Update to libressl-3.5.3.

2022-06-14 01:02:06 +03:00 · 2022-06-14 01:02:06 +03:00 · 15a2d6d3f1
parent 59baae95c9
commit 15a2d6d3f1
2 changed files with 14 additions and 235 deletions
--- a/ports/libssl/libssl.patch
+++ b/ports/libssl/libssl.patch
@ -1,38 +1,3 @@
-diff -Paur --no-dereference -- libssl.upstream/apps/nc/compat/base64.c libssl/apps/nc/compat/base64.c
--- libssl.upstream/apps/nc/compat/base64.c
-+++ libssl/apps/nc/compat/base64.c
-@@ -124,14 +124,14 @@
- 
- int
- b64_ntop(src, srclength, target, targsize)
-	u_char const *src;
-+	unsigned char const *src;
- 	size_t srclength;
- 	char *target;
- 	size_t targsize;
- {
- 	size_t datalength = 0;
-	u_char input[3];
-	u_char output[4];
-+	unsigned char input[3];
-+	unsigned char output[4];
- 	int i;
- 
- 	while (2 < srclength) {
-@@ -189,11 +189,11 @@
- int
- b64_pton(src, target, targsize)
- 	char const *src;
-	u_char *target;
-+	unsigned char *target;
- 	size_t targsize;
- {
- 	int tarindex, state, ch;
-	u_char nextbyte;
-+	unsigned char nextbyte;
- 	char *pos;
- 
- 	state = 0;
 diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/netcat.c
 --- libssl.upstream/apps/nc/netcat.c
 +++ libssl/apps/nc/netcat.c
@ -61,16 +26,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n
 			unix_dg_tmp_socket = unix_dg_tmp_socket_buf;
 		}
 	}
-@@ -1386,6 +1393,8 @@
- void
- fdpass(int nfd)
- {
-+/* PATCH: File descriptor passing is WIP on Sortix. */
-+#ifdef CMSG_SPACE
- 	struct msghdr mh;
- 	union {
- 		struct cmsghdr hdr;
-@@ -1405,7 +1414,8 @@
+@@ -1405,7 +1412,8 @@
 	memset(&cmsgbuf, 0, sizeof(cmsgbuf));
 	memset(&iov, 0, sizeof(iov));
 
@ -80,16 +36,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n
 	mh.msg_controllen = sizeof(cmsgbuf.buf);
 	cmsg = CMSG_FIRSTHDR(&mh);
 	cmsg->cmsg_len = CMSG_LEN(sizeof(int));
-@@ -1436,12 +1446,16 @@
- 			break;
- 	}
- 	exit(0);
-+#else
-+	errx(1, "File descriptor passing is not supported");
-+#endif
- }
- 
- /* Deal with RFC 854 WILL/WONT DO/DONT negotiation. */
+@@ -1442,6 +1450,7 @@
 void
 atelnet(int nfd, unsigned char *buf, unsigned int size)
 {
@ -97,7 +44,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n
 	unsigned char *p, *end;
 	unsigned char obuf[4];
 
-@@ -1467,6 +1481,9 @@
+@@ -1467,6 +1476,9 @@
 		if (atomicio(vwrite, nfd, obuf, 3) != 3)
 			warn("Write Error!");
 	}
@ -107,7 +54,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n
 }
 
 
-@@ -1581,16 +1598,20 @@
+@@ -1581,16 +1593,20 @@
 			err(1, NULL);
 	}
 	if (Tflag != -1) {
@ -130,7 +77,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n
 			errno = ENOPROTOOPT;
 			err(1, "set IPv6 traffic class not supported");
 		}
-@@ -1608,13 +1629,16 @@
+@@ -1608,13 +1624,16 @@
 	}
 
 	if (ttl != -1) {
@ -149,7 +96,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n
 	}
 
