Date: Tuesday, April 25, 2017 @ 12:11:43 Author: spupykin Revision: 225289
archrelease: copy trunk to community-i686, community-x86_64 Added: opensips/repos/community-i686/PKGBUILD (from rev 225288, opensips/trunk/PKGBUILD) opensips/repos/community-i686/opensips.install (from rev 225288, opensips/trunk/opensips.install) opensips/repos/community-i686/opensips.service (from rev 225288, opensips/trunk/opensips.service) opensips/repos/community-i686/port-tls-1.1.0.patch (from rev 225288, opensips/trunk/port-tls-1.1.0.patch) opensips/repos/community-x86_64/PKGBUILD (from rev 225288, opensips/trunk/PKGBUILD) opensips/repos/community-x86_64/opensips.install (from rev 225288, opensips/trunk/opensips.install) opensips/repos/community-x86_64/opensips.service (from rev 225288, opensips/trunk/opensips.service) opensips/repos/community-x86_64/port-tls-1.1.0.patch (from rev 225288, opensips/trunk/port-tls-1.1.0.patch) Deleted: opensips/repos/community-i686/PKGBUILD opensips/repos/community-i686/opensips.install opensips/repos/community-i686/opensips.service opensips/repos/community-i686/port-tls-1.1.0.patch opensips/repos/community-x86_64/PKGBUILD opensips/repos/community-x86_64/opensips.install opensips/repos/community-x86_64/opensips.service opensips/repos/community-x86_64/port-tls-1.1.0.patch ---------------------------------------+ /PKGBUILD | 172 ++++++ /opensips.install | 6 /opensips.service | 22 /port-tls-1.1.0.patch | 892 ++++++++++++++++++++++++++++++++ community-i686/PKGBUILD | 86 --- community-i686/opensips.install | 3 community-i686/opensips.service | 11 community-i686/port-tls-1.1.0.patch | 446 ---------------- community-x86_64/PKGBUILD | 86 --- community-x86_64/opensips.install | 3 community-x86_64/opensips.service | 11 community-x86_64/port-tls-1.1.0.patch | 446 ---------------- 12 files changed, 1092 insertions(+), 1092 deletions(-) Deleted: community-i686/PKGBUILD =================================================================== --- community-i686/PKGBUILD 2017-04-25 12:11:19 UTC (rev 225288) +++ community-i686/PKGBUILD 2017-04-25 12:11:43 UTC (rev 225289) @@ -1,86 +0,0 @@ -# $Id$ -# Maintainer: Sergej Pupykin <pupykin.s+a...@gmail.com> - -pkgname=opensips -pkgver=2.2.2 -pkgrel=4 -pkgdesc="An Open Source SIP Server able to act as a SIP proxy, registrar, location server, redirect server ..." -url="http://www.opensips.org" -depends=('gcc-libs' 'openssl' 'db' 'attr' 'libxml2') -makedepends=('postgresql-libs>=8.4.1' 'unixodbc' 'libldap>=2.4.18' 'libmariadbclient' - 'lynx' 'libxslt' 'libmicrohttpd') -optdepends=('postgresql-libs' - 'unixodbc' - 'libldap' - 'libmariadbclient' - 'libsasl' - 'python2' - 'pcre') -backup=("etc/opensips/opensips.cfg" - "etc/opensips/osipsconsolerc" - "etc/opensips/opensipsctlrc") -arch=('i686' 'x86_64') -license=('GPL') -install=opensips.install -options=('!emptydirs' 'zipman' '!makeflags' 'docs') -source=(https://opensips.org/pub/opensips/${pkgver}/opensips-${pkgver}.tar.gz - opensips.service - port-tls-1.1.0.patch) -sha256sums=('a21777b37c3669617d24b97697dc3f4e613ec87b292f4541cf956a2d539e70c4' - 'c2fec4be085b108db10834fa9832e98d696c2de6408f85f96cf89c13bf6be819' - '1ad2558c329a1b41948ff9ef1c8169289b38500ce8183e50bae653ef82afdbec') - -prepare() { - cd "$srcdir"/$pkgname-$pkgver/ - - # python2 fix - for file in $(find . -name '*.py' -print); do - sed -i 's_^#!.*/usr/bin/python_#!/usr/bin/python2_' $file - sed -i 's_^#!.*/usr/bin/env.*python_#!/usr/bin/env python2_' $file - done - - sed -i 's|sbin|bin|g' Makefile - sed -i 's|bin-dir = sbin/|bin-dir = bin/|' Makefile.defs - - patch -Np1 -i ../port-tls-1.1.0.patch -} - -_modules="ldap db_mysql db_postgres db_unixodbc presence presence_xml h350 proto_tls tlsops tls_mgm db_http httpd tm rr" - -build() { - cd "$srcdir"/$pkgname-$pkgver/ - - make \ - include_modules="${_modules}" \ - LIBDIR=lib PREFIX=/usr -} - -package() { - cd "$srcdir"/$pkgname-$pkgver/ - - make \ - include_modules="${_modules}" \ - BASEDIR="$pkgdir" PREFIX=/usr LIBDIR=lib install - - # Conforms to the arch packaging standards (http://wiki.archlinux.org/index.php/Arch_Packaging_Standards) - mkdir -p "$pkgdir"/etc/ - mv "$pkgdir"/usr/etc/opensips/ "$pkgdir"/etc/ - sed -i 's#mpath=".*lib/opensips/modules/"#mpath="/usr/lib/opensips/modules/"#' "$pkgdir"/etc/opensips/opensips.cfg - - # fix bad paths - cd "$pkgdir"/usr/share - find -type f -exec sed -i "s#"$pkgdir"##" {} \; - - cd "$pkgdir"/usr/lib/opensips/opensipsctl - find -type f -exec sed -i "s#"$pkgdir"##" {} \; - - mv "$pkgdir"/usr/sbin "$pkgdir"/usr/bin - - cd "$pkgdir"/usr/bin - sed -i "s#"$pkgdir"##" opensipsctl opensipsdbctl osipsconsole - - cd "$pkgdir"/etc - find -type f -exec sed -i "s#"$pkgdir"##" {} \; - - install -Dm0644 "$srcdir"/$pkgname.service "$pkgdir"/usr/lib/systemd/system/$pkgname.service -} Copied: opensips/repos/community-i686/PKGBUILD (from rev 225288, opensips/trunk/PKGBUILD) =================================================================== --- community-i686/PKGBUILD (rev 0) +++ community-i686/PKGBUILD 2017-04-25 12:11:43 UTC (rev 225289) @@ -0,0 +1,86 @@ +# $Id$ +# Maintainer: Sergej Pupykin <pupykin.s+a...@gmail.com> + +pkgname=opensips +pkgver=2.2.3 +pkgrel=1 +pkgdesc="An Open Source SIP Server able to act as a SIP proxy, registrar, location server, redirect server ..." +url="http://www.opensips.org" +depends=('gcc-libs' 'openssl' 'db' 'attr' 'libxml2') +makedepends=('postgresql-libs>=8.4.1' 'unixodbc' 'libldap>=2.4.18' 'libmariadbclient' + 'lynx' 'libxslt' 'libmicrohttpd') +optdepends=('postgresql-libs' + 'unixodbc' + 'libldap' + 'libmariadbclient' + 'libsasl' + 'python2' + 'pcre') +backup=("etc/opensips/opensips.cfg" + "etc/opensips/osipsconsolerc" + "etc/opensips/opensipsctlrc") +arch=('i686' 'x86_64') +license=('GPL') +install=opensips.install +options=('!emptydirs' 'zipman' '!makeflags' 'docs') +source=(https://opensips.org/pub/opensips/${pkgver}/opensips-${pkgver}.tar.gz + opensips.service + port-tls-1.1.0.patch) +sha256sums=('ccf540f7aae4335a8319b83f6cb87b562e665991fe1c2adc4e8eb4d4f3042dd7' + 'c2fec4be085b108db10834fa9832e98d696c2de6408f85f96cf89c13bf6be819' + '1ad2558c329a1b41948ff9ef1c8169289b38500ce8183e50bae653ef82afdbec') + +prepare() { + cd "$srcdir"/$pkgname-$pkgver/ + + # python2 fix + for file in $(find . -name '*.py' -print); do + sed -i 's_^#!.*/usr/bin/python_#!/usr/bin/python2_' $file + sed -i 's_^#!.*/usr/bin/env.*python_#!/usr/bin/env python2_' $file + done + + sed -i 's|sbin|bin|g' Makefile + sed -i 's|bin-dir = sbin/|bin-dir = bin/|' Makefile.defs + + patch -Np1 -i ../port-tls-1.1.0.patch +} + +_modules="ldap db_mysql db_postgres db_unixodbc presence presence_xml h350 proto_tls tlsops tls_mgm db_http httpd tm rr" + +build() { + cd "$srcdir"/$pkgname-$pkgver/ + + make \ + include_modules="${_modules}" \ + LIBDIR=lib PREFIX=/usr +} + +package() { + cd "$srcdir"/$pkgname-$pkgver/ + + make \ + include_modules="${_modules}" \ + BASEDIR="$pkgdir" PREFIX=/usr LIBDIR=lib install + + # Conforms to the arch packaging standards (http://wiki.archlinux.org/index.php/Arch_Packaging_Standards) + mkdir -p "$pkgdir"/etc/ + mv "$pkgdir"/usr/etc/opensips/ "$pkgdir"/etc/ + sed -i 's#mpath=".