* [PR PATCH] poco: update to build with openssl3
@ 2023-01-30 15:18 dkwo
2023-01-30 15:40 ` dkwo
` (13 more replies)
0 siblings, 14 replies; 15+ messages in thread
From: dkwo @ 2023-01-30 15:18 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 462 bytes --]
There is a new pull request by dkwo against master on the void-packages repository
https://github.com/dkwo/void-packages O3poco
https://github.com/void-linux/void-packages/pull/41963
poco: update to build with openssl3
- I tested the changes in this PR: no
- I built this PR locally for my native architecture, (x86_64-musl)
required to build with openssl3 #37681
A patch file from https://github.com/void-linux/void-packages/pull/41963.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-O3poco-41963.patch --]
[-- Type: text/x-diff, Size: 3251 bytes --]
From de622b7edfca78cac3268085733d41fb07988ad7 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:20 -0500
Subject: [PATCH 1/2] poco: update to 1.12.4
---
common/shlibs | 26 +++++++++++++-------------
srcpkgs/poco/template | 8 ++++----
2 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/common/shlibs b/common/shlibs
index edb8a2c5dd73..523fd15af734 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3006,19 +3006,19 @@ libsigrok.so.4 libsigrok-0.5.0_1
libsigrokcxx.so.4 libsigrok-0.5.0_1
libsigrokdecode.so.4 libsigrokdecode-0.5.0_2
libglyr.so.1 glyr-1.0.8_1
-libPocoJSON.so.64 poco-1.9.4_3
-libPocoMongoDB.so.64 poco-1.9.4_3
-libPocoZip.so.64 poco-1.9.4_3
-libPocoData.so.64 poco-1.9.4_3
-libPocoNet.so.64 poco-1.9.4_3
-libPocoDataSQLite.so.64 poco-1.9.4_3
-libPocoFoundation.so.64 poco-1.9.4_3
-libPocoXML.so.64 poco-1.9.4_3
-libPocoUtil.so.64 poco-1.9.4_3
-libPocoRedis.so.64 poco-1.9.4_3
-libPocoEncodings.so.64 poco-1.9.4_3
-libPocoNetSSL.so.64 poco-1.9.4_3
-libPocoCrypto.so.64 poco-1.9.4_3
+libPocoJSON.so.94 poco-1.12.4_1
+libPocoMongoDB.so.94 poco-1.12.4_1
+libPocoZip.so.94 poco-1.12.4_1
+libPocoData.so.94 poco-1.12.4_1
+libPocoNet.so.94 poco-1.12.4_1
+libPocoDataSQLite.so.94 poco-1.12.4_1
+libPocoFoundation.so.94 poco-1.12.4_1
+libPocoXML.so.94 poco-1.12.4_1
+libPocoUtil.so.94 poco-1.12.4_1
+libPocoRedis.so.94 poco-1.12.4_1
+libPocoEncodings.so.94 poco-1.12.4_1
+libPocoNetSSL.so.94 poco-1.12.4_1
+libPocoCrypto.so.94 poco-1.12.4_1
libPtex.so ptex-2.3.2_1
libopenblas.so.0 openblas-0.2.19_1
librtaudio.so.6 rtaudio-5.1.0_1
diff --git a/srcpkgs/poco/template b/srcpkgs/poco/template
index 008536b67121..983ffe069e3b 100644
--- a/srcpkgs/poco/template
+++ b/srcpkgs/poco/template
@@ -1,16 +1,16 @@
# Template file for 'poco'
pkgname=poco
-version=1.9.4
-revision=3
+version=1.12.4
+revision=1
build_style=cmake
configure_args="-DPOCO_UNBUNDLED=ON"
-makedepends="openssl-devel zlib-devel pcre-devel expat-devel sqlite-devel"
+makedepends="openssl-devel zlib-devel pcre2-devel expat-devel sqlite-devel"
short_desc="C++ class libraries for building network-based applications"
maintainer="Julien Dehos <dehos@univ-littoral.fr>"
license="BSL-1.0"
homepage="https://pocoproject.org"
distfiles="https://pocoproject.org/releases/${pkgname}-${version}/${pkgname}-${version}-all.tar.gz"
-checksum=eb34f257b11240a711ee505f1d80c754a80a990aeb48d8d93407884df288fd77
+checksum=4c3584daa5b0e973f268654dbeb1171ec7621e358b2b64363cd1abd558a68777
post_install() {
vlicense LICENSE
From 34e5b3291b126034178bd07d11eeb38fb8a11014 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:43 -0500
Subject: [PATCH 2/2] remwharead: bump for poco
---
srcpkgs/remwharead/template | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/srcpkgs/remwharead/template b/srcpkgs/remwharead/template
index e72ab06131e4..4fb4c574b3ec 100644
--- a/srcpkgs/remwharead/template
+++ b/srcpkgs/remwharead/template
@@ -1,7 +1,7 @@
# Template file for 'remwharead'
pkgname=remwharead
version=0.10.0
-revision=4
+revision=5
build_style=cmake
hostmakedepends="poco-devel asciidoc pkg-config"
makedepends="poco-devel boost-devel"
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: poco: update to build with openssl3
2023-01-30 15:18 [PR PATCH] poco: update to build with openssl3 dkwo
@ 2023-01-30 15:40 ` dkwo
2023-01-30 15:45 ` [PR PATCH] [Updated] " dkwo
` (12 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: dkwo @ 2023-01-30 15:40 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 152 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/41963#issuecomment-1408848474
Comment:
@juliendehos
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PR PATCH] [Updated] poco: update to build with openssl3
2023-01-30 15:18 [PR PATCH] poco: update to build with openssl3 dkwo
2023-01-30 15:40 ` dkwo
@ 2023-01-30 15:45 ` dkwo
2023-01-30 15:48 ` juliendehos
` (11 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: dkwo @ 2023-01-30 15:45 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 467 bytes --]
There is an updated pull request by dkwo against master on the void-packages repository
https://github.com/dkwo/void-packages O3poco
https://github.com/void-linux/void-packages/pull/41963
poco: update to build with openssl3
- I tested the changes in this PR: no
- I built this PR locally for my native architecture, (x86_64-musl)
required to build with openssl3 #37681
A patch file from https://github.com/void-linux/void-packages/pull/41963.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-O3poco-41963.patch --]
[-- Type: text/x-diff, Size: 3889 bytes --]
From de622b7edfca78cac3268085733d41fb07988ad7 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:20 -0500
Subject: [PATCH 1/3] poco: update to 1.12.4
---
common/shlibs | 26 +++++++++++++-------------
srcpkgs/poco/template | 8 ++++----
2 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/common/shlibs b/common/shlibs
index edb8a2c5dd73..523fd15af734 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3006,19 +3006,19 @@ libsigrok.so.4 libsigrok-0.5.0_1
libsigrokcxx.so.4 libsigrok-0.5.0_1
libsigrokdecode.so.4 libsigrokdecode-0.5.0_2
libglyr.so.1 glyr-1.0.8_1
-libPocoJSON.so.64 poco-1.9.4_3
-libPocoMongoDB.so.64 poco-1.9.4_3
-libPocoZip.so.64 poco-1.9.4_3
-libPocoData.so.64 poco-1.9.4_3
-libPocoNet.so.64 poco-1.9.4_3
-libPocoDataSQLite.so.64 poco-1.9.4_3
-libPocoFoundation.so.64 poco-1.9.4_3
-libPocoXML.so.64 poco-1.9.4_3
-libPocoUtil.so.64 poco-1.9.4_3
-libPocoRedis.so.64 poco-1.9.4_3
-libPocoEncodings.so.64 poco-1.9.4_3
-libPocoNetSSL.so.64 poco-1.9.4_3
-libPocoCrypto.so.64 poco-1.9.4_3
+libPocoJSON.so.94 poco-1.12.4_1
+libPocoMongoDB.so.94 poco-1.12.4_1
+libPocoZip.so.94 poco-1.12.4_1
+libPocoData.so.94 poco-1.12.4_1
+libPocoNet.so.94 poco-1.12.4_1
+libPocoDataSQLite.so.94 poco-1.12.4_1
+libPocoFoundation.so.94 poco-1.12.4_1
+libPocoXML.so.94 poco-1.12.4_1
+libPocoUtil.so.94 poco-1.12.4_1
+libPocoRedis.so.94 poco-1.12.4_1
+libPocoEncodings.so.94 poco-1.12.4_1
+libPocoNetSSL.so.94 poco-1.12.4_1
+libPocoCrypto.so.94 poco-1.12.4_1
libPtex.so ptex-2.3.2_1
libopenblas.so.0 openblas-0.2.19_1
librtaudio.so.6 rtaudio-5.1.0_1
diff --git a/srcpkgs/poco/template b/srcpkgs/poco/template
index 008536b67121..983ffe069e3b 100644
--- a/srcpkgs/poco/template
+++ b/srcpkgs/poco/template
@@ -1,16 +1,16 @@
# Template file for 'poco'
pkgname=poco
-version=1.9.4
-revision=3
+version=1.12.4
+revision=1
build_style=cmake
configure_args="-DPOCO_UNBUNDLED=ON"
-makedepends="openssl-devel zlib-devel pcre-devel expat-devel sqlite-devel"
+makedepends="openssl-devel zlib-devel pcre2-devel expat-devel sqlite-devel"
short_desc="C++ class libraries for building network-based applications"
maintainer="Julien Dehos <dehos@univ-littoral.fr>"
license="BSL-1.0"
homepage="https://pocoproject.org"
distfiles="https://pocoproject.org/releases/${pkgname}-${version}/${pkgname}-${version}-all.tar.gz"
-checksum=eb34f257b11240a711ee505f1d80c754a80a990aeb48d8d93407884df288fd77
+checksum=4c3584daa5b0e973f268654dbeb1171ec7621e358b2b64363cd1abd558a68777
post_install() {
vlicense LICENSE
From 34e5b3291b126034178bd07d11eeb38fb8a11014 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:43 -0500
Subject: [PATCH 2/3] remwharead: bump for poco
---
srcpkgs/remwharead/template | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/srcpkgs/remwharead/template b/srcpkgs/remwharead/template
index e72ab06131e4..4fb4c574b3ec 100644
--- a/srcpkgs/remwharead/template
+++ b/srcpkgs/remwharead/template
@@ -1,7 +1,7 @@
# Template file for 'remwharead'
pkgname=remwharead
version=0.10.0
-revision=4
+revision=5
build_style=cmake
hostmakedepends="poco-devel asciidoc pkg-config"
makedepends="poco-devel boost-devel"
From 4fbf7f41185f65696b85684c275fe8c999c62f0c Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Mon, 30 Jan 2023 10:45:04 -0500
Subject: [PATCH 3/3] mumble: bump for poco
---
srcpkgs/mumble/template | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/srcpkgs/mumble/template b/srcpkgs/mumble/template
index 2e6f50da0140..acb6af454e0f 100644
--- a/srcpkgs/mumble/template
+++ b/srcpkgs/mumble/template
@@ -1,7 +1,7 @@
# Template file for 'mumble'
pkgname=mumble
version=1.4.287
-revision=1
+revision=2
build_style=cmake
make_cmd=make
configure_args="-Doverlay-xcompile=OFF -Dbundled-opus=OFF
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: poco: update to build with openssl3
2023-01-30 15:18 [PR PATCH] poco: update to build with openssl3 dkwo
2023-01-30 15:40 ` dkwo
2023-01-30 15:45 ` [PR PATCH] [Updated] " dkwo
@ 2023-01-30 15:48 ` juliendehos
2023-01-30 16:11 ` [PR PATCH] [Updated] " dkwo
` (10 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: juliendehos @ 2023-01-30 15:48 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 255 bytes --]
New comment by juliendehos on void-packages repository
https://github.com/void-linux/void-packages/pull/41963#issuecomment-1408861945
Comment:
I don't use void-linux anymore, sorry. Please, feel free to remove me from the maintainers of these packages.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PR PATCH] [Updated] poco: update to build with openssl3
2023-01-30 15:18 [PR PATCH] poco: update to build with openssl3 dkwo
` (2 preceding siblings ...)
2023-01-30 15:48 ` juliendehos
@ 2023-01-30 16:11 ` dkwo
2023-01-30 19:33 ` dkwo
` (9 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: dkwo @ 2023-01-30 16:11 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 467 bytes --]
There is an updated pull request by dkwo against master on the void-packages repository
https://github.com/dkwo/void-packages O3poco
https://github.com/void-linux/void-packages/pull/41963
poco: update to build with openssl3
- I tested the changes in this PR: no
- I built this PR locally for my native architecture, (x86_64-musl)
required to build with openssl3 #37681
A patch file from https://github.com/void-linux/void-packages/pull/41963.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-O3poco-41963.patch --]
[-- Type: text/x-diff, Size: 3968 bytes --]
From 887089c4cd33cf26b55769e2f6c5999bf3704a3f Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:20 -0500
Subject: [PATCH 1/3] poco: update to 1.12.4, orphan
---
common/shlibs | 26 +++++++++++++-------------
srcpkgs/poco/template | 11 ++++++-----
2 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/common/shlibs b/common/shlibs
index edb8a2c5dd73..523fd15af734 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3006,19 +3006,19 @@ libsigrok.so.4 libsigrok-0.5.0_1
libsigrokcxx.so.4 libsigrok-0.5.0_1
libsigrokdecode.so.4 libsigrokdecode-0.5.0_2
libglyr.so.1 glyr-1.0.8_1
-libPocoJSON.so.64 poco-1.9.4_3
-libPocoMongoDB.so.64 poco-1.9.4_3
-libPocoZip.so.64 poco-1.9.4_3
-libPocoData.so.64 poco-1.9.4_3
-libPocoNet.so.64 poco-1.9.4_3
-libPocoDataSQLite.so.64 poco-1.9.4_3
-libPocoFoundation.so.64 poco-1.9.4_3
-libPocoXML.so.64 poco-1.9.4_3
-libPocoUtil.so.64 poco-1.9.4_3
-libPocoRedis.so.64 poco-1.9.4_3
-libPocoEncodings.so.64 poco-1.9.4_3
-libPocoNetSSL.so.64 poco-1.9.4_3
-libPocoCrypto.so.64 poco-1.9.4_3
+libPocoJSON.so.94 poco-1.12.4_1
+libPocoMongoDB.so.94 poco-1.12.4_1
+libPocoZip.so.94 poco-1.12.4_1
+libPocoData.so.94 poco-1.12.4_1
+libPocoNet.so.94 poco-1.12.4_1
+libPocoDataSQLite.so.94 poco-1.12.4_1
+libPocoFoundation.so.94 poco-1.12.4_1
+libPocoXML.so.94 poco-1.12.4_1
+libPocoUtil.so.94 poco-1.12.4_1
+libPocoRedis.so.94 poco-1.12.4_1
+libPocoEncodings.so.94 poco-1.12.4_1
+libPocoNetSSL.so.94 poco-1.12.4_1
+libPocoCrypto.so.94 poco-1.12.4_1
libPtex.so ptex-2.3.2_1
libopenblas.so.0 openblas-0.2.19_1
librtaudio.so.6 rtaudio-5.1.0_1
diff --git a/srcpkgs/poco/template b/srcpkgs/poco/template
index 008536b67121..6ca714b9e94f 100644
--- a/srcpkgs/poco/template
+++ b/srcpkgs/poco/template
@@ -1,16 +1,17 @@
# Template file for 'poco'
pkgname=poco
-version=1.9.4
-revision=3
+version=1.12.4
+revision=1
build_style=cmake
configure_args="-DPOCO_UNBUNDLED=ON"
-makedepends="openssl-devel zlib-devel pcre-devel expat-devel sqlite-devel"
+makedepends="openssl-devel zlib-devel pcre2-devel expat-devel sqlite-devel"
short_desc="C++ class libraries for building network-based applications"
-maintainer="Julien Dehos <dehos@univ-littoral.fr>"
+maintainer="Orphaned <orphan@voidlinux.org>"
license="BSL-1.0"
homepage="https://pocoproject.org"
distfiles="https://pocoproject.org/releases/${pkgname}-${version}/${pkgname}-${version}-all.tar.gz"
-checksum=eb34f257b11240a711ee505f1d80c754a80a990aeb48d8d93407884df288fd77
+checksum=4c3584daa5b0e973f268654dbeb1171ec7621e358b2b64363cd1abd558a68777
+conflicts="archiver"
post_install() {
vlicense LICENSE
From 973b00637771b58bff13c8351d18d021bc6b6837 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:43 -0500
Subject: [PATCH 2/3] remwharead: bump for poco
---
srcpkgs/remwharead/template | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/srcpkgs/remwharead/template b/srcpkgs/remwharead/template
index e72ab06131e4..4fb4c574b3ec 100644
--- a/srcpkgs/remwharead/template
+++ b/srcpkgs/remwharead/template
@@ -1,7 +1,7 @@
# Template file for 'remwharead'
pkgname=remwharead
version=0.10.0
-revision=4
+revision=5
build_style=cmake
hostmakedepends="poco-devel asciidoc pkg-config"
makedepends="poco-devel boost-devel"
From 23c63297e52d105726aa7dcff3b39ed40cfb41b5 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Mon, 30 Jan 2023 10:45:04 -0500
Subject: [PATCH 3/3] mumble: bump for poco
---
srcpkgs/mumble/template | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/srcpkgs/mumble/template b/srcpkgs/mumble/template
index 2e6f50da0140..acb6af454e0f 100644
--- a/srcpkgs/mumble/template
+++ b/srcpkgs/mumble/template
@@ -1,7 +1,7 @@
# Template file for 'mumble'
pkgname=mumble
version=1.4.287
-revision=1
+revision=2
build_style=cmake
make_cmd=make
configure_args="-Doverlay-xcompile=OFF -Dbundled-opus=OFF
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PR PATCH] [Updated] poco: update to build with openssl3
2023-01-30 15:18 [PR PATCH] poco: update to build with openssl3 dkwo
` (3 preceding siblings ...)
