From 8d5dbd847cbc704a6a06405856e94b461011afe3 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 27 Mar 2021 06:06:27 +0000 Subject: gentoo resync : 27.03.2021 --- net-libs/pjproject/Manifest | 2 - .../pjproject/files/pjproject-2.7.2-libressl.patch | 98 -------------------- .../files/pjproject-2.7.2-ssl-flipflop.patch | 103 --------------------- 3 files changed, 203 deletions(-) delete mode 100644 net-libs/pjproject/files/pjproject-2.7.2-libressl.patch delete mode 100644 net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch (limited to 'net-libs/pjproject') diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest index e03a59a43b95..42b856bd94d4 100644 --- a/net-libs/pjproject/Manifest +++ b/net-libs/pjproject/Manifest @@ -1,8 +1,6 @@ AUX pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch 4724 BLAKE2B a098969ca78f538848a6616d6168dc74dc4d6c09f348e0e6436089341827346f52c3feb43a4de13453df940cad65b02f650c9e3cdfae4b449da0a5140e0fda54 SHA512 49846fd649f664ce29098800d4f9acee95ac4c06ff5499495b5bcc78269a33e9e66e9df126755aba9c48481c3a87040ff0a6bf1e4fc64bdf0492c55d428978f0 AUX pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch 1564 BLAKE2B 30f7af19ae18c071b62e31a6a049e4e67f7b391a65ab52ef8d5270ef504a4057b35679c580ba056c9b1b3e5813fde5ccc8ca863bead4f62156e39f8c2947e4d2 SHA512 9fb5b8961e7c69cf8a902eaa28cb2147faf8f0809467911454758b793832831240992a3c27ecb722a4ea066df909c0cf12b4b1bf139037f647828eb4cc16fee0 AUX pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch 3929 BLAKE2B fc7e12b7e8e9ff35556aa153496c2f7decd13bc78493d8c6f24449f063fe9c76b1772f6dc2b6cfc279c9731cc08735b27cd990ac6c4648c18e7f08c2c9fc3810 SHA512 e230041cff87d97947ad8caeb80c4858b8a1d435251d79b281fc0035da04aab549d1d5dc085681d98410da7e37359bb2ed721d132b321cce9a7326e4ff52c40f -AUX pjproject-2.7.2-libressl.patch 3446 BLAKE2B 47b21f621ffd1990e276459d9692ed7e8a083b93fc8dd0f44225af7cbf8f8390f9790efd61c8c790a0f20da64cb7f47db4fd83a8f0604de9a1bce30d54b3079f SHA512 173fc80e85673c4036b433cbf8152c58862d4716d4d98688cfaebf4c5ed3df76b8d4893709577c1dfff82a02baeeb0220dcae1dafc2e69ea9472056727b0d0fc -AUX pjproject-2.7.2-ssl-flipflop.patch 4336 BLAKE2B 999150475bd24989f64bb718d082ff1c40d5ba383103371550d2c682578a9c57d58b4029e512ac5a064fae3a526bd6e62fb645ba45b4067c47fd148bcce668aa SHA512 438a61353c0200d3f230b81cc13f565a178d078b4580aa468a9241b5b95f5a2336d039f4aaf99cd57e7b1042f4c0a1cafd00c29191e36c08f2194d984811b8d6 AUX pjproject-2.9-config_site.h 2168 BLAKE2B 39d526e7a2ca79ea2c1e453d95d420a6245e7a93641227a908660fea553a8b66d5dfb6b7108b49dc0686de6522c2485b72a6e7511096cbfe50bdb2800d559e6f SHA512 d6456b7fa36b3256613eea515b78f0884fa6b56705817cd421a962f3c3302bf0efa69006432dffca49400ef75dc99ebc7639d270aebe5bc2d4a9a9515cc56408 AUX pjproject-2.9-ssl-enable.patch 3515 BLAKE2B d68479ba509513828d8488b60358ba00651c87d0b39b9bc800fe0d38294f2afad43fd7f4ee5c260bd62044d17b010112c59363277739f4ae7d20940943437539 SHA512 5fd3e681801e6e2cd56ec177d71a65422ec22b788adfad3920562616c737188f71097a545d9c59bd6a3d876ba143f90f731d165d8c68da25aa93b03c009753e8 DIST pjproject-2.10.tar.gz 8768705 BLAKE2B 42d70867e2e0474313426f1e188586d203d6165c28a133a62dedacd2deb2899215212824d9402a48fcc66bb08a17b796d3625e1d51a8aedc9aa4b3a3bf1cb8fa SHA512 a67f083df175b536b4e6a7b7fe39e07d3ee805d6917ec64a50694542a7455c33a100889191044ab3fa679b6656774a6be045621aa53510b5f04cdde9ddd59893 diff --git a/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch b/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch deleted file mode 100644 index 07efa9ccb8fd..000000000000 --- a/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch +++ /dev/null @@ -1,98 +0,0 @@ -Index: /third_party/srtp/crypto/hash/hmac_ossl.c -=================================================================== ---- /third_party/srtp/crypto/hash/hmac_ossl.c (revision 5725) -+++ /third_party/srtp/crypto/hash/hmac_ossl.c (revision 5726) -@@ -52,6 +52,8 @@ - #include - #include -+#include - - #define SHA1_DIGEST_SIZE 20 -+#define USING_LIBRESSL (defined(LIBRESSL_VERSION_NUMBER)) - - /* the debug module for authentiation */ -@@ -77,5 +79,5 @@ - /* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated - using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x10100000L - { - /* allocate memory for auth and HMAC_CTX structures */ -@@ -122,5 +124,5 @@ - hmac_ctx = (HMAC_CTX*)a->state; - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX_cleanup(hmac_ctx); - -Index: /pjlib/src/pj/ssl_sock_ossl.c -=================================================================== ---- /pjlib/src/pj/ssl_sock_ossl.c (revision 5725) -+++ /pjlib/src/pj/ssl_sock_ossl.c (revision 5726) -@@ -56,6 +56,10 @@ - #include - #include -- --#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL -+#include -+ -+#define USING_LIBRESSL (defined(LIBRESSL_VERSION_NUMBER)) -+ -+#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \ -+ && OPENSSL_VERSION_NUMBER >= 0x1000200fL - - # include -@@ -115,5 +119,5 @@ - - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if !USING_LIBRESSL && OPENSSL_VERSION_NUMBER >= 0x10100000L - # define OPENSSL_NO_SSL2 /* seems to be removed in 1.1.0 */ - # define M_ASN1_STRING_data(x) ASN1_STRING_get0_data(x) -@@ -539,5 +543,5 @@ - - /* Init OpenSSL lib */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x10100000L - SSL_library_init(); - SSL_load_error_strings(); -@@ -560,5 +564,7 @@ - const char *cname; - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if (USING_LIBRESSL && LIBRESSL_VERSION_NUMBER < 0x2020100fL)\ -+ || OPENSSL_VERSION_NUMBER < 0x10100000L -+ - meth = (SSL_METHOD*)SSLv23_server_method(); - if (!meth) -@@ -603,5 +609,6 @@ - SSL_set_session(ssl, SSL_SESSION_new()); - --#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL -+#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \ -+ && OPENSSL_VERSION_NUMBER >= 0x1000200fL - openssl_curves_num = SSL_get_shared_curve(ssl,-1); - if (openssl_curves_num > PJ_ARRAY_SIZE(openssl_curves)) -@@ -795,5 +802,6 @@ - - /* Determine SSL method to use */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if (USING_LIBRESSL && LIBRESSL_VERSION_NUMBER < 0x2020100fL)\ -+ || OPENSSL_VERSION_NUMBER < 0x10100000L - switch (ssock->param.proto) { - case PJ_SSL_SOCK_PROTO_TLS1: -@@ -1232,5 +1240,6 @@ - static pj_status_t set_curves_list(pj_ssl_sock_t *ssock) - { --#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL -+#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \ -+ && OPENSSL_VERSION_NUMBER >= 0x1000200fL - int ret; - int curves[PJ_SSL_SOCK_MAX_CURVES]; -@@ -1263,5 +1272,5 @@ - static pj_status_t set_sigalgs(pj_ssl_sock_t *ssock) - { --#if OPENSSL_VERSION_NUMBER >= 0x1000200fL -+#if !USING_LIBRESSL && OPENSSL_VERSION_NUMBER >= 0x1000200fL - int ret; - diff --git a/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch b/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch deleted file mode 100644 index c984bc629629..000000000000 --- a/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch +++ /dev/null @@ -1,103 +0,0 @@ ---- pjproject-2.7.1.ORIG/aconfigure.ac 2018-02-06 11:34:20.973411193 +0000 -+++ pjproject-2.7.1/aconfigure.ac 2018-02-06 13:33:31.525015674 +0000 -@@ -1551,57 +1551,56 @@ - enable_ssl=no - fi - --dnl # Include SSL support -+dnl # Correct --enable vs --disable SSL