void-packages/srcpkgs/openldap/patches/libressl.patch
Alessio Sergi c339e955cf openldap: update to 2.4.45
Fix CVE-2017-9287.
2017-06-03 19:21:02 +02:00

114 lines
3.8 KiB
Diff

--- libraries/libldap/tls_o.c.orig
+++ libraries/libldap/tls_o.c
@@ -47,7 +47,7 @@
#include <ssl.h>
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
#define ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
#endif
@@ -62,7 +62,7 @@ static void tlso_info_cb( const SSL *ssl, int where, i
static int tlso_verify_cb( int ok, X509_STORE_CTX *ctx );
static int tlso_verify_ok( int ok, X509_STORE_CTX *ctx );
static int tlso_seed_PRNG( const char *randfile );
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
/*
* OpenSSL 1.1 API and later has new locking code
*/
@@ -157,7 +157,7 @@ tlso_init( void )
(void) tlso_seed_PRNG( lo->ldo_tls_randfile );
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_digests();
@@ -179,7 +179,7 @@ tlso_destroy( void )
{
struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
EVP_cleanup();
#if OPENSSL_VERSION_NUMBER < 0x10000000
ERR_remove_state(0);
@@ -205,7 +205,7 @@ static void
tlso_ctx_ref( tls_ctx *ctx )
{
tlso_ctx *c = (tlso_ctx *)ctx;
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
#define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX )
#endif
SSL_CTX_up_ref( c );
@@ -367,7 +367,7 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls
SSL_CTX_set_verify( ctx, i,
lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW ?
tlso_verify_ok : tlso_verify_cb );
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
SSL_CTX_set_tmp_rsa_callback( ctx, tlso_tmp_rsa_cb );
#endif
#ifdef HAVE_OPENSSL_CRL
@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval *
if (!x) return LDAP_INVALID_CREDENTIALS;
xn = X509_get_subject_name(x);
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
der_dn->bv_len = i2d_X509_NAME( xn, NULL );
der_dn->bv_val = xn->bytes->data;
#else
@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval
return LDAP_INVALID_CREDENTIALS;
xn = X509_get_subject_name(x);
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
der_dn->bv_len = i2d_X509_NAME( xn, NULL );
der_dn->bv_val = xn->bytes->data;
#else
@@ -721,7 +721,7 @@ struct tls_data {
Sockbuf_IO_Desc *sbiod;
};
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
#define BIO_set_init(b, x) b->init = x
#define BIO_set_data(b, x) b->ptr = x
#define BIO_clear_flags(b, x) b->flags &= ~(x)
@@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str )
return tlso_bio_write( b, str, strlen( str ) );
}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
struct bio_method_st {
int type;
const char *name;
@@ -1138,7 +1138,7 @@ tlso_report_error( void )
}
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
static RSA *
tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length )
{
@@ -1186,10 +1186,11 @@
* The fact is that when $HOME is NULL, .rnd is used.
*/
randfile = RAND_file_name( buffer, sizeof( buffer ) );
-
+#ifdef HAVE_SSL_RAND_EGD
} else if (RAND_egd(randfile) > 0) {
/* EGD socket */
return 0;
+#endif
}
if (randfile == NULL) {