svn commit: r424369 - in head/security/stunnel: . files
Michael Gmelin
grembo at freebsd.org
Mon Nov 7 04:34:38 UTC 2016
On Fri, 21 Oct 2016 02:17:12 +0000 (UTC)
Ryan Steinmetz <zi at FreeBSD.org> wrote:
> Author: zi
> Date: Fri Oct 21 02:17:12 2016
> New Revision: 424369
> URL: https://svnweb.freebsd.org/changeset/ports/424369
>
> Log:
> - Update to 5.36
> - Remove unapproved patches that upstream refuses to support
>
> Deleted:
> head/security/stunnel/files/patch-src_common.h
> head/security/stunnel/files/patch-src_ctx.c
> head/security/stunnel/files/patch-src_prototypes.h
> head/security/stunnel/files/patch-src_ssl.c
> head/security/stunnel/files/patch-src_sthreads.c
> head/security/stunnel/files/patch-src_verify.c
> Modified:
> head/security/stunnel/Makefile
> head/security/stunnel/distinfo
>
As far as I understand these changes were necessary as LibreSSL
reports a version number higher than the latest OpenSSL version and
certain features supported by that version number are not available in
LibreSSL. These fixes are quite common in the ports tree and are
simple, unintrusive ifdef changes like this one[0]:
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L \
+ && !defined(LIBRESSL_VERSION_NUMBER)
I didn't test, but it looks like this commit will break stunnel for
users of LibreSSL.
-m
[0] See also "OpenSSL version checks" here:
https://brnrd.eu/libressl/2016-03-06/libressl-in-hardenedbsd-base-part-ii.html
"LibreSSL defines the OpenSSL version (OPENSSL_VERSION_NUMBER) as
0x2000000L but was forked from OpenSSL 1.0.1g with version 0x1000107fL.
This causes many comparisons to result in problems if it tests for
1.0.2 (0x10002000L) or 1.1.0 (0x10010000L). In 2.3 LibreSSL added a
LIBRESSL_VERSION_NUMBER to opensslv.h which can be used to detect that
LibreSSL is used."
--
Michael Gmelin
More information about the svn-ports-all
mailing list