community/xbps: rebuild against openssl

author: Natanael Copa <ncopa@alpinelinux.org> 2019-02-26 21:31:38 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2019-02-26 21:31:38 +0000
commit: 5075582b1544bfe9c33386943f72ff9bd74e2a98 (patch)
tree: bd264e37f9e65b2fba1ead981453580570fec56c
parent: d26e7988169f01a36577137d5c64f96967a5b1fd (diff)
download: alpine_aports-5075582b1544bfe9c33386943f72ff9bd74e2a98.tar.bz2
alpine_aports-5075582b1544bfe9c33386943f72ff9bd74e2a98.tar.xz
alpine_aports-5075582b1544bfe9c33386943f72ff9bd74e2a98.zip
2 files changed, 131 insertions, 3 deletions
diff --git a/community/xbps/APKBUILD b/community/xbps/APKBUILD
index c44c9d63ab..b6d4077d26 100644
--- a/community/xbps/APKBUILD
+++ b/community/xbps/APKBUILD
@@ -2,13 +2,13 @@
 # Maintainer: André Klitzing <aklitzing@gmail.com>
 pkgname=xbps
 pkgver=0.53
-pkgrel=0
+pkgrel=1
 pkgdesc="The X Binary Package System"
 arch="all"
 url="https://github.com/voidlinux/xbps"
 license="BSD"
 depends="ca-certificates"
-makedepends="zlib-dev libarchive-dev libressl-dev" # does not support openssl 1.1
+makedepends="zlib-dev libarchive-dev openssl-dev"
 subpackages="$pkgname-dev $pkgname-doc
        $pkgname-bash-completion:bashcomp:noarch
        $pkgname-zsh-completion:zshcomp:noarch"
@@ -16,6 +16,7 @@ options="!check"
 source="$pkgname-$pkgver.tar.gz::https://github.com/void-linux/$pkgname/archive/$pkgver.tar.gz
        0f338597015271ee504100c32fd2c4926efdb423.patch
        disable-Werror.patch
+        openssl-1.1.patch
        "
 builddir="$srcdir/$pkgname-$pkgver"
@@ -64,4 +65,5 @@ _submv() {
 sha512sums="f40a479196e95cd1c01962230cd3e61f424474ceb454c3d7a31d59b636a0f17138023ae2822bb1666765f15618e3fa7e4fa48786c5530eb975f637b6abf6418f  xbps-0.53.tar.gz
 5ae4fa6c5fc8d115b01d74c85121e13933b17a09404d53923a316ce7cc30325227019db33a2efe891ed2be5f61600e3003c37f07c24639ef32786d5b8d4d9c2b  0f338597015271ee504100c32fd2c4926efdb423.patch
-a761edd8fd358b500337fcef79f6163ef642fc387f97d952fec0838baa786d585f21e34cd066cba1918f474bccd7decbad2587b91f125b75e308b2dfe8f4721a  disable-Werror.patch"
+a761edd8fd358b500337fcef79f6163ef642fc387f97d952fec0838baa786d585f21e34cd066cba1918f474bccd7decbad2587b91f125b75e308b2dfe8f4721a  disable-Werror.patch
+c61d64f618ee21bdf120512ada3d67babeded06830384b800754e586fd66d16772984d6fe325e4674098a1e07caf737e8293848008d068591656808f267fafcb  openssl-1.1.patch"
diff --git a/community/xbps/openssl-1.1.patch b/community/xbps/openssl-1.1.patch
new file mode 100644
index 0000000000..677be08539
--- /dev/null
+++ b/community/xbps/openssl-1.1.patch
@@ -0,0 +1,126 @@
+From b4eebafa6d634c4e0e00267ae69703e506ac101d Mon Sep 17 00:00:00 2001
+From: wuhanck <wuhanck@hotmail.com>
+Date: Thu, 24 Jan 2019 18:39:07 +0800
+Subject: [PATCH] upgrade to openssl 1.1.x.
+---
+ configure          |  2 +-
+ lib/fetch/common.c |  2 +-
+ lib/pubkey2fp.c    | 29 ++++++++++++++++++-----------
+ 3 files changed, 20 insertions(+), 13 deletions(-)
+diff --git a/configure b/configure
+index ebef990a..b6e642a2 100755
+--- a/configure
+++ b/configure
+@@ -678,7 +678,7 @@ fi
+ # libssl with pkg-config support is required.