*lib/opensips/modules/"#mpath="/usr/lib/opensips/modules/"#' "$pkgdir"/etc/opensips/opensips.cfg + + # fix bad paths + cd "$pkgdir"/usr/share + find -type f -exec sed -i "s#"$pkgdir"##" {} \; + + cd "$pkgdir"/usr/lib/opensips/opensipsctl + find -type f -exec sed -i "s#"$pkgdir"##" {} \; + + mv "$pkgdir"/usr/sbin "$pkgdir"/usr/bin + + cd "$pkgdir"/usr/bin + sed -i "s#"$pkgdir"##" opensipsctl opensipsdbctl osipsconsole + + cd "$pkgdir"/etc + find -type f -exec sed -i "s#"$pkgdir"##" {} \; + + install -Dm0644 "$srcdir"/$pkgname.service "$pkgdir"/usr/lib/systemd/system/$pkgname.service +} Deleted: community-i686/opensips.install =================================================================== --- community-i686/opensips.install 2017-04-25 12:11:19 UTC (rev 225288) +++ community-i686/opensips.install 2017-04-25 12:11:43 UTC (rev 225289) @@ -1,3 +0,0 @@ -post_install() { - echo "To use MySQL, you should install mysql package and run 'opensipsdbctl create'" -} Copied: opensips/repos/community-i686/opensips.install (from rev 225288, opensips/trunk/opensips.install) =================================================================== --- community-i686/opensips.install (rev 0) +++ community-i686/opensips.install 2017-04-25 12:11:43 UTC (rev 225289) @@ -0,0 +1,3 @@ +post_install() { + echo "To use MySQL, you should install mysql package and run 'opensipsdbctl create'" +} Deleted: community-i686/opensips.service =================================================================== --- community-i686/opensips.service 2017-04-25 12:11:19 UTC (rev 225288) +++ community-i686/opensips.service 2017-04-25 12:11:43 UTC (rev 225289) @@ -1,11 +0,0 @@ -[Unit] -Description=OpenSIPS daemon -After=network.target remote-fs.target nss-lookup.target - -[Service] -Type=forking -PIDFile=/run/opensips.pid -ExecStart=/usr/bin/opensips -f /etc/opensips/opensips.cfg -w /var/tmp -P /run/opensips.pid - -[Install] -WantedBy=multi-user.target Copied: opensips/repos/community-i686/opensips.service (from rev 225288, opensips/trunk/opensips.service) =================================================================== --- community-i686/opensips.service (rev 0) +++ community-i686/opensips.service 2017-04-25 12:11:43 UTC (rev 225289) @@ -0,0 +1,11 @@ +[Unit] +Description=OpenSIPS daemon +After=network.target remote-fs.target nss-lookup.target + +[Service] +Type=forking +PIDFile=/run/opensips.pid +ExecStart=/usr/bin/opensips -f /etc/opensips/opensips.cfg -w /var/tmp -P /run/opensips.pid + +[Install] +WantedBy=multi-user.target Deleted: community-i686/port-tls-1.1.0.patch =================================================================== --- community-i686/port-tls-1.1.0.patch 2017-04-25 12:11:19 UTC (rev 225288) +++ community-i686/port-tls-1.1.0.patch 2017-04-25 12:11:43 UTC (rev 225289) @@ -1,446 +0,0 @@ -Description: Port tls_mgm module to openssl 1.1.0. -Author: Răzvan Crainea <raz...@opensips.org> -Last-Update: 2016-12-01 ---- a/modules/tls_mgm/tls.h -+++ b/modules/tls_mgm/tls.h -@@ -64,41 +64,50 @@ - #warning "" - #endif - --static int tls_static_locks_no=0; --static gen_lock_set_t* tls_static_locks=NULL; -- - static SSL_METHOD *ssl_methods[TLS_USE_TLSv1_2 + 1]; - - #define VERIFY_DEPTH_S 3 - - --struct CRYPTO_dynlock_value { -- gen_lock_t lock; --}; -- --static unsigned long tls_get_id(void) --{ -- return my_pid(); --} -- - /* - * Wrappers around OpenSIPS shared memory functions - * (which can be macros) - */ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+static void* os_malloc(size_t size, const char *file, int line) -+#else - static void* os_malloc(size_t size) -+#endif - { -+#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L) -+ return _shm_malloc(size, file, __FUNCTION__, line); -+#else - return shm_malloc(size); -+#endif - } - - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+static void* os_realloc(void *ptr, size_t size, const char *file, int line) -+#else - static void* os_realloc(void *ptr, size_t size) -+#endif - { -+#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L) -+ return _shm_realloc(ptr, size, file, __FUNCTION__, line); -+#else - return shm_realloc(ptr, size); -+#endif - } - - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+static void os_free(void *ptr, const char *file, int line) -+#else - static void os_free(void *ptr) -+#endif - { -+ /* TODO: also handle free file and line */ - if (ptr) - shm_free(ptr); - } -@@ -106,21 +115,17 @@ - - - --static void tls_static_locks_ops(int mode, int n, const char* file, int line) --{ -- if (n<0 || n>tls_static_locks_no) { -- LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n"); -- abort(); -- } -+/* these locks can not be used in 1.1.0, because the interface has changed */ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+struct CRYPTO_dynlock_value { -+ gen_lock_t lock; -+}; - -- if (mode & CRYPTO_LOCK) { -- lock_set_get(tls_static_locks,n); -- } else { -- lock_set_release(tls_static_locks,n); -- } -+static unsigned long tls_get_id(void) -+{ -+ return my_pid(); - } - -- - static struct CRYPTO_dynlock_value* tls_dyn_lock_create(const char* file, - int line) - { -@@ -158,5 +163,6 @@ - lock_destroy(&dyn_lock->lock); - shm_free(dyn_lock); - } -+#endif - - #endif /* _PROTO_TLS_H_ */ ---- a/modules/tls_mgm/tls_conn_ops.h -+++ b/modules/tls_mgm/tls_conn_ops.h -@@ -116,12 +116,14 @@ - return -1; - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - #ifndef OPENSSL_NO_KRB5 - if ( ((SSL *)c->extra_data)->kssl_ctx ) { - kssl_ctx_free( ((SSL *)c->extra_data)->kssl_ctx ); - ((SSL *)c->extra_data)->kssl_ctx = 0; - } - #endif -+#endif - - if ( c->proto_flags & F_TLS_DO_ACCEPT ) { - LM_DBG("Setting in ACCEPT mode (server)\n"); ---- a/modules/tls_mgm/tls_conn_server.h -+++ b/modules/tls_mgm/tls_conn_server.h -@@ -148,17 +148,21 @@ - } - - ssl = (SSL *) c->extra_data; -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - #ifndef OPENSSL_NO_KRB5 - if ( ssl->kssl_ctx==NULL ) - ssl->kssl_ctx = kssl_ctx_new( ); - #endif -+#endif - ret = SSL_accept(ssl); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - #ifndef OPENSSL_NO_KRB5 - if ( ssl->kssl_ctx ) { - kssl_ctx_free( ssl->kssl_ctx ); - ssl->kssl_ctx = 0; - } - #endif -+#endif - if (ret > 0) { - LM_INFO("New TLS connection from %s:%d accepted\n", - ip_addr2a(&c->rcv.src_ip), c->rcv.src_port); ---- a/modules/tls_mgm/tls_mgm.c -+++ b/modules/tls_mgm/tls_mgm.c -@@ -557,11 +557,10 @@ - LM_NOTICE("subject = %s\n", buf); - LM_NOTICE("verify error:num=%d:%s\n", - err, X509_verify_cert_error_string(err)); -- LM_NOTICE("error code is %d\n", ctx->error); - -- switch (ctx->error) { -+ switch (err) { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: -- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), -+ X509_NAME_oneline(X509_get_issuer_name(err_cert), - buf,sizeof buf); - LM_NOTICE("issuer= %s\n",buf); - break; -@@ -611,7 +610,7 @@ - - default: - LM_NOTICE("something wrong with the cert" -- " ... error code is %d (check x509_vfy.h)\n", ctx->error); -+ " ... error code is %d (check x509_vfy.h)\n", err); - break; - } - -@@ -1074,9 +1073,11 @@ - return 0; - } - -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - static int check_for_krb(void) - { - SSL_CTX *xx; -+ - int j; - - xx = SSL_CTX_new(ssl_methods[tls_default_method - 1]); -@@ -1096,6 +1097,27 @@ - SSL_CTX_free(xx); - return 0; - } -+#endif -+ -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) -+static int tls_static_locks_no=0; -+static gen_lock_set_t* tls_static_locks=NULL; -+ -+static void tls_static_locks_ops(int mode, int n, const char* file, int line) -+{ -+ if (n<0 || n>tls_static_locks_no) { -+ LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n"); -+ abort(); -+ } -+ -+ if (mode & CRYPTO_LOCK) { -+ lock_set_get(tls_static_locks,n); -+ } else { -+ lock_set_release(tls_static_locks,n); -+ } -+} -+ -+ - - static int tls_init_multithread(void) - { -@@ -1126,6 +1148,7 @@ - - return 0; - } -+#endif - - /* - * initialize ssl methods -@@ -1135,19 +1158,31 @@ - { - LM_DBG("entered\n"); - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLS_client_method(); -+ ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLS_server_method(); -+ ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLS_method(); -+#else - ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLSv1_client_method(); - ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLSv1_server_method(); - ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLSv1_method(); -+#endif - - ssl_methods[TLS_USE_SSLv23_cli-1] = (SSL_METHOD*)SSLv23_client_method(); - ssl_methods[TLS_USE_SSLv23_srv-1] = (SSL_METHOD*)SSLv23_server_method(); - ssl_methods[TLS_USE_SSLv23-1] = (SSL_METHOD*)SSLv23_method(); - - #if OPENSSL_VERSION_NUMBER >= 0x10001000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLS_client_method(); -+ ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLS_server_method(); -+ ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLS_method(); -+#else - ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLSv1_2_client_method(); - ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLSv1_2_server_method(); - ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLSv1_2_method(); - #endif -+#endif - } - - /* reloads data from the db */ -@@ -1273,10 +1308,10 @@ - * CRYPTO_malloc will set allow_customize in openssl to 0 - */ - if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) { -- LM_ERR("unable to set the memory allocation functions\n"); -- LM_ERR("NOTE: check if you have openssl 1.0.1e-fips, as this " -- "version is know to be broken; if so, you need to upgrade or " -- "downgrade to a differen openssl version !!