Merge pull request #20475 from cotequeiroz/openssl3

treewide: prepare packages for OpenSSL 3.0 update
2023-02-20 12:07:16 -03:00 · 2023-02-20 12:07:16 -03:00 · df079b06b7
commit df079b06b7
parent 94512aba16 ac547f5af8
18 changed files with 285 additions and 40 deletions
--- a/libs/gost_engine/Makefile
+++ b/libs/gost_engine/Makefile
@ -1,19 +1,27 @@
 include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/openssl-engine.mk

 PKG_NAME:=gost_engine
-PKG_VERSION:=1.1.0.3
-PKG_RELEASE:=$(AUTORELEASE)
+ifeq ($(ENGINES_DIR),engines-1.1)
+  PKG_VERSION:=1.1.0.3
+  PKG_HASH:=fff725052e82c9adb5b738729b30141f61ac91fa457a4f4b5de18b8b24092f75
+  PKG_LICENSE:=OpenSSL
+  PATCH_DIR=./patches-1.1
+else
+  PKG_VERSION:=3.0.1
+  PKG_HASH:=bfeac85883724cfbe0ecc6d942ac0524b908143e019ab3d3b6abe47a3466a628
+  PKG_LICENSE:=Apache-2.0
+  PATCH_DIR=./patches-3
+endif
+PKG_RELEASE:=7

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/gost-engine/engine/archive/v$(PKG_VERSION)
-PKG_HASH:=fff725052e82c9adb5b738729b30141f61ac91fa457a4f4b5de18b8b24092f75

 PKG_MAINTAINER:=Artur Petrov <github@phpchain.ru>
-PKG_LICENSE:=OpenSSL

 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
-include $(INCLUDE_DIR)/openssl-engine.mk