2023-01-30 16:11 ` [PR PATCH] [Updated] " dkwo
@ 2023-01-30 19:33 ` dkwo
2023-01-30 20:00 ` dkwo
` (8 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: dkwo @ 2023-01-30 19:33 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 467 bytes --]
There is an updated pull request by dkwo against master on the void-packages repository
https://github.com/dkwo/void-packages O3poco
https://github.com/void-linux/void-packages/pull/41963
poco: update to build with openssl3
- I tested the changes in this PR: no
- I built this PR locally for my native architecture, (x86_64-musl)
required to build with openssl3 #37681
A patch file from https://github.com/void-linux/void-packages/pull/41963.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-O3poco-41963.patch --]
[-- Type: text/x-diff, Size: 29116 bytes --]
From 887089c4cd33cf26b55769e2f6c5999bf3704a3f Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:20 -0500
Subject: [PATCH 1/3] poco: update to 1.12.4, orphan
---
common/shlibs | 26 +++++++++++++-------------
srcpkgs/poco/template | 11 ++++++-----
2 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/common/shlibs b/common/shlibs
index edb8a2c5dd73..523fd15af734 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3006,19 +3006,19 @@ libsigrok.so.4 libsigrok-0.5.0_1
libsigrokcxx.so.4 libsigrok-0.5.0_1
libsigrokdecode.so.4 libsigrokdecode-0.5.0_2
libglyr.so.1 glyr-1.0.8_1
-libPocoJSON.so.64 poco-1.9.4_3
-libPocoMongoDB.so.64 poco-1.9.4_3
-libPocoZip.so.64 poco-1.9.4_3
-libPocoData.so.64 poco-1.9.4_3
-libPocoNet.so.64 poco-1.9.4_3
-libPocoDataSQLite.so.64 poco-1.9.4_3
-libPocoFoundation.so.64 poco-1.9.4_3
-libPocoXML.so.64 poco-1.9.4_3
-libPocoUtil.so.64 poco-1.9.4_3
-libPocoRedis.so.64 poco-1.9.4_3
-libPocoEncodings.so.64 poco-1.9.4_3
-libPocoNetSSL.so.64 poco-1.9.4_3
-libPocoCrypto.so.64 poco-1.9.4_3
+libPocoJSON.so.94 poco-1.12.4_1
+libPocoMongoDB.so.94 poco-1.12.4_1
+libPocoZip.so.94 poco-1.12.4_1
+libPocoData.so.94 poco-1.12.4_1
+libPocoNet.so.94 poco-1.12.4_1
+libPocoDataSQLite.so.94 poco-1.12.4_1
+libPocoFoundation.so.94 poco-1.12.4_1
+libPocoXML.so.94 poco-1.12.4_1
+libPocoUtil.so.94 poco-1.12.4_1
+libPocoRedis.so.94 poco-1.12.4_1
+libPocoEncodings.so.94 poco-1.12.4_1
+libPocoNetSSL.so.94 poco-1.12.4_1
+libPocoCrypto.so.94 poco-1.12.4_1
libPtex.so ptex-2.3.2_1
libopenblas.so.0 openblas-0.2.19_1
librtaudio.so.6 rtaudio-5.1.0_1
diff --git a/srcpkgs/poco/template b/srcpkgs/poco/template
index 008536b67121..6ca714b9e94f 100644
--- a/srcpkgs/poco/template
+++ b/srcpkgs/poco/template
@@ -1,16 +1,17 @@
# Template file for 'poco'
pkgname=poco
-version=1.9.4
-revision=3
+version=1.12.4
+revision=1
build_style=cmake
configure_args="-DPOCO_UNBUNDLED=ON"
-makedepends="openssl-devel zlib-devel pcre-devel expat-devel sqlite-devel"
+makedepends="openssl-devel zlib-devel pcre2-devel expat-devel sqlite-devel"
short_desc="C++ class libraries for building network-based applications"
-maintainer="Julien Dehos <dehos@univ-littoral.fr>"
+maintainer="Orphaned <orphan@voidlinux.org>"
license="BSL-1.0"
homepage="https://pocoproject.org"
distfiles="https://pocoproject.org/releases/${pkgname}-${version}/${pkgname}-${version}-all.tar.gz"
-checksum=eb34f257b11240a711ee505f1d80c754a80a990aeb48d8d93407884df288fd77
+checksum=4c3584daa5b0e973f268654dbeb1171ec7621e358b2b64363cd1abd558a68777
+conflicts="archiver"
post_install() {
vlicense LICENSE
From 973b00637771b58bff13c8351d18d021bc6b6837 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:43 -0500
Subject: [PATCH 2/3] remwharead: bump for poco
---
srcpkgs/remwharead/template | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/srcpkgs/remwharead/template b/srcpkgs/remwharead/template
index e72ab06131e4..4fb4c574b3ec 100644
--- a/srcpkgs/remwharead/template
+++ b/srcpkgs/remwharead/template
@@ -1,7 +1,7 @@
# Template file for 'remwharead'
pkgname=remwharead
version=0.10.0
-revision=4
+revision=5
build_style=cmake
hostmakedepends="poco-devel asciidoc pkg-config"
makedepends="poco-devel boost-devel"
From e56cc9b2d6d87513ce3f91e3f3fb841546b4d13c Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Mon, 30 Jan 2023 10:45:04 -0500
Subject: [PATCH 3/3] mumble: bump for poco, patch for openssl3
---
srcpkgs/mumble/patches/openssl3.patch | 685 ++++++++++++++++++++++++++
srcpkgs/mumble/template | 2 +-
2 files changed, 686 insertions(+), 1 deletion(-)
create mode 100644 srcpkgs/mumble/patches/openssl3.patch
diff --git a/srcpkgs/mumble/patches/openssl3.patch b/srcpkgs/mumble/patches/openssl3.patch
new file mode 100644
index 000000000000..906d1790444b
--- /dev/null
+++ b/srcpkgs/mumble/patches/openssl3.patch
@@ -0,0 +1,685 @@
+From f4cea62ed95e4967d8591f25e903f5e8fc2e2a30 Mon Sep 17 00:00:00 2001
+From: Terry Geng <terry@terriex.com>
+Date: Mon, 6 Dec 2021 10:45:11 -0500
+Subject: [PATCH] BUILD(crypto): Migrate to OpenSSL 3.0-compatible API
+
+OpenSSL 3.0 deprecated several low-level APIs and the usage of them
+caused errors/warnings that prevent the binary from being built against
+OpenSSL 3.0.
+Some primitive efforts have been made in #5317 but were incomplete.
+This commit follows https://www.openssl.org/docs/man3.0/man7/migration_guide.html,
+https://code.woboq.org/qt6/qtopcua/src/opcua/x509/qopcuakeypair_openssl.cpp.html,
+and clears all errors/warnings related to the usage of deprecated APIs.
+
+Fixes #5277
+Fixes #4266
+---
+ src/SelfSignedCertificate.cpp | 235 +++++++++++-----------------------
+ src/SelfSignedCertificate.h | 5 +
+ src/crypto/CryptStateOCB2.cpp | 53 +++++---
+ src/crypto/CryptStateOCB2.h | 9 +-
+ 4 files changed, 121 insertions(+), 181 deletions(-)
+
+diff --git a/src/SelfSignedCertificate.cpp b/src/SelfSignedCertificate.cpp
+index a77e5fad91..ea0dec4cc7 100644
+--- a/src/SelfSignedCertificate.cpp
++++ b/src/SelfSignedCertificate.cpp
+@@ -5,8 +5,6 @@
+
+ #include "SelfSignedCertificate.h"
+
+-#include <openssl/x509v3.h>
+-
+ #define SSL_STRING(x) QString::fromLatin1(x).toUtf8().data()
+
+ static int add_ext(X509 *crt, int nid, char *value) {
+@@ -28,108 +26,86 @@ static int add_ext(X509 *crt, int nid, char *value) {
+ return 1;
+ }
+
+-bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
+- QSslCertificate &qscCert, QSslKey &qskKey) {
+- bool ok = true;
+- X509 *x509 = nullptr;
+- EVP_PKEY *pkey = nullptr;
+- RSA *rsa = nullptr;
+- BIGNUM *e = nullptr;
+- X509_NAME *name = nullptr;
+- ASN1_INTEGER *serialNumber = nullptr;
+- ASN1_TIME *notBefore = nullptr;
+- ASN1_TIME *notAfter = nullptr;
+- QString commonName;
+- bool isServerCert = certificateType == CertificateTypeServerCertificate;
+-
+- if (CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) == -1) {
+- ok = false;
+- goto out;
++EVP_PKEY *SelfSignedCertificate::generate_rsa_keypair() {
++ EVP_PKEY *pkey = EVP_PKEY_new();
++ if (!pkey) {
++ return nullptr;
+ }
+
+- x509 = X509_new();
+- if (!x509) {
+- ok = false;
+- goto out;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
++ if (!ctx) {
++ return nullptr;
+ }
+-
+- pkey = EVP_PKEY_new();
+- if (!pkey) {
+- ok = false;
+- goto out;
++ if (EVP_PKEY_keygen_init(ctx) <= 0) {
++ return nullptr;
+ }
+-
+- rsa = RSA_new();
++ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) {
++ return nullptr;
++ }
++ if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
++ return nullptr;
++ }
++ EVP_PKEY_CTX_free(ctx);
++#else
++ RSA *rsa = RSA_new();
++ BIGNUM *e = BN_new();
+ if (!rsa) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+- e = BN_new();
+ if (!e) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+ if (BN_set_word(e, 65537) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+ if (RSA_generate_key_ex(rsa, 2048, e, nullptr) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
++ BN_free(e);
++ RSA_free(rsa);
++#endif
++ return pkey;
++}
+
+- if (X509_set_version(x509, 2) == 0) {
+- ok = false;
+- goto out;
++#define CHECK(statement) \
++ if (!(statement)) { \
++ ok = false; \
++ goto out; \
+ }
+
+- serialNumber = X509_get_serialNumber(x509);
+- if (!serialNumber) {
+- ok = false;
+- goto out;
+- }
+- if (ASN1_INTEGER_set(serialNumber, 1) == 0) {
+- ok = false;
+- goto out;
+- }
+
+- notBefore = X509_get_notBefore(x509);
+- if (!notBefore) {
+- ok = false;
+- goto out;
+- }
+- if (!X509_gmtime_adj(notBefore, 0)) {
+- ok = false;
+- goto out;
+- }
++bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
++ QSslCertificate &qscCert, QSslKey &qskKey) {
++ bool ok = true;
++ EVP_PKEY *pkey = nullptr;
++ X509 *x509 = nullptr;
++ X509_NAME *name = nullptr;
++ ASN1_INTEGER *serialNumber = nullptr;
++ ASN1_TIME *notBefore = nullptr;
++ ASN1_TIME *notAfter = nullptr;
++ QString commonName;
++ bool isServerCert = certificateType == CertificateTypeServerCertificate;
+
+- notAfter = X509_get_notAfter(x509);
+- if (!notAfter) {
+- ok = false;
+- goto out;
+- }
+- if (!X509_gmtime_adj(notAfter, 60 * 60 * 24 * 365 * 20)) {
+- ok = false;
+- goto out;
+- }
++ // In Qt 5.15, a class was added to wrap up the procedures of generating a self-signed certificate.
++ // See https://doc.qt.io/qt-5/qopcuax509certificatesigningrequest.html.
++ // We should consider migrating to this class after switching to Qt 5.15.
+
+- if (X509_set_pubkey(x509, pkey) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(pkey = generate_rsa_keypair());
+
+- name = X509_get_subject_name(x509);
+- if (!name) {
+- ok = false;
+- goto out;
+- }
++ CHECK(x509 = X509_new());
++ CHECK(X509_set_version(x509, 2));
++ CHECK(serialNumber = X509_get_serialNumber(x509));
++ CHECK(ASN1_INTEGER_set(serialNumber, 1));
++ CHECK(notBefore = X509_get_notBefore(x509));
++ CHECK(X509_gmtime_adj(notBefore, 0));
++ CHECK(notAfter = X509_get_notAfter(x509));
++ CHECK(X509_gmtime_adj(notAfter, 60 * 60 * 24 * 365 * 20))
++ CHECK(X509_set_pubkey(x509, pkey));
++ CHECK(name = X509_get_subject_name(x509));
+
+ if (isServerCert) {
+ commonName = QLatin1String("Murmur Autogenerated Certificate v2");
+@@ -141,120 +117,63 @@ bool SelfSignedCertificate::generate(CertificateType certificateType, QString cl
+ }
+ }
+
+- if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8,
+- reinterpret_cast< unsigned char * >(commonName.toUtf8().data()), -1, -1, 0)
+- == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8,
++ reinterpret_cast< unsigned char * >(commonName.toUtf8().data()), -1, -1, 0));
+
+- if (X509_set_issuer_name(x509, name) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_set_issuer_name(x509, name));
+
+- if (add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE")));
+
+ if (isServerCert) {
+- if (add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth")))
+ } else {
+- if (add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth")));
+ }
+
+- if (add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash")));
+
+ if (isServerCert) {
+- if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur")));
+ } else {
+- if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble")));
+ }
+
+ if (!isServerCert) {
+ if (!clientCertEmail.trimmed().isEmpty()) {
+- if (add_ext(x509, NID_subject_alt_name,
+- QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data())
+- == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_subject_alt_name,
++ QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data()));
+ }
+ }
+
+- if (X509_sign(x509, pkey, EVP_sha1()) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_sign(x509, pkey, EVP_sha1()));
+
+ {
+ QByteArray crt;
+ int len = i2d_X509(x509, nullptr);
+- if (len <= 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(len > 0);
+ crt.resize(len);
+
+ unsigned char *dptr = reinterpret_cast< unsigned char * >(crt.data());
+- if (i2d_X509(x509, &dptr) != len) {
+- ok = false;
+- goto out;
+- }
++ CHECK(i2d_X509(x509, &dptr) == len);
+
+ qscCert = QSslCertificate(crt, QSsl::Der);
+- if (qscCert.isNull()) {
+- ok = false;
+- goto out;
+- }
++ CHECK(!qscCert.isNull());
+ }
+
+ {
+ QByteArray key;
+ int len = i2d_PrivateKey(pkey, nullptr);
+- if (len <= 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(len > 0);
+ key.resize(len);
+
+ unsigned char *dptr = reinterpret_cast< unsigned char * >(key.data());
+- if (i2d_PrivateKey(pkey, &dptr) != len) {
+- ok = false;
+- goto out;
+- }
++ CHECK(i2d_PrivateKey(pkey, &dptr) == len);
+
+ qskKey = QSslKey(key, QSsl::Rsa, QSsl::Der);
+- if (qskKey.isNull()) {
+- ok = false;
+- goto out;
+- }
++ CHECK(!qskKey.isNull());
+ }
+
+ out:
+- if (e) {
+- BN_free(e);
+- }
+- // We only need to free the pkey pointer,
+- // not the RSA pointer. We have assigned
+- // our RSA key to pkey, and it will be freed
+- // once we free pkey.
+ if (pkey) {
+ EVP_PKEY_free(pkey);
+ }
+diff --git a/src/SelfSignedCertificate.h b/src/SelfSignedCertificate.h
+index b85a8752b8..7c5f59e9c5 100644
+--- a/src/SelfSignedCertificate.h
++++ b/src/SelfSignedCertificate.h
+@@ -6,6 +6,10 @@
+ #ifndef MUMBLE_SELFSIGNEDCERTIFICATE_H_
+ #define MUMBLE_SELFSIGNEDCERTIFICATE_H_
+
++#include <openssl/evp.h>
++#include <openssl/rsa.h>
++#include <openssl/x509v3.h>
++
+ #include <QtCore/QString>
+ #include <QtNetwork/QSslCertificate>
+ #include <QtNetwork/QSslKey>
+@@ -16,6 +20,7 @@ class SelfSignedCertificate {
+ private:
+ static bool generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
+ QSslCertificate &qscCert, QSslKey &qskKey);
++ static EVP_PKEY *generate_rsa_keypair();
+
+ public:
+ static bool generateMumbleCertificate(QString name, QString email, QSslCertificate &qscCert, QSslKey &qskKey);
+diff --git a/src/crypto/CryptStateOCB2.cpp b/src/crypto/CryptStateOCB2.cpp
+index 2176d64883..640fdedac8 100644
+--- a/src/crypto/CryptStateOCB2.cpp
++++ b/src/crypto/CryptStateOCB2.cpp
+@@ -30,7 +30,7 @@
+ #include <cstring>
+ #include <openssl/rand.h>
+
+-CryptStateOCB2::CryptStateOCB2() : CryptState() {
++CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), dec_ctx(EVP_CIPHER_CTX_new()) {
+ for (int i = 0; i < 0x100; i++)
+ decrypt_history[i] = 0;
+ memset(raw_key, 0, AES_KEY_SIZE_BYTES);
+@@ -38,6 +38,11 @@ CryptStateOCB2::CryptStateOCB2() : CryptState() {
+ memset(decrypt_iv, 0, AES_BLOCK_SIZE);
+ }
+
++CryptStateOCB2::~CryptStateOCB2() noexcept {
++ EVP_CIPHER_CTX_free(enc_ctx);
++ EVP_CIPHER_CTX_free(dec_ctx);
++}
++
+ bool CryptStateOCB2::isValid() const {
+ return bInit;
+ }
+@@ -46,8 +51,6 @@ void CryptStateOCB2::genKey() {
+ CryptographicRandom::fillBuffer(raw_key, AES_KEY_SIZE_BYTES);
+ CryptographicRandom::fillBuffer(encrypt_iv, AES_BLOCK_SIZE);
+ CryptographicRandom::fillBuffer(decrypt_iv, AES_BLOCK_SIZE);
+- AES_set_encrypt_key(raw_key, AES_KEY_SIZE_BITS, &encrypt_key);
+- AES_set_decrypt_key(raw_key, AES_KEY_SIZE_BITS, &decrypt_key);
+ bInit = true;
+ }
+
+@@ -56,8 +59,6 @@ bool CryptStateOCB2::setKey(const std::string &rkey, const std::string &eiv, con
+ memcpy(raw_key, rkey.data(), AES_KEY_SIZE_BYTES);
+ memcpy(encrypt_iv, eiv.data(), AES_BLOCK_SIZE);
+ memcpy(decrypt_iv, div.data(), AES_BLOCK_SIZE);
+- AES_set_encrypt_key(raw_key, AES_KEY_SIZE_BITS, &encrypt_key);
+- AES_set_decrypt_key(raw_key, AES_KEY_SIZE_BITS, &decrypt_key);
+ bInit = true;
+ return true;
+ }
+@@ -256,10 +257,24 @@ static void inline ZERO(keyblock &block) {
+ block[i] = 0;
+ }
+
+-#define AESencrypt(src, dst, key) \
+- AES_encrypt(reinterpret_cast< const unsigned char * >(src), reinterpret_cast< unsigned char * >(dst), key);
+-#define AESdecrypt(src, dst, key) \
+- AES_decrypt(reinterpret_cast< const unsigned char * >(src), reinterpret_cast< unsigned char * >(dst), key);
++#define AESencrypt(src, dst, key) \
++ { \
++ int outlen = 0; \
++ EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
++ EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++ }
++#define AESdecrypt(src, dst, key) \
++ { \
++ int outlen = 0; \
++ EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
++ EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++ }
+
+ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encrypted, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag, bool modifyPlainOnXEXStarAttack) {
+@@ -267,7 +282,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ bool success = true;
+
+ // Initialize
+- AESencrypt(nonce, delta, &encrypt_key);
++ AESencrypt(nonce, delta, raw_key);
+ ZERO(checksum);
+
+ while (len > AES_BLOCK_SIZE) {
+@@ -299,7 +314,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ if (flipABit) {
+ *reinterpret_cast< unsigned char * >(tmp) ^= 1;
+ }
+- AESencrypt(tmp, tmp, &encrypt_key);
++ AESencrypt(tmp, tmp, raw_key);
+ XOR(reinterpret_cast< subblock * >(encrypted), delta, tmp);
+ XOR(checksum, checksum, reinterpret_cast< const subblock * >(plain));
+ if (flipABit) {
+@@ -315,7 +330,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ ZERO(tmp);
+ tmp[BLOCKSIZE - 1] = SWAPPED(len * 8);
+ XOR(tmp, tmp, delta);
+- AESencrypt(tmp, pad, &encrypt_key);
++ AESencrypt(tmp, pad, raw_key);
+ memcpy(tmp, plain, len);
+ memcpy(reinterpret_cast< unsigned char * >(tmp) + len, reinterpret_cast< const unsigned char * >(pad) + len,
+ AES_BLOCK_SIZE - len);
+@@ -325,7 +340,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+
+ S3(delta);
+ XOR(tmp, delta, checksum);
+- AESencrypt(tmp, tag, &encrypt_key);
++ AESencrypt(tmp, tag, raw_key);
+
+ return success;
+ }
+@@ -336,13 +351,13 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ bool success = true;
+
+ // Initialize
+- AESencrypt(nonce, delta, &encrypt_key);
++ AESencrypt(nonce, delta, raw_key);
+ ZERO(checksum);
+
+ while (len > AES_BLOCK_SIZE) {
+ S2(delta);
+ XOR(tmp, delta, reinterpret_cast< const subblock * >(encrypted));
+- AESdecrypt(tmp, tmp, &decrypt_key);
++ AESdecrypt(tmp, tmp, raw_key);
+ XOR(reinterpret_cast< subblock * >(plain), delta, tmp);
+ XOR(checksum, checksum, reinterpret_cast< const subblock * >(plain));
+ len -= AES_BLOCK_SIZE;
+@@ -354,7 +369,7 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ ZERO(tmp);
+ tmp[BLOCKSIZE - 1] = SWAPPED(len * 8);
+ XOR(tmp, tmp, delta);
+- AESencrypt(tmp, pad, &encrypt_key);
++ AESencrypt(tmp, pad, raw_key);
+ memset(tmp, 0, AES_BLOCK_SIZE);
+ memcpy(tmp, encrypted, len);
+ XOR(tmp, tmp, pad);
+@@ -372,7 +387,7 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+
+ S3(delta);
+ XOR(tmp, delta, checksum);
+- AESencrypt(tmp, tag, &encrypt_key);
++ AESencrypt(tmp, tag, raw_key);
+
+ return success;
+ }
+@@ -381,5 +396,5 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ #undef SHIFTBITS
+ #undef SWAPPED
+ #undef HIGHBIT
+-#undef AES_encrypt
+-#undef AES_decrypt
++#undef AESencrypt
++#undef AESdecrypt
+diff --git a/src/crypto/CryptStateOCB2.h b/src/crypto/CryptStateOCB2.h
+index 53d4b4b6aa..cc3f1c0bc3 100644
+--- a/src/crypto/CryptStateOCB2.h
++++ b/src/crypto/CryptStateOCB2.h
+@@ -8,8 +8,9 @@
+
+ #include "CryptState.h"
+
+-#include <openssl/aes.h>
++#include <openssl/evp.h>
+
++#define AES_BLOCK_SIZE 16
+ #define AES_KEY_SIZE_BITS 128
+ #define AES_KEY_SIZE_BYTES (AES_KEY_SIZE_BITS / 8)
+
+@@ -17,7 +18,7 @@
+ class CryptStateOCB2 : public CryptState {
+ public:
+ CryptStateOCB2();
+- ~CryptStateOCB2(){};
++ ~CryptStateOCB2() noexcept override;
+
+ virtual bool isValid() const Q_DECL_OVERRIDE;
+ virtual void genKey() Q_DECL_OVERRIDE;
+@@ -43,8 +44,8 @@ class CryptStateOCB2 : public CryptState {
+ unsigned char decrypt_iv[AES_BLOCK_SIZE];
+ unsigned char decrypt_history[0x100];
+
+- AES_KEY encrypt_key;
+- AES_KEY decrypt_key;
++ EVP_CIPHER_CTX *enc_ctx;
++ EVP_CIPHER_CTX *dec_ctx;
+ };
+
+
+From f8d47db318f302f5a7d343f15c9936c7030c49c4 Mon Sep 17 00:00:00 2001
+From: Terry Geng <terry@terriex.com>
+Date: Sun, 12 Dec 2021 22:39:38 -0500
+Subject: [PATCH] FIX(crypto): Sharing EVP context between threads crushes
+ Mumble
+
+Functions ocb_encrypt and ocb_decrypt share the same set
+of encrypt and decrypt contexts. However, they are invoked
+in different threads (audio input thread and server
+handler thread).
