+++ /dev/null
-https://github.com/coturn/coturn/commit/9af9f6306ab73c3403f9e11086b1936e9148f7de
-https://github.com/coturn/coturn/commit/4ce784a8781ab086c150e2b9f5641b1a37fd9b31
-https://github.com/coturn/coturn/commit/9370bb742d976166a51032760da1ecedefb92267
-https://github.com/coturn/coturn/commit/d72a2a8920b80ce66b36e22b2c22f308ad06c424
-
-From 9af9f6306ab73c3403f9e11086b1936e9148f7de Mon Sep 17 00:00:00 2001
-From: Pavel Punsky <eakraly@users.noreply.github.com>
-Date: Wed, 14 Sep 2022 03:29:26 -0700
-Subject: [PATCH] Fix renegotiation flag for older version of openssl (#978)
-
-`SSL_OP_NO_RENEGOTIATION` is only supported in openssl-1.1.0 and above
-Older versions have `SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS `
-
-Fixes #977 and #952
-
-Test:
-Build in a docker container running running openssl-1.0.2g (ubuntu
-16.04) successfully (without the fix getting the same errors)
---- a/src/apps/relay/dtls_listener.c
-+++ b/src/apps/relay/dtls_listener.c
-@@ -295,8 +295,17 @@ static ioa_socket_handle dtls_server_inp
- SSL_set_accept_state(connecting_ssl);
-
- SSL_set_bio(connecting_ssl, NULL, wbio);
-- SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION);
--
-+ SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-+ | SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
-+#endif
-+#else
-+#if defined(SSL_OP_NO_RENEGOTIATION)
-+ | SSL_OP_NO_RENEGOTIATION
-+#endif
-+#endif
-+ );
- SSL_set_max_cert_list(connecting_ssl, 655350);
-
- ioa_socket_handle rc = dtls_accept_client_connection(server, s, connecting_ssl,
-@@ -581,7 +590,17 @@ static int create_new_connected_udp_sock
-
- SSL_set_bio(connecting_ssl, NULL, wbio);
-
-- SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION);
-+ SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-+ | SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
-+#endif
-+#else
-+#if defined(SSL_OP_NO_RENEGOTIATION)
-+ | SSL_OP_NO_RENEGOTIATION
-+#endif
-+#endif
-+ );
-
- SSL_set_max_cert_list(connecting_ssl, 655350);
- int rc = ssl_read(ret->fd, connecting_ssl, server->sm.m.sm.nd.nbh,
---- a/src/apps/relay/ns_ioalib_engine_impl.c
-+++ b/src/apps/relay/ns_ioalib_engine_impl.c
-@@ -1428,7 +1428,17 @@ static void set_socket_ssl(ioa_socket_ha
- if(ssl) {
- SSL_set_app_data(ssl,s);
- SSL_set_info_callback(ssl, (ssl_info_callback_t)ssl_info_callback);
-- SSL_set_options(ssl, SSL_OP_NO_RENEGOTIATION);
-+ SSL_set_options(ssl,
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-+ SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
-+#endif
-+#else
-+#if defined(SSL_OP_NO_RENEGOTIATION)
-+ SSL_OP_NO_RENEGOTIATION
-+#endif
-+#endif
-+ );
- }
- }
- }
-@@ -1864,7 +1874,11 @@ int ssl_read(evutil_socket_t fd, SSL* ss
-
- } else if (!if1 && if2) {
-
-+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-+ if(verbose && SSL_get1_peer_certificate(ssl)) {
-+#else
- if(verbose && SSL_get_peer_certificate(ssl)) {
-+#endif
- printf("\n------------------------------------------------------------\n");
- X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)), 1,
- XN_FLAG_MULTILINE);
---- a/src/apps/uclient/startuclient.c
-+++ b/src/apps/uclient/startuclient.c
-@@ -138,7 +138,11 @@ static SSL* tls_connect(ioa_socket_raw f
- if (rc > 0) {
- TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO,"%s: client session connected with cipher %s, method=%s\n",__FUNCTION__,
