nortti
/
sortix-mirror
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
sortix-mirror/ports/libssl/libssl.patch

548 lines
16 KiB
Diff
Raw Normal View History

Add ports to the Sortix repository. This change imports the ports collection from the former porttix and srctix repositories and converts them to port(5) files with metadata pointing to the upstream release tarballs with patches checked into this repository. Ports are now developed and versioned along with the operating system and are automatically built per the PACKAGES environment variable. The patches are licensed under the same license as the relevant ports. Tix has gained support for the new port(5) format. tix-port(8) is the new high level ports build even point that handles downloading pstream releases into the new mirror cache directory, applying the patches, building the port with the lower-level tix-build(8), and finally installing the binary package. The new tix-vars(8) program parses port(5) files and the new tix-rmdiff(8) program produces input for tix-rmpatch(8). The old doc/ directory is discontinued in favor of manual pages documenting the new ports system. The obsolete porttix-create(8) and srctix-create(8) programs are removed.
2022-06-13 20:29:53 +00:00
diff -Paur --no-dereference -- libssl.upstream/apps/nc/compat/base64.c libssl/apps/nc/compat/base64.c
--- libssl.upstream/apps/nc/compat/base64.c
+++ libssl/apps/nc/compat/base64.c
@@ -124,14 +124,14 @@
int
b64_ntop(src, srclength, target, targsize)
- u_char const *src;
+ unsigned char const *src;
size_t srclength;
char *target;
size_t targsize;
{
size_t datalength = 0;
- u_char input[3];
- u_char output[4];
+ unsigned char input[3];
+ unsigned char output[4];
int i;
while (2 < srclength) {
@@ -189,11 +189,11 @@
int
b64_pton(src, target, targsize)
char const *src;
- u_char *target;
+ unsigned char *target;
size_t targsize;
{
int tarindex, state, ch;
- u_char nextbyte;
+ unsigned char nextbyte;
char *pos;
state = 0;
diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/netcat.c
--- libssl.upstream/apps/nc/netcat.c
+++ libssl/apps/nc/netcat.c
@@ -40,7 +40,10 @@
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
+/* PATCH: Sortix doesn't have <netinet/telnet.h> yet. */
+#if __has_include(<netinet/telnet.h>)
#include <arpa/telnet.h>
+#endif
#include <ctype.h>
#include <err.h>
@@ -468,8 +471,12 @@
} else {
strlcpy(unix_dg_tmp_socket_buf, "/tmp/nc.XXXXXXXXXX",
UNIX_DG_TMP_SOCKET_SIZE);
- if (mktemp(unix_dg_tmp_socket_buf) == NULL)
+ /* PATCH: Sortix doesn't have the obsolete mktemp(3) function. */
+ int fd = mkstemp(unix_dg_tmp_socket_buf);
+ if (fd < 0)
err(1, "mktemp");
+ unlink(unix_dg_tmp_socket_buf);
+ close(fd);
unix_dg_tmp_socket = unix_dg_tmp_socket_buf;
}
}
@@ -1386,6 +1393,8 @@
void
fdpass(int nfd)
{
+/* PATCH: File descriptor passing is WIP on Sortix. */
+#ifdef CMSG_SPACE
struct msghdr mh;
union {
struct cmsghdr hdr;
@@ -1405,7 +1414,8 @@
memset(&cmsgbuf, 0, sizeof(cmsgbuf));
memset(&iov, 0, sizeof(iov));
- mh.msg_control = (caddr_t)&cmsgbuf.buf;
+ /* PATCH: Sortix doesn't have the non-standard caddr_t type. */
+ mh.msg_control = (char*)&cmsgbuf.buf;
mh.msg_controllen = sizeof(cmsgbuf.buf);
cmsg = CMSG_FIRSTHDR(&mh);
cmsg->cmsg_len = CMSG_LEN(sizeof(int));
@@ -1436,12 +1446,16 @@
break;
}
exit(0);
+#else
+ errx(1, "File descriptor passing is not supported");
+#endif
}
/* Deal with RFC 854 WILL/WONT DO/DONT negotiation. */
void