+This may lead to conflicts that would crash Mumble.
+This patch separates contexts used in these two functions
+to avoid such conflicts.
+
+Fixes #5361
+---
+ src/crypto/CryptStateOCB2.cpp | 55 ++++++++++++++++++++++-------------
+ src/crypto/CryptStateOCB2.h | 6 ++--
+ 2 files changed, 38 insertions(+), 23 deletions(-)
+
+diff --git a/src/crypto/CryptStateOCB2.cpp b/src/crypto/CryptStateOCB2.cpp
+index 640fdedac8..3b3473ffec 100644
+--- a/src/crypto/CryptStateOCB2.cpp
++++ b/src/crypto/CryptStateOCB2.cpp
+@@ -30,7 +30,9 @@
+ #include <cstring>
+ #include <openssl/rand.h>
+
+-CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), dec_ctx(EVP_CIPHER_CTX_new()) {
++CryptStateOCB2::CryptStateOCB2()
++ : CryptState(), enc_ctx_ocb_enc(EVP_CIPHER_CTX_new()), dec_ctx_ocb_enc(EVP_CIPHER_CTX_new()),
++ enc_ctx_ocb_dec(EVP_CIPHER_CTX_new()), dec_ctx_ocb_dec(EVP_CIPHER_CTX_new()) {
+ for (int i = 0; i < 0x100; i++)
+ decrypt_history[i] = 0;
+ memset(raw_key, 0, AES_KEY_SIZE_BYTES);
+@@ -39,8 +41,10 @@ CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()),
+ }
+
+ CryptStateOCB2::~CryptStateOCB2() noexcept {
+- EVP_CIPHER_CTX_free(enc_ctx);
+- EVP_CIPHER_CTX_free(dec_ctx);
++ EVP_CIPHER_CTX_free(enc_ctx_ocb_enc);
++ EVP_CIPHER_CTX_free(dec_ctx_ocb_enc);
++ EVP_CIPHER_CTX_free(enc_ctx_ocb_dec);
++ EVP_CIPHER_CTX_free(dec_ctx_ocb_dec);
+ }
+
+ bool CryptStateOCB2::isValid() const {
+@@ -257,25 +261,28 @@ static void inline ZERO(keyblock &block) {
+ block[i] = 0;
+ }
+
+-#define AESencrypt(src, dst, key) \
+- { \
+- int outlen = 0; \
+- EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
+- EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
+- EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
+- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
+- EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++#define AESencrypt_ctx(src, dst, key, enc_ctx) \
++ { \
++ int outlen = 0; \
++ EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
++ EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \
+ }
+-#define AESdecrypt(src, dst, key) \
+- { \
+- int outlen = 0; \
+- EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
+- EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
+- EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
+- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
+- EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++#define AESdecrypt_ctx(src, dst, key, dec_ctx) \
++ { \
++ int outlen = 0; \
++ EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
++ EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \
+ }
+
++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_enc)
++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_enc)
++
+ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encrypted, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag, bool modifyPlainOnXEXStarAttack) {
+ keyblock checksum, delta, tmp, pad;
+@@ -345,6 +352,12 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ return success;
+ }
+
++#undef AESencrypt
++#undef AESdecrypt
++
++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_dec)
++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_dec)
++
+ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *plain, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag) {
+ keyblock checksum, delta, tmp, pad;
+@@ -392,9 +405,9 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ return success;
+ }
+
++#undef AESencrypt
++#undef AESdecrypt
+ #undef BLOCKSIZE
+ #undef SHIFTBITS
+ #undef SWAPPED
+ #undef HIGHBIT
+-#undef AESencrypt
+-#undef AESdecrypt
+diff --git a/src/crypto/CryptStateOCB2.h b/src/crypto/CryptStateOCB2.h
+index cc3f1c0bc3..0fd3000ade 100644
+--- a/src/crypto/CryptStateOCB2.h
++++ b/src/crypto/CryptStateOCB2.h
+@@ -44,8 +44,10 @@ class CryptStateOCB2 : public CryptState {
+ unsigned char decrypt_iv[AES_BLOCK_SIZE];
+ unsigned char decrypt_history[0x100];
+
+- EVP_CIPHER_CTX *enc_ctx;
+- EVP_CIPHER_CTX *dec_ctx;
++ EVP_CIPHER_CTX *enc_ctx_ocb_enc;
++ EVP_CIPHER_CTX *dec_ctx_ocb_enc;
++ EVP_CIPHER_CTX *enc_ctx_ocb_dec;
++ EVP_CIPHER_CTX *dec_ctx_ocb_dec;
+ };
+
+
diff --git a/srcpkgs/mumble/template b/srcpkgs/mumble/template
index 2e6f50da0140..acb6af454e0f 100644
--- a/srcpkgs/mumble/template
+++ b/srcpkgs/mumble/template
@@ -1,7 +1,7 @@
# Template file for 'mumble'
pkgname=mumble
version=1.4.287
-revision=1
+revision=2
build_style=cmake
make_cmd=make
configure_args="-Doverlay-xcompile=OFF -Dbundled-opus=OFF
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PR PATCH] [Updated] poco: update to build with openssl3
2023-01-30 15:18 [PR PATCH] poco: update to build with openssl3 dkwo
` (4 preceding siblings ...)
2023-01-30 19:33 ` dkwo
@ 2023-01-30 20:00 ` dkwo
2023-01-30 20:19 ` dkwo
` (7 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: dkwo @ 2023-01-30 20:00 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 467 bytes --]
There is an updated pull request by dkwo against master on the void-packages repository
https://github.com/dkwo/void-packages O3poco
https://github.com/void-linux/void-packages/pull/41963
poco: update to build with openssl3
- I tested the changes in this PR: no
- I built this PR locally for my native architecture, (x86_64-musl)
required to build with openssl3 #37681
A patch file from https://github.com/void-linux/void-packages/pull/41963.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-O3poco-41963.patch --]
[-- Type: text/x-diff, Size: 29604 bytes --]
From 887089c4cd33cf26b55769e2f6c5999bf3704a3f Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:20 -0500
Subject: [PATCH 1/3] poco: update to 1.12.4, orphan
---
common/shlibs | 26 +++++++++++++-------------
srcpkgs/poco/template | 11 ++++++-----
2 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/common/shlibs b/common/shlibs
index edb8a2c5dd73..523fd15af734 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3006,19 +3006,19 @@ libsigrok.so.4 libsigrok-0.5.0_1
libsigrokcxx.so.4 libsigrok-0.5.0_1
libsigrokdecode.so.4 libsigrokdecode-0.5.0_2
libglyr.so.1 glyr-1.0.8_1
-libPocoJSON.so.64 poco-1.9.4_3
-libPocoMongoDB.so.64 poco-1.9.4_3
-libPocoZip.so.64 poco-1.9.4_3
-libPocoData.so.64 poco-1.9.4_3
-libPocoNet.so.64 poco-1.9.4_3
-libPocoDataSQLite.so.64 poco-1.9.4_3
-libPocoFoundation.so.64 poco-1.9.4_3
-libPocoXML.so.64 poco-1.9.4_3
-libPocoUtil.so.64 poco-1.9.4_3
-libPocoRedis.so.64 poco-1.9.4_3
-libPocoEncodings.so.64 poco-1.9.4_3
-libPocoNetSSL.so.64 poco-1.9.4_3
-libPocoCrypto.so.64 poco-1.9.4_3
+libPocoJSON.so.94 poco-1.12.4_1
+libPocoMongoDB.so.94 poco-1.12.4_1
+libPocoZip.so.94 poco-1.12.4_1
+libPocoData.so.94 poco-1.12.4_1
+libPocoNet.so.94 poco-1.12.4_1
+libPocoDataSQLite.so.94 poco-1.12.4_1
+libPocoFoundation.so.94 poco-1.12.4_1
+libPocoXML.so.94 poco-1.12.4_1
+libPocoUtil.so.94 poco-1.12.4_1
+libPocoRedis.so.94 poco-1.12.4_1
+libPocoEncodings.so.94 poco-1.12.4_1
+libPocoNetSSL.so.94 poco-1.12.4_1
+libPocoCrypto.so.94 poco-1.12.4_1
libPtex.so ptex-2.3.2_1
libopenblas.so.0 openblas-0.2.19_1
librtaudio.so.6 rtaudio-5.1.0_1
diff --git a/srcpkgs/poco/template b/srcpkgs/poco/template
index 008536b67121..6ca714b9e94f 100644
--- a/srcpkgs/poco/template
+++ b/srcpkgs/poco/template
@@ -1,16 +1,17 @@
# Template file for 'poco'
pkgname=poco
-version=1.9.4
-revision=3
+version=1.12.4
+revision=1
build_style=cmake
configure_args="-DPOCO_UNBUNDLED=ON"
-makedepends="openssl-devel zlib-devel pcre-devel expat-devel sqlite-devel"
+makedepends="openssl-devel zlib-devel pcre2-devel expat-devel sqlite-devel"
short_desc="C++ class libraries for building network-based applications"
-maintainer="Julien Dehos <dehos@univ-littoral.fr>"
+maintainer="Orphaned <orphan@voidlinux.org>"
license="BSL-1.0"
homepage="https://pocoproject.org"
distfiles="https://pocoproject.org/releases/${pkgname}-${version}/${pkgname}-${version}-all.tar.gz"
-checksum=eb34f257b11240a711ee505f1d80c754a80a990aeb48d8d93407884df288fd77
+checksum=4c3584daa5b0e973f268654dbeb1171ec7621e358b2b64363cd1abd558a68777
+conflicts="archiver"
post_install() {
vlicense LICENSE
From 2d8199b90e3a406d0636ee5d8dc53fe8a1acdd59 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:43 -0500
Subject: [PATCH 2/3] remwharead: bump for poco
---
srcpkgs/remwharead/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/remwharead/template b/srcpkgs/remwharead/template
index e72ab06131e4..4af548c46743 100644
--- a/srcpkgs/remwharead/template
+++ b/srcpkgs/remwharead/template
@@ -1,7 +1,7 @@
# Template file for 'remwharead'
pkgname=remwharead
version=0.10.0
-revision=4
+revision=5
build_style=cmake
hostmakedepends="poco-devel asciidoc pkg-config"
makedepends="poco-devel boost-devel"
@@ -9,7 +9,7 @@ short_desc="Saves URIs of things you want to remember in a database"
maintainer="teldra <teldra@rotce.de>"
license="GPL-3.0-only"
homepage="https://schlomp.space/tastytea/remwharead"
-distfiles="https://github.com/tastytea/remwharead/archive/${version}.tar.gz"
+distfiles="https://github.com/tastytea/remwharead/archive/refs/tags/${version}.tar.gz"
checksum=87f14a611e3ae9f9babe2dff8e4a6c4f5495fa2883393edb36e796af3f19fb30
remwharead-firefox-plugin_package() {
From e2ce9457bce7f68b81d33d5adaa525430e414238 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Mon, 30 Jan 2023 10:45:04 -0500
Subject: [PATCH 3/3] mumble: bump for poco, patch for openssl3
---
srcpkgs/mumble/patches/openssl3.patch | 685 ++++++++++++++++++++++++++
srcpkgs/mumble/template | 2 +-
2 files changed, 686 insertions(+), 1 deletion(-)
create mode 100644 srcpkgs/mumble/patches/openssl3.patch
diff --git a/srcpkgs/mumble/patches/openssl3.patch b/srcpkgs/mumble/patches/openssl3.patch
new file mode 100644
index 000000000000..906d1790444b
--- /dev/null
+++ b/srcpkgs/mumble/patches/openssl3.patch
@@ -0,0 +1,685 @@
+From f4cea62ed95e4967d8591f25e903f5e8fc2e2a30 Mon Sep 17 00:00:00 2001
+From: Terry Geng <terry@terriex.com>
+Date: Mon, 6 Dec 2021 10:45:11 -0500
+Subject: [PATCH] BUILD(crypto): Migrate to OpenSSL 3.0-compatible API
+
+OpenSSL 3.0 deprecated several low-level APIs and the usage of them
+caused errors/warnings that prevent the binary from being built against
+OpenSSL 3.0.
+Some primitive efforts have been made in #5317 but were incomplete.
+This commit follows https://www.openssl.org/docs/man3.0/man7/migration_guide.html,
+https://code.woboq.org/qt6/qtopcua/src/opcua/x509/qopcuakeypair_openssl.cpp.html,
+and clears all errors/warnings related to the usage of deprecated APIs.
+
+Fixes #5277
+Fixes #4266
+---
+ src/SelfSignedCertificate.cpp | 235 +++++++++++-----------------------
+ src/SelfSignedCertificate.h | 5 +
+ src/crypto/CryptStateOCB2.cpp | 53 +++++---
+ src/crypto/CryptStateOCB2.h | 9 +-
+ 4 files changed, 121 insertions(+), 181 deletions(-)
+
+diff --git a/src/SelfSignedCertificate.cpp b/src/SelfSignedCertificate.cpp
+index a77e5fad91..ea0dec4cc7 100644
+--- a/src/SelfSignedCertificate.cpp
++++ b/src/SelfSignedCertificate.cpp
+@@ -5,8 +5,6 @@
+
+ #include "SelfSignedCertificate.h"
+
+-#include <openssl/x509v3.h>
+-
+ #define SSL_STRING(x) QString::fromLatin1(x).toUtf8().data()
+
+ static int add_ext(X509 *crt, int nid, char *value) {
+@@ -28,108 +26,86 @@ static int add_ext(X509 *crt, int nid, char *value) {
+ return 1;
+ }
+
+-bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
+- QSslCertificate &qscCert, QSslKey &qskKey) {
+- bool ok = true;
+- X509 *x509 = nullptr;
+- EVP_PKEY *pkey = nullptr;
+- RSA *rsa = nullptr;
+- BIGNUM *e = nullptr;
+- X509_NAME *name = nullptr;
+- ASN1_INTEGER *serialNumber = nullptr;
+- ASN1_TIME *notBefore = nullptr;
+- ASN1_TIME *notAfter = nullptr;
+- QString commonName;
+- bool isServerCert = certificateType == CertificateTypeServerCertificate;
+-
+- if (CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) == -1) {
+- ok = false;
+- goto out;
++EVP_PKEY *SelfSignedCertificate::generate_rsa_keypair() {
++ EVP_PKEY *pkey = EVP_PKEY_new();
++ if (!pkey) {
++ return nullptr;
+ }
+
+- x509 = X509_new();
+- if (!x509) {
+- ok = false;
+- goto out;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
++ if (!ctx) {
++ return nullptr;
+ }
+-
+- pkey = EVP_PKEY_new();
+- if (!pkey) {
+- ok = false;
+- goto out;
++ if (EVP_PKEY_keygen_init(ctx) <= 0) {
++ return nullptr;
+ }
+-
+- rsa = RSA_new();
++ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) {
++ return nullptr;
++ }
++ if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
++ return nullptr;
++ }
++ EVP_PKEY_CTX_free(ctx);
++#else
++ RSA *rsa = RSA_new();
++ BIGNUM *e = BN_new();
+ if (!rsa) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+- e = BN_new();
+ if (!e) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+ if (BN_set_word(e, 65537) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+ if (RSA_generate_key_ex(rsa, 2048, e, nullptr) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
++ BN_free(e);
++ RSA_free(rsa);
++#endif
++ return pkey;
++}
+
+- if (X509_set_version(x509, 2) == 0) {
+- ok = false;
+- goto out;
++#define CHECK(statement) \
++ if (!(statement)) { \
++ ok = false; \
++ goto out; \
+ }
+
+- serialNumber = X509_get_serialNumber(x509);
+- if (!serialNumber) {
+- ok = false;
+- goto out;
+- }
+- if (ASN1_INTEGER_set(serialNumber, 1) == 0) {
+- ok = false;
+- goto out;
+- }
+
+- notBefore = X509_get_notBefore(x509);
+- if (!notBefore) {
+- ok = false;
+- goto out;
+- }
+- if (!X509_gmtime_adj(notBefore, 0)) {
+- ok = false;
+- goto out;
+- }
++bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
++ QSslCertificate &qscCert, QSslKey &qskKey) {
++ bool ok = true;
++ EVP_PKEY *pkey = nullptr;
++ X509 *x509 = nullptr;
++ X509_NAME *name = nullptr;
++ ASN1_INTEGER *serialNumber = nullptr;
++ ASN1_TIME *notBefore = nullptr;
++ ASN1_TIME *notAfter = nullptr;
++ QString commonName;
++ bool isServerCert = certificateType == CertificateTypeServerCertificate;
+
+- notAfter = X509_get_notAfter(x509);
+- if (!notAfter) {
+- ok = false;
+- goto out;
+- }
+- if (!X509_gmtime_adj(notAfter, 60 * 60 * 24 * 365 * 20)) {
+- ok = false;
+- goto out;
+- }
++ // In Qt 5.15, a class was added to wrap up the procedures of generating a self-signed certificate.
++ // See https://doc.qt.io/qt-5/qopcuax509certificatesigningrequest.html.
++ // We should consider migrating to this class after switching to Qt 5.15.
