aboutsummaryrefslogtreecommitdiffstats
path: root/main/apk-tools
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2018-10-30 10:28:00 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2018-11-07 16:46:11 +0000
commit6243784f88df699b019cfaaad7f82992ef118bc5 (patch)
tree6d3e3e92cd19239344b2346bf1f5d985673ccad7 /main/apk-tools
parent8623682b8b306e297293f47399e2cdfe7f6ddbc2 (diff)
downloadaports-6243784f88df699b019cfaaad7f82992ef118bc5.tar.bz2
aports-6243784f88df699b019cfaaad7f82992ef118bc5.tar.xz
main/apk-tools: rebuild against openssl 1.1
Diffstat (limited to 'main/apk-tools')
-rw-r--r--main/apk-tools/APKBUILD10
-rw-r--r--main/apk-tools/add-support-for-openssl-1.1.patch380
-rw-r--r--main/apk-tools/fix-xattr-hash-to-be-sha1.patch27
3 files changed, 414 insertions, 3 deletions
diff --git a/main/apk-tools/APKBUILD b/main/apk-tools/APKBUILD
index 166ba047c0..296cca6d0f 100644
--- a/main/apk-tools/APKBUILD
+++ b/main/apk-tools/APKBUILD
@@ -1,18 +1,20 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=apk-tools
pkgver=2.10.1
-pkgrel=0
+pkgrel=1
pkgdesc="Alpine Package Keeper - package manager for alpine"
subpackages="$pkgname-static"
depends=
makedepends_build=""
-makedepends_host="zlib-dev libressl libressl-dev linux-headers"
+makedepends_host="zlib-dev libressl openssl-dev linux-headers"
makedepends="$makedepends_build $makedepends_host"
if [ "$CBUILD" = "$CHOST" ]; then
subpackages="$subpackages lua5.2-apk:luaapk"
makedepends="$makedepends lua5.2-dev"
fi
source="https://dev.alpinelinux.org/archive/$pkgname/$pkgname-$pkgver.tar.xz
+ add-support-for-openssl-1.1.patch
+ fix-xattr-hash-to-be-sha1.patch
"
url="https://git.alpinelinux.org/cgit/apk-tools/"
@@ -82,4 +84,6 @@ luaapk() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr/lib/
}
-sha512sums="f994dba20b9ba7ee0ad4cbd9d137f65b814851f348f0d5eb75eb60c7d6a21f88648b472239e14298eaf1348c517de00652432e7f8c8abd54565914c7d49e3cd3 apk-tools-2.10.1.tar.xz"
+sha512sums="f994dba20b9ba7ee0ad4cbd9d137f65b814851f348f0d5eb75eb60c7d6a21f88648b472239e14298eaf1348c517de00652432e7f8c8abd54565914c7d49e3cd3 apk-tools-2.10.1.tar.xz
+a83286f8bf5587aae5797013edd1ee51a93a2dadb1ccd736f0c86890b142bf960a185d9b06b3bfd785a23ade938f76085ead69674517144601c8f227d6e7f7a2 add-support-for-openssl-1.1.patch
+fa6442642ec5457b03e90fe78ef4da05769767c801b040d6a582c0d11f74b10edec8b670bf1f944a1d075542e070f5261b372af45e6b0b2dda1ff66cf8b48b17 fix-xattr-hash-to-be-sha1.patch"
diff --git a/main/apk-tools/add-support-for-openssl-1.1.patch b/main/apk-tools/add-support-for-openssl-1.1.patch
new file mode 100644
index 0000000000..997837b7d7
--- /dev/null
+++ b/main/apk-tools/add-support-for-openssl-1.1.patch
@@ -0,0 +1,380 @@