atelnet(int nfd, unsigned char *buf, unsigned int size)
{
+#ifdef IAC
unsigned char *p, *end;
unsigned char obuf[4];
@@ -1467,6 +1481,9 @@
if (atomicio(vwrite, nfd, obuf, 3) != 3)
warn("Write Error!");
}
+#else
+ errx(1, "Telnet negotation is not supported");
+#endif
}
@@ -1581,16 +1598,20 @@
err(1, NULL);
}
if (Tflag != -1) {
+/* PATCH: The Sortix network stack is WIP and doesn't have IP_TOS yet and
+ likewise with other features. */
+#ifdef IP_TOS
if (af == AF_INET && setsockopt(s, IPPROTO_IP,
IP_TOS, &Tflag, sizeof(Tflag)) == -1)
err(1, "set IP ToS");
+#endif
#ifdef IPV6_TCLASS
- else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+ if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_TCLASS, &Tflag, sizeof(Tflag)) == -1)
err(1, "set IPv6 traffic class");
#else
- else if (af == AF_INET6) {
+ if (af == AF_INET6) {
errno = ENOPROTOOPT;
err(1, "set IPv6 traffic class not supported");
}
@@ -1608,13 +1629,16 @@
}
if (ttl != -1) {
+#ifdef IP_TTL
if (af == AF_INET && setsockopt(s, IPPROTO_IP,
IP_TTL, &ttl, sizeof(ttl)))
err(1, "set IP TTL");
-
- else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+#endif
+#ifdef IPV6_UNICAST_HOPS
+ if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_UNICAST_HOPS, &ttl, sizeof(ttl)))
err(1, "set IPv6 unicast hops");
+#endif
}
if (minttl != -1) {
@@ -1652,7 +1676,9 @@
{ "af41", IPTOS_DSCP_AF41 },
{ "af42", IPTOS_DSCP_AF42 },
{ "af43", IPTOS_DSCP_AF43 },
+#ifdef IPTOS_PREC_CRITIC_ECP
{ "critical", IPTOS_PREC_CRITIC_ECP },
+#endif
{ "cs0", IPTOS_DSCP_CS0 },
{ "cs1", IPTOS_DSCP_CS1 },
{ "cs2", IPTOS_DSCP_CS2 },
@@ -1662,11 +1688,21 @@
{ "cs6", IPTOS_DSCP_CS6 },
{ "cs7", IPTOS_DSCP_CS7 },
{ "ef", IPTOS_DSCP_EF },
+#ifdef IPTOS_PREC_INTERNETCONTROL
{ "inetcontrol", IPTOS_PREC_INTERNETCONTROL },
+#endif
+#ifdef IPTOS_LOWDELAY
{ "lowdelay", IPTOS_LOWDELAY },
+#endif
+#ifdef IPTOS_PREC_NETCONTROL
{ "netcontrol", IPTOS_PREC_NETCONTROL },
+#endif
+#ifdef IPTOS_RELIABILITY
{ "reliability", IPTOS_RELIABILITY },
+#endif
+#ifdef IPTOS_THROUGHPUT
{ "throughput", IPTOS_THROUGHPUT },
+#endif
{ NULL, -1 },
};
diff -Paur --no-dereference -- libssl.upstream/apps/openssl/apps.c libssl/apps/openssl/apps.c
--- libssl.upstream/apps/openssl/apps.c
+++ libssl/apps/openssl/apps.c
@@ -147,6 +147,11 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
+/* PATCH: For snprintf path creation that handles too long paths. */
+#if defined(__sortix__) && !defined(PATH_MAX)
+#define PATH_MAX 4096
+#endif
+
typedef struct {
const char *name;
unsigned long flag;
diff -Paur --no-dereference -- libssl.upstream/apps/openssl/ca.c libssl/apps/openssl/ca.c
--- libssl.upstream/apps/openssl/ca.c
+++ libssl/apps/openssl/ca.c
@@ -81,6 +81,13 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
+/* PATCH: Sortix doesn't have a PATH_MAX limit. Provide a simple value for the
+ below snprintf calls that construct paths and handle overflow if paths
+ are longer than PATH_MAX. */
+#if defined(__sortix__) && !defined(PATH_MAX)
+#define PATH_MAX 4096
+#endif
+
#define BASE_SECTION "ca"
#define ENV_DEFAULT_CA "default_ca"
diff -Paur --no-dereference -- libssl.upstream/apps/openssl/certhash.c libssl/apps/openssl/certhash.c
--- libssl.upstream/apps/openssl/certhash.c
+++ libssl/apps/openssl/certhash.c
@@ -33,6 +33,11 @@
#include "apps.h"
+/* PATCH: For readlink that handles too long paths. */
+#if defined(__sortix__) && !defined(PATH_MAX)
+#define PATH_MAX 4096
+#endif
+
static struct {
int dryrun;
int verbose;
@@ -490,6 +495,11 @@