 PKG_UNPACK:=$(HOST_TAR) -C "$(PKG_BUILD_DIR)" --strip-components=1 -xzf "$(DL_DIR)/$(PKG_SOURCE)"
 PKG_INSTALL:=
--- a/libs/gost_engine/patches-1.1/010-openssl-deprecated.patch
+++ b/libs/gost_engine/patches-1.1/010-openssl-deprecated.patch
--- a/libs/gost_engine/patches-3/020-cmake-allow-cross-compile.patch
+++ b/libs/gost_engine/patches-3/020-cmake-allow-cross-compile.patch
@ -0,0 +1,59 @@
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -64,31 +64,35 @@ else()
+  add_definitions(-DL_ENDIAN)
+ endif()
+ 
+-check_c_source_runs("
+-  #ifdef _MSC_VER
+-  # include <intrin.h>
+-  #else
+-  # include <x86intrin.h>
+-  #endif
+-  int main(void) {
+-    unsigned long long x = -1, y = 1, r;
+-    unsigned char cf;
+-    cf = _addcarry_u64(1, x, y, &r);
+-    return !(cf == 1 && r == 1);
+-  }
+-  " ADDCARRY_U64)
+if(NOT CMAKE_CROSSCOMPILING)
+  check_c_source_runs("
+    #ifdef _MSC_VER
+    # include <intrin.h>
+    #else
+    # include <x86intrin.h>
+    #endif
+    int main(void) {
+      unsigned long long x = -1, y = 1, r;
+      unsigned char cf;
+      cf = _addcarry_u64(1, x, y, &r);
+      return !(cf == 1 && r == 1);
+    }
+    " ADDCARRY_U64)
+
+  check_c_source_runs("
+    int main(void) {
+      char buf[16] = { 0, 1, 2 };
+      int *p = (int *)(buf + 1);
+      int *q = (int *)(buf + 2);
+      return (*p == *q);
+    }
+    " RELAXED_ALIGNMENT)
+endif()
+
+ if (ADDCARRY_U64)
+   add_definitions(-DHAVE_ADDCARRY_U64)
+ endif()
+ 
+-check_c_source_runs("
+-  int main(void) {
+-    char buf[16] = { 0, 1, 2 };
+-    int *p = (int *)(buf + 1);
+-    int *q = (int *)(buf + 2);
+-    return (*p == *q);
+-  }
+-  " RELAXED_ALIGNMENT)
+ if (NOT RELAXED_ALIGNMENT)
+   add_definitions(-DSTRICT_ALIGNMENT)
+ endif()
--- a/libs/gost_engine/patches-3/030-dont-build-provider.patch
+++ b/libs/gost_engine/patches-3/030-dont-build-provider.patch
@ -0,0 +1,56 @@
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -357,9 +357,11 @@ set_target_properties(lib_gost_engine PR
+   COMPILE_DEFINITIONS "BUILDING_ENGINE_AS_LIBRARY"
+   PUBLIC_HEADER gost-engine.h
+   OUTPUT_NAME "gost")
+-target_link_libraries(lib_gost_engine PRIVATE gost_core gost_err)
+#target_link_libraries(lib_gost_engine PRIVATE gost_core gost_err)
+target_link_libraries(lib_gost_engine PRIVATE gost_core)
+ endif()
+ 
+if (0)
+ # The GOST provider uses this
+ add_subdirectory(libprov)
+ 
+@@ -384,6 +386,7 @@ set_target_properties(lib_gost_prov PROP
+   )
+ target_link_libraries(lib_gost_prov PRIVATE gost_core libprov)
+ endif()
+endif()
+ 
+ set(GOST_SUM_SOURCE_FILES
+         gostsum.c
+@@ -424,15 +427,15 @@ install(FILES gostsum.1 gost12sum.1 DEST
+ install(TARGETS gost_engine EXPORT GostEngineConfig
+         LIBRARY  DESTINATION ${OPENSSL_ENGINES_DIR}
+         RUNTIME  DESTINATION ${OPENSSL_ENGINES_DIR})
+-install(TARGETS gost_prov EXPORT GostProviderConfig
+-        LIBRARY  DESTINATION ${OPENSSL_MODULES_DIR}
+-        RUNTIME  DESTINATION ${OPENSSL_MODULES_DIR})
+#install(TARGETS gost_prov EXPORT GostProviderConfig
+#        LIBRARY  DESTINATION ${OPENSSL_MODULES_DIR}
+#        RUNTIME  DESTINATION ${OPENSSL_MODULES_DIR})
+ if (NOT MSVC)
+ # install engine and provider in library form
+ install(TARGETS lib_gost_engine EXPORT GostEngineConfig
+         LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR})
+-install(TARGETS lib_gost_prov EXPORT GostProviderConfig
+-        LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR})
+#install(TARGETS lib_gost_prov EXPORT GostProviderConfig
+#        LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR})
+ endif()
+ 
+ if (MSVC)
+@@ -440,8 +443,8 @@ if (MSVC)
+     EXPORT GostEngineConfig DESTINATION ${CMAKE_INSTALL_BINDIR} OPTIONAL)
+   install(FILES $<TARGET_PDB_FILE:gost_engine>
+     EXPORT GostEngineConfig DESTINATION ${OPENSSL_ENGINES_DIR} OPTIONAL)
+-  install(FILES $<TARGET_PDB_FILE:gost_prov>
+-    EXPORT GostProviderConfig DESTINATION ${OPENSSL_MODULES_DIR} OPTIONAL)
+#  install(FILES $<TARGET_PDB_FILE:gost_prov>
+#    EXPORT GostProviderConfig DESTINATION ${OPENSSL_MODULES_DIR} OPTIONAL)
+ endif()
+ install(EXPORT GostEngineConfig DESTINATION GostEngine/share/cmake/GostEngine)
+-install(EXPORT GostProviderConfig DESTINATION GostEngine/share/cmake/GostProvider)
+#install(EXPORT GostProviderConfig DESTINATION GostEngine/share/cmake/GostProvider)
--- a/libs/libuhttpd/Makefile
+++ b/libs/libuhttpd/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=libuhttpd
 PKG_VERSION:=3.14.1
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_RELEASE:=2

