[packages/apk-tools] up to 2.10.3
glen
glen at pld-linux.org
Thu Feb 7 11:07:30 CET 2019
commit 5801949964f84736ced5a4b88d133630af14fb25
Author: Elan Ruusamäe <glen at pld-linux.org>
Date: Thu Feb 7 12:07:21 2019 +0200
up to 2.10.3
0001-add-support-for-openssl-1.1.patch | 380 ---------------------------------
apk-tools.spec | 8 +-
2 files changed, 3 insertions(+), 385 deletions(-)
---
diff --git a/apk-tools.spec b/apk-tools.spec
index 8d3de91..fa637aa 100644
--- a/apk-tools.spec
+++ b/apk-tools.spec
@@ -4,16 +4,15 @@
Summary: Alpine Package Keeper - package manager for alpine
Name: apk-tools
-Version: 2.10.1
+Version: 2.10.3
Release: 1
License: GPL v2
Group: Base
Source0: https://dev.alpinelinux.org/archive/apk-tools/%{name}-%{version}.tar.xz
-# Source0-md5: d14969082e880bd056644f73ac3b3eb2
+# Source0-md5: deecb1be266f02279b8eeba74e60772a
Patch0: 0001-fix-strncpy-bounds-errors.patch
Patch1: 0002-include-sys-sysmacros.h-for-makedev-definition.patch
-Patch2: 0001-add-support-for-openssl-1.1.patch
-URL: https://git.alpinelinux.org/cgit/apk-tools/
+URL: https://git.alpinelinux.org/apk-tools/
%{?with_lua:BuildRequires: lua52-devel}
BuildRequires: openssl-devel
BuildRequires: tar >= 1:1.22
@@ -36,7 +35,6 @@ Lua module for apk-tools.
%setup -q
%patch0 -p1
%patch1 -p1
-%patch2 -p1
%build
generate_config() {
diff --git a/0001-add-support-for-openssl-1.1.patch b/0001-add-support-for-openssl-1.1.patch
deleted file mode 100644
index 18c8c94..0000000
--- a/0001-add-support-for-openssl-1.1.patch
+++ /dev/null
@@ -1,380 +0,0 @@
-From beab8545ebb2898a2beb157a4d9424ebddf3e26f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras at iki.fi>
-Date: Fri, 26 Oct 2018 08:21:52 +0300
-Subject: [PATCH] add support for openssl 1.1
-
----
- src/apk_blob.h | 2 +-
- src/apk_io.h | 1 -
- src/apk_openssl.h | 21 +++++++++++++++++++++
- src/apk_package.h | 2 +-
- src/archive.c | 17 ++++++++++-------
- src/database.c | 19 ++++++++++++-------
- src/io.c | 45 ++++++++++++++++++++++++++-------------------
- src/package.c | 37 +++++++++++++++++++------------------
- 8 files changed, 90 insertions(+), 54 deletions(-)
- create mode 100644 src/apk_openssl.h
-
-diff --git a/src/apk_blob.h b/src/apk_blob.h
-index 2d2e30e..4fdd3be 100644
---- a/src/apk_blob.h
-+++ b/src/apk_blob.h
-@@ -14,9 +14,9 @@
-
- #include <ctype.h>
- #include <string.h>
--#include <openssl/evp.h>
-
- #include "apk_defines.h"
-+#include "apk_openssl.h"
-
- typedef const unsigned char *apk_spn_match;
- typedef unsigned char apk_spn_match_def[256 / 8];
-diff --git a/src/apk_io.h b/src/apk_io.h
-index 94aa989..26c3f28 100644
---- a/src/apk_io.h
-+++ b/src/apk_io.h
-@@ -12,7 +12,6 @@
- #define APK_IO
-
- #include <sys/types.h>
--#include <openssl/evp.h>
- #include <fcntl.h>
- #include <time.h>
-
-diff --git a/src/apk_openssl.h b/src/apk_openssl.h
-new file mode 100644