\n"); -+ LM_ERR("NOTE: check if you are using openssl 1.0.1e-fips, (or other " -+ "FIPS version of openssl, as this is known to be broken; if so, " -+ "you need to upgrade or downgrade to a different openssl version!\n"); -+ LM_ERR("current version: %s\n", SSLeay_version(SSLEAY_VERSION)); - return -1; - } - -@@ -1291,15 +1326,18 @@ - sk_SSL_COMP_zero(comp_methods); - } - #endif -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - if (tls_init_multithread() < 0) { - LM_ERR("failed to init multi-threading support\n"); - return -1; - } -+#endif - - SSL_library_init(); - SSL_load_error_strings(); - init_ssl_methods(); - -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - n = check_for_krb(); - if (n==-1) { - LM_ERR("kerberos check failed\n"); -@@ -1318,6 +1356,7 @@ - (n==1)?"":"no ",(n!=1)?"no ":""); - return -1; - } -+#endif - - /* - * finish setting up the tls default domains ---- a/modules/identity/identity.c -+++ b/modules/identity/identity.c -@@ -107,6 +107,9 @@ - #include "identity.h" - - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#define EVP_MD_CTX_free EVP_MD_CTX_cleanup -+#endif - - /* parameters */ - -@@ -831,7 +834,11 @@ - { - #define IDENTITY_HDR_S "Identity: \"" - #define IDENTITY_HDR_L (sizeof(IDENTITY_HDR_S)-1) -- EVP_MD_CTX ctx; -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ EVP_MD_CTX *pctx; -+#else -+ EVP_MD_CTX ctx, *pctx = &ctx; -+#endif - unsigned int siglen = 0; - int b64len = 0; - unsigned char * sig = NULL; -@@ -843,27 +850,30 @@ - LM_ERR("error making digest string\n"); - return 0; - } -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ pctx = EVP_MD_CTX_new(); -+#endif - -- EVP_SignInit(&ctx, EVP_sha1()); -+ EVP_SignInit(pctx, EVP_sha1()); - -- EVP_SignUpdate(&ctx, digestString, strlen(digestString)); -+ EVP_SignUpdate(pctx, digestString, strlen(digestString)); - - sig = pkg_malloc(EVP_PKEY_size(privKey_evp)); - if(!sig) - { -- EVP_MD_CTX_cleanup(&ctx); -+ EVP_MD_CTX_free(pctx); - LM_ERR("failed allocating memory\n"); - return 0; - } - -- if(!EVP_SignFinal(&ctx, sig, &siglen, privKey_evp)) -+ if(!EVP_SignFinal(pctx, sig, &siglen, privKey_evp)) - { -- EVP_MD_CTX_cleanup(&ctx); -+ EVP_MD_CTX_free(pctx); - pkg_free(sig); - LM_ERR("error calculating signature\n"); - return 0; - } -- EVP_MD_CTX_cleanup(&ctx); -+ EVP_MD_CTX_free(pctx); - - /* ###Base64-encoding### */ - /* annotation: The next few lines are based on example 7-11 of [VIE-02] */ -@@ -1138,6 +1148,10 @@ - const unsigned char * data; - STACK_OF(CONF_VALUE) * val; - CONF_VALUE * nval; -+ int len; -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ ASN1_OCTET_STRING *adata; -+#endif - - if(!cert || !msg) - { -@@ -1190,15 +1204,22 @@ - LM_ERR("X509V3_EXT_get failed\n"); - return 0; - } -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ adata = X509_EXTENSION_get_data(cext); -+ data = ASN1_STRING_get0_data(adata); -+ len = ASN1_STRING_length(adata); -+#else - data = cext->value->data; -+ len = cext->value->length; -+#endif - if(meth->it) - { - ext_str = ASN1_item_d2i(NULL, &data, -- cext->value->length, ASN1_ITEM_ptr(meth->it)); -+ len, ASN1_ITEM_ptr(meth->it)); - } - else - { -- ext_str = meth->d2i(NULL, &data, cext->value->length); -+ ext_str = meth->d2i(NULL, &data, len); - } - - val = meth->i2v(meth, ext_str, NULL); -@@ -1251,7 +1272,11 @@ - int siglen = -1; - unsigned char * sigbuf = NULL; - int b64len = 0; -- EVP_MD_CTX ctx; -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ EVP_MD_CTX *pctx; -+#else -+ EVP_MD_CTX ctx, *pctx = &ctx; -+#endif - int result = 0; - char *p; - unsigned long err; -@@ -1295,22 +1320,25 @@ - p=strstr(identityHF , "="); - siglen-=strspn(p , "="); - -- EVP_VerifyInit(&ctx, EVP_sha1()); -- EVP_VerifyUpdate(&ctx, digestString, strlen(digestString)); -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ pctx = EVP_MD_CTX_new(); -+#endif -+ EVP_VerifyInit(pctx, EVP_sha1()); -+ EVP_VerifyUpdate(pctx, digestString, strlen(digestString)); - - pubkey = X509_get_pubkey(cert); - if(!pubkey) - { -- EVP_MD_CTX_cleanup(&ctx); -+ EVP_MD_CTX_free(pctx); - pkg_free(sigbuf); - LM_ERR("error reading pubkey from cert\n"); - return 0; - } - -- result = EVP_VerifyFinal(&ctx, sigbuf, siglen, pubkey); -+ result = EVP_VerifyFinal(pctx, sigbuf, siglen, pubkey); - - EVP_PKEY_free(pubkey); -- EVP_MD_CTX_cleanup(&ctx); -+ EVP_MD_CTX_free(pctx); - pkg_free(sigbuf); - - switch(result) -@@ -1715,8 +1743,9 @@ - { - if (!ok) - { -+ int err = X509_STORE_CTX_get_error(stor); - LM_INFO("certificate validation failed: %s\n", -- X509_verify_cert_error_string(stor->error)); -+ X509_verify_cert_error_string(err)); - } - - return ok; Copied: opensips/repos/community-i686/port-tls-1.1.0.patch (from rev 225288, opensips/trunk/port-tls-1.1.0.patch) =================================================================== --- community-i686/port-tls-1.1.0.patch (rev 0) +++ community-i686/port-tls-1.1.0.patch 2017-04-25 12:11:43 UTC (rev 225289) @@ -0,0 +1,446 @@ +Description: Port tls_mgm module to openssl 1.1.0. +Author: Răzvan Crainea <raz...@opensips.org> +Last-Update: 2016-12-01 +--- a/modules/tls_mgm/tls.h ++++ b/modules/tls_mgm/tls.h +@@ -64,41 +64,50 @@ + #warning "" + #endif + +-static int tls_static_locks_no=0; +-static gen_lock_set_t* tls_static_locks=NULL; +- + static SSL_METHOD *ssl_methods[TLS_USE_TLSv1_2 + 1]; + + #define VERIFY_DEPTH_S 3 + + +-struct CRYPTO_dynlock_value { +- gen_lock_t lock; +-}; +- +-static unsigned long tls_get_id(void) +-{ +- return my_pid(); +-} +- + /* + * Wrappers around OpenSIPS shared memory functions + * (which can be macros) + */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++static void* os_malloc(size_t size, const char *file, int line) ++#else + static void* os_malloc(size_t size) ++#endif + { ++#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ return _shm_malloc(size, file, __FUNCTION__, line); ++#else + return shm_malloc(size); ++#endif + } + + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++static void* os_realloc(void *ptr, size_t size, const char *file, int line) ++#else + static void* os_realloc(void *ptr, size_t size) ++#endif + { ++#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ return _shm_realloc(ptr, size, file, __FUNCTION__, line); ++#else + return shm_realloc(ptr, size); ++#endif + } + + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++static void os_free(void *ptr, const char *file, int line) ++#else + static void os_free(void *ptr) ++#endif + { ++ /* TODO: also handle free file and line */ + if (ptr) + shm_free(ptr); + } +@@ -106,21 +115,17 @@ + + + +-static void tls_static_locks_ops(int mode, int n, const char* file, int line) +-{ +- if (n<0 || n>tls_static_locks_no) { +- LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n"); +- abort(); +- } ++/* these locks can not be used in 1.1.0, because the interface has changed */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++struct CRYPTO_dynlock_value { ++ gen_lock_t lock; ++}; + +- if (mode & CRYPTO_LOCK) { +- lock_set_get(tls_static_locks,n); +- } else { +- lock_set_release(tls_static_locks,n); +- } ++static unsigned long tls_get_id(void) ++{ ++ return my_pid(); + } + +- + static struct CRYPTO_dynlock_value* tls_dyn_lock_create(const char* file, + int line) + { +@@ -158,5 +163,6 @@ + lock_destroy(&dyn_lock->lock); + shm_free(dyn_lock); + } ++#endif + + #endif /* _PROTO_TLS_H_ */ +--- a/modules/tls_mgm/tls_conn_ops.h ++++ b/modules/tls_mgm/tls_conn_ops.h +@@ -116,12 +116,14 @@ + return -1; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #ifndef OPENSSL_NO_KRB5 + if ( ((SSL *)c->extra_data)->kssl_ctx ) { + kssl_ctx_free( ((SSL *)c->extra_data)->kssl_ctx ); + ((SSL *)c->extra_data)->kssl_ctx = 0; + } + #endif ++#endif + + if ( c->proto_flags & F_TLS_DO_ACCEPT ) { + LM_DBG("Setting in ACCEPT mode (server)\n"); +--- a/modules/tls_mgm/tls_conn_server.h ++++ b/modules/tls_mgm/tls_conn_server.h +@@ -148,17 +148,21 @@ + } + + ssl = (SSL *) c->extra_data; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #ifndef OPENSSL_NO_KRB5 + if ( ssl->kssl_ctx==NULL ) + ssl->kssl_ctx = kssl_ctx_new( ); + #endif ++#endif + ret = SSL_accept(ssl); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #ifndef OPENSSL_NO_KRB5 + if ( ssl->kssl_ctx ) { + kssl_ctx_free( ssl->kssl_ctx ); + ssl->kssl_ctx = 0; + } + #endif ++#endif + if (ret > 0) { + LM_INFO("New TLS connection from %s:%d accepted\n", + ip_addr2a(&c->rcv.src_ip), c->rcv.src_port); +--- a/modules/tls_mgm/tls_mgm.c ++++ b/modules/tls_mgm/tls_mgm.c +@@ -557,11 +557,10 @@ + LM_NOTICE("subject = %s\n", buf); + LM_NOTICE("verify error:num=%d:%s\n", + err, X509_verify_cert_error_string(err)); +- LM_NOTICE("error code is %d\n", ctx->error); + +- switch (ctx->error) { ++ switch (err) { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: +- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), ++ X509_NAME_oneline(X509_get_issuer_name(err_cert), + buf,sizeof buf); + LM_NOTICE("issuer= %s\n",buf); + break; +@@ -611,7 +610,7 @@ + + default: + LM_NOTICE("something wrong with the cert" +- " ... error code is %d (check x509_vfy.h)\n", ctx->error); ++ " ... error code is %d (check x509_vfy.h)\n", err); + break; + } + +@@ -1074,9 +1073,11 @@ + return 0; + } + ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + static int check_for_krb(void) + { + SSL_CTX *xx; ++ + int j; + + xx = SSL_CTX_new(ssl_methods[tls_default_method - 1]); +@@ -1096,6 +1097,27 @@ + SSL_CTX_free(xx); + return 0; + } ++#endif ++ ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++static int tls_static_locks_no=0; ++static gen_lock_set_t* tls_static_locks=NULL; ++ ++static void tls_static_locks_ops(int mode, int n, const char* file, int line) ++{ ++ if (n<0 || n>tls_static_locks_no) { ++ LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n"); ++ abort(); ++ } ++ ++ if (mode & CRYPTO_LOCK) { ++ lock_set_get(tls_static_locks,n); ++ } else { ++ lock_set_release(tls_static_locks,n); ++ } ++} ++ ++ + + static int tls_init_multithread(void) + { +@@ -1126,6 +1148,7 @@ + + return 0; + } ++#endif + + /* + * initialize ssl methods +@@ -1135,19 +1158,31 @@ + { + LM_DBG("entered\n"); + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLS_client_method(); ++ ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLS_server_method(); ++ ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLS_method(); ++#else + ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLSv1_client_method(); + ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLSv1_server_method(); + ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLSv1_method(); ++#endif + + ssl_methods[TLS_USE_SSLv23_cli-1] = (SSL_METHOD*)SSLv23_client_method(); + ssl_methods[TLS_USE_SSLv23_srv-1] = (SSL_METHOD*)SSLv23_server_method(); + ssl_methods[TLS_USE_SSLv23-1] = (SSL_METHOD*)SSLv23_method(); + + #if OPENSSL_VERSION_NUMBER >= 0x10001000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLS_client_method(); ++ ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLS_server_method(); ++ ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLS_method(); ++#else + ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLSv1_2_client_method(); + ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLSv1_2_server_method(); + ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLSv1_2_method(); + #endif ++#endif + } + + /* reloads data from the db */ +@@ -1273,10 +1308,10 @@ + * CRYPTO_malloc will set allow_customize in openssl to 0 + */ + if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) { +- LM_ERR("unable to set the memory allocation functions\n"); +- LM_ERR("NOTE: check if you have openssl 1.0.1e-fips, as this " +- "version is know to be broken; if so, you need to upgrade or " +- "downgrade to a differen openssl version !!\n"); ++ LM_ERR("NOTE: check if you are using openssl 1.0.1e-fips, (or other " ++ "FIPS version of openssl, as this is known to be broken; if so, " ++ "you need to upgrade or downgrade to a different openssl version!\n"); ++ LM_ERR("current version: %s\n", SSLeay_version(SSLEAY_VERSION)); + return -1; + } + +@@ -1291,15 +1326,18 @@ + sk_SSL_COMP_zero(comp_methods); + } + #endif ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + if (tls_init_multithread() < 0) { + LM_ERR("failed to init multi-threading support\n"); + return -1; + } ++#endif + + SSL_library_init(); + SSL_load_error_strings(); + init_ssl_methods(); + ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + n = check_for_krb(); + if (n==-1) { + LM_ERR("kerberos check failed\n"); +@@ -1318,6 +1356,7 @@ + (n==1)?"":"no ",(n!=1)?"no ":""); + return -1; + } ++#endif + + /* + * finish setting up the tls default domains +--- a/modules/identity/identity.c ++++ b/modules/identity/identity.c +@@ -107,6 +107,9 @@ + #include "identity.h" + + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#define EVP_MD_CTX_free EVP_MD_CTX_cleanup ++#endif + + /* parameters */ + +@@ -831,7 +834,11 @@ + { + #define IDENTITY_HDR_S "Identity: \"" + #define IDENTITY_HDR_L (sizeof(IDENTITY_HDR_S)-1) +- EVP_MD_CTX ctx; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX *pctx; ++#else ++ EVP_MD_CTX ctx, *pctx = &ctx; ++#endif + unsigned int siglen = 0; + int b64len = 0; + unsigned char * sig = NULL; +@@ -843,27 +850,30 @@ + LM_ERR("error making digest string\n"); + return 0; + } ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ pctx = EVP_MD_CTX_new(); ++#endif + +- EVP_SignInit(&ctx, EVP_sha1()); ++ EVP_SignInit(pctx, EVP_sha1()); + +- EVP_SignUpdate(&ctx, digestString, strlen(digestString)); ++ EVP_SignUpdate(pctx, digestString, strlen(digestString)); + + sig = pkg_malloc(EVP_PKEY_size(privKey_evp)); + if(!sig) + { +- EVP_MD_CTX_cleanup(&ctx); ++ EVP_MD_CTX_free(pctx); + LM_ERR("failed allocating memory\n"); + return 0; + } + +- if(!EVP_SignFinal(&ctx, sig, &siglen, privKey_evp)) ++ if(!EVP_SignFinal(pctx, sig, &siglen, privKey_evp)) + { +- EVP_MD_CTX_cleanup(&ctx); ++ EVP_MD_CTX_free(pctx); + pkg_free(sig); + LM_ERR("error calculating signature\n"); + return 0; + } +- EVP_MD_CTX_cleanup(&ctx); ++ EVP_MD_CTX_free(pctx); + + /* ###Base64-encoding### */ + /* annotation: The next few lines are based on example 7-11 of [VIE-02] */ +@@ -1138,6 +1148,10 @@ + const unsigned char * data; + STACK_OF(CONF_VALUE) * val; + CONF_VALUE * nval; ++ int len; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ ASN1_OCTET_STRING *adata; ++#endif + + if(!cert || !msg) + { +@@ -1190,15 +1204,22 @@ + LM_ERR("X509V3_EXT_get failed\n"); + return 0; + } ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ adata = X509_EXTENSION_get_data(cext); ++ data = ASN1_STRING_get0_data(adata); ++ len = ASN1_STRING_length(adata); ++#else + data = cext->value->data; ++ len = cext->value->length; ++#endif + if(meth->it) + { + ext_str = ASN1_item_d2i(NULL, &data, +- cext->value->length, ASN1_ITEM_ptr(meth->it)); ++ len, ASN1_ITEM_ptr(meth->it)); + } + else + { +- ext_str = meth->d2i(NULL, &data, cext->value->length); ++ ext_str = meth->d2i(NULL, &data, len); + } + + val = meth->i2v(meth, ext_str, NULL); +@@ -1251,7 +1272,11 @@ + int siglen = -1; + unsigned char * sigbuf = NULL; + int b64len = 0; +- EVP_MD_CTX ctx; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX *pctx; ++#else ++ EVP_MD_CTX ctx, *pctx = &ctx; ++#endif + int result = 0; + char *p; + unsigned long err; +@@ -1295,22 +1320,25 @@ + p=strstr(identityHF , "="); + siglen-=strspn(p , "="); + +- EVP_VerifyInit(&ctx, EVP_sha1()); +- EVP_VerifyUpdate(&ctx, digestString, strlen(digestString)); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ pctx = EVP_MD_CTX_new(); ++#endif ++ EVP_VerifyInit(pctx, EVP_sha1()); ++ EVP_VerifyUpdate(pctx, digestString, strlen(digestString)); + + pubkey = X509_get_pubkey(cert); + if(!pubkey) + { +- EVP_MD_CTX_cleanup(&ctx); ++ EVP_MD_CTX_free(pctx); + pkg_free(sigbuf); + LM_ERR("error reading pubkey from cert\n"); + return 0; + } + +- result = EVP_VerifyFinal(&ctx, sigbuf, siglen, pubkey); ++ result = EVP_VerifyFinal(pctx, sigbuf, siglen, pubkey); + + EVP_PKEY_free(pubkey); +- EVP_MD_CTX_cleanup(&ctx); ++ EVP_MD_CTX_free(pctx); + pkg_free(sigbuf); + + switch(result) +@@ -1715,8 +1743,9 @@ + { + if (!ok) + { ++ int err = X509_STORE_CTX_get_error(stor); + LM_INFO("certificate validation failed: %s\n", +- X509_verify_cert_error_string(stor->error)); ++ X509_verify_cert_error_string(err)); + } + + return ok; Deleted: community-x86_64/PKGBUILD =================================================================== --- community-x86_64/PKGBUILD 2017-04-25 12:11:19 UTC (rev 225288) +++ community-x86_64/PKGBUILD 2017-04-25 12:11:43 UTC (rev 225289) @@ -1,86 +0,0 @@ -# $Id$ -# Maintainer: Sergej Pupykin <pupykin.s+a...@gmail.com> - -pkgname=opensips -pkgver=2.2.2 -pkgrel=4 -pkgdesc="An Open Source SIP Server able to act as a SIP proxy, registrar, location server, redirect server ..." -url="http://www.opensips.org" -depends=('gcc-libs' 'openssl' 'db' 'attr' 'libxml2') -makedepends=('postgresql-libs>=8.4.1' 'unixodbc' 'libldap>=2.4.18' 'libmariadbclient' - 'lynx' 'libxslt' 'libmicrohttpd') -optdepends=('postgresql-libs' - 'unixodbc' - 'libldap' - 'libmariadbclient' - 'libsasl' - 'python2' - 'pcre') -backup=("etc/opensips/opensips.cfg" - "etc/opensips/osipsconsolerc" - "etc/opensips/opensipsctlrc") -arch=('i686' 'x86_64') -license=('GPL') -install=opensips.install -options=('!emptydirs' 'zipman' '!makeflags' 'docs') -source=(https://opensips.org/pub/opensips/${pkgver}/opensips-${pkgver}.tar.gz - opensips.service - port-tls-1.1.0.patch) -sha256sums=('a21777b37c3669617d24b97697dc3f4e613ec87b292f4541cf956a2d539e70c4' - 'c2fec4be085b108db10834fa9832e98d696c2de6408f85f96cf89c13bf6be819' - '1ad2558c329a1b41948ff9ef1c8169289b38500ce8183e50bae653ef82afdbec') - -prepare() { - cd "$srcdir"/$pkgname-$pkgver/ - - # python2 fix - for file in $(find . -name '*.py' -print); do - sed -i 's_^#!.*/usr/bin/python_#!/usr/bin/python2_' $file - sed -i 's_^#!.*/usr/bin/env.*python_#!/usr/bin/env python2_' $file - done - - sed -i 's|sbin|bin|g' Makefile - sed -i 's|bin-dir = sbin/|bin-dir = bin/|' Makefile.defs - - patch -Np1 -i ../port-tls-1.1.0.patch -} - -_modules="ldap db_mysql db_postgres db_unixodbc presence presence_xml h350 proto_tls tlsops tls_mgm db_http httpd tm rr" - -build() { - cd "$srcdir"/$pkgname-$pkgver/ - - make \ - include_modules="${_modules}" \ - LIBDIR=lib PREFIX=/usr -} - -package() { - cd "$srcdir"/$pkgname-$pkgver/ - - make \ - include_modules="${_modules}" \ - BASEDIR="$pkgdir" PREFIX=/usr LIBDIR=lib install - - # Conforms to the arch packaging standards (http://wiki.archlinux.org/index.php/Arch_Packaging_Standards) - mkdir -p "$pkgdir"/etc/ - mv "$pkgdir"/usr/etc/opensips/ "$pkgdir"/etc/ - sed -i 's#mpath=".*lib/opensips/modules/"#mpath="/usr/lib/opensips/modules/"#' "$pkgdir"/etc/opensips/opensips.cfg - - # fix bad paths - cd "$pkgdir"/usr/share - find -type f -exec sed -i "s#"$pkgdir"##" {} \; - - cd "$pkgdir"/usr/lib/opensips/opensipsctl - find -type f -exec sed -i "s#"$pkgdir"##" {} \; - - mv "$pkgdir"/usr/sbin "$pkgdir"/usr/bin - - cd "$pkgdir"/usr/bin - sed -i "s#"$pkgdir"##" opensipsctl opensipsdbctl osipsconsole - - cd "$pkgdir"/etc - find -type f -exec sed -i "s#"$pkgdir"##" {} \; - - install -Dm0644 "$srcdir"/$pkgname.service "$pkgdir"/usr/lib/systemd/system/$pkgname.service -} Copied: opensips/repos/community-x86_64/PKGBUILD (from rev 225288, opensips/trunk/PKGBUILD) =================================================================== --- community-x86_64/PKGBUILD (rev 0) +++ community-x86_64/PKGBUILD 2017-04-25 12:11:43 UTC (rev 225289) @@ -0,0 +1,86 @@ +# $Id$ +# Maintainer: Sergej Pupykin <pupykin.s+a...@gmail.com> + +pkgname=opensips +pkgver=2.2.3 +pkgrel=1 +pkgdesc="An Open Source SIP Server able to act as a SIP proxy, registrar, location server, redirect server ..." +url="http://www.opensips.org" +depends=('gcc-libs' 'openssl' 'db' 'attr' 'libxml2') +makedepends=('postgresql-libs>=8.4.1' 'unixodbc' 'libldap>=2.4.18' 'libmariadbclient' + 'lynx' 'libxslt' 'libmicrohttpd') +optdepends=('postgresql-libs' + 'unixodbc' + 'libldap' + 'libmariadbclient' + 'libsasl' + 'python2' + 'pcre') +backup=("etc/opensips/opensips.cfg" + "etc/opensips/osipsconsolerc" + "etc/opensips/opensipsctlrc") +arch=('i686' 'x86_64') +license=('GPL') +install=opensips.install +options=('!emptydirs' 'zipman' '!makeflags' 'docs') +source=(https://opensips.org/pub/opensips/${pkgver}/opensips-${pkgver}.tar.gz + opensips.service + port-tls-1.1.0.patch) +sha256sums=('ccf540f7aae4335a8319b83f6cb87b562e665991fe1c2adc4e8eb4d4f3042dd7' + 'c2fec4be085b108db10834fa9832e98d696c2de6408f85f96cf89c13bf6be819' + '1ad2558c329a1b41948ff9ef1c8169289b38500ce8183e50bae653ef82afdbec') + +prepare() { + cd "$srcdir"/$pkgname-$pkgver/ + + # python2 fix + for file in $(find . -name '*.py' -print); do + sed -i 's_^#!.*/usr/bin/python_#!/usr/bin/python2_' $file + sed -i 's_^#!.*/usr/bin/env.*python_#!/usr/bin/env python2_' $file + done + + sed -i 's|sbin|bin|g' Makefile + sed -i 's|bin-dir = sbin/|bin-dir = bin/|' Makefile.defs + + patch -Np1 -i ../port-tls-1.1.0.patch +} + +_modules="ldap db_mysql db_postgres db_unixodbc presence presence_xml h350 proto_tls tlsops tls_mgm db_http httpd tm rr" + +build() { + cd "$srcdir"/$pkgname-$pkgver/ + + make \ + include_modules="${_modules}" \ + LIBDIR=lib PREFIX=/usr +} + +package() { + cd "$srcdir"/$pkgname-$pkgver/ + + make \ + include_modules="${_modules}" \ + BASEDIR="$pkgdir" PREFIX=/usr LIBDIR=lib install + + # Conforms to the arch packaging standards (http://wiki.archlinux.org/index.php/Arch_Packaging_Standards) + mkdir -p "$pkgdir"/etc/ + mv "$pkgdir"/usr/etc/opensips/ "$pkgdir"/etc/ + sed -i 's#mpath=".*lib/opensips/modules/"#mpath="/usr/lib/opensips/modules/"#' "$pkgdir"/etc/opensips/opensips.cfg + + # fix bad paths + cd "$pkgdir"/usr/share + find -type f -exec sed -i "s#"$pkgdir"##" {} \; + + cd "$pkgdir"/usr/lib/opensips/opensipsctl + find -type f -exec sed -i "s#"$pkgdir"##" {} \; + + mv "$pkgdir"/usr/sbin "$pkgdir"/usr/bin + + cd "$pkgdir"/usr/bin + sed -i "s#"$pkgdir"##" opensipsctl opensipsdbctl osipsconsole + + cd "$pkgdir"/etc + find -type f -exec sed -i "s#"$pkgdir"##" {} \; + + install -Dm0644 "$srcdir"/$pkgname.service "$pkgdir"/usr/lib/systemd/system/$pkgname.service +} Deleted: community-x86_64/opensips.install =================================================================== --- community-x86_64/opensips.install 2017-04-25 12:11:19 UTC (rev 225288) +++ community-x86_64/opensips.install 2017-04-25 12:11:43 UTC (rev 225289) @@ -1,3 +0,0 @@ -post_install() { - echo "To use MySQL, you should install mysql package and run 'opensipsdbctl create'" -} Copied: opensips/repos/community-x86_64/opensips.install (from rev 225288, opensips/trunk/opensips.install) =================================================================== --- community-x86_64/opensips.install (rev 0) +++ community-x86_64/opensips.install 2017-04-25 12:11:43 UTC (rev 225289) @@ -0,0 +1,3 @@ +post_install() { + echo "To use MySQL, you should install mysql package and run 'opensipsdbctl create'" +} Deleted: community-x86_64/opensips.service =================================================================== --- community-x86_64/opensips.service 2017-04-25 12:11:19 UTC (rev 225288) +++ community-x86_64/opensips.service 2017-04-25 12:11:43 UTC (rev 225289) @@ -1,11 +0,0 @@ -[Unit] -Description=OpenSIPS daemon -After=network.target remote-fs.target nss-lookup.target - -[Service] -Type=forking -PIDFile=/run/opensips.pid -ExecStart=/usr/bin/opensips -f /etc/opensips/opensips.cfg -w /var/tmp -P /run/opensips.pid - -[Install] -WantedBy=multi-user.target Copied: opensips/repos/community-x86_64/opensips.service (from rev 225288, opensips/trunk/opensips.service) =================================================================== --- community-x86_64/opensips.service (rev 0) +++ community-x86_64/opensips.service 2017-04-25 12:11:43 UTC (rev 225289) @@ -0,0 +1,11 @@ +[Unit] +Description=OpenSIPS daemon +After=network.target remote-fs.target nss-lookup.target + +[Service] +Type=forking +PIDFile=/run/opensips.pid +ExecStart=/usr/bin/opensips -f /etc/opensips/opensips.cfg -w /var/tmp -P /run/opensips.pid + +[Install] +WantedBy=multi-user.target Deleted: community-x86_64/port-tls-1.1.0.patch =================================================================== --- community-x86_64/port-tls-1.1.0.patch 2017-04-25 12:11:19 UTC (rev 225288) +++ community-x86_64/port-tls-1.1.0.patch 2017-04-25 12:11:43 UTC (rev 225289) @@ -1,446 +0,0 @@ -Description: Port tls_mgm module to openssl 1.1.0. -Author: Răzvan Crainea <raz...