From 15a2d6d3f1c5c116b8221bf8e2d4c47c13c54219 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juhani=20Krekel=C3=A4?= Date: Tue, 14 Jun 2022 01:02:06 +0300 Subject: [PATCH] Update to libressl-3.5.3. --- ports/libssl/libssl.patch | 244 ++------------------------------------ ports/libssl/libssl.port | 5 +- 2 files changed, 14 insertions(+), 235 deletions(-) diff --git a/ports/libssl/libssl.patch b/ports/libssl/libssl.patch index 96680259..f6fafee2 100644 --- a/ports/libssl/libssl.patch +++ b/ports/libssl/libssl.patch @@ -1,38 +1,3 @@ -diff -Paur --no-dereference -- libssl.upstream/apps/nc/compat/base64.c libssl/apps/nc/compat/base64.c ---- libssl.upstream/apps/nc/compat/base64.c -+++ libssl/apps/nc/compat/base64.c -@@ -124,14 +124,14 @@ - - int - b64_ntop(src, srclength, target, targsize) -- u_char const *src; -+ unsigned char const *src; - size_t srclength; - char *target; - size_t targsize; - { - size_t datalength = 0; -- u_char input[3]; -- u_char output[4]; -+ unsigned char input[3]; -+ unsigned char output[4]; - int i; - - while (2 < srclength) { -@@ -189,11 +189,11 @@ - int - b64_pton(src, target, targsize) - char const *src; -- u_char *target; -+ unsigned char *target; - size_t targsize; - { - int tarindex, state, ch; -- u_char nextbyte; -+ unsigned char nextbyte; - char *pos; - - state = 0; diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/netcat.c --- libssl.upstream/apps/nc/netcat.c +++ libssl/apps/nc/netcat.c @@ -61,16 +26,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n unix_dg_tmp_socket = unix_dg_tmp_socket_buf; } } -@@ -1386,6 +1393,8 @@ - void - fdpass(int nfd) - { -+/* PATCH: File descriptor passing is WIP on Sortix. */ -+#ifdef CMSG_SPACE - struct msghdr mh; - union { - struct cmsghdr hdr; -@@ -1405,7 +1414,8 @@ +@@ -1405,7 +1412,8 @@ memset(&cmsgbuf, 0, sizeof(cmsgbuf)); memset(&iov, 0, sizeof(iov)); @@ -80,16 +36,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n mh.msg_controllen = sizeof(cmsgbuf.buf); cmsg = CMSG_FIRSTHDR(&mh); cmsg->cmsg_len = CMSG_LEN(sizeof(int)); -@@ -1436,12 +1446,16 @@ - break; - } - exit(0); -+#else -+ errx(1, "File descriptor passing is not supported"); -+#endif - } - - /* Deal with RFC 854 WILL/WONT DO/DONT negotiation. */ +@@ -1442,6 +1450,7 @@ void atelnet(int nfd, unsigned char *buf, unsigned int size) { @@ -97,7 +44,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n unsigned char *p, *end; unsigned char obuf[4]; -@@ -1467,6 +1481,9 @@ +@@ -1467,6 +1476,9 @@ if (atomicio(vwrite, nfd, obuf, 3) != 3) warn("Write Error!"); } @@ -107,7 +54,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n } -@@ -1581,16 +1598,20 @@ +@@ -1581,16 +1593,20 @@ err(1, NULL); } if (Tflag != -1) { @@ -130,7 +77,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n errno = ENOPROTOOPT; err(1, "set IPv6 traffic class not supported"); } -@@ -1608,13 +1629,16 @@ +@@ -1608,13 +1624,16 @@ } if (ttl != -1) { @@ -149,7 +96,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n } if (minttl != -1) { -@@ -1652,7 +1676,9 @@ +@@ -1652,7 +1671,9 @@ { "af41", IPTOS_DSCP_AF41 }, { "af42", IPTOS_DSCP_AF42 }, { "af43", IPTOS_DSCP_AF43 }, @@ -159,7 +106,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n { "cs0", IPTOS_DSCP_CS0 }, { "cs1", IPTOS_DSCP_CS1 }, { "cs2", IPTOS_DSCP_CS2 }, -@@ -1662,11 +1688,21 @@ +@@ -1662,11 +1683,21 @@ { "cs6", IPTOS_DSCP_CS6 }, { "cs7", IPTOS_DSCP_CS7 }, { "ef", IPTOS_DSCP_EF }, @@ -228,8 +175,8 @@ diff -Paur --no-dereference -- libssl.upstream/apps/openssl/certhash.c libssl/ap static struct { int dryrun; int verbose; -@@ -490,6 +495,11 @@ - fprintf(stderr, "failed to readlink %s\n", dep->d_name); +@@ -494,6 +499,11 @@ + fprintf(stderr, "symbolic link is too long %s\n", dep->d_name); return (-1); } + /* PATCH: Handle symbolic links that are too long. */ @@ -266,25 +213,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/openssl/s_socket.c