-index 0000000..c45beb9
---- /dev/null
-+++ b/src/apk_openssl.h
-@@ -0,0 +1,21 @@
-+#ifndef APK_SSL_COMPAT_H
-+#define APK_SSL_COMPAT_H
-+
-+#include <openssl/opensslv.h>
-+#include <openssl/evp.h>
-+
-+#if OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
-+
-+static inline EVP_MD_CTX *EVP_MD_CTX_new(void)
-+{
-+ return EVP_MD_CTX_create();
-+}
-+
-+static inline void EVP_MD_CTX_free(EVP_MD_CTX *mdctx)
-+{
-+ return EVP_MD_CTX_destroy(mdctx);
-+}
-+
-+#endif
-+
-+#endif
-diff --git a/src/apk_package.h b/src/apk_package.h
-index 87635a9..6c4ff29 100644
---- a/src/apk_package.h
-+++ b/src/apk_package.h
-@@ -58,7 +58,7 @@ struct apk_sign_ctx {
- int data_verified : 1;
- char data_checksum[EVP_MAX_MD_SIZE];
- struct apk_checksum identity;
-- EVP_MD_CTX mdctx;
-+ EVP_MD_CTX *mdctx;
-
- struct {
- apk_blob_t data;
-diff --git a/src/archive.c b/src/archive.c
-index 9a184fd..f3a66c2 100644
---- a/src/archive.c
-+++ b/src/archive.c
-@@ -28,6 +28,7 @@
- #include "apk_defines.h"
- #include "apk_print.h"
- #include "apk_archive.h"
-+#include "apk_openssl.h"
-
- struct tar_header {
- /* ustar header, Posix 1003.1 */
-@@ -82,7 +83,7 @@ struct apk_tar_entry_istream {
- struct apk_istream is;
- struct apk_istream *tar_is;
- size_t bytes_left;
-- EVP_MD_CTX mdctx;
-+ EVP_MD_CTX *mdctx;
- struct apk_checksum *csum;
- time_t mtime;
- };
-@@ -121,10 +122,10 @@ static ssize_t tar_entry_read(void *stream, void *ptr, size_t size)
- if (teis->csum == NULL)
- return r;
-
-- EVP_DigestUpdate(&teis->mdctx, ptr, r);
-+ EVP_DigestUpdate(teis->mdctx, ptr, r);
- if (teis->bytes_left == 0) {
-- teis->csum->type = EVP_MD_CTX_size(&teis->mdctx);
-- EVP_DigestFinal_ex(&teis->mdctx, teis->csum->data, NULL);
-+ teis->csum->type = EVP_MD_CTX_size(teis->mdctx);
-+ EVP_DigestFinal_ex(teis->mdctx, teis->csum->data, NULL);
- }
- return r;
- }
-@@ -210,7 +211,9 @@ int apk_tar_parse(struct apk_istream *is, apk_archive_entry_parser parser,
- char filename[sizeof buf.name + sizeof buf.prefix + 2];
-
- odi = (struct apk_tar_digest_info *) &buf.linkname[3];
-- EVP_MD_CTX_init(&teis.mdctx);
-+ teis.mdctx = EVP_MD_CTX_new();
-+ if (!teis.mdctx) return -ENOMEM;
-+
- memset(&entry, 0, sizeof(entry));
- entry.name = buf.name;
- while ((r = apk_istream_read(is, &buf, 512)) == 512) {
-@@ -327,7 +330,7 @@ int apk_tar_parse(struct apk_istream *is, apk_archive_entry_parser parser,
- if (entry.mode & S_IFMT) {
- /* callback parser function */
- if (teis.csum != NULL)
-- EVP_DigestInit_ex(&teis.mdctx,
-+ EVP_DigestInit_ex(teis.mdctx,
- apk_checksum_default(), NULL);
-
- r = parser(ctx, &entry, &teis.is);
-@@ -360,7 +363,7 @@ err:
- /* Check that there was no partial (or non-zero) record */
- if (r >= 0) r = -EBADMSG;
- ok:
-- EVP_MD_CTX_cleanup(&teis.mdctx);
-+ EVP_MD_CTX_free(teis.mdctx);
- free(pax.ptr);
- free(longname.ptr);
- apk_fileinfo_free(&entry);
