From patchwork Sun Apr 15 22:55:33 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Hauke Mehrtens <hauke@hauke-m.de>
X-Patchwork-Id: 898335
X-Patchwork-Delegate: hauke@hauke-m.de
Return-Path: 
 <lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=hauke-m.de
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="IqLFj3iI";
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 40PRhG61XPz9s1R
	for <incoming@patchwork.ozlabs.org>;
	Mon, 16 Apr 2018 08:56:14 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Message-Id:
	Date:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=VqDrmztQ7njjUx/ZwTWchRM2mUmJBLHv7zfukdsmI+Q=;
	b=IqLFj3iI//ApJ9
	uUCeYHrst3HzDdqHUX0F3GdhBYEfJRytwLqlaoqyjPI9L7/5TEPATRmPg4ZIOztEPrcf3++pmbmxR
	ElFsDx2HzpOl6D3nLQMdHQg6hQi6VkZn8G2uD5QPcGNCjE1yQm7BUfIRmLRqiZG71/VLlPv2oPKwN
	SMtNY7p/d3hnMIuhfJXkTFg2tccCTKAkSxYX3RuQE9LQCA+wzjML271lUSe6HmICGpsKZddjTYbmr
	TcwsfRCtbgXVvaCLqS+CFtjJHRQrZHd+hJiSl2LDHqSuj5jKu+hsQl9/2SZmuZsznsU8pkhqKdiA7
	nKLBfyXROK5s56YQvx5w==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux))
	id 1f7qZ7-0003SN-3N; Sun, 15 Apr 2018 22:56:09 +0000
Received: from mx1.mailbox.org ([80.241.60.212])
	by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat
	Linux)) id 1f7qYr-000397-QL
	for lede-dev@lists.infradead.org; Sun, 15 Apr 2018 22:55:56 +0000
Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mx1.mailbox.org (Postfix) with ESMTPS id 36EBA42A37;
	Mon, 16 Apr 2018 00:55:41 +0200 (CEST)
X-Virus-Scanned: amavisd-new at heinlein-support.de
Received: from smtp2.mailbox.org ([80.241.60.241])
	by spamfilter03.heinlein-hosting.de (spamfilter03.heinlein-hosting.de
	[80.241.56.117]) (amavisd-new, port 10030)
	with ESMTP id Hxph65MKz463; Mon, 16 Apr 2018 00:55:39 +0200 (CEST)
From: Hauke Mehrtens <hauke@hauke-m.de>
To: lede-dev@lists.infradead.org
Date: Mon, 16 Apr 2018 00:55:33 +0200
Message-Id: <20180415225533.16213-1-hauke@hauke-m.de>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20180415_155554_184303_F7C7D47C 
X-CRM114-Status: GOOD (  22.27  )
X-Spam-Score: -0.7 (/)
X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary:
	Content analysis details:   (-0.7 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
	low trust [80.241.60.212 listed in list.dnswl.org]
	-0.0 SPF_PASS               SPF: sender matches SPF record
Subject: [LEDE-DEV] [PATCH] tools/libressl: update to version 2.7.2
X-BeenThere: lede-dev@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <lede-dev.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/lede-dev>,
	<mailto:lede-dev-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/lede-dev/>
List-Post: <mailto:lede-dev@lists.infradead.org>
List-Help: <mailto:lede-dev-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/lede-dev>,
	<mailto:lede-dev-request@lists.infradead.org?subject=subscribe>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
MIME-Version: 1.0
Sender: "Lede-dev" <lede-dev-bounces@lists.infradead.org>
Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Libressl version 2.7.0 and later implement more of the OpenSSL 1.1 API
and this needs some modifications of the code using it.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---
 .../patches/120-curl-fix-libressl-linking.patch    |  6 +-
 tools/cmake/patches/140-curl-fix-libressl.patch    | 68 ++++++++++++++++++++++
 .../patches/150-libarchive-fix-libressl.patch      | 37 ++++++++++++
 tools/libressl/Makefile                            |  4 +-
 4 files changed, 112 insertions(+), 3 deletions(-)
 create mode 100644 tools/cmake/patches/140-curl-fix-libressl.patch
 create mode 100644 tools/cmake/patches/150-libarchive-fix-libressl.patch

diff --git a/tools/cmake/patches/120-curl-fix-libressl-linking.patch b/tools/cmake/patches/120-curl-fix-libressl-linking.patch
index ad5b89750e..a345a8c16a 100644
--- a/tools/cmake/patches/120-curl-fix-libressl-linking.patch
+++ b/tools/cmake/patches/120-curl-fix-libressl-linking.patch
@@ -20,7 +20,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 ---
 --- a/Utilities/cmcurl/CMakeLists.txt
 +++ b/Utilities/cmcurl/CMakeLists.txt
-@@ -461,6 +461,10 @@ if(CMAKE_USE_OPENSSL)
+@@ -461,6 +461,14 @@ if(CMAKE_USE_OPENSSL)
    set(USE_OPENSSL ON)
    set(HAVE_LIBCRYPTO ON)
    set(HAVE_LIBSSL ON)
@@ -28,6 +28,10 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 +  if(HAVE_LIBRT)
 +    list(APPEND OPENSSL_LIBRARIES rt)
 +  endif()
++  check_library_exists("pthread" pthread_once "" HAVE_PTHREAD)
++  if(HAVE_PTHREAD)
++    list(APPEND OPENSSL_LIBRARIES pthread)
++  endif()
    list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES})
    include_directories(${OPENSSL_INCLUDE_DIR})
    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
diff --git a/tools/cmake/patches/140-curl-fix-libressl.patch b/tools/cmake/patches/140-curl-fix-libressl.patch