+
+- if (X509_set_pubkey(x509, pkey) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(pkey = generate_rsa_keypair());
+
+- name = X509_get_subject_name(x509);
+- if (!name) {
+- ok = false;
+- goto out;
+- }
++ CHECK(x509 = X509_new());
++ CHECK(X509_set_version(x509, 2));
++ CHECK(serialNumber = X509_get_serialNumber(x509));
++ CHECK(ASN1_INTEGER_set(serialNumber, 1));
++ CHECK(notBefore = X509_get_notBefore(x509));
++ CHECK(X509_gmtime_adj(notBefore, 0));
++ CHECK(notAfter = X509_get_notAfter(x509));
++ CHECK(X509_gmtime_adj(notAfter, 60 * 60 * 24 * 365 * 20))
++ CHECK(X509_set_pubkey(x509, pkey));
++ CHECK(name = X509_get_subject_name(x509));
+
+ if (isServerCert) {
+ commonName = QLatin1String("Murmur Autogenerated Certificate v2");
+@@ -141,120 +117,63 @@ bool SelfSignedCertificate::generate(CertificateType certificateType, QString cl
+ }
+ }
+
+- if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8,
+- reinterpret_cast< unsigned char * >(commonName.toUtf8().data()), -1, -1, 0)
+- == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8,
++ reinterpret_cast< unsigned char * >(commonName.toUtf8().data()), -1, -1, 0));
+
+- if (X509_set_issuer_name(x509, name) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_set_issuer_name(x509, name));
+
+- if (add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE")));
+
+ if (isServerCert) {
+- if (add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth")))
+ } else {
+- if (add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth")));
+ }
+
+- if (add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash")));
+
+ if (isServerCert) {
+- if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur")));
+ } else {
+- if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble")));
+ }
+
+ if (!isServerCert) {
+ if (!clientCertEmail.trimmed().isEmpty()) {
+- if (add_ext(x509, NID_subject_alt_name,
+- QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data())
+- == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_subject_alt_name,
++ QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data()));
+ }
+ }
+
+- if (X509_sign(x509, pkey, EVP_sha1()) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_sign(x509, pkey, EVP_sha1()));
+
+ {
+ QByteArray crt;
+ int len = i2d_X509(x509, nullptr);
+- if (len <= 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(len > 0);
+ crt.resize(len);
+
+ unsigned char *dptr = reinterpret_cast< unsigned char * >(crt.data());
+- if (i2d_X509(x509, &dptr) != len) {
+- ok = false;
+- goto out;
+- }
++ CHECK(i2d_X509(x509, &dptr) == len);
+
+ qscCert = QSslCertificate(crt, QSsl::Der);
+- if (qscCert.isNull()) {
+- ok = false;
+- goto out;
+- }
++ CHECK(!qscCert.isNull());
+ }
+
+ {
+ QByteArray key;
+ int len = i2d_PrivateKey(pkey, nullptr);
+- if (len <= 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(len > 0);
+ key.resize(len);
+
+ unsigned char *dptr = reinterpret_cast< unsigned char * >(key.data());
+- if (i2d_PrivateKey(pkey, &dptr) != len) {
+- ok = false;
+- goto out;
+- }
++ CHECK(i2d_PrivateKey(pkey, &dptr) == len);
+
+ qskKey = QSslKey(key, QSsl::Rsa, QSsl::Der);
+- if (qskKey.isNull()) {
+- ok = false;
+- goto out;
+- }
++ CHECK(!qskKey.isNull());
+ }
+
+ out:
+- if (e) {
+- BN_free(e);
+- }
+- // We only need to free the pkey pointer,
+- // not the RSA pointer. We have assigned
+- // our RSA key to pkey, and it will be freed
+- // once we free pkey.
+ if (pkey) {
+ EVP_PKEY_free(pkey);
+ }
+diff --git a/src/SelfSignedCertificate.h b/src/SelfSignedCertificate.h
+index b85a8752b8..7c5f59e9c5 100644
+--- a/src/SelfSignedCertificate.h
++++ b/src/SelfSignedCertificate.h
+@@ -6,6 +6,10 @@
+ #ifndef MUMBLE_SELFSIGNEDCERTIFICATE_H_
+ #define MUMBLE_SELFSIGNEDCERTIFICATE_H_
+
++#include <openssl/evp.h>
++#include <openssl/rsa.h>
++#include <openssl/x509v3.h>
++
+ #include <QtCore/QString>
+ #include <QtNetwork/QSslCertificate>
+ #include <QtNetwork/QSslKey>
+@@ -16,6 +20,7 @@ class SelfSignedCertificate {
+ private:
+ static bool generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
+ QSslCertificate &qscCert, QSslKey &qskKey);
++ static EVP_PKEY *generate_rsa_keypair();
+
+ public:
+ static bool generateMumbleCertificate(QString name, QString email, QSslCertificate &qscCert, QSslKey &qskKey);
+diff --git a/src/crypto/CryptStateOCB2.cpp b/src/crypto/CryptStateOCB2.cpp
+index 2176d64883..640fdedac8 100644
+--- a/src/crypto/CryptStateOCB2.cpp
++++ b/src/crypto/CryptStateOCB2.cpp
+@@ -30,7 +30,7 @@
+ #include <cstring>
+ #include <openssl/rand.h>
+
+-CryptStateOCB2::CryptStateOCB2() : CryptState() {
++CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), dec_ctx(EVP_CIPHER_CTX_new()) {
+ for (int i = 0; i < 0x100; i++)
+ decrypt_history[i] = 0;
+ memset(raw_key, 0, AES_KEY_SIZE_BYTES);
+@@ -38,6 +38,11 @@ CryptStateOCB2::CryptStateOCB2() : CryptState() {
+ memset(decrypt_iv, 0, AES_BLOCK_SIZE);
+ }
+
++CryptStateOCB2::~CryptStateOCB2() noexcept {
++ EVP_CIPHER_CTX_free(enc_ctx);
++ EVP_CIPHER_CTX_free(dec_ctx);
++}
++
+ bool CryptStateOCB2::isValid() const {
+ return bInit;
+ }
+@@ -46,8 +51,6 @@ void CryptStateOCB2::genKey() {
+ CryptographicRandom::fillBuffer(raw_key, AES_KEY_SIZE_BYTES);
+ CryptographicRandom::fillBuffer(encrypt_iv, AES_BLOCK_SIZE);
+ CryptographicRandom::fillBuffer(decrypt_iv, AES_BLOCK_SIZE);
+- AES_set_encrypt_key(raw_key, AES_KEY_SIZE_BITS, &encrypt_key);
+- AES_set_decrypt_key(raw_key, AES_KEY_SIZE_BITS, &decrypt_key);
+ bInit = true;
+ }
+
+@@ -56,8 +59,6 @@ bool CryptStateOCB2::setKey(const std::string &rkey, const std::string &eiv, con
+ memcpy(raw_key, rkey.data(), AES_KEY_SIZE_BYTES);
+ memcpy(encrypt_iv, eiv.data(), AES_BLOCK_SIZE);
+ memcpy(decrypt_iv, div.data(), AES_BLOCK_SIZE);
+- AES_set_encrypt_key(raw_key, AES_KEY_SIZE_BITS, &encrypt_key);
+- AES_set_decrypt_key(raw_key, AES_KEY_SIZE_BITS, &decrypt_key);
+ bInit = true;
+ return true;
+ }
+@@ -256,10 +257,24 @@ static void inline ZERO(keyblock &block) {
+ block[i] = 0;
+ }
+
+-#define AESencrypt(src, dst, key) \
+- AES_encrypt(reinterpret_cast< const unsigned char * >(src), reinterpret_cast< unsigned char * >(dst), key);
+-#define AESdecrypt(src, dst, key) \
+- AES_decrypt(reinterpret_cast< const unsigned char * >(src), reinterpret_cast< unsigned char * >(dst), key);
++#define AESencrypt(src, dst, key) \
++ { \
++ int outlen = 0; \
++ EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
++ EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++ }
++#define AESdecrypt(src, dst, key) \
++ { \
++ int outlen = 0; \
++ EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
++ EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++ }
+
+ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encrypted, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag, bool modifyPlainOnXEXStarAttack) {
+@@ -267,7 +282,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ bool success = true;
+
+ // Initialize
+- AESencrypt(nonce, delta, &encrypt_key);
++ AESencrypt(nonce, delta, raw_key);
+ ZERO(checksum);
+
+ while (len > AES_BLOCK_SIZE) {
+@@ -299,7 +314,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ if (flipABit) {
+ *reinterpret_cast< unsigned char * >(tmp) ^= 1;
+ }
+- AESencrypt(tmp, tmp, &encrypt_key);
++ AESencrypt(tmp, tmp, raw_key);
+ XOR(reinterpret_cast< subblock * >(encrypted), delta, tmp);
+ XOR(checksum, checksum, reinterpret_cast< const subblock * >(plain));
+ if (flipABit) {
+@@ -315,7 +330,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ ZERO(tmp);
+ tmp[BLOCKSIZE - 1] = SWAPPED(len * 8);
+ XOR(tmp, tmp, delta);
+- AESencrypt(tmp, pad, &encrypt_key);
++ AESencrypt(tmp, pad, raw_key);
+ memcpy(tmp, plain, len);
+ memcpy(reinterpret_cast< unsigned char * >(tmp) + len, reinterpret_cast< const unsigned char * >(pad) + len,
+ AES_BLOCK_SIZE - len);
+@@ -325,7 +340,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+
+ S3(delta);
+ XOR(tmp, delta, checksum);
+- AESencrypt(tmp, tag, &encrypt_key);
++ AESencrypt(tmp, tag, raw_key);
+
+ return success;
+ }
+@@ -336,13 +351,13 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ bool success = true;
+
+ // Initialize
+- AESencrypt(nonce, delta, &encrypt_key);
++ AESencrypt(nonce, delta, raw_key);
+ ZERO(checksum);
+
+ while (len > AES_BLOCK_SIZE) {
+ S2(delta);
+ XOR(tmp, delta, reinterpret_cast< const subblock * >(encrypted));
+- AESdecrypt(tmp, tmp, &decrypt_key);
++ AESdecrypt(tmp, tmp, raw_key);
+ XOR(reinterpret_cast< subblock * >(plain), delta, tmp);
+ XOR(checksum, checksum, reinterpret_cast< const subblock * >(plain));
+ len -= AES_BLOCK_SIZE;
+@@ -354,7 +369,7 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ ZERO(tmp);
+ tmp[BLOCKSIZE - 1] = SWAPPED(len * 8);
+ XOR(tmp, tmp, delta);
+- AESencrypt(tmp, pad, &encrypt_key);
++ AESencrypt(tmp, pad, raw_key);
+ memset(tmp, 0, AES_BLOCK_SIZE);
+ memcpy(tmp, encrypted, len);
+ XOR(tmp, tmp, pad);
+@@ -372,7 +387,7 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+
+ S3(delta);
+ XOR(tmp, delta, checksum);
+- AESencrypt(tmp, tag, &encrypt_key);
++ AESencrypt(tmp, tag, raw_key);
+
+ return success;
+ }
+@@ -381,5 +396,5 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ #undef SHIFTBITS
+ #undef SWAPPED
+ #undef HIGHBIT
+-#undef AES_encrypt
+-#undef AES_decrypt
++#undef AESencrypt
++#undef AESdecrypt
+diff --git a/src/crypto/CryptStateOCB2.h b/src/crypto/CryptStateOCB2.h
+index 53d4b4b6aa..cc3f1c0bc3 100644
+--- a/src/crypto/CryptStateOCB2.h
++++ b/src/crypto/CryptStateOCB2.h
+@@ -8,8 +8,9 @@
+
+ #include "CryptState.h"
+
+-#include <openssl/aes.h>
++#include <openssl/evp.h>
+
++#define AES_BLOCK_SIZE 16
+ #define AES_KEY_SIZE_BITS 128
+ #define AES_KEY_SIZE_BYTES (AES_KEY_SIZE_BITS / 8)
+
+@@ -17,7 +18,7 @@
+ class CryptStateOCB2 : public CryptState {
+ public:
+ CryptStateOCB2();
+- ~CryptStateOCB2(){};
++ ~CryptStateOCB2() noexcept override;
+
+ virtual bool isValid() const Q_DECL_OVERRIDE;
+ virtual void genKey() Q_DECL_OVERRIDE;
+@@ -43,8 +44,8 @@ class CryptStateOCB2 : public CryptState {
+ unsigned char decrypt_iv[AES_BLOCK_SIZE];
+ unsigned char decrypt_history[0x100];
+
+- AES_KEY encrypt_key;
+- AES_KEY decrypt_key;
++ EVP_CIPHER_CTX *enc_ctx;
++ EVP_CIPHER_CTX *dec_ctx;
+ };
+
+
+From f8d47db318f302f5a7d343f15c9936c7030c49c4 Mon Sep 17 00:00:00 2001
+From: Terry Geng <terry@terriex.com>
+Date: Sun, 12 Dec 2021 22:39:38 -0500
+Subject: [PATCH] FIX(crypto): Sharing EVP context between threads crushes
+ Mumble
+
+Functions ocb_encrypt and ocb_decrypt share the same set
+of encrypt and decrypt contexts. However, they are invoked
+in different threads (audio input thread and server
+handler thread).
+This may lead to conflicts that would crash Mumble.
+This patch separates contexts used in these two functions
+to avoid such conflicts.
+
+Fixes #5361
+---
+ src/crypto/CryptStateOCB2.cpp | 55 ++++++++++++++++++++++-------------
+ src/crypto/CryptStateOCB2.h | 6 ++--
+ 2 files changed, 38 insertions(+), 23 deletions(-)
+
+diff --git a/src/crypto/CryptStateOCB2.cpp b/src/crypto/CryptStateOCB2.cpp
+index 640fdedac8..3b3473ffec 100644
+--- a/src/crypto/CryptStateOCB2.cpp
++++ b/src/crypto/CryptStateOCB2.cpp
+@@ -30,7 +30,9 @@
+ #include <cstring>
+ #include <openssl/rand.h>
+
+-CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), dec_ctx(EVP_CIPHER_CTX_new()) {
++CryptStateOCB2::CryptStateOCB2()
++ : CryptState(), enc_ctx_ocb_enc(EVP_CIPHER_CTX_new()), dec_ctx_ocb_enc(EVP_CIPHER_CTX_new()),
++ enc_ctx_ocb_dec(EVP_CIPHER_CTX_new()), dec_ctx_ocb_dec(EVP_CIPHER_CTX_new()) {
+ for (int i = 0; i < 0x100; i++)
+ decrypt_history[i] = 0;
+ memset(raw_key, 0, AES_KEY_SIZE_BYTES);
+@@ -39,8 +41,10 @@ CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()),
+ }
+
+ CryptStateOCB2::~CryptStateOCB2() noexcept {
+- EVP_CIPHER_CTX_free(enc_ctx);
+- EVP_CIPHER_CTX_free(dec_ctx);
++ EVP_CIPHER_CTX_free(enc_ctx_ocb_enc);
++ EVP_CIPHER_CTX_free(dec_ctx_ocb_enc);
++ EVP_CIPHER_CTX_free(enc_ctx_ocb_dec);
++ EVP_CIPHER_CTX_free(dec_ctx_ocb_dec);
+ }
+
+ bool CryptStateOCB2::isValid() const {
+@@ -257,25 +261,28 @@ static void inline ZERO(keyblock &block) {
+ block[i] = 0;
+ }
+
+-#define AESencrypt(src, dst, key) \
+- { \
+- int outlen = 0; \
+- EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
+- EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
+- EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
+- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
+- EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++#define AESencrypt_ctx(src, dst, key, enc_ctx) \
++ { \
++ int outlen = 0; \
++ EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
++ EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \
+ }
+-#define AESdecrypt(src, dst, key) \
+- { \
+- int outlen = 0; \
+- EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
+- EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
+- EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
+- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
+- EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++#define AESdecrypt_ctx(src, dst, key, dec_ctx) \
++ { \
++ int outlen = 0; \
++ EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
++ EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \
+ }
+
++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_enc)
++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_enc)
++
+ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encrypted, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag, bool modifyPlainOnXEXStarAttack) {
+ keyblock checksum, delta, tmp, pad;
+@@ -345,6 +352,12 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ return success;
+ }
+
++#undef AESencrypt
++#undef AESdecrypt
++
++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_dec)
++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_dec)
++
+ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *plain, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag) {
+ keyblock checksum, delta, tmp, pad;
+@@ -392,9 +405,9 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ return success;
+ }
+
++#undef AESencrypt
++#undef AESdecrypt
+ #undef BLOCKSIZE
+ #undef SHIFTBITS
+ #undef SWAPPED
+ #undef HIGHBIT
+-#undef AESencrypt
+-#undef AESdecrypt
+diff --git a/src/crypto/CryptStateOCB2.h b/src/crypto/CryptStateOCB2.h
+index cc3f1c0bc3..0fd3000ade 100644
+--- a/src/crypto/CryptStateOCB2.h
++++ b/src/crypto/CryptStateOCB2.h
+@@ -44,8 +44,10 @@ class CryptStateOCB2 : public CryptState {
+ unsigned char decrypt_iv[AES_BLOCK_SIZE];
+ unsigned char decrypt_history[0x100];
+
+- EVP_CIPHER_CTX *enc_ctx;
+- EVP_CIPHER_CTX *dec_ctx;
++ EVP_CIPHER_CTX *enc_ctx_ocb_enc;
++ EVP_CIPHER_CTX *dec_ctx_ocb_enc;
++ EVP_CIPHER_CTX *enc_ctx_ocb_dec;
++ EVP_CIPHER_CTX *dec_ctx_ocb_dec;
+ };
+
+
diff --git a/srcpkgs/mumble/template b/srcpkgs/mumble/template
index 2e6f50da0140..acb6af454e0f 100644
--- a/srcpkgs/mumble/template
+++ b/srcpkgs/mumble/template
@@ -1,7 +1,7 @@
# Template file for 'mumble'
pkgname=mumble
version=1.4.287
-revision=1
+revision=2
build_style=cmake
make_cmd=make
configure_args="-Doverlay-xcompile=OFF -Dbundled-opus=OFF
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PR PATCH] [Updated] poco: update to build with openssl3
2023-01-30 15:18 [PR PATCH] poco: update to build with openssl3 dkwo
` (5 preceding siblings ...)