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL=https://github.com/zhaojh329/libuhttpd/releases/download/v$(PKG_VERSION)
@ -41,6 +41,7 @@ Package/libuhttpd-mbedtls=$(call Package/libuhttpd/Default,mbedtls,+PACKAGE_libu
 Package/libuhttpd-nossl=$(call Package/libuhttpd/Default,nossl)

 CMAKE_OPTIONS += -DBUILD_EXAMPLE=OFF
+TARGET_CFLAGS += -Wno-error=deprecated-declarations

 ifeq ($(BUILD_VARIANT),openssl)
  CMAKE_OPTIONS += -DUSE_OPENSSL=ON
--- a/net/apfree-wifidog/Makefile
+++ b/net/apfree-wifidog/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=apfree-wifidog
 PKG_VERSION:=4.08.1771
-PKG_RELEASE:=6
+PKG_RELEASE:=7

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/liudf0716/apfree_wifidog.git
--- a/net/apfree-wifidog/patches/010-support-openssl-3.0.patch
+++ b/net/apfree-wifidog/patches/010-support-openssl-3.0.patch
@ -0,0 +1,53 @@
+From 53a042836063e965f8df9fc85bb32e8e46da8a05 Mon Sep 17 00:00:00 2001
+From: staylightblow8 <liudf0716@gmail.com>
+Date: Thu, 20 Oct 2022 10:47:59 +0800
+Subject: [PATCH] support openssl > 3.0
+
+---
+ cmake/Modules/FindOpenSSL.cmake | 27 +++++++++++++++++++++++----
+ 1 file changed, 23 insertions(+), 4 deletions(-)
+
+--- a/cmake/Modules/FindOpenSSL.cmake
+++ b/cmake/Modules/FindOpenSSL.cmake
+@@ -282,11 +282,11 @@ function(from_hex HEX DEC)
+   set(${DEC} ${_res} PARENT_SCOPE)
+ endfunction()
+ 
+-if (OPENSSL_INCLUDE_DIR)
+-  if(OPENSSL_INCLUDE_DIR AND EXISTS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h")
+-    file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" openssl_version_str
+-         REGEX "^# *define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])+.*")
+if(OPENSSL_INCLUDE_DIR AND EXISTS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h")
+  file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" openssl_version_str
+       REGEX "^#[\t ]*define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])+.*")
+ 
+  if(openssl_version_str)
+     # The version number is encoded as 0xMNNFFPPS: major minor fix patch status
+     # The status gives if this is a developer or prerelease and is ignored here.
+     # Major, minor, and fix directly translate into the version numbers shown in
+@@ -315,6 +315,25 @@ if (OPENSSL_INCLUDE_DIR)
+     endif ()
+ 
+     set(OPENSSL_VERSION "${OPENSSL_VERSION_MAJOR}.${OPENSSL_VERSION_MINOR}.${OPENSSL_VERSION_FIX}${OPENSSL_VERSION_PATCH_STRING}")
+  else ()
+    # Since OpenSSL 3.0.0, the new version format is MAJOR.MINOR.PATCH and
+    # a new OPENSSL_VERSION_STR macro contains exactly that
+    file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" OPENSSL_VERSION_STR
+         REGEX "^#[\t ]*define[\t ]+OPENSSL_VERSION_STR[\t ]+\"([0-9])+\\.([0-9])+\\.([0-9])+\".*")
+    string(REGEX REPLACE "^.*OPENSSL_VERSION_STR[\t ]+\"([0-9]+\\.[0-9]+\\.[0-9]+)\".*$"
+           "\\1" OPENSSL_VERSION_STR "${OPENSSL_VERSION_STR}")
+
+    set(OPENSSL_VERSION "${OPENSSL_VERSION_STR}")
+
+    # Setting OPENSSL_VERSION_MAJOR OPENSSL_VERSION_MINOR and OPENSSL_VERSION_FIX
+    string(REGEX MATCHALL "([0-9])+" OPENSSL_VERSION_NUMBER "${OPENSSL_VERSION}")
+    list(POP_FRONT OPENSSL_VERSION_NUMBER
+      OPENSSL_VERSION_MAJOR
+      OPENSSL_VERSION_MINOR
+      OPENSSL_VERSION_FIX)
+
+    unset(OPENSSL_VERSION_NUMBER)
+    unset(OPENSSL_VERSION_STR)
+   endif ()
+ endif ()
+ 
--- a/net/boinc/Makefile
+++ b/net/boinc/Makefile
@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=boinc
 PKG_VERSION:=7.16.16
 PKG_VERSION_SHORT:=$(shell echo $(PKG_VERSION)| cut -f1,2 -d.)
-PKG_RELEASE:=2
+PKG_RELEASE:=3