+From beab8545ebb2898a2beb157a4d9424ebddf3e26f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Fri, 26 Oct 2018 08:21:52 +0300
+Subject: add support for openssl 1.1
+
+---
+ src/apk_blob.h | 2 +-
+ src/apk_io.h | 1 -
+ src/apk_openssl.h | 21 +++++++++++++++++++++
+ src/apk_package.h | 2 +-
+ src/archive.c | 17 ++++++++++-------
+ src/database.c | 19 ++++++++++++-------
+ src/io.c | 45 ++++++++++++++++++++++++++-------------------
+ src/package.c | 37 +++++++++++++++++++------------------
+ 8 files changed, 90 insertions(+), 54 deletions(-)
+ create mode 100644 src/apk_openssl.h
+
+diff --git a/src/apk_blob.h b/src/apk_blob.h
+index 2d2e30e..4fdd3be 100644
+--- a/src/apk_blob.h
++++ b/src/apk_blob.h
+@@ -14,9 +14,9 @@
+
+ #include <ctype.h>
+ #include <string.h>
+-#include <openssl/evp.h>
+
+ #include "apk_defines.h"
++#include "apk_openssl.h"
+
+ typedef const unsigned char *apk_spn_match;
+ typedef unsigned char apk_spn_match_def[256 / 8];
+diff --git a/src/apk_io.h b/src/apk_io.h
+index 94aa989..26c3f28 100644
+--- a/src/apk_io.h
++++ b/src/apk_io.h
+@@ -12,7 +12,6 @@
+ #define APK_IO
+
+ #include <sys/types.h>
+-#include <openssl/evp.h>
+ #include <fcntl.h>
+ #include <time.h>
+
+diff --git a/src/apk_openssl.h b/src/apk_openssl.h
+new file mode 100644
+index 0000000..c45beb9
+--- /dev/null
++++ b/src/apk_openssl.h
+@@ -0,0 +1,21 @@
++#ifndef APK_SSL_COMPAT_H
++#define APK_SSL_COMPAT_H
++
++#include <openssl/opensslv.h>
++#include <openssl/evp.h>
++
++#if OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
++
++static inline EVP_MD_CTX *EVP_MD_CTX_new(void)
++{
++ return EVP_MD_CTX_create();
++}
++
++static inline void EVP_MD_CTX_free(EVP_MD_CTX *mdctx)
++{
++ return EVP_MD_CTX_destroy(mdctx);
++}
++
++#endif
++
++#endif
+diff --git a/src/apk_package.h b/src/apk_package.h
+index 87635a9..6c4ff29 100644
+--- a/src/apk_package.h
++++ b/src/apk_package.h
+@@ -58,7 +58,7 @@ struct apk_sign_ctx {
+ int data_verified : 1;
+ char data_checksum[EVP_MAX_MD_SIZE];
+ struct apk_checksum identity;
+- EVP_MD_CTX mdctx;
++ EVP_MD_CTX *mdctx;
+
+ struct {
+ apk_blob_t data;
+diff --git a/src/archive.c b/src/archive.c
+index 9a184fd..f3a66c2 100644
+--- a/src/archive.c
++++ b/src/archive.c
+@@ -28,6 +28,7 @@
+ #include "apk_defines.h"
+ #include "apk_print.h"
+ #include "apk_archive.h"
++#include "apk_openssl.h"
+
+ struct tar_header {
+ /* ustar header, Posix 1003.1 */
+@@ -82,7 +83,7 @@ struct apk_tar_entry_istream {
+ struct apk_istream is;
+ struct apk_istream *tar_is;
+ size_t bytes_left;
+- EVP_MD_CTX mdctx;
++ EVP_MD_CTX *mdctx;
+ struct apk_checksum *csum;
+ time_t mtime;
+ };
+@@ -121,10 +122,10 @@ static ssize_t tar_entry_read(void *stream, void *ptr, size_t size)
+ if (teis->csum == NULL)
+ return r;
+