+ #
+ printf "Checking for libssl via pkg-config ... "
+-if $PKGCONFIG_BIN --exists 'libssl < 1.1' && ! $PKGCONFIG_BIN --exists libtls ; then
+if $PKGCONFIG_BIN --exists 'libssl < 1.2' && ! $PKGCONFIG_BIN --exists libtls ; then
+        echo "found OpenSSL version $($PKGCONFIG_BIN --modversion libssl)."
+ elif $PKGCONFIG_BIN --exists libssl libtls; then
+        echo "found LibreSSL version $($PKGCONFIG_BIN --modversion libssl)."
+diff --git a/lib/fetch/common.c b/lib/fetch/common.c
+index 94fb2651..b3d8f2f0 100644
+--- a/lib/fetch/common.c
+++ b/lib/fetch/common.c
+@@ -895,7 +895,7 @@ fetch_ssl_verify_altname(STACK_OF(GENERAL_NAME) *altnames,
+ 
+        for (i = 0; i < sk_GENERAL_NAME_num(altnames); ++i) {
+                name = sk_GENERAL_NAME_value(altnames, i);
+-               ns = (const char *)ASN1_STRING_data(name->d.ia5);
+               ns = (const char *)ASN1_STRING_get0_data(name->d.ia5);
+                nslen = (size_t)ASN1_STRING_length(name->d.ia5);
+ 
+                if (name->type == GEN_DNS && ip == NULL &&
+diff --git a/lib/pubkey2fp.c b/lib/pubkey2fp.c
+index 2cfe7178..c1a46e88 100644
+--- a/lib/pubkey2fp.c
+++ b/lib/pubkey2fp.c
+@@ -65,12 +65,13 @@ fp2str(unsigned const char *fp, unsigned int len)
+ char *
+ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
+ {
+-       EVP_MD_CTX mdctx;
+       EVP_MD_CTX *mdctx = NULL;
+        EVP_PKEY *pPubKey = NULL;
+        RSA *pRsa = NULL;
+        BIO *bio = NULL;
+        const void *pubkeydata;
+        unsigned char md_value[EVP_MAX_MD_SIZE];
+       const BIGNUM *n, *e;
+        unsigned char *nBytes = NULL, *eBytes = NULL, *pEncoding = NULL;
+        unsigned int md_len = 0;
+        char *hexfpstr = NULL;
+@@ -79,6 +80,8 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
+        ERR_load_crypto_strings();
+        OpenSSL_add_all_algorithms();
+ 
+       mdctx = EVP_MD_CTX_new();
+       assert(mdctx);
+        pubkeydata = xbps_data_data_nocopy(pubkey);
+        bio = BIO_new_mem_buf(__UNCONST(pubkeydata), xbps_data_size(pubkey));
+        assert(bio);
+@@ -91,7 +94,7 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
+                goto out;
+        }
+ 
+-       if (EVP_PKEY_type(pPubKey->type) != EVP_PKEY_RSA) {
+       if (EVP_PKEY_base_id(pPubKey) != EVP_PKEY_RSA) {
+                xbps_dbg_printf(xhp, "only RSA public keys are currently supported\n");
+                goto out;
+        }
+@@ -103,19 +106,20 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
+                goto out;
+        }
+ 
+       RSA_get0_key(pRsa, &n, &e, NULL);
+        // reading the modulus
+-       nLen = BN_num_bytes(pRsa->n);
+       nLen = BN_num_bytes(n);
+        nBytes = (unsigned char*) malloc(nLen);
+        if (nBytes == NULL)
+                goto out;
+-       BN_bn2bin(pRsa->n, nBytes);
+       BN_bn2bin(n, nBytes);
+ 
+        // reading the public exponent
+-       eLen = BN_num_bytes(pRsa->e);
+       eLen = BN_num_bytes(e);
+        eBytes = (unsigned char*) malloc(eLen);
+        if (eBytes == NULL)
+                goto out;
+-       BN_bn2bin(pRsa->e, eBytes);
+       BN_bn2bin(e, eBytes);
+ 
+        encodingLength = 11 + 4 + eLen + 4 + nLen;
+        // correct depending on the MSB of e and N
+@@ -135,18 +139,21 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
+        /*
+         * Compute the RSA fingerprint (MD5).