- SSL_get_cipher(ssl),turn_get_ssl_method(ssl,NULL));
-+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-+ if(clnet_verbose && SSL_get1_peer_certificate(ssl)) {
-+#else
- if(clnet_verbose && SSL_get_peer_certificate(ssl)) {
-+#endif
- TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "------------------------------------------------------------\n");
- X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)), 1,
- XN_FLAG_MULTILINE);
---- a/src/client/ns_turn_msg.c
-+++ b/src/client/ns_turn_msg.c
-@@ -248,12 +248,22 @@ int stun_produce_integrity_key_str(const
- if (FIPS_mode()) {
- EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- }
--#endif
-+#endif // defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER)
- EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
- EVP_DigestUpdate(&ctx,str,strl);
- EVP_DigestFinal(&ctx,key,&keylen);
- EVP_MD_CTX_cleanup(&ctx);
--#else
-+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
-+ unsigned int keylen = 0;
-+ EVP_MD_CTX *ctx = EVP_MD_CTX_new();
-+ if (EVP_default_properties_is_fips_enabled(NULL)) {
-+ EVP_default_properties_enable_fips(NULL, 0);
-+ }
-+ EVP_DigestInit_ex(ctx,EVP_md5(), NULL);
-+ EVP_DigestUpdate(ctx,str,strl);
-+ EVP_DigestFinal(ctx,key,&keylen);
-+ EVP_MD_CTX_free(ctx);
-+#else // OPENSSL_VERSION_NUMBER < 0x10100000L
- unsigned int keylen = 0;
- EVP_MD_CTX *ctx = EVP_MD_CTX_new();
- #if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && ! defined(LIBRESSL_VERSION_NUMBER)
-@@ -265,7 +275,7 @@ int stun_produce_integrity_key_str(const
- EVP_DigestUpdate(ctx,str,strl);
- EVP_DigestFinal(ctx,key,&keylen);
- EVP_MD_CTX_free(ctx);
--#endif
-+#endif // OPENSSL_VERSION_NUMBER < 0X10100000L
- ret = 0;
- }
-
---- a/src/apps/relay/netengine.c
-+++ b/src/apps/relay/netengine.c
-@@ -31,13 +31,7 @@
- #include "mainrelay.h"
-
- //////////// Backward compatibility with OpenSSL 1.0.x //////////////
--#define HAVE_OPENSSL11_API (!(OPENSSL_VERSION_NUMBER < 0x10100001L || defined LIBRESSL_VERSION_NUMBER))
--
--#ifndef HAVE_SSL_CTX_UP_REF
--#define HAVE_SSL_CTX_UP_REF HAVE_OPENSSL11_API
--#endif
--
--#if !HAVE_SSL_CTX_UP_REF
-+#if (OPENSSL_VERSION_NUMBER < 0x10100001L || defined LIBRESSL_VERSION_NUMBER)
- #define SSL_CTX_up_ref(ctx) CRYPTO_add(&(ctx)->references, 1, CRYPTO_LOCK_SSL_CTX)
- #endif
-
---- a/src/apps/relay/mainrelay.c
-+++ b/src/apps/relay/mainrelay.c
-@@ -1353,7 +1353,6 @@ static void set_option(int c, char *valu
- STRCPY(turn_params.relay_ifname, value);
- break;
- case 'm':
--#if defined(OPENSSL_THREADS)
- if(atoi(value)>MAX_NUMBER_OF_GENERAL_RELAY_SERVERS) {
- TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: max number of relay threads is 128.\n");
- turn_params.general_relay_servers_number = MAX_NUMBER_OF_GENERAL_RELAY_SERVERS;
-@@ -1362,9 +1361,6 @@ static void set_option(int c, char *valu
- } else {
- turn_params.general_relay_servers_number = atoi(value);
- }
--#else
-- TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: OpenSSL version is too old OR does not support threading,\n I am using single thread for relaying.\n");
--#endif
- break;
- case 'd':
- STRCPY(turn_params.listener_ifname, value);
-@@ -2640,9 +2636,8 @@ int main(int argc, char **argv)
-
- ////////// OpenSSL locking ////////////////////////////////////////
-
--#if defined(OPENSSL_THREADS)
--
--static char some_buffer[65536];
-+#if defined(OPENSSL_THREADS)
