community/cargo: fix compatibility with libressl 2.6.3

See https://github.com/sfackler/rust-openssl/pull/759

4 files changed, 238 insertions, 10 deletions

diff --git a/community/cargo/APKBUILD b/community/cargo/APKBUILD
index 61012aa11d..0ca6097351 100644
--- a/community/cargo/APKBUILD
+++ b/community/cargo/APKBUILD
@@ -23,11 +23,17 @@ subpackages="$pkgname-doc
 #   guarantees as abuild. That said, for now it's exception only for cargo
 #   package and should not be applied to other rust packages!
 _bootstrap_cargo_ver=0.17.0
+# We must use newer version of openssl crate and patch it for compatibility
+# with LibreSSL 2.6.3.
+_crate_openssl_ver="0.9.20"
 source="$pkgname-$pkgver.tar.gz::https://github.com/rust-lang/$pkgname/archive/$pkgver.tar.gz
 	https://dev.alpinelinux.org/archive/$pkgname/$pkgname-$_bootstrap_cargo_ver-x86_64-alpine-linux-musl.tar.gz
 	tests-fix-build-auth-http_auth_offered.patch
 	tests-ignore-ssh_something_happens.patch
-	cargo.lock-use-openssl-0.9.20.patch"
+	replace-openssl-crate.patch
+	rust-openssl-$_crate_openssl_ver.tar.gz::https://github.com/sfackler/rust-openssl/archive/v$_crate_openssl_ver.tar.gz
+	openssl-fix-libressl-cmsh-detection.patch
+	openssl-libressl263-compat.patch"
 builddir="$srcdir/$pkgname-$pkgver"
 
 export CARGO_HOME="$srcdir/.cargo"
@@ -54,6 +60,11 @@ snapshot() {
 	scp "$tarname.tar.gz" dev.alpinelinux.org:/archive/$pkgname/
 }
 
+prepare() {
+	mv "$srcdir"/rust-openssl-$_crate_openssl_ver "$builddir"/openssl
+	default_prepare
+}
+
 build() {
 	cd "$builddir"
 
