[packages/pound] - up to 3.0.2, fix building with mbedtls 3

baggins baggins at pld-linux.org
Tue Apr 5 13:32:49 CEST 2022 

commit 875c35e0f3815c1b16961a9ee9862fa3454b72ff
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Tue Apr 5 13:32:21 2022 +0200

    - up to 3.0.2, fix building with mbedtls 3

 mbedtls3.patch | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 pound.spec     | 10 ++++---
 2 files changed, 98 insertions(+), 4 deletions(-)
---
diff --git a/pound.spec b/pound.spec
index a83d692..e4447ee 100644
--- a/pound.spec
+++ b/pound.spec
@@ -6,19 +6,20 @@
 Summary:	Pound - reverse-proxy and load-balancer
 Summary(pl.UTF-8):	Pound - reverse-proxy i load-balancer
 Name:		pound
-Version:	3.0.1
-Release:	2
+Version:	3.0.2
+Release:	1
 License:	GPL v3
 Group:		Networking/Daemons
 Source0:	http://www.apsis.ch/pound/Pound-%{version}.tgz
-# Source0-md5:	4f14dee286f2325c53ea646b5323e3de
+# Source0-md5:	c0f5af4cd6aa184c00f4848ae1c4536a
 Source1:	%{name}.yaml
 Source2:	%{name}.init
 Source3:	%{name}.sysconfig
 Source5:	%{name}.tmpfiles
 Patch0:		tcmalloc.patch
 Patch1:		pound-man.patch
-URL:		http://www.apsis.ch/pound/
+Patch2:		mbedtls3.patch
+URL:		https://www.apsis.ch/pound.html
 BuildRequires:	cmake
 BuildRequires:	yaml-devel
 BuildRequires:	nanomsg-devel
@@ -61,6 +62,7 @@ swobodnego używania, kopiowania i rozdawania.
 %setup -q -n Pound-%{version}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 install -d build
diff --git a/mbedtls3.patch b/mbedtls3.patch
new file mode 100644
index 0000000..0b4d0b1
--- /dev/null
+++ b/mbedtls3.patch
@@ -0,0 +1,92 @@
+--- Pound-3.0.1/include/pound.h.in~	2021-08-23 17:31:52.000000000 +0200
++++ Pound-3.0.1/include/pound.h.in	2022-04-05 12:35:33.796420709 +0200
+@@ -68,8 +68,7 @@
+ #include    <grp.h>
+ #include    <signal.h>
+ #include    <setjmp.h>
+-#include    <mbedtls/config.h>
+-#include    <mbedtls/certs.h>
++#include    <mbedtls/build_info.h>
+ #include    <mbedtls/oid.h>
+ #include    <mbedtls/asn1.h>
+ #include    <mbedtls/x509.h>
+--- Pound-3.0.1/CMakeLists.txt~	2022-04-04 23:23:36.000000000 +0200
++++ Pound-3.0.1/CMakeLists.txt	2022-04-05 12:36:14.645777663 +0200
+@@ -28,7 +28,7 @@
+ find_package(Threads REQUIRED)
+ 
+ include(CheckIncludeFiles)
+-CHECK_INCLUDE_FILES("stdio.h;pthread.h;yaml.h;nanomsg/nn.h;nanomsg/inproc.h;nanomsg/pipeline.h;nanomsg/pair.h;nanomsg/reqrep.h;stdlib.h;unistd.h;fcntl.h;ctype.h;getopt.h;string.h;syslog.h;sys/types.h;sys/socket.h;netdb.h;sys/stat.h;time.h;poll.h;semaphore.h;pwd.h;grp.h;signal.h;setjmp.h;mbedtls/config.h;mbedtls/certs.h;mbedtls/oid.h;mbedtls/asn1.h;mbedtls/x509.h;mbedtls/entropy.h;mbedtls/ctr_drbg.h;mbedtls/ssl.h;mbedtls/error.h" HAVE_MANDATORY_INCLUDES LANGUAGE C)
