CVS commit: pkgsrc/www/squid4

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/squid4
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Mon, 27 Jan 2025 11:39:15 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Mon Jan 27 11:39:15 UTC 2025

Modified Files:
        pkgsrc/www/squid4: Makefile distinfo
Added Files:
        pkgsrc/www/squid4/patches: patch-src_security_PeerOptions.cc
            patch-src_ssl_support.cc

Log Message:
squid4: fix build with openssl 3


To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/www/squid4/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/squid4/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/www/squid4/patches/patch-src_security_PeerOptions.cc \
    pkgsrc/www/squid4/patches/patch-src_ssl_support.cc

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/squid4/Makefile
diff -u pkgsrc/www/squid4/Makefile:1.35 pkgsrc/www/squid4/Makefile:1.36
--- pkgsrc/www/squid4/Makefile:1.35     Thu Nov 14 22:22:11 2024
+++ pkgsrc/www/squid4/Makefile  Mon Jan 27 11:39:14 2025
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.35 2024/11/14 22:22:11 wiz Exp $
+# $NetBSD: Makefile,v 1.36 2025/01/27 11:39:14 wiz Exp $
 
 DISTNAME=      squid-4.17
 PKGREVISION=   13
@@ -6,8 +6,8 @@ CATEGORIES=     www
 MASTER_SITES=  http://www.squid-cache.org/Versions/v4/
 EXTRACT_SUFX=  .tar.xz
 
-PATCH_SITES=   http://www.squid-cache.org/Versions/v4/changesets/
-PATCHFILES=    SQUID-2022_1.patch SQUID-2022_2.patch
+PATCH_SITES=           http://www.squid-cache.org/Versions/v4/changesets/
+PATCHFILES=            SQUID-2022_1.patch SQUID-2022_2.patch
 PATCH_DIST_STRIP=      -p1
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost

Index: pkgsrc/www/squid4/distinfo
diff -u pkgsrc/www/squid4/distinfo:1.17 pkgsrc/www/squid4/distinfo:1.18
--- pkgsrc/www/squid4/distinfo:1.17     Fri Sep 23 15:07:13 2022
+++ pkgsrc/www/squid4/distinfo  Mon Jan 27 11:39:14 2025
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2022/09/23 15:07:13 taca Exp $
+$NetBSD: distinfo,v 1.18 2025/01/27 11:39:14 wiz Exp $
 
 BLAKE2s (SQUID-2022_1.patch) = 83cbae437b88f2a45edf4f106d0e54aed9ccb7a4da83fa06fbb5f0ba252ccda5
 SHA512 (SQUID-2022_1.patch) = e4ed490f5736b51fa7bdedd9091d94fca327f41180fca38578bb65bff19f90c1a43810a4eae381beb7974bade68723e1788e2063f805e060ee2ca1f35a44ff62
@@ -17,4 +17,6 @@ SHA1 (patch-src_acl_external_kerberos__l
 SHA1 (patch-src_comm_ModKqueue.cc) = d8c5d235f07a48731275101d60fcbf2e22f77b96
 SHA1 (patch-src_esi_VarState.cc) = d9418e59cdc390b2d970195167a99bb7ed392c38
 SHA1 (patch-src_fs_ufs_RebuildState.h) = 76ee5c437b3dad05e428ae89cd5af6c052a40e59
+SHA1 (patch-src_security_PeerOptions.cc) = 7fabc657065a7c629868e6a7d9d69a53f83e7860
+SHA1 (patch-src_ssl_support.cc) = 18da2f6e80cc102ff51d063b5d9c9fb65e95e760
 SHA1 (patch-tools_Makefile.in) = d098c0c9dc4af577f74e562d99f07ed98be5ae01

Added files:

Index: pkgsrc/www/squid4/patches/patch-src_security_PeerOptions.cc
diff -u /dev/null pkgsrc/www/squid4/patches/patch-src_security_PeerOptions.cc:1.1
--- /dev/null   Mon Jan 27 11:39:15 2025
+++ pkgsrc/www/squid4/patches/patch-src_security_PeerOptions.cc Mon Jan 27 11:39:15 2025
@@ -0,0 +1,161 @@
+$NetBSD: patch-src_security_PeerOptions.cc,v 1.1 2025/01/27 11:39:15 wiz Exp $
+
+Merge changes from squid6 to fix build with openssl 3.
+
+--- src/security/PeerOptions.cc.orig   2025-01-27 11:36:23.371845254 +0000
++++ src/security/PeerOptions.cc
+@@ -295,130 +295,130 @@ static struct ssl_option {
+ 
+ } ssl_options[] = {
+ 
+-#if SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
++#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
+     {
+         "NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+     },
+ #endif
+-#if SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
++#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
+     {
+         "SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+     },
+ #endif
+-#if SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
++#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+     {
+         "MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+     },
+ #endif
+-#if SSL_OP_SSLEAY_080_CLIENT_DH_BUG
++#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
+     {
+         "SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+     },
+ #endif
+-#if SSL_OP_TLS_D5_BUG
++#if defined(SSL_OP_TLS_D5_BUG)
+     {
+         "TLS_D5_BUG", SSL_OP_TLS_D5_BUG
+     },
+ #endif
+-#if SSL_OP_TLS_BLOCK_PADDING_BUG
++#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
+     {
+         "TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG
+     },
+ #endif
+-#if SSL_OP_TLS_ROLLBACK_BUG
++#if defined(SSL_OP_TLS_ROLLBACK_BUG)
+     {
+         "TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG
+     },
+ #endif
+-#if SSL_OP_ALL
++#if defined(SSL_OP_ALL)
+     {
+         "ALL", (long)SSL_OP_ALL
+     },
+ #endif
+-#if SSL_OP_SINGLE_DH_USE
++#if defined(SSL_OP_SINGLE_DH_USE)
+     {
+         "SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE
+     },
+ #endif
+-#if SSL_OP_EPHEMERAL_RSA
++#if defined(SSL_OP_EPHEMERAL_RSA)
+     {
+         "EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA
+     },
+ #endif
+-#if SSL_OP_PKCS1_CHECK_1
++#if defined(SSL_OP_PKCS1_CHECK_1)
+     {
+         "PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1
+     },
+ #endif
+-#if SSL_OP_PKCS1_CHECK_2
++#if defined(SSL_OP_PKCS1_CHECK_2)
+     {
+         "PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2
+     },
+ #endif
+-#if SSL_OP_NETSCAPE_CA_DN_BUG
++#if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
+     {
+         "NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG
+     },
+ #endif
+-#if SSL_OP_NON_EXPORT_FIRST
++#if defined(SSL_OP_NON_EXPORT_FIRST)
+     {
+         "NON_EXPORT_FIRST", SSL_OP_NON_EXPORT_FIRST
+     },
+ #endif
+-#if SSL_OP_CIPHER_SERVER_PREFERENCE
++#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
+     {
+         "CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE
+     },
+ #endif
+-#if SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
++#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
+     {
+         "NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
+     },
+ #endif
+-#if SSL_OP_NO_SSLv3
++#if defined(SSL_OP_NO_SSLv3)
+     {
+         "NO_SSLv3", SSL_OP_NO_SSLv3
+     },
+ #endif
+-#if SSL_OP_NO_TLSv1
++#if defined(SSL_OP_NO_TLSv1)
+     {
+         "NO_TLSv1", SSL_OP_NO_TLSv1
+     },
+ #else
+     { "NO_TLSv1", 0 },
+ #endif
+-#if SSL_OP_NO_TLSv1_1
++#if defined(SSL_OP_NO_TLSv1_1)
+     {
+         "NO_TLSv1_1", SSL_OP_NO_TLSv1_1
+     },
+ #else
+     { "NO_TLSv1_1", 0 },
+ #endif
+-#if SSL_OP_NO_TLSv1_2
++#if defined(SSL_OP_NO_TLSv1_2)
+     {
+         "NO_TLSv1_2", SSL_OP_NO_TLSv1_2
+     },
+ #else
+     { "NO_TLSv1_2", 0 },
+ #endif
+-#if SSL_OP_NO_TLSv1_3
++#if defined(SSL_OP_NO_TLSv1_3)
+     {
+         "NO_TLSv1_3", SSL_OP_NO_TLSv1_3
+     },
+ #else
+     { "NO_TLSv1_3", 0 },
+ #endif
+-#if SSL_OP_NO_COMPRESSION
++#if defined(SSL_OP_NO_COMPRESSION)
+     {
+         "No_Compression", SSL_OP_NO_COMPRESSION
+     },
+ #endif
+-#if SSL_OP_NO_TICKET
++#if defined(SSL_OP_NO_TICKET)
+     {
+         "NO_TICKET", SSL_OP_NO_TICKET
+     },
+ #endif
+-#if SSL_OP_SINGLE_ECDH_USE
++#if defined(SSL_OP_SINGLE_ECDH_USE)
+     {
+         "SINGLE_ECDH_USE", SSL_OP_SINGLE_ECDH_USE
+     },
Index: pkgsrc/www/squid4/patches/patch-src_ssl_support.cc
diff -u /dev/null pkgsrc/www/squid4/patches/patch-src_ssl_support.cc:1.1
--- /dev/null   Mon Jan 27 11:39:15 2025
+++ pkgsrc/www/squid4/patches/patch-src_ssl_support.cc  Mon Jan 27 11:39:15 2025
@@ -0,0 +1,56 @@
+$NetBSD: patch-src_ssl_support.cc,v 1.1 2025/01/27 11:39:15 wiz Exp $
+
+Merge change from squid6 to fix build with openssl 3.
+
+--- src/ssl/support.cc.orig    2021-10-03 17:18:09.000000000 +0000
++++ src/ssl/support.cc
+@@ -396,7 +396,11 @@ Ssl::SetupVerifyCallback(Security::Conte
+ }
+ 
+ // "dup" function for SSL_get_ex_new_index("cert_err_check")
+-#if SQUID_USE_CONST_CRYPTO_EX_DATA_DUP
++#if OPENSSL_VERSION_MAJOR >= 3
++static int
++ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void **,
++                    int, long, void *)
++#elif SQUID_USE_CONST_CRYPTO_EX_DATA_DUP
+ static int
+ ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *,
+                     int, long, void *)
+@@ -485,23 +489,30 @@ Ssl::Initialize(void)
+ 
+     SQUID_OPENSSL_init_ssl();
+ 
+-#if !defined(OPENSSL_NO_ENGINE)
+     if (::Config.SSL.ssl_engine) {
++#if OPENSSL_VERSION_MAJOR < 3
++        debugs(83, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: Support for ssl_engine is deprecated " <<
++               "in Squids built with OpenSSL 1.x (like this Squid). " <<
++               "It is removed in Squids built with OpenSSL 3.0 or newer.");
++#if !defined(OPENSSL_NO_ENGINE)
+         ENGINE_load_builtin_engines();
+         ENGINE *e;
+         if (!(e = ENGINE_by_id(::Config.SSL.ssl_engine)))
+             fatalf("Unable to find SSL engine '%s'\n", ::Config.SSL.ssl_engine);
+ 
+         if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+-            const int ssl_error = ERR_get_error();
++            const auto ssl_error = ERR_get_error();
+             fatalf("Failed to initialise SSL engine: %s\n", Security::ErrorString(ssl_error));
+         }
+-    }
+-#else
+-    if (::Config.SSL.ssl_engine)
+-        fatalf("Your OpenSSL has no SSL engine support\n");
++#else /* OPENSSL_NO_ENGINE */
++        throw TextException("Cannot use ssl_engine in Squid built with OpenSSL configured to disable SSL engine support", Here());
+ #endif
+ 
++#else /* OPENSSL_VERSION_MAJOR */
++        throw TextException("Cannot use ssl_engine in Squid built with OpenSSL 3.0 or newer", Here());
++#endif
++    }
++
+     const char *defName = ::Config.SSL.certSignHash ? ::Config.SSL.certSignHash : SQUID_SSL_SIGN_HASH_IF_NONE;
+     Ssl::DefaultSignHash = EVP_get_digestbyname(defName);
+     if (!Ssl::DefaultSignHash)

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/www/squid4
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/www/squid4
Indexes:

Home | Main Index | Thread Index | Old Index