@@ -109,4 +120,7 @@ sha512sums="31764df0462fcd0e7ddd29aee63ed0916b0d05e44d72aa815b3b823256e90f85e582
 b78a03942344852fd1a8c0ac893580c589757d4946150e5959e1df08b163b94ce5319236a48506c18f987cf3500a2c7cfe808eef13092c45d271e169946a18d1  cargo-0.17.0-x86_64-alpine-linux-musl.tar.gz
 4e9a0d409951a72b5c1d3578cb310c0efc5d98a5b963432ec4f485f1d58d2354f0050c31574d6bd9090b7247468ef1a13b04b133deabe6daed91032764468f97  tests-fix-build-auth-http_auth_offered.patch
 17c669a71443e21cc5e5cc6eb99933c20562b7df9d859c493ff25252167eb1aea6dd7322a06207776eab1c769464f95a432d1520a949512a52592b1eb115a4be  tests-ignore-ssh_something_happens.patch
-901e949d7b60ffa3f44a120b61a46885b5d0f9e8eae8bcf2ece847cef339c433a9217249e92416f5fa5aa775c6734d58ccb47346daf6034d7031ff30fdfb9aef  cargo.lock-use-openssl-0.9.20.patch"
+f066262423d7f092080629bc0b91f8445757c230d5fa441b1c367f3ac44c7def59c05ff8d95f8df8b8c8dbb51e4de8df41b41c95ef18415d20deede3b0f5661f  replace-openssl-crate.patch
+a1a83416d7ef75fedcd98ac2368c6c6041916ce73438a2f1de7aeafb39c32e7156ade5efd3340e58f0eb666c8b60305d030fffd134bc403fddccbe65914b0815  rust-openssl-0.9.20.tar.gz
+e50464c72d94515768763c72778b1e6bd25f83a07eb8ef666fe6efaa592c9fec96307cf5d56643e05665273d4d1c480f28a1e29956a2e24cf4fda9424ead1879  openssl-fix-libressl-cmsh-detection.patch
+8dce5569eee5bbf99a52b0589a7907b6a558eaff04e3701e40e575000fdd2a164736aaa9b104bd38973ad914e6cf5eaed903db13761f8217049ed4100121283d  openssl-libressl263-compat.patch"
diff --git a/community/cargo/openssl-fix-libressl-cmsh-detection.patch b/community/cargo/openssl-fix-libressl-cmsh-detection.patch
new file mode 100644
index 0000000000..3548f3401b
--- /dev/null
+++ b/community/cargo/openssl-fix-libressl-cmsh-detection.patch
@@ -0,0 +1,47 @@
+From 6e66bf9c38653b3a06fb4efb96e71e9bada25d79 Mon Sep 17 00:00:00 2001
+From: Greg V <greg@unrelenting.technology>
+Date: Mon, 6 Nov 2017 16:19:16 +0300
+Subject: [PATCH] Fix LibreSSL cms.h detection
+
+Patch-Source: https://github.com/sfackler/rust-openssl/commit/6e66bf9c38653b3a06fb4efb96e71e9bada25d79
+
+--- a/openssl/systest/build.rs
++++ b/openssl/systest/build.rs
+@@ -5,6 +5,7 @@ use std::env;
+ fn main() {
+     let mut cfg = ctest::TestGenerator::new();
+     let target = env::var("TARGET").unwrap();
++    let mut is_libressl = false;
+ 
+     if let Ok(out) = env::var("DEP_OPENSSL_INCLUDE") {
+         cfg.include(&out);
+@@ -24,6 +25,7 @@ fn main() {
+ 
+     if let Ok(_) = env::var("DEP_OPENSSL_LIBRESSL") {
+         cfg.cfg("libressl", None);
++        is_libressl = true;
+     } else if let Ok(version) = env::var("DEP_OPENSSL_VERSION") {
+         cfg.cfg(&format!("ossl{}", version), None);
+     }
+@@ -41,12 +43,6 @@ fn main() {
+         }
+     }
+ 
+-    let has_cms_h = if let Ok(version) = env::var("DEP_OPENSSL_LIBRESSL_VERSION") {
+-        version != "261" && version != "262"
+-    } else {
+-        true
+-    };
+-
+     cfg.header("openssl/comp.h")
+         .header("openssl/dh.h")
+         .header("openssl/ossl_typ.h")
+@@ -64,7 +60,7 @@ fn main() {
+         .header("openssl/aes.h")
+         .header("openssl/ocsp.h");
+ 
+-    if has_cms_h {
++    if !is_libressl {
+         cfg.header("openssl/cms.h");
+     }
+ 
diff --git a/community/cargo/openssl-libressl263-compat.patch b/community/cargo/openssl-libressl263-compat.patch
new file mode 100644
index 0000000000..ca8f6e26a9
--- /dev/null
+++ b/community/cargo/openssl-libressl263-compat.patch
@@ -0,0 +1,140 @@
+From 22e79596e7b162bbe65db13fa00a6c23fd7b5555 Mon Sep 17 00:00:00 2001
+From: phoebe jenkins <feeeb@protonmail.com>
+Date: Mon, 23 Oct 2017 13:56:39 -0400
+Subject: [PATCH] Add support for LibreSSL 2.6.3
+
+Patch-Source: https://github.com/sfackler/rust-openssl/pull/759
+
+--- a/openssl/openssl-sys/build.rs
++++ b/openssl/openssl-sys/build.rs
+@@ -316,8 +316,10 @@ fn validate_headers(include_dirs: &[PathBuf]) -> Version {
+ #include <openssl/opensslv.h>
+ #include <openssl/opensslconf.h>
+ 
+-#if LIBRESSL_VERSION_NUMBER >= 0x20603000
++#if LIBRESSL_VERSION_NUMBER >= 0x20604000
+ RUST_LIBRESSL_NEW
++#elif LIBRESSL_VERSION_NUMBER >= 0x20603000
++RUST_LIBRESSL_263
+ #elif LIBRESSL_VERSION_NUMBER >= 0x20602000
+ RUST_LIBRESSL_262
+ #elif LIBRESSL_VERSION_NUMBER >= 0x20601000
+@@ -475,6 +477,13 @@ See rust-openssl README for more information:
+         println!("cargo:libressl_version=262");
+         println!("cargo:version=101");
+         Version::Libressl
++    } else if expanded.contains("RUST_LIBRESSL_263") {
++        println!("cargo:rustc-cfg=libressl");
++        println!("cargo:rustc-cfg=libressl263");
++        println!("cargo:libressl=true");
++        println!("cargo:libressl_version=263");
++        println!("cargo:version=101");
++        Version::Libressl
+     } else if expanded.contains("RUST_OPENSSL_110F") {
+         println!("cargo:rustc-cfg=ossl110");
+         println!("cargo:rustc-cfg=ossl110f");
+--- a/openssl/openssl-sys/src/lib.rs
++++ b/openssl/openssl-sys/src/lib.rs
+@@ -1250,14 +1250,14 @@ pub const SSL_VERIFY_NONE: c_int = 0;
+ pub const SSL_VERIFY_PEER: c_int = 1;
+ pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
+ 
+-#[cfg(not(any(libressl261, libressl262, ossl101)))]