++CHECK_INCLUDE_FILES("stdio.h;pthread.h;yaml.h;nanomsg/nn.h;nanomsg/inproc.h;nanomsg/pipeline.h;nanomsg/pair.h;nanomsg/reqrep.h;stdlib.h;unistd.h;fcntl.h;ctype.h;getopt.h;string.h;syslog.h;sys/types.h;sys/socket.h;netdb.h;sys/stat.h;time.h;poll.h;semaphore.h;pwd.h;grp.h;signal.h;setjmp.h;mbedtls/oid.h;mbedtls/build_info.h;mbedtls/asn1.h;mbedtls/x509.h;mbedtls/entropy.h;mbedtls/ctr_drbg.h;mbedtls/ssl.h;mbedtls/error.h" HAVE_MANDATORY_INCLUDES LANGUAGE C)
+ if(NOT HAVE_MANDATORY_INCLUDES)
+ message(FATAL_ERROR "Missing mandatory header files!")
+ endif()
+--- Pound-3.0.2/src/config.c.orig	2021-11-28 17:04:25.000000000 +0100
++++ Pound-3.0.2/src/config.c	2022-04-05 13:03:00.802981794 +0200
+@@ -63,6 +63,19 @@
+     return res;
+ }
+ 
++static int mbedtls_rnd( void *rng_state, unsigned char *output, size_t len )
++{
++    size_t i;
++
++    if( rng_state != NULL )
++        rng_state  = NULL;
++
++    for( i = 0; i < len; ++i )
++        output[i] = rand();
++
++    return(0);
++}
++
+ static void
+ get_global(yaml_document_t *document, yaml_node_t *root)
+ {
+@@ -380,11 +393,11 @@
+     if(mbedtls_x509_crt_parse_file(&res->certificate, filename))
+         fatal("SNI: can't read certificate %s", filename);
+     mbedtls_pk_init(&res->key);
+-    if(mbedtls_pk_parse_keyfile(&res->key, filename, NULL))
++    if(mbedtls_pk_parse_keyfile(&res->key, filename, NULL, mbedtls_rnd, NULL))
+         fatal("SNI: can't read key %s", filename);
+     utarray_new(hosts, &regex_icd);
+     for(cur = &res->certificate; cur != NULL; cur = cur->next) {
+-        if(mbedtls_pk_check_pair(&cur->pk, &res->key))
++        if(mbedtls_pk_check_pair(&cur->pk, &res->key, mbedtls_rnd, NULL))
+             continue;
+         for(nd = &cur->subject; nd != NULL; nd = nd->next)
+             if(MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &nd->oid) == 0) {
+--- Pound-3.0.2/src/http.c~	2021-11-28 17:04:25.000000000 +0100
++++ Pound-3.0.2/src/http.c	2022-04-05 13:30:02.176298374 +0200
+@@ -476,6 +476,7 @@
+ 
+ typedef struct cookie {
+     mbedtls_ssl_context *fd;
++    mbedtls_net_context *ssl_fd;
+ }   COOKIE;
+ 
+ static size_t
+@@ -506,13 +507,11 @@
+ {
+     COOKIE  *c;
+     int     res;
+-    mbedtls_net_context *ssl_fd;
+ 
+     c = (COOKIE *)cv;
+     res = mbedtls_ssl_close_notify(c->fd);
+-    ssl_fd = c->fd->p_bio;
++    mbedtls_net_free(c->ssl_fd);
+     mbedtls_ssl_free(c->fd);
+-    mbedtls_net_free(ssl_fd);
+     return res;
+ }
+ 
+@@ -580,6 +579,7 @@
+                 crt_buf[0] = '\0';
+             /* for HTTP2: !strcmp(mbedtls_ssl_get_alpn_protocol(&ssl), "h2"), but we don't really need it */
+             c.fd = &ssl;
++            c.ssl_fd = &ssl_client;
+             cio.read = (cookie_read_function_t *)c_read;
+             cio.write = (cookie_write_function_t *)c_write;
+             cio.seek = NULL;
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/pound.git/commitdiff/875c35e0f3815c1b16961a9ee9862fa3454b72ff

More information about the pld-cvs-commit mailing list