fprintf(stderr, "failed to readlink %s\n", dep->d_name);
return (-1);
}
+ /* PATCH: Handle symbolic links that are too long. */
+ if (n == sizeof(target) - 1) {
+ fprintf(stderr, "symbolic link is too long %s\n", dep->d_name);
+ return (-1);
+ }
target[n] = '\0';
hi = hashinfo_from_linkname(dep->d_name, target);
diff -Paur --no-dereference -- libssl.upstream/apps/openssl/s_socket.c libssl/apps/openssl/s_socket.c
--- libssl.upstream/apps/openssl/s_socket.c
+++ libssl/apps/openssl/s_socket.c
@@ -73,6 +73,23 @@
#include "s_apps.h"
+/* PATCH: The server below only supports IPv4 and only uses the obsolete
+ gethostbyname and gethostbyaddr instead of the getaddrinfo
+ replacement. Sortix intentionally does not have gethostbyname, so
+ simply disable the feature for now. */
+#if defined(__sortix__)
+struct hostent
+{
+ char *h_name;
+ char **h_aliases;
+ int h_addrtype;
+ int h_length;
+ char **h_addr_list;
+};
+#define gethostbyname(a) ((void) a, (struct hostent*) NULL)
+#define gethostbyaddr(a, b, c) (((void) a), ((void) b), ((void) c), (struct hostent*) NULL)
+#endif
+
static int init_server(int *sock, int port, int type);
static int init_server_long(int *sock, int port, char *ip, int type);
static int do_accept(int acc_sock, int *sock, char **host);
diff -Paur --no-dereference -- libssl.upstream/configure libssl/configure
--- libssl.upstream/configure
+++ libssl/configure
@@ -13056,10 +13056,11 @@
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
+// PATCH: Sortix builds ports with -Werror=implicit-function-declaration so
+// make sure getpageinfo has been forward declared, or it will be
+// misdetected as missing when it does exist.
// Since Android NDK v16 getpagesize is defined as inline inside unistd.h
-#ifdef __ANDROID__
-# include <unistd.h>
-#endif
+#include <unistd.h>
int
main ()
diff -Paur --no-dereference -- libssl.upstream/crypto/bio/b_sock.c libssl/crypto/bio/b_sock.c
--- libssl.upstream/crypto/bio/b_sock.c
+++ libssl/crypto/bio/b_sock.c
@@ -34,6 +34,21 @@
#include <openssl/buffer.h>
#include <openssl/err.h>
+/* PATCH: Sortix intentionally doesn't have the obsolete gethostbyname family
+ but only the modern getaddrinfo(3) family. Actually none of my ports
+ use BIO_gethostbyname, maybe it can just be removed. */
+#if defined(__sortix__)
+struct hostent
+{
+ char *h_name;
+ char **h_aliases;
+ int h_addrtype;
+ int h_length;
+ char **h_addr_list;
+};
+#define gethostbyname(a) ((void) a, (struct hostent*) NULL)
+#endif
+
int
BIO_get_host_ip(const char *str, unsigned char *ip)
{
diff -Paur --no-dereference -- libssl.upstream/crypto/bio/bss_bio.c libssl/crypto/bio/bss_bio.c
--- libssl.upstream/crypto/bio/bss_bio.c
+++ libssl/crypto/bio/bss_bio.c
@@ -74,6 +74,11 @@
# endif
#endif
+/* PATCH: Sortix <limits.h> is buggy and doesn't define SSIZE_MAX right now. */
+#if defined(__sortix__)
+#include <sys/types.h>
+#endif
+
#include <assert.h>
#include <limits.h>
#include <stdlib.h>
diff -Paur --no-dereference -- libssl.upstream/crypto/chacha/chacha-merged.c libssl/crypto/chacha/chacha-merged.c
--- libssl.upstream/crypto/chacha/chacha-merged.c
+++ libssl/crypto/chacha/chacha-merged.c
@@ -16,20 +16,20 @@
#define CHACHA_BLOCKLEN 64
struct chacha_ctx {
- u_int input[16];
+ unsigned int input[16];
uint8_t ks[CHACHA_BLOCKLEN];
uint8_t unused;
};
-static inline void chacha_keysetup(struct chacha_ctx *x, const u_char *k,
- u_int kbits)
+static inline void chacha_keysetup(struct chacha_ctx *x, const unsigned char *k,