2023-01-30 20:00 ` dkwo
@ 2023-01-30 20:19 ` dkwo
2023-01-30 20:26 ` dkwo
` (6 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: dkwo @ 2023-01-30 20:19 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 467 bytes --]
There is an updated pull request by dkwo against master on the void-packages repository
https://github.com/dkwo/void-packages O3poco
https://github.com/void-linux/void-packages/pull/41963
poco: update to build with openssl3
- I tested the changes in this PR: no
- I built this PR locally for my native architecture, (x86_64-musl)
required to build with openssl3 #37681
A patch file from https://github.com/void-linux/void-packages/pull/41963.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-O3poco-41963.patch --]
[-- Type: text/x-diff, Size: 29604 bytes --]
From a24203b2764f0762dfff2112835d90dc27bc9bb0 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:20 -0500
Subject: [PATCH 1/3] poco: update to 1.12.4, orphan
---
common/shlibs | 26 +++++++++++++-------------
srcpkgs/poco/template | 11 ++++++-----
2 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/common/shlibs b/common/shlibs
index edb8a2c5dd73..523fd15af734 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3006,19 +3006,19 @@ libsigrok.so.4 libsigrok-0.5.0_1
libsigrokcxx.so.4 libsigrok-0.5.0_1
libsigrokdecode.so.4 libsigrokdecode-0.5.0_2
libglyr.so.1 glyr-1.0.8_1
-libPocoJSON.so.64 poco-1.9.4_3
-libPocoMongoDB.so.64 poco-1.9.4_3
-libPocoZip.so.64 poco-1.9.4_3
-libPocoData.so.64 poco-1.9.4_3
-libPocoNet.so.64 poco-1.9.4_3
-libPocoDataSQLite.so.64 poco-1.9.4_3
-libPocoFoundation.so.64 poco-1.9.4_3
-libPocoXML.so.64 poco-1.9.4_3
-libPocoUtil.so.64 poco-1.9.4_3
-libPocoRedis.so.64 poco-1.9.4_3
-libPocoEncodings.so.64 poco-1.9.4_3
-libPocoNetSSL.so.64 poco-1.9.4_3
-libPocoCrypto.so.64 poco-1.9.4_3
+libPocoJSON.so.94 poco-1.12.4_1
+libPocoMongoDB.so.94 poco-1.12.4_1
+libPocoZip.so.94 poco-1.12.4_1
+libPocoData.so.94 poco-1.12.4_1
+libPocoNet.so.94 poco-1.12.4_1
+libPocoDataSQLite.so.94 poco-1.12.4_1
+libPocoFoundation.so.94 poco-1.12.4_1
+libPocoXML.so.94 poco-1.12.4_1
+libPocoUtil.so.94 poco-1.12.4_1
+libPocoRedis.so.94 poco-1.12.4_1
+libPocoEncodings.so.94 poco-1.12.4_1
+libPocoNetSSL.so.94 poco-1.12.4_1
+libPocoCrypto.so.94 poco-1.12.4_1
libPtex.so ptex-2.3.2_1
libopenblas.so.0 openblas-0.2.19_1
librtaudio.so.6 rtaudio-5.1.0_1
diff --git a/srcpkgs/poco/template b/srcpkgs/poco/template
index 008536b67121..6ca714b9e94f 100644
--- a/srcpkgs/poco/template
+++ b/srcpkgs/poco/template
@@ -1,16 +1,17 @@
# Template file for 'poco'
pkgname=poco
-version=1.9.4
-revision=3
+version=1.12.4
+revision=1
build_style=cmake
configure_args="-DPOCO_UNBUNDLED=ON"
-makedepends="openssl-devel zlib-devel pcre-devel expat-devel sqlite-devel"
+makedepends="openssl-devel zlib-devel pcre2-devel expat-devel sqlite-devel"
short_desc="C++ class libraries for building network-based applications"
-maintainer="Julien Dehos <dehos@univ-littoral.fr>"
+maintainer="Orphaned <orphan@voidlinux.org>"
license="BSL-1.0"
homepage="https://pocoproject.org"
distfiles="https://pocoproject.org/releases/${pkgname}-${version}/${pkgname}-${version}-all.tar.gz"
-checksum=eb34f257b11240a711ee505f1d80c754a80a990aeb48d8d93407884df288fd77
+checksum=4c3584daa5b0e973f268654dbeb1171ec7621e358b2b64363cd1abd558a68777
+conflicts="archiver"
post_install() {
vlicense LICENSE
From f9ecb5881e823358772fa954da44aee39b79f174 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:43 -0500
Subject: [PATCH 2/3] remwharead: bump for poco
---
srcpkgs/remwharead/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/remwharead/template b/srcpkgs/remwharead/template
index e72ab06131e4..4af548c46743 100644
--- a/srcpkgs/remwharead/template
+++ b/srcpkgs/remwharead/template
@@ -1,7 +1,7 @@
# Template file for 'remwharead'
pkgname=remwharead
version=0.10.0
-revision=4
+revision=5
build_style=cmake
hostmakedepends="poco-devel asciidoc pkg-config"
makedepends="poco-devel boost-devel"
@@ -9,7 +9,7 @@ short_desc="Saves URIs of things you want to remember in a database"
maintainer="teldra <teldra@rotce.de>"
license="GPL-3.0-only"
homepage="https://schlomp.space/tastytea/remwharead"
-distfiles="https://github.com/tastytea/remwharead/archive/${version}.tar.gz"
+distfiles="https://github.com/tastytea/remwharead/archive/refs/tags/${version}.tar.gz"
checksum=87f14a611e3ae9f9babe2dff8e4a6c4f5495fa2883393edb36e796af3f19fb30
remwharead-firefox-plugin_package() {
From 03c88e9ac9374396c910c50478144e0e78b45781 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Mon, 30 Jan 2023 10:45:04 -0500
Subject: [PATCH 3/3] mumble: bump for poco, patch for openssl3
---
srcpkgs/mumble/patches/openssl3.patch | 685 ++++++++++++++++++++++++++
srcpkgs/mumble/template | 2 +-
2 files changed, 686 insertions(+), 1 deletion(-)
create mode 100644 srcpkgs/mumble/patches/openssl3.patch
diff --git a/srcpkgs/mumble/patches/openssl3.patch b/srcpkgs/mumble/patches/openssl3.patch
new file mode 100644
index 000000000000..906d1790444b
--- /dev/null
+++ b/srcpkgs/mumble/patches/openssl3.patch
@@ -0,0 +1,685 @@
+From f4cea62ed95e4967d8591f25e903f5e8fc2e2a30 Mon Sep 17 00:00:00 2001
+From: Terry Geng <terry@terriex.com>
+Date: Mon, 6 Dec 2021 10:45:11 -0500
+Subject: [PATCH] BUILD(crypto): Migrate to OpenSSL 3.0-compatible API
+
+OpenSSL 3.0 deprecated several low-level APIs and the usage of them
+caused errors/warnings that prevent the binary from being built against
+OpenSSL 3.0.
+Some primitive efforts have been made in #5317 but were incomplete.
+This commit follows https://www.openssl.org/docs/man3.0/man7/migration_guide.html,
+https://code.woboq.org/qt6/qtopcua/src/opcua/x509/qopcuakeypair_openssl.cpp.html,
+and clears all errors/warnings related to the usage of deprecated APIs.
+
+Fixes #5277
+Fixes #4266
+---
+ src/SelfSignedCertificate.cpp | 235 +++++++++++-----------------------
+ src/SelfSignedCertificate.h | 5 +
+ src/crypto/CryptStateOCB2.cpp | 53 +++++---
+ src/crypto/CryptStateOCB2.h | 9 +-
+ 4 files changed, 121 insertions(+), 181 deletions(-)
+
+diff --git a/src/SelfSignedCertificate.cpp b/src/SelfSignedCertificate.cpp
+index a77e5fad91..ea0dec4cc7 100644
+--- a/src/SelfSignedCertificate.cpp
++++ b/src/SelfSignedCertificate.cpp
+@@ -5,8 +5,6 @@
+
+ #include "SelfSignedCertificate.h"
+
+-#include <openssl/x509v3.h>
+-
+ #define SSL_STRING(x) QString::fromLatin1(x).toUtf8().data()
+
+ static int add_ext(X509 *crt, int nid, char *value) {
+@@ -28,108 +26,86 @@ static int add_ext(X509 *crt, int nid, char *value) {
+ return 1;
+ }
+
+-bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
+- QSslCertificate &qscCert, QSslKey &qskKey) {
+- bool ok = true;
+- X509 *x509 = nullptr;
+- EVP_PKEY *pkey = nullptr;
+- RSA *rsa = nullptr;
+- BIGNUM *e = nullptr;
+- X509_NAME *name = nullptr;
+- ASN1_INTEGER *serialNumber = nullptr;
+- ASN1_TIME *notBefore = nullptr;
+- ASN1_TIME *notAfter = nullptr;
+- QString commonName;
+- bool isServerCert = certificateType == CertificateTypeServerCertificate;
+-
+- if (CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) == -1) {
+- ok = false;
+- goto out;
++EVP_PKEY *SelfSignedCertificate::generate_rsa_keypair() {
++ EVP_PKEY *pkey = EVP_PKEY_new();
++ if (!pkey) {
++ return nullptr;
+ }
+
+- x509 = X509_new();
+- if (!x509) {
+- ok = false;
+- goto out;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
++ if (!ctx) {
++ return nullptr;
+ }
+-
+- pkey = EVP_PKEY_new();
+- if (!pkey) {
+- ok = false;
+- goto out;
++ if (EVP_PKEY_keygen_init(ctx) <= 0) {
++ return nullptr;
+ }
+-
+- rsa = RSA_new();
++ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) {
++ return nullptr;
++ }
++ if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
++ return nullptr;
++ }
++ EVP_PKEY_CTX_free(ctx);
++#else
++ RSA *rsa = RSA_new();
++ BIGNUM *e = BN_new();
+ if (!rsa) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+- e = BN_new();
+ if (!e) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+ if (BN_set_word(e, 65537) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+ if (RSA_generate_key_ex(rsa, 2048, e, nullptr) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
++ BN_free(e);
++ RSA_free(rsa);
++#endif
++ return pkey;
++}
+
+- if (X509_set_version(x509, 2) == 0) {
+- ok = false;
+- goto out;
++#define CHECK(statement) \
++ if (!(statement)) { \
++ ok = false; \
++ goto out; \
+ }
+
+- serialNumber = X509_get_serialNumber(x509);
+- if (!serialNumber) {
+- ok = false;
+- goto out;
+- }
+- if (ASN1_INTEGER_set(serialNumber, 1) == 0) {
+- ok = false;
+- goto out;
+- }
+
+- notBefore = X509_get_notBefore(x509);
+- if (!notBefore) {
+- ok = false;
+- goto out;
+- }
+- if (!X509_gmtime_adj(notBefore, 0)) {
+- ok = false;
+- goto out;
+- }
++bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
++ QSslCertificate &qscCert, QSslKey &qskKey) {
++ bool ok = true;
++ EVP_PKEY *pkey = nullptr;
++ X509 *x509 = nullptr;
++ X509_NAME *name = nullptr;
++ ASN1_INTEGER *serialNumber = nullptr;
++ ASN1_TIME *notBefore = nullptr;
++ ASN1_TIME *notAfter = nullptr;
++ QString commonName;
++ bool isServerCert = certificateType == CertificateTypeServerCertificate;
+
+- notAfter = X509_get_notAfter(x509);
+- if (!notAfter) {
+- ok = false;
+- goto out;
+- }
+- if (!X509_gmtime_adj(notAfter, 60 * 60 * 24 * 365 * 20)) {
+- ok = false;
+- goto out;
+- }
++ // In Qt 5.15, a class was added to wrap up the procedures of generating a self-signed certificate.
++ // See https://doc.qt.io/qt-5/qopcuax509certificatesigningrequest.html.
++ // We should consider migrating to this class after switching to Qt 5.15.
+
+- if (X509_set_pubkey(x509, pkey) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(pkey = generate_rsa_keypair());
+
+- name = X509_get_subject_name(x509);
+- if (!name) {
+- ok = false;
+- goto out;
+- }
++ CHECK(x509 = X509_new());
++ CHECK(X509_set_version(x509, 2));
++ CHECK(serialNumber = X509_get_serialNumber(x509));
++ CHECK(ASN1_INTEGER_set(serialNumber, 1));
++ CHECK(notBefore = X509_get_notBefore(x509));
++ CHECK(X509_gmtime_adj(notBefore, 0));
++ CHECK(notAfter = X509_get_notAfter(x509));
++ CHECK(X509_gmtime_adj(notAfter, 60 * 60 * 24 * 365 * 20))
++ CHECK(X509_set_pubkey(x509, pkey));
++ CHECK(name = X509_get_subject_name(x509));
+
+ if (isServerCert) {
+ commonName = QLatin1String("Murmur Autogenerated Certificate v2");
+@@ -141,120 +117,63 @@ bool SelfSignedCertificate::generate(CertificateType certificateType, QString cl
+ }
+ }
+
+- if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8,
+- reinterpret_cast< unsigned char * >(commonName.toUtf8().data()), -1, -1, 0)
+- == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8,
++ reinterpret_cast< unsigned char * >(commonName.toUtf8().data()), -1, -1, 0));
+
+- if (X509_set_issuer_name(x509, name) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_set_issuer_name(x509, name));
+
+- if (add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE")));
+
+ if (isServerCert) {
+- if (add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth")))
+ } else {
+- if (add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth")));
+ }
+
+- if (add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash")));
+
+ if (isServerCert) {
+- if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur")));
+ } else {
+- if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble")));
+ }
+
+ if (!isServerCert) {
+ if (!clientCertEmail.trimmed().isEmpty()) {
+- if (add_ext(x509, NID_subject_alt_name,
+- QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data())
+- == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_subject_alt_name,
++ QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data()));
+ }
+ }
+
+- if (X509_sign(x509, pkey, EVP_sha1()) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_sign(x509, pkey, EVP_sha1()));
+
+ {
+ QByteArray crt;
+ int len = i2d_X509(x509, nullptr);
+- if (len <= 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(len > 0);
+ crt.resize(len);
+
+ unsigned char *dptr = reinterpret_cast< unsigned char * >(crt.data());
+- if (i2d_X509(x509, &dptr) != len) {
+- ok = false;
+- goto out;
+- }
++ CHECK(i2d_X509(x509, &dptr) == len);
+
+ qscCert = QSslCertificate(crt, QSsl::Der);
+- if (qscCert.isNull()) {
+- ok = false;
+- goto out;
+- }
++ CHECK(!qscCert.isNull());
+ }
+
+ {
+ QByteArray key;
+ int len = i2d_PrivateKey(pkey, nullptr);
+- if (len <= 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(len > 0);
+ key.resize(len);
+
+ unsigned char *dptr = reinterpret_cast< unsigned char * >(key.data());
+- if (i2d_PrivateKey(pkey, &dptr) != len) {
+- ok = false;
+- goto out;
+- }
++ CHECK(i2d_PrivateKey(pkey, &dptr) == len);
+
+ qskKey = QSslKey(key, QSsl::Rsa, QSsl::Der);
+- if (qskKey.isNull()) {
+- ok = false;
+- goto out;
+- }
++ CHECK(!qskKey.isNull());
+ }
+
+ out:
+- if (e) {
+- BN_free(e);
+- }
+- // We only need to free the pkey pointer,
+- // not the RSA pointer. We have assigned
+- // our RSA key to pkey, and it will be freed
+- // once we free pkey.
+ if (pkey) {
+ EVP_PKEY_free(pkey);
+ }
+diff --git a/src/SelfSignedCertificate.h b/src/SelfSignedCertificate.h
+index b85a8752b8..7c5f59e9c5 100644
+--- a/src/SelfSignedCertificate.h
++++ b/src/SelfSignedCertificate.h
+@@ -6,6 +6,10 @@
+ #ifndef MUMBLE_SELFSIGNEDCERTIFICATE_H_
+ #define MUMBLE_SELFSIGNEDCERTIFICATE_H_
+
++#include <openssl/evp.h>
++#include <openssl/rsa.h>
++#include <openssl/x509v3.h>
++
+ #include <QtCore/QString>
+ #include <QtNetwork/QSslCertificate>
+ #include <QtNetwork/QSslKey>
+@@ -16,6 +20,7 @@ class SelfSignedCertificate {
+ private:
+ static bool generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
+ QSslCertificate &qscCert, QSslKey &qskKey);
++ static EVP_PKEY *generate_rsa_keypair();
+
+ public:
+ static bool generateMumbleCertificate(QString name, QString email, QSslCertificate &qscCert, QSslKey &qskKey);
+diff --git a/src/crypto/CryptStateOCB2.cpp b/src/crypto/CryptStateOCB2.cpp
+index 2176d64883..640fdedac8 100644
+--- a/src/crypto/CryptStateOCB2.cpp
++++ b/src/crypto/CryptStateOCB2.cpp
+@@ -30,7 +30,7 @@
+ #include <cstring>
+ #include <openssl/rand.h>
+
+-CryptStateOCB2::CryptStateOCB2() : CryptState() {
++CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), dec_ctx(EVP_CIPHER_CTX_new()) {
+ for (int i = 0; i < 0x100; i++)
+ decrypt_history[i] = 0;
+ memset(raw_key, 0, AES_KEY_SIZE_BYTES);
+@@ -38,6 +38,11 @@ CryptStateOCB2::CryptStateOCB2() : CryptState() {
+ memset(decrypt_iv, 0, AES_BLOCK_SIZE);
+ }
+
++CryptStateOCB2::~CryptStateOCB2() noexcept {
++ EVP_CIPHER_CTX_free(enc_ctx);
++ EVP_CIPHER_CTX_free(dec_ctx);
++}
++
+ bool CryptStateOCB2::isValid() const {
+ return bInit;
+ }
+@@ -46,8 +51,6 @@ void CryptStateOCB2::genKey() {
+ CryptographicRandom::fillBuffer(raw_key, AES_KEY_SIZE_BYTES);
+ CryptographicRandom::fillBuffer(encrypt_iv, AES_BLOCK_SIZE);
+ CryptographicRandom::fillBuffer(decrypt_iv, AES_BLOCK_SIZE);
+- AES_set_encrypt_key(raw_key, AES_KEY_SIZE_BITS, &encrypt_key);
+- AES_set_decrypt_key(raw_key, AES_KEY_SIZE_BITS, &decrypt_key);
+ bInit = true;
+ }
+
+@@ -56,8 +59,6 @@ bool CryptStateOCB2::setKey(const std::string &rkey, const std::string &eiv, con
+ memcpy(raw_key, rkey.data(), AES_KEY_SIZE_BYTES);
+ memcpy(encrypt_iv, eiv.data(), AES_BLOCK_SIZE);
+ memcpy(decrypt_iv, div.data(), AES_BLOCK_SIZE);
+- AES_set_encrypt_key(raw_key, AES_KEY_SIZE_BITS, &encrypt_key);
+- AES_set_decrypt_key(raw_key, AES_KEY_SIZE_BITS, &decrypt_key);
+ bInit = true;
+ return true;
+ }
+@@ -256,10 +257,24 @@ static void inline ZERO(keyblock &block) {
+ block[i] = 0;
+ }
+
+-#define AESencrypt(src, dst, key) \
+- AES_encrypt(reinterpret_cast< const unsigned char * >(src), reinterpret_cast< unsigned char * >(dst), key);
+-#define AESdecrypt(src, dst, key) \
+- AES_decrypt(reinterpret_cast< const unsigned char * >(src), reinterpret_cast< unsigned char * >(dst), key);
++#define AESencrypt(src, dst, key) \
++ { \
++ int outlen = 0; \
++ EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
++ EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++ }
++#define AESdecrypt(src, dst, key) \
++ { \
++ int outlen = 0; \
++ EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
++ EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++ }
+
+ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encrypted, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag, bool modifyPlainOnXEXStarAttack) {
+@@ -267,7 +282,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ bool success = true;
+
+ // Initialize
+- AESencrypt(nonce, delta, &encrypt_key);
++ AESencrypt(nonce, delta, raw_key);
+ ZERO(checksum);
+
+ while (len > AES_BLOCK_SIZE) {
+@@ -299,7 +314,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ if (flipABit) {
+ *reinterpret_cast< unsigned char * >(tmp) ^= 1;
+ }
+- AESencrypt(tmp, tmp, &encrypt_key);
++ AESencrypt(tmp, tmp, raw_key);
+ XOR(reinterpret_cast< subblock * >(encrypted), delta, tmp);
+ XOR(checksum, checksum, reinterpret_cast< const subblock * >(plain));
+ if (flipABit) {
+@@ -315,7 +330,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ ZERO(tmp);
+ tmp[BLOCKSIZE - 1] = SWAPPED(len * 8);
+ XOR(tmp, tmp, delta);
+- AESencrypt(tmp, pad, &encrypt_key);
++ AESencrypt(tmp, pad, raw_key);
+ memcpy(tmp, plain, len);
+ memcpy(reinterpret_cast< unsigned char * >(tmp) + len, reinterpret_cast< const unsigned char * >(pad) + len,
+ AES_BLOCK_SIZE - len);
+@@ -325,7 +340,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+
+ S3(delta);
+ XOR(tmp, delta, checksum);
+- AESencrypt(tmp, tag, &encrypt_key);
++ AESencrypt(tmp, tag, raw_key);
+
+ return success;
+ }
+@@ -336,13 +351,13 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ bool success = true;
+
+ // Initialize
+- AESencrypt(nonce, delta, &encrypt_key);
++ AESencrypt(nonce, delta, raw_key);
+ ZERO(checksum);
+
+ while (len > AES_BLOCK_SIZE) {
+ S2(delta);
+ XOR(tmp, delta, reinterpret_cast< const subblock * >(encrypted));
+- AESdecrypt(tmp, tmp, &decrypt_key);
++ AESdecrypt(tmp, tmp, raw_key);
+ XOR(reinterpret_cast< subblock * >(plain), delta, tmp);
+ XOR(checksum, checksum, reinterpret_cast< const subblock * >(plain));
+ len -= AES_BLOCK_SIZE;
+@@ -354,7 +369,7 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ ZERO(tmp);
+ tmp[BLOCKSIZE - 1] = SWAPPED(len * 8);
+ XOR(tmp, tmp, delta);
+- AESencrypt(tmp, pad, &encrypt_key);
++ AESencrypt(tmp, pad, raw_key);
+ memset(tmp, 0, AES_BLOCK_SIZE);
+ memcpy(tmp, encrypted, len);
+ XOR(tmp, tmp, pad);
+@@ -372,7 +387,7 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+
+ S3(delta);
+ XOR(tmp, delta, checksum);
+- AESencrypt(tmp, tag, &encrypt_key);
++ AESencrypt(tmp, tag, raw_key);
+
+ return success;
+ }
+@@ -381,5 +396,5 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ #undef SHIFTBITS
+ #undef SWAPPED
+ #undef HIGHBIT
+-#undef AES_encrypt
+-#undef AES_decrypt
++#undef AESencrypt
++#undef AESdecrypt
+diff --git a/src/crypto/CryptStateOCB2.h b/src/crypto/CryptStateOCB2.h
+index 53d4b4b6aa..cc3f1c0bc3 100644
+--- a/src/crypto/CryptStateOCB2.h
++++ b/src/crypto/CryptStateOCB2.h
+@@ -8,8 +8,9 @@
+
+ #include "CryptState.h"
+
+-#include <openssl/aes.h>
++#include <openssl/evp.h>
+
++#define AES_BLOCK_SIZE 16
+ #define AES_KEY_SIZE_BITS 128
+ #define AES_KEY_SIZE_BYTES (AES_KEY_SIZE_BITS / 8)
+
+@@ -17,7 +18,7 @@
+ class CryptStateOCB2 : public CryptState {
+ public:
+ CryptStateOCB2();
+- ~CryptStateOCB2(){};
++ ~CryptStateOCB2() noexcept override;
+
+ virtual bool isValid() const Q_DECL_OVERRIDE;
+ virtual void genKey() Q_DECL_OVERRIDE;
+@@ -43,8 +44,8 @@ class CryptStateOCB2 : public CryptState {
+ unsigned char decrypt_iv[AES_BLOCK_SIZE];
+ unsigned char decrypt_history[0x100];
+
+- AES_KEY encrypt_key;
+- AES_KEY decrypt_key;
++ EVP_CIPHER_CTX *enc_ctx;
++ EVP_CIPHER_CTX *dec_ctx;
+ };
+
+
+From f8d47db318f302f5a7d343f15c9936c7030c49c4 Mon Sep 17 00:00:00 2001
+From: Terry Geng <terry@terriex.com>
+Date: Sun, 12 Dec 2021 22:39:38 -0500
+Subject: [PATCH] FIX(crypto): Sharing EVP context between threads crushes
+ Mumble
+
+Functions ocb_encrypt and ocb_decrypt share the same set
+of encrypt and decrypt contexts. However, they are invoked
+in different threads (audio input thread and server
+handler thread).
