[arch-commits] Commit in opensips/trunk (PKGBUILD port-tls-1.1.0.patch)
Sergej Pupykin
spupykin at archlinux.org
Fri Jan 5 17:01:54 UTC 2018
Date: Friday, January 5, 2018 @ 17:01:53
Author: spupykin
Revision: 279121
upgpkg: opensips 2.3.2-1
Modified:
opensips/trunk/PKGBUILD
Deleted:
opensips/trunk/port-tls-1.1.0.patch
----------------------+
PKGBUILD | 14 -
port-tls-1.1.0.patch | 446 -------------------------------------------------
2 files changed, 5 insertions(+), 455 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2018-01-05 17:01:49 UTC (rev 279120)
+++ PKGBUILD 2018-01-05 17:01:53 UTC (rev 279121)
@@ -2,8 +2,8 @@
# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
pkgname=opensips
-pkgver=2.2.3
-pkgrel=2
+pkgver=2.3.2
+pkgrel=1
pkgdesc="An Open Source SIP Server able to act as a SIP proxy, registrar, location server, redirect server ..."
url="http://www.opensips.org"
depends=('gcc-libs' 'openssl' 'db' 'attr' 'libxml2')
@@ -24,11 +24,9 @@
install=opensips.install
options=('!emptydirs' 'zipman' '!makeflags' 'docs')
source=(https://opensips.org/pub/opensips/${pkgver}/opensips-${pkgver}.tar.gz
- opensips.service
- port-tls-1.1.0.patch)
-sha256sums=('ccf540f7aae4335a8319b83f6cb87b562e665991fe1c2adc4e8eb4d4f3042dd7'
- 'c2fec4be085b108db10834fa9832e98d696c2de6408f85f96cf89c13bf6be819'
- '1ad2558c329a1b41948ff9ef1c8169289b38500ce8183e50bae653ef82afdbec')
+ opensips.service)
+sha256sums=('467ec4a7ac0187872b26485a893bed15753506624a2af3592f1a093c5cbea16a'
+ 'c2fec4be085b108db10834fa9832e98d696c2de6408f85f96cf89c13bf6be819')
prepare() {
cd "$srcdir"/$pkgname-$pkgver/
@@ -41,8 +39,6 @@
sed -i 's|sbin|bin|g' Makefile
sed -i 's|bin-dir = sbin/|bin-dir = bin/|' Makefile.defs
-
- patch -Np1 -i ../port-tls-1.1.0.patch
}
_modules="ldap db_mysql db_postgres db_unixodbc presence presence_xml h350 proto_tls tlsops tls_mgm db_http httpd tm rr"
Deleted: port-tls-1.1.0.patch
===================================================================
--- port-tls-1.1.0.patch 2018-01-05 17:01:49 UTC (rev 279120)
+++ port-tls-1.1.0.patch 2018-01-05 17:01:53 UTC (rev 279121)
@@ -1,446 +0,0 @@
-Description: Port tls_mgm module to openssl 1.1.0.
