diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2019-02-26 21:31:38 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2019-02-26 21:31:38 +0000 |
commit | 5075582b1544bfe9c33386943f72ff9bd74e2a98 (patch) | |
tree | bd264e37f9e65b2fba1ead981453580570fec56c | |
parent | d26e7988169f01a36577137d5c64f96967a5b1fd (diff) | |
download | alpine_aports-5075582b1544bfe9c33386943f72ff9bd74e2a98.tar.bz2 alpine_aports-5075582b1544bfe9c33386943f72ff9bd74e2a98.tar.xz alpine_aports-5075582b1544bfe9c33386943f72ff9bd74e2a98.zip |
community/xbps: rebuild against openssl
-rw-r--r-- | community/xbps/APKBUILD | 8 | ||||
-rw-r--r-- | community/xbps/openssl-1.1.patch | 126 |
2 files changed, 131 insertions, 3 deletions
diff --git a/community/xbps/APKBUILD b/community/xbps/APKBUILD index c44c9d63ab..b6d4077d26 100644 --- a/community/xbps/APKBUILD +++ b/community/xbps/APKBUILD | |||
@@ -2,13 +2,13 @@ | |||
2 | # Maintainer: André Klitzing <aklitzing@gmail.com> | 2 | # Maintainer: André Klitzing <aklitzing@gmail.com> |
3 | pkgname=xbps | 3 | pkgname=xbps |
4 | pkgver=0.53 | 4 | pkgver=0.53 |
5 | pkgrel=0 | 5 | pkgrel=1 |
6 | pkgdesc="The X Binary Package System" | 6 | pkgdesc="The X Binary Package System" |
7 | arch="all" | 7 | arch="all" |
8 | url="https://github.com/voidlinux/xbps" | 8 | url="https://github.com/voidlinux/xbps" |
9 | license="BSD" | 9 | license="BSD" |
10 | depends="ca-certificates" | 10 | depends="ca-certificates" |
11 | makedepends="zlib-dev libarchive-dev libressl-dev" # does not support openssl 1.1 | 11 | makedepends="zlib-dev libarchive-dev openssl-dev" |
12 | subpackages="$pkgname-dev $pkgname-doc | 12 | subpackages="$pkgname-dev $pkgname-doc |
13 | $pkgname-bash-completion:bashcomp:noarch | 13 | $pkgname-bash-completion:bashcomp:noarch |
14 | $pkgname-zsh-completion:zshcomp:noarch" | 14 | $pkgname-zsh-completion:zshcomp:noarch" |
@@ -16,6 +16,7 @@ options="!check" | |||
16 | source="$pkgname-$pkgver.tar.gz::https://github.com/void-linux/$pkgname/archive/$pkgver.tar.gz | 16 | source="$pkgname-$pkgver.tar.gz::https://github.com/void-linux/$pkgname/archive/$pkgver.tar.gz |
17 | 0f338597015271ee504100c32fd2c4926efdb423.patch | 17 | 0f338597015271ee504100c32fd2c4926efdb423.patch |
18 | disable-Werror.patch | 18 | disable-Werror.patch |
19 | openssl-1.1.patch | ||
19 | " | 20 | " |
20 | builddir="$srcdir/$pkgname-$pkgver" | 21 | builddir="$srcdir/$pkgname-$pkgver" |
21 | 22 | ||
@@ -64,4 +65,5 @@ _submv() { | |||
64 | 65 | ||
65 | sha512sums="f40a479196e95cd1c01962230cd3e61f424474ceb454c3d7a31d59b636a0f17138023ae2822bb1666765f15618e3fa7e4fa48786c5530eb975f637b6abf6418f xbps-0.53.tar.gz | 66 | sha512sums="f40a479196e95cd1c01962230cd3e61f424474ceb454c3d7a31d59b636a0f17138023ae2822bb1666765f15618e3fa7e4fa48786c5530eb975f637b6abf6418f xbps-0.53.tar.gz |
66 | 5ae4fa6c5fc8d115b01d74c85121e13933b17a09404d53923a316ce7cc30325227019db33a2efe891ed2be5f61600e3003c37f07c24639ef32786d5b8d4d9c2b 0f338597015271ee504100c32fd2c4926efdb423.patch | 67 | 5ae4fa6c5fc8d115b01d74c85121e13933b17a09404d53923a316ce7cc30325227019db33a2efe891ed2be5f61600e3003c37f07c24639ef32786d5b8d4d9c2b 0f338597015271ee504100c32fd2c4926efdb423.patch |