+This may lead to conflicts that would crash Mumble.
+This patch separates contexts used in these two functions
+to avoid such conflicts.
+
+Fixes #5361
+---
+ src/crypto/CryptStateOCB2.cpp | 55 ++++++++++++++++++++++-------------
+ src/crypto/CryptStateOCB2.h | 6 ++--
+ 2 files changed, 38 insertions(+), 23 deletions(-)
+
+diff --git a/src/crypto/CryptStateOCB2.cpp b/src/crypto/CryptStateOCB2.cpp
+index 640fdedac8..3b3473ffec 100644
+--- a/src/crypto/CryptStateOCB2.cpp
++++ b/src/crypto/CryptStateOCB2.cpp
+@@ -30,7 +30,9 @@
+ #include <cstring>
+ #include <openssl/rand.h>
+
+-CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), dec_ctx(EVP_CIPHER_CTX_new()) {
++CryptStateOCB2::CryptStateOCB2()
++ : CryptState(), enc_ctx_ocb_enc(EVP_CIPHER_CTX_new()), dec_ctx_ocb_enc(EVP_CIPHER_CTX_new()),
++ enc_ctx_ocb_dec(EVP_CIPHER_CTX_new()), dec_ctx_ocb_dec(EVP_CIPHER_CTX_new()) {
+ for (int i = 0; i < 0x100; i++)
+ decrypt_history[i] = 0;
+ memset(raw_key, 0, AES_KEY_SIZE_BYTES);
+@@ -39,8 +41,10 @@ CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()),
+ }
+
+ CryptStateOCB2::~CryptStateOCB2() noexcept {
+- EVP_CIPHER_CTX_free(enc_ctx);
+- EVP_CIPHER_CTX_free(dec_ctx);
++ EVP_CIPHER_CTX_free(enc_ctx_ocb_enc);
++ EVP_CIPHER_CTX_free(dec_ctx_ocb_enc);
++ EVP_CIPHER_CTX_free(enc_ctx_ocb_dec);
++ EVP_CIPHER_CTX_free(dec_ctx_ocb_dec);
+ }
+
+ bool CryptStateOCB2::isValid() const {
+@@ -257,25 +261,28 @@ static void inline ZERO(keyblock &block) {
+ block[i] = 0;
+ }
+
+-#define AESencrypt(src, dst, key) \
+- { \
+- int outlen = 0; \
+- EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
+- EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
+- EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
+- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
+- EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++#define AESencrypt_ctx(src, dst, key, enc_ctx) \
++ { \
++ int outlen = 0; \
++ EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
++ EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \
+ }
+-#define AESdecrypt(src, dst, key) \
+- { \
+- int outlen = 0; \
+- EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
+- EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
+- EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
+- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
+- EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++#define AESdecrypt_ctx(src, dst, key, dec_ctx) \
++ { \
++ int outlen = 0; \
++ EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
++ EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \
+ }
+
++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_enc)
++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_enc)
++
+ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encrypted, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag, bool modifyPlainOnXEXStarAttack) {
+ keyblock checksum, delta, tmp, pad;
+@@ -345,6 +352,12 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ return success;
+ }
+
++#undef AESencrypt
++#undef AESdecrypt
++
++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_dec)
++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_dec)
++
+ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *plain, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag) {
+ keyblock checksum, delta, tmp, pad;
+@@ -392,9 +405,9 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ return success;
+ }
+
++#undef AESencrypt
++#undef AESdecrypt
+ #undef BLOCKSIZE
+ #undef SHIFTBITS
+ #undef SWAPPED
+ #undef HIGHBIT
+-#undef AESencrypt
+-#undef AESdecrypt
+diff --git a/src/crypto/CryptStateOCB2.h b/src/crypto/CryptStateOCB2.h
+index cc3f1c0bc3..0fd3000ade 100644
+--- a/src/crypto/CryptStateOCB2.h
++++ b/src/crypto/CryptStateOCB2.h
+@@ -44,8 +44,10 @@ class CryptStateOCB2 : public CryptState {
+ unsigned char decrypt_iv[AES_BLOCK_SIZE];
+ unsigned char decrypt_history[0x100];
+
+- EVP_CIPHER_CTX *enc_ctx;
+- EVP_CIPHER_CTX *dec_ctx;
++ EVP_CIPHER_CTX *enc_ctx_ocb_enc;
++ EVP_CIPHER_CTX *dec_ctx_ocb_enc;
++ EVP_CIPHER_CTX *enc_ctx_ocb_dec;
++ EVP_CIPHER_CTX *dec_ctx_ocb_dec;
+ };
+
+
diff --git a/srcpkgs/mumble/template b/srcpkgs/mumble/template
index 2e6f50da0140..acb6af454e0f 100644
--- a/srcpkgs/mumble/template
+++ b/srcpkgs/mumble/template
@@ -1,7 +1,7 @@
# Template file for 'mumble'
pkgname=mumble
version=1.4.287
-revision=1
+revision=2
build_style=cmake
make_cmd=make
configure_args="-Doverlay-xcompile=OFF -Dbundled-opus=OFF
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: poco: update to build with openssl3
2023-01-30 15:18 [PR PATCH] poco: update to build with openssl3 dkwo
` (6 preceding siblings ...)
2023-01-30 20:19 ` dkwo
@ 2023-01-30 20:26 ` dkwo
2023-01-30 21:58 ` Johnnynator
` (5 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: dkwo @ 2023-01-30 20:26 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 211 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/41963#issuecomment-1409285981
Comment:
Not sure why it complains about SHA256 mismatch, as here it builds fine.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: poco: update to build with openssl3
2023-01-30 15:18 [PR PATCH] poco: update to build with openssl3 dkwo
` (7 preceding siblings ...)
2023-01-30 20:26 ` dkwo
@ 2023-01-30 21:58 ` Johnnynator
2023-01-30 22:52 ` [PR PATCH] [Updated] " dkwo
` (4 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Johnnynator @ 2023-01-30 21:58 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 816 bytes --]
New comment by Johnnynator on void-packages repository
https://github.com/void-linux/void-packages/pull/41963#issuecomment-1409414487
Comment:
You probably have a old version of the tarball cached locally (or did fetch it from sources.voidlinux.org).
The content of the tarball didn't change at all, only the compression changed. Can you update the checksum in the template to reflect the new file that github delivers.
```
1a6e5057dbb798d1d2259125651ee4425b58d69bea481e0f255bc30bc8c4df94 new.tar
1a6e5057dbb798d1d2259125651ee4425b58d69bea481e0f255bc30bc8c4df94 old.tar
d410fd8416f4e05b0bf6c0eeedac8dcfda1f1d960bed6cb69a9ddf8d4c04e803 new.tar.gz
1a6e5057dbb798d1d2259125651ee4425b58d69bea481e0f255bc30bc8c4df94 old.tar
87f14a611e3ae9f9babe2dff8e4a6c4f5495fa2883393edb36e796af3f19fb30 old.tar.gz
```
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PR PATCH] [Updated] poco: update to build with openssl3
2023-01-30 15:18 [PR PATCH] poco: update to build with openssl3 dkwo
` (8 preceding siblings ...)
2023-01-30 21:58 ` Johnnynator
@ 2023-01-30 22:52 ` dkwo
2023-01-30 22:52 ` dkwo
` (3 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: dkwo @ 2023-01-30 22:52 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 467 bytes --]
There is an updated pull request by dkwo against master on the void-packages repository
https://github.com/dkwo/void-packages O3poco
https://github.com/void-linux/void-packages/pull/41963
poco: update to build with openssl3
- I tested the changes in this PR: no
- I built this PR locally for my native architecture, (x86_64-musl)
required to build with openssl3 #37681
A patch file from https://github.com/void-linux/void-packages/pull/41963.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-O3poco-41963.patch --]
[-- Type: text/x-diff, Size: 29706 bytes --]
From 7c4e8dac821638d7d47a6b9fbbea2fa7898fd141 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:20 -0500
Subject: [PATCH 1/3] poco: update to 1.12.4, orphan
---
common/shlibs | 26 +++++++++++++-------------
srcpkgs/poco/template | 11 ++++++-----
2 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/common/shlibs b/common/shlibs
index edb8a2c5dd73..523fd15af734 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3006,19 +3006,19 @@ libsigrok.so.4 libsigrok-0.5.0_1
libsigrokcxx.so.4 libsigrok-0.5.0_1
libsigrokdecode.so.4 libsigrokdecode-0.5.0_2
libglyr.so.1 glyr-1.0.8_1
-libPocoJSON.so.64 poco-1.9.4_3
-libPocoMongoDB.so.64 poco-1.9.4_3
-libPocoZip.so.64 poco-1.9.4_3
-libPocoData.so.64 poco-1.9.4_3
-libPocoNet.so.64 poco-1.9.4_3
-libPocoDataSQLite.so.64 poco-1.9.4_3
-libPocoFoundation.so.64 poco-1.9.4_3
-libPocoXML.so.64 poco-1.9.4_3
-libPocoUtil.so.64 poco-1.9.4_3
-libPocoRedis.so.64 poco-1.9.4_3
-libPocoEncodings.so.64 poco-1.9.4_3
-libPocoNetSSL.so.64 poco-1.9.4_3
-libPocoCrypto.so.64 poco-1.9.4_3
+libPocoJSON.so.94 poco-1.12.4_1
+libPocoMongoDB.so.94 poco-1.12.4_1
+libPocoZip.so.94 poco-1.12.4_1
+libPocoData.so.94 poco-1.12.4_1
+libPocoNet.so.94 poco-1.12.4_1
+libPocoDataSQLite.so.94 poco-1.12.4_1
+libPocoFoundation.so.94 poco-1.12.4_1
+libPocoXML.so.94 poco-1.12.4_1
+libPocoUtil.so.94 poco-1.12.4_1
+libPocoRedis.so.94 poco-1.12.4_1
+libPocoEncodings.so.94 poco-1.12.4_1
+libPocoNetSSL.so.94 poco-1.12.4_1
+libPocoCrypto.so.94 poco-1.12.4_1
libPtex.so ptex-2.3.2_1
libopenblas.so.0 openblas-0.2.19_1
librtaudio.so.6 rtaudio-5.1.0_1
diff --git a/srcpkgs/poco/template b/srcpkgs/poco/template
index 008536b67121..6ca714b9e94f 100644
--- a/srcpkgs/poco/template
+++ b/srcpkgs/poco/template
@@ -1,16 +1,17 @@
# Template file for 'poco'
pkgname=poco
-version=1.9.4
-revision=3
+version=1.12.4
+revision=1
build_style=cmake
configure_args="-DPOCO_UNBUNDLED=ON"
-makedepends="openssl-devel zlib-devel pcre-devel expat-devel sqlite-devel"
+makedepends="openssl-devel zlib-devel pcre2-devel expat-devel sqlite-devel"
short_desc="C++ class libraries for building network-based applications"
-maintainer="Julien Dehos <dehos@univ-littoral.fr>"
+maintainer="Orphaned <orphan@voidlinux.org>"
license="BSL-1.0"
homepage="https://pocoproject.org"
distfiles="https://pocoproject.org/releases/${pkgname}-${version}/${pkgname}-${version}-all.tar.gz"
-checksum=eb34f257b11240a711ee505f1d80c754a80a990aeb48d8d93407884df288fd77
+checksum=4c3584daa5b0e973f268654dbeb1171ec7621e358b2b64363cd1abd558a68777
+conflicts="archiver"
post_install() {
vlicense LICENSE
From 190cbc7d4475d31cc73d2a0664a9cf0c2ee04fc6 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:43 -0500
Subject: [PATCH 2/3] remwharead: bump for poco
---
srcpkgs/remwharead/template | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/srcpkgs/remwharead/template b/srcpkgs/remwharead/template
index e72ab06131e4..3f09476d9be9 100644
--- a/srcpkgs/remwharead/template
+++ b/srcpkgs/remwharead/template
@@ -1,7 +1,7 @@
# Template file for 'remwharead'
pkgname=remwharead
version=0.10.0
-revision=4
+revision=5
build_style=cmake
hostmakedepends="poco-devel asciidoc pkg-config"
makedepends="poco-devel boost-devel"
@@ -9,8 +9,8 @@ short_desc="Saves URIs of things you want to remember in a database"
maintainer="teldra <teldra@rotce.de>"
license="GPL-3.0-only"
homepage="https://schlomp.space/tastytea/remwharead"
-distfiles="https://github.com/tastytea/remwharead/archive/${version}.tar.gz"
-checksum=87f14a611e3ae9f9babe2dff8e4a6c4f5495fa2883393edb36e796af3f19fb30
+distfiles="https://github.com/tastytea/remwharead/archive/refs/tags/${version}.tar.gz"
+checksum=d410fd8416f4e05b0bf6c0eeedac8dcfda1f1d960bed6cb69a9ddf8d4c04e803
remwharead-firefox-plugin_package() {
depends="${sourcepkg}"
From 469ff3b9c91316254621a8f9688caf2e53f62844 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Mon, 30 Jan 2023 10:45:04 -0500
Subject: [PATCH 3/3] mumble: bump for poco, patch for openssl3
---
srcpkgs/mumble/patches/openssl3.patch | 685 ++++++++++++++++++++++++++
srcpkgs/mumble/template | 2 +-
2 files changed, 686 insertions(+), 1 deletion(-)
create mode 100644 srcpkgs/mumble/patches/openssl3.patch
diff --git a/srcpkgs/mumble/patches/openssl3.patch b/srcpkgs/mumble/patches/openssl3.patch
new file mode 100644
index 000000000000..906d1790444b
--- /dev/null
+++ b/srcpkgs/mumble/patches/openssl3.patch
@@ -0,0 +1,685 @@
+From f4cea62ed95e4967d8591f25e903f5e8fc2e2a30 Mon Sep 17 00:00:00 2001
+From: Terry Geng <terry@terriex.com>
+Date: Mon, 6 Dec 2021 10:45:11 -0500
+Subject: [PATCH] BUILD(crypto): Migrate to OpenSSL 3.0-compatible API
+
+OpenSSL 3.0 deprecated several low-level APIs and the usage of them
+caused errors/warnings that prevent the binary from being built against
+OpenSSL 3.0.
+Some primitive efforts have been made in #5317 but were incomplete.
+This commit follows https://www.openssl.org/docs/man3.0/man7/migration_guide.html,
+https://code.woboq.org/qt6/qtopcua/src/opcua/x509/qopcuakeypair_openssl.cpp.html,
+and clears all errors/warnings related to the usage of deprecated APIs.
+
+Fixes #5277
+Fixes #4266
+---
+ src/SelfSignedCertificate.cpp | 235 +++++++++++-----------------------
+ src/SelfSignedCertificate.h | 5 +
+ src/crypto/CryptStateOCB2.cpp | 53 +++++---
+ src/crypto/CryptStateOCB2.h | 9 +-
+ 4 files changed, 121 insertions(+), 181 deletions(-)
+
+diff --git a/src/SelfSignedCertificate.cpp b/src/SelfSignedCertificate.cpp
+index a77e5fad91..ea0dec4cc7 100644
+--- a/src/SelfSignedCertificate.cpp
++++ b/src/SelfSignedCertificate.cpp
+@@ -5,8 +5,6 @@
+
+ #include "SelfSignedCertificate.h"
+
+-#include <openssl/x509v3.h>
+-
+ #define SSL_STRING(x) QString::fromLatin1(x).toUtf8().data()
+
+ static int add_ext(X509 *crt, int nid, char *value) {
+@@ -28,108 +26,86 @@ static int add_ext(X509 *crt, int nid, char *value) {
+ return 1;
+ }
+
+-bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
+- QSslCertificate &qscCert, QSslKey &qskKey) {
+- bool ok = true;
+- X509 *x509 = nullptr;
+- EVP_PKEY *pkey = nullptr;
+- RSA *rsa = nullptr;
+- BIGNUM *e = nullptr;
+- X509_NAME *name = nullptr;
+- ASN1_INTEGER *serialNumber = nullptr;
+- ASN1_TIME *notBefore = nullptr;
+- ASN1_TIME *notAfter = nullptr;
+- QString commonName;
+- bool isServerCert = certificateType == CertificateTypeServerCertificate;
+-
+- if (CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) == -1) {
+- ok = false;
+- goto out;
++EVP_PKEY *SelfSignedCertificate::generate_rsa_keypair() {
++ EVP_PKEY *pkey = EVP_PKEY_new();
++ if (!pkey) {
++ return nullptr;
+ }
+
+- x509 = X509_new();
+- if (!x509) {
+- ok = false;
+- goto out;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
++ if (!ctx) {
++ return nullptr;
+ }
+-
+- pkey = EVP_PKEY_new();
+- if (!pkey) {
+- ok = false;
+- goto out;
++ if (EVP_PKEY_keygen_init(ctx) <= 0) {
++ return nullptr;
+ }
+-
+- rsa = RSA_new();
++ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) {
++ return nullptr;
++ }
++ if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
++ return nullptr;
++ }
++ EVP_PKEY_CTX_free(ctx);
++#else
++ RSA *rsa = RSA_new();
++ BIGNUM *e = BN_new();
+ if (!rsa) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+- e = BN_new();
+ if (!e) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+ if (BN_set_word(e, 65537) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+ if (RSA_generate_key_ex(rsa, 2048, e, nullptr) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
++ BN_free(e);
++ RSA_free(rsa);
++#endif
++ return pkey;
++}
+
+- if (X509_set_version(x509, 2) == 0) {
+- ok = false;
+- goto out;
++#define CHECK(statement) \
++ if (!(statement)) { \
++ ok = false; \
++ goto out; \
+ }
+
+- serialNumber = X509_get_serialNumber(x509);
+- if (!serialNumber) {
+- ok = false;
+- goto out;
+- }
+- if (ASN1_INTEGER_set(serialNumber, 1) == 0) {
+- ok = false;
+- goto out;
+- }
+
+- notBefore = X509_get_notBefore(x509);
+- if (!notBefore) {
+- ok = false;
+- goto out;
+- }
+- if (!X509_gmtime_adj(notBefore, 0)) {
+- ok = false;
+- goto out;
+- }
++bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
++ QSslCertificate &qscCert, QSslKey &qskKey) {
++ bool ok = true;
++ EVP_PKEY *pkey = nullptr;
++ X509 *x509 = nullptr;
++ X509_NAME *name = nullptr;
++ ASN1_INTEGER *serialNumber = nullptr;
++ ASN1_TIME *notBefore = nullptr;
++ ASN1_TIME *notAfter = nullptr;
++ QString commonName;
++ bool isServerCert = certificateType == CertificateTypeServerCertificate;
+
+- notAfter = X509_get_notAfter(x509);
+- if (!notAfter) {
+- ok = false;
+- goto out;
+- }
+- if (!X509_gmtime_adj(notAfter, 60 * 60 * 24 * 365 * 20)) {
+- ok = false;
+- goto out;
+- }
++ // In Qt 5.15, a class was added to wrap up the procedures of generating a self-signed certificate.