@opensips.org> -Last-Update: 2016-12-01 ---- a/modules/tls_mgm/tls.h -+++ b/modules/tls_mgm/tls.h -@@ -64,41 +64,50 @@ - #warning "" - #endif - --static int tls_static_locks_no=0; --static gen_lock_set_t* tls_static_locks=NULL; -- - static SSL_METHOD *ssl_methods[TLS_USE_TLSv1_2 + 1]; - - #define VERIFY_DEPTH_S 3 - - --struct CRYPTO_dynlock_value { -- gen_lock_t lock; --}; -- --static unsigned long tls_get_id(void) --{ -- return my_pid(); --} -- - /* - * Wrappers around OpenSIPS shared memory functions - * (which can be macros) - */ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+static void* os_malloc(size_t size, const char *file, int line) -+#else - static void* os_malloc(size_t size) -+#endif - { -+#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L) -+ return _shm_malloc(size, file, __FUNCTION__, line); -+#else - return shm_malloc(size); -+#endif - } - - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+static void* os_realloc(void *ptr, size_t size, const char *file, int line) -+#else - static void* os_realloc(void *ptr, size_t size) -+#endif - { -+#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L) -+ return _shm_realloc(ptr, size, file, __FUNCTION__, line); -+#else - return shm_realloc(ptr, size); -+#endif - } - - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+static void os_free(void *ptr, const char *file, int line) -+#else - static void os_free(void *ptr) -+#endif - { -+ /* TODO: also handle free file and line */ - if (ptr) - shm_free(ptr); - } -@@ -106,21 +115,17 @@ - - - --static void tls_static_locks_ops(int mode, int n, const char* file, int line) --{ -- if (n<0 || n>tls_static_locks_no) { -- LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n"); -- abort(); -- } -+/* these locks can not be used in 1.1.0, because the interface has changed */ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+struct CRYPTO_dynlock_value { -+ gen_lock_t lock; -+}; - -- if (mode & CRYPTO_LOCK) { -- lock_set_get(tls_static_locks,n); -- } else { -- lock_set_release(tls_static_locks,n); -- } -+static unsigned long tls_get_id(void) -+{ -+ return my_pid(); - } - -- - static struct CRYPTO_dynlock_value* tls_dyn_lock_create(const char* file, - int line) - { -@@ -158,5 +163,6 @@ - lock_destroy(&dyn_lock->lock); - shm_free(dyn_lock); - } -+#endif - - #endif /* _PROTO_TLS_H_ */ ---- a/modules/tls_mgm/tls_conn_ops.h -+++ b/modules/tls_mgm/tls_conn_ops.h -@@ -116,12 +116,14 @@ - return -1; - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - #ifndef OPENSSL_NO_KRB5 - if ( ((SSL *)c->extra_data)->kssl_ctx ) { - kssl_ctx_free( ((SSL *)c->extra_data)->kssl_ctx ); - ((SSL *)c->extra_data)->kssl_ctx = 0; - } - #endif -+#endif - - if ( c->proto_flags & F_TLS_DO_ACCEPT ) { - LM_DBG("Setting in ACCEPT mode (server)\n"); ---- a/modules/tls_mgm/tls_conn_server.h -+++ b/modules/tls_mgm/tls_conn_server.h -@@ -148,17 +148,21 @@ - } - - ssl = (SSL *) c->extra_data; -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - #ifndef OPENSSL_NO_KRB5 - if ( ssl->kssl_ctx==NULL ) - ssl->kssl_ctx = kssl_ctx_new( ); - #endif -+#endif - ret = SSL_accept(ssl); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - #ifndef OPENSSL_NO_KRB5 - if ( ssl->kssl_ctx ) { - kssl_ctx_free( ssl->kssl_ctx ); - ssl->kssl_ctx = 0; - } - #endif -+#endif - if (ret > 0) { - LM_INFO("New TLS connection from %s:%d accepted\n", - ip_addr2a(&c->rcv.src_ip), c->rcv.src_port); ---- a/modules/tls_mgm/tls_mgm.c -+++ b/modules/tls_mgm/tls_mgm.c -@@ -557,11 +557,10 @@ - LM_NOTICE("subject = %s\n", buf); - LM_NOTICE("verify error:num=%d:%s\n", - err, X509_verify_cert_error_string(err)); -- LM_NOTICE("error code is %d\n", ctx->error); - -- switch (ctx->error) { -+ switch (err) { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: -- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), -+ X509_NAME_oneline(X509_get_issuer_name(err_cert), - buf,sizeof buf); - LM_NOTICE("issuer= %s\n",buf); - break; -@@ -611,7 +610,7 @@ - - default: - LM_NOTICE("something wrong with the cert" -- " ... error code is %d (check x509_vfy.h)\n", ctx->error); -+ " ... error code is %d (check x509_vfy.h)\n", err); - break; - } - -@@ -1074,9 +1073,11 @@ - return 0; - } - -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - static int check_for_krb(void) - { - SSL_CTX *xx; -+ - int j; - - xx = SSL_CTX_new(ssl_methods[tls_default_method - 1]); -@@ -1096,6 +1097,27 @@ - SSL_CTX_free(xx); - return 0; - } -+#endif -+ -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) -+static int tls_static_locks_no=0; -+static gen_lock_set_t* tls_static_locks=NULL; -+ -+static void tls_static_locks_ops(int mode, int n, const char* file, int line) -+{ -+ if (n<0 || n>tls_static_locks_no) { -+ LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n"); -+ abort(); -+ } -+ -+ if (mode & CRYPTO_LOCK) { -+ lock_set_get(tls_static_locks,n); -+ } else { -+ lock_set_release(tls_static_locks,n); -+ } -+} -+ -+ - - static int tls_init_multithread(void) - { -@@ -1126,6 +1148,7 @@ - - return 0; - } -+#endif - - /* - * initialize ssl methods -@@ -1135,19 +1158,31 @@ - { - LM_DBG("entered\n"); - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLS_client_method(); -+ ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLS_server_method(); -+ ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLS_method(); -+#else - ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLSv1_client_method(); - ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLSv1_server_method(); - ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLSv1_method(); -+#endif - - ssl_methods[TLS_USE_SSLv23_cli-1] = (SSL_METHOD*)SSLv23_client_method(); - ssl_methods[TLS_USE_SSLv23_srv-1] = (SSL_METHOD*)SSLv23_server_method(); - ssl_methods[TLS_USE_SSLv23-1] = (SSL_METHOD*)SSLv23_method(); - - #if OPENSSL_VERSION_NUMBER >= 0x10001000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLS_client_method(); -+ ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLS_server_method(); -+ ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLS_method(); -+#else - ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLSv1_2_client_method(); - ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLSv1_2_server_method(); - ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLSv1_2_method(); - #endif -+#endif - } - - /* reloads data from the db */ -@@ -1273,10 +1308,10 @@ - * CRYPTO_malloc will set allow_customize in openssl to 0 - */ - if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) { -- LM_ERR("unable to set the memory allocation functions\n"); -- LM_ERR("NOTE: check if you have openssl 1.0.1e-fips, as this " -- "version is know to be broken; if so, you need to upgrade or " -- "downgrade to a differen openssl version !!\n"); -+ LM_ERR("NOTE: check if you are using openssl 1.0.1e-fips, (or other " -+ "FIPS version of openssl, as this is known to be broken; if so, " -+ "you need to upgrade or downgrade to a different openssl version!\n"); -+ LM_ERR("current version: %s\n", SSLeay_version(SSLEAY_VERSION)); - return -1; - } - -@@ -1291,15 +1326,18 @@ - sk_SSL_COMP_zero(comp_methods); - } - #endif -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - if (tls_init_multithread() < 0) { - LM_ERR("failed to init multi-threading support\n"); - return -1; - } -+#endif - - SSL_library_init(); - SSL_load_error_strings(); - init_ssl_methods(); - -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - n = check_for_krb(); - if (n==-1) { - LM_ERR("kerberos check failed\n"); -@@ -1318,6 +1356,7 @@ - (n==1)?"":"no ",(n!=1)?"no ":""); - return -1; - } -+#endif - - /* - * finish setting up the tls default domains ---- a/modules/identity/identity.c -+++ b/modules/identity/identity.c -@@ -107,6 +107,9 @@ - #include "identity.h" - - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#define EVP_MD_CTX_free EVP_MD_CTX_cleanup -+#endif - - /* parameters */ - -@@ -831,7 +834,11 @@ - { - #define IDENTITY_HDR_S "Identity: \"" - #define IDENTITY_HDR_L (sizeof(IDENTITY_HDR_S)-1) -- EVP_MD_CTX ctx; -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ EVP_MD_CTX *pctx; -+#else -+ EVP_MD_CTX ctx, *pctx = &ctx; -+#endif - unsigned int siglen = 0; - int b64len = 0; - unsigned char * sig = NULL; -@@ -843,27 +850,30 @@ - LM_ERR("error making digest string\n"); - return 0; - } -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ pctx = EVP_MD_CTX_new(); -+#endif - -- EVP_SignInit(&ctx, EVP_sha1()); -+ EVP_SignInit(pctx, EVP_sha1()); - -- EVP_SignUpdate(&ctx, digestString, strlen(digestString)); -+ EVP_SignUpdate(pctx, digestString, strlen(digestString)); - - sig = pkg_malloc(EVP_PKEY_size(privKey_evp)); - if(!sig) - { -- EVP_MD_CTX_cleanup(&ctx); -+ EVP_MD_CTX_free(pctx); - LM_ERR("failed allocating memory\n"); - return 0; - } - -- if(!EVP_SignFinal(&ctx, sig, &siglen, privKey_evp)) -+ if(!EVP_SignFinal(pctx, sig, &siglen, privKey_evp)) - { -- EVP_MD_CTX_cleanup(&ctx); -+ EVP_MD_CTX_free(pctx); - pkg_free(sig); - LM_ERR("error calculating signature\n"); - return 0; - } -- EVP_MD_CTX_cleanup(&ctx); -+ EVP_MD_CTX_free(pctx); - - /* ###Base64-encoding### */ - /* annotation: The next few lines are based on example 7-11 of [VIE-02] */ -@@ -1138,6 +1148,10 @@ - const unsigned char * data; - STACK_OF(CONF_VALUE) * val; - CONF_VALUE * nval; -+ int len; -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ ASN1_OCTET_STRING *adata; -+#endif - - if(!cert || !msg) - { -@@ -1190,15 +1204,22 @@ - LM_ERR("X509V3_EXT_get failed\n"); - return 0; - } -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ adata = X509_EXTENSION_get_data(cext); -+ data = ASN1_STRING_get0_data(adata); -+ len = ASN1_STRING_length(adata); -+#else - data = cext->value->data; -+ len = cext->value->length; -+#endif - if(meth->it) - { - ext_str = ASN1_item_d2i(NULL, &data, -- cext->value->length, ASN1_ITEM_ptr(meth->it)); -+ len, ASN1_ITEM_ptr(meth->it)); - } - else - { -- ext_str = meth->d2i(NULL, &data, cext->value->length); -+ ext_str = meth->d2i(NULL, &data, len); - } - - val = meth->i2v(meth, ext_str, NULL); -@@ -1251,7 +1272,11 @@ - int siglen = -1; - unsigned char * sigbuf = NULL; - int b64len = 0; -- EVP_MD_CTX ctx; -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ EVP_MD_CTX *pctx; -+#else -+ EVP_MD_CTX ctx, *pctx = &ctx; -+#endif - int result = 0; - char *p; - unsigned long err; -@@ -1295,22 +1320,25 @@ - p=strstr(identityHF , "="); - siglen-=strspn(p , "="); - -- EVP_VerifyInit(&ctx, EVP_sha1()); -- EVP_VerifyUpdate(&ctx, digestString, strlen(digestString)); -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ pctx = EVP_MD_CTX_new(); -+#endif -+ EVP_VerifyInit(pctx, EVP_sha1()); -+ EVP_VerifyUpdate(pctx, digestString, strlen(digestString)); - - pubkey = X509_get_pubkey(cert); - if(!pubkey) - { -- EVP_MD_CTX_cleanup(&ctx); -+ EVP_MD_CTX_free(pctx); - pkg_free(sigbuf); - LM_ERR("error reading pubkey from cert\n"); - return 0; - } - -- result = EVP_VerifyFinal(&ctx, sigbuf, siglen, pubkey); -+ result = EVP_VerifyFinal(pctx, sigbuf, siglen, pubkey); - - EVP_PKEY_free(pubkey); -- EVP_MD_CTX_cleanup(&ctx); -+ EVP_MD_CTX_free(pctx); - pkg_free(sigbuf); - - switch(result) -@@ -1715,8 +1743,9 @@ - { - if (!ok) - { -+ int err = X509_STORE_CTX_get_error(stor); - LM_INFO("certificate validation failed: %s\n", -- X509_verify_cert_error_string(stor->error)); -+ X509_verify_cert_error_string(err)); - } - - return ok; Copied: opensips/repos/community-x86_64/port-tls-1.1.0.patch (from rev 225288, opensips/trunk/port-tls-1.1.0.patch) =================================================================== --- community-x86_64/port-tls-1.1.0.patch (rev 0) +++ community-x86_64/port-tls-1.1.0.patch 2017-04-25 12:11:43 UTC (rev 225289) @@ -0,0 +1,446 @@ +Description: Port tls_mgm module to openssl 1.1.0. +Author: Răzvan Crainea <raz...@opensips.org> +Last-Update: 2016-12-01 +--- a/modules/tls_mgm/tls.h ++++ b/modules/tls_mgm/tls.h +@@ -64,41 +64,50 @@ + #warning "" + #endif + +-static int tls_static_locks_no=0; +-static gen_lock_set_t* tls_static_locks=NULL; +- + static SSL_METHOD *ssl_methods[TLS_USE_TLSv1_2 + 1]; + + #define VERIFY_DEPTH_S 3 + + +-struct CRYPTO_dynlock_value { +- gen_lock_t lock; +-}; +- +-static unsigned long tls_get_id(void) +-{ +- return my_pid(); +-} +- + /* + * Wrappers around OpenSIPS shared memory functions + * (which can be macros) + */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++static void* os_malloc(size_t size, const char *file, int line) ++#else + static void* os_malloc(size_t size) ++#endif + { ++#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ return _shm_malloc(size, file, __FUNCTION__, line); ++#else + return shm_malloc(size); ++#endif + } + + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++static void* os_realloc(void *ptr, size_t size, const char *file, int line) ++#else + static void* os_realloc(void *ptr, size_t size) ++#endif + { ++#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ return _shm_realloc(ptr, size, file, __FUNCTION__, line); ++#else + return shm_realloc(ptr, size); ++#endif + } + + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++static void os_free(void *ptr, const char *file, int line) ++#else + static void os_free(void *ptr) ++#endif + { ++ /* TODO: also handle free file and line */ + if (ptr) + shm_free(ptr); + } +@@ -106,21 +115,17 @@ + + + +-static void tls_static_locks_ops(int mode, int n, const char* file, int line) +-{ +- if (n<0 || n>tls_static_locks_no) { +- LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n"); +- abort(); +- } ++/* these locks can not be used in 1.1.0, because the interface has changed */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++struct CRYPTO_dynlock_value { ++ gen_lock_t lock; ++}; + +- if (mode & CRYPTO_LOCK) { +- lock_set_get(tls_static_locks,n); +- } else { +- lock_set_release(tls_static_locks,n); +- } ++static unsigned long tls_get_id(void) ++{ ++ return my_pid(); + } + +- + static struct CRYPTO_dynlock_value* tls_dyn_lock_create(const char* file, + int line) + { +@@ -158,5 +163,6 @@ + lock_destroy(&dyn_lock->lock); + shm_free(dyn_lock); + } ++#endif + + #endif /* _PROTO_TLS_H_ */ +--- a/modules/tls_mgm/tls_conn_ops.h ++++ b/modules/tls_mgm/tls_conn_ops.h +@@ -116,12 +116,14 @@ + return -1; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #ifndef OPENSSL_NO_KRB5 + if ( ((SSL *)c->extra_data)->kssl_ctx ) { + kssl_ctx_free( ((SSL *)c->extra_data)->kssl_ctx ); + ((SSL *)c->extra_data)->kssl_ctx = 0; + } + #endif ++#endif + + if ( c->proto_flags & F_TLS_DO_ACCEPT ) { + LM_DBG("Setting in ACCEPT mode (server)\n"); +--- a/modules/tls_mgm/tls_conn_server.h ++++ b/modules/tls_mgm/tls_conn_server.h +@@ -148,17 +148,21 @@ + } + + ssl = (SSL *) c->extra_data; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #ifndef OPENSSL_NO_KRB5 + if ( ssl->kssl_ctx==NULL ) + ssl->kssl_ctx = kssl_ctx_new( ); + #endif ++#endif + ret = SSL_accept(ssl); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #ifndef OPENSSL_NO_KRB5 + if ( ssl->kssl_ctx ) { + kssl_ctx_free( ssl->kssl_ctx ); + ssl->kssl_ctx = 