 PKG_SOURCE_DATE:=2020-02-25
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
--- a/net/boinc/patches/003-update-to-openssl-3.0.0.patch
+++ b/net/boinc/patches/003-update-to-openssl-3.0.0.patch
@ -0,0 +1,34 @@
+From 689dc20ede9768377d4032ff8c70b58269c8dc9c Mon Sep 17 00:00:00 2001
+From: Charlie Fenton <charlief@example.com>
+Date: Mon, 18 Oct 2021 01:43:08 -0700
+Subject: [PATCH] Mac: update dependent libraries to latest: c-ares-1.17.2,
+ curl-7.79.1, freetype-2.11.0, openssl-3.0.0 Previously updated to
+ wxWidgets-3.1.5. FTGL version ftgl-2.1.3~rc5  is still the current version.
+
+---
+cotequeiroz: Trimming original commit to lib/crypt.cpp only
+
+ lib/crypt.cpp                             |   7 +-
+
+--- a/lib/crypt.cpp
+++ b/lib/crypt.cpp
+@@ -1,6 +1,6 @@
+ // This file is part of BOINC.
+ // http://boinc.berkeley.edu
+-// Copyright (C) 2008 University of California
+// Copyright (C) 2021 University of California
+ //
+ // BOINC is free software; you can redistribute it and/or modify it
+ // under the terms of the GNU Lesser General Public License
+@@ -670,7 +670,10 @@ int check_validity_of_cert(
+         }
+ #ifdef HAVE_OPAQUE_RSA_DSA_DH
+         RSA *rsa;
+-        rsa = EVP_PKEY_get0_RSA(pubKey);
+        // CAUTION: In OpenSSL 3.0.0, EVP_PKEY_get0_RSA() now returns a
+        // pointer of type "const struct rsa_st*" to an immutable value.
+        // Do not try to modify the contents of the returned struct.
+        rsa = (rsa_st*)EVP_PKEY_get0_RSA(pubKey);
+         if (!RSA_blinding_on(rsa, c)) {
+ #else
+         if (!RSA_blinding_on(pubKey->pkey.rsa, c)) {
--- a/net/nginx-util/Makefile
+++ b/net/nginx-util/Makefile
@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=nginx-util
 PKG_VERSION:=1.6
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_RELEASE:=15
 PKG_MAINTAINER:=Peter Stadler <peter.stadler@student.uibk.ac.at>

 include $(INCLUDE_DIR)/package.mk
@ -11,6 +11,7 @@ include $(INCLUDE_DIR)/cmake.mk
 CMAKE_OPTIONS+= -DUBUS=y
 CMAKE_OPTIONS+= -DVERSION=$(PKG_VERSION)