+- EVP_DigestUpdate(&teis->mdctx, ptr, r);
++ EVP_DigestUpdate(teis->mdctx, ptr, r);
+ if (teis->bytes_left == 0) {
+- teis->csum->type = EVP_MD_CTX_size(&teis->mdctx);
+- EVP_DigestFinal_ex(&teis->mdctx, teis->csum->data, NULL);
++ teis->csum->type = EVP_MD_CTX_size(teis->mdctx);
++ EVP_DigestFinal_ex(teis->mdctx, teis->csum->data, NULL);
+ }
+ return r;
+ }
+@@ -210,7 +211,9 @@ int apk_tar_parse(struct apk_istream *is, apk_archive_entry_parser parser,
+ char filename[sizeof buf.name + sizeof buf.prefix + 2];
+
+ odi = (struct apk_tar_digest_info *) &buf.linkname[3];
+- EVP_MD_CTX_init(&teis.mdctx);
++ teis.mdctx = EVP_MD_CTX_new();
++ if (!teis.mdctx) return -ENOMEM;
++
+ memset(&entry, 0, sizeof(entry));
+ entry.name = buf.name;
+ while ((r = apk_istream_read(is, &buf, 512)) == 512) {
+@@ -327,7 +330,7 @@ int apk_tar_parse(struct apk_istream *is, apk_archive_entry_parser parser,
+ if (entry.mode & S_IFMT) {
+ /* callback parser function */
+ if (teis.csum != NULL)
+- EVP_DigestInit_ex(&teis.mdctx,
++ EVP_DigestInit_ex(teis.mdctx,
+ apk_checksum_default(), NULL);
+
+ r = parser(ctx, &entry, &teis.is);
+@@ -360,7 +363,7 @@ err:
+ /* Check that there was no partial (or non-zero) record */
+ if (r >= 0) r = -EBADMSG;
+ ok:
+- EVP_MD_CTX_cleanup(&teis.mdctx);
++ EVP_MD_CTX_free(teis.mdctx);
+ free(pax.ptr);
+ free(longname.ptr);
+ apk_fileinfo_free(&entry);
+diff --git a/src/database.c b/src/database.c
+index 8cf63b2..91fcedd 100644
+--- a/src/database.c
++++ b/src/database.c
+@@ -35,6 +35,7 @@
+ #include "apk_applet.h"
+ #include "apk_archive.h"
+ #include "apk_print.h"
++#include "apk_openssl.h"
+
+ static const apk_spn_match_def apk_spn_repo_separators = {
+ [4] = (1<<0) /* */,
+@@ -2363,18 +2364,22 @@ static struct apk_db_dir_instance *apk_db_install_directory_entry(struct install
+
+ static const char *format_tmpname(struct apk_package *pkg, struct apk_db_file *f, char tmpname[static TMPNAME_MAX])
+ {
+- EVP_MD_CTX mdctx;
++ EVP_MD_CTX *mdctx;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ apk_blob_t b = APK_BLOB_PTR_LEN(tmpname, TMPNAME_MAX);
+
+ if (!f) return NULL;
+
+- EVP_DigestInit(&mdctx, EVP_sha256());
+- EVP_DigestUpdate(&mdctx, pkg->name->name, strlen(pkg->name->name) + 1);
+- EVP_DigestUpdate(&mdctx, f->diri->dir->name, f->diri->dir->namelen);
+- EVP_DigestUpdate(&mdctx, "/", 1);
+- EVP_DigestUpdate(&mdctx, f->name, f->namelen);
+- EVP_DigestFinal(&mdctx, md, NULL);
++ mdctx = EVP_MD_CTX_new();
++ if (!mdctx) return NULL;
++
++ EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
++ EVP_DigestUpdate(mdctx, pkg->name->name, strlen(pkg->name->name) + 1);
++ EVP_DigestUpdate(mdctx, f->diri->dir->name, f->diri->dir->namelen);
++ EVP_DigestUpdate(mdctx, "/", 1);
