main/ca-certificates: fix bundle with certs without newline

backport fix that adds newline to each cert in the bundle. The reason is
that trailing newline is no requirement so self generated certs may not
have it.

ref #8379

2 files changed, 44 insertions, 4 deletions

diff --git a/main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch b/main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch
new file mode 100644
index 0000000000..4a945a076b
--- /dev/null
+++ b/main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch
@@ -0,0 +1,38 @@
+From fd399b2416191bd7f3b0f267bdb530ed829de271 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 5 Feb 2020 17:40:57 +0100
+Subject: [PATCH 3/3] update-ca: insert newline between certs
+
+There may be certificates that lack a trailing newline, which is allowed
+in the certificate format. We work around that by inject a newline after
+each cert.
+
+see https://gitlab.alpinelinux.org/alpine/aports/issues/8379
+---
+ update-ca.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/update-ca.c b/update-ca.c
+index 2b3195b..0260f83 100644
+--- a/update-ca.c
++++ b/update-ca.c
+@@ -191,6 +191,7 @@ static void proc_localglobaldir(const char *fullpath, struct hash *h, int tmpfil
+ 		fprintf(stderr, "Warning! Cannot hash: %s\n", fullpath);
+ 	if (!copyfile(fullpath, tmpfile_fd))
+ 		fprintf(stderr, "Warning! Cannot copy to bundle: %s\n", fullpath);
++	write(tmpfile_fd, "\n", 1);
+ 	free(actual_file);
+ }
+ 
+@@ -260,7 +261,7 @@ static bool dir_readfiles(struct hash* d, const char* path,
+ 	DIR *dp = opendir(path);
+ 	if (!dp)
+ 		return false;
+- 
++
+ 	struct dirent *dirp;
+ 	while ((dirp = readdir(dp)) != NULL) {
+ 		if (str_begins(dirp->d_name, "."))
+-- 
+2.25.0
+
diff --git a/main/ca-certificates/APKBUILD b/main/ca-certificates/APKBUILD
index 9dfbcede94..d1a77a424f 100644
--- a/main/ca-certificates/APKBUILD
+++ b/main/ca-certificates/APKBUILD
@@ -1,9 +1,8 @@
 # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
-# Contributor: 
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=ca-certificates
 pkgver=20191127
-pkgrel=0
+pkgrel=1
 pkgdesc="Common CA certificates PEM files"
 url="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/"
 arch="all"
@@ -17,7 +16,9 @@ replaces="libcrypto1.0 openssl openssl1.0"
 options="!fhs !check"
 triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs:/etc/ca-certificates/update.d"
 install="$pkgname.post-deinstall"
-source="https://git.alpinelinux.org/ca-certificates/snapshot/ca-certificates-$pkgver.tar.xz"
+source="https://git.alpinelinux.org/ca-certificates/snapshot/ca-certificates-$pkgver.tar.xz
+	0003-update-ca-insert-newline-between-certs.patch
+	"
 builddir="$srcdir/ca-certificates-$pkgver"
 
 build() {
@@ -59,4 +60,5 @@ cacert() {
 		"$subpkgdir"/etc/ssl/cert.pem
 }
 
-sha512sums="68a879680a5e20764b8a4ee3019e9a008193c578a687b0d29694355a679c04cbfa94d4049beb3c52a899d593f46254c94d67db833f39e91325a4476963b9ef18  ca-certificates-20191127.tar.xz"
+sha512sums="68a879680a5e20764b8a4ee3019e9a008193c578a687b0d29694355a679c04cbfa94d4049beb3c52a899d593f46254c94d67db833f39e91325a4476963b9ef18  ca-certificates-20191127.tar.xz
+051b5d78916ee7389dfbd4e8871aab720415bd6e9ee0313dba770fc40ee7c68ac67d7918f2503458a3218e3bfc10691b5e379b65269106fde02c7e7a36eb7595  0003-update-ca-insert-newline-between-certs.patch"