[arch-commits] Commit in uwsgi/trunk (2 files)
Sven-Hendrik Haase
svenstaro at archlinux.org
Tue Mar 21 01:36:16 UTC 2017
Date: Tuesday, March 21, 2017 @ 01:36:15
Author: svenstaro
Revision: 217916
upgpkg: uwsgi 2.0.14-9
openssl 1.1 rebuild
Added:
uwsgi/trunk/openssl-1.1-4b1659c8bd0b945a1a48f7c6ac62291be3bf8bc8.patch
Modified:
uwsgi/trunk/PKGBUILD
------------------------------------------------------------+
PKGBUILD | 12
openssl-1.1-4b1659c8bd0b945a1a48f7c6ac62291be3bf8bc8.patch | 201 +++++++++++
2 files changed, 209 insertions(+), 4 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-03-21 00:46:35 UTC (rev 217915)
+++ PKGBUILD 2017-03-21 01:36:15 UTC (rev 217916)
@@ -22,7 +22,7 @@
uwsgi-plugin-webdav
mod_proxy_uwsgi)
pkgver=2.0.14
-pkgrel=8
+pkgrel=9
arch=(i686 x86_64)
url="http://projects.unbit.it/$pkgbase"
license=(GPL2)
@@ -44,7 +44,8 @@
emperor.ini
emperor.uwsgi.service
emperor.uwsgi.socket
- uwsgi.logrotate)
+ uwsgi.logrotate
+ openssl-1.1-4b1659c8bd0b945a1a48f7c6ac62291be3bf8bc8.patch)
sha512sums=('cf557ba27cb1c28e784e8909043bca874cd56846aa9ebaf1ff229191ad20484e467147a6ea7cc629399d4afd6e4ac4479b2f6827729df04321eef4bf842b9e42'
'68eef703de39cb336915e1e9c36b11c65c2d46482407b0234ca245df0e052952abb7dd85b0a1cd4507c78356a3b7a55424524b3aa0997b559b51e7b20eab5e16'
'acfe9fb089d1905c3d736dbeaaef7eb1848b4ce8d1f585de653086cf7f90c166a1e493d0b62ba030a4bcf2eca9c919e0d6deea2ea1c0bcb8533d7cb040d2f67c'
@@ -57,12 +58,13 @@
'41cc29ea14ca87749959379ead773d9a3a499c6bc7be17800e06e33c998a929ae855c9ad0fe2039e26a034c24d2845833945333442b98d7c6f0924aa2a036b1b'
'83a6859d729bf186236aaa7fb7433415f6b985f17e05b7ac571d8919bbf1fb9bd577b4f673d9787dea09752e3d8043f47ce3d9c7d5690faaa1365e477e6c9388'
'592c85270f43b37e9c51aae126533830515b96fff9fcae969ee865fe173bd0550c7729530d5ff1e44ffee43cd5c78c96688ce091c677a4196379e24983c0180e'
- 'f7f6f4a6e55ba770022dca068723be8fabe50074ea34384ddb3d876f96d279d0890c7d8d624b3cfe62be43e1eab588e072bd4bb3d3d1cd4ef966b317461b80c5')
+ 'f7f6f4a6e55ba770022dca068723be8fabe50074ea34384ddb3d876f96d279d0890c7d8d624b3cfe62be43e1eab588e072bd4bb3d3d1cd4ef966b317461b80c5'
+ '9985fca2c458d27b49db237628149cabfc9ac589df595eeb5540ef691bc4d3cc5dd73e98956b1e0f139222eba8a1c23d2d8c82473cb3eee64159dc47f4684534')
prepare() {
cd $srcdir/$pkgbase-$pkgver
cp $srcdir/archlinux.ini buildconf/archlinux.ini
- for patch in uwsgi_ruby20_compatibility.patch uwsgi_trick_chroot.patch uwsgi_php_7.1.patch; do
+ for patch in uwsgi_ruby20_compatibility.patch uwsgi_trick_chroot.patch uwsgi_php_7.1.patch openssl-1.1-4b1659c8bd0b945a1a48f7c6ac62291be3bf8bc8.patch; do
msg2 "Applying $patch"
patch -Np1 -i $srcdir/$patch
done
@@ -70,6 +72,8 @@
mv plugins/ruby{19,}
sed -i 's:\(ruby\)19:\1:' plugins/ruby/uwsgiplugin.py
+ sed -i 's/--cflags mono-2/--cflags mono-2 glib-2.0/g' plugins/mono/uwsgiplugin.py
+
cp $srcdir/uwsgiplugin.py plugins/systemd_logger/uwsgiplugin.py
}
Added: openssl-1.1-4b1659c8bd0b945a1a48f7c6ac62291be3bf8bc8.patch
===================================================================
--- openssl-1.1-4b1659c8bd0b945a1a48f7c6ac62291be3bf8bc8.patch (rev 0)
+++ openssl-1.1-4b1659c8bd0b945a1a48f7c6ac62291be3bf8bc8.patch 2017-03-21 01:36:15 UTC (rev 217916)
@@ -0,0 +1,201 @@
+From 4b1659c8bd0b945a1a48f7c6ac62291be3bf8bc8 Mon Sep 17 00:00:00 2001
+From: Riccardo Magliocchetti <riccardo.magliocchetti at gmail.com>
+Date: Sun, 6 Nov 2016 14:36:32 +0100
+Subject: [PATCH] Cope with openssl 1.1 API changes
+
+Since OpenSSL 1.1.0 made some structs opaque and this we cannot
+poke with the internals anymore. Because of that we have to
+disable the ssl session cache.
