aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2019-02-26 21:31:38 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2019-02-26 21:31:38 +0000
commit5075582b1544bfe9c33386943f72ff9bd74e2a98 (patch)
treebd264e37f9e65b2fba1ead981453580570fec56c
parentd26e7988169f01a36577137d5c64f96967a5b1fd (diff)
community/xbps: rebuild against openssl
-rw-r--r--community/xbps/APKBUILD8
-rw-r--r--community/xbps/openssl-1.1.patch126
2 files changed, 131 insertions, 3 deletions
diff --git a/community/xbps/APKBUILD b/community/xbps/APKBUILD
index c44c9d63ab3..b6d4077d269 100644
--- a/community/xbps/APKBUILD
+++ b/community/xbps/APKBUILD
@@ -2,13 +2,13 @@
# Maintainer: André Klitzing <aklitzing@gmail.com>
pkgname=xbps
pkgver=0.53
-pkgrel=0
+pkgrel=1
pkgdesc="The X Binary Package System"
arch="all"
url="https://github.com/voidlinux/xbps"
license="BSD"
depends="ca-certificates"
-makedepends="zlib-dev libarchive-dev libressl-dev" # does not support openssl 1.1
+makedepends="zlib-dev libarchive-dev openssl-dev"
subpackages="$pkgname-dev $pkgname-doc
$pkgname-bash-completion:bashcomp:noarch
$pkgname-zsh-completion:zshcomp:noarch"
@@ -16,6 +16,7 @@ options="!check"
source="$pkgname-$pkgver.tar.gz::https://github.com/void-linux/$pkgname/archive/$pkgver.tar.gz
0f338597015271ee504100c32fd2c4926efdb423.patch
disable-Werror.patch
+ openssl-1.1.patch
"
builddir="$srcdir/$pkgname-$pkgver"
@@ -64,4 +65,5 @@ _submv() {
sha512sums="f40a479196e95cd1c01962230cd3e61f424474ceb454c3d7a31d59b636a0f17138023ae2822bb1666765f15618e3fa7e4fa48786c5530eb975f637b6abf6418f xbps-0.53.tar.gz
5ae4fa6c5fc8d115b01d74c85121e13933b17a09404d53923a316ce7cc30325227019db33a2efe891ed2be5f61600e3003c37f07c24639ef32786d5b8d4d9c2b 0f338597015271ee504100c32fd2c4926efdb423.patch
-a761edd8fd358b500337fcef79f6163ef642fc387f97d952fec0838baa786d585f21e34cd066cba1918f474bccd7decbad2587b91f125b75e308b2dfe8f4721a disable-Werror.patch"
+a761edd8fd358b500337fcef79f6163ef642fc387f97d952fec0838baa786d585f21e34cd066cba1918f474bccd7decbad2587b91f125b75e308b2dfe8f4721a disable-Werror.patch
+c61d64f618ee21bdf120512ada3d67babeded06830384b800754e586fd66d16772984d6fe325e4674098a1e07caf737e8293848008d068591656808f267fafcb openssl-1.1.patch"
diff --git a/community/xbps/openssl-1.1.patch b/community/xbps/openssl-1.1.patch
new file mode 100644
index 00000000000..677be08539d
--- /dev/null
+++ b/community/xbps/openssl-1.1.patch
@@ -0,0 +1,126 @@
+From b4eebafa6d634c4e0e00267ae69703e506ac101d Mon Sep 17 00:00:00 2001
+From: wuhanck <wuhanck@hotmail.com>
+Date: Thu, 24 Jan 2019 18:39:07 +0800
+Subject: [PATCH] upgrade to openssl 1.1.x.
+
+---
+ configure | 2 +-
+ lib/fetch/common.c | 2 +-
+ lib/pubkey2fp.c | 29 ++++++++++++++++++-----------
+ 3 files changed, 20 insertions(+), 13 deletions(-)
+
+diff --git a/configure b/configure
+index ebef990a..b6e642a2 100755
+--- a/configure
++++ b/configure
+@@ -678,7 +678,7 @@ fi
+ # libssl with pkg-config support is required.
+ #
+ printf "Checking for libssl via pkg-config ... "
+-if $PKGCONFIG_BIN --exists 'libssl < 1.1' && ! $PKGCONFIG_BIN --exists libtls ; then
++if $PKGCONFIG_BIN --exists 'libssl < 1.2' && ! $PKGCONFIG_BIN --exists libtls ; then
+ echo "found OpenSSL version $($PKGCONFIG_BIN --modversion libssl)."
+ elif $PKGCONFIG_BIN --exists libssl libtls; then
+ echo "found LibreSSL version $($PKGCONFIG_BIN --modversion libssl)."
+diff --git a/lib/fetch/common.c b/lib/fetch/common.c
+index 94fb2651..b3d8f2f0 100644
+--- a/lib/fetch/common.c
++++ b/lib/fetch/common.c
+@@ -895,7 +895,7 @@ fetch_ssl_verify_altname(STACK_OF(GENERAL_NAME) *altnames,
+
+ for (i = 0; i < sk_GENERAL_NAME_num(altnames); ++i) {
+ name = sk_GENERAL_NAME_value(altnames, i);
+- ns = (const char *)ASN1_STRING_data(name->d.ia5);
++ ns = (const char *)ASN1_STRING_get0_data(name->d.ia5);
+ nslen = (size_t)ASN1_STRING_length(name->d.ia5);
+
+ if (name->type == GEN_DNS && ip == NULL &&
+diff --git a/lib/pubkey2fp.c b/lib/pubkey2fp.c
+index 2cfe7178..c1a46e88 100644
+--- a/lib/pubkey2fp.c
++++ b/lib/pubkey2fp.c
+@@ -65,12 +65,13 @@ fp2str(unsigned const char *fp, unsigned int len)
+ char *
+ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
+ {
+- EVP_MD_CTX mdctx;
++ EVP_MD_CTX *mdctx = NULL;
+ EVP_PKEY *pPubKey = NULL;
+ RSA *pRsa = NULL;
+ BIO *bio = NULL;
+ const void *pubkeydata;
+ unsigned char md_value[EVP_MAX_MD_SIZE];
++ const BIGNUM *n, *e;
+ unsigned char *nBytes = NULL, *eBytes = NULL, *pEncoding = NULL;
+ unsigned int md_len = 0;
+ char *hexfpstr = NULL;
+@@ -79,6 +80,8 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+
++ mdctx = EVP_MD_CTX_new();
++ assert(mdctx);
+ pubkeydata = xbps_data_data_nocopy(pubkey);
+ bio = BIO_new_mem_buf(__UNCONST(pubkeydata), xbps_data_size(pubkey));
+ assert(bio);
+@@ -91,7 +94,7 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
+ goto out;
+ }
+
+- if (EVP_PKEY_type(pPubKey->type) != EVP_PKEY_RSA) {
++ if (EVP_PKEY_base_id(pPubKey) != EVP_PKEY_RSA) {
+ xbps_dbg_printf(xhp, "only RSA public keys are currently supported\n");
+ goto out;
+ }
+@@ -103,19 +106,20 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
+ goto out;
+ }
+
++ RSA_get0_key(pRsa, &n, &e, NULL);
+ // reading the modulus
+- nLen = BN_num_bytes(pRsa->n);
++ nLen = BN_num_bytes(n);
+ nBytes = (unsigned char*) malloc(nLen);
+ if (nBytes == NULL)
+ goto out;
+- BN_bn2bin(pRsa->n, nBytes);
++ BN_bn2bin(n, nBytes);
+
+ // reading the public exponent
+- eLen = BN_num_bytes(pRsa->e);
++ eLen = BN_num_bytes(e);
+ eBytes = (unsigned char*) malloc(eLen);
+ if (eBytes == NULL)
+ goto out;
+- BN_bn2bin(pRsa->e, eBytes);
++ BN_bn2bin(e, eBytes);
+
+ encodingLength = 11 + 4 + eLen + 4 + nLen;
+ // correct depending on the MSB of e and N
+@@ -135,18 +139,21 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
+ /*
+ * Compute the RSA fingerprint (MD5).
+ */
+- EVP_MD_CTX_init(&mdctx);
+- EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL);
+- EVP_DigestUpdate(&mdctx, pEncoding, encodingLength);
+- if (EVP_DigestFinal_ex(&mdctx, md_value, &md_len) == 0)
++ EVP_MD_CTX_init(mdctx);
++ EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
++ EVP_DigestUpdate(mdctx, pEncoding, encodingLength);
++ if (EVP_DigestFinal_ex(mdctx, md_value, &md_len) == 0)
+ goto out;
+- EVP_MD_CTX_cleanup(&mdctx);
++ EVP_MD_CTX_free(mdctx);
++ mdctx = NULL;
+ /*
+ * Convert result to a compatible OpenSSH hex fingerprint.
+ */
+ hexfpstr = fp2str(md_value, md_len);
+
+ out:
++ if (mdctx)
++ EVP_MD_CTX_free(mdctx);
+ if (bio)
+ BIO_free_all(bio);
+ if (pRsa)