flipflop logic - AC_SUBST(ac_no_ssl) - AC_SUBST(ac_ssl_has_aes_gcm,0) - AC_ARG_ENABLE(ssl, - AS_HELP_STRING([--disable-ssl], - [Exclude SSL support the build (default: autodetect)]) -- , -- [ -- if test "$enable_ssl" = "no"; then -- [ac_no_ssl=1] -- AC_MSG_RESULT([Checking if SSL support is disabled... yes]) -- fi -- ], -- [ -- AC_MSG_RESULT([checking for OpenSSL installations..]) -- if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then -- CFLAGS="$CFLAGS -I$with_ssl/include" -- LDFLAGS="$LDFLAGS -L$with_ssl/lib" -- AC_MSG_RESULT([Using SSL prefix... $with_ssl]) -- fi -- AC_SUBST(openssl_h_present) -- AC_SUBST(libssl_present) -- AC_SUBST(libcrypto_present) -- AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1]) -- AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"]) -- AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"]) -- if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then -- AC_MSG_RESULT([OpenSSL library found, SSL support enabled]) -- -- # Check if SRTP should be compiled with OpenSSL -- # support, to enable cryptos such as AES GCM. -- -- # EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type. -- # Update 2.7: our bundled libsrtp has been upgraded to 2.1.0, -- # so we can omit EVP_CIPHER_CTX definition check now. -- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], -- [EVP_CIPHER_CTX *ctx;EVP_aes_128_gcm();])], -- [AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])]) -- if test "x$ac_ssl_has_aes_gcm" = "x1"; then -- AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL]) -- else -- AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos]) -- fi -- -- # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK -- #AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1) -- AC_DEFINE(PJ_HAS_SSL_SOCK, 1) -+) -+ -+dnl # OpenSSL detection -+AC_MSG_CHECKING([OpenSSL installations]) -+if test "x$enable_ssl" = "xno"; then -+ ac_no_ssl=1 -+ AC_MSG_RESULT([explicitly disabled]) -+else -+ if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then -+ CFLAGS="$CFLAGS -I$with_ssl/include" -+ LDFLAGS="$LDFLAGS -L$with_ssl/lib" -+ AC_MSG_RESULT([Using SSL prefix... $with_ssl]) -+ fi -+ AC_SUBST(openssl_h_present) -+ AC_SUBST(libssl_present) -+ AC_SUBST(libcrypto_present) -+ AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1]) -+ AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"]) -+ AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"]) -+ if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then -+ AC_MSG_RESULT([OpenSSL library found, SSL support enabled]) -+ -+ # Check if SRTP should be compiled with OpenSSL -+ # support, to enable cryptos such as AES GCM. -+ -+ # EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type. -+ # Update 2.7: our bundled libsrtp has been upgraded to 2.1.0, -+ # so we can omit EVP_CIPHER_CTX definition check now. -+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], -+ [EVP_CIPHER_CTX *ctx;EVP_aes_128_gcm();])], -+ [AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])]) -+ if test "x$ac_ssl_has_aes_gcm" = "x1"; then -+ AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL]) - else -- AC_MSG_RESULT([** OpenSSL libraries not found, disabling SSL support **]) -+ AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos]) - fi -- ]) -+ -+ # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK -+ #AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1) -+ AC_DEFINE(PJ_HAS_SSL_SOCK, 1) -+ else -+ AC_MSG_RESULT([** OpenSSL libraries not found, disabling SSL support **]) -+ fi -+fi - - dnl # Obsolete option --with-opencore-amrnb - AC_ARG_WITH(opencore-amrnb, -- cgit v1.2.3