+
+Ref #1395
+---
+ core/legion.c | 8 ++++++++
+ core/ssl.c | 14 ++++++++++++--
+ core/uwsgi.c | 2 ++
+ plugins/http/spdy3.c | 2 ++
+ plugins/logcrypto/logcrypto.c | 4 ++++
+ uwsgi.h | 8 ++++++--
+ 6 files changed, 34 insertions(+), 4 deletions(-)
+
+diff --git a/core/legion.c b/core/legion.c
+index da24158..c2bff5a 100644
+--- a/core/legion.c
++++ b/core/legion.c
+@@ -1074,8 +1074,12 @@ struct uwsgi_legion *uwsgi_legion_register(char *legion, char *addr, char *valor
+ uwsgi_ssl_init();
+ }
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_CIPHER_CTX *ctx = uwsgi_malloc(sizeof(EVP_CIPHER_CTX));
+ EVP_CIPHER_CTX_init(ctx);
++#else
++ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
++#endif
+
+ const EVP_CIPHER *cipher = EVP_get_cipherbyname(algo);
+ if (!cipher) {
+@@ -1109,8 +1113,12 @@ struct uwsgi_legion *uwsgi_legion_register(char *legion, char *addr, char *valor
+ exit(1);
+ }
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_CIPHER_CTX *ctx2 = uwsgi_malloc(sizeof(EVP_CIPHER_CTX));
+ EVP_CIPHER_CTX_init(ctx2);
++#else
++ EVP_CIPHER_CTX *ctx2 = EVP_CIPHER_CTX_new();
++#endif
+
+ if (EVP_DecryptInit_ex(ctx2, cipher, NULL, (const unsigned char *) secret, (const unsigned char *) iv) <= 0) {
+ uwsgi_error("EVP_DecryptInit_ex()");
+diff --git a/core/ssl.c b/core/ssl.c
+index 89f3a49..29778eb 100644
+--- a/core/ssl.c
++++ b/core/ssl.c
+@@ -14,20 +14,24 @@ set data in it with SSL_CTX_set_ex_data
+ */
+
+ void uwsgi_ssl_init(void) {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ OPENSSL_config(NULL);
++#endif
+ SSL_library_init();
+ SSL_load_error_strings();
+ OpenSSL_add_all_algorithms();
+ uwsgi.ssl_initialized = 1;
+ }
+
+-void uwsgi_ssl_info_cb(SSL const *ssl, int where, int ret) {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++void uwsgi_ssl_info_cb(const SSL *ssl, int where, int ret) {
+ if (where & SSL_CB_HANDSHAKE_DONE) {
+ if (ssl->s3) {
+ ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
+ }
+ }
+ }
++#endif
+
+ int uwsgi_ssl_verify_callback(int ok, X509_STORE_CTX * x509_store) {
+ if (!ok && uwsgi.ssl_verbose) {
+@@ -44,6 +48,7 @@ int uwsgi_ssl_verify_callback(int ok, X509_STORE_CTX * x509_store) {
+ return ok;
+ }
+
++#ifdef UWSGI_SSL_SESSION_CACHE
+ int uwsgi_ssl_session_new_cb(SSL *ssl, SSL_SESSION *sess) {
+ char session_blob[4096];
+ int len = i2d_SSL_SESSION(sess, NULL);
+@@ -68,7 +73,7 @@ int uwsgi_ssl_session_new_cb(SSL *ssl, SSL_SESSION *sess) {
+ return 0;
+ }
+
+-SSL_SESSION *uwsgi_ssl_session_get_cb(SSL *ssl, unsigned char *key, int keylen, int *copy) {
++SSL_SESSION *uwsgi_ssl_session_get_cb(SSL *ssl, const unsigned char *key, int keylen, int *copy) {
+
+ uint64_t valsize = 0;
+
+@@ -100,6 +105,7 @@ void uwsgi_ssl_session_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess) {
+ }
+ uwsgi_rwunlock(uwsgi.ssl_sessions_cache->lock);
+ }
++#endif
+
+ #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ static int uwsgi_sni_cb(SSL *ssl, int *ad, void *arg) {
+@@ -356,7 +362,9 @@ SSL_CTX *uwsgi_ssl_new_server_context(char *name, char *crt, char *key, char *ci
+ }
+
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ SSL_CTX_set_info_callback(ctx, uwsgi_ssl_info_cb);
++#endif
+ #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ SSL_CTX_set_tlsext_servername_callback(ctx, uwsgi_sni_cb);
+ #endif
+@@ -364,6 +372,7 @@ SSL_CTX *uwsgi_ssl_new_server_context(char *name, char *crt, char *key, char *ci
+ // disable session caching by default
+ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+
++#ifdef UWSGI_SSL_SESSION_CACHE
+ if (uwsgi.ssl_sessions_use_cache) {
+
+ // we need to early initialize locking and caching
+@@ -408,6 +417,7 @@ SSL_CTX *uwsgi_ssl_new_server_context(char *name, char *crt, char *key, char *ci
+ SSL_CTX_sess_set_get_cb(ctx, uwsgi_ssl_session_get_cb);
+ SSL_CTX_sess_set_remove_cb(ctx, uwsgi_ssl_session_remove_cb);
+ }
++#endif
+
+ SSL_CTX_set_timeout(ctx, uwsgi.ssl_sessions_timeout);
+
+diff --git a/core/uwsgi.c b/core/uwsgi.c
+index f0b8aa8..430d8fb 100755
+--- a/core/uwsgi.c
++++ b/core/uwsgi.c
+@@ -693,11 +693,13 @@ static struct uwsgi_option uwsgi_base_options[] = {
+ {"snmp-community", required_argument, 0, "set the snmp community string", uwsgi_opt_snmp_community, NULL, 0},
+ #ifdef UWSGI_SSL
+ {"ssl-verbose", no_argument, 0, "be verbose about SSL errors", uwsgi_opt_true, &uwsgi.ssl_verbose, 0},
++#if UWSGI_SSL_SESSION_CACHE
+ // force master, as ssl sessions caching initialize locking early
+ {"ssl-sessions-use-cache", optional_argument, 0, "use uWSGI cache for ssl sessions storage", uwsgi_opt_set_str, &uwsgi.ssl_sessions_use_cache, UWSGI_OPT_MASTER},
+ {"ssl-session-use-cache", optional_argument, 0, "use uWSGI cache for ssl sessions storage", uwsgi_opt_set_str, &uwsgi.ssl_sessions_use_cache, UWSGI_OPT_MASTER},
+ {"ssl-sessions-timeout", required_argument, 0, "set SSL sessions timeout (default: 300 seconds)", uwsgi_opt_set_int, &uwsgi.ssl_sessions_timeout, 0},
+ {"ssl-session-timeout", required_argument, 0, "set SSL sessions timeout (default: 300 seconds)", uwsgi_opt_set_int, &uwsgi.ssl_sessions_timeout, 0},
++#endif
+ {"sni", required_argument, 0, "add an SNI-governed SSL context", uwsgi_opt_sni, NULL, 0},
+ {"sni-dir", required_argument, 0, "check for cert/key/client_ca file in the specified directory and create a sni/ssl context on demand", uwsgi_opt_set_str, &uwsgi.sni_dir, 0},
+ {"sni-dir-ciphers", required_argument, 0, "set ssl ciphers for sni-dir option", uwsgi_opt_set_str, &uwsgi.sni_dir_ciphers, 0},
+diff --git a/plugins/http/spdy3.c b/plugins/http/spdy3.c
+index 858a2fc..8c80f82 100644
+--- a/plugins/http/spdy3.c
++++ b/plugins/http/spdy3.c
+@@ -840,9 +840,11 @@ void uwsgi_spdy_info_cb(SSL const *ssl, int where, int ret) {
+ //hr->spdy_hook = hr_recv_spdy_control_frame;
+ }
+ }
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if (ssl->s3) {
+ ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
+ }
++#endif
+ }
+ }
+
+diff --git a/plugins/logcrypto/logcrypto.c b/plugins/logcrypto/logcrypto.c
+index 34417ee..3362fcc 100644
+--- a/plugins/logcrypto/logcrypto.c
++++ b/plugins/logcrypto/logcrypto.c
+@@ -32,8 +32,12 @@ static void uwsgi_crypto_logger_setup_encryption(struct uwsgi_crypto_logger_conf
+ uwsgi_ssl_init();
+ }
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ uclc->encrypt_ctx = uwsgi_malloc(sizeof(EVP_CIPHER_CTX));
+ EVP_CIPHER_CTX_init(uclc->encrypt_ctx);
++#else
++ uclc->encrypt_ctx = EVP_CIPHER_CTX_new();
++#endif
+
+ const EVP_CIPHER *cipher = EVP_get_cipherbyname(uclc->algo);
+ if (!cipher) {
+diff --git a/uwsgi.h b/uwsgi.h
+index c5a3f3e..121c3d7 100755
+--- a/uwsgi.h
++++ b/uwsgi.h
+@@ -364,9 +364,13 @@ extern int pivot_root(const char *new_root, const char *put_old);
+ #define UWSGI_CACHE_FLAG_FIXEXPIRE 1 << 9
+
+ #ifdef UWSGI_SSL
+-#include "openssl/conf.h"
+-#include "openssl/ssl.h"
++#include <openssl/conf.h>
++#include <openssl/ssl.h>
+ #include <openssl/err.h>
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define UWSGI_SSL_SESSION_CACHE
++#endif
+ #endif
+
+ #include <glob.h>
More information about the arch-commits
mailing list