From 5aa9827ca829507ca8f4a7d18eb03408e7b998e5 Mon Sep 17 00:00:00 2001 From: Leah Neukirchen Date: Sat, 13 Feb 2021 15:24:17 +0100 Subject: [PATCH 1/6] New package: libtls-3.2.4 Move libressl-nc to this package. --- common/shlibs | 2 +- srcpkgs/libressl-netcat | 2 +- srcpkgs/libressl/template | 13 +-- srcpkgs/libtls-devel | 1 + .../fail-instead-of-trying-fallback.patch | 21 +++++ srcpkgs/libtls/template | 94 +++++++++++++++++++ srcpkgs/libtls/update | 1 + 7 files changed, 120 insertions(+), 14 deletions(-) create mode 120000 srcpkgs/libtls-devel create mode 100644 srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch create mode 100644 srcpkgs/libtls/template create mode 100644 srcpkgs/libtls/update diff --git a/common/shlibs b/common/shlibs index 959f1692961..7c4bd4d8f39 100644 --- a/common/shlibs +++ b/common/shlibs @@ -3446,7 +3446,7 @@ libfmt.so.7 fmt-7.0.3_1 libelementary-calendar.so.0 libio.elementary.calendar-4.2.3_1 libolm.so.3 olm-3.0.0_1 libcrypto.so.46 libcrypto46-3.1.1_1 -libtls.so.20 libtls20-3.1.1_1 +libtls.so.20 libtls-3.2.4_1 libssl.so.48 libssl48-3.1.1_1 libxmlb.so.2 libxmlb-0.2.1_1 libvoikko.so.1 libvoikko-4.2_1 diff --git a/srcpkgs/libressl-netcat b/srcpkgs/libressl-netcat index cab5b6fcb51..fc098467c59 120000 --- a/srcpkgs/libressl-netcat +++ b/srcpkgs/libressl-netcat @@ -1 +1 @@ -libressl \ No newline at end of file +libtls \ No newline at end of file diff --git a/srcpkgs/libressl/template b/srcpkgs/libressl/template index c9266796f7d..731168709b8 100644 --- a/srcpkgs/libressl/template +++ b/srcpkgs/libressl/template @@ -1,7 +1,7 @@ # Template file for 'libressl' pkgname=libressl version=3.1.5 -revision=2 +revision=3 bootstrap=yes build_style=gnu-configure configure_args="$(vopt_enable asm)" @@ -107,14 +107,3 @@ libressl-devel_package() { vmove usr/share/man/man3 } } - -libressl-netcat_package() { - short_desc="TCP/IP swiss army knife (LibreSSL variant)" - alternatives=" - nc:nc:/usr/bin/libressl-nc - nc:nc.1:/usr/share/man/man1/libressl-nc.1" - pkg_install() { - vbin apps/nc/.libs/nc libressl-nc - vman apps/nc/nc.1 libressl-nc.1 - } -} diff --git a/srcpkgs/libtls-devel b/srcpkgs/libtls-devel new file mode 120000 index 00000000000..fc098467c59 --- /dev/null +++ b/srcpkgs/libtls-devel @@ -0,0 +1 @@ +libtls \ No newline at end of file diff --git a/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch b/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch new file mode 100644 index 00000000000..9df423ed7a2 --- /dev/null +++ b/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch @@ -0,0 +1,21 @@ + so, current flow for getentropy is + 1) use SYS_getrandom if it exists (true on glibc and musl) + 2) use /dev/urandom + 3) use sysctl (glibc only) + 4) use terrible fallback + and with a one-line patch it can instead kill itself after 3 + so that should only affect processes running without /dev/urandom on old kernels + probably no harm else + +1 + +--- crypto/compat/getentropy_linux.c.orig ++++ crypto/compat/getentropy_linux.c +@@ -162,7 +162,7 @@ + * sysctl ABI, or consider providing a new failsafe API which + * works in a chroot or when file descriptors are exhausted. + */ +-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK ++#define FAIL_INSTEAD_OF_TRYING_FALLBACK + #ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK + raise(SIGKILL); + #endif diff --git a/srcpkgs/libtls/template b/srcpkgs/libtls/template new file mode 100644 index 00000000000..91903d67054 --- /dev/null +++ b/srcpkgs/libtls/template @@ -0,0 +1,94 @@ +# Template file for 'libtls' +pkgname=libtls +version=3.2.4 +revision=1 +wrksrc="libressl-${version}" +build_style=gnu-configure +#configure_args="$(vopt_enable asm)" +short_desc="Version of the TLS/crypto stack forked from OpenSSL" +maintainer="Leah Neukirchen " +license="OpenSSL, ISC" +changelog="https://raw.githubusercontent.com/libressl-portable/portable/master/ChangeLog" +homepage="http://www.libressl.org/" +distfiles="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${version}.tar.gz" +checksum=ac1dbb9e05a64910856599b1ac61118fdec1b3d0c700e42444d81c0d5f507a5a +_lssl_asm_ver="1.2.0" + +build_options="asm" +desc_option_asm="Use platform assembly for faster crypto" + +if [ "$build_option_asm" ]; then + distfiles+=" https://github.com/q66/libressl-portable-asm/archive/v${_lssl_asm_ver}.tar.gz" + checksum+=" e1c76178c4deb1cd20a0cd7ba553d6607f8131acb2e0844223f797e42f0d6f60" +fi + +# only enable asm for full chroots by default +# otherwise we'd be introducing an autotools dependency on the host +if [ "$CHROOT_READY" ]; then + build_options_default="asm" +fi + +case "$XBPS_TARGET_MACHINE" in + # disable ssp + i686-musl) configure_args+=" --disable-hardening";; + # on armv5 always disable asm as it's not supported + armv5*) configure_args+=" --disable-asm";; +esac + +if [ "$CROSS_BUILD" -o "$build_option_asm" ]; then + _regen_build=yes +fi + +if [ -n "$_regen_build" ]; then + hostmakedepends=" automake libtool" +fi + +post_extract() { + [ -z "$build_option_asm" ] && return 0 + mv ../libressl-portable-asm-${_lssl_asm_ver} . +} + +pre_configure() { + [ -z "$_regen_build" ] && return 0 + if [ "$build_option_asm" ]; then + ./libressl-portable-asm-${_lssl_asm_ver}/patch_libressl.sh . + fi + autoreconf -if +} + +do_install() { + make -C tls install DESTDIR="$DESTDIR" + make -C apps/nc install DESTDIR="$DESTDIR" +} + +post_install() { + vlicense COPYING + if [ "$build_option_asm" ]; then + vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.cryptogams + vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.openssl + fi + #find ${DESTDIR}/usr/share/man/man1 -type f ! -name openssl.1 -delete +} + +libtls-devel_package() { + short_desc+=" - development files" + depends="libtls-${version}_${revision}" + pkg_install() { + vinstall include/tls.h 644 usr/include + vmove "usr/lib/*.a" + vmove "usr/lib/*.so" + vinstall libtls.pc 644 usr/lib/pkgconfig + for m in man/tls_*; do vman $m; done + } +} + +libressl-netcat_package() { + short_desc="TCP/IP swiss army knife (LibreSSL variant)" + alternatives=" + nc:nc:/usr/bin/libressl-nc + nc:nc.1:/usr/share/man/man1/libressl-nc.1" + pkg_install() { + vbin apps/nc/.libs/nc libressl-nc + vman apps/nc/nc.1 libressl-nc.1 + } +} diff --git a/srcpkgs/libtls/update b/srcpkgs/libtls/update new file mode 100644 index 00000000000..a5d5038a832 --- /dev/null +++ b/srcpkgs/libtls/update @@ -0,0 +1 @@ +ignore="*.0 *.1" From eb852507409f6a0334177988ec11dc7b9c37ae40 Mon Sep 17 00:00:00 2001 From: Leah Neukirchen Date: Sat, 13 Feb 2021 15:25:13 +0100 Subject: [PATCH 2/6] catgirl: rebuild for libtls-3.2.4. --- srcpkgs/catgirl/template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/srcpkgs/catgirl/template b/srcpkgs/catgirl/template index 4a93282dc54..6ddf5e3bb62 100644 --- a/srcpkgs/catgirl/template +++ b/srcpkgs/catgirl/template @@ -1,11 +1,11 @@ # Template file for 'catgirl' pkgname=catgirl version=1.6 -revision=1 +revision=2 build_style=gnu-configure make_build_target="all" hostmakedepends="pkg-config" -makedepends="libressl-devel ncurses-devel" +makedepends="libtls-devel ncurses-devel" short_desc="TLS-only terminal IRC client" maintainer="Paper " license="GPL-3.0-or-later" From 9e6ba6a3dfdd8c554e54a02721d0f58a145ff6d2 Mon Sep 17 00:00:00 2001 From: Leah Neukirchen Date: Sat, 13 Feb 2021 15:25:16 +0100 Subject: [PATCH 3/6] litterbox: rebuild for libtls-3.2.4. --- srcpkgs/litterbox/template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/srcpkgs/litterbox/template b/srcpkgs/litterbox/template index ace7ae0b5df..ac855d9474b 100644 --- a/srcpkgs/litterbox/template +++ b/srcpkgs/litterbox/template @@ -1,11 +1,11 @@ # Template file for 'litterbox' pkgname=litterbox