++ // See https://doc.qt.io/qt-5/qopcuax509certificatesigningrequest.html.
++ // We should consider migrating to this class after switching to Qt 5.15.
+
+- if (X509_set_pubkey(x509, pkey) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(pkey = generate_rsa_keypair());
+
+- name = X509_get_subject_name(x509);
+- if (!name) {
+- ok = false;
+- goto out;
+- }
++ CHECK(x509 = X509_new());
++ CHECK(X509_set_version(x509, 2));
++ CHECK(serialNumber = X509_get_serialNumber(x509));
++ CHECK(ASN1_INTEGER_set(serialNumber, 1));
++ CHECK(notBefore = X509_get_notBefore(x509));
++ CHECK(X509_gmtime_adj(notBefore, 0));
++ CHECK(notAfter = X509_get_notAfter(x509));
++ CHECK(X509_gmtime_adj(notAfter, 60 * 60 * 24 * 365 * 20))
++ CHECK(X509_set_pubkey(x509, pkey));
++ CHECK(name = X509_get_subject_name(x509));
+
+ if (isServerCert) {
+ commonName = QLatin1String("Murmur Autogenerated Certificate v2");
+@@ -141,120 +117,63 @@ bool SelfSignedCertificate::generate(CertificateType certificateType, QString cl
+ }
+ }
+
+- if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8,
+- reinterpret_cast< unsigned char * >(commonName.toUtf8().data()), -1, -1, 0)
+- == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8,
++ reinterpret_cast< unsigned char * >(commonName.toUtf8().data()), -1, -1, 0));
+
+- if (X509_set_issuer_name(x509, name) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_set_issuer_name(x509, name));
+
+- if (add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE")));
+
+ if (isServerCert) {
+- if (add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth")))
+ } else {
+- if (add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth")));
+ }
+
+- if (add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash")));
+
+ if (isServerCert) {
+- if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur")));
+ } else {
+- if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble")));
+ }
+
+ if (!isServerCert) {
+ if (!clientCertEmail.trimmed().isEmpty()) {
+- if (add_ext(x509, NID_subject_alt_name,
+- QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data())
+- == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_subject_alt_name,
++ QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data()));
+ }
+ }
+
+- if (X509_sign(x509, pkey, EVP_sha1()) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_sign(x509, pkey, EVP_sha1()));
+
+ {
+ QByteArray crt;
+ int len = i2d_X509(x509, nullptr);
+- if (len <= 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(len > 0);
+ crt.resize(len);
+
+ unsigned char *dptr = reinterpret_cast< unsigned char * >(crt.data());
+- if (i2d_X509(x509, &dptr) != len) {
+- ok = false;
+- goto out;
+- }
++ CHECK(i2d_X509(x509, &dptr) == len);
+
+ qscCert = QSslCertificate(crt, QSsl::Der);
+- if (qscCert.isNull()) {
+- ok = false;
+- goto out;
+- }
++ CHECK(!qscCert.isNull());
+ }
+
+ {
+ QByteArray key;
+ int len = i2d_PrivateKey(pkey, nullptr);
+- if (len <= 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(len > 0);
+ key.resize(len);
+
+ unsigned char *dptr = reinterpret_cast< unsigned char * >(key.data());
+- if (i2d_PrivateKey(pkey, &dptr) != len) {
+- ok = false;
+- goto out;
+- }
++ CHECK(i2d_PrivateKey(pkey, &dptr) == len);
+
+ qskKey = QSslKey(key, QSsl::Rsa, QSsl::Der);
+- if (qskKey.isNull()) {
+- ok = false;
+- goto out;
+- }
++ CHECK(!qskKey.isNull());
+ }
+
+ out:
+- if (e) {
+- BN_free(e);
+- }
+- // We only need to free the pkey pointer,
+- // not the RSA pointer. We have assigned
+- // our RSA key to pkey, and it will be freed
+- // once we free pkey.
+ if (pkey) {
+ EVP_PKEY_free(pkey);
+ }
+diff --git a/src/SelfSignedCertificate.h b/src/SelfSignedCertificate.h
+index b85a8752b8..7c5f59e9c5 100644
+--- a/src/SelfSignedCertificate.h
++++ b/src/SelfSignedCertificate.h
+@@ -6,6 +6,10 @@
+ #ifndef MUMBLE_SELFSIGNEDCERTIFICATE_H_
+ #define MUMBLE_SELFSIGNEDCERTIFICATE_H_
+
++#include <openssl/evp.h>
++#include <openssl/rsa.h>
++#include <openssl/x509v3.h>
++
+ #include <QtCore/QString>
+ #include <QtNetwork/QSslCertificate>
+ #include <QtNetwork/QSslKey>
+@@ -16,6 +20,7 @@ class SelfSignedCertificate {
+ private:
+ static bool generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
+ QSslCertificate &qscCert, QSslKey &qskKey);
++ static EVP_PKEY *generate_rsa_keypair();
+
+ public:
+ static bool generateMumbleCertificate(QString name, QString email, QSslCertificate &qscCert, QSslKey &qskKey);
+diff --git a/src/crypto/CryptStateOCB2.cpp b/src/crypto/CryptStateOCB2.cpp
+index 2176d64883..640fdedac8 100644
+--- a/src/crypto/CryptStateOCB2.cpp
++++ b/src/crypto/CryptStateOCB2.cpp
+@@ -30,7 +30,7 @@
+ #include <cstring>
+ #include <openssl/rand.h>
+
+-CryptStateOCB2::CryptStateOCB2() : CryptState() {
++CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), dec_ctx(EVP_CIPHER_CTX_new()) {
+ for (int i = 0; i < 0x100; i++)
+ decrypt_history[i] = 0;
+ memset(raw_key, 0, AES_KEY_SIZE_BYTES);
+@@ -38,6 +38,11 @@ CryptStateOCB2::CryptStateOCB2() : CryptState() {
+ memset(decrypt_iv, 0, AES_BLOCK_SIZE);
+ }
+
++CryptStateOCB2::~CryptStateOCB2() noexcept {
++ EVP_CIPHER_CTX_free(enc_ctx);
++ EVP_CIPHER_CTX_free(dec_ctx);
++}
++
+ bool CryptStateOCB2::isValid() const {
+ return bInit;
+ }
+@@ -46,8 +51,6 @@ void CryptStateOCB2::genKey() {
+ CryptographicRandom::fillBuffer(raw_key, AES_KEY_SIZE_BYTES);
+ CryptographicRandom::fillBuffer(encrypt_iv, AES_BLOCK_SIZE);
+ CryptographicRandom::fillBuffer(decrypt_iv, AES_BLOCK_SIZE);
+- AES_set_encrypt_key(raw_key, AES_KEY_SIZE_BITS, &encrypt_key);
+- AES_set_decrypt_key(raw_key, AES_KEY_SIZE_BITS, &decrypt_key);
+ bInit = true;
+ }
+
+@@ -56,8 +59,6 @@ bool CryptStateOCB2::setKey(const std::string &rkey, const std::string &eiv, con
+ memcpy(raw_key, rkey.data(), AES_KEY_SIZE_BYTES);
+ memcpy(encrypt_iv, eiv.data(), AES_BLOCK_SIZE);
+ memcpy(decrypt_iv, div.data(), AES_BLOCK_SIZE);
+- AES_set_encrypt_key(raw_key, AES_KEY_SIZE_BITS, &encrypt_key);
+- AES_set_decrypt_key(raw_key, AES_KEY_SIZE_BITS, &decrypt_key);
+ bInit = true;
+ return true;
+ }
+@@ -256,10 +257,24 @@ static void inline ZERO(keyblock &block) {
+ block[i] = 0;
+ }
+
+-#define AESencrypt(src, dst, key) \
+- AES_encrypt(reinterpret_cast< const unsigned char * >(src), reinterpret_cast< unsigned char * >(dst), key);
+-#define AESdecrypt(src, dst, key) \
+- AES_decrypt(reinterpret_cast< const unsigned char * >(src), reinterpret_cast< unsigned char * >(dst), key);
++#define AESencrypt(src, dst, key) \
++ { \
++ int outlen = 0; \
++ EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
++ EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++ }
++#define AESdecrypt(src, dst, key) \
++ { \
++ int outlen = 0; \
++ EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
++ EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++ }
+
+ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encrypted, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag, bool modifyPlainOnXEXStarAttack) {
+@@ -267,7 +282,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ bool success = true;
+
+ // Initialize
+- AESencrypt(nonce, delta, &encrypt_key);
++ AESencrypt(nonce, delta, raw_key);
+ ZERO(checksum);
+
+ while (len > AES_BLOCK_SIZE) {
+@@ -299,7 +314,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ if (flipABit) {
+ *reinterpret_cast< unsigned char * >(tmp) ^= 1;
+ }
+- AESencrypt(tmp, tmp, &encrypt_key);
++ AESencrypt(tmp, tmp, raw_key);
+ XOR(reinterpret_cast< subblock * >(encrypted), delta, tmp);
+ XOR(checksum, checksum, reinterpret_cast< const subblock * >(plain));
+ if (flipABit) {
+@@ -315,7 +330,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ ZERO(tmp);
+ tmp[BLOCKSIZE - 1] = SWAPPED(len * 8);
+ XOR(tmp, tmp, delta);
+- AESencrypt(tmp, pad, &encrypt_key);
++ AESencrypt(tmp, pad, raw_key);
+ memcpy(tmp, plain, len);
+ memcpy(reinterpret_cast< unsigned char * >(tmp) + len, reinterpret_cast< const unsigned char * >(pad) + len,
+ AES_BLOCK_SIZE - len);
+@@ -325,7 +340,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+
+ S3(delta);
+ XOR(tmp, delta, checksum);
+- AESencrypt(tmp, tag, &encrypt_key);
++ AESencrypt(tmp, tag, raw_key);
+
+ return success;
+ }
+@@ -336,13 +351,13 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ bool success = true;
+
+ // Initialize
+- AESencrypt(nonce, delta, &encrypt_key);
++ AESencrypt(nonce, delta, raw_key);
+ ZERO(checksum);
+
+ while (len > AES_BLOCK_SIZE) {
+ S2(delta);
+ XOR(tmp, delta, reinterpret_cast< const subblock * >(encrypted));
+- AESdecrypt(tmp, tmp, &decrypt_key);
++ AESdecrypt(tmp, tmp, raw_key);
+ XOR(reinterpret_cast< subblock * >(plain), delta, tmp);
+ XOR(checksum, checksum, reinterpret_cast< const subblock * >(plain));
+ len -= AES_BLOCK_SIZE;
+@@ -354,7 +369,7 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ ZERO(tmp);
+ tmp[BLOCKSIZE - 1] = SWAPPED(len * 8);
+ XOR(tmp, tmp, delta);
+- AESencrypt(tmp, pad, &encrypt_key);
++ AESencrypt(tmp, pad, raw_key);
+ memset(tmp, 0, AES_BLOCK_SIZE);
+ memcpy(tmp, encrypted, len);
+ XOR(tmp, tmp, pad);
+@@ -372,7 +387,7 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+
+ S3(delta);
+ XOR(tmp, delta, checksum);
+- AESencrypt(tmp, tag, &encrypt_key);
++ AESencrypt(tmp, tag, raw_key);
+
+ return success;
+ }
+@@ -381,5 +396,5 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ #undef SHIFTBITS
+ #undef SWAPPED
+ #undef HIGHBIT
+-#undef AES_encrypt
+-#undef AES_decrypt
++#undef AESencrypt
++#undef AESdecrypt
+diff --git a/src/crypto/CryptStateOCB2.h b/src/crypto/CryptStateOCB2.h
+index 53d4b4b6aa..cc3f1c0bc3 100644
+--- a/src/crypto/CryptStateOCB2.h
++++ b/src/crypto/CryptStateOCB2.h
+@@ -8,8 +8,9 @@
+
+ #include "CryptState.h"
+
+-#include <openssl/aes.h>
++#include <openssl/evp.h>
+
++#define AES_BLOCK_SIZE 16
+ #define AES_KEY_SIZE_BITS 128
+ #define AES_KEY_SIZE_BYTES (AES_KEY_SIZE_BITS / 8)
+
+@@ -17,7 +18,7 @@
+ class CryptStateOCB2 : public CryptState {
+ public:
+ CryptStateOCB2();
+- ~CryptStateOCB2(){};
++ ~CryptStateOCB2() noexcept override;
+
+ virtual bool isValid() const Q_DECL_OVERRIDE;
+ virtual void genKey() Q_DECL_OVERRIDE;
+@@ -43,8 +44,8 @@ class CryptStateOCB2 : public CryptState {
+ unsigned char decrypt_iv[AES_BLOCK_SIZE];
+ unsigned char decrypt_history[0x100];
+
+- AES_KEY encrypt_key;
+- AES_KEY decrypt_key;
++ EVP_CIPHER_CTX *enc_ctx;
++ EVP_CIPHER_CTX *dec_ctx;
+ };
+
+
+From f8d47db318f302f5a7d343f15c9936c7030c49c4 Mon Sep 17 00:00:00 2001
+From: Terry Geng <terry@terriex.com>
+Date: Sun, 12 Dec 2021 22:39:38 -0500
+Subject: [PATCH] FIX(crypto): Sharing EVP context between threads crushes
+ Mumble
+
+Functions ocb_encrypt and ocb_decrypt share the same set
+of encrypt and decrypt contexts. However, they are invoked
+in different threads (audio input thread and server
+handler thread).
+This may lead to conflicts that would crash Mumble.
+This patch separates contexts used in these two functions
+to avoid such conflicts.
+
+Fixes #5361
+---
+ src/crypto/CryptStateOCB2.cpp | 55 ++++++++++++++++++++++-------------
+ src/crypto/CryptStateOCB2.h | 6 ++--
+ 2 files changed, 38 insertions(+), 23 deletions(-)
+
+diff --git a/src/crypto/CryptStateOCB2.cpp b/src/crypto/CryptStateOCB2.cpp
+index 640fdedac8..3b3473ffec 100644
+--- a/src/crypto/CryptStateOCB2.cpp
++++ b/src/crypto/CryptStateOCB2.cpp
+@@ -30,7 +30,9 @@
+ #include <cstring>
+ #include <openssl/rand.h>
+
+-CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), dec_ctx(EVP_CIPHER_CTX_new()) {
++CryptStateOCB2::CryptStateOCB2()
++ : CryptState(), enc_ctx_ocb_enc(EVP_CIPHER_CTX_new()), dec_ctx_ocb_enc(EVP_CIPHER_CTX_new()),
++ enc_ctx_ocb_dec(EVP_CIPHER_CTX_new()), dec_ctx_ocb_dec(EVP_CIPHER_CTX_new()) {
+ for (int i = 0; i < 0x100; i++)
+ decrypt_history[i] = 0;
+ memset(raw_key, 0, AES_KEY_SIZE_BYTES);
+@@ -39,8 +41,10 @@ CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()),
+ }
+
+ CryptStateOCB2::~CryptStateOCB2() noexcept {
+- EVP_CIPHER_CTX_free(enc_ctx);
+- EVP_CIPHER_CTX_free(dec_ctx);
++ EVP_CIPHER_CTX_free(enc_ctx_ocb_enc);
++ EVP_CIPHER_CTX_free(dec_ctx_ocb_enc);
++ EVP_CIPHER_CTX_free(enc_ctx_ocb_dec);
++ EVP_CIPHER_CTX_free(dec_ctx_ocb_dec);
+ }
+
+ bool CryptStateOCB2::isValid() const {
+@@ -257,25 +261,28 @@ static void inline ZERO(keyblock &block) {
+ block[i] = 0;
+ }
+
+-#define AESencrypt(src, dst, key) \
+- { \
+- int outlen = 0; \
+- EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
+- EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
+- EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
+- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
+- EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++#define AESencrypt_ctx(src, dst, key, enc_ctx) \
++ { \
++ int outlen = 0; \
++ EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
++ EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \
+ }
+-#define AESdecrypt(src, dst, key) \
+- { \
+- int outlen = 0; \
+- EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
+- EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
+- EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
+- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
+- EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++#define AESdecrypt_ctx(src, dst, key, dec_ctx) \
++ { \
++ int outlen = 0; \
++ EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
++ EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \
+ }
+
++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_enc)
++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_enc)
++
+ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encrypted, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag, bool modifyPlainOnXEXStarAttack) {
+ keyblock checksum, delta, tmp, pad;
+@@ -345,6 +352,12 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ return success;
+ }
+
++#undef AESencrypt
++#undef AESdecrypt
++
++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_dec)
++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_dec)
++
+ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *plain, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag) {
+ keyblock checksum, delta, tmp, pad;
+@@ -392,9 +405,9 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ return success;
+ }
+
++#undef AESencrypt
++#undef AESdecrypt
+ #undef BLOCKSIZE
+ #undef SHIFTBITS
+ #undef SWAPPED
+ #undef HIGHBIT
+-#undef AESencrypt
+-#undef AESdecrypt
+diff --git a/src/crypto/CryptStateOCB2.h b/src/crypto/CryptStateOCB2.h
+index cc3f1c0bc3..0fd3000ade 100644
+--- a/src/crypto/CryptStateOCB2.h
++++ b/src/crypto/CryptStateOCB2.h
+@@ -44,8 +44,10 @@ class CryptStateOCB2 : public CryptState {
+ unsigned char decrypt_iv[AES_BLOCK_SIZE];
+ unsigned char decrypt_history[0x100];
+
+- EVP_CIPHER_CTX *enc_ctx;
+- EVP_CIPHER_CTX *dec_ctx;
++ EVP_CIPHER_CTX *enc_ctx_ocb_enc;
++ EVP_CIPHER_CTX *dec_ctx_ocb_enc;
++ EVP_CIPHER_CTX *enc_ctx_ocb_dec;
++ EVP_CIPHER_CTX *dec_ctx_ocb_dec;
+ };
+
+
diff --git a/srcpkgs/mumble/template b/srcpkgs/mumble/template
index 2e6f50da0140..acb6af454e0f 100644
--- a/srcpkgs/mumble/template
+++ b/srcpkgs/mumble/template
@@ -1,7 +1,7 @@
# Template file for 'mumble'
pkgname=mumble
version=1.4.287
-revision=1
+revision=2
build_style=cmake
make_cmd=make
configure_args="-Doverlay-xcompile=OFF -Dbundled-opus=OFF
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: poco: update to build with openssl3
2023-01-30 15:18 [PR PATCH] poco: update to build with openssl3 dkwo
` (9 preceding siblings ...)
2023-01-30 22:52 ` [PR PATCH] [Updated] " dkwo
@ 2023-01-30 22:52 ` dkwo
2023-01-31 1:56 ` Johnnynator
` (2 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: dkwo @ 2023-01-30 22:52 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 162 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/41963#issuecomment-1409481570
Comment:
@Johnnynator Thank you!
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: poco: update to build with openssl3
2023-01-30 15:18 [PR PATCH] poco: update to build with openssl3 dkwo
` (10 preceding siblings ...)
2023-01-30 22:52 ` dkwo
@ 2023-01-31 1:56 ` Johnnynator
2023-01-31 18:45 ` [PR PATCH] [Updated] " dkwo
2023-01-31 19:53 ` [PR PATCH] [Merged]: " Johnnynator
13 siblings, 0 replies; 15+ messages in thread
From: Johnnynator @ 2023-01-31 1:56 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 268 bytes --]
New comment by Johnnynator on void-packages repository
https://github.com/void-linux/void-packages/pull/41963#issuecomment-1409627862
Comment:
https://github.blog/changelog/2023-01-30-git-archive-checksums-may-change/
🤔 seems like they also reverted it again
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PR PATCH] [Updated] poco: update to build with openssl3
2023-01-30 15:18 [PR PATCH] poco: update to build with openssl3 dkwo
` (11 preceding siblings ...)
