libevent: backport openssl v3 patch

taken from Arch Linux
2022-12-11 14:47:18 +01:00 · 2022-12-11 14:47:18 +01:00 · 25c5c41770
commit 25c5c41770
parent 2712721a21
2 changed files with 85 additions and 4 deletions
--- a/libevent/PKGBUILD
+++ b/libevent/PKGBUILD
@ -2,22 +2,29 @@

 pkgname=('libevent' 'libevent-devel')
 pkgver=2.1.12
-pkgrel=2
+pkgrel=3
 pkgdesc="An event notification library"
 arch=('i686' 'x86_64')
 url="https://libevent.org/"
-license=('BSD')
+license=('spdx:BSD-3-Clause')
 makedepends=('openssl-devel' 'autotools' 'gcc')
 source=("https://github.com/${pkgname}/${pkgname}/releases/download/release-${pkgver}-stable/${pkgname}-${pkgver}-stable.tar.gz"{,.asc}
-        "0001-Fix-DNS-lookups-in-MSYS2.patch")
+        "0001-Fix-DNS-lookups-in-MSYS2.patch"
+        "libevent-2.1.12-openssl-compat.patch")
 sha256sums=('92e6de1be9ec176428fd2367677e61ceffc2ee1cb119035037a27d346b0403bb'
            'SKIP'
-            '38246613788aa843abcaf1d895824af40db5a927ff32814b984552d6f8f8bb96')
+            '38246613788aa843abcaf1d895824af40db5a927ff32814b984552d6f8f8bb96'
+            'e41527c55f6dacc6453b13eeeea2664798496896b796abcd2a5c8304c9eb2bae')
 validpgpkeys=('9E3AC83A27974B84D1B3401DB86086848EF8686D') # Azat Khuzhin <azat@libevent.org>

 prepare() {
  cd ${srcdir}/${pkgname}-${pkgver}-stable
  patch -p1 -i ${srcdir}/0001-Fix-DNS-lookups-in-MSYS2.patch
+
+  # Taken from https://github.com/archlinux/svntogit-packages/blob/95e06cdb083da6da642a0e01caf6446758a2fd08/trunk/libevent-2.1.12-openssl-compat.patch
+  # which is based on https://github.com/libevent/libevent/pull/1288
+  patch -p1 -i ${srcdir}/libevent-2.1.12-openssl-compat.patch
+
  ./autogen.sh
 }

--- a/libevent/libevent-2.1.12-openssl-compat.patch
+++ b/libevent/libevent-2.1.12-openssl-compat.patch
@ -0,0 +1,74 @@
+commit 7f4684c0d362fefee8697ceed3f4f8642ed147ce
+Author: William Marlow <william.marlow@ibm.com>
+Date:   Sat Jun 18 21:43:31 2022 +0100
+
+    Initial OpenSSL 3.0 support
+    
+    * Don't use deprecated functions when building against OpenSSL 3.0.
+    * Recognise that OpenSSL 3.0 can signal a dirty shutdown as a protocol.
+      error in addition to the expected IO error produced by OpenSSL 1.1.1
+    * Update regress_mbedtls.c for compatibility with OpenSSL 3
+    
+    (cherry picked from commit 29c420c418aeb497e5e8b7abd45dee39194ca5fc)
+    
+     Conflicts:
+            bufferevent_openssl.c
+            sample/becat.c
+            test/regress_mbedtls.c
+
+diff --git a/bufferevent_openssl.c b/bufferevent_openssl.c
+index b51b834b..520e2d6f 100644
+--- a/bufferevent_openssl.c
+++ b/bufferevent_openssl.c
+@@ -514,7 +514,9 @@ conn_closed(struct bufferevent_openssl *bev_ssl, int when, int errcode, int ret)
+ 		put_error(bev_ssl, errcode);
+ 		break;
+ 	case SSL_ERROR_SSL:
+-		/* Protocol error. */
+		/* Protocol error; possibly a dirty shutdown. */
+		if (ret == 0 && SSL_is_init_finished(bev_ssl->ssl) == 0)
+			dirty_shutdown = 1;
+ 		put_error(bev_ssl, errcode);
+ 		break;
+ 	case SSL_ERROR_WANT_X509_LOOKUP:
+diff --git a/sample/le-proxy.c b/sample/le-proxy.c
+index 13e0e2ae..e9af3c68 100644
+--- a/sample/le-proxy.c
+++ b/sample/le-proxy.c
+@@ -112,10 +112,15 @@ eventcb(struct bufferevent *bev, short what, void *ctx)
+ 				    ERR_reason_error_string(err);
+ 				const char *lib = (const char*)
+ 				    ERR_lib_error_string(err);
+#if OPENSSL_VERSION_MAJOR >= 3
+				fprintf(stderr,
+					"%s in %s\n", msg, lib);
+#else
+ 				const char *func = (const char*)
+ 				    ERR_func_error_string(err);
+ 				fprintf(stderr,
+ 				    "%s in %s %s\n", msg, lib, func);
+#endif
+ 			}
+ 			if (errno)
+ 				perror("connection error");
+diff --git a/test/regress_ssl.c b/test/regress_ssl.c
+index 37dc334d..490be9b2 100644
+--- a/test/regress_ssl.c
+++ b/test/regress_ssl.c
+@@ -374,7 +374,16 @@ eventcb(struct bufferevent *bev, short what, void *ctx)
+ 		++n_connected;
+ 		ssl = bufferevent_openssl_get_ssl(bev);
+ 		tt_assert(ssl);
+#if OPENSSL_VERSION_MAJOR >= 3
+		/* SSL_get1_peer_certificate() means we want
+		 * to increase the reference count on the cert
+		 * and so we will need to free it ourselves later
+		 * when we're done with it. The non-reference count
+		 * increasing version is not available in OpenSSL 1.1.1. */
+		peer_cert = SSL_get1_peer_certificate(ssl);
+#else
+ 		peer_cert = SSL_get_peer_certificate(ssl);
+#endif
+ 		if (type & REGRESS_OPENSSL_SERVER) {
+ 			tt_assert(peer_cert == NULL);
+ 		} else {