From 0561a3dbf10557899702a247d86d2b8497d8b994 Mon Sep 17 00:00:00 2001 From: Juan RP Date: Wed, 4 Mar 2015 15:54:23 +0100 Subject: [PATCH] libressl: update to 2.1.4 (soname bumps). libcrypto30 -> libcrypto32 libssl30 -> libssl32 libtls1 -> libtls3 Let's start the rebuild party. --- common/shlibs | 3 + srcpkgs/{libcrypto30 => libcrypto32} | 0 srcpkgs/libressl/files/c_rehash.c | 334 --------------------------- srcpkgs/libressl/template | 22 +- srcpkgs/{libssl30 => libssl32} | 0 srcpkgs/{libtls1 => libtls3} | 0 6 files changed, 10 insertions(+), 349 deletions(-) rename srcpkgs/{libcrypto30 => libcrypto32} (100%) delete mode 100644 srcpkgs/libressl/files/c_rehash.c rename srcpkgs/{libssl30 => libssl32} (100%) rename srcpkgs/{libtls1 => libtls3} (100%) diff --git a/common/shlibs b/common/shlibs index 9f939601ae2..c429702f9eb 100644 --- a/common/shlibs +++ b/common/shlibs @@ -1668,8 +1668,11 @@ libid3-3.8.so.3 id3lib-3.8.3_1 libgirara-gtk3.so.1 girara-0.2.2_1 libjq.so.1 jq-devel-1.4_1 libcrypto.so.30 libcrypto30-2.1.2_3 +libcrypto.so.32 libcrypto32-2.1.4_1 libssl.so.29 libssl29-2.1.2_3 libssl.so.30 libssl30-2.1.3_1 +libssl.so.32 libssl32-2.1.4_1 +libtls.so.3 libtls3-2.1.4_1 libtls.so.1 libtls1-2.1.2_3 libvamp-hostsdk.so.3 libvamp-plugin-sdk-2.2_6 libportmidi.so portmidi-217_1 diff --git a/srcpkgs/libcrypto30 b/srcpkgs/libcrypto32 similarity index 100% rename from srcpkgs/libcrypto30 rename to srcpkgs/libcrypto32 diff --git a/srcpkgs/libressl/files/c_rehash.c b/srcpkgs/libressl/files/c_rehash.c deleted file mode 100644 index e288c3f3275..00000000000 --- a/srcpkgs/libressl/files/c_rehash.c +++ /dev/null @@ -1,334 +0,0 @@ -/* c_rehash.c - Create hash symlinks for certificates - * C implementation based on the original Perl and shell versions - * - * Copyright (c) 2013-2014 Timo Teräs - * All rights reserved. - * - * This software is licensed under the MIT License. - * Full license available at: http://opensource.org/licenses/MIT - */ - -/* - * Submitted to OpenSSL: - * http://rt.openssl.org/Ticket/Display.html?id=3505&user=guest&pass=guest - */ -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#define MAX_COLLISIONS 256 -#define countof(x) (sizeof(x) / sizeof(x[0])) - -#if 0 -#define DEBUG(args...) fprintf(stderr, args) -#else -#define DEBUG(args...) -#endif - -struct entry_info { - struct entry_info *next; - char *filename; - unsigned short old_id; - unsigned char need_symlink; - unsigned char digest[EVP_MAX_MD_SIZE]; -}; - -struct bucket_info { - struct bucket_info *next; - struct entry_info *first_entry, *last_entry; - unsigned int hash; - unsigned short type; - unsigned short num_needed; -}; - -enum Type { - TYPE_CERT = 0, - TYPE_CRL -}; - -static const char *symlink_extensions[] = { "", "r" }; -static const char *file_extensions[] = { "pem", "crt", "cer", "crl" }; - -static int old_compat = 1; -static int evpmdsize; -static const EVP_MD *evpmd; - -static struct bucket_info *hash_table[257]; - -static void bit_set(unsigned char *set, unsigned bit) -{ - set[bit / 8] |= 1 << (bit % 8); -} - -static