+TARGET_CFLAGS+= -Wno-error=deprecated-declarations

 define Package/nginx-ssl-util/default
  SECTION:=net
--- a/net/nsd/Makefile
+++ b/net/nsd/Makefile
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=nsd
-PKG_VERSION:=4.2.4
+PKG_VERSION:=4.6.1
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.nlnetlabs.nl/downloads/nsd
-PKG_HASH:=9ebd6d766765631a56c0eb332eac26b310fa39f662e5582c8210488cf91ef27c
+PKG_HASH:=3f60a3a13ec3f68e84bfa7e19daff663c82bcf1de96e4f53f2246525e773a27a

 PKG_MAINTAINER:=Vasilis Tsiligiannis <acinonyx@openwrt.gr>
 PKG_LICENSE:=BSD-3-Clause
@ -21,6 +21,7 @@ PKG_LICENSE_FILES:=LICENSE

 PKG_INSTALL:=1
 PKG_BUILD_PARALLEL:=1
+PKG_FIXUP:=autoreconf

 include $(INCLUDE_DIR)/package.mk

--- a/net/nsd/patches/010-Fix-build-with-without-ssl.patch
+++ b/net/nsd/patches/010-Fix-build-with-without-ssl.patch
@ -0,0 +1,43 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Thu, 9 Feb 2023 13:48:31 -0300
+Subject: [PATCH] Fix build with --without-ssl
+
+Don't include COMMON_OBJ when compiling nsd-control without SSL.
+
+Without SSL, nsd-control's only purpose is to print out an error
+message.  There's no need to include any other object files then.
+
+*** THIS PATCH SHOULD NOT BE APPLIED TO NSD'S NEXT RELEASE ***
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+--- a/Makefile.in
+++ b/Makefile.in
+@@ -85,7 +85,7 @@ NSD_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) difffi
+ ALL_OBJ=$(NSD_OBJ) nsd-checkconf.o nsd-checkzone.o nsd-control.o nsd-mem.o xfr-inspect.o
+ NSD_CHECKCONF_OBJ=$(COMMON_OBJ) nsd-checkconf.o
+ NSD_CHECKZONE_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) dbaccess.o dbcreate.o difffile.o ipc.o mini_event.o netio.o server.o zonec.o zparser.o zlexer.o nsd-checkzone.o verify.o
+-NSD_CONTROL_OBJ=$(COMMON_OBJ) nsd-control.o
+NSD_CONTROL_OBJ=@NSD_CONTROL_COMMON_OBJ@ nsd-control.o
+ CUTEST_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) dbaccess.o dbcreate.o difffile.o ipc.o mini_event.o netio.o server.o verify.o zonec.o zparser.o zlexer.o cutest_dname.o cutest_dns.o cutest_iterated_hash.o cutest_run.o cutest_radtree.o cutest_rbtree.o cutest_namedb.o cutest_options.o cutest_region.o cutest_rrl.o cutest_udb.o cutest_udbrad.o cutest_util.o cutest_bitset.o cutest_popen3.o cutest_iter.o cutest_event.o cutest.o qtest.o
+ NSD_MEM_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) dbaccess.o dbcreate.o difffile.o ipc.o mini_event.o netio.o verify.o server.o zonec.o zparser.o zlexer.o nsd-mem.o
+ all:	$(TARGETS) $(MANUALS)
+--- a/configure.ac
+++ b/configure.ac
+@@ -1015,6 +1015,7 @@ AC_SUBST(ratelimit_default)
+ # we need SSL for TSIG (and maybe also for NSEC3).
+ CHECK_SSL
+ if test x$HAVE_SSL = x"yes"; then
+	AC_SUBST(NSD_CONTROL_COMMON_OBJ,'$(COMMON_OBJ)')
+ 	ACX_LIB_SSL
+ 	# remove space after -ldl if there.
+ 	LIBS=`echo "$LIBS" | sed -e 's/ $//'`
+@@ -1091,6 +1092,7 @@ AC_INCLUDES_DEFAULT
+ else
+ 	AC_MSG_WARN([No SSL, therefore remote-control is disabled])
+ 	AC_MSG_WARN([No SSL, therefore TLS is disabled])
+	AC_SUBST(NSD_CONTROL_COMMON_OBJ,)
+ fi
+ 
+ AC_ARG_ENABLE(nsec3, AS_HELP_STRING([--disable-nsec3],[Disable NSEC3 support]))
--- a/net/squid/Makefile
+++ b/net/squid/Makefile
@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=squid
-PKG_VERSION:=4.17
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_VERSION:=5.7
+PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=http://www2.pl.squid-cache.org/Versions/v4/ \
-	http://www.squid-cache.org/Versions/v4/
-PKG_HASH:=cb928ac08c7c86b151b1c8f827abe1a84d83181a2a86e0d512286163e1e31418
+PKG_SOURCE_URL:=http://www2.pl.squid-cache.org/Versions/v5/ \
+	http://www.squid-cache.org/Versions/v5/
+PKG_HASH:=6b0753aaba4c9c4efd333e67124caecf7ad6cc2d38581f19d2f0321f5b7ecd81

