae401d65b22add521894872c09ec6985e0960d'
+            '46d2d1c421ccd9893af4f6fde28d796b7910d2385efd3e27cca118d8e484ca7b')
+
+prepare() {
+  cd "$srcdir/$pkgname-$pkgver/lib"
+  patch -Np1 -i ../../usual-openssl.patch
+}
+
+build() {
+  cd "$srcdir/$pkgname-$pkgver"
+  ./configure --prefix=/usr --disable-debug
+  make
+}
+
+package() {
+  cd "$srcdir/$pkgname-$pkgver"
+  make DESTDIR="$pkgdir/" install
+  install -D -m644 COPYRIGHT "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+  install -D -m644 ../pgbouncer.ini "$pkgdir/etc/pgbouncer/pgbouncer.ini"
+  install -D -m644 ../pgbouncer.logrotate "$pkgdir/etc/logrotate.d/pgbouncer"
+  install -D -m644 ../pgbouncer.service "$pkgdir/usr/lib/systemd/system/pgbouncer.service"
+  install -D -m644 ../pgbouncer.tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/pgbouncer.conf"
+  mkdir -p "$pkgdir/var/log/pgbouncer"
+}
+
+# vim:set ts=2 sw=2 et:

Copied: pgbouncer/repos/staging-x86_64/pgbouncer.ini (from rev 298781, pgbouncer/trunk/pgbouncer.ini)
===================================================================
--- staging-x86_64/pgbouncer.ini	                        (rev 0)
+++ staging-x86_64/pgbouncer.ini	2017-06-13 21:29:57 UTC (rev 298782)
@@ -0,0 +1,52 @@
+[pgbouncer]
+logfile = /var/log/pgbouncer/pgbouncer.log
+pidfile = /run/pgbouncer/pgbouncer.pid
+
+;; ip address or * which means all ip-s
+;listen_addr = 127.0.0.1
+;listen_port = 6432
+
+unix_socket_dir = /run/postgresql
+unix_socket_mode = 0777
+
+; any, trust, plain, crypt, md5
+auth_type = trust
+auth_file = /etc/pgbouncer/userlist.txt
+
+; comma-separated list of users, who are allowed to change settings
+admin_users = postgres
+
+; comma-separated list of users who are just allowed to use SHOW command
+stats_users = stats, postgres
+
+; total number of clients that can connect
+max_client_conn = 100
+
+; default pool size.  20 is good number when transaction pooling
+; is in use, in session pooling it needs to be the number of
+; max clients you want to handle at any moment
+default_pool_size = 20
+
+
+;; database name = connect string
+;;
+;; connect string params:
+;;   dbname= host= port= user= password=
+;;   client_encoding= datestyle= timezone=
+;;   pool_size= connect_query=
+[databases]
+
+; foodb over unix socket
+;foodb =
+
+; redirect bardb to bazdb on localhost
+;bardb = host=localhost dbname=bazdb
+
+; acceess to dest database will go with single user
+;forcedb = host=127.0.0.1 port=300 user=baz password=foo client_encoding=UNICODE datestyle=ISO connect_query='SELECT 1'
+
+; use custom pool sizes
+;nondefaultdb = pool_size=50 reserve_pool=10
+
+; fallback connect string
+;* = host=testserver

Copied: pgbouncer/repos/staging-x86_64/pgbouncer.install (from rev 298781, pgbouncer/trunk/pgbouncer.install)
===================================================================
--- staging-x86_64/pgbouncer.install	                        (rev 0)
+++ staging-x86_64/pgbouncer.install	2017-06-13 21:29:57 UTC (rev 298782)
@@ -0,0 +1,25 @@
+post_install() {
+  if [ ! -d '/var/lib/postgres' ]; then
+    mkdir -p '/var/lib/postgres'
+  fi
+  if ! getent group postgres >/dev/null; then
+    groupadd -g 88 postgres
+  fi
+  if ! getent passwd postgres >/dev/null; then
+    useradd -c 'PostgreSQL user' -u 88 -g postgres -d '/var/lib/postgres' -s /bin/bash postgres
+    passwd -l postgres >/dev/null
+  fi
+  if ! getent group pgbouncer >/dev/null; then
+    groupadd -r pgbouncer
+  fi
+  if ! getent passwd pgbouncer >/dev/null; then
+    useradd -c 'PGBouncer user' -r -g pgbouncer -d '/etc/pgbouncer' -s /bin/bash pgbouncer
+    passwd -l pgbouncer >/dev/null
+  fi
+  chown pgbouncer:pgbouncer /var/log/pgbouncer
+  gpasswd -a pgbouncer postgres
+}
+
+post_upgrade() {
+  post_install $1
+}