+ unsigned int kbits)
__attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN)));
-static inline void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv,
- const u_char *ctr)
+static inline void chacha_ivsetup(struct chacha_ctx *x, const unsigned char *iv,
+ const unsigned char *ctr)
__attribute__((__bounded__(__minbytes__, 2, CHACHA_NONCELEN)))
__attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN)));
-static inline void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m,
- u_char *c, u_int bytes)
+static inline void chacha_encrypt_bytes(struct chacha_ctx *x, const unsigned char *m,
+ unsigned char *c, unsigned int bytes)
__attribute__((__bounded__(__buffer__, 2, 4)))
__attribute__((__bounded__(__buffer__, 3, 4)));
@@ -127,7 +127,7 @@
u32 j8, j9, j10, j11, j12, j13, j14, j15;
u8 *ctarget = NULL;
u8 tmp[64];
- u_int i;
+ unsigned int i;
if (!bytes)
return;
diff -Paur --no-dereference -- libssl.upstream/crypto/x509/x509_vpm.c libssl/crypto/x509/x509_vpm.c
--- libssl.upstream/crypto/x509/x509_vpm.c
+++ libssl/crypto/x509/x509_vpm.c
@@ -598,6 +598,10 @@
static const X509_VERIFY_PARAM default_table[] = {
{
.name = "default",
+ /* PATCH: OpenBSD 6.9 errata 018, September 30, 2021:
+ Compensate for the expiry of the DST Root X3 certificate.
+ https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/018_cert.patch.sig */
+ .flags = X509_V_FLAG_TRUSTED_FIRST,
.depth = 100,
.trust = 0, /* XXX This is not the default trust value */
.id = vpm_empty_id
diff -Paur --no-dereference -- libssl.upstream/include/compat/arpa/nameser.h libssl/include/compat/arpa/nameser.h
--- libssl.upstream/include/compat/arpa/nameser.h
+++ libssl/include/compat/arpa/nameser.h
@@ -4,7 +4,9 @@
*/
#ifndef _WIN32
+#if __has_include_next(<arpa/nameser.h>)
#include_next <arpa/nameser.h>
+#endif
#else
#include <win32netcompat.h>
diff -Paur --no-dereference -- libssl.upstream/include/compat/machine/endian.h libssl/include/compat/machine/endian.h
--- libssl.upstream/include/compat/machine/endian.h
+++ libssl/include/compat/machine/endian.h
@@ -21,7 +21,10 @@
#define BYTE_ORDER BIG_ENDIAN
#endif
-#elif defined(__linux__) || defined(__midipix__)
+/* PATCH: endian.h is the header being standardized, use it instead if it
+ exists, that is what Sortix has. This machine/endian.h abstraction
+ should be renamed to endian.h. */
+#elif defined(__linux__) || defined(__midipix__) || defined(__sortix__) || __has_include(<endian.h>)
#include <endian.h>
#elif defined(__sun) || defined(_AIX) || defined(__hpux)
diff -Paur --no-dereference -- libssl.upstream/include/compat/netinet/ip.h libssl/include/compat/netinet/ip.h
--- libssl.upstream/include/compat/netinet/ip.h
+++ libssl/include/compat/netinet/ip.h
@@ -8,7 +8,9 @@
#endif
#ifndef _WIN32
+#if __has_include_next(<netinet/ip.h>)
#include_next <netinet/ip.h>
+#endif
#else
#include <win32netcompat.h>
#endif
diff -Paur --no-dereference -- libssl.upstream/include/compat/resolv.h libssl/include/compat/resolv.h
--- libssl.upstream/include/compat/resolv.h
+++ libssl/include/compat/resolv.h
@@ -13,8 +13,10 @@
#include <../include/resolv.h>
#endif
#else
+#if __has_include_next(<resolv.h>)
#include_next <resolv.h>
#endif
+#endif
#ifndef HAVE_B64_NTOP
int b64_ntop(unsigned char const *, size_t, char *, size_t);
diff -Paur --no-dereference -- libssl.upstream/include/compat/stdlib.h libssl/include/compat/stdlib.h
--- libssl.upstream/include/compat/stdlib.h