++ EVP_DigestUpdate(mdctx, f->name, f->namelen);
++ EVP_DigestFinal_ex(mdctx, md, NULL);
++ EVP_MD_CTX_free(mdctx);
+
+ apk_blob_push_blob(&b, APK_BLOB_PTR_LEN(f->diri->dir->name, f->diri->dir->namelen));
+ apk_blob_push_blob(&b, APK_BLOB_STR("/.apk."));
+diff --git a/src/io.c b/src/io.c
+index ff254fd..0295807 100644
+--- a/src/io.c
++++ b/src/io.c
+@@ -28,6 +28,7 @@
+ #include "apk_defines.h"
+ #include "apk_io.h"
+ #include "apk_hash.h"
++#include "apk_openssl.h"
+
+ #if defined(__GLIBC__) || defined(__UCLIBC__)
+ #define HAVE_FGETPWENT_R
+@@ -623,22 +624,25 @@ static void hash_len_data(EVP_MD_CTX *ctx, uint32_t len, const void *ptr)
+ void apk_fileinfo_hash_xattr_array(struct apk_xattr_array *xattrs, const EVP_MD *md, struct apk_checksum *csum)
+ {
+ struct apk_xattr *xattr;
+- EVP_MD_CTX mdctx;
++ EVP_MD_CTX *mdctx;
+
+- if (!xattrs || xattrs->num == 0) {
+- csum->type = APK_CHECKSUM_NONE;
+- return;
+- }
++ if (!xattrs || xattrs->num == 0) goto err;
++ mdctx = EVP_MD_CTX_new();
++ if (!mdctx) goto err;
+
+ qsort(xattrs->item, xattrs->num, sizeof(xattrs->item[0]), cmp_xattr);
+
+- EVP_DigestInit(&mdctx, md);
++ EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
+ foreach_array_item(xattr, xattrs) {
+- hash_len_data(&mdctx, strlen(xattr->name), xattr->name);
+- hash_len_data(&mdctx, xattr->value.len, xattr->value.ptr);
++ hash_len_data(mdctx, strlen(xattr->name), xattr->name);
++ hash_len_data(mdctx, xattr->value.len, xattr->value.ptr);
+ }
+- csum->type = EVP_MD_CTX_size(&mdctx);
+- EVP_DigestFinal(&mdctx, csum->data, NULL);
++ csum->type = EVP_MD_CTX_size(mdctx);
++ EVP_DigestFinal_ex(mdctx, csum->data, NULL);
++ EVP_MD_CTX_free(mdctx);
++ return;
++err:
++ csum->type = APK_CHECKSUM_NONE;
+ }
+
+ void apk_fileinfo_hash_xattr(struct apk_file_info *fi)
+@@ -723,17 +727,20 @@ int apk_fileinfo_get(int atfd, const char *filename, unsigned int flags,
+ } else {
+ bs = apk_bstream_from_file(atfd, filename);
+ if (!IS_ERR_OR_NULL(bs)) {
+- EVP_MD_CTX mdctx;
++ EVP_MD_CTX *mdctx;
+ apk_blob_t blob;
+
+- EVP_DigestInit(&mdctx, apk_checksum_evp(checksum));
+- if (bs->flags & APK_BSTREAM_SINGLE_READ)
+- EVP_MD_CTX_set_flags(&mdctx, EVP_MD_CTX_FLAG_ONESHOT);
+- while (!APK_BLOB_IS_NULL(blob = apk_bstream_read(bs, APK_BLOB_NULL)))
+- EVP_DigestUpdate(&mdctx, (void*) blob.ptr, blob.len);
+- fi->csum.type = EVP_MD_CTX_size(&mdctx);
+- EVP_DigestFinal(&mdctx, fi->csum.data, NULL);
+-
++ mdctx = EVP_MD_CTX_new();
++ if (mdctx) {
++ EVP_DigestInit_ex(mdctx, apk_checksum_evp(checksum), NULL);
++ if (bs->flags & APK_BSTREAM_SINGLE_READ)
++ EVP_MD_CTX_set_flags(mdctx, EVP_MD_CTX_FLAG_ONESHOT);
++ while (!APK_BLOB_IS_NULL(blob = apk_bstream_read(bs, APK_BLOB_NULL)))
++ EVP_DigestUpdate(mdctx, (void*) blob.ptr, blob.len);