-+#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0
-
- //array larger than anything that OpenSSL may need:
- static pthread_mutex_t mutex_buf[256];
-@@ -2660,76 +2655,52 @@ void coturn_locking_function(int mode, i
- }
- }
-
--#if OPENSSL_VERSION_NUMBER >= 0x10000000L
- void coturn_id_function(CRYPTO_THREADID *ctid);
- void coturn_id_function(CRYPTO_THREADID *ctid)
- {
- UNUSED_ARG(ctid);
- CRYPTO_THREADID_set_numeric(ctid, (unsigned long)pthread_self());
- }
--#else
--unsigned long coturn_id_function(void);
--unsigned long coturn_id_function(void)
--{
-- return (unsigned long)pthread_self();
--}
--#endif
--
--#endif
-
- static int THREAD_setup(void) {
--
--#if defined(OPENSSL_THREADS)
--
-- int i;
--
-- some_buffer[0] = 0;
--
-+ int i;
- for (i = 0; i < CRYPTO_num_locks(); i++) {
- pthread_mutex_init(&(mutex_buf[i]), NULL);
- }
-
- mutex_buf_initialized = 1;
--
--#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1
- CRYPTO_THREADID_set_callback(coturn_id_function);
--#else
-- CRYPTO_set_id_callback(coturn_id_function);
--#endif
--
- CRYPTO_set_locking_callback(coturn_locking_function);
--#endif
--
- return 1;
- }
-
- int THREAD_cleanup(void);
- int THREAD_cleanup(void) {
-+ int i;
-
--#if defined(OPENSSL_THREADS)
--
-- int i;
-+ if (!mutex_buf_initialized)
-+ return 0;
-
-- if (!mutex_buf_initialized)
-- return 0;
-+ CRYPTO_THREADID_set_callback(NULL);
-+ CRYPTO_set_locking_callback(NULL);
-+ for (i = 0; i < CRYPTO_num_locks(); i++) {
-+ pthread_mutex_destroy(&(mutex_buf[i]));
-+ }
-
--#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1
-- CRYPTO_THREADID_set_callback(NULL);
-+ mutex_buf_initialized = 0;
-+ return 1;
-+}
- #else
-- CRYPTO_set_id_callback(NULL);
--#endif
--
-- CRYPTO_set_locking_callback(NULL);
-- for (i = 0; i < CRYPTO_num_locks(); i++) {
-- pthread_mutex_destroy(&(mutex_buf[i]));
-- }
--
-- mutex_buf_initialized = 0;
--
--#endif
-+static int THREAD_setup(void) {
-+ return 1;
-+}
-
-- return 1;
-+int THREAD_cleanup(void);
-+int THREAD_cleanup(void){
-+ return 1;
- }
-+#endif /* OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0 */
-+#endif /* defined(OPENSSL_THREADS) */
-
- static void adjust_key_file_name(char *fn, const char* file_title, int critical)
- {
+++ /dev/null
-From fea1a27f5fbef28243620fa66909d2d04c81e140 Mon Sep 17 00:00:00 2001
-From: Christian Marangi <ansuelsmth@gmail.com>
-Date: Thu, 2 Nov 2023 21:16:07 +0100
-Subject: [PATCH] Move to PCRE2 from PCRE
-
-Move to PCRE2 as PCRE is EOL and won't receive any security updates
-anymore.
-
-Convert each function to PCRE2 equivalent and update configure.ac to
-USE_PCRE2.
-
-Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
----
- configure.ac | 20 +++++++++---------
- src/config.h.in | 4 ++--
- src/sipgrep.c | 56 ++++++++++++++++++++++++++++++-------------------
- 3 files changed, 47 insertions(+), 33 deletions(-)
-
---- a/configure.ac
-+++ b/configure.ac
-@@ -26,8 +26,8 @@ AC_ARG_ENABLE(ssl,
- AC_MSG_RESULT([$SSL])
- AC_SUBST([SSL])
-
--usePCRE=yes
--AC_SUBST([PCRE])
-+usePCRE2=yes
-+AC_SUBST([PCRE2])
-
- useNCURSES=no
- AC_MSG_CHECKING([whether to use ncurses])
-@@ -169,15 +169,15 @@ AC_SUBST(PCAP_LIBS)
-
-
- dnl
--dnl check for pcre library
-+dnl check for pcre2 library
- dnl
-
--# Checks for libpcre
--AC_CHECKING([for pcre Library and Header files])
--AC_CHECK_HEADER([pcre.h], ,AC_MSG_ERROR([Could not find pcre headers !]))