-diff --git a/src/database.c b/src/database.c
-index 8cf63b2..91fcedd 100644
---- a/src/database.c
-+++ b/src/database.c
-@@ -35,6 +35,7 @@
- #include "apk_applet.h"
- #include "apk_archive.h"
- #include "apk_print.h"
-+#include "apk_openssl.h"
-
- static const apk_spn_match_def apk_spn_repo_separators = {
- [4] = (1<<0) /* */,
-@@ -2363,18 +2364,22 @@ static struct apk_db_dir_instance *apk_db_install_directory_entry(struct install
-
- static const char *format_tmpname(struct apk_package *pkg, struct apk_db_file *f, char tmpname[static TMPNAME_MAX])
- {
-- EVP_MD_CTX mdctx;
-+ EVP_MD_CTX *mdctx;
- unsigned char md[EVP_MAX_MD_SIZE];
- apk_blob_t b = APK_BLOB_PTR_LEN(tmpname, TMPNAME_MAX);
-
- if (!f) return NULL;
-
-- EVP_DigestInit(&mdctx, EVP_sha256());
-- EVP_DigestUpdate(&mdctx, pkg->name->name, strlen(pkg->name->name) + 1);
-- EVP_DigestUpdate(&mdctx, f->diri->dir->name, f->diri->dir->namelen);
-- EVP_DigestUpdate(&mdctx, "/", 1);
-- EVP_DigestUpdate(&mdctx, f->name, f->namelen);
-- EVP_DigestFinal(&mdctx, md, NULL);
-+ mdctx = EVP_MD_CTX_new();
-+ if (!mdctx) return NULL;
-+
-+ EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
-+ EVP_DigestUpdate(mdctx, pkg->name->name, strlen(pkg->name->name) + 1);
-+ EVP_DigestUpdate(mdctx, f->diri->dir->name, f->diri->dir->namelen);
-+ EVP_DigestUpdate(mdctx, "/", 1);
-+ EVP_DigestUpdate(mdctx, f->name, f->namelen);
-+ EVP_DigestFinal_ex(mdctx, md, NULL);
-+ EVP_MD_CTX_free(mdctx);
-
- apk_blob_push_blob(&b, APK_BLOB_PTR_LEN(f->diri->dir->name, f->diri->dir->namelen));
- apk_blob_push_blob(&b, APK_BLOB_STR("/.apk."));
-diff --git a/src/io.c b/src/io.c
-index ff254fd..0295807 100644
---- a/src/io.c
-+++ b/src/io.c
-@@ -28,6 +28,7 @@
- #include "apk_defines.h"
- #include "apk_io.h"
- #include "apk_hash.h"
-+#include "apk_openssl.h"
-
- #if defined(__GLIBC__) || defined(__UCLIBC__)
- #define HAVE_FGETPWENT_R
-@@ -623,22 +624,25 @@ static void hash_len_data(EVP_MD_CTX *ctx, uint32_t len, const void *ptr)
- void apk_fileinfo_hash_xattr_array(struct apk_xattr_array *xattrs, const EVP_MD *md, struct apk_checksum *csum)
- {
- struct apk_xattr *xattr;
-- EVP_MD_CTX mdctx;
-+ EVP_MD_CTX *mdctx;
-
-- if (!xattrs || xattrs->num == 0) {
-- csum->type = APK_CHECKSUM_NONE;
-- return;
-- }
-+ if (!xattrs || xattrs->num == 0) goto err;
-+ mdctx = EVP_MD_CTX_new();
-+ if (!mdctx) goto err;
-
- qsort(xattrs->item, xattrs->num, sizeof(xattrs->item[0]), cmp_xattr);
-
-- EVP_DigestInit(&mdctx, md);
-+ EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
- foreach_array_item(xattr, xattrs) {
-- hash_len_data(&mdctx, strlen(xattr->name), xattr->name);
-- hash_len_data(&mdctx, xattr->value.len, xattr->value.ptr);
-+ hash_len_data(mdctx, strlen(xattr->name), xattr->name);
-+ hash_len_data(mdctx, xattr->value.len, xattr->value.ptr);
- }
-- csum->type = EVP_MD_CTX_size(&mdctx);
