kotovalexarian-likes-gitlab/sortix--sortix
1
0
Fork 0
mirror of https://gitlab.com/sortix/sortix.git synced 2023-02-13 20:55:38 -05:00
Code Releases Activity

Update to libressl-3.5.3.

Browse source
This commit is contained in:
Juhani Krekelä 2022-06-14 01:02:06 +03:00 committed by Jonas 'Sortie' Termansen
parent 59baae95c9
commit 15a2d6d3f1
2 changed files with 14 additions and 235 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

244
ports/libssl/libssl.patch
View file

@ -1,38 +1,3 @@
diff -Paur --no-dereference -- libssl.upstream/apps/nc/compat/base64.c libssl/apps/nc/compat/base64.c
--- libssl.upstream/apps/nc/compat/base64.c
+++ libssl/apps/nc/compat/base64.c
@@ -124,14 +124,14 @@
int
b64_ntop(src, srclength, target, targsize)
- u_char const *src;
+ unsigned char const *src;
size_t srclength;
char *target;
size_t targsize;
{
size_t datalength = 0;
- u_char input[3];
- u_char output[4];
+ unsigned char input[3];
+ unsigned char output[4];
int i;
while (2 < srclength) {
@@ -189,11 +189,11 @@
int
b64_pton(src, target, targsize)
char const *src;
- u_char *target;
+ unsigned char *target;
size_t targsize;
{
int tarindex, state, ch;
- u_char nextbyte;
+ unsigned char nextbyte;
char *pos;
state = 0;
diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/netcat.c diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/netcat.c
--- libssl.upstream/apps/nc/netcat.c --- libssl.upstream/apps/nc/netcat.c
+++ libssl/apps/nc/netcat.c +++ libssl/apps/nc/netcat.c
@ -61,16 +26,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n
unix_dg_tmp_socket = unix_dg_tmp_socket_buf; unix_dg_tmp_socket = unix_dg_tmp_socket_buf;
} }
} }
@@ -1386,6 +1393,8 @@ @@ -1405,7 +1412,8 @@
void
fdpass(int nfd)
{
+/* PATCH: File descriptor passing is WIP on Sortix. */
+#ifdef CMSG_SPACE
struct msghdr mh;
union {
struct cmsghdr hdr;
@@ -1405,7 +1414,8 @@
memset(&cmsgbuf, 0, sizeof(cmsgbuf)); memset(&cmsgbuf, 0, sizeof(cmsgbuf));
memset(&iov, 0, sizeof(iov)); memset(&iov, 0, sizeof(iov));
@ -80,16 +36,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n
mh.msg_controllen = sizeof(cmsgbuf.buf); mh.msg_controllen = sizeof(cmsgbuf.buf);
cmsg = CMSG_FIRSTHDR(&mh); cmsg = CMSG_FIRSTHDR(&mh);
cmsg->cmsg_len = CMSG_LEN(sizeof(int)); cmsg->cmsg_len = CMSG_LEN(sizeof(int));
@@ -1436,12 +1446,16 @@ @@ -1442,6 +1450,7 @@
break;
}
exit(0);
+#else
+ errx(1, "File descriptor passing is not supported");
+#endif
}
/* Deal with RFC 854 WILL/WONT DO/DONT negotiation. */
void void
atelnet(int nfd, unsigned char *buf, unsigned int size) atelnet(int nfd, unsigned char *buf, unsigned int size)
{ {
@ -97,7 +44,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n
unsigned char *p, *end; unsigned char *p, *end;
unsigned char obuf[4]; unsigned char obuf[4];
@@ -1467,6 +1481,9 @@ @@ -1467,6 +1476,9 @@
if (atomicio(vwrite, nfd, obuf, 3) != 3) if (atomicio(vwrite, nfd, obuf, 3) != 3)
warn("Write Error!"); warn("Write Error!");
} }
@ -107,7 +54,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n
} }
@@ -1581,16 +1598,20 @@ @@ -1581,16 +1593,20 @@
err(1, NULL); err(1, NULL);
} }
if (Tflag != -1) { if (Tflag != -1) {
@ -130,7 +77,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n
errno = ENOPROTOOPT; errno = ENOPROTOOPT;
err(1, "set IPv6 traffic class not supported"); err(1, "set IPv6 traffic class not supported");
} }
@@ -1608,13 +1629,16 @@ @@ -1608,13 +1624,16 @@
} }
if (ttl != -1) { if (ttl != -1) {
