main/strongswan: rebuild against libressl-2.7

2025-08-05 05:17:07 +02:00 · 2018-04-04 09:06:17 +00:00 · 2018-04-04 09:06:17 +00:00 · 68b4b7d351
commit 68b4b7d351
parent b56eeb4ed6
2 changed files with 1 additions and 209 deletions
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@ -3,7 +3,7 @@
 pkgname=strongswan
 pkgver=5.6.2
 _pkgver=${pkgver//_rc/rc}
-pkgrel=0
+pkgrel=1
 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
 url="https://www.strongswan.org/"
 arch="all"
@ -21,7 +21,6 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
 	1001-charon-add-optional-source-and-remote-overrides-for-.patch
 	1002-vici-send-certificates-for-ike-sa-events.patch
 	1003-vici-add-support-for-individual-sa-state-changes.patch
-	libressl.patch

 	strongswan.initd
 	charon.initd
@ -121,6 +120,5 @@ sha512sums="cf2d5cb6c45d991fe0ad8eed4ea8628f95a1871e9728ddf0985aa26e78d1e6da1c92
 df5673107ea15dae28276b1cbc2a0d995d9a210c9c73ee478cb0f4eba0e3ef76856708119a5ebdf59637c2830ca8e30adf294d09e3eeef5514890d8ebc7c47b4  1001-charon-add-optional-source-and-remote-overrides-for-.patch
 0dd637cc6ee89646c05d0345757fbfb26f4c0e2103d8eaafeb248b98bcc972ce5171081b7da7c9b974c92abb3f452180271767fb997171ac08b73880650e566b  1002-vici-send-certificates-for-ike-sa-events.patch
 d92ec44ac03c3eabe7583c01b15c66c9286681f42cf1d6ced3e1096c27c174014e14112610d2e12c8ccf6c2d8c1a5242e10e2520d41995f8aac145bd603facfc  1003-vici-add-support-for-individual-sa-state-changes.patch
-75c5f1c8558efa9e863490be7c675ea7c56baa102d1cef192ca90d40dc2c9abfaff664c6d76a2a88d2ee4212a8b0106666cafe2a8e753532aabe6eb798382773  libressl.patch
 8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9  strongswan.initd
 1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1  charon.initd"
--- a/main/strongswan/libressl.patch
+++ b/main/strongswan/libressl.patch
@ -1,206 +0,0 @@
-diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
-index 88f7a67c2..08838878f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
-@@ -49,7 +49,7 @@
- #include <collections/enumerator.h>
- #include <credentials/certificates/x509.h>
- 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- static inline void X509_CRL_get0_signature(const X509_CRL *crl, ASN1_BIT_STRING **psig, X509_ALGOR **palg) {
- 	if (psig) { *psig = crl->signature; }
- 	if (palg) { *palg = crl->sig_alg; }
-@@ -321,7 +321,7 @@ METHOD(certificate_t, issued_by, bool,
- 		}
- 	}
- 	/* i2d_re_X509_CRL_tbs() was added with 1.1.0 when X509_CRL became opaque */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 	tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl);
- #else
- 	tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl);
-diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
-index 8e9c1183f..3b8810175 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
-@@ -27,7 +27,7 @@
- #include <utils/debug.h>
- 
- /* these were added with 1.1.0 when DH was made opaque */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- OPENSSL_KEY_FALLBACK(DH, key, pub_key, priv_key)
- OPENSSL_KEY_FALLBACK(DH, pqg, p, q, g)
- #define DH_set_length(dh, len) ({ (dh)->length = len; 1; })
-diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
-index 364190758..6cfb5457e 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
-@@ -28,7 +28,7 @@
- #include <openssl/ecdsa.h>
- #include <openssl/x509.h>
- 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s)
- #endif
- 
-diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
-index faa940839..ca1cdfd3b 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
-@@ -27,7 +27,7 @@
- #include <openssl/ecdsa.h>
- #include <openssl/x509.h>
- 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s)
- #endif
- 
-diff --git a/src/libstrongswan/plugins/openssl/openssl_hmac.c b/src/libstrongswan/plugins/openssl/openssl_hmac.c
-index 16e707116..e6647bbab 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hmac.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_hmac.c
-@@ -70,7 +70,7 @@ struct private_mac_t {
- 	 */
- 	HMAC_CTX *hmac;
- 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	/**
- 	 * Static context for OpenSSL < 1.1.0