++ fi->csum.type = EVP_MD_CTX_size(mdctx);
++ EVP_DigestFinal_ex(mdctx, fi->csum.data, NULL);
++ EVP_MD_CTX_free(mdctx);
++ }
+ apk_bstream_close(bs, NULL);
+ }
+ }
+diff --git a/src/package.c b/src/package.c
+index e19250a..baa8a90 100644
+--- a/src/package.c
++++ b/src/package.c
+@@ -21,6 +21,7 @@
+ #include <sys/wait.h>
+ #include <sys/stat.h>
+
++#include "apk_openssl.h"
+ #include <openssl/pem.h>
+
+ #include "apk_defines.h"
+@@ -490,9 +491,9 @@ void apk_sign_ctx_init(struct apk_sign_ctx *ctx, int action,
+ ctx->data_started = 1;
+ break;
+ }
+- EVP_MD_CTX_init(&ctx->mdctx);
+- EVP_DigestInit_ex(&ctx->mdctx, ctx->md, NULL);
+- EVP_MD_CTX_set_flags(&ctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
++ ctx->mdctx = EVP_MD_CTX_new();
++ EVP_DigestInit_ex(ctx->mdctx, ctx->md, NULL);
++ EVP_MD_CTX_set_flags(ctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
+ }
+
+ void apk_sign_ctx_free(struct apk_sign_ctx *ctx)
+@@ -501,7 +502,7 @@ void apk_sign_ctx_free(struct apk_sign_ctx *ctx)
+ free(ctx->signature.data.ptr);
+ if (ctx->signature.pkey != NULL)
+ EVP_PKEY_free(ctx->signature.pkey);
+- EVP_MD_CTX_cleanup(&ctx->mdctx);
++ EVP_MD_CTX_free(ctx->mdctx);
+ }
+
+ static int check_signing_key_trust(struct apk_sign_ctx *sctx)
+@@ -674,16 +675,16 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
+
+ /* Drool in the remaining of the digest block now, we will finish
+ * it on all cases */
+- EVP_DigestUpdate(&sctx->mdctx, data.ptr, data.len);
++ EVP_DigestUpdate(sctx->mdctx, data.ptr, data.len);
+
+ /* End of control-block and checking control hash/signature or
+ * end of data-block and checking its hash/signature */
+ if (sctx->has_data_checksum && !end_of_control) {
+ /* End of control-block and check it's hash */
+- EVP_DigestFinal_ex(&sctx->mdctx, calculated, NULL);
+- if (EVP_MD_CTX_size(&sctx->mdctx) == 0 ||
++ EVP_DigestFinal_ex(sctx->mdctx, calculated, NULL);
++ if (EVP_MD_CTX_size(sctx->mdctx) == 0 ||
+ memcmp(calculated, sctx->data_checksum,
+- EVP_MD_CTX_size(&sctx->mdctx)) != 0)
++ EVP_MD_CTX_size(sctx->mdctx)) != 0)
+ return -EKEYREJECTED;
+ sctx->data_verified = 1;
+ if (!(apk_flags & APK_ALLOW_UNTRUSTED) &&
+@@ -700,7 +701,7 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
+ case APK_SIGN_VERIFY:
+ case APK_SIGN_VERIFY_AND_GENERATE:
+ if (sctx->signature.pkey != NULL) {
+- r = EVP_VerifyFinal(&sctx->mdctx,
++ r = EVP_VerifyFinal(sctx->mdctx,
+ (unsigned char *) sctx->signature.data.ptr,
+ sctx->signature.data.len,
+ sctx->signature.pkey);
+@@ -717,13 +718,13 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
+ sctx->data_verified = 1;
+ }
+ if (sctx->action == APK_SIGN_VERIFY_AND_GENERATE) {
+- sctx->identity.type = EVP_MD_CTX_size(&sctx->mdctx);
+- EVP_DigestFinal_ex(&sctx->mdctx, sctx->identity.data, NULL);
++ sctx->identity.type = EVP_MD_CTX_size(sctx->mdctx);
++ EVP_DigestFinal_ex(sctx->mdctx, sctx->identity.data, NULL);
+ }
+ break;
+ case APK_SIGN_VERIFY_IDENTITY:
+ /* Reset digest for hashing data */
+- EVP_DigestFinal_ex(&sctx->mdctx, calculated, NULL);
++ EVP_DigestFinal_ex(sctx->mdctx, calculated, NULL);
+ if (memcmp(calculated, sctx->identity.data,
+ sctx->identity.type) != 0)
+ return -EKEYREJECTED;
+@@ -733,21 +734,21 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
+ break;
+ case APK_SIGN_GENERATE:
+ /* Package identity is the checksum */
+- sctx->identity.type = EVP_MD_CTX_size(&sctx->mdctx);
+- EVP_DigestFinal_ex(&sctx->mdctx, sctx->identity.data, NULL);
++ sctx->identity.type = EVP_MD_CTX_size(sctx->mdctx);
++ EVP_DigestFinal_ex(sctx->mdctx, sctx->identity.data, NULL);
+ if (sctx->action == APK_SIGN_GENERATE &&
+ sctx->has_data_checksum)
+ return -ECANCELED;
+ break;
+ }
+ reset_digest:
+- EVP_DigestInit_ex(&sctx->mdctx, sctx->md, NULL);
+- EVP_MD_CTX_set_flags(&sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
++ EVP_DigestInit_ex(sctx->mdctx, sctx->md, NULL);
++ EVP_MD_CTX_set_flags(sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
+ return 0;
+
+ update_digest:
+- EVP_MD_CTX_clear_flags(&sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
+- EVP_DigestUpdate(&sctx->mdctx, data.ptr, data.len);
++ EVP_MD_CTX_clear_flags(sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
++ EVP_DigestUpdate(sctx->mdctx, data.ptr, data.len);
+ return 0;
+ }
+
+--
+cgit v1.1
+
diff --git a/main/apk-tools/fix-xattr-hash-to-be-sha1.patch b/main/apk-tools/fix-xattr-hash-to-be-sha1.patch
new file mode 100644
index 0000000000..96af35c894
--- /dev/null
+++ b/main/apk-tools/fix-xattr-hash-to-be-sha1.patch
@@ -0,0 +1,27 @@
+From f38d1f74af7a5ef0ccee2029be0d8036b9020f1a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Tue, 30 Oct 2018 18:26:10 +0200
+Subject: fix xattr hash to be sha1
+
+The hash type was accidentally changed in previous commit. Currently
+csum->data cannot hold longer hash, so fix the hash.
+---
+ src/io.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/io.c b/src/io.c
+index 0295807..382fd1b 100644
+--- a/src/io.c
++++ b/src/io.c
+@@ -632,7 +632,7 @@ void apk_fileinfo_hash_xattr_array(struct apk_xattr_array *xattrs, const EVP_MD
+
+ qsort(xattrs->item, xattrs->num, sizeof(xattrs->item[0]), cmp_xattr);
+
+- EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
++ EVP_DigestInit_ex(mdctx, EVP_sha1(), NULL);
+ foreach_array_item(xattr, xattrs) {
+ hash_len_data(mdctx, strlen(xattr->name), xattr->name);
+ hash_len_data(mdctx, xattr->value.len, xattr->value.ptr);
+--
+cgit v1.1
+