new file mode 100644
index 0000000000..9caed96f53
--- /dev/null
+++ b/tools/cmake/patches/140-curl-fix-libressl.patch
@@ -0,0 +1,68 @@
+From 7c90c93c0b061da81f69fabdd57125b2783c15fb Mon Sep 17 00:00:00 2001
+From: Bernard Spil <brnrd@FreeBSD.org>
+Date: Mon, 2 Apr 2018 19:04:06 +0200
+Subject: [PATCH] openssl: fix build with LibreSSL 2.7
+
+ - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API
+
+Fixes #2319
+Closes #2447
+Closes #2448
+
+Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
+---
+ lib/vtls/openssl.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+--- a/Utilities/cmcurl/lib/vtls/openssl.c
++++ b/Utilities/cmcurl/lib/vtls/openssl.c
+@@ -104,7 +104,8 @@
+ #endif
+ 
+ #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
+-  !defined(LIBRESSL_VERSION_NUMBER)
++    !(defined(LIBRESSL_VERSION_NUMBER) && \
++      LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
+ #define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
+ #define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
+@@ -128,7 +129,8 @@ static unsigned long OpenSSL_version_num
+ #endif
+ 
+ #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
+-  !defined(LIBRESSL_VERSION_NUMBER)
++    !(defined(LIBRESSL_VERSION_NUMBER) && \
++      LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ #define HAVE_X509_GET0_SIGNATURE 1
+ #endif
+ 
+@@ -147,7 +149,7 @@ static unsigned long OpenSSL_version_num
+  * Whether SSL_CTX_set_keylog_callback is available.
+  * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
+  * BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
+- * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it
++ * LibreSSL: unsupported in at least 2.7.2 (explicitly check for it since it
+  *           lies and pretends to be OpenSSL 2.0.0).
+  */
+ #if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
+@@ -259,7 +261,9 @@ static void tap_ssl_key(const SSL *ssl,
+   if(!session || !keylog_file_fp)
+     return;
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
++    !(defined(LIBRESSL_VERSION_NUMBER) && \
++      LIBRESSL_VERSION_NUMBER < 0x20700000L)
+   /* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that
+    * we have a valid SSL context if we have a non-NULL session. */
+   SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
+@@ -2082,8 +2086,7 @@ static CURLcode ossl_connect_step1(struc
+   case CURL_SSLVERSION_TLSv1_2:
+   case CURL_SSLVERSION_TLSv1_3:
+     /* it will be handled later with the context options */
+-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
+-    !defined(LIBRESSL_VERSION_NUMBER)
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+     req_method = TLS_client_method();
+ #else
+     req_method = SSLv23_client_method();
diff --git a/tools/cmake/patches/150-libarchive-fix-libressl.patch b/tools/cmake/patches/150-libarchive-fix-libressl.patch
new file mode 100644
index 0000000000..ad8a0969a8
--- /dev/null
+++ b/tools/cmake/patches/150-libarchive-fix-libressl.patch
@@ -0,0 +1,37 @@
+From 5da00ad75b09e262774ec3675bbe4d5a4502a852 Mon Sep 17 00:00:00 2001
+From: Bernard Spil <brnrd@FreeBSD.org>
+Date: Sun, 1 Apr 2018 23:01:44 +0200
+Subject: [PATCH] fix build with LibreSSL 2.7
+
+LibreSSL 2.7 adds OpenSSL 1.1 API leading to conflicts on method names
+
+See also: https://bugs.freebsd.org/226853
+Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
+---
+ libarchive/archive_openssl_hmac_private.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/Utilities/cmlibarchive/libarchive/archive_openssl_hmac_private.h
++++ b/Utilities/cmlibarchive/libarchive/archive_openssl_hmac_private.h
+@@ -28,7 +28,8 @@
+ #include <openssl/hmac.h>
+ #include <openssl/opensslv.h>
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ #include <stdlib.h> /* malloc, free */
+ #include <string.h> /* memset */
+ static inline HMAC_CTX *HMAC_CTX_new(void)
+--- a/Utilities/cmlibarchive/libarchive/archive_openssl_evp_private.h
++++ b/Utilities/cmlibarchive/libarchive/archive_openssl_evp_private.h
+@@ -28,7 +28,8 @@
+ #include <openssl/evp.h>
+ #include <openssl/opensslv.h>
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ #include <stdlib.h> /* malloc, free */
+ #include <string.h> /* memset */
+ static inline EVP_MD_CTX *EVP_MD_CTX_new(void)
diff --git a/tools/libressl/Makefile b/tools/libressl/Makefile
index a068a7c834..4c7e8a7b6e 100644
--- a/tools/libressl/Makefile
+++ b/tools/libressl/Makefile
@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libressl
-PKG_VERSION:=2.6.4
-PKG_HASH:=638a20c2f9e99ee283a841cd787ab4d846d1880e180c4e96904fc327d419d11f
+PKG_VERSION:=2.7.2
+PKG_HASH:=917a8779c342177ff3751a2bf955d0262d1d8916a4b408930c45cef326700995
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz