From 68b4b7d351f43e42b707ba015c24d50bb52037e9 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Wed, 4 Apr 2018 09:06:17 +0000 Subject: [PATCH] main/strongswan: rebuild against libressl-2.7 --- main/strongswan/APKBUILD | 4 +- main/strongswan/libressl.patch | 206 --------------------------------- 2 files changed, 1 insertion(+), 209 deletions(-) delete mode 100644 main/strongswan/libressl.patch diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD index 8f1f8ee12a1..542e6d38f8d 100644 --- a/main/strongswan/APKBUILD +++ b/main/strongswan/APKBUILD @@ -3,7 +3,7 @@ pkgname=strongswan pkgver=5.6.2 _pkgver=${pkgver//_rc/rc} -pkgrel=0 +pkgrel=1 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" url="https://www.strongswan.org/" arch="all" @@ -21,7 +21,6 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2 1001-charon-add-optional-source-and-remote-overrides-for-.patch 1002-vici-send-certificates-for-ike-sa-events.patch 1003-vici-add-support-for-individual-sa-state-changes.patch - libressl.patch strongswan.initd charon.initd @@ -121,6 +120,5 @@ sha512sums="cf2d5cb6c45d991fe0ad8eed4ea8628f95a1871e9728ddf0985aa26e78d1e6da1c92 df5673107ea15dae28276b1cbc2a0d995d9a210c9c73ee478cb0f4eba0e3ef76856708119a5ebdf59637c2830ca8e30adf294d09e3eeef5514890d8ebc7c47b4 1001-charon-add-optional-source-and-remote-overrides-for-.patch 0dd637cc6ee89646c05d0345757fbfb26f4c0e2103d8eaafeb248b98bcc972ce5171081b7da7c9b974c92abb3f452180271767fb997171ac08b73880650e566b 1002-vici-send-certificates-for-ike-sa-events.patch d92ec44ac03c3eabe7583c01b15c66c9286681f42cf1d6ced3e1096c27c174014e14112610d2e12c8ccf6c2d8c1a5242e10e2520d41995f8aac145bd603facfc 1003-vici-add-support-for-individual-sa-state-changes.patch -75c5f1c8558efa9e863490be7c675ea7c56baa102d1cef192ca90d40dc2c9abfaff664c6d76a2a88d2ee4212a8b0106666cafe2a8e753532aabe6eb798382773 libressl.patch 8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd 1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1 charon.initd" diff --git a/main/strongswan/libressl.patch b/main/strongswan/libressl.patch deleted file mode 100644 index 69e81c8cdb4..00000000000 --- a/main/strongswan/libressl.patch +++ /dev/null @@ -1,206 +0,0 @@ -diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c -index 88f7a67c2..08838878f 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_crl.c -+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c -@@ -49,7 +49,7 @@ - #include - #include - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - static inline void X509_CRL_get0_signature(const X509_CRL *crl, ASN1_BIT_STRING **psig, X509_ALGOR **palg) { - if (psig) { *psig = crl->signature; } - if (palg) { *palg = crl->sig_alg; } -@@ -321,7 +321,7 @@ METHOD(certificate_t, issued_by, bool, - } - } - /* i2d_re_X509_CRL_tbs() was added with 1.1.0 when X509_CRL became opaque */ --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl); - #else - tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl); -diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c -index 8e9c1183f..3b8810175 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c -+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c -@@ -27,7 +27,7 @@ - #include - - /* these were added with 1.1.0 when DH was made opaque */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - OPENSSL_KEY_FALLBACK(DH, key, pub_key, priv_key) - OPENSSL_KEY_FALLBACK(DH, pqg, p, q, g) - #define DH_set_length(dh, len) ({ (dh)->length = len; 1; }) -diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c -index 364190758..6cfb5457e 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c -+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c -@@ -28,7 +28,7 @@ - #include - #include - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s) - #endif - -diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c -index faa940839..ca1cdfd3b 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c -+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c -@@ -27,7 +27,7 @@ - #include - #include - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s) - #endif - -diff --git a/src/libstrongswan/plugins/openssl/openssl_hmac.c b/src/libstrongswan/plugins/openssl/openssl_hmac.c -index 16e707116..e6647bbab 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_hmac.c -+++ b/src/libstrongswan/plugins/openssl/openssl_hmac.c -@@ -70,7 +70,7 @@ struct private_mac_t { - */ - HMAC_CTX *hmac; - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - /** - * Static context for OpenSSL < 1.1.0 - */ -@@ -140,7 +140,7 @@ METHOD(mac_t, get_mac_size, size_t, - METHOD(mac_t, destroy, void, - private_mac_t *this) - { --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - HMAC_CTX_free(this->hmac); - #else - HMAC_CTX_cleanup(&this->hmac_ctx); -@@ -178,7 +178,7 @@ static mac_t *hmac_create(hash_algorithm_t algo) - return NULL; - } - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - this->hmac = HMAC_CTX_new(); - #else - HMAC_CTX_init(&this->hmac_ctx); -diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c -index f94767cf5..155e7faa5 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c -+++ b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c -@@ -29,7 +29,7 @@ - - #include - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #define X509_ATTRIBUTE_get0_object(attr) ({ (attr)->object; }) - #endif - -diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c -index 8b0a7c5c7..4f1170088 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_plugin.c -+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c -@@ -68,7 +68,7 @@ struct private_openssl_plugin_t { - /** - * OpenSSL is thread-safe since 1.1.0 - */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - - /** - * Array of static mutexs, with CRYPTO_num_locks() mutex -@@ -718,7 +718,7 @@ METHOD(plugin_t, destroy, void, - /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we - * can't call it as we couldn't re-initialize the library (as required by the - * unit tests and the Android app) */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #ifndef OPENSSL_IS_BORINGSSL - CONF_modules_free(); - OBJ_cleanup(); -@@ -773,7 +773,7 @@ plugin_t *openssl_plugin_create() - }, - ); - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - /* note that we can't call OPENSSL_cleanup() when the plugin is destroyed - * as we couldn't initialize the library again afterwards */ - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG | -diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c -index 401a51a0b..f4c06367c 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c -+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c -@@ -35,7 +35,7 @@ - */ - #define PUBLIC_EXPONENT 0x10001 - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - OPENSSL_KEY_FALLBACK(RSA, key, n, e, d) - OPENSSL_KEY_FALLBACK(RSA, factors, p, q) - OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp) -diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c -index 20bf30ae9..e4a68edad 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c -+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c -@@ -30,7 +30,7 @@ - #include - #include - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - OPENSSL_KEY_FALLBACK(RSA, key, n, e, d) - #endif - -diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c -index 6580e1c7d..03cf0585d 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_util.c -+++ b/src/libstrongswan/plugins/openssl/openssl_util.c -@@ -23,7 +23,7 @@ - #include - - /* these were added with 1.1.0 when ASN1_OBJECT was made opaque */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #define OBJ_get0_data(o) ((o)->data) - #define OBJ_length(o) ((o)->length) - #endif -diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c -index 60c08770b..3eeaaf9ed 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_x509.c -+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c -@@ -61,7 +61,7 @@ - #endif - - /* added with 1.0.2 */ --#if OPENSSL_VERSION_NUMBER < 0x10002000L -+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) - static inline void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509 *x) { - if (psig) { *psig = x->signature; } - if (palg) { *palg = x->sig_alg; } -@@ -69,7 +69,7 @@ static inline void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg - #endif - - /* added with 1.1.0 when X509 etc. was made opaque */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #define X509_get0_extensions(x509) ({ (x509)->cert_info->extensions; }) - #define X509_get0_tbs_sigalg(x509) ({ (x509)->cert_info->signature; }) - #define X509_ALGOR_get0(oid, ppt, ppv, alg) ({ *(oid) = (alg)->algorithm; }) -@@ -421,7 +421,7 @@ METHOD(certificate_t, issued_by, bool, - return FALSE; - } - /* i2d_re_X509_tbs() was added with 1.1.0 when X509 was made opaque */ --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - tbs = openssl_i2chunk(re_X509_tbs, this->x509); - #else - tbs = openssl_i2chunk(X509_CINF, this->x509->cert_info);