+         */
+-       EVP_MD_CTX_init(&mdctx);
+-       EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL);
+-       EVP_DigestUpdate(&mdctx, pEncoding, encodingLength);
+-       if (EVP_DigestFinal_ex(&mdctx, md_value, &md_len) == 0)
+       EVP_MD_CTX_init(mdctx);
+       EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
+       EVP_DigestUpdate(mdctx, pEncoding, encodingLength);
+       if (EVP_DigestFinal_ex(mdctx, md_value, &md_len) == 0)
+                goto out;
+-       EVP_MD_CTX_cleanup(&mdctx);
+       EVP_MD_CTX_free(mdctx);
+       mdctx = NULL;
+        /*
+         * Convert result to a compatible OpenSSH hex fingerprint.
+         */
+        hexfpstr = fp2str(md_value, md_len);
+ 
+ out:
+       if (mdctx)
+               EVP_MD_CTX_free(mdctx);
+        if (bio)
+                BIO_free_all(bio);
+        if (pRsa)
author	Natanael Copa <ncopa@alpinelinux.org>	2019-02-26 21:31:38 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2019-02-26 21:31:38 +0000
commit	5075582b1544bfe9c33386943f72ff9bd74e2a98 (patch)
tree	bd264e37f9e65b2fba1ead981453580570fec56c
parent	d26e7988169f01a36577137d5c64f96967a5b1fd (diff)
download	alpine_aports-5075582b1544bfe9c33386943f72ff9bd74e2a98.tar.bz2 alpine_aports-5075582b1544bfe9c33386943f72ff9bd74e2a98.tar.xz alpine_aports-5075582b1544bfe9c33386943f72ff9bd74e2a98.zip

diff --git a/community/xbps/APKBUILD b/community/xbps/APKBUILD index c44c9d63ab..b6d4077d26 100644 --- a/community/xbps/APKBUILD +++ b/community/xbps/APKBUILD
@@ -2,13 +2,13 @@
2	# Maintainer: André Klitzing <aklitzing@gmail.com>	2	# Maintainer: André Klitzing <aklitzing@gmail.com>
3	pkgname=xbps	3	pkgname=xbps
4	pkgver=0.53	4	pkgver=0.53
5	pkgrel=0	5	pkgrel=1
6	pkgdesc="The X Binary Package System"	6	pkgdesc="The X Binary Package System"
7	arch="all"	7	arch="all"
8	url="https://github.com/voidlinux/xbps"	8	url="https://github.com/voidlinux/xbps"
9	license="BSD"	9	license="BSD"
10	depends="ca-certificates"	10	depends="ca-certificates"
11	makedepends="zlib-dev libarchive-dev libressl-dev" # does not support openssl 1.1	11	makedepends="zlib-dev libarchive-dev openssl-dev"
12	subpackages="$pkgname-dev $pkgname-doc	12	subpackages="$pkgname-dev $pkgname-doc
13	$pkgname-bash-completion:bashcomp:noarch	13	$pkgname-bash-completion:bashcomp:noarch
14	$pkgname-zsh-completion:zshcomp:noarch"	14	$pkgname-zsh-completion:zshcomp:noarch"
@@ -16,6 +16,7 @@ options="!check"
16	source="$pkgname-$pkgver.tar.gz::https://github.com/void-linux/$pkgname/archive/$pkgver.tar.gz	16	source="$pkgname-$pkgver.tar.gz::https://github.com/void-linux/$pkgname/archive/$pkgver.tar.gz
17	0f338597015271ee504100c32fd2c4926efdb423.patch	17	0f338597015271ee504100c32fd2c4926efdb423.patch
18	disable-Werror.patch	18	disable-Werror.patch
		19	openssl-1.1.patch
19	"	20	"
20	builddir="$srcdir/$pkgname-$pkgver"	21	builddir="$srcdir/$pkgname-$pkgver"
21		22
@@ -64,4 +65,5 @@ _submv() {
64		65
65	sha512sums="f40a479196e95cd1c01962230cd3e61f424474ceb454c3d7a31d59b636a0f17138023ae2822bb1666765f15618e3fa7e4fa48786c5530eb975f637b6abf6418f xbps-0.53.tar.gz	66	sha512sums="f40a479196e95cd1c01962230cd3e61f424474ceb454c3d7a31d59b636a0f17138023ae2822bb1666765f15618e3fa7e4fa48786c5530eb975f637b6abf6418f xbps-0.53.tar.gz
66	5ae4fa6c5fc8d115b01d74c85121e13933b17a09404d53923a316ce7cc30325227019db33a2efe891ed2be5f61600e3003c37f07c24639ef32786d5b8d4d9c2b 0f338597015271ee504100c32fd2c4926efdb423.patch	67	5ae4fa6c5fc8d115b01d74c85121e13933b17a09404d53923a316ce7cc30325227019db33a2efe891ed2be5f61600e3003c37f07c24639ef32786d5b8d4d9c2b 0f338597015271ee504100c32fd2c4926efdb423.patch
67	a761edd8fd358b500337fcef79f6163ef642fc387f97d952fec0838baa786d585f21e34cd066cba1918f474bccd7decbad2587b91f125b75e308b2dfe8f4721a disable-Werror.patch"	68	a761edd8fd358b500337fcef79f6163ef642fc387f97d952fec0838baa786d585f21e34cd066cba1918f474bccd7decbad2587b91f125b75e308b2dfe8f4721a disable-Werror.patch
		69	c61d64f618ee21bdf120512ada3d67babeded06830384b800754e586fd66d16772984d6fe325e4674098a1e07caf737e8293848008d068591656808f267fafcb openssl-1.1.patch"


diff --git a/community/xbps/openssl-1.1.patch b/community/xbps/openssl-1.1.patch new file mode 100644 index 0000000000..677be08539 --- /dev/null +++ b/community/xbps/openssl-1.1.patch
@@ -0,0 +1,126 @@
		1	From b4eebafa6d634c4e0e00267ae69703e506ac101d Mon Sep 17 00:00:00 2001
		2	From: wuhanck <wuhanck@hotmail.com>
		3	Date: Thu, 24 Jan 2019 18:39:07 +0800
		4	Subject: [PATCH] upgrade to openssl 1.1.x.
		5
		6	---
		7	configure \| 2 +-
		8	lib/fetch/common.c \| 2 +-
		9	lib/pubkey2fp.c \| 29 ++++++++++++++++++-----------
		10	3 files changed, 20 insertions(+), 13 deletions(-)
		11
		12	diff --git a/configure b/configure
		13	index ebef990a..b6e642a2 100755
		14	--- a/configure
		15	+++ b/configure
		16	@@ -678,7 +678,7 @@ fi
		17	# libssl with pkg-config support is required.
		18	#
		19	printf "Checking for libssl via pkg-config ... "
		20	-if $PKGCONFIG_BIN --exists 'libssl < 1.1' && ! $PKGCONFIG_BIN --exists libtls ; then
		21	+if $PKGCONFIG_BIN --exists 'libssl < 1.2' && ! $PKGCONFIG_BIN --exists libtls ; then
		22	echo "found OpenSSL version $($PKGCONFIG_BIN --modversion libssl)."
		23	elif $PKGCONFIG_BIN --exists libssl libtls; then
		24	echo "found LibreSSL version $($PKGCONFIG_BIN --modversion libssl)."