--AC_CHECK_LIB([pcre], [pcre_compile], ,[AC_MSG_ERROR([libpcre required])])
--AC_DEFINE(USE_PCRE, 1, [Use PCRE library])
--AC_SUBST(PCRE_LIBS)
-+# Checks for libpcre2
-+AC_CHECKING([for pcre2 Library and Header files])
-+AC_CHECK_HEADER([pcre2.h], ,AC_MSG_ERROR([Could not find pcre2 headers !]), [#define PCRE2_CODE_UNIT_WIDTH 8])
-+AC_CHECK_LIB([pcre2-8], [pcre2_compile_8], ,[AC_MSG_ERROR([libpcre2 required])])
-+AC_DEFINE(USE_PCRE2, 1, [Use PCRE2 library])
-+AC_SUBST(PCRE2_LIBS)
-
-
- dnl
-@@ -271,6 +271,6 @@ echo Ncurses support............. : $use
-
- echo
- echo Build with REDIS............ : $useRedis
--echo Build with PCRE............. : $usePCRE
-+echo Build with PCRE............. : $usePCRE2
- echo
-
---- a/src/config.h.in
-+++ b/src/config.h.in
-@@ -152,8 +152,8 @@
- /* Use NCURSES library */
- #undef USE_NCURSES
-
--/* Use PCRE library */
--#undef USE_PCRE
-+/* Use PCRE2 library */
-+#undef USE_PCRE2
-
- /* Use REDIS library */
- #undef USE_REDIS
---- a/src/sipgrep.c
-+++ b/src/sipgrep.c
-@@ -88,7 +88,8 @@
-
- #include <netdb.h>
-
--#include <pcre.h>
-+#define PCRE2_CODE_UNIT_WIDTH 8
-+#include <pcre2.h>
-
- /* reasambling */
- #include "include/ipreasm.h"
-@@ -149,17 +150,18 @@ struct statistics_table *statstable = NU
- * GNU PCRE
- */
-
--int32_t err_offset;
--char *re_err = NULL;
-+PCRE2_UCHAR re_err[128];
-+PCRE2_SIZE err_offset;
-+uint32_t err_code;
-
--pcre *pattern = NULL;
--pcre_extra *pattern_extra = NULL;
-+pcre2_code *pattern = NULL;
-
- /*
- * Matching
- */
-
--char *match_data = NULL, *bin_data = NULL;
-+PCRE2_SPTR match_data = NULL;
-+char *bin_data = NULL;
- uint16_t match_len = 0;
- int8_t (*match_func) () = &blank_match_func;
-
-@@ -550,13 +552,13 @@ main (int argc, char **argv)
-
- if (match_data) {
-
-- uint32_t pcre_options = PCRE_UNGREEDY;
-+ uint32_t pcre2_options = PCRE2_UNGREEDY;
-
- if (re_ignore_case)
-- pcre_options |= PCRE_CASELESS;
-+ pcre2_options |= PCRE2_CASELESS;
-
- if (re_multiline_match)
-- pcre_options |= PCRE_DOTALL;
-+ pcre2_options |= PCRE2_DOTALL;
-
- if (re_match_word) {
- char *word_regex = malloc (strlen (match_data) * 3 + strlen (WORD_REGEX));
-@@ -564,14 +566,21 @@ main (int argc, char **argv)
- match_data = word_regex;
- }
-
-- pattern = pcre_compile (match_data, pcre_options, (const char **) &re_err, &err_offset, 0);
-+ pattern = pcre2_compile (match_data, PCRE2_ZERO_TERMINATED, pcre2_options, &err_code, &err_offset, NULL);
-
- if (!pattern) {
-+ pcre2_get_error_message (err_code, re_err, 128);
- fprintf (stderr, "compile failed: %s\n", re_err);
- clean_exit (-1);
- }
-
-- pattern_extra = pcre_study (pattern, 0, (const char **) &re_err);
-+ err_code = pcre2_jit_compile (pattern, PCRE2_JIT_COMPLETE);
-+
-+ if (err_code < 0) {
-+ pcre2_get_error_message(err_code, re_err, 128);
-+ fprintf (stderr, "compile failed: %s\n", re_err);
-+ clean_exit (-1);
-+ }
-
- match_func = &re_match_func;
-
-@@ -1653,21 +1662,28 @@ dump_packet (struct pcap_pkthdr *h, u_ch
- int8_t
- re_match_func (unsigned char *data, uint32_t len)
- {
-+ pcre2_match_data *match_data;
-+
-+ match_data = pcre2_match_data_create_from_pattern(pattern, NULL);
-
-- switch (pcre_exec (pattern, 0, (char *)data, (int32_t) len, 0, 0, 0, 0)) {
-- case PCRE_ERROR_NULL:
-- case PCRE_ERROR_BADOPTION:
-- case PCRE_ERROR_BADMAGIC:
-- case PCRE_ERROR_UNKNOWN_NODE:
-- case PCRE_ERROR_NOMEMORY:
-+ switch (pcre2_match (pattern, (PCRE2_SPTR)data, len, 0, 0, match_data, 0)) {
-+ case PCRE2_ERROR_NULL:
-+ case PCRE2_ERROR_BADOPTION:
-+ case PCRE2_ERROR_BADMAGIC:
-+ case PCRE2_ERROR_INTERNAL:
-+ case PCRE2_ERROR_NOMEMORY:
-+ pcre2_match_data_free(match_data);
- perror ("she's dead, jim\n");
- clean_exit (-2);
- break;
-
-- case PCRE_ERROR_NOMATCH:
-+ case PCRE2_ERROR_NOMATCH:
-+ pcre2_match_data_free(match_data);
- return 0;
- }
-
-+ pcre2_match_data_free(match_data);
-+
- if (max_matches)
- matches++;
-
-@@ -2125,9 +2141,7 @@ clean_exit (int32_t sig)
- printf ("exit\n");
-
- if (pattern)
-- pcre_free (pattern);
-- if (pattern_extra)
-- pcre_free (pattern_extra);
-+ pcre2_code_free (pattern);
-
- if (bin_data)
- free (bin_data);