version=1.7 -revision=1 +revision=2 build_style=gnu-configure make_build_target="all" hostmakedepends="pkg-config" -makedepends="sqlite-devel libressl-devel" +makedepends="sqlite-devel libtls-devel" short_desc="IRC logger" maintainer="Allen Sobot " license="GPL-3.0-or-later" From 3b9cd239322c3dbe2581dc8c61de16551f12675f Mon Sep 17 00:00:00 2001 From: Leah Neukirchen Date: Sat, 13 Feb 2021 15:25:22 +0100 Subject: [PATCH 4/6] pounce: rebuild for libtls-3.2.4. --- srcpkgs/pounce/template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/srcpkgs/pounce/template b/srcpkgs/pounce/template index 63b55178a17..4e33113d349 100644 --- a/srcpkgs/pounce/template +++ b/srcpkgs/pounce/template @@ -1,11 +1,11 @@ # Template file for 'pounce' pkgname=pounce version=2.3 -revision=1 +revision=2 build_style=gnu-configure make_build_target="all" hostmakedepends="pkg-config" -makedepends="libressl-devel" +makedepends="libtls-devel" short_desc="Multi-client, TLS-only IRC bouncer" maintainer="Paper " license="GPL-3.0-or-later" From b3f71f708063e2a4acb35d9e6d349f96baee43f0 Mon Sep 17 00:00:00 2001 From: Leah Neukirchen Date: Sat, 13 Feb 2021 15:25:30 +0100 Subject: [PATCH 5/6] openntpd: rebuild for libtls-3.2.4. --- srcpkgs/openntpd/template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/srcpkgs/openntpd/template b/srcpkgs/openntpd/template index e7b1e2877ac..b7e7db5c41f 100644 --- a/srcpkgs/openntpd/template +++ b/srcpkgs/openntpd/template @@ -1,11 +1,11 @@ # Template file for 'openntpd' pkgname=openntpd version=6.2p3 -revision=7 +revision=8 build_style=gnu-configure configure_args="--with-privsep-user=${pkgname} --with-cacert=/etc/ssl/certs.pem" hostmakedepends="automake libtool" -makedepends="libressl-devel" +makedepends="libtls-devel" depends="ca-certificates" short_desc="FREE, easy to use implementation of the Network Time Protocol" maintainer="Orphaned " From 659f81806e174af01fe9d0cd4611778bf2f8364b Mon Sep 17 00:00:00 2001 From: Leah Neukirchen Date: Sun, 28 Feb 2021 16:10:02 +0100 Subject: [PATCH 6/6] acme-client: remove, unmaintained upstream. --- srcpkgs/acme-client/INSTALL.msg | 1 - srcpkgs/acme-client/template | 25 ------------------------- srcpkgs/acme-client/update | 1 - 3 files changed, 27 deletions(-) delete mode 100644 srcpkgs/acme-client/INSTALL.msg delete mode 100644 srcpkgs/acme-client/template delete mode 100644 srcpkgs/acme-client/update diff --git a/srcpkgs/acme-client/INSTALL.msg b/srcpkgs/acme-client/INSTALL.msg deleted file mode 100644 index a799d36a283..00000000000 --- a/srcpkgs/acme-client/INSTALL.msg +++ /dev/null @@ -1 +0,0 @@ -NOTE: acme-client uses new default directories since version 0.1.12 diff --git a/srcpkgs/acme-client/template b/srcpkgs/acme-client/template deleted file mode 100644 index d583ddfa476..00000000000 --- a/srcpkgs/acme-client/template +++ /dev/null @@ -1,25 +0,0 @@ -# Template file for 'acme-client' -pkgname=acme-client -version=0.1.16 -revision=5 -_distver=VERSION_${version//./_} -wrksrc=acme-client-portable-${_distver} -build_style=gnu-makefile -make_install_args="MAN1DIR=/usr/share/man/man1 BINDIR=/usr/bin" -hostmakedepends="pkg-config" -makedepends="libbsd-devel libressl-devel" -short_desc="A secure ACME client" -maintainer="Toyam Cox " -license="ISC" -homepage="https://kristaps.bsd.lv/acme-client/" -distfiles="https://github.com/kristapsdz/acme-client-portable/archive/${_distver}.tar.gz" -checksum=69d5867ae8b7db49f08a0c536655e41f960bab7c033b234ff0e2a03fab98f667 - -CFLAGS="-fcommon -DHAVE_CONFIG_H" -case "$XBPS_TARGET_MACHINE" in - *-musl) CFLAGS+=" -DMUSL_LIBC" ;; -esac - -post_install() { - vlicense LICENSE.md -} diff --git a/srcpkgs/acme-client/update b/srcpkgs/acme-client/update deleted file mode 100644 index d56d0ea5fd7..00000000000 --- a/srcpkgs/acme-client/update +++ /dev/null @@ -1 +0,0 @@ -pattern='VERSION_\K[\d_]+'