67 | a761edd8fd358b500337fcef79f6163ef642fc387f97d952fec0838baa786d585f21e34cd066cba1918f474bccd7decbad2587b91f125b75e308b2dfe8f4721a disable-Werror.patch" | 68 | a761edd8fd358b500337fcef79f6163ef642fc387f97d952fec0838baa786d585f21e34cd066cba1918f474bccd7decbad2587b91f125b75e308b2dfe8f4721a disable-Werror.patch |
69 | c61d64f618ee21bdf120512ada3d67babeded06830384b800754e586fd66d16772984d6fe325e4674098a1e07caf737e8293848008d068591656808f267fafcb openssl-1.1.patch" | ||
diff --git a/community/xbps/openssl-1.1.patch b/community/xbps/openssl-1.1.patch new file mode 100644 index 0000000000..677be08539 --- /dev/null +++ b/community/xbps/openssl-1.1.patch | |||
@@ -0,0 +1,126 @@ | |||
1 | From b4eebafa6d634c4e0e00267ae69703e506ac101d Mon Sep 17 00:00:00 2001 | ||
2 | From: wuhanck <wuhanck@hotmail.com> | ||
3 | Date: Thu, 24 Jan 2019 18:39:07 +0800 | ||
4 | Subject: [PATCH] upgrade to openssl 1.1.x. | ||
5 | |||
6 | --- | ||
7 | configure | 2 +- | ||
8 | lib/fetch/common.c | 2 +- | ||
9 | lib/pubkey2fp.c | 29 ++++++++++++++++++----------- | ||
10 | 3 files changed, 20 insertions(+), 13 deletions(-) | ||
11 | |||
12 | diff --git a/configure b/configure | ||
13 | index ebef990a..b6e642a2 100755 | ||
14 | --- a/configure | ||
15 | +++ b/configure | ||
16 | @@ -678,7 +678,7 @@ fi | ||
17 | # libssl with pkg-config support is required. | ||
18 | # | ||
19 | printf "Checking for libssl via pkg-config ... " | ||
20 | -if $PKGCONFIG_BIN --exists 'libssl < 1.1' && ! $PKGCONFIG_BIN --exists libtls ; then | ||
21 | +if $PKGCONFIG_BIN --exists 'libssl < 1.2' && ! $PKGCONFIG_BIN --exists libtls ; then | ||
22 | echo "found OpenSSL version $($PKGCONFIG_BIN --modversion libssl)." | ||
23 | elif $PKGCONFIG_BIN --exists libssl libtls; then | ||
24 | echo "found LibreSSL version $($PKGCONFIG_BIN --modversion libssl)." | ||
25 | diff --git a/lib/fetch/common.c b/lib/fetch/common.c | ||
26 | index 94fb2651..b3d8f2f0 100644 | ||
27 | --- a/lib/fetch/common.c | ||
28 | +++ b/lib/fetch/common.c | ||
29 | @@ -895,7 +895,7 @@ fetch_ssl_verify_altname(STACK_OF(GENERAL_NAME) *altnames, | ||
30 | |||
31 | for (i = 0; i < sk_GENERAL_NAME_num(altnames); ++i) { | ||
32 | name = sk_GENERAL_NAME_value(altnames, i); | ||
33 | - ns = (const char *)ASN1_STRING_data(name->d.ia5); | ||
34 | + ns = (const char *)ASN1_STRING_get0_data(name->d.ia5); | ||
35 | nslen = (size_t)ASN1_STRING_length(name->d.ia5); | ||
36 | |||
37 | if (name->type == GEN_DNS && ip == NULL && | ||
38 | diff --git a/lib/pubkey2fp.c b/lib/pubkey2fp.c | ||
39 | index 2cfe7178..c1a46e88 100644 | ||
40 | --- a/lib/pubkey2fp.c | ||
41 | +++ b/lib/pubkey2fp.c | ||
42 | @@ -65,12 +65,13 @@ fp2str(unsigned const char *fp, unsigned int len) | ||
43 | char * | ||
44 | xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey) | ||
45 | { | ||
46 | - EVP_MD_CTX mdctx; | ||
47 | + EVP_MD_CTX *mdctx = NULL; | ||