-- EVP_DigestFinal(&mdctx, csum->data, NULL);
-+ csum->type = EVP_MD_CTX_size(mdctx);
-+ EVP_DigestFinal_ex(mdctx, csum->data, NULL);
-+ EVP_MD_CTX_free(mdctx);
-+ return;
-+err:
-+ csum->type = APK_CHECKSUM_NONE;
- }
-
- void apk_fileinfo_hash_xattr(struct apk_file_info *fi)
-@@ -723,17 +727,20 @@ int apk_fileinfo_get(int atfd, const char *filename, unsigned int flags,
- } else {
- bs = apk_bstream_from_file(atfd, filename);
- if (!IS_ERR_OR_NULL(bs)) {
-- EVP_MD_CTX mdctx;
-+ EVP_MD_CTX *mdctx;
- apk_blob_t blob;
-
-- EVP_DigestInit(&mdctx, apk_checksum_evp(checksum));
-- if (bs->flags & APK_BSTREAM_SINGLE_READ)
-- EVP_MD_CTX_set_flags(&mdctx, EVP_MD_CTX_FLAG_ONESHOT);
-- while (!APK_BLOB_IS_NULL(blob = apk_bstream_read(bs, APK_BLOB_NULL)))
-- EVP_DigestUpdate(&mdctx, (void*) blob.ptr, blob.len);
-- fi->csum.type = EVP_MD_CTX_size(&mdctx);
-- EVP_DigestFinal(&mdctx, fi->csum.data, NULL);
--
-+ mdctx = EVP_MD_CTX_new();
-+ if (mdctx) {
-+ EVP_DigestInit_ex(mdctx, apk_checksum_evp(checksum), NULL);
-+ if (bs->flags & APK_BSTREAM_SINGLE_READ)
-+ EVP_MD_CTX_set_flags(mdctx, EVP_MD_CTX_FLAG_ONESHOT);
-+ while (!APK_BLOB_IS_NULL(blob = apk_bstream_read(bs, APK_BLOB_NULL)))
-+ EVP_DigestUpdate(mdctx, (void*) blob.ptr, blob.len);
-+ fi->csum.type = EVP_MD_CTX_size(mdctx);
-+ EVP_DigestFinal_ex(mdctx, fi->csum.data, NULL);
-+ EVP_MD_CTX_free(mdctx);
-+ }
- apk_bstream_close(bs, NULL);
- }
- }
-diff --git a/src/package.c b/src/package.c
-index e19250a..baa8a90 100644
---- a/src/package.c
-+++ b/src/package.c
-@@ -21,6 +21,7 @@
- #include <sys/wait.h>
- #include <sys/stat.h>
-
-+#include "apk_openssl.h"
- #include <openssl/pem.h>
-
- #include "apk_defines.h"
-@@ -490,9 +491,9 @@ void apk_sign_ctx_init(struct apk_sign_ctx *ctx, int action,
- ctx->data_started = 1;
- break;
- }
-- EVP_MD_CTX_init(&ctx->mdctx);
-- EVP_DigestInit_ex(&ctx->mdctx, ctx->md, NULL);
-- EVP_MD_CTX_set_flags(&ctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
-+ ctx->mdctx = EVP_MD_CTX_new();
-+ EVP_DigestInit_ex(ctx->mdctx, ctx->md, NULL);
-+ EVP_MD_CTX_set_flags(ctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
- }
-
- void apk_sign_ctx_free(struct apk_sign_ctx *ctx)
-@@ -501,7 +502,7 @@ void apk_sign_ctx_free(struct apk_sign_ctx *ctx)
- free(ctx->signature.data.ptr);
- if (ctx->signature.pkey != NULL)
- EVP_PKEY_free(ctx->signature.pkey);
-- EVP_MD_CTX_cleanup(&ctx->mdctx);
-+ EVP_MD_CTX_free(ctx->mdctx);
- }
-
- static int check_signing_key_trust(struct apk_sign_ctx *sctx)
-@@ -674,16 +675,16 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
-
- /* Drool in the remaining of the digest block now, we will finish
- * it on all cases */
-- EVP_DigestUpdate(&sctx->mdctx, data.ptr, data.len);
-+ EVP_DigestUpdate(sctx->mdctx, data.ptr, data.len);
-
- /* End of control-block and checking control hash/signature or