 	if (minttl != -1) {
-@@ -1652,7 +1676,9 @@
+@@ -1652,7 +1671,9 @@
 		{ "af41",		IPTOS_DSCP_AF41 },
 		{ "af42",		IPTOS_DSCP_AF42 },
 		{ "af43",		IPTOS_DSCP_AF43 },
@ -159,7 +106,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/n
 		{ "cs0",		IPTOS_DSCP_CS0 },
 		{ "cs1",		IPTOS_DSCP_CS1 },
 		{ "cs2",		IPTOS_DSCP_CS2 },
-@@ -1662,11 +1688,21 @@
+@@ -1662,11 +1683,21 @@
 		{ "cs6",		IPTOS_DSCP_CS6 },
 		{ "cs7",		IPTOS_DSCP_CS7 },
 		{ "ef",			IPTOS_DSCP_EF },
@ -228,8 +175,8 @@ diff -Paur --no-dereference -- libssl.upstream/apps/openssl/certhash.c libssl/ap
 static struct {
 	int dryrun;
 	int verbose;
-@@ -490,6 +495,11 @@
- 		fprintf(stderr, "failed to readlink %s\n", dep->d_name);
+@@ -494,6 +499,11 @@
+ 		fprintf(stderr, "symbolic link is too long %s\n", dep->d_name);
 		return (-1);
 	}
 +	/* PATCH: Handle symbolic links that are too long. */
@ -266,25 +213,7 @@ diff -Paur --no-dereference -- libssl.upstream/apps/openssl/s_socket.c libssl/ap
 +
 static int init_server(int *sock, int port, int type);
 static int init_server_long(int *sock, int port, char *ip, int type);
- static int do_accept(int acc_sock, int *sock, char **host);
-diff -Paur --no-dereference -- libssl.upstream/configure libssl/configure
--- libssl.upstream/configure
-+++ libssl/configure
-@@ -13056,10 +13056,11 @@
- 	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- 
-+// PATCH: Sortix builds ports with -Werror=implicit-function-declaration so
-+//        make sure getpageinfo has been forward declared, or it will be
-+//        misdetected as missing when it does exist.
- // Since Android NDK v16 getpagesize is defined as inline inside unistd.h
-#ifdef __ANDROID__
-#	include <unistd.h>
-#endif
-+#include <unistd.h>
- 
- int
- main ()
+ static int do_accept(int acc_sock, int *sock);
 diff -Paur --no-dereference -- libssl.upstream/crypto/bio/b_sock.c libssl/crypto/bio/b_sock.c
 --- libssl.upstream/crypto/bio/b_sock.c
 +++ libssl/crypto/bio/b_sock.c
@ -325,115 +254,6 @@ diff -Paur --no-dereference -- libssl.upstream/crypto/bio/bss_bio.c libssl/crypt
 #include <assert.h>
 #include <limits.h>
 #include <stdlib.h>
-diff -Paur --no-dereference -- libssl.upstream/crypto/chacha/chacha-merged.c libssl/crypto/chacha/chacha-merged.c
--- libssl.upstream/crypto/chacha/chacha-merged.c
-+++ libssl/crypto/chacha/chacha-merged.c
-@@ -16,20 +16,20 @@
- #define CHACHA_BLOCKLEN		64
- 
- struct chacha_ctx {
-	u_int input[16];
-+	unsigned int input[16];
- 	uint8_t ks[CHACHA_BLOCKLEN];
- 	uint8_t unused;
- };
- 
-static inline void chacha_keysetup(struct chacha_ctx *x, const u_char *k,
-    u_int kbits)
-+static inline void chacha_keysetup(struct chacha_ctx *x, const unsigned char *k,
-+    unsigned int kbits)
-     __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN)));
-static inline void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv,
-    const u_char *ctr)
-+static inline void chacha_ivsetup(struct chacha_ctx *x, const unsigned char *iv,
-+    const unsigned char *ctr)
-     __attribute__((__bounded__(__minbytes__, 2, CHACHA_NONCELEN)))
-     __attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN)));
-static inline void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m,
-    u_char *c, u_int bytes)