2023-01-31 1:56 ` Johnnynator
@ 2023-01-31 18:45 ` dkwo
2023-01-31 19:53 ` [PR PATCH] [Merged]: " Johnnynator
13 siblings, 0 replies; 15+ messages in thread
From: dkwo @ 2023-01-31 18:45 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 467 bytes --]
There is an updated pull request by dkwo against master on the void-packages repository
https://github.com/dkwo/void-packages O3poco
https://github.com/void-linux/void-packages/pull/41963
poco: update to build with openssl3
- I tested the changes in this PR: no
- I built this PR locally for my native architecture, (x86_64-musl)
required to build with openssl3 #37681
A patch file from https://github.com/void-linux/void-packages/pull/41963.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-O3poco-41963.patch --]
[-- Type: text/x-diff, Size: 29604 bytes --]
From 5feba827a04ad9297936ac17c7a0387fa47c1dc2 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:20 -0500
Subject: [PATCH 1/3] poco: update to 1.12.4, orphan
---
common/shlibs | 26 +++++++++++++-------------
srcpkgs/poco/template | 11 ++++++-----
2 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/common/shlibs b/common/shlibs
index edb8a2c5dd73..523fd15af734 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3006,19 +3006,19 @@ libsigrok.so.4 libsigrok-0.5.0_1
libsigrokcxx.so.4 libsigrok-0.5.0_1
libsigrokdecode.so.4 libsigrokdecode-0.5.0_2
libglyr.so.1 glyr-1.0.8_1
-libPocoJSON.so.64 poco-1.9.4_3
-libPocoMongoDB.so.64 poco-1.9.4_3
-libPocoZip.so.64 poco-1.9.4_3
-libPocoData.so.64 poco-1.9.4_3
-libPocoNet.so.64 poco-1.9.4_3
-libPocoDataSQLite.so.64 poco-1.9.4_3
-libPocoFoundation.so.64 poco-1.9.4_3
-libPocoXML.so.64 poco-1.9.4_3
-libPocoUtil.so.64 poco-1.9.4_3
-libPocoRedis.so.64 poco-1.9.4_3
-libPocoEncodings.so.64 poco-1.9.4_3
-libPocoNetSSL.so.64 poco-1.9.4_3
-libPocoCrypto.so.64 poco-1.9.4_3
+libPocoJSON.so.94 poco-1.12.4_1
+libPocoMongoDB.so.94 poco-1.12.4_1
+libPocoZip.so.94 poco-1.12.4_1
+libPocoData.so.94 poco-1.12.4_1
+libPocoNet.so.94 poco-1.12.4_1
+libPocoDataSQLite.so.94 poco-1.12.4_1
+libPocoFoundation.so.94 poco-1.12.4_1
+libPocoXML.so.94 poco-1.12.4_1
+libPocoUtil.so.94 poco-1.12.4_1
+libPocoRedis.so.94 poco-1.12.4_1
+libPocoEncodings.so.94 poco-1.12.4_1
+libPocoNetSSL.so.94 poco-1.12.4_1
+libPocoCrypto.so.94 poco-1.12.4_1
libPtex.so ptex-2.3.2_1
libopenblas.so.0 openblas-0.2.19_1
librtaudio.so.6 rtaudio-5.1.0_1
diff --git a/srcpkgs/poco/template b/srcpkgs/poco/template
index 008536b67121..6ca714b9e94f 100644
--- a/srcpkgs/poco/template
+++ b/srcpkgs/poco/template
@@ -1,16 +1,17 @@
# Template file for 'poco'
pkgname=poco
-version=1.9.4
-revision=3
+version=1.12.4
+revision=1
build_style=cmake
configure_args="-DPOCO_UNBUNDLED=ON"
-makedepends="openssl-devel zlib-devel pcre-devel expat-devel sqlite-devel"
+makedepends="openssl-devel zlib-devel pcre2-devel expat-devel sqlite-devel"
short_desc="C++ class libraries for building network-based applications"
-maintainer="Julien Dehos <dehos@univ-littoral.fr>"
+maintainer="Orphaned <orphan@voidlinux.org>"
license="BSL-1.0"
homepage="https://pocoproject.org"
distfiles="https://pocoproject.org/releases/${pkgname}-${version}/${pkgname}-${version}-all.tar.gz"
-checksum=eb34f257b11240a711ee505f1d80c754a80a990aeb48d8d93407884df288fd77
+checksum=4c3584daa5b0e973f268654dbeb1171ec7621e358b2b64363cd1abd558a68777
+conflicts="archiver"
post_install() {
vlicense LICENSE
From db8cea83dd78d0cbcbd61380b41912131f86a3c2 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Fri, 27 Jan 2023 10:45:43 -0500
Subject: [PATCH 2/3] remwharead: bump for poco
---
srcpkgs/remwharead/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/remwharead/template b/srcpkgs/remwharead/template
index e72ab06131e4..4af548c46743 100644
--- a/srcpkgs/remwharead/template
+++ b/srcpkgs/remwharead/template
@@ -1,7 +1,7 @@
# Template file for 'remwharead'
pkgname=remwharead
version=0.10.0
-revision=4
+revision=5
build_style=cmake
hostmakedepends="poco-devel asciidoc pkg-config"
makedepends="poco-devel boost-devel"
@@ -9,7 +9,7 @@ short_desc="Saves URIs of things you want to remember in a database"
maintainer="teldra <teldra@rotce.de>"
license="GPL-3.0-only"
homepage="https://schlomp.space/tastytea/remwharead"
-distfiles="https://github.com/tastytea/remwharead/archive/${version}.tar.gz"
+distfiles="https://github.com/tastytea/remwharead/archive/refs/tags/${version}.tar.gz"
checksum=87f14a611e3ae9f9babe2dff8e4a6c4f5495fa2883393edb36e796af3f19fb30
remwharead-firefox-plugin_package() {
From ccadde9c51ca7f0b2a67e5c7225fd21f1d1d54b0 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Mon, 30 Jan 2023 10:45:04 -0500
Subject: [PATCH 3/3] mumble: bump for poco, patch for openssl3
---
srcpkgs/mumble/patches/openssl3.patch | 685 ++++++++++++++++++++++++++
srcpkgs/mumble/template | 2 +-
2 files changed, 686 insertions(+), 1 deletion(-)
create mode 100644 srcpkgs/mumble/patches/openssl3.patch
diff --git a/srcpkgs/mumble/patches/openssl3.patch b/srcpkgs/mumble/patches/openssl3.patch
new file mode 100644
index 000000000000..906d1790444b
--- /dev/null
+++ b/srcpkgs/mumble/patches/openssl3.patch
@@ -0,0 +1,685 @@
+From f4cea62ed95e4967d8591f25e903f5e8fc2e2a30 Mon Sep 17 00:00:00 2001
+From: Terry Geng <terry@terriex.com>
+Date: Mon, 6 Dec 2021 10:45:11 -0500
+Subject: [PATCH] BUILD(crypto): Migrate to OpenSSL 3.0-compatible API
+
+OpenSSL 3.0 deprecated several low-level APIs and the usage of them
+caused errors/warnings that prevent the binary from being built against
+OpenSSL 3.0.
+Some primitive efforts have been made in #5317 but were incomplete.
+This commit follows https://www.openssl.org/docs/man3.0/man7/migration_guide.html,
+https://code.woboq.org/qt6/qtopcua/src/opcua/x509/qopcuakeypair_openssl.cpp.html,
+and clears all errors/warnings related to the usage of deprecated APIs.
+
+Fixes #5277
+Fixes #4266
+---
+ src/SelfSignedCertificate.cpp | 235 +++++++++++-----------------------
+ src/SelfSignedCertificate.h | 5 +
+ src/crypto/CryptStateOCB2.cpp | 53 +++++---
+ src/crypto/CryptStateOCB2.h | 9 +-
+ 4 files changed, 121 insertions(+), 181 deletions(-)
+
+diff --git a/src/SelfSignedCertificate.cpp b/src/SelfSignedCertificate.cpp
+index a77e5fad91..ea0dec4cc7 100644
+--- a/src/SelfSignedCertificate.cpp
++++ b/src/SelfSignedCertificate.cpp
+@@ -5,8 +5,6 @@
+
+ #include "SelfSignedCertificate.h"
+
+-#include <openssl/x509v3.h>
+-
+ #define SSL_STRING(x) QString::fromLatin1(x).toUtf8().data()
+
+ static int add_ext(X509 *crt, int nid, char *value) {
+@@ -28,108 +26,86 @@ static int add_ext(X509 *crt, int nid, char *value) {
+ return 1;
+ }
+
+-bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
+- QSslCertificate &qscCert, QSslKey &qskKey) {
+- bool ok = true;
+- X509 *x509 = nullptr;
+- EVP_PKEY *pkey = nullptr;
+- RSA *rsa = nullptr;
+- BIGNUM *e = nullptr;
+- X509_NAME *name = nullptr;
+- ASN1_INTEGER *serialNumber = nullptr;
+- ASN1_TIME *notBefore = nullptr;
+- ASN1_TIME *notAfter = nullptr;
+- QString commonName;
+- bool isServerCert = certificateType == CertificateTypeServerCertificate;
+-
+- if (CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) == -1) {
+- ok = false;
+- goto out;
++EVP_PKEY *SelfSignedCertificate::generate_rsa_keypair() {
++ EVP_PKEY *pkey = EVP_PKEY_new();
++ if (!pkey) {
++ return nullptr;
+ }
+
+- x509 = X509_new();
+- if (!x509) {
+- ok = false;
+- goto out;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
++ if (!ctx) {
++ return nullptr;
+ }
+-
+- pkey = EVP_PKEY_new();
+- if (!pkey) {
+- ok = false;
+- goto out;
++ if (EVP_PKEY_keygen_init(ctx) <= 0) {
++ return nullptr;
+ }
+-
+- rsa = RSA_new();
++ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) {
++ return nullptr;
++ }
++ if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
++ return nullptr;
++ }
++ EVP_PKEY_CTX_free(ctx);
++#else
++ RSA *rsa = RSA_new();
++ BIGNUM *e = BN_new();
+ if (!rsa) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+- e = BN_new();
+ if (!e) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+ if (BN_set_word(e, 65537) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+ if (RSA_generate_key_ex(rsa, 2048, e, nullptr) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
++ BN_free(e);
++ RSA_free(rsa);
++#endif
++ return pkey;
++}
+
+- if (X509_set_version(x509, 2) == 0) {
+- ok = false;
+- goto out;
++#define CHECK(statement) \
++ if (!(statement)) { \
++ ok = false; \
++ goto out; \
+ }
+
+- serialNumber = X509_get_serialNumber(x509);
+- if (!serialNumber) {
+- ok = false;
+- goto out;
+- }
+- if (ASN1_INTEGER_set(serialNumber, 1) == 0) {
+- ok = false;
+- goto out;
+- }
+
+- notBefore = X509_get_notBefore(x509);
+- if (!notBefore) {
+- ok = false;
+- goto out;
+- }
+- if (!X509_gmtime_adj(notBefore, 0)) {
+- ok = false;
+- goto out;
+- }
++bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
++ QSslCertificate &qscCert, QSslKey &qskKey) {
++ bool ok = true;
++ EVP_PKEY *pkey = nullptr;
++ X509 *x509 = nullptr;
++ X509_NAME *name = nullptr;
++ ASN1_INTEGER *serialNumber = nullptr;
++ ASN1_TIME *notBefore = nullptr;
++ ASN1_TIME *notAfter = nullptr;
++ QString commonName;
++ bool isServerCert = certificateType == CertificateTypeServerCertificate;
+
+- notAfter = X509_get_notAfter(x509);
+- if (!notAfter) {
+- ok = false;
+- goto out;
+- }
+- if (!X509_gmtime_adj(notAfter, 60 * 60 * 24 * 365 * 20)) {
+- ok = false;
+- goto out;
+- }
++ // In Qt 5.15, a class was added to wrap up the procedures of generating a self-signed certificate.
++ // See https://doc.qt.io/qt-5/qopcuax509certificatesigningrequest.html.
++ // We should consider migrating to this class after switching to Qt 5.15.
+
+- if (X509_set_pubkey(x509, pkey) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(pkey = generate_rsa_keypair());
+
+- name = X509_get_subject_name(x509);
+- if (!name) {
+- ok = false;
+- goto out;
+- }
++ CHECK(x509 = X509_new());
++ CHECK(X509_set_version(x509, 2));
++ CHECK(serialNumber = X509_get_serialNumber(x509));
++ CHECK(ASN1_INTEGER_set(serialNumber, 1));
++ CHECK(notBefore = X509_get_notBefore(x509));
++ CHECK(X509_gmtime_adj(notBefore, 0));
++ CHECK(notAfter = X509_get_notAfter(x509));
++ CHECK(X509_gmtime_adj(notAfter, 60 * 60 * 24 * 365 * 20))
++ CHECK(X509_set_pubkey(x509, pkey));
++ CHECK(name = X509_get_subject_name(x509));
+
+ if (isServerCert) {
+ commonName = QLatin1String("Murmur Autogenerated Certificate v2");
+@@ -141,120 +117,63 @@ bool SelfSignedCertificate::generate(CertificateType certificateType, QString cl
+ }
+ }
+
+- if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8,
+- reinterpret_cast< unsigned char * >(commonName.toUtf8().data()), -1, -1, 0)
+- == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8,
++ reinterpret_cast< unsigned char * >(commonName.toUtf8().data()), -1, -1, 0));
+
+- if (X509_set_issuer_name(x509, name) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_set_issuer_name(x509, name));
+
+- if (add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE")));
+
+ if (isServerCert) {
+- if (add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth")))
+ } else {
+- if (add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth")));
+ }
+
+- if (add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash")));
+
+ if (isServerCert) {
+- if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur")));
+ } else {
+- if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble")));
+ }
+
+ if (!isServerCert) {
+ if (!clientCertEmail.trimmed().isEmpty()) {
+- if (add_ext(x509, NID_subject_alt_name,
+- QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data())
+- == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_subject_alt_name,
++ QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data()));
+ }
+ }
+
+- if (X509_sign(x509, pkey, EVP_sha1()) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_sign(x509, pkey, EVP_sha1()));
+
+ {
+ QByteArray crt;
+ int len = i2d_X509(x509, nullptr);
+- if (len <= 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(len > 0);
+ crt.resize(len);
+
+ unsigned char *dptr = reinterpret_cast< unsigned char * >(crt.data());
+- if (i2d_X509(x509, &dptr) != len) {
+- ok = false;
+- goto out;
+- }
++ CHECK(i2d_X509(x509, &dptr) == len);
+
+ qscCert = QSslCertificate(crt, QSsl::Der);
+- if (qscCert.isNull()) {
+- ok = false;
+- goto out;
+- }
++ CHECK(!qscCert.isNull());
+ }
+
+ {
+ QByteArray key;
+ int len = i2d_PrivateKey(pkey, nullptr);
+- if (len <= 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(len > 0);
+ key.resize(len);
+
+ unsigned char *dptr = reinterpret_cast< unsigned char * >(key.data());
+- if (i2d_PrivateKey(pkey, &dptr) != len) {
+- ok = false;
+- goto out;
+- }
++ CHECK(i2d_PrivateKey(pkey, &dptr) == len);
+
+ qskKey = QSslKey(key, QSsl::Rsa, QSsl::Der);
+- if (qskKey.isNull()) {
+- ok = false;
+- goto out;
+- }
++ CHECK(!qskKey.isNull());
+ }
+
+ out:
+- if (e) {
+- BN_free(e);
+- }
+- // We only need to free the pkey pointer,
+- // not the RSA pointer. We have assigned
+- // our RSA key to pkey, and it will be freed
+- // once we free pkey.
+ if (pkey) {
+ EVP_PKEY_free(pkey);
+ }
+diff --git a/src/SelfSignedCertificate.h b/src/SelfSignedCertificate.h
+index b85a8752b8..7c5f59e9c5 100644
+--- a/src/SelfSignedCertificate.h
++++ b/src/SelfSignedCertificate.h
+@@ -6,6 +6,10 @@
+ #ifndef MUMBLE_SELFSIGNEDCERTIFICATE_H_
+ #define MUMBLE_SELFSIGNEDCERTIFICATE_H_
+
++#include <openssl/evp.h>
++#include <openssl/rsa.h>
++#include <openssl/x509v3.h>
++
+ #include <QtCore/QString>
+ #include <QtNetwork/QSslCertificate>
+ #include <QtNetwork/QSslKey>
+@@ -16,6 +20,7 @@ class SelfSignedCertificate {
+ private:
+ static bool generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
+ QSslCertificate &qscCert, QSslKey &qskKey);
++ static EVP_PKEY *generate_rsa_keypair();
+
+ public:
+ static bool generateMumbleCertificate(QString name, QString email, QSslCertificate &qscCert, QSslKey &qskKey);
+diff --git a/src/crypto/CryptStateOCB2.cpp b/src/crypto/CryptStateOCB2.cpp
+index 2176d64883..640fdedac8 100644
+--- a/src/crypto/CryptStateOCB2.cpp
++++ b/src/crypto/CryptStateOCB2.cpp
+@@ -30,7 +30,7 @@
+ #include <cstring>
+ #include <openssl/rand.h>
+
+-CryptStateOCB2::CryptStateOCB2() : CryptState() {
++CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), dec_ctx(EVP_CIPHER_CTX_new()) {
+ for (int i = 0; i < 0x100; i++)
+ decrypt_history[i] = 0;
+ memset(raw_key, 0, AES_KEY_SIZE_BYTES);
+@@ -38,6 +38,11 @@ CryptStateOCB2::CryptStateOCB2() : CryptState() {
+ memset(decrypt_iv, 0, AES_BLOCK_SIZE);
+ }
+
++CryptStateOCB2::~CryptStateOCB2() noexcept {
++ EVP_CIPHER_CTX_free(enc_ctx);
++ EVP_CIPHER_CTX_free(dec_ctx);
++}
++
+ bool CryptStateOCB2::isValid() const {
+ return bInit;
+ }
+@@ -46,8 +51,6 @@ void CryptStateOCB2::genKey() {
+ CryptographicRandom::fillBuffer(raw_key, AES_KEY_SIZE_BYTES);
+ CryptographicRandom::fillBuffer(encrypt_iv, AES_BLOCK_SIZE);
+ CryptographicRandom::fillBuffer(decrypt_iv, AES_BLOCK_SIZE);
+- AES_set_encrypt_key(raw_key, AES_KEY_SIZE_BITS, &encrypt_key);
+- AES_set_decrypt_key(raw_key, AES_KEY_SIZE_BITS, &decrypt_key);
+ bInit = true;
+ }
+
+@@ -56,8 +59,6 @@ bool CryptStateOCB2::setKey(const std::string &rkey, const std::string &eiv, con
+ memcpy(raw_key, rkey.data(), AES_KEY_SIZE_BYTES);
+ memcpy(encrypt_iv, eiv.data(), AES_BLOCK_SIZE);
+ memcpy(decrypt_iv, div.data(), AES_BLOCK_SIZE);
+- AES_set_encrypt_key(raw_key, AES_KEY_SIZE_BITS, &encrypt_key);
+- AES_set_decrypt_key(raw_key, AES_KEY_SIZE_BITS, &decrypt_key);
+ bInit = true;
+ return true;
+ }
+@@ -256,10 +257,24 @@ static void inline ZERO(keyblock &block) {
+ block[i] = 0;
+ }
+
+-#define AESencrypt(src, dst, key) \
+- AES_encrypt(reinterpret_cast< const unsigned char * >(src), reinterpret_cast< unsigned char * >(dst), key);
+-#define AESdecrypt(src, dst, key) \
+- AES_decrypt(reinterpret_cast< const unsigned char * >(src), reinterpret_cast< unsigned char * >(dst), key);
++#define AESencrypt(src, dst, key) \
++ { \
++ int outlen = 0; \
++ EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
++ EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++ }
++#define AESdecrypt(src, dst, key) \
++ { \
++ int outlen = 0; \
++ EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
++ EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++ }
+
+ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encrypted, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag, bool modifyPlainOnXEXStarAttack) {
+@@ -267,7 +282,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ bool success = true;
+
+ // Initialize
+- AESencrypt(nonce, delta, &encrypt_key);
++ AESencrypt(nonce, delta, raw_key);
+ ZERO(checksum);
+
+ while (len > AES_BLOCK_SIZE) {
+@@ -299,7 +314,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ if (flipABit) {
+ *reinterpret_cast< unsigned char * >(tmp) ^= 1;
+ }
+- AESencrypt(tmp, tmp, &encrypt_key);
++ AESencrypt(tmp, tmp, raw_key);
+ XOR(reinterpret_cast< subblock * >(encrypted), delta, tmp);
+ XOR(checksum, checksum, reinterpret_cast< const subblock * >(plain));
+