Copied: pgbouncer/repos/staging-x86_64/pgbouncer.logrotate (from rev 298781, pgbouncer/trunk/pgbouncer.logrotate)
===================================================================
--- staging-x86_64/pgbouncer.logrotate	                        (rev 0)
+++ staging-x86_64/pgbouncer.logrotate	2017-06-13 21:29:57 UTC (rev 298782)
@@ -0,0 +1,8 @@
+/var/log/pgbouncer/pgbouncer.log {
+   copytruncate
+   missingok
+   notifempty
+   postrotate
+      /bin/kill -HUP $(cat /run/pgbouncer/pgbouncer.pid 2>/dev/null) 2> /dev/null || true
+   endscript
+}

Copied: pgbouncer/repos/staging-x86_64/pgbouncer.service (from rev 298781, pgbouncer/trunk/pgbouncer.service)
===================================================================
--- staging-x86_64/pgbouncer.service	                        (rev 0)
+++ staging-x86_64/pgbouncer.service	2017-06-13 21:29:57 UTC (rev 298782)
@@ -0,0 +1,11 @@
+[Unit]
+Description=A lightweight connection pooler for PostgreSQL
+After=network.target
+
+[Service]
+User=pgbouncer
+ExecStart=/usr/bin/pgbouncer /etc/pgbouncer/pgbouncer.ini
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target

Copied: pgbouncer/repos/staging-x86_64/pgbouncer.tmpfiles.conf (from rev 298781, pgbouncer/trunk/pgbouncer.tmpfiles.conf)
===================================================================
--- staging-x86_64/pgbouncer.tmpfiles.conf	                        (rev 0)
+++ staging-x86_64/pgbouncer.tmpfiles.conf	2017-06-13 21:29:57 UTC (rev 298782)
@@ -0,0 +1 @@
+d /run/pgbouncer  0755 pgbouncer pgbouncer -

Copied: pgbouncer/repos/staging-x86_64/usual-openssl.patch (from rev 298781, pgbouncer/trunk/usual-openssl.patch)
===================================================================
--- staging-x86_64/usual-openssl.patch	                        (rev 0)
+++ staging-x86_64/usual-openssl.patch	2017-06-13 21:29:57 UTC (rev 298782)
@@ -0,0 +1,242 @@
+From 0e56f729d74e4af6c19fe60f6e2b47f5e717dcac Mon Sep 17 00:00:00 2001
+From: Marko Kreen <markokr at gmail.com>
+Date: Tue, 6 Dec 2016 20:05:17 +0200
+Subject: [PATCH] tls: additional openssl 1.1 compat
+
+Fixes: #15
+---
+ test/connect-tls.c     |  2 +-
+ usual/tls/tls.c        |  2 ++
+ usual/tls/tls_cert.c   | 12 ++++++------
+ usual/tls/tls_compat.h | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ usual/tls/tls_ocsp.c   | 28 +++++++++++++++++-----------
+ usual/tls/tls_util.c   |  2 +-
+ usual/tls/tls_verify.c |  8 ++++----
+ 7 files changed, 76 insertions(+), 23 deletions(-)
+
+diff --git a/usual/tls/tls.c b/usual/tls/tls.c
+index 3377cb4..1843e44 100644
+--- a/usual/tls/tls.c
++++ b/usual/tls/tls.c
+@@ -67,7 +67,9 @@ tls_deinit(void)
+ 		CRYPTO_cleanup_all_ex_data();
+ 		BIO_sock_cleanup();
+ 		ERR_clear_error();
++#ifdef USE_LIBSSL_INTERNALS
+ 		ERR_remove_thread_state(NULL);
++#endif
+ 		ERR_free_strings();
+ 
+ 		tls_initialised = 0;
+diff --git a/usual/tls/tls_cert.c b/usual/tls/tls_cert.c
+index ca6668a..9a81e2f 100644
+--- a/usual/tls/tls_cert.c
++++ b/usual/tls/tls_cert.c
+@@ -86,7 +86,7 @@ tls_parse_bigint(struct tls *ctx, const ASN1_INTEGER *asn1int, const char **dst_
+  */
+ 
+ static int
+-check_invalid_bytes(struct tls *ctx, unsigned char *data, unsigned int len,
++check_invalid_bytes(struct tls *ctx, const unsigned char *data, unsigned int len,
+ 		    int ascii_only, const char *desc)
+ {
+ 	unsigned int i, c;
+@@ -125,7 +125,7 @@ static int
+ tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, int minchars, int maxchars, const char *desc)
+ {
+ 	int format, len, ret = -1;
+-	unsigned char *data;
++	const unsigned char *data;
+ 	ASN1_STRING *a1utf = NULL;
+ 	int ascii_only = 0;
+ 	char *cstr = NULL;
+@@ -134,7 +134,7 @@ tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, in
+ 	*dst_p = NULL;
+ 
+ 	format = ASN1_STRING_type(a1str);
+-	data = ASN1_STRING_data(a1str);
++	data = ASN1_STRING_get0_data(a1str);
+ 	len = ASN1_STRING_length(a1str);
+ 	if (len < minchars) {
+ 		tls_set_errorx(ctx, "invalid %s: string too short", desc);
+@@ -188,7 +188,7 @@ tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, in
+ 			tls_set_errorx(ctx, "multibyte conversion failed: expected UTF8 result");
+ 			goto failed;
+ 		}
+-		data = ASN1_STRING_data(a1utf);
++		data = ASN1_STRING_get0_data(a1utf);
+ 		len = ASN1_STRING_length(a1utf);
+ 	}
+ 
+@@ -275,12 +275,12 @@ static int
+ tls_load_alt_ipaddr(struct tls *ctx, ASN1_OCTET_STRING *bin, struct tls_cert *cert)
+ {
+ 	struct tls_cert_general_name *slot;
+-	void *data;
++	const void *data;
+ 	int len;
+ 
+ 	slot = &cert->subject_alt_names[cert->subject_alt_name_count];
+ 	len = ASN1_STRING_length(bin);
+-	data = ASN1_STRING_data(bin);
++	data = ASN1_STRING_get0_data(bin);
+ 	if (len < 0) {
+ 		tls_set_errorx(ctx, "negative length for ipaddress");
+ 		return -1;
+diff --git a/usual/tls/tls_compat.h b/usual/tls/tls_compat.h
+index 40ca5cf..8305958 100644
+--- a/usual/tls/tls_compat.h
++++ b/usual/tls/tls_compat.h
+@@ -12,6 +12,7 @@
+ #include <usual/time.h>
+ 
+ #include <openssl/ssl.h>
++#include <openssl/err.h>
+ 
+ /* OpenSSL 1.1+ has hidden struct fields */
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+@@ -21,6 +22,50 @@
+ #define X509_get_key_usage(x509) ((x509)->ex_kusage)
+ #define X509_get_extended_key_usage(x509) ((x509)->ex_xkusage)
+ #define SSL_CTX_get0_param(ssl_ctx) ((ssl_ctx)->param)
++#define ASN1_STRING_get0_data(x) ((const unsigned char*)ASN1_STRING_data(x))
++#define X509_OBJECT_get0_X509(x) ((x)->data.x509)
++
++#ifndef OPENSSL_VERSION
++#define OPENSSL_VERSION SSLEAY_VERSION
++#define OpenSSL_version(x) SSLeay_version(x)
++#endif
++
++static inline X509_OBJECT *X509_OBJECT_new(void)
++{
++	X509_OBJECT *obj = OPENSSL_malloc(sizeof(*obj));
++	if (obj) {
++		memset(obj, 0, sizeof(*obj));
++	} else {
++		X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
++	}
++	return obj;
++}
++
++static inline void X509_OBJECT_free(X509_OBJECT *obj)
++{
++	if (obj) {
++		if (obj->type == X509_LU_X509) {
++			X509_free(obj->data.x509);
++		} else if (obj->type == X509_LU_CRL) {
++			X509_CRL_free(obj->data.crl);
++		}
++		OPENSSL_free(obj);
++	}
++}
++
++static inline X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *ctx, int lookup, X509_NAME *name)
++{
++	X509_OBJECT *obj = X509_OBJECT_new();
++	if (obj) {
++		if (X509_STORE_get_by_subject(ctx, lookup, name, obj)) {
++			return obj;
++		}
++		X509_OBJECT_free(obj);
++	}
++	return NULL;
++}
++
++
+ #endif
+ 
+ /* ecdh_auto is broken - ignores main EC key */
+diff --git a/usual/tls/tls_ocsp.c b/usual/tls/tls_ocsp.c
+index 1e41d48..0b21e32 100644
+--- a/usual/tls/tls_ocsp.c
++++ b/usual/tls/tls_ocsp.c
+@@ -164,8 +164,8 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs, SSL_CTX *ssl_c
+ {
+ 	X509_NAME *issuer_name;
+ 	X509 *issuer;
+-	X509_STORE_CTX storectx;
+-	X509_OBJECT tmpobj;
++	X509_STORE_CTX *storectx = NULL;
++	X509_OBJECT *tmpobj;
+ 	OCSP_CERTID *cid = NULL;
+ 	X509_STORE *store;
+ 	int ok;
+@@ -182,17 +182,23 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs, SSL_CTX *ssl_c
+ 
+ 	store = SSL_CTX_get_cert_store(ssl_ctx);
+ 	if (!store)
+-		return NULL;
+-	ok = X509_STORE_CTX_init(&storectx, store, main_cert, extra_certs);
++		goto error;
++	ok = X509_STORE_CTX_init(storectx, store, main_cert, extra_certs);
+ 	if (ok != 1)
+-		return NULL;
+-	ok = X509_STORE_get_by_subject(&storectx, X509_LU_X509, issuer_name, &tmpobj);
+-	if (ok == 1) {
+-		cid = OCSP_cert_to_id(NULL, main_cert, tmpobj.data.x509);
+-		X509_free(tmpobj.data.x509);
+-	}
+-	X509_STORE_CTX_cleanup(&storectx);
++		goto error;
++
++	tmpobj = X509_STORE_CTX_get_obj_by_subject(storectx, X509_LU_X509, issuer_name);
++	if (!tmpobj)
++		goto error;
++        cid = OCSP_cert_to_id(NULL, main_cert, X509_OBJECT_get0_X509(tmpobj));
++	X509_OBJECT_free(tmpobj);
++	X509_STORE_CTX_free(storectx);
+ 	return cid;
++error:
++	if (storectx) {
++		X509_STORE_CTX_free(storectx);
++	}
++	return NULL;
+ }
+ 
+ static int
+diff --git a/usual/tls/tls_util.c b/usual/tls/tls_util.c
+index 2b91c64..823ccd1 100644
+--- a/usual/tls/tls_util.c
++++ b/usual/tls/tls_util.c
+@@ -30,7 +30,7 @@
+ const char *
+ tls_backend_version(void)
+ {
+-	return SSLeay_version(SSLEAY_VERSION);
++	return OpenSSL_version(OPENSSL_VERSION);
+ }
+ 
+ /*
+diff --git a/usual/tls/tls_verify.c b/usual/tls/tls_verify.c
+index 1c94b7c..9e5cce6 100644
+--- a/usual/tls/tls_verify.c
++++ b/usual/tls/tls_verify.c
+@@ -116,12 +116,12 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name)
+ 			continue;
+ 
+ 		if (type == GEN_DNS) {
+-			void		*data;
++			const void	*data;
+ 			int		 format, len;
+ 
+ 			format = ASN1_STRING_type(altname->d.dNSName);
+ 			if (format == V_ASN1_IA5STRING) {
+-				data = ASN1_STRING_data(altname->d.dNSName);
++				data = ASN1_STRING_get0_data(altname->d.dNSName);
+ 				len = ASN1_STRING_length(altname->d.dNSName);
+ 
+ 				if (len < 0 || len != (int)strlen(data)) {
+@@ -161,11 +161,11 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name)
+ 			}
+ 
+ 		} else if (type == GEN_IPADD) {
+-			unsigned char	*data;
++			const unsigned char *data;
+ 			int		 datalen;
+ 
+ 			datalen = ASN1_STRING_length(altname->d.iPAddress);
+-			data = ASN1_STRING_data(altname->d.iPAddress);
++			data = ASN1_STRING_get0_data(altname->d.iPAddress);
+ 
+ 			if (datalen < 0) {
+ 				tls_set_errorx(ctx,



More information about the arch-commits mailing list