-+static inline void chacha_encrypt_bytes(struct chacha_ctx *x, const unsigned char *m,
-+    unsigned char *c, unsigned int bytes)
-     __attribute__((__bounded__(__buffer__, 2, 4)))
-     __attribute__((__bounded__(__buffer__, 3, 4)));
- 
-@@ -127,7 +127,7 @@
- 	u32 j8, j9, j10, j11, j12, j13, j14, j15;
- 	u8 *ctarget = NULL;
- 	u8 tmp[64];
-	u_int i;
-+	unsigned int i;
- 
- 	if (!bytes)
- 		return;
-diff -Paur --no-dereference -- libssl.upstream/crypto/x509/x509_vpm.c libssl/crypto/x509/x509_vpm.c
--- libssl.upstream/crypto/x509/x509_vpm.c
-+++ libssl/crypto/x509/x509_vpm.c
-@@ -598,6 +598,10 @@
- static const X509_VERIFY_PARAM default_table[] = {
- 	{
- 		.name = "default",
-+		/* PATCH: OpenBSD 6.9 errata 018, September 30, 2021:
-+		   Compensate for the expiry of the DST Root X3 certificate.
-+		   https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/018_cert.patch.sig */
-+		.flags = X509_V_FLAG_TRUSTED_FIRST,
- 		.depth = 100,
- 		.trust = 0,  /* XXX This is not the default trust value */
- 		.id = vpm_empty_id
-diff -Paur --no-dereference -- libssl.upstream/include/compat/arpa/nameser.h libssl/include/compat/arpa/nameser.h
--- libssl.upstream/include/compat/arpa/nameser.h
-+++ libssl/include/compat/arpa/nameser.h
-@@ -4,7 +4,9 @@
-  */
- 
- #ifndef _WIN32
-+#if __has_include_next(<arpa/nameser.h>)
- #include_next <arpa/nameser.h>
-+#endif
- #else
- #include <win32netcompat.h>
- 
-diff -Paur --no-dereference -- libssl.upstream/include/compat/machine/endian.h libssl/include/compat/machine/endian.h
--- libssl.upstream/include/compat/machine/endian.h
-+++ libssl/include/compat/machine/endian.h
-@@ -21,7 +21,10 @@
- #define BYTE_ORDER BIG_ENDIAN
- #endif
- 
-#elif defined(__linux__) || defined(__midipix__)
-+/* PATCH: endian.h is the header being standardized, use it instead if it
-+          exists, that is what Sortix has. This machine/endian.h abstraction
-+          should be renamed to endian.h. */
-+#elif defined(__linux__) || defined(__midipix__) || defined(__sortix__) || __has_include(<endian.h>)
- #include <endian.h>
- 
- #elif defined(__sun) || defined(_AIX) || defined(__hpux)
-diff -Paur --no-dereference -- libssl.upstream/include/compat/netinet/ip.h libssl/include/compat/netinet/ip.h
--- libssl.upstream/include/compat/netinet/ip.h
-+++ libssl/include/compat/netinet/ip.h
-@@ -8,7 +8,9 @@
- #endif
- 
- #ifndef _WIN32
-+#if __has_include_next(<netinet/ip.h>)
- #include_next <netinet/ip.h>
-+#endif
- #else
- #include <win32netcompat.h>
- #endif
-diff -Paur --no-dereference -- libssl.upstream/include/compat/resolv.h libssl/include/compat/resolv.h
--- libssl.upstream/include/compat/resolv.h
-+++ libssl/include/compat/resolv.h
-@@ -13,8 +13,10 @@
- #include <../include/resolv.h>
- #endif
- #else
-+#if __has_include_next(<resolv.h>)
- #include_next <resolv.h>
- #endif
-+#endif
- 
- #ifndef HAVE_B64_NTOP
- int b64_ntop(unsigned char const *, size_t, char *, size_t);
 diff -Paur --no-dereference -- libssl.upstream/include/compat/stdlib.h libssl/include/compat/stdlib.h
 --- libssl.upstream/include/compat/stdlib.h
 +++ libssl/include/compat/stdlib.h
@ -487,48 +307,6 @@ diff -Paur --no-dereference -- libssl.upstream/include/compat/unistd.h libssl/in
 