0; + } + #endif ++#endif + if (ret > 0) { + LM_INFO("New TLS connection from %s:%d accepted\n", + ip_addr2a(&c->rcv.src_ip), c->rcv.src_port); +--- a/modules/tls_mgm/tls_mgm.c ++++ b/modules/tls_mgm/tls_mgm.c +@@ -557,11 +557,10 @@ + LM_NOTICE("subject = %s\n", buf); + LM_NOTICE("verify error:num=%d:%s\n", + err, X509_verify_cert_error_string(err)); +- LM_NOTICE("error code is %d\n", ctx->error); + +- switch (ctx->error) { ++ switch (err) { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: +- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), ++ X509_NAME_oneline(X509_get_issuer_name(err_cert), + buf,sizeof buf); + LM_NOTICE("issuer= %s\n",buf); + break; +@@ -611,7 +610,7 @@ + + default: + LM_NOTICE("something wrong with the cert" +- " ... error code is %d (check x509_vfy.h)\n", ctx->error); ++ " ... error code is %d (check x509_vfy.h)\n", err); + break; + } + +@@ -1074,9 +1073,11 @@ + return 0; + } + ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + static int check_for_krb(void) + { + SSL_CTX *xx; ++ + int j; + + xx = SSL_CTX_new(ssl_methods[tls_default_method - 1]); +@@ -1096,6 +1097,27 @@ + SSL_CTX_free(xx); + return 0; + } ++#endif ++ ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++static int tls_static_locks_no=0; ++static gen_lock_set_t* tls_static_locks=NULL; ++ ++static void tls_static_locks_ops(int mode, int n, const char* file, int line) ++{ ++ if (n<0 || n>tls_static_locks_no) { ++ LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n"); ++ abort(); ++ } ++ ++ if (mode & CRYPTO_LOCK) { ++ lock_set_get(tls_static_locks,n); ++ } else { ++ lock_set_release(tls_static_locks,n); ++ } ++} ++ ++ + + static int tls_init_multithread(void) + { +@@ -1126,6 +1148,7 @@ + + return 0; + } ++#endif + + /* + * initialize ssl methods +@@ -1135,19 +1158,31 @@ + { + LM_DBG("entered\n"); + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLS_client_method(); ++ ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLS_server_method(); ++ ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLS_method(); ++#else + ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLSv1_client_method(); + ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLSv1_server_method(); + ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLSv1_method(); ++#endif + + ssl_methods[TLS_USE_SSLv23_cli-1] = (SSL_METHOD*)SSLv23_client_method(); + ssl_methods[TLS_USE_SSLv23_srv-1] = (SSL_METHOD*)SSLv23_server_method(); + ssl_methods[TLS_USE_SSLv23-1] = (SSL_METHOD*)SSLv23_method(); + + #if OPENSSL_VERSION_NUMBER >= 0x10001000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLS_client_method(); ++ ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLS_server_method(); ++ ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLS_method(); ++#else + ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLSv1_2_client_method(); + ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLSv1_2_server_method(); + ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLSv1_2_method(); + #endif ++#endif + } + + /* reloads data from the db */ +@@ -1273,10 +1308,10 @@ + * CRYPTO_malloc will set allow_customize in openssl to 0 + */ + if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) { +- LM_ERR("unable to set the memory allocation functions\n"); +- LM_ERR("NOTE: check if you have openssl 1.0.1e-fips, as this " +- "version is know to be broken; if so, you need to upgrade or " +- "downgrade to a differen openssl version !!\n"); ++ LM_ERR("NOTE: check if you are using openssl 1.0.1e-fips, (or other " ++ "FIPS version of openssl, as this is known to be broken; if so, " ++ "you need to upgrade or downgrade to a different openssl version!\n"); ++ LM_ERR("current version: %s\n", SSLeay_version(SSLEAY_VERSION)); + return -1; + } + +@@ -1291,15 +1326,18 @@ + sk_SSL_COMP_zero(comp_methods); + } + #endif ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + if (tls_init_multithread() < 0) { + LM_ERR("failed to init multi-threading support\n"); + return -1; + } ++#endif + + SSL_library_init(); + SSL_load_error_strings(); + init_ssl_methods(); + ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + n = check_for_krb(); + if (n==-1) { + LM_ERR("kerberos check failed\n"); +@@ -1318,6 +1356,7 @@ + (n==1)?"":"no ",(n!=1)?"no ":""); + return -1; + } ++#endif + + /* + * finish setting up the tls default domains +--- a/modules/identity/identity.c ++++ b/modules/identity/identity.c +@@ -107,6 +107,9 @@ + #include "identity.h" + + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#define EVP_MD_CTX_free EVP_MD_CTX_cleanup ++#endif + + /* parameters */ + +@@ -831,7 +834,11 @@ + { + #define IDENTITY_HDR_S "Identity: \"" + #define IDENTITY_HDR_L (sizeof(IDENTITY_HDR_S)-1) +- EVP_MD_CTX ctx; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX *pctx; ++#else ++ EVP_MD_CTX ctx, *pctx = &ctx; ++#endif + unsigned int siglen = 0; + int b64len = 0; + unsigned char * sig = NULL; +@@ -843,27 +850,30 @@ + LM_ERR("error making digest string\n"); + return 0; + } ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ pctx = EVP_MD_CTX_new(); ++#endif + +- EVP_SignInit(&ctx, EVP_sha1()); ++ EVP_SignInit(pctx, EVP_sha1()); + +- EVP_SignUpdate(&ctx, digestString, strlen(digestString)); ++ EVP_SignUpdate(pctx, digestString, strlen(digestString)); + + sig = pkg_malloc(EVP_PKEY_size(privKey_evp)); + if(!sig) + { +- EVP_MD_CTX_cleanup(&ctx); ++ EVP_MD_CTX_free(pctx); + LM_ERR("failed allocating memory\n"); + return 0; + } + +- if(!EVP_SignFinal(&ctx, sig, &siglen, privKey_evp)) ++ if(!EVP_SignFinal(pctx, sig, &siglen, privKey_evp)) + { +- EVP_MD_CTX_cleanup(&ctx); ++ EVP_MD_CTX_free(pctx); + pkg_free(sig); + LM_ERR("error calculating signature\n"); + return 0; + } +- EVP_MD_CTX_cleanup(&ctx); ++ EVP_MD_CTX_free(pctx); + + /* ###Base64-encoding### */ + /* annotation: The next few lines are based on example 7-11 of [VIE-02] */ +@@ -1138,6 +1148,10 @@ + const unsigned char * data; + STACK_OF(CONF_VALUE) * val; + CONF_VALUE * nval; ++ int len; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ ASN1_OCTET_STRING *adata; ++#endif + + if(!cert || !msg) + { +@@ -1190,15 +1204,22 @@ + LM_ERR("X509V3_EXT_get failed\n"); + return 0; + } ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ adata = X509_EXTENSION_get_data(cext); ++ data = ASN1_STRING_get0_data(adata); ++ len = ASN1_STRING_length(adata); ++#else + data = cext->value->data; ++ len = cext->value->length; ++#endif + if(meth->it) + { + ext_str = ASN1_item_d2i(NULL, &data, +- cext->value->length, ASN1_ITEM_ptr(meth->it)); ++ len, ASN1_ITEM_ptr(meth->it)); + } + else + { +- ext_str = meth->d2i(NULL, &data, cext->value->length); ++ ext_str = meth->d2i(NULL, &data, len); + } + + val = meth->i2v(meth, ext_str, NULL); +@@ -1251,7 +1272,11 @@ + int siglen = -1; + unsigned char * sigbuf = NULL; + int b64len = 0; +- EVP_MD_CTX ctx; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX *pctx; ++#else ++ EVP_MD_CTX ctx, *pctx = &ctx; ++#endif + int result = 0; + char *p; + unsigned long err; +@@ -1295,22 +1320,25 @@ + p=strstr(identityHF , "="); + siglen-=strspn(p , "="); + +- EVP_VerifyInit(&ctx, EVP_sha1()); +- EVP_VerifyUpdate(&ctx, digestString, strlen(digestString)); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ pctx = EVP_MD_CTX_new(); ++#endif ++ EVP_VerifyInit(pctx, EVP_sha1()); ++ EVP_VerifyUpdate(pctx, digestString, strlen(digestString)); + + pubkey = X509_get_pubkey(cert); + if(!pubkey) + { +- EVP_MD_CTX_cleanup(&ctx); ++ EVP_MD_CTX_free(pctx); + pkg_free(sigbuf); + LM_ERR("error reading pubkey from cert\n"); + return 0; + } + +- result = EVP_VerifyFinal(&ctx, sigbuf, siglen, pubkey); ++ result = EVP_VerifyFinal(pctx, sigbuf, siglen, pubkey); + + EVP_PKEY_free(pubkey); +- EVP_MD_CTX_cleanup(&ctx); ++ EVP_MD_CTX_free(pctx); + pkg_free(sigbuf); + + switch(result) +@@ -1715,8 +1743,9 @@ + { + if (!ok) + { ++ int err = X509_STORE_CTX_get_error(stor); + LM_INFO("certificate validation failed: %s\n", +- X509_verify_cert_error_string(stor->error)); ++ X509_verify_cert_error_string(err)); + } + + return ok;