++#[cfg(not(any(libressl261, libressl262, libressl263, ossl101)))]
+ pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010;
+-#[cfg(any(libressl261, libressl262))]
++#[cfg(any(libressl261, libressl262, libressl263))]
+ pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0;
+ pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800;
+-#[cfg(not(any(libressl261, libressl262)))]
++#[cfg(not(any(libressl261, libressl262, libressl263)))]
+ pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000;
+-#[cfg(any(libressl261, libressl262))]
++#[cfg(any(libressl261, libressl262, libressl263))]
+ pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0;
+ pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
+ #[cfg(not(libressl))]
+--- a/openssl/openssl-sys/src/libressl/mod.rs
++++ b/openssl/openssl-sys/src/libressl/mod.rs
+@@ -345,9 +345,9 @@ pub const SSL_CTRL_OPTIONS: c_int = 32;
+ pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
+ pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
+ 
+-#[cfg(any(libressl261, libressl262))]
++#[cfg(any(libressl261, libressl262, libressl263))]
+ pub const SSL_OP_ALL: c_ulong = 0x4;
+-#[cfg(not(any(libressl261, libressl262)))]
++#[cfg(not(any(libressl261, libressl262, libressl263)))]
+ pub const SSL_OP_ALL: c_ulong = 0x80000014;
+ pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0;
+ pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0;
+@@ -360,9 +360,9 @@ pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0;
+ pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0;
+ pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0;
+ pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0;
+-#[cfg(any(libressl261, libressl262))]
++#[cfg(any(libressl261, libressl262, libressl263))]
+ pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0;
+-#[cfg(not(any(libressl261, libressl262)))]
++#[cfg(not(any(libressl261, libressl262, libressl263)))]
+ pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000;
+ pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000;
+ pub const SSL_OP_NO_SSLv2: c_ulong = 0x0;
+--- a/openssl/openssl/src/ssl/mod.rs
++++ b/openssl/openssl/src/ssl/mod.rs
+@@ -652,7 +652,7 @@ impl SslContextBuilder {
+ 
+     /// Set the protocols to be used during Next Protocol Negotiation (the protocols
+     /// supported by the application).
+-    #[cfg(not(any(libressl261, libressl262)))]
++    #[cfg(not(any(libressl261, libressl262, libressl263)))]
+     pub fn set_npn_protocols(&mut self, protocols: &[&[u8]]) -> Result<(), ErrorStack> {
+         // Firstly, convert the list of protocols to a byte-array that can be passed to OpenSSL
+         // APIs -- a list of length-prefixed strings.
+@@ -1311,7 +1311,7 @@ impl SslRef {
+     ///
+     /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
+     /// to interpret it.
+-    #[cfg(not(any(libressl261, libressl262)))]
++    #[cfg(not(any(libressl261, libressl262, libressl263)))]
+     pub fn selected_npn_protocol(&self) -> Option<&[u8]> {
+         unsafe {
+             let mut data: *const c_uchar = ptr::null();
+--- a/openssl/openssl/src/ssl/tests/mod.rs
++++ b/openssl/openssl/src/ssl/tests/mod.rs
+@@ -503,7 +503,7 @@ fn test_connect_with_unilateral_alpn() {
+ /// Tests that connecting with the client using NPN, but the server not does not
+ /// break the existing connection behavior.
+ #[test]
+-#[cfg(not(any(libressl261, libressl262)))]
++#[cfg(not(any(libressl261, libressl262, libressl263)))]
+ fn test_connect_with_unilateral_npn() {
+     let (_s, stream) = Server::new();
+     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
+@@ -616,7 +616,7 @@ fn test_connect_with_npn_successful_single_match() {
+ /// Tests that when the `SslStream` is created as a server stream, the protocols
+ /// are correctly advertised to the client.
+ #[test]
+-#[cfg(not(any(libressl261, libressl262)))]
++#[cfg(not(any(libressl261, libressl262, libressl263)))]
+ fn test_npn_server_advertise_multiple() {
+     let listener = TcpListener::bind("127.0.0.1:0").unwrap();
+     let localhost = listener.local_addr().unwrap();
+@@ -1241,7 +1241,7 @@ fn tmp_dh_callback() {
+ }
+ 
+ #[test]
+-#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262))), all(feature = "v102", ossl102)))]
++#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262, libressl263))), all(feature = "v102", ossl102)))]
+ fn tmp_ecdh_callback() {
+     use ec::EcKey;
+     use nid;
+@@ -1308,7 +1308,7 @@ fn tmp_dh_callback_ssl() {
+ }
+ 
+ #[test]
+-#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262))), all(feature = "v102", ossl102)))]
++#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262, libressl263))), all(feature = "v102", ossl102)))]
+ fn tmp_ecdh_callback_ssl() {
+     use ec::EcKey;
+     use nid;
diff --git a/community/cargo/cargo.lock-use-openssl-0.9.20.patch b/community/cargo/replace-openssl-crate.patch
index bacf125feb..daf92f00b9 100644
--- a/community/cargo/cargo.lock-use-openssl-0.9.20.patch
+++ b/community/cargo/replace-openssl-crate.patch
@@ -1,5 +1,15 @@
-Rust crate openssl 0.9.15 is not compatible with LibreSSL 2.6.3.
+Use local openssl and openssl-sys crates patched for LibreSSL 2.6.3.
 