@ -149,7 +96,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n
} }
if (minttl != -1) { if (minttl != -1) {
@@ -1652,7 +1676,9 @@ @@ -1652,7 +1671,9 @@
{ "af41", IPTOS_DSCP_AF41 }, { "af41", IPTOS_DSCP_AF41 },
{ "af42", IPTOS_DSCP_AF42 }, { "af42", IPTOS_DSCP_AF42 },
{ "af43", IPTOS_DSCP_AF43 }, { "af43", IPTOS_DSCP_AF43 },
@ -159,7 +106,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n
{ "cs0", IPTOS_DSCP_CS0 }, { "cs0", IPTOS_DSCP_CS0 },
{ "cs1", IPTOS_DSCP_CS1 }, { "cs1", IPTOS_DSCP_CS1 },
{ "cs2", IPTOS_DSCP_CS2 }, { "cs2", IPTOS_DSCP_CS2 },
@@ -1662,11 +1688,21 @@ @@ -1662,11 +1683,21 @@
{ "cs6", IPTOS_DSCP_CS6 }, { "cs6", IPTOS_DSCP_CS6 },
{ "cs7", IPTOS_DSCP_CS7 }, { "cs7", IPTOS_DSCP_CS7 },
{ "ef", IPTOS_DSCP_EF }, { "ef", IPTOS_DSCP_EF },
@ -228,8 +175,8 @@ diff -Paur --no-dereference -- libssl.upstream/apps/openssl/certhash.c libssl/ap
static struct { static struct {
int dryrun; int dryrun;
int verbose; int verbose;
@@ -490,6 +495,11 @@ @@ -494,6 +499,11 @@
fprintf(stderr, "failed to readlink %s\n", dep->d_name); fprintf(stderr, "symbolic link is too long %s\n", dep->d_name);
return (-1); return (-1);
} }
+ /* PATCH: Handle symbolic links that are too long. */ + /* PATCH: Handle symbolic links that are too long. */
@ -266,25 +213,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/openssl/s_socket.c libssl/ap
+ +
static int init_server(int *sock, int port, int type); static int init_server(int *sock, int port, int type);
static int init_server_long(int *sock, int port, char *ip, int type); static int init_server_long(int *sock, int port, char *ip, int type);
static int do_accept(int acc_sock, int *sock, char **host); static int do_accept(int acc_sock, int *sock);
diff -Paur --no-dereference -- libssl.upstream/configure libssl/configure
--- libssl.upstream/configure
+++ libssl/configure
@@ -13056,10 +13056,11 @@
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
+// PATCH: Sortix builds ports with -Werror=implicit-function-declaration so
+// make sure getpageinfo has been forward declared, or it will be
+// misdetected as missing when it does exist.
// Since Android NDK v16 getpagesize is defined as inline inside unistd.h
-#ifdef __ANDROID__
-# include <unistd.h>
-#endif
+#include <unistd.h>
int
main ()
diff -Paur --no-dereference -- libssl.upstream/crypto/bio/b_sock.c libssl/crypto/bio/b_sock.c diff -Paur --no-dereference -- libssl.upstream/crypto/bio/b_sock.c libssl/crypto/bio/b_sock.c
--- libssl.upstream/crypto/bio/b_sock.c --- libssl.upstream/crypto/bio/b_sock.c
+++ libssl/crypto/bio/b_sock.c +++ libssl/crypto/bio/b_sock.c
@ -325,115 +254,6 @@ diff -Paur --no-dereference -- libssl.upstream/crypto/bio/bss_bio.c libssl/crypt
#include <assert.h> #include <assert.h>
#include <limits.h> #include <limits.h>
#include <stdlib.h> #include <stdlib.h>
diff -Paur --no-dereference -- libssl.upstream/crypto/chacha/chacha-merged.c libssl/crypto/chacha/chacha-merged.c
--- libssl.upstream/crypto/chacha/chacha-merged.c
+++ libssl/crypto/chacha/chacha-merged.c
@@ -16,20 +16,20 @@
#define CHACHA_BLOCKLEN 64
struct chacha_ctx {
- u_int input[16];
+ unsigned int input[16];
uint8_t ks[CHACHA_BLOCKLEN];
uint8_t unused;
};
-static inline void chacha_keysetup(struct chacha_ctx *x, const u_char *k,
- u_int kbits)
+static inline void chacha_keysetup(struct chacha_ctx *x, const unsigned char *k,
+ unsigned int kbits)
__attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN)));
-static inline void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv,
- const u_char *ctr)
+static inline void chacha_ivsetup(struct chacha_ctx *x, const unsigned char *iv,
+ const unsigned char *ctr)
__attribute__((__bounded__(__minbytes__, 2, CHACHA_NONCELEN)))
__attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN)));
-static inline void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m,
- u_char *c, u_int bytes)
+static inline void chacha_encrypt_bytes(struct chacha_ctx *x, const unsigned char *m,
+ unsigned char *c, unsigned int bytes)
__attribute__((__bounded__(__buffer__, 2, 4)))
__attribute__((__bounded__(__buffer__, 3, 4)));
@@ -127,7 +127,7 @@
u32 j8, j9, j10, j11, j12, j13, j14, j15;
u8 *ctarget = NULL;
u8 tmp[64];
- u_int i;
+ unsigned int i;
if (!bytes)
return;
diff -Paur --no-dereference -- libssl.upstream/crypto/x509/x509_vpm.c libssl/crypto/x509/x509_vpm.c
--- libssl.upstream/crypto/x509/x509_vpm.c
+++ libssl/crypto/x509/x509_vpm.c
@@ -598,6 +598,10 @@
static const X509_VERIFY_PARAM default_table[] = {
{
.name = "default",
+ /* PATCH: OpenBSD 6.9 errata 018, September 30, 2021:
+ Compensate for the expiry of the DST Root X3 certificate.
+ https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/018_cert.patch.sig */
+ .flags = X509_V_FLAG_TRUSTED_FIRST,
.depth = 100,
.trust = 0, /* XXX This is not the default trust value */
.id = vpm_empty_id
diff -Paur --no-dereference -- libssl.upstream/include/compat/arpa/nameser.h libssl/include/compat/arpa/nameser.h
--- libssl.upstream/include/compat/arpa/nameser.h
+++ libssl/include/compat/arpa/nameser.h
@@ -4,7 +4,9 @@
*/
#ifndef _WIN32
+#if __has_include_next(<arpa/nameser.h>)
#include_next <arpa/nameser.h>
+#endif
#else
#include <win32netcompat.h>
diff -Paur --no-dereference -- libssl.upstream/include/compat/machine/endian.h libssl/include/compat/machine/endian.h
--- libssl.upstream/include/compat/machine/endian.h
+++ libssl/include/compat/machine/endian.h
@@ -21,7 +21,10 @@
#define BYTE_ORDER BIG_ENDIAN
#endif
-#elif defined(__linux__) || defined(__midipix__)
+/* PATCH: endian.h is the header being standardized, use it instead if it
+ exists, that is what Sortix has. This machine/endian.h abstraction
+ should be renamed to endian.h. */
+#elif defined(__linux__) || defined(__midipix__) || defined(__sortix__) || __has_include(<endian.h>)
#include <endian.h>
#elif defined(__sun) || defined(_AIX) || defined(__hpux)
diff -Paur --no-dereference -- libssl.upstream/include/compat/netinet/ip.h libssl/include/compat/netinet/ip.h
--- libssl.upstream/include/compat/netinet/ip.h
+++ libssl/include/compat/netinet/ip.h
@@ -8,7 +8,9 @@
#endif
#ifndef _WIN32
+#if __has_include_next(<netinet/ip.h>)
#include_next <netinet/ip.h>
+#endif
#else
#include <win32netcompat.h>
#endif
diff -Paur --no-dereference -- libssl.upstream/include/compat/resolv.h libssl/include/compat/resolv.h
--- libssl.upstream/include/compat/resolv.h
+++ libssl/include/compat/resolv.h
@@ -13,8 +13,10 @@
#include <../include/resolv.h>
#endif
#else
+#if __has_include_next(<resolv.h>)
#include_next <resolv.h>
#endif
+#endif
#ifndef HAVE_B64_NTOP
int b64_ntop(unsigned char const *, size_t, char *, size_t);
diff -Paur --no-dereference -- libssl.upstream/include/compat/stdlib.h libssl/include/compat/stdlib.h diff -Paur --no-dereference -- libssl.upstream/include/compat/stdlib.h libssl/include/compat/stdlib.h
