main/openssl: remove c_rehash

the users of this should be using now libressl's certhash. and
c_rehash is planned to be moved to ca-certificates so it can
avoid dependency on libressl main package.

2 files changed, 7 insertions, 479 deletions

diff --git a/main/openssl/0007-reimplement-c_rehash-in-C.patch b/main/openssl/0007-reimplement-c_rehash-in-C.patch
deleted file mode 100644
index eee75d14f5..0000000000
--- a/main/openssl/0007-reimplement-c_rehash-in-C.patch
+++ /dev/null
@@ -1,447 +0,0 @@
-From f9044ad2a216f984481645671ccc30a043849fb1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
-Date: Thu, 5 Feb 2015 09:11:27 +0200
-Subject: [PATCH] reimplement c_rehash in C
-
----
- apps/Makefile   |   4 +-
- apps/c_rehash.c | 383 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- tools/Makefile  |   3 +-
- 3 files changed, 386 insertions(+), 4 deletions(-)
- create mode 100644 apps/c_rehash.c
-
-diff --git a/apps/Makefile b/apps/Makefile
-index 72657ea..3aa03e0 100644
---- a/apps/Makefile
-+++ b/apps/Makefile
-@@ -36,7 +36,7 @@ SCRIPTS=CA.sh CA.pl tsget
- EXE= $(PROGRAM)$(EXE_EXT)
- 
- E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
--	ca crl rsa rsautl dsa dsaparam ec ecparam \
-+	ca crl c_rehash rsa rsautl dsa dsaparam ec ecparam \
- 	x509 genrsa gendsa genpkey s_server s_client speed \
- 	s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \
- 	pkcs8 pkey pkeyparam pkeyutl spkac smime rand engine ocsp prime ts srp
-@@ -51,7 +51,7 @@ RAND_OBJ=app_rand.o
- RAND_SRC=app_rand.c
- 
- E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
--	ca.o pkcs7.o crl2p7.o crl.o \
-+	ca.o pkcs7.o crl2p7.o crl.o c_rehash.o \
- 	rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \
- 	x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o \
- 	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
-diff --git a/apps/c_rehash.c b/apps/c_rehash.c
-new file mode 100644
-index 0000000..e8d0b86
---- /dev/null
-+++ b/apps/c_rehash.c
-@@ -0,0 +1,383 @@
-+/* c_rehash.c - Create hash symlinks for certificates
-+ * C implementation based on the original Perl and shell versions
-+ *
-+ * Copyright (c) 2013-2014 Timo Teräs <timo.teras@iki.fi>
-+ * All rights reserved.
-+ *
-+ * This software is licensed under the MIT License.
-+ * Full license available at: http://opensource.org/licenses/MIT
-+ */
-+
-+#include <stdio.h>
-+#include <limits.h>
-+#include <string.h>
-+#include <unistd.h>
-+#include <dirent.h>
-+#include <sys/stat.h>
-+
-+#include <openssl/evp.h>
-+#include <openssl/pem.h>
-+#include <openssl/x509.h>
-+
-+#include "apps.h"
-+
-+#undef PROG
-+#define PROG c_rehash_main
-+
-+
-+#define MAX_COLLISIONS	256
-+#define countof(x) 	(sizeof(x) / sizeof(x[0]))
-+
-+#if 0
-+#define DEBUG(args...) fprintf(stderr, args)
-+#else
-+#define DEBUG(args...)
-+#endif
-+
-+struct entry_info {
-+	struct entry_info *next;
-+	char *filename;
-+	unsigned short old_id;
-+	unsigned char need_symlink;
-+	unsigned char digest[EVP_MAX_MD_SIZE];
-+};
-+
-+struct bucket_info {
-+	struct bucket_info *next;
-+	struct entry_info *first_entry, *last_entry;
-+	unsigned int hash;
-+	unsigned short type;
-+	unsigned short num_needed;
-+};
-+
-+enum Type {
-+	TYPE_CERT = 0,
-+	TYPE_CRL
-+};
-+
-+static const char *symlink_extensions[] = { "", "r" };
-+static const char *file_extensions[] = { "pem", "crt", "cer", "crl" };
-+
-+static int evpmdsize;
-+static const EVP_MD *evpmd;
-+
-+static int do_hash_new = 1;
-+static int do_hash_old = 0;
-+static int do_remove_links = 1;
-+static int do_verbose = 0;
-+
-+static struct bucket_info *hash_table[257];
-+
-+static void bit_set(unsigned char *set, unsigned bit)
-+{
-+	set[bit / 8] |= 1 << (bit % 8);
-+}
-+
-+static int bit_isset(unsigned char *set, unsigned bit)
-+{
-+	return set[bit / 8] & (1 << (bit % 8));
-+}
-+
-+static void add_entry(
-+	int type, unsigned int hash,
-+	const char *filename, const unsigned char *digest,
-+	int need_symlink, unsigned short old_id)
-+{
-+	struct bucket_info *bi;
-+	struct entry_info *ei, *found = NULL;
-+	unsigned int ndx = (type + hash) % countof(hash_table);
-+
-+	for (bi = hash_table[ndx]; bi; bi = bi->next)
-+		if (bi->type == type && bi->hash == hash)
-+			break;
-+	if (!bi) {
-+		bi = calloc(1, sizeof(*bi));
-+		if (!bi) return;
-+		bi->next = hash_table[ndx];
-+		bi->type = type;
-+		bi->hash = hash;
-+		hash_table[ndx] = bi;
-+	}
-+
-+	for (ei = bi->first_entry; ei; ei = ei->next) {
-+		if (digest && memcmp(digest, ei->digest, evpmdsize) == 0) {
-+			BIO_printf(bio_err,
-+				"WARNING: Skipping duplicate certificate in file %s\n",
-+				filename);
-+			return;
-+		}
-+		if (!strcmp(filename, ei->filename)) {
-+			found = ei;
-+			if (!digest) break;
-+		}
-+	}
-+	ei = found;
-+	if (!ei) {
-+		if (bi->num_needed >= MAX_COLLISIONS) return;
-+		ei = calloc(1, sizeof(*ei));
-+		if (!ei) return;
-+
-+		ei->old_id = ~0;
-+		ei->filename = strdup(filename);
-+		if (bi->last_entry) bi->last_entry->next = ei;
-+		if (!bi->first_entry) bi->first_entry = ei;
-+		bi->last_entry = ei;
-+	}
-+
-+	if (old_id < ei->old_id) ei->old_id = old_id;
-+	if (need_symlink && !ei->need_symlink) {
-+		ei->need_symlink = 1;
-+		bi->num_needed++;
-+		memcpy(ei->digest, digest, evpmdsize);
-+	}
-+}
-+
-+static int handle_symlink(const char *filename, const char *fullpath)
-+{
-+	static char xdigit[] = {
-+		 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1,-1,-1,-1,-1,
-+		-1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-+		-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-+		-1,10,11,12,13,14,15
-+	};
-+	char linktarget[NAME_MAX], *endptr;
-+	unsigned int hash = 0;
-+	unsigned char ch;
-+	int i, type, id;
-+	ssize_t n;
-+
-+	for (i = 0; i < 8; i++) {
-+		ch = filename[i] - '0';
-+		if (ch >= countof(xdigit) || xdigit[ch] < 0)
-+			return -1;
-+		hash <<= 4;
-+		hash += xdigit[ch];
-+	}
-+	if (filename[i++] != '.') return -1;
-+	for (type = countof(symlink_extensions) - 1; type > 0; type--)
-+		if (strcasecmp(symlink_extensions[type], &filename[i]) == 0)
-+			break;
-+	i += strlen(symlink_extensions[type]);
-+
-+	id = strtoul(&filename[i], &endptr, 10);
-+	if (*endptr != 0) return -1;
-+
-+	n = readlink(fullpath, linktarget, sizeof(linktarget));
-+	if (n >= sizeof(linktarget) || n < 0) return -1;
-+	linktarget[n] = 0;
-+
-+	DEBUG("Found existing symlink %s for %08x (%d), certname %s\n",
-+		filename, hash, type, linktarget);
-+	add_entry(type, hash, linktarget, NULL, 0, id);
-+	return 0;
-+}
-+
-+static int handle_certificate(const char *filename, const char *fullpath)
-+{
-+	STACK_OF(X509_INFO) *inf;
-+	X509_INFO *x;
-+	BIO *b;
-+	const char *ext;
-+	unsigned char digest[EVP_MAX_MD_SIZE];
-+	X509_NAME *name = NULL;
-+	int i, type, ret = -1;
-+
-+	ext = strrchr(filename, '.');
-+	if (ext == NULL) return 0;
-+	for (i = 0; i < countof(file_extensions); i++) {
-+		if (strcasecmp(file_extensions[i], ext+1) == 0)
-+			break;
-+	}
-+	if (i >= countof(file_extensions)) return -1;
-+
-+	b = BIO_new_file(fullpath, "r");
-+	if (!b) return -1;
-+	inf = PEM_X509_INFO_read_bio(b, NULL, NULL, NULL);
-+	BIO_free(b);
-+	if (!inf) return -1;
-+
-+	if (sk_X509_INFO_num(inf) == 1) {
-+		x = sk_X509_INFO_value(inf, 0);
-+		if (x->x509) {
-+			type = TYPE_CERT;
-+			name = X509_get_subject_name(x->x509);
-+			X509_digest(x->x509, evpmd, digest, NULL);
-+		} else if (x->crl) {
-+			type = TYPE_CRL;
-+			name = X509_CRL_get_issuer(x->crl);
-+			X509_CRL_digest(x->crl, evpmd, digest, NULL);
-+		}
-+		if (name && do_hash_new)
-+			add_entry(type, X509_NAME_hash(name), filename, digest, 1, ~0);
-+		if (name && do_hash_old)
-+			add_entry(type, X509_NAME_hash_old(name), filename, digest, 1, ~0);
-+	} else {
-+		BIO_printf(bio_err,
-+			"WARNING: %s does not contain exactly one certificate or CRL: skipping\n",
-+			filename);
-+	}
-+
-+	sk_X509_INFO_pop_free(inf, X509_INFO_free);
-+
-+	return ret;
-+}
-+
-+static int hash_dir(const char *dirname)
-+{
-+	struct bucket_info *bi, *nextbi;
-+	struct entry_info *ei, *nextei;
-+	struct dirent *de;
-+	struct stat st;
-+	unsigned char idmask[MAX_COLLISIONS / 8];
-+	int i, n, nextid, buflen, ret = -1;
-+	const char *pathsep;
-+	char *buf;
-+	DIR *d;
-+
-+	if (access(dirname, R_OK|W_OK|X_OK) != 0) {
-+		BIO_printf(bio_err,
-+			"ERROR: Access denied '%s'\n",
-+			dirname);
-+		return -1;
-+	}
-+
-+	buflen = strlen(dirname);
-+	pathsep = (buflen && dirname[buflen-1] == '/') ? "" : "/";
-+	buflen += NAME_MAX + 2;
-+	buf = malloc(buflen);
-+	if (buf == NULL)
-+		goto err;
-+
-+	if (do_verbose) printf("Doing %s\n", dirname);
-+	d = opendir(dirname);
-+	if (!d) goto err;
-+
-+	while ((de = readdir(d)) != NULL) {
-+		if (snprintf(buf, buflen, "%s%s%s", dirname, pathsep, de->d_name) >= buflen)
-+			continue;
-+		if (lstat(buf, &st) < 0)
-+			continue;
-+		if (S_ISLNK(st.st_mode) && handle_symlink(de->d_name, buf) == 0)
-+			continue;
-+		handle_certificate(de->d_name, buf);
-+	}
-+	closedir(d);
-+
-+	for (i = 0; i < countof(hash_table); i++) {
-+		for (bi = hash_table[i]; bi; bi = nextbi) {
-+			nextbi = bi->next;
-+			DEBUG("Type %d, hash %08x, num entries %d:\n", bi->type, bi->hash, bi->num_needed);
-+
-+			nextid = 0;
-+			memset(idmask, 0, (bi->num_needed+7)/8);
-+			for (ei = bi->first_entry; ei; ei = ei->next)
-+				if (ei->old_id < bi->num_needed)
-+					bit_set(idmask, ei->old_id);
-+
-+			for (ei = bi->first_entry; ei; ei = nextei) {
-+				nextei = ei->next;
-+				DEBUG("\t(old_id %d, need_symlink %d) Cert %s\n",
-+					ei->old_id, ei->need_symlink,
-+					ei->filename);
-+
-+				if (ei->old_id < bi->num_needed) {
-+					/* Link exists, and is used as-is */
-+					snprintf(buf, buflen, "%08x.%s%d", bi->hash, symlink_extensions[bi->type], ei->old_id);
-+					if (do_verbose) printf("link %s -> %s\n", ei->filename, buf);
-+				} else if (ei->need_symlink) {
-+					/* New link needed (it may replace something) */
-+					while (bit_isset(idmask, nextid))
-+						nextid++;
-+
-+					snprintf(buf, buflen, "%s%s%n%08x.%s%d",
-+						 dirname, pathsep, &n, bi->hash,
-+						 symlink_extensions[bi->type],
-+						 nextid);
-+					if (do_verbose) printf("link %s -> %s\n", ei->filename, &buf[n]);
-+					unlink(buf);
-+					symlink(ei->filename, buf);
-+				} else if (do_remove_links) {
-+					/* Link to be deleted */
-+					snprintf(buf, buflen, "%s%s%n%08x.%s%d",
-+						 dirname, pathsep, &n, bi->hash,
-+						 symlink_extensions[bi->type],
-+						 ei->old_id);
-+					if (do_verbose) printf("unlink %s\n", &buf[n]);
-+					unlink(buf);
-+				}
-+				free(ei->filename);
-+				free(ei);
-+			}
-+			free(bi);
-+		}
-+		hash_table[i] = NULL;
-+	}
-+
-+	ret = 0;
-+err:
-+	free(buf);
-+	return ret;
-+}
-+
-+static void c_rehash_usage(void)
-+{
-+	printf("\
-+usage: c_rehash <args> <dirs>\n\
-+\n\
-+-compat       - create new- and old-style hashed links\n\
-+-old          - use old-style hashing for generating links\n\
-+-h            - display this help\n\
-+-n            - do not remove existing links\n\
-+-v            - be more verbose\n\
-+\n");
-+}
-+
-+int MAIN(int argc, char **argv)
-+{
-+	const char *env, *opt;
-+	int i, numargs, r = 0;
-+
-+	evpmd = EVP_sha1();
-+	evpmdsize = EVP_MD_size(evpmd);
-+	if (bio_err == NULL)
-+		bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-+
-+	numargs = argc;
-+	for (i = 1; i < argc; i++) {
-+		if (argv[i][0] != '-') continue;
-+		if (strcmp(argv[i], "--") == 0) { argv[i] = 0; numargs--; break; }
-+		opt = &argv[i][1];
-+		if (strcmp(opt, "compat") == 0) {
-+			do_hash_new = do_hash_old = 1;
-+		} else if (strcmp(opt, "old") == 0) {
-+			do_hash_new = 0;
-+			do_hash_old = 1;
-+		} else if (strcmp(opt, "n") == 0) {
-+			do_remove_links = 0;
-+		} else if (strcmp(opt, "v") == 0) {
-+			do_verbose++;
-+		} else {
-+			if (strcmp(opt, "h") != 0)
-+				BIO_printf(bio_err,"unknown option %s\n", argv[i]);
-+			c_rehash_usage();
-+			return 1;
-+		}
-+		argv[i] = 0;
-+		numargs--;
-+	}
-+
-+	if (numargs > 1) {
-+		for (i = 1; i < argc; i++)
-+			if (argv[i]) r |= hash_dir(argv[i]);
-+	} else if ((env = getenv("SSL_CERT_DIR")) != NULL) {
-+		char *e, *m;
-+		m = strdup(env);
-+		for (e = strtok(m, ":"); e != NULL; e = strtok(NULL, ":"))
-+			r |= hash_dir(e);
-+		free(m);
-+	} else {
-+		r |= hash_dir("/etc/ssl/certs");
-+	}
-+
-+	return r ? 2 : 0;
-+}
-diff --git a/tools/Makefile b/tools/Makefile
-index bb6fb71..51190fc 100644
---- a/tools/Makefile
-+++ b/tools/Makefile
-@@ -13,7 +13,7 @@ CFLAGS= $(INCLUDES) $(CFLAG)
- 
- GENERAL=Makefile
- TEST=
--APPS= c_rehash
-+APPS= 
- MISC_APPS= c_hash c_info c_issuer c_name
- 
- all:
-@@ -49,7 +49,6 @@ depend:
- dclean:
- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- 	mv -f Makefile.new $(MAKEFILE)
--	rm -f c_rehash
- 
- clean:
- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--- 
-2.2.2
-
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index c3c6e61896..1fee0a31ce 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Timo Teras <timo.teras@iki.fi>
 pkgname=openssl
 pkgver=1.0.2j
-pkgrel=1
+pkgrel=2
 pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
 url="http://openssl.org"
 depends=
@@ -20,7 +20,6 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
 	0004-fix-default-ca-path-for-apps.patch
 	0005-fix-parallel-build.patch
 	0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
-	0007-reimplement-c_rehash-in-C.patch
 	0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
 	0009-no-rpath.patch
 	0010-ssl-env-zlib.patch
@@ -53,26 +52,11 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
 #     - CVE-2016-6304
 #     - CVE-2016-6306
 
-_builddir="$srcdir"/$pkgname-$pkgver
-
-prepare() {
-        cd "$_builddir"
-        for patch in $source; do
-                case $patch in
-                *.patch)
-                        msg "Applying patch $patch"
-                        patch -p1 -i "$srcdir"/$patch || return 1
-                        ;;
-                esac
-        done
-
-	# force generate apps, due to c_rehash patch
-	rm -rf "$_builddir"/apps/progs.h
-}
+builddir="$srcdir"/$pkgname-$pkgver
 
 build() {
 	local _target _optflags
-	cd "$_builddir"
+	cd "$builddir"
 
 	# openssl will prepend crosscompile always core CC et al
 	CC=${CC#${CROSS_COMPILE}}
@@ -102,30 +86,24 @@ build() {
 		|| return 1
 
 	make && make build-shared || return 1
-
-	# Build standalone version c_rehash app, so the huge openssl
-	# binary is not mandatory requirement of ca-certificates
-	${CROSS_COMPILE}$CC $CPPFLAGS $CFLAGS $LDFLAGS -I . -I include -L . "$_builddir"/apps/c_rehash.c -o c_rehash -lcrypto || return 1
 }
 
 package() {
-	cd "$_builddir"
+	cd "$builddir"
 	make INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man MANSUFFIX=ssl install || return 1
-
-	# c_rehash standalone app
-	install c_rehash "$pkgdir"/usr/bin/c_rehash || return 1
+	# remove the script c_rehash
+	rm "$pkgdir"/usr/bin/c_rehash
 }
 
 libcrypto() {
 	pkgdesc="Crypto library from openssl"
 
-	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib "$subpkgdir"/usr/bin
+	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
 	for i in "$pkgdir"/usr/lib/libcrypto*; do
 		mv $i "$subpkgdir"/lib/
 		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
 	done
 	mv "$pkgdir"/usr/lib/engines "$subpkgdir"/usr/lib/ || return 1
-	mv "$pkgdir"/usr/bin/c_rehash "$subpkgdir"/usr/bin/ || return 1
 }
 
 libssl() {
@@ -144,7 +122,6 @@ md5sums="96322138f0b69e61b7212bc53d5e912b  openssl-1.0.2j.tar.gz
 9bb9dffdd871eeccc945494771302cc3  0004-fix-default-ca-path-for-apps.patch
 ed6e779e9799aeb7e029929a5719e631  0005-fix-parallel-build.patch
 5a5753f52b9f54f769f1ad915d0119bd  0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
-106b2c7590d49a28c782cf3f5d623543  0007-reimplement-c_rehash-in-C.patch
 7a2f9c883ecdfca3087062df4a68150a  0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
 28e89dd715fc4ed85e747bd7306f2970  0009-no-rpath.patch
 742ee13d88b13414248f329a09f9a92d  0010-ssl-env-zlib.patch
@@ -157,7 +134,6 @@ c3e6a9710726dac72e3eeffd78961d3bae67a480f6bde7890e066547da25cdfd  0003-use-termi
 1f022ccab9b2e5850f32d2ac75cb617c8ce7b803a4548ce71e82776fe5b15b67  0004-fix-default-ca-path-for-apps.patch
 aa1fed25880313bd77fe06fc8a42ac65e02ac944eb4052480de2abbde7867380  0005-fix-parallel-build.patch
 9baecc8024bd5004ef045c6c53537f7453029c1e273874ce639834145564ca6d  0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
-c934b5d1a2cb58b5235da2dfee423f0f66bb83e1d479f511b444751899637c37  0007-reimplement-c_rehash-in-C.patch
 1030f885dc76f352854a7a95d73e68cfd1479c5f9ee198d6afef6b0755ee1c81  0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
 6b7ac5c9db430d9d3e8aaf87e0e95aa8a0ef460517d6563cca24014d4d890fbc  0009-no-rpath.patch
 fa2e3101ca7c6daed7ea063860d586424be7590b1cec4302bc2beee1a3c6039f  0010-ssl-env-zlib.patch
@@ -170,7 +146,6 @@ sha512sums="7d6ccae4aa3ccec3a5d128da29c68401cdb1210cba6d212d55235fc3bc63d7085e2f
 c67472879a31b5dbdd313892df6d37e7c93e8c0237d406c30d50b1016c2618ead3c13277f5dc723ef1ceed092d36e3c15a9777daa844f59b9fa2b0a4f04fd9ae  0004-fix-default-ca-path-for-apps.patch
 5d4191482f8bbf62c75fe6bc2d9587388022c3310703c2a913788a983b1d1406e706cf3916a5792604f0b0f220a87432d3b82b442cea9915f2abb6fdd8478fcb  0005-fix-parallel-build.patch
 820d4ce1c222696fe3f1dd0d11815c06262ec230fdb174532fd507286667a0aefbf858ea5edac4245a54b950cd0556545ecd0c5cf494692a2ba131c667e7bcd5  0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
-fc4e383ec85c6543e4e82520904122a5a5601c68042ece1e95a0cae95e02d89174f06f78ba2f8aacae8df16052df6ec628b568519a41706428a3fa07984cc8e3  0007-reimplement-c_rehash-in-C.patch
 17ad683bb91a3a3c5bcc456c8aed7f0b42414c6de06ebafa4753af93c42d9827c9978a43d4d53d741a45df7f7895c6f6163172af57cc7b391cfd15f45ce6c351  0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
 5dbbc01985190ae1254350fb12565beb6abb916b6a7bb1f0f22d9762b1e575d124aaf9aa4cfe5f908e420978f691072d48c61a72660f09dfd6d9a2f83f862bc1  0009-no-rpath.patch
 5febe20948e3f12d981e378e1f4ea538711657aacb6865a1aa91339d4a04277e250f490a1f2abc2c6f290bdc2b1bffdba1d00983b4c09f7ea983eef8163f9420  0010-ssl-env-zlib.patch