		25	diff --git a/lib/fetch/common.c b/lib/fetch/common.c
		26	index 94fb2651..b3d8f2f0 100644
		27	--- a/lib/fetch/common.c
		28	+++ b/lib/fetch/common.c
		29	@@ -895,7 +895,7 @@ fetch_ssl_verify_altname(STACK_OF(GENERAL_NAME) *altnames,
		30
		31	for (i = 0; i < sk_GENERAL_NAME_num(altnames); ++i) {
		32	name = sk_GENERAL_NAME_value(altnames, i);
		33	- ns = (const char *)ASN1_STRING_data(name->d.ia5);
		34	+ ns = (const char *)ASN1_STRING_get0_data(name->d.ia5);
		35	nslen = (size_t)ASN1_STRING_length(name->d.ia5);
		36
		37	if (name->type == GEN_DNS && ip == NULL &&
		38	diff --git a/lib/pubkey2fp.c b/lib/pubkey2fp.c
		39	index 2cfe7178..c1a46e88 100644
		40	--- a/lib/pubkey2fp.c
		41	+++ b/lib/pubkey2fp.c
		42	@@ -65,12 +65,13 @@ fp2str(unsigned const char *fp, unsigned int len)
		43	char *
		44	xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
		45	{
		46	- EVP_MD_CTX mdctx;
		47	+ EVP_MD_CTX *mdctx = NULL;
		48	EVP_PKEY *pPubKey = NULL;
		49	RSA *pRsa = NULL;
		50	BIO *bio = NULL;
		51	const void *pubkeydata;
		52	unsigned char md_value[EVP_MAX_MD_SIZE];
		53	+ const BIGNUM n, e;
		54	unsigned char nBytes = NULL, eBytes = NULL, *pEncoding = NULL;
		55	unsigned int md_len = 0;
		56	char *hexfpstr = NULL;
		57	@@ -79,6 +80,8 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
		58	ERR_load_crypto_strings();
		59	OpenSSL_add_all_algorithms();
		60
		61	+ mdctx = EVP_MD_CTX_new();
		62	+ assert(mdctx);
		63	pubkeydata = xbps_data_data_nocopy(pubkey);
		64	bio = BIO_new_mem_buf(__UNCONST(pubkeydata), xbps_data_size(pubkey));
		65	assert(bio);
		66	@@ -91,7 +94,7 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
		67	goto out;
		68	}
		69
		70	- if (EVP_PKEY_type(pPubKey->type) != EVP_PKEY_RSA) {
		71	+ if (EVP_PKEY_base_id(pPubKey) != EVP_PKEY_RSA) {
		72	xbps_dbg_printf(xhp, "only RSA public keys are currently supported\n");
		73	goto out;
		74	}
		75	@@ -103,19 +106,20 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
		76	goto out;
		77	}
		78
		79	+ RSA_get0_key(pRsa, &n, &e, NULL);
		80	// reading the modulus
		81	- nLen = BN_num_bytes(pRsa->n);
		82	+ nLen = BN_num_bytes(n);
		83	nBytes = (unsigned char*) malloc(nLen);
		84	if (nBytes == NULL)
		85	goto out;
		86	- BN_bn2bin(pRsa->n, nBytes);
		87	+ BN_bn2bin(n, nBytes);
		88
		89	// reading the public exponent
		90	- eLen = BN_num_bytes(pRsa->e);
		91	+ eLen = BN_num_bytes(e);
		92	eBytes = (unsigned char*) malloc(eLen);
		93	if (eBytes == NULL)
		94	goto out;
		95	- BN_bn2bin(pRsa->e, eBytes);
		96	+ BN_bn2bin(e, eBytes);
		97
		98	encodingLength = 11 + 4 + eLen + 4 + nLen;
		99	// correct depending on the MSB of e and N
		100	@@ -135,18 +139,21 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
		101	/*
		102	* Compute the RSA fingerprint (MD5).
		103	*/
		104	- EVP_MD_CTX_init(&mdctx);
		105	- EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL);
		106	- EVP_DigestUpdate(&mdctx, pEncoding, encodingLength);
		107	- if (EVP_DigestFinal_ex(&mdctx, md_value, &md_len) == 0)
		108	+ EVP_MD_CTX_init(mdctx);
		109	+ EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
		110	+ EVP_DigestUpdate(mdctx, pEncoding, encodingLength);
		111	+ if (EVP_DigestFinal_ex(mdctx, md_value, &md_len) == 0)
		112	goto out;
		113	- EVP_MD_CTX_cleanup(&mdctx);
		114	+ EVP_MD_CTX_free(mdctx);
		115	+ mdctx = NULL;
		116	/*
		117	* Convert result to a compatible OpenSSH hex fingerprint.
		118	*/
		119	hexfpstr = fp2str(md_value, md_len);
		120
		121	out:
		122	+ if (mdctx)
		123	+ EVP_MD_CTX_free(mdctx);
		124	if (bio)
		125	BIO_free_all(bio);
		126	if (pRsa)