 PKG_MAINTAINER:=Marko Ratkaj <markoratkaj@gmail.com>
 PKG_LICENSE:=GPL-2.0-or-later
--- a/net/squid/patches/001-glibc-compile.patch
+++ b/net/squid/patches/001-glibc-compile.patch
@ -1,12 +0,0 @@
--- a/src/tools.cc
-+++ b/src/tools.cc
-@@ -582,7 +582,8 @@ enter_suid(void)
-     }
- #else
- 
-    setuid(0);
-+    if (setuid(0) < 0)
-+	debugs(50, 1, "no_suid: setuid (0)");
- #endif
- #if HAVE_PRCTL && defined(PR_SET_DUMPABLE)
-     /* Set Linux DUMPABLE flag */
--- a/net/squid/patches/010-no-buildcxxflags.patch
+++ b/net/squid/patches/010-no-buildcxxflags.patch
@ -1,6 +1,6 @@
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
-@@ -765,7 +765,7 @@ cache_cf.o: cf_parser.cci
+@@ -761,7 +761,7 @@ cache_cf.o: cf_parser.cci
 
 # cf_gen builds the configuration files.
 cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci
--- a/net/squid/patches/020-libxml-drop-xmlSetFeature.patch
+++ b/net/squid/patches/020-libxml-drop-xmlSetFeature.patch
@ -1,10 +0,0 @@
--- a/src/esi/Libxml2Parser.cc
-+++ b/src/esi/Libxml2Parser.cc
-@@ -91,7 +91,6 @@ ESILibxml2Parser::ESILibxml2Parser(ESIPa
- 
-     /* TODO: grab the document encoding from the headers */
-     parser = xmlCreatePushParserCtxt(&sax, static_cast<void *>(this), NULL, 0, NULL);
-    xmlSetFeature(parser, "substitute entities", 0);
- 
-     if (entity_doc == NULL)
-         entity_doc = htmlNewDoc(NULL, NULL);
--- a/net/umurmur/Makefile
+++ b/net/umurmur/Makefile
@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=umurmur
 PKG_VERSION:=0.2.20
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/umurmur/umurmur/tar.gz/$(PKG_VERSION)?
--- a/net/umurmur/patches/010-umurmur-0.2.20-openssl3.patch
+++ b/net/umurmur/patches/010-umurmur-0.2.20-openssl3.patch
@ -0,0 +1,11 @@
+--- a/src/ssli_openssl.c
+++ b/src/ssli_openssl.c
+@@ -142,8 +142,6 @@ static EVP_PKEY *SSL_generate_cert_and_k
+ 	
+ 	Log_info("Generating new server certificate.");
+ 	
+-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+-	
+ 	x509 = X509_new();
+ 	if (!x509)
+ 		goto err_out;