-Author: Răzvan Crainea <razvan at opensips.org>
-Last-Update: 2016-12-01
---- a/modules/tls_mgm/tls.h
-+++ b/modules/tls_mgm/tls.h
-@@ -64,41 +64,50 @@
- #warning ""
- #endif
-
--static int tls_static_locks_no=0;
--static gen_lock_set_t* tls_static_locks=NULL;
--
- static SSL_METHOD *ssl_methods[TLS_USE_TLSv1_2 + 1];
-
- #define VERIFY_DEPTH_S 3
-
-
--struct CRYPTO_dynlock_value {
-- gen_lock_t lock;
--};
--
--static unsigned long tls_get_id(void)
--{
-- return my_pid();
--}
--
- /*
- * Wrappers around OpenSIPS shared memory functions
- * (which can be macros)
- */
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+static void* os_malloc(size_t size, const char *file, int line)
-+#else
- static void* os_malloc(size_t size)
-+#endif
- {
-+#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L)
-+ return _shm_malloc(size, file, __FUNCTION__, line);
-+#else
- return shm_malloc(size);
-+#endif
- }
-
-
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+static void* os_realloc(void *ptr, size_t size, const char *file, int line)
-+#else
- static void* os_realloc(void *ptr, size_t size)
-+#endif
- {
-+#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L)
-+ return _shm_realloc(ptr, size, file, __FUNCTION__, line);
-+#else
- return shm_realloc(ptr, size);
-+#endif
- }
-
-
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+static void os_free(void *ptr, const char *file, int line)
-+#else
- static void os_free(void *ptr)
-+#endif
- {
-+ /* TODO: also handle free file and line */
- if (ptr)
- shm_free(ptr);
- }
-@@ -106,21 +115,17 @@
-
-
-
--static void tls_static_locks_ops(int mode, int n, const char* file, int line)
--{
-- if (n<0 || n>tls_static_locks_no) {
-- LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n");
-- abort();
-- }
-+/* these locks can not be used in 1.1.0, because the interface has changed */
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+struct CRYPTO_dynlock_value {
-+ gen_lock_t lock;
-+};
-
-- if (mode & CRYPTO_LOCK) {
-- lock_set_get(tls_static_locks,n);
-- } else {
-- lock_set_release(tls_static_locks,n);
-- }
-+static unsigned long tls_get_id(void)
-+{
-+ return my_pid();
- }
-
--
- static struct CRYPTO_dynlock_value* tls_dyn_lock_create(const char* file,
- int line)
- {
-@@ -158,5 +163,6 @@
- lock_destroy(&dyn_lock->lock);
- shm_free(dyn_lock);
- }
-+#endif
-
- #endif /* _PROTO_TLS_H_ */
---- a/modules/tls_mgm/tls_conn_ops.h
-+++ b/modules/tls_mgm/tls_conn_ops.h
-@@ -116,12 +116,14 @@
- return -1;
- }
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- #ifndef OPENSSL_NO_KRB5
- if ( ((SSL *)c->extra_data)->kssl_ctx ) {
- kssl_ctx_free( ((SSL *)c->extra_data)->kssl_ctx );
- ((SSL *)c->extra_data)->kssl_ctx = 0;
- }
- #endif
-+#endif
-
- if ( c->proto_flags & F_TLS_DO_ACCEPT ) {
- LM_DBG("Setting in ACCEPT mode (server)\n");
---- a/modules/tls_mgm/tls_conn_server.h
-+++ b/modules/tls_mgm/tls_conn_server.h
-@@ -148,17 +148,21 @@
- }
-
- ssl = (SSL *) c->extra_data;
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- #ifndef OPENSSL_NO_KRB5
- if ( ssl->kssl_ctx==NULL )
- ssl->kssl_ctx = kssl_ctx_new( );
- #endif
-+#endif
- ret = SSL_accept(ssl);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- #ifndef OPENSSL_NO_KRB5
- if ( ssl->kssl_ctx ) {
- kssl_ctx_free( ssl->kssl_ctx );
- ssl->kssl_ctx = 0;
- }
- #endif
-+#endif
- if (ret > 0) {
- LM_INFO("New TLS connection from %s:%d accepted\n",
- ip_addr2a(&c->rcv.src_ip), c->rcv.src_port);
---- a/modules/tls_mgm/tls_mgm.c
-+++ b/modules/tls_mgm/tls_mgm.c
-@@ -557,11 +557,10 @@
- LM_NOTICE("subject = %s\n", buf);
- LM_NOTICE("verify error:num=%d:%s\n",
- err, X509_verify_cert_error_string(err));
-- LM_NOTICE("error code is %d\n", ctx->error);
-
-- switch (ctx->error) {
-+ switch (err) {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),