- 	 */
-@@ -140,7 +140,7 @@ METHOD(mac_t, get_mac_size, size_t,
- METHOD(mac_t, destroy, void,
- 	private_mac_t *this)
- {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 	HMAC_CTX_free(this->hmac);
- #else
- 	HMAC_CTX_cleanup(&this->hmac_ctx);
-@@ -178,7 +178,7 @@ static mac_t *hmac_create(hash_algorithm_t algo)
- 		return NULL;
- 	}
- 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 	this->hmac = HMAC_CTX_new();
- #else
- 	HMAC_CTX_init(&this->hmac_ctx);
-diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
-index f94767cf5..155e7faa5 100644
--- a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
-@@ -29,7 +29,7 @@
- 
- #include <openssl/cms.h>
- 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- #define X509_ATTRIBUTE_get0_object(attr) ({ (attr)->object; })
- #endif
- 
-diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-index 8b0a7c5c7..4f1170088 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-@@ -68,7 +68,7 @@ struct private_openssl_plugin_t {
- /**
-  * OpenSSL is thread-safe since 1.1.0
-  */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 
- /**
-  * Array of static mutexs, with CRYPTO_num_locks() mutex
-@@ -718,7 +718,7 @@ METHOD(plugin_t, destroy, void,
- /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
-  * can't call it as we couldn't re-initialize the library (as required by the
-  * unit tests and the Android app) */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- #ifndef OPENSSL_IS_BORINGSSL
- 	CONF_modules_free();
- 	OBJ_cleanup();
-@@ -773,7 +773,7 @@ plugin_t *openssl_plugin_create()
- 		},
- 	);
- 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 	/* note that we can't call OPENSSL_cleanup() when the plugin is destroyed
- 	 * as we couldn't initialize the library again afterwards */
- 	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG |
-diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
-index 401a51a0b..f4c06367c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
-@@ -35,7 +35,7 @@
-  */
- #define PUBLIC_EXPONENT 0x10001
- 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
- OPENSSL_KEY_FALLBACK(RSA, factors, p, q)
- OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp)
-diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
-index 20bf30ae9..e4a68edad 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
-@@ -30,7 +30,7 @@
- #include <openssl/rsa.h>
- #include <openssl/x509.h>
- 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
- #endif
- 
-diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c
-index 6580e1c7d..03cf0585d 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_util.c
-@@ -23,7 +23,7 @@
- #include <openssl/x509.h>
- 
- /* these were added with 1.1.0 when ASN1_OBJECT was made opaque */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- #define OBJ_get0_data(o) ((o)->data)
- #define OBJ_length(o) ((o)->length)
- #endif
-diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
-index 60c08770b..3eeaaf9ed 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
-@@ -61,7 +61,7 @@
- #endif
- 
- /* added with 1.0.2 */
-#if OPENSSL_VERSION_NUMBER < 0x10002000L
-+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
- static inline void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509 *x) {
- 	if (psig) { *psig = x->signature; }
- 	if (palg) { *palg = x->sig_alg; }
-@@ -69,7 +69,7 @@ static inline void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg
- #endif
- 
- /* added with 1.1.0 when X509 etc. was made opaque */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- #define X509_get0_extensions(x509) ({ (x509)->cert_info->extensions; })
- #define X509_get0_tbs_sigalg(x509) ({ (x509)->cert_info->signature; })
- #define X509_ALGOR_get0(oid, ppt, ppv, alg) ({ *(oid) = (alg)->algorithm; })
-@@ -421,7 +421,7 @@ METHOD(certificate_t, issued_by, bool,
- 		return FALSE;
- 	}
- 	/* i2d_re_X509_tbs() was added with 1.1.0 when X509 was made opaque */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 	tbs = openssl_i2chunk(re_X509_tbs, this->x509);
- #else
- 	tbs = openssl_i2chunk(X509_CINF, this->x509->cert_info);