libssl/ap + static int init_server(int *sock, int port, int type); static int init_server_long(int *sock, int port, char *ip, int type); - static int do_accept(int acc_sock, int *sock, char **host); -diff -Paur --no-dereference -- libssl.upstream/configure libssl/configure ---- libssl.upstream/configure -+++ libssl/configure -@@ -13056,10 +13056,11 @@ - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - -+// PATCH: Sortix builds ports with -Werror=implicit-function-declaration so -+// make sure getpageinfo has been forward declared, or it will be -+// misdetected as missing when it does exist. - // Since Android NDK v16 getpagesize is defined as inline inside unistd.h --#ifdef __ANDROID__ --# include --#endif -+#include - - int - main () + static int do_accept(int acc_sock, int *sock); diff -Paur --no-dereference -- libssl.upstream/crypto/bio/b_sock.c libssl/crypto/bio/b_sock.c --- libssl.upstream/crypto/bio/b_sock.c +++ libssl/crypto/bio/b_sock.c @@ -325,115 +254,6 @@ diff -Paur --no-dereference -- libssl.upstream/crypto/bio/bss_bio.c libssl/crypt #include #include #include -diff -Paur --no-dereference -- libssl.upstream/crypto/chacha/chacha-merged.c libssl/crypto/chacha/chacha-merged.c ---- libssl.upstream/crypto/chacha/chacha-merged.c -+++ libssl/crypto/chacha/chacha-merged.c -@@ -16,20 +16,20 @@ - #define CHACHA_BLOCKLEN 64 - - struct chacha_ctx { -- u_int input[16]; -+ unsigned int input[16]; - uint8_t ks[CHACHA_BLOCKLEN]; - uint8_t unused; - }; - --static inline void chacha_keysetup(struct chacha_ctx *x, const u_char *k, -- u_int kbits) -+static inline void chacha_keysetup(struct chacha_ctx *x, const unsigned char *k, -+ unsigned int kbits) - __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN))); --static inline void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, -- const u_char *ctr) -+static inline void chacha_ivsetup(struct chacha_ctx *x, const unsigned char *iv, -+ const unsigned char *ctr) - __attribute__((__bounded__(__minbytes__, 2, CHACHA_NONCELEN))) - __attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN))); --static inline void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m, -- u_char *c, u_int bytes) -+static inline void chacha_encrypt_bytes(struct chacha_ctx *x, const unsigned char *m, -+ unsigned char *c, unsigned int bytes) - __attribute__((__bounded__(__buffer__, 2, 4))) - __attribute__((__bounded__(__buffer__, 3, 4))); - -@@ -127,7 +127,7 @@ - u32 j8, j9, j10, j11, j12, j13, j14, j15; - u8 *ctarget = NULL; - u8 tmp[64]; -- u_int i; -+ unsigned int i; - - if (!bytes) - return; -diff -Paur --no-dereference -- libssl.upstream/crypto/x509/x509_vpm.c libssl/crypto/x509/x509_vpm.c ---- libssl.upstream/crypto/x509/x509_vpm.c -+++ libssl/crypto/x509/x509_vpm.c -@@ -598,6 +598,10 @@ - static const X509_VERIFY_PARAM default_table[] = { - { - .name = "default", -+ /* PATCH: OpenBSD 6.9 errata 018, September 30, 2021: -+ Compensate for the expiry of the DST Root X3 certificate. -+ https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/018_cert.patch.sig */ -+ .flags = X509_V_FLAG_TRUSTED_FIRST, - .depth = 100, - .trust = 0, /* XXX This is not the default trust value */ - .id = vpm_empty_id -diff -Paur --no-dereference -- libssl.upstream/include/compat/arpa/nameser.h libssl/include/compat/arpa/nameser.h ---- libssl.upstream/include/compat/arpa/nameser.h -+++ libssl/include/compat/arpa/nameser.h -@@ -4,7 +4,9 @@ - */ - - #ifndef _WIN32 -+#if __has_include_next() - #include_next -+#endif - #else - #include - -diff -Paur --no-dereference -- libssl.upstream/include/compat/machine/endian.h libssl/include/compat/machine/endian.h ---- libssl.upstream/include/compat/machine/endian.h -+++ libssl/include/compat/machine/endian.h -@@ -21,7 +21,10 @@ - #define BYTE_ORDER BIG_ENDIAN - #endif - --#elif defined(__linux__) || defined(__midipix__) -+/* PATCH: endian.h is the header being standardized, use it instead if it -+ exists, that is what Sortix has. This machine/endian.h abstraction -+ should be renamed to endian.h. */ -+#elif defined(__linux__) || defined(__midipix__) || defined(__sortix__) || __has_include() - #include - - #elif defined(__sun) || defined(_AIX) || defined(__hpux) -diff -Paur --no-dereference -- libssl.upstream/include/compat/netinet/ip.h libssl/include/compat/netinet/ip.h ---- libssl.upstream/include/compat/netinet/ip.h -+++ libssl/include/compat/netinet/ip.h -@@ -8,7 +8,9 @@ - #endif - - #ifndef _WIN32 -+#if __has_include_next() - #include_next -+#endif - #else - #include - #endif -diff -Paur --no-dereference -- libssl.upstream/include/compat/resolv.h libssl/include/compat/resolv.h ---- libssl.upstream/include/compat/resolv.h -+++ libssl/include/compat/resolv.h -@@ -13,8 +13,10 @@ - #include <../include/resolv.h> - #endif - #else -+#if __has_include_next() - #include_next - #endif -+#endif - - #ifndef HAVE_B64_NTOP - int b64_ntop(unsigned char const *, size_t, char *, size_t); diff -Paur --no-dereference -- libssl.upstream/include/compat/stdlib.h libssl/include/compat/stdlib.h --- libssl.upstream/include/compat/stdlib.h +++ libssl/include/compat/stdlib.h @@ -487,48 +307,6 @@ diff -Paur --no-dereference -- libssl.upstream/include/compat/unistd.h libssl/in #define pledge(request, paths) 0 #define unveil(path, permissions) 0 -diff -Paur --no-dereference -- libssl.upstream/tests/handshake_table.c libssl/tests/handshake_table.c ---- libssl.upstream/tests/handshake_table.c -+++ libssl/tests/handshake_table.c -@@ -19,6 +19,8 @@ - #include - #include - #include -+/* PATCH: Sortix only has the C11 and does not have __dead. */ -+#include - #include - - #include "tls13_handshake.h" -@@ -152,7 +154,7 @@ - uint8_t flags); - void fprint_flags(FILE *stream, uint8_t flags); - const char *mt2str(enum tls13_message_type mt); --__dead void usage(void); -+noreturn void usage(void); - int verify_table(enum tls13_message_type - table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES], int print); - -@@ -449,7 +451,7 @@ - return success; - } - --__dead void -+noreturn void - usage(void) - { - fprintf(stderr, "usage: handshake_table [-C | -g]\n"); -diff -Paur --no-dereference -- libssl.upstream/tests/ssltest.c libssl/tests/ssltest.c ---- libssl.upstream/tests/ssltest.c -+++ libssl/tests/ssltest.c -@@ -143,7 +143,7 @@ - #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly - on Linux and GNU platforms. */ - #include --#include -+/* PATCH: Sortix does not have and it's not needed. */ - #include - - #include diff -Paur --no-dereference -- libssl.upstream/tls/tls_config.c libssl/tls/tls_config.c --- libssl.upstream/tls/tls_config.c +++ libssl/tls/tls_config.c @@ -538,7 +316,7 @@ diff -Paur --no-dereference -- libssl.upstream/tls/tls_config.c libssl/tls/tls_c if (sb.st_uid != getuid()) { + /* PATCH: Sortix has 64-bit uid_t. */ tls_config_set_errorx(config, "session file has incorrect " -- "owner (uid %i != %i)", sb.st_uid, getuid()); +- "owner (uid %u != %u)", sb.st_uid, getuid()); + "owner (uid %llu != %llu)", + (unsigned long long) sb.st_uid, + (unsigned long long) getuid()); diff --git a/ports/libssl/libssl.port b/ports/libssl/libssl.port index 97223c37..b35e1555 100644 --- a/ports/libssl/libssl.port +++ b/ports/libssl/libssl.port @@ -1,12 +1,13 @@ NAME=libssl BUILD_LIBRARIES= -VERSION=3.4.0 +VERSION=3.5.3 DISTNAME=libressl-$VERSION COMPRESSION=tar.gz ARCHIVE=$DISTNAME.$COMPRESSION -SHA256SUM=e52eae758d40206a71d763a1a87b71037223bf1986ac239a6be1a6d2ac3916d2 +SHA256SUM=3ab5e5eaef69ce20c6b170ee64d785b42235f48f2e62b095fca5d7b6672b8b28 UPSTREAM_SITE=https://ftp.openbsd.org/pub/OpenBSD/LibreSSL UPSTREAM_ARCHIVE=$ARCHIVE +LICENSE=OpenSSL BUILD_SYSTEM=configure MAKE_VARS='V=1' POST_INSTALL=tix-eradicate-libtool-la