- * end of data-block and checking its hash/signature */
- if (sctx->has_data_checksum && !end_of_control) {
- /* End of control-block and check it's hash */
-- EVP_DigestFinal_ex(&sctx->mdctx, calculated, NULL);
-- if (EVP_MD_CTX_size(&sctx->mdctx) == 0 ||
-+ EVP_DigestFinal_ex(sctx->mdctx, calculated, NULL);
-+ if (EVP_MD_CTX_size(sctx->mdctx) == 0 ||
- memcmp(calculated, sctx->data_checksum,
-- EVP_MD_CTX_size(&sctx->mdctx)) != 0)
-+ EVP_MD_CTX_size(sctx->mdctx)) != 0)
- return -EKEYREJECTED;
- sctx->data_verified = 1;
- if (!(apk_flags & APK_ALLOW_UNTRUSTED) &&
-@@ -700,7 +701,7 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
- case APK_SIGN_VERIFY:
- case APK_SIGN_VERIFY_AND_GENERATE:
- if (sctx->signature.pkey != NULL) {
-- r = EVP_VerifyFinal(&sctx->mdctx,
-+ r = EVP_VerifyFinal(sctx->mdctx,
- (unsigned char *) sctx->signature.data.ptr,
- sctx->signature.data.len,
- sctx->signature.pkey);
-@@ -717,13 +718,13 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
- sctx->data_verified = 1;
- }
- if (sctx->action == APK_SIGN_VERIFY_AND_GENERATE) {
-- sctx->identity.type = EVP_MD_CTX_size(&sctx->mdctx);
-- EVP_DigestFinal_ex(&sctx->mdctx, sctx->identity.data, NULL);
-+ sctx->identity.type = EVP_MD_CTX_size(sctx->mdctx);
-+ EVP_DigestFinal_ex(sctx->mdctx, sctx->identity.data, NULL);
- }
- break;
- case APK_SIGN_VERIFY_IDENTITY:
- /* Reset digest for hashing data */
-- EVP_DigestFinal_ex(&sctx->mdctx, calculated, NULL);
-+ EVP_DigestFinal_ex(sctx->mdctx, calculated, NULL);
- if (memcmp(calculated, sctx->identity.data,
- sctx->identity.type) != 0)
- return -EKEYREJECTED;
-@@ -733,21 +734,21 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
- break;
- case APK_SIGN_GENERATE:
- /* Package identity is the checksum */
-- sctx->identity.type = EVP_MD_CTX_size(&sctx->mdctx);
-- EVP_DigestFinal_ex(&sctx->mdctx, sctx->identity.data, NULL);
-+ sctx->identity.type = EVP_MD_CTX_size(sctx->mdctx);
-+ EVP_DigestFinal_ex(sctx->mdctx, sctx->identity.data, NULL);
- if (sctx->action == APK_SIGN_GENERATE &&
- sctx->has_data_checksum)
- return -ECANCELED;
- break;
- }
- reset_digest:
-- EVP_DigestInit_ex(&sctx->mdctx, sctx->md, NULL);
-- EVP_MD_CTX_set_flags(&sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
-+ EVP_DigestInit_ex(sctx->mdctx, sctx->md, NULL);
-+ EVP_MD_CTX_set_flags(sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
- return 0;
-
- update_digest:
-- EVP_MD_CTX_clear_flags(&sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
-- EVP_DigestUpdate(&sctx->mdctx, data.ptr, data.len);
-+ EVP_MD_CTX_clear_flags(sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
-+ EVP_DigestUpdate(sctx->mdctx, data.ptr, data.len);
- return 0;
- }
-
---
-2.19.0
-
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/apk-tools.git/commitdiff/5801949964f84736ced5a4b88d133630af14fb25
More information about the pld-cvs-commit
mailing list