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -75,3 +75,7 @@
+ name = "cargo"
+ test = false
+ doc = false
++
++[replace]
++"openssl:0.9.20" = { path = "openssl/openssl" }
++"openssl-sys:0.9.20" = { path = "openssl/openssl-sys" }
 --- a/Cargo.lock
 +++ b/Cargo.lock
 @@ -30,7 +30,7 @@
@@ -68,30 +78,38 @@ Rust crate openssl 0.9.15 is not compatible with LibreSSL 2.6.3.
   "pkg-config 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
  ]
  
-@@ -623,14 +628,14 @@
+@@ -623,32 +628,43 @@
  
  [[package]]
  name = "openssl"
 -version = "0.9.15"
+-source = "registry+https://github.com/rust-lang/crates.io-index"
 +version = "0.9.20"
- source = "registry+https://github.com/rust-lang/crates.io-index"
  dependencies = [
   "bitflags 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)",
   "foreign-types 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
   "lazy_static 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)",
   "libc 0.2.28 (registry+https://github.com/rust-lang/crates.io-index)",
 - "openssl-sys 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)",
-+ "openssl-sys 0.9.20 (registry+https://github.com/rust-lang/crates.io-index)",
++ "openssl-sys 0.9.20",
  ]
  
  [[package]]
-@@ -640,12 +645,13 @@
++name = "openssl"
++version = "0.9.20"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++replace = "openssl 0.9.20"
++
++[[package]]
+ name = "openssl-probe"
+ version = "0.1.1"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
  
  [[package]]
  name = "openssl-sys"
 -version = "0.9.15"
+-source = "registry+https://github.com/rust-lang/crates.io-index"
 +version = "0.9.20"
- source = "registry+https://github.com/rust-lang/crates.io-index"
  dependencies = [
 - "gcc 0.3.51 (registry+https://github.com/rust-lang/crates.io-index)",
 + "cc 1.0.3 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -101,7 +119,16 @@ Rust crate openssl 0.9.15 is not compatible with LibreSSL 2.6.3.
  ]
  
  [[package]]
-@@ -1013,6 +1019,7 @@
++name = "openssl-sys"
++version = "0.9.20"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++replace = "openssl-sys 0.9.20"
++
++[[package]]
+ name = "percent-encoding"
+ version = "1.0.0"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+@@ -1013,6 +1029,7 @@
  "checksum bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "aad18937a628ec6abcd26d1489012cc0e18c21798210f491af69ded9b881106d"
  "checksum bitflags 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)" = "4efd02e230a02e18f92fc2735f44597385ed02ad8f831e7c1c1156ee5e1ab3a5"
  "checksum bufstream 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "f2f382711e76b9de6c744cc00d0497baba02fb00a787f088c879f01d09468e32"
@@ -109,7 +136,7 @@ Rust crate openssl 0.9.15 is not compatible with LibreSSL 2.6.3.
  "checksum cfg-if 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "d4c819a1287eb618df47cc647173c5c4c66ba19d888a6e50d605672aed3140de"
  "checksum cmake 0.1.24 (registry+https://github.com/rust-lang/crates.io-index)" = "b8ebbb35d3dc9cd09497168f33de1acb79b265d350ab0ac34133b98f8509af1f"
  "checksum conv 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "78ff10625fd0ac447827aa30ea8b861fead473bb60aeb73af6c1c58caf0d1299"
-@@ -1067,9 +1074,9 @@
+@@ -1067,9 +1084,9 @@
  "checksum num-rational 0.1.39 (registry+https://github.com/rust-lang/crates.io-index)" = "288629c76fac4b33556f4b7ab57ba21ae202da65ba8b77466e6d598e31990790"
  "checksum num-traits 0.1.40 (registry+https://github.com/rust-lang/crates.io-index)" = "99843c856d68d8b4313b03a17e33c4bb42ae8f6610ea81b28abe076ac721b9b0"
  "checksum num_cpus 1.6.2 (registry+https://github.com/rust-lang/crates.io-index)" = "aec53c34f2d0247c5ca5d32cca1478762f301740468ee9ee6dcb7a0dd7a0c584"