48 | EVP_PKEY *pPubKey = NULL; | ||
49 | RSA *pRsa = NULL; | ||
50 | BIO *bio = NULL; | ||
51 | const void *pubkeydata; | ||
52 | unsigned char md_value[EVP_MAX_MD_SIZE]; | ||
53 | + const BIGNUM *n, *e; | ||
54 | unsigned char *nBytes = NULL, *eBytes = NULL, *pEncoding = NULL; | ||
55 | unsigned int md_len = 0; | ||
56 | char *hexfpstr = NULL; | ||
57 | @@ -79,6 +80,8 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey) | ||
58 | ERR_load_crypto_strings(); | ||
59 | OpenSSL_add_all_algorithms(); | ||
60 | |||
61 | + mdctx = EVP_MD_CTX_new(); | ||
62 | + assert(mdctx); | ||
63 | pubkeydata = xbps_data_data_nocopy(pubkey); | ||
64 | bio = BIO_new_mem_buf(__UNCONST(pubkeydata), xbps_data_size(pubkey)); | ||
65 | assert(bio); | ||
66 | @@ -91,7 +94,7 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey) | ||
67 | goto out; | ||
68 | } | ||
69 | |||
70 | - if (EVP_PKEY_type(pPubKey->type) != EVP_PKEY_RSA) { | ||
71 | + if (EVP_PKEY_base_id(pPubKey) != EVP_PKEY_RSA) { | ||
72 | xbps_dbg_printf(xhp, "only RSA public keys are currently supported\n"); | ||
73 | goto out; | ||
74 | } | ||
75 | @@ -103,19 +106,20 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey) | ||
76 | goto out; | ||
77 | } | ||
78 | |||
79 | + RSA_get0_key(pRsa, &n, &e, NULL); | ||
80 | // reading the modulus | ||
81 | - nLen = BN_num_bytes(pRsa->n); | ||
82 | + nLen = BN_num_bytes(n); | ||
83 | nBytes = (unsigned char*) malloc(nLen); | ||
84 | if (nBytes == NULL) | ||
85 | goto out; | ||
86 | - BN_bn2bin(pRsa->n, nBytes); | ||
87 | + BN_bn2bin(n, nBytes); | ||
88 | |||
89 | // reading the public exponent | ||
90 | - eLen = BN_num_bytes(pRsa->e); | ||
91 | + eLen = BN_num_bytes(e); | ||
92 | eBytes = (unsigned char*) malloc(eLen); | ||
93 | if (eBytes == NULL) | ||
94 | goto out; | ||
95 | - BN_bn2bin(pRsa->e, eBytes); | ||
96 | + BN_bn2bin(e, eBytes); | ||
97 | |||
98 | encodingLength = 11 + 4 + eLen + 4 + nLen; | ||
99 | // correct depending on the MSB of e and N | ||
100 | @@ -135,18 +139,21 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey) | ||
101 | /* | ||
102 | * Compute the RSA fingerprint (MD5). | ||
103 | */ | ||
104 | - EVP_MD_CTX_init(&mdctx); | ||
105 | - EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL); | ||
106 | - EVP_DigestUpdate(&mdctx, pEncoding, encodingLength); | ||
107 | - if (EVP_DigestFinal_ex(&mdctx, md_value, &md_len) == 0) | ||
108 | + EVP_MD_CTX_init(mdctx); | ||
109 | + EVP_DigestInit_ex(mdctx, EVP_md5(), NULL); | ||
110 | + EVP_DigestUpdate(mdctx, pEncoding, encodingLength); | ||
111 | + if (EVP_DigestFinal_ex(mdctx, md_value, &md_len) == 0) | ||
112 | goto out; | ||
113 | - EVP_MD_CTX_cleanup(&mdctx); | ||
114 | + EVP_MD_CTX_free(mdctx); | ||
115 | + mdctx = NULL; | ||
116 | /* | ||
117 | * Convert result to a compatible OpenSSH hex fingerprint. | ||
118 | */ | ||
119 | hexfpstr = fp2str(md_value, md_len); | ||
120 | |||
121 | out: | ||
122 | + if (mdctx) | ||
123 | + EVP_MD_CTX_free(mdctx); | ||
124 | if (bio) | ||
125 | BIO_free_all(bio); | ||
126 | if (pRsa) | ||