Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 7 Nov 2016 05:34:28 +0100
From:      Michael Gmelin <grembo@freebsd.org>
To:        Ryan Steinmetz <zi@FreeBSD.org>
Cc:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org, Bernard Spil <brnrd@FreeBSD.org>, John Marino <freebsd.contact@marino.st>
Subject:   Re: svn commit: r424369 - in head/security/stunnel: . files
Message-ID:  <20161107053428.38e5c3c1@bsd64.grem.de>
In-Reply-To: <201610210217.u9L2HC1H013445@repo.freebsd.org>
References:  <201610210217.u9L2HC1H013445@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Fri, 21 Oct 2016 02:17:12 +0000 (UTC)
Ryan Steinmetz <zi@FreeBSD.org> wrote:

> Author: zi
> Date: Fri Oct 21 02:17:12 2016
> New Revision: 424369
> URL: https://svnweb.freebsd.org/changeset/ports/424369
> 
> Log:
>   - Update to 5.36
>   - Remove unapproved patches that upstream refuses to support
> 
> Deleted:
>   head/security/stunnel/files/patch-src_common.h
>   head/security/stunnel/files/patch-src_ctx.c
>   head/security/stunnel/files/patch-src_prototypes.h
>   head/security/stunnel/files/patch-src_ssl.c
>   head/security/stunnel/files/patch-src_sthreads.c
>   head/security/stunnel/files/patch-src_verify.c
> Modified:
>   head/security/stunnel/Makefile
>   head/security/stunnel/distinfo
> 

As far as I understand these changes were necessary as LibreSSL
reports a version number higher than the latest OpenSSL version and
certain features supported by that version number are not available in
LibreSSL. These fixes are quite common in the ports tree and are
simple, unintrusive ifdef changes like this one[0]:

-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L \
+    && !defined(LIBRESSL_VERSION_NUMBER)

I didn't test, but it looks like this commit will break stunnel for
users of LibreSSL.

-m

[0] See also "OpenSSL version checks" here:
https://brnrd.eu/libressl/2016-03-06/libressl-in-hardenedbsd-base-part-ii.html

"LibreSSL defines the OpenSSL version (OPENSSL_VERSION_NUMBER) as
0x2000000L but was forked from OpenSSL 1.0.1g with version 0x1000107fL.
This causes many comparisons to result in problems if it tests for
1.0.2 (0x10002000L) or 1.1.0 (0x10010000L). In 2.3 LibreSSL added a
LIBRESSL_VERSION_NUMBER to opensslv.h which can be used to detect that
LibreSSL is used."

-- 
Michael Gmelin

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161107053428.38e5c3c1>