 #define pledge(request, paths) 0
 #define unveil(path, permissions) 0
-diff -Paur --no-dereference -- libssl.upstream/tests/handshake_table.c libssl/tests/handshake_table.c
--- libssl.upstream/tests/handshake_table.c
-+++ libssl/tests/handshake_table.c
-@@ -19,6 +19,8 @@
- #include <stdint.h>
- #include <stdio.h>
- #include <stdlib.h>
-+/* PATCH: Sortix only has the C11 <stdnoreturn.h> and does not have __dead. */
-+#include <stdnoreturn.h>
- #include <unistd.h>
- 
- #include "tls13_handshake.h"
-@@ -152,7 +154,7 @@
- 		     uint8_t flags);
- void		 fprint_flags(FILE *stream, uint8_t flags);
- const char	*mt2str(enum tls13_message_type mt);
-__dead void	 usage(void);
-+noreturn void	 usage(void);
- int		 verify_table(enum tls13_message_type
- 		     table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES], int print);
- 
-@@ -449,7 +451,7 @@
- 	return success;
- }
- 
-__dead void
-+noreturn void
- usage(void)
- {
- 	fprintf(stderr, "usage: handshake_table [-C | -g]\n");
-diff -Paur --no-dereference -- libssl.upstream/tests/ssltest.c libssl/tests/ssltest.c
--- libssl.upstream/tests/ssltest.c
-+++ libssl/tests/ssltest.c
-@@ -143,7 +143,7 @@
- #define _BSD_SOURCE 1		/* Or gethostname won't be declared properly
- 				   on Linux and GNU platforms. */
- #include <sys/types.h>
-#include <sys/param.h>
-+/* PATCH: Sortix does not have <sys/param.h> and it's not needed. */
- #include <sys/socket.h>
- 
- #include <netinet/in.h>
 diff -Paur --no-dereference -- libssl.upstream/tls/tls_config.c libssl/tls/tls_config.c
 --- libssl.upstream/tls/tls_config.c
 +++ libssl/tls/tls_config.c
@ -538,7 +316,7 @@ diff -Paur --no-dereference -- libssl.upstream/tls/tls_config.c libssl/tls/tls_c
 	if (sb.st_uid != getuid()) {
 +		/* PATCH: Sortix has 64-bit uid_t. */
 		tls_config_set_errorx(config, "session file has incorrect "
-		    "owner (uid %i != %i)", sb.st_uid, getuid());
+-		    "owner (uid %u != %u)", sb.st_uid, getuid());
 +		    "owner (uid %llu != %llu)",
 +		    (unsigned long long) sb.st_uid,
 +		    (unsigned long long) getuid());
--- a/ports/libssl/libssl.port
+++ b/ports/libssl/libssl.port
@ -1,12 +1,13 @@
 NAME=libssl
 BUILD_LIBRARIES=
-VERSION=3.4.0
+VERSION=3.5.3
 DISTNAME=libressl-$VERSION
 COMPRESSION=tar.gz
 ARCHIVE=$DISTNAME.$COMPRESSION
-SHA256SUM=e52eae758d40206a71d763a1a87b71037223bf1986ac239a6be1a6d2ac3916d2
+SHA256SUM=3ab5e5eaef69ce20c6b170ee64d785b42235f48f2e62b095fca5d7b6672b8b28
 UPSTREAM_SITE=https://ftp.openbsd.org/pub/OpenBSD/LibreSSL
 UPSTREAM_ARCHIVE=$ARCHIVE
+LICENSE=OpenSSL
 BUILD_SYSTEM=configure
 MAKE_VARS='V=1'
 POST_INSTALL=tix-eradicate-libtool-la