--- libssl.upstream/include/compat/stdlib.h --- libssl.upstream/include/compat/stdlib.h
+++ libssl/include/compat/stdlib.h +++ libssl/include/compat/stdlib.h
@ -487,48 +307,6 @@ diff -Paur --no-dereference -- libssl.upstream/include/compat/unistd.h libssl/in
#define pledge(request, paths) 0 #define pledge(request, paths) 0
#define unveil(path, permissions) 0 #define unveil(path, permissions) 0
diff -Paur --no-dereference -- libssl.upstream/tests/handshake_table.c libssl/tests/handshake_table.c
--- libssl.upstream/tests/handshake_table.c
+++ libssl/tests/handshake_table.c
@@ -19,6 +19,8 @@
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
+/* PATCH: Sortix only has the C11 <stdnoreturn.h> and does not have __dead. */
+#include <stdnoreturn.h>
#include <unistd.h>
#include "tls13_handshake.h"
@@ -152,7 +154,7 @@
uint8_t flags);
void fprint_flags(FILE *stream, uint8_t flags);
const char *mt2str(enum tls13_message_type mt);
-__dead void usage(void);
+noreturn void usage(void);
int verify_table(enum tls13_message_type
table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES], int print);
@@ -449,7 +451,7 @@
return success;
}
-__dead void
+noreturn void
usage(void)
{
fprintf(stderr, "usage: handshake_table [-C | -g]\n");
diff -Paur --no-dereference -- libssl.upstream/tests/ssltest.c libssl/tests/ssltest.c
--- libssl.upstream/tests/ssltest.c
+++ libssl/tests/ssltest.c
@@ -143,7 +143,7 @@
#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
on Linux and GNU platforms. */
#include <sys/types.h>
-#include <sys/param.h>
+/* PATCH: Sortix does not have <sys/param.h> and it's not needed. */
#include <sys/socket.h>
#include <netinet/in.h>
diff -Paur --no-dereference -- libssl.upstream/tls/tls_config.c libssl/tls/tls_config.c diff -Paur --no-dereference -- libssl.upstream/tls/tls_config.c libssl/tls/tls_config.c
--- libssl.upstream/tls/tls_config.c --- libssl.upstream/tls/tls_config.c
+++ libssl/tls/tls_config.c +++ libssl/tls/tls_config.c
@ -538,7 +316,7 @@ diff -Paur --no-dereference -- libssl.upstream/tls/tls_config.c libssl/tls/tls_c
if (sb.st_uid != getuid()) { if (sb.st_uid != getuid()) {
+ /* PATCH: Sortix has 64-bit uid_t. */ + /* PATCH: Sortix has 64-bit uid_t. */
tls_config_set_errorx(config, "session file has incorrect " tls_config_set_errorx(config, "session file has incorrect "
- "owner (uid %i != %i)", sb.st_uid, getuid()); - "owner (uid %u != %u)", sb.st_uid, getuid());
+ "owner (uid %llu != %llu)", + "owner (uid %llu != %llu)",
+ (unsigned long long) sb.st_uid, + (unsigned long long) sb.st_uid,
+ (unsigned long long) getuid()); + (unsigned long long) getuid());

5
ports/libssl/libssl.port
View file

@ -1,12 +1,13 @@
NAME=libssl NAME=libssl
BUILD_LIBRARIES= BUILD_LIBRARIES=
VERSION=3.4.0 VERSION=3.5.3
DISTNAME=libressl-$VERSION DISTNAME=libressl-$VERSION
COMPRESSION=tar.gz COMPRESSION=tar.gz
ARCHIVE=$DISTNAME.$COMPRESSION ARCHIVE=$DISTNAME.$COMPRESSION
SHA256SUM=e52eae758d40206a71d763a1a87b71037223bf1986ac239a6be1a6d2ac3916d2 SHA256SUM=3ab5e5eaef69ce20c6b170ee64d785b42235f48f2e62b095fca5d7b6672b8b28
UPSTREAM_SITE=https://ftp.openbsd.org/pub/OpenBSD/LibreSSL UPSTREAM_SITE=https://ftp.openbsd.org/pub/OpenBSD/LibreSSL
UPSTREAM_ARCHIVE=$ARCHIVE UPSTREAM_ARCHIVE=$ARCHIVE
LICENSE=OpenSSL
BUILD_SYSTEM=configure BUILD_SYSTEM=configure
MAKE_VARS='V=1' MAKE_VARS='V=1'
POST_INSTALL=tix-eradicate-libtool-la POST_INSTALL=tix-eradicate-libtool-la