+++ libssl/include/compat/stdlib.h
@@ -16,7 +16,7 @@
#ifndef LIBCRYPTOCOMPAT_STDLIB_H
#define LIBCRYPTOCOMPAT_STDLIB_H
-#include <sys/types.h>
+/* PATCH: <sys/types.h> doesn't need to be included. */
#include <stdint.h>
#ifndef HAVE_ARC4RANDOM_BUF
diff -Paur --no-dereference -- libssl.upstream/include/compat/string.h libssl/include/compat/string.h
--- libssl.upstream/include/compat/string.h
+++ libssl/include/compat/string.h
@@ -16,7 +16,7 @@
#include_next <string.h>
#endif
-#include <sys/types.h>
+/* PATCH: <sys/types.h> doesn't need to be included. */
#if defined(__sun) || defined(_AIX) || defined(__hpux)
/* Some functions historically defined in string.h were placed in strings.h by
diff -Paur --no-dereference -- libssl.upstream/include/compat/sys/types.h libssl/include/compat/sys/types.h
--- libssl.upstream/include/compat/sys/types.h
+++ libssl/include/compat/sys/types.h
@@ -16,7 +16,7 @@
#ifndef LIBCRYPTOCOMPAT_SYS_TYPES_H
#define LIBCRYPTOCOMPAT_SYS_TYPES_H
-#include <stdint.h>
+/* PATCH: <stdint.h> doesn't need to be included. */
#ifdef __MINGW32__
#include <_bsd_types.h>
diff -Paur --no-dereference -- libssl.upstream/include/compat/unistd.h libssl/include/compat/unistd.h
--- libssl.upstream/include/compat/unistd.h
+++ libssl/include/compat/unistd.h
@@ -64,9 +64,10 @@
#endif
#endif
-#ifndef HAVE_GETPAGESIZE
-int getpagesize(void);
-#endif
+/* PATCH: Somehow HAVE_GETPAGESIZE doesn't get defined even though configure
+ does detect Sortix has it (with the fix). Sortix getpagesize returns
+ size_t rather than int, so remove this conflicting forward
+ declaration. */
#define pledge(request, paths) 0
#define unveil(path, permissions) 0
diff -Paur --no-dereference -- libssl.upstream/tests/handshake_table.c libssl/tests/handshake_table.c
--- libssl.upstream/tests/handshake_table.c
+++ libssl/tests/handshake_table.c
@@ -19,6 +19,8 @@
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
+/* PATCH: Sortix only has the C11 <stdnoreturn.h> and does not have __dead. */
+#include <stdnoreturn.h>
#include <unistd.h>
#include "tls13_handshake.h"
@@ -152,7 +154,7 @@
uint8_t flags);
void fprint_flags(FILE *stream, uint8_t flags);
const char *mt2str(enum tls13_message_type mt);
-__dead void usage(void);
+noreturn void usage(void);
int verify_table(enum tls13_message_type
table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES], int print);
@@ -449,7 +451,7 @@
return success;
}
-__dead void
+noreturn void
usage(void)
{
fprintf(stderr, "usage: handshake_table [-C | -g]\n");
diff -Paur --no-dereference -- libssl.upstream/tests/ssltest.c libssl/tests/ssltest.c
--- libssl.upstream/tests/ssltest.c
+++ libssl/tests/ssltest.c
@@ -143,7 +143,7 @@
#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
on Linux and GNU platforms. */
#include <sys/types.h>
-#include <sys/param.h>
+/* PATCH: Sortix does not have <sys/param.h> and it's not needed. */
#include <sys/socket.h>
#include <netinet/in.h>
diff -Paur --no-dereference -- libssl.upstream/tls/tls_config.c libssl/tls/tls_config.c
--- libssl.upstream/tls/tls_config.c
+++ libssl/tls/tls_config.c
@@ -721,8 +721,11 @@
}
if (sb.st_uid != getuid()) {
+ /* PATCH: Sortix has 64-bit uid_t. */
tls_config_set_errorx(config, "session file has incorrect "
- "owner (uid %i != %i)", sb.st_uid, getuid());
+ "owner (uid %llu != %llu)",
+ (unsigned long long) sb.st_uid,
+ (unsigned long long) getuid());
return (-1);
}
mugo = sb.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO);