From 5075582b1544bfe9c33386943f72ff9bd74e2a98 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 26 Feb 2019 21:31:38 +0000
Subject: community/xbps: rebuild against openssl

---
 community/xbps/APKBUILD          |   8 ++-
 community/xbps/openssl-1.1.patch | 126 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 131 insertions(+), 3 deletions(-)
 create mode 100644 community/xbps/openssl-1.1.patch

(limited to 'community/xbps')

diff --git a/community/xbps/APKBUILD b/community/xbps/APKBUILD
index c44c9d63ab..b6d4077d26 100644
--- a/community/xbps/APKBUILD
+++ b/community/xbps/APKBUILD
@@ -2,13 +2,13 @@
 # Maintainer: André Klitzing <aklitzing@gmail.com>
 pkgname=xbps
 pkgver=0.53
-pkgrel=0
+pkgrel=1
 pkgdesc="The X Binary Package System"
 arch="all"
 url="https://github.com/voidlinux/xbps"
 license="BSD"
 depends="ca-certificates"
-makedepends="zlib-dev libarchive-dev libressl-dev" # does not support openssl 1.1
+makedepends="zlib-dev libarchive-dev openssl-dev"
 subpackages="$pkgname-dev $pkgname-doc
 	$pkgname-bash-completion:bashcomp:noarch
 	$pkgname-zsh-completion:zshcomp:noarch"
@@ -16,6 +16,7 @@ options="!check"
 source="$pkgname-$pkgver.tar.gz::https://github.com/void-linux/$pkgname/archive/$pkgver.tar.gz
 	0f338597015271ee504100c32fd2c4926efdb423.patch
 	disable-Werror.patch
+	openssl-1.1.patch
 	"
 builddir="$srcdir/$pkgname-$pkgver"
 
@@ -64,4 +65,5 @@ _submv() {
 
 sha512sums="f40a479196e95cd1c01962230cd3e61f424474ceb454c3d7a31d59b636a0f17138023ae2822bb1666765f15618e3fa7e4fa48786c5530eb975f637b6abf6418f  xbps-0.53.tar.gz
 5ae4fa6c5fc8d115b01d74c85121e13933b17a09404d53923a316ce7cc30325227019db33a2efe891ed2be5f61600e3003c37f07c24639ef32786d5b8d4d9c2b  0f338597015271ee504100c32fd2c4926efdb423.patch
-a761edd8fd358b500337fcef79f6163ef642fc387f97d952fec0838baa786d585f21e34cd066cba1918f474bccd7decbad2587b91f125b75e308b2dfe8f4721a  disable-Werror.patch"
+a761edd8fd358b500337fcef79f6163ef642fc387f97d952fec0838baa786d585f21e34cd066cba1918f474bccd7decbad2587b91f125b75e308b2dfe8f4721a  disable-Werror.patch
+c61d64f618ee21bdf120512ada3d67babeded06830384b800754e586fd66d16772984d6fe325e4674098a1e07caf737e8293848008d068591656808f267fafcb  openssl-1.1.patch"
diff --git a/community/xbps/openssl-1.1.patch b/community/xbps/openssl-1.1.patch
new file mode 100644
index 0000000000..677be08539
--- /dev/null
+++ b/community/xbps/openssl-1.1.patch
@@ -0,0 +1,126 @@
+From b4eebafa6d634c4e0e00267ae69703e506ac101d Mon Sep 17 00:00:00 2001
+From: wuhanck <wuhanck@hotmail.com>
+Date: Thu, 24 Jan 2019 18:39:07 +0800
+Subject: [PATCH] upgrade to openssl 1.1.x.
+
+---
+ configure          |  2 +-
+ lib/fetch/common.c |  2 +-
+ lib/pubkey2fp.c    | 29 ++++++++++++++++++-----------
+ 3 files changed, 20 insertions(+), 13 deletions(-)
+
+diff --git a/configure b/configure
+index ebef990a..b6e642a2 100755
+--- a/configure
++++ b/configure
+@@ -678,7 +678,7 @@ fi
+ # libssl with pkg-config support is required.
+ #
+ printf "Checking for libssl via pkg-config ... "
+-if $PKGCONFIG_BIN --exists 'libssl < 1.1' && ! $PKGCONFIG_BIN --exists libtls ; then
++if $PKGCONFIG_BIN --exists 'libssl < 1.2' && ! $PKGCONFIG_BIN --exists libtls ; then
+ 	echo "found OpenSSL version $($PKGCONFIG_BIN --modversion libssl)."
+ elif $PKGCONFIG_BIN --exists libssl libtls; then
+ 	echo "found LibreSSL version $($PKGCONFIG_BIN --modversion libssl)."
+diff --git a/lib/fetch/common.c b/lib/fetch/common.c
+index 94fb2651..b3d8f2f0 100644
+--- a/lib/fetch/common.c
++++ b/lib/fetch/common.c
+@@ -895,7 +895,7 @@ fetch_ssl_verify_altname(STACK_OF(GENERAL_NAME) *altnames,
+ 
+ 	for (i = 0; i < sk_GENERAL_NAME_num(altnames); ++i) {
+ 		name = sk_GENERAL_NAME_value(altnames, i);
+-		ns = (const char *)ASN1_STRING_data(name->d.ia5);
++		ns = (const char *)ASN1_STRING_get0_data(name->d.ia5);
+ 		nslen = (size_t)ASN1_STRING_length(name->d.ia5);
+ 
+ 		if (name->type == GEN_DNS && ip == NULL &&
+diff --git a/lib/pubkey2fp.c b/lib/pubkey2fp.c
+index 2cfe7178..c1a46e88 100644
+--- a/lib/pubkey2fp.c
++++ b/lib/pubkey2fp.c
+@@ -65,12 +65,13 @@ fp2str(unsigned const char *fp, unsigned int len)
+ char *
+ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
+ {
+-	EVP_MD_CTX mdctx;
++	EVP_MD_CTX *mdctx = NULL;
+ 	EVP_PKEY *pPubKey = NULL;
+ 	RSA *pRsa = NULL;
+ 	BIO *bio = NULL;
+ 	const void *pubkeydata;
+ 	unsigned char md_value[EVP_MAX_MD_SIZE];
++	const BIGNUM *n, *e;
+ 	unsigned char *nBytes = NULL, *eBytes = NULL, *pEncoding = NULL;
+ 	unsigned int md_len = 0;
+ 	char *hexfpstr = NULL;
+@@ -79,6 +80,8 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
+ 	ERR_load_crypto_strings();
+ 	OpenSSL_add_all_algorithms();
+ 
++	mdctx = EVP_MD_CTX_new();
++	assert(mdctx);
+ 	pubkeydata = xbps_data_data_nocopy(pubkey);
+ 	bio = BIO_new_mem_buf(__UNCONST(pubkeydata), xbps_data_size(pubkey));
+ 	assert(bio);
+@@ -91,7 +94,7 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
+ 		goto out;
+ 	}
+ 
+-	if (EVP_PKEY_type(pPubKey->type) != EVP_PKEY_RSA) {
++	if (EVP_PKEY_base_id(pPubKey) != EVP_PKEY_RSA) {
+ 		xbps_dbg_printf(xhp, "only RSA public keys are currently supported\n");
+ 		goto out;
+ 	}
+@@ -103,19 +106,20 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
+ 		goto out;
+ 	}
+ 
++	RSA_get0_key(pRsa, &n, &e, NULL);
+ 	// reading the modulus
+-	nLen = BN_num_bytes(pRsa->n);
++	nLen = BN_num_bytes(n);
+ 	nBytes = (unsigned char*) malloc(nLen);
+ 	if (nBytes == NULL)
+ 		goto out;
+-	BN_bn2bin(pRsa->n, nBytes);
++	BN_bn2bin(n, nBytes);
+ 
+ 	// reading the public exponent
+-	eLen = BN_num_bytes(pRsa->e);
++	eLen = BN_num_bytes(e);
+ 	eBytes = (unsigned char*) malloc(eLen);
+ 	if (eBytes == NULL)
+ 		goto out;
+-	BN_bn2bin(pRsa->e, eBytes);
++	BN_bn2bin(e, eBytes);
+ 
+ 	encodingLength = 11 + 4 + eLen + 4 + nLen;
+ 	// correct depending on the MSB of e and N
+@@ -135,18 +139,21 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
+ 	/*
+ 	 * Compute the RSA fingerprint (MD5).
+ 	 */
+-	EVP_MD_CTX_init(&mdctx);
+-	EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL);
+-	EVP_DigestUpdate(&mdctx, pEncoding, encodingLength);
+-	if (EVP_DigestFinal_ex(&mdctx, md_value, &md_len) == 0)
++	EVP_MD_CTX_init(mdctx);
++	EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
++	EVP_DigestUpdate(mdctx, pEncoding, encodingLength);
++	if (EVP_DigestFinal_ex(mdctx, md_value, &md_len) == 0)
+ 		goto out;
+-	EVP_MD_CTX_cleanup(&mdctx);
++	EVP_MD_CTX_free(mdctx);
++	mdctx = NULL;
+ 	/*
+ 	 * Convert result to a compatible OpenSSH hex fingerprint.
+ 	 */
+ 	hexfpstr = fp2str(md_value, md_len);
+ 
+ out:
++	if (mdctx)
++		EVP_MD_CTX_free(mdctx);
+ 	if (bio)
+ 		BIO_free_all(bio);
+ 	if (pRsa)
-- 
cgit v1.2.3