int bit_isset(unsigned char *set, unsigned bit) -{ - return set[bit / 8] & (1 << (bit % 8)); -} - -static void add_entry( - int type, unsigned int hash, - const char *filename, const unsigned char *digest, - int need_symlink, unsigned short old_id) -{ - struct bucket_info *bi; - struct entry_info *ei, *found = NULL; - unsigned int ndx = (type + hash) % countof(hash_table); - - for (bi = hash_table[ndx]; bi; bi = bi->next) - if (bi->type == type && bi->hash == hash) - break; - if (!bi) { - bi = calloc(1, sizeof(*bi)); - if (!bi) return; - bi->next = hash_table[ndx]; - bi->type = type; - bi->hash = hash; - hash_table[ndx] = bi; - } - - for (ei = bi->first_entry; ei; ei = ei->next) { - if (digest && memcmp(digest, ei->digest, evpmdsize) == 0) { - fprintf(stderr, - "WARNING: Skipping duplicate certificate in file %s\n", - filename); - return; - } - if (!strcmp(filename, ei->filename)) { - found = ei; - if (!digest) break; - } - } - ei = found; - if (!ei) { - if (bi->num_needed >= MAX_COLLISIONS) return; - ei = calloc(1, sizeof(*ei)); - if (!ei) return; - - ei->old_id = ~0; - ei->filename = strdup(filename); - if (bi->last_entry) bi->last_entry->next = ei; - if (!bi->first_entry) bi->first_entry = ei; - bi->last_entry = ei; - } - - if (old_id < ei->old_id) ei->old_id = old_id; - if (need_symlink && !ei->need_symlink) { - ei->need_symlink = 1; - bi->num_needed++; - memcpy(ei->digest, digest, evpmdsize); - } -} - -static int handle_symlink(const char *filename, const char *fullpath) -{ - static char xdigit[] = { - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1,-1,-1,-1,-1, - -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1, - -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, - -1,10,11,12,13,14,15 - }; - char linktarget[NAME_MAX], *endptr; - unsigned int hash = 0; - unsigned char ch; - int i, type, id; - ssize_t n; - - for (i = 0; i < 8; i++) { - ch = filename[i] - '0'; - if (ch >= countof(xdigit) || xdigit[ch] < 0) - return -1; - hash <<= 4; - hash += xdigit[ch]; - } - if (filename[i++] != '.') return -1; - for (type = countof(symlink_extensions) - 1; type > 0; type--) - if (strcasecmp(symlink_extensions[type], &filename[i]) == 0) - break; - i += strlen(symlink_extensions[type]); - - id = strtoul(&filename[i], &endptr, 10); - if (*endptr != 0) return -1; - - n = readlink(fullpath, linktarget, sizeof(linktarget)); - if (n >= sizeof(linktarget) || n < 0) return -1; - linktarget[n] = 0; - - DEBUG("Found existing symlink %s for %08x (%d), certname %s\n", - filename, hash, type, linktarget); - add_entry(type, hash, linktarget, NULL, 0, id); - return 0; -} - -static int handle_certificate(const char *filename, const char *fullpath) -{ - STACK_OF(X509_INFO) *inf; - X509_INFO *x; - BIO *b; - const char *ext; - unsigned char digest[EVP_MAX_MD_SIZE]; - X509_NAME *name = NULL; - int i, type, ret = -1; - - ext = strrchr(filename, '.'); - if (ext == NULL) return 0; - for (i = 0; i < countof(file_extensions); i++) { - if (strcasecmp(file_extensions[i], ext+1) == 0) - break; - } - if (i >= countof(file_extensions)) return -1; - - b = BIO_new_file(fullpath, "r"); - if (!b) return -1; - inf = PEM_X509_INFO_read_bio(b, NULL, NULL, NULL); - BIO_free(b); - if (!inf) return -1; - - if (sk_X509_INFO_num(inf) == 1) { - x = sk_X509_INFO_value(inf, 0); - if (x->x509) { - type = TYPE_CERT; - name = X509_get_subject_name(x->x509); - X509_digest(x->x509, evpmd, digest, NULL); - } else if (x->crl) { - type = TYPE_CRL; - name = X509_CRL_get_issuer(x->crl); - X509_CRL_digest(x->crl, evpmd, digest, NULL); - } - if (name) - add_entry(type, X509_NAME_hash(name), filename, digest, 1, ~0); - if (name && old_compat) - add_entry(type, X509_NAME_hash_old(name), filename, digest, 1, ~0); - } else { - fprintf(stderr, - "WARNING: %s does not contain exactly one certificate or CRL: skipping\n", - filename); - } - - sk_X509_INFO_pop_free(inf, X509_INFO_free); - - return ret; -} - -static int hash_dir(const char *dirname) -{ - struct bucket_info *bi, *nextbi; - struct entry_info *ei, *nextei; - struct dirent *de; - struct stat st; - unsigned char idmask[MAX_COLLISIONS / 8]; - int i, n, nextid, buflen, ret = -1; - const char *pathsep; - char *buf; - DIR *d; - - if (access(dirname, R_OK|W_OK|X_OK) != 0) - return -1; - - buflen = strlen(dirname); - pathsep = (buflen && dirname[buflen-1] == '/') ? "" : "/"; - buflen += NAME_MAX + 2; - buf = malloc(buflen); - if (buf == NULL) - goto err; - - printf("Doing %s\n", dirname); - d = opendir(dirname); - if (!d) goto err; - - while ((de = readdir(d)) != NULL) { - if (snprintf(buf, buflen, "%s%s%s", dirname, pathsep, de->d_name) >= buflen) - continue; - if (lstat(buf, &st) < 0) - continue; - if (S_ISLNK(st.st_mode) && handle_symlink(de->d_name, buf) == 0) - continue; - handle_certificate(de->d_name, buf); - } - closedir(d); - - for (i = 0; i < countof(hash_table); i++) { - for (bi = hash_table[i]; bi; bi = nextbi) { - nextbi = bi->next; - DEBUG("Type %d, hash %08x, num entries %d:\n", bi->type, bi->hash, bi->num_needed); - - nextid = 0; - memset(idmask, 0, (bi->num_needed+7)/8); - for (ei = bi->first_entry; ei; ei = ei->next) - if (ei->old_id < bi->num_needed) - bit_set(idmask, ei->old_id); - - for (ei = bi->first_entry; ei; ei = nextei) { - nextei = ei->next; - DEBUG("\t(old_id %d, need_symlink %d) Cert %s\n", - ei->old_id, ei->need_symlink, - ei->filename); - - if (ei->old_id < bi->num_needed) { - /* Link exists, and is used as-is */ - snprintf(buf, buflen, "%08x.%s%d", bi->hash, symlink_extensions[bi->type], ei->old_id); - printf("%s => %s\n", buf, ei->filename); - } else if (ei->need_symlink) { - /* New link needed (it may replace something) */ - while (bit_isset(idmask, nextid)) - nextid++; - - snprintf(buf, buflen, "%s%s%n%08x.%s%d", - dirname, pathsep, &n, bi->hash, - symlink_extensions[bi->type], - nextid); - printf("%s => %s\n", &buf[n], ei->filename); - unlink(buf); - symlink(ei->filename, buf); - } else { - /* Link to be deleted */ - snprintf(buf, buflen, "%s%s%n%08x.%s%d", - dirname, pathsep, &n, bi->hash, - symlink_extensions[bi->type], - ei->old_id); - DEBUG("nuke %s\n", &buf[n]); - unlink(buf); - } - free(ei->filename); - free(ei); - } - free(bi); - } - hash_table[i] = NULL; - } - - ret = 0; -err: - free(buf); - return ret; -} - -int main(int argc, char **argv) -{ - const char *env; - int i; - - evpmd = EVP_sha1(); - evpmdsize = EVP_MD_size(evpmd); - - if (argc > 1) { - for (i = 1; i < argc; i++) - hash_dir(argv[i]); - } else if ((env = getenv("SSL_CERT_DIR")) != NULL) { - char *e, *m; - m = strdup(env); - for (e = strtok(m, ":"); e != NULL; e = strtok(NULL, ":")) - hash_dir(e); - free(m); - } else { - hash_dir("/etc/ssl/certs"); - } - - return 0; -} diff --git a/srcpkgs/libressl/template b/srcpkgs/libressl/template index f18fd189236..14b3f1ed1bd 100644 --- a/srcpkgs/libressl/template +++ b/srcpkgs/libressl/template @@ -1,6 +1,6 @@ # Template file for 'libressl' pkgname=libressl -version=2.1.3 +version=2.1.4 revision=1 bootstrap=yes build_style=gnu-configure @@ -10,10 +10,10 @@ maintainer="Juan RP " license="OpenSSL-License, SSLeay-License, ISC" homepage="http://www.libressl.org/" distfiles="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${pkgname}-${version}.tar.gz" -checksum=eb2f370971408fb10af6453e556465c8eee728ac333bf1eb47ec1a5112304f7c +checksum=e8e08535928774119a979412ee8e307444b7a1a42c8c47ac06ee09423ca9a04e # Compat pkg that depends on the real pkgs. -depends="libcrypto30-${version}_${revision} libssl30-${version}_${revision} libtls1-${version}_${revision}" +depends="libcrypto32-${version}_${revision} libssl32-${version}_${revision} libtls3-${version}_${revision}" if [ "$CROSS_BUILD" ]; then hostmakedepends="libtool" @@ -22,39 +22,32 @@ if [ "$CROSS_BUILD" ]; then } fi -post_build() { - $CC -Wall $CFLAGS -DHAVE_STRNDUP -Iinclude -Lcrypto/.libs \ - $LDFLAGS ${FILESDIR}/c_rehash.c -o ${wrksrc}/c_rehash -lcrypto -} post_install() { vlicense COPYING find ${DESTDIR}/usr/share/man/man1 -type f ! -name openssl.1 -delete } -libcrypto30_package() { +libcrypto32_package() { short_desc+=" - crypto library" - replaces="libressl<2.1.2_3" pkg_install() { vmove usr/lib/libcrypto.so.* } } -libssl30_package() { +libssl32_package() { short_desc+=" - SSL/TLS library" - replaces="libressl<2.1.2_3" pkg_install() { vmove usr/lib/libssl.so.* } } -libtls1_package() { +libtls3_package() { short_desc+=" - new TLS library" - replaces="libressl<2.1.2_3" pkg_install() { vmove usr/lib/libtls.so.* } } libressl-devel_package() { short_desc+=" - development files" - depends="libcrypto30-${version}_${revision} libssl30-${version}_${revision} libtls1-${version}_${revision}" + depends="libressl-${version}_${revision}" conflicts="openssl-devel>=0" pkg_install() { vmove usr/include @@ -73,6 +66,5 @@ libressl-openssl_package() { vinstall ${FILESDIR}/openssl.cnf 644 etc/ssl vmove usr/bin vmove usr/share/man/man1 - vbin ${wrksrc}/c_rehash } } diff --git a/srcpkgs/libssl30 b/srcpkgs/libssl32 similarity index 100% rename from srcpkgs/libssl30 rename to srcpkgs/libssl32 diff --git a/srcpkgs/libtls1 b/srcpkgs/libtls3 similarity index 100% rename from srcpkgs/libtls1 rename to srcpkgs/libtls3