From owner-svn-ports-head@freebsd.org Mon Nov 7 04:34:38 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 453EFC33B3E for ; Mon, 7 Nov 2016 04:34:38 +0000 (UTC) (envelope-from grembo@freebsd.org) Received: from mail.grem.de (outcast.grem.de [213.239.217.27]) by mx1.freebsd.org (Postfix) with SMTP id A981A6D4 for ; Mon, 7 Nov 2016 04:34:37 +0000 (UTC) (envelope-from grembo@freebsd.org) Received: (qmail 25528 invoked by uid 89); 7 Nov 2016 04:34:29 -0000 Received: from unknown (HELO bsd64.grem.de) (mg@grem.de@194.97.158.70) by mail.grem.de with ESMTPA; 7 Nov 2016 04:34:29 -0000 Date: Mon, 7 Nov 2016 05:34:28 +0100 From: Michael Gmelin To: Ryan Steinmetz Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org, Bernard Spil , John Marino Subject: Re: svn commit: r424369 - in head/security/stunnel: . files Message-ID: <20161107053428.38e5c3c1@bsd64.grem.de> In-Reply-To: <201610210217.u9L2HC1H013445@repo.freebsd.org> References: <201610210217.u9L2HC1H013445@repo.freebsd.org> X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.29; amd64-portbld-freebsd10.2) X-Face: $wrgCtfdVw_H9WAY?S&9+/F"!41z'L$uo*WzT8miX?kZ~W~Lr5W7v?j0Sde\mwB&/ypo^}> +a'4xMc^^KroE~+v^&^#[B">soBo1y6(TW6#UZiC]o>C6`ej+i Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWJBwe5BQDl LASZU0/LTEWEfHbyj0Txi32+sKrp1Mv944X8/fm1rS+cAAAACXBIWXMAAAsTAAAL EwEAmpwYAAAAB3RJTUUH3wESCxwC7OBhbgAAACFpVFh0Q29tbWVudAAAAAAAQ3Jl YXRlZCB3aXRoIFRoZSBHSU1QbbCXAAAAAghJREFUOMu11DFvEzEUAGCfEhBVFzuq AKkLd0O6VrIQsLXVSZXoWE5N1K3DobBBA9fQpRWc8OkWouaIjedWKiyREOKs+3PY fvalCNjgLVHeF7/3bMtBzV8C/VsQ8tecEgCcDgrzjekwKZ7TwsJZd/ywEKwwP+ZM 8P3drTsAwWn2mpWuDDuYiK1bFs6De0KUUFw0tWxm+D4AIhuuvZqtyWYeO7jQ4Aea 7jUqI+ixhQoHex4WshEvSXdood7stlv4oSuFOC4tqGcr0NjEqXgV4mMJO38nld4+ xKNxRDon7khyKVqY7YR4d+Cg0OMrkWXZOM7YDkEfKiilCn1qYv4mighZiynuHHOA Wq9QJq+BIES7lMFUtcikMnkDGHUoncA+uHgrP0ctIEqfwLHzeSo+eUA66AqzwN6n 2ZHJhw6Qh/PoyC/QENyEyC/AyNjq74Bs+3UH0xYwzDUC4B97HgLocg1QLYgDDO1v f3UX9Y307Ew4AHh67YAFFsxEpkXwpXY3eIgMhAAE3R19L919nNnuD2wlPcDE3UeT L2ytEICQib9BXgS2fU8PrD82ToYO1OEmMSnYTjSqSv9wdC0tPYC+rQRQD9ESnldF CyqfmiYW+tlALt8gH2xrMdC/youbjzPXEun+/ReXsMCDyve3dZc09fn2Oas8oXGc Jj6/fOeK5UmSMPmf/jL+GD8BEj0k/Fn6IO4AAAAASUVORK5CYII= MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Nov 2016 04:34:38 -0000 On Fri, 21 Oct 2016 02:17:12 +0000 (UTC) Ryan Steinmetz wrote: > Author: zi > Date: Fri Oct 21 02:17:12 2016 > New Revision: 424369 > URL: https://svnweb.freebsd.org/changeset/ports/424369 > > Log: > - Update to 5.36 > - Remove unapproved patches that upstream refuses to support > > Deleted: > head/security/stunnel/files/patch-src_common.h > head/security/stunnel/files/patch-src_ctx.c > head/security/stunnel/files/patch-src_prototypes.h > head/security/stunnel/files/patch-src_ssl.c > head/security/stunnel/files/patch-src_sthreads.c > head/security/stunnel/files/patch-src_verify.c > Modified: > head/security/stunnel/Makefile > head/security/stunnel/distinfo > As far as I understand these changes were necessary as LibreSSL reports a version number higher than the latest OpenSSL version and certain features supported by that version number are not available in LibreSSL. These fixes are quite common in the ports tree and are simple, unintrusive ifdef changes like this one[0]: -#if OPENSSL_VERSION_NUMBER>=0x10100000L +#if OPENSSL_VERSION_NUMBER>=0x10100000L \ + && !defined(LIBRESSL_VERSION_NUMBER) I didn't test, but it looks like this commit will break stunnel for users of LibreSSL. -m [0] See also "OpenSSL version checks" here: https://brnrd.eu/libressl/2016-03-06/libressl-in-hardenedbsd-base-part-ii.html "LibreSSL defines the OpenSSL version (OPENSSL_VERSION_NUMBER) as 0x2000000L but was forked from OpenSSL 1.0.1g with version 0x1000107fL. This causes many comparisons to result in problems if it tests for 1.0.2 (0x10002000L) or 1.1.0 (0x10010000L). In 2.3 LibreSSL added a LIBRESSL_VERSION_NUMBER to opensslv.h which can be used to detect that LibreSSL is used." -- Michael Gmelin