-+ X509_NAME_oneline(X509_get_issuer_name(err_cert),
- buf,sizeof buf);
- LM_NOTICE("issuer= %s\n",buf);
- break;
-@@ -611,7 +610,7 @@
-
- default:
- LM_NOTICE("something wrong with the cert"
-- " ... error code is %d (check x509_vfy.h)\n", ctx->error);
-+ " ... error code is %d (check x509_vfy.h)\n", err);
- break;
- }
-
-@@ -1074,9 +1073,11 @@
- return 0;
- }
-
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- static int check_for_krb(void)
- {
- SSL_CTX *xx;
-+
- int j;
-
- xx = SSL_CTX_new(ssl_methods[tls_default_method - 1]);
-@@ -1096,6 +1097,27 @@
- SSL_CTX_free(xx);
- return 0;
- }
-+#endif
-+
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+static int tls_static_locks_no=0;
-+static gen_lock_set_t* tls_static_locks=NULL;
-+
-+static void tls_static_locks_ops(int mode, int n, const char* file, int line)
-+{
-+ if (n<0 || n>tls_static_locks_no) {
-+ LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n");
-+ abort();
-+ }
-+
-+ if (mode & CRYPTO_LOCK) {
-+ lock_set_get(tls_static_locks,n);
-+ } else {
-+ lock_set_release(tls_static_locks,n);
-+ }
-+}
-+
-+
-
- static int tls_init_multithread(void)
- {
-@@ -1126,6 +1148,7 @@
-
- return 0;
- }
-+#endif
-
- /*
- * initialize ssl methods
-@@ -1135,19 +1158,31 @@
- {
- LM_DBG("entered\n");
-
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLS_client_method();
-+ ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLS_server_method();
-+ ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLS_method();
-+#else
- ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLSv1_client_method();
- ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLSv1_server_method();
- ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLSv1_method();
-+#endif
-
- ssl_methods[TLS_USE_SSLv23_cli-1] = (SSL_METHOD*)SSLv23_client_method();
- ssl_methods[TLS_USE_SSLv23_srv-1] = (SSL_METHOD*)SSLv23_server_method();
- ssl_methods[TLS_USE_SSLv23-1] = (SSL_METHOD*)SSLv23_method();
-
- #if OPENSSL_VERSION_NUMBER >= 0x10001000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLS_client_method();
-+ ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLS_server_method();
-+ ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLS_method();
-+#else
- ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLSv1_2_client_method();
- ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLSv1_2_server_method();
- ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLSv1_2_method();
- #endif
-+#endif
- }
-
- /* reloads data from the db */
-@@ -1273,10 +1308,10 @@
- * CRYPTO_malloc will set allow_customize in openssl to 0
- */
- if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) {
-- LM_ERR("unable to set the memory allocation functions\n");
-- LM_ERR("NOTE: check if you have openssl 1.0.1e-fips, as this "
-- "version is know to be broken; if so, you need to upgrade or "
-- "downgrade to a differen openssl version !!\n");
-+ LM_ERR("NOTE: check if you are using openssl 1.0.1e-fips, (or other "
-+ "FIPS version of openssl, as this is known to be broken; if so, "
-+ "you need to upgrade or downgrade to a different openssl version!\n");
-+ LM_ERR("current version: %s\n", SSLeay_version(SSLEAY_VERSION));
- return -1;
- }
-
-@@ -1291,15 +1326,18 @@
- sk_SSL_COMP_zero(comp_methods);
- }
- #endif
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- if (tls_init_multithread() < 0) {
- LM_ERR("failed to init multi-threading support\n");
- return -1;
- }
-+#endif
-
- SSL_library_init();
- SSL_load_error_strings();
- init_ssl_methods();
-
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- n = check_for_krb();
- if (n==-1) {
- LM_ERR("kerberos check failed\n");
-@@ -1318,6 +1356,7 @@
- (n==1)?"":"no ",(n!=1)?"no ":"");
- return -1;
- }
-+#endif
-
- /*
- * finish setting up the tls default domains
---- a/modules/identity/identity.c
-+++ b/modules/identity/identity.c
-@@ -107,6 +107,9 @@
- #include "identity.h"
-
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#define EVP_MD_CTX_free EVP_MD_CTX_cleanup
-+#endif
-
- /* parameters */
-
-@@ -831,7 +834,11 @@
- {
- #define IDENTITY_HDR_S "Identity: \""
- #define IDENTITY_HDR_L (sizeof(IDENTITY_HDR_S)-1)
-- EVP_MD_CTX ctx;
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ EVP_MD_CTX *pctx;
-+#else
-+ EVP_MD_CTX ctx, *pctx = &ctx;
-+#endif
- unsigned int siglen = 0;
- int b64len = 0;
- unsigned char * sig = NULL;
-@@ -843,27 +850,30 @@
- LM_ERR("error making digest string\n");
- return 0;
- }
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ pctx = EVP_MD_CTX_new();
-+#endif
-
-- EVP_SignInit(&ctx, EVP_sha1());
-+ EVP_SignInit(pctx, EVP_sha1());
-
-- EVP_SignUpdate(&ctx, digestString, strlen(digestString));
-+ EVP_SignUpdate(pctx, digestString, strlen(digestString));
-
- sig = pkg_malloc(EVP_PKEY_size(privKey_evp));
- if(!sig)
- {
-- EVP_MD_CTX_cleanup(&ctx);
-+ EVP_MD_CTX_free(pctx);
- LM_ERR("failed allocating memory\n");
- return 0;
- }
-
-- if(!EVP_SignFinal(&ctx, sig, &siglen, privKey_evp))
-+ if(!EVP_SignFinal(pctx, sig, &siglen, privKey_evp))
- {
-- EVP_MD_CTX_cleanup(&ctx);
-+ EVP_MD_CTX_free(pctx);
- pkg_free(sig);
- LM_ERR("error calculating signature\n");
- return 0;
- }
-- EVP_MD_CTX_cleanup(&ctx);
-+ EVP_MD_CTX_free(pctx);
-
- /* ###Base64-encoding### */
- /* annotation: The next few lines are based on example 7-11 of [VIE-02] */
-@@ -1138,6 +1148,10 @@
- const unsigned char * data;
- STACK_OF(CONF_VALUE) * val;
- CONF_VALUE * nval;
-+ int len;
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ ASN1_OCTET_STRING *adata;
-+#endif
-
- if(!cert || !msg)
- {
-@@ -1190,15 +1204,22 @@
- LM_ERR("X509V3_EXT_get failed\n");
- return 0;
- }
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ adata = X509_EXTENSION_get_data(cext);
-+ data = ASN1_STRING_get0_data(adata);
-+ len = ASN1_STRING_length(adata);
-+#else
- data = cext->value->data;
-+ len = cext->value->length;
-+#endif
- if(meth->it)
- {
- ext_str = ASN1_item_d2i(NULL, &data,
-- cext->value->length, ASN1_ITEM_ptr(meth->it));
-+ len, ASN1_ITEM_ptr(meth->it));
- }
- else
- {
-- ext_str = meth->d2i(NULL, &data, cext->value->length);
-+ ext_str = meth->d2i(NULL, &data, len);
- }
-
- val = meth->i2v(meth, ext_str, NULL);
-@@ -1251,7 +1272,11 @@
- int siglen = -1;
- unsigned char * sigbuf = NULL;
- int b64len = 0;
-- EVP_MD_CTX ctx;
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ EVP_MD_CTX *pctx;
-+#else
-+ EVP_MD_CTX ctx, *pctx = &ctx;
-+#endif
- int result = 0;
- char *p;
- unsigned long err;
-@@ -1295,22 +1320,25 @@
- p=strstr(identityHF , "=");
- siglen-=strspn(p , "=");
-
-- EVP_VerifyInit(&ctx, EVP_sha1());
-- EVP_VerifyUpdate(&ctx, digestString, strlen(digestString));
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ pctx = EVP_MD_CTX_new();
-+#endif
-+ EVP_VerifyInit(pctx, EVP_sha1());
-+ EVP_VerifyUpdate(pctx, digestString, strlen(digestString));
-
- pubkey = X509_get_pubkey(cert);
- if(!pubkey)
- {
-- EVP_MD_CTX_cleanup(&ctx);
-+ EVP_MD_CTX_free(pctx);
- pkg_free(sigbuf);
- LM_ERR("error reading pubkey from cert\n");
- return 0;
- }
-
-- result = EVP_VerifyFinal(&ctx, sigbuf, siglen, pubkey);
-+ result = EVP_VerifyFinal(pctx, sigbuf, siglen, pubkey);
-
- EVP_PKEY_free(pubkey);
-- EVP_MD_CTX_cleanup(&ctx);
-+ EVP_MD_CTX_free(pctx);
- pkg_free(sigbuf);
-
- switch(result)
-@@ -1715,8 +1743,9 @@
- {
- if (!ok)
- {
-+ int err = X509_STORE_CTX_get_error(stor);
- LM_INFO("certificate validation failed: %s\n",
-- X509_verify_cert_error_string(stor->error));
-+ X509_verify_cert_error_string(err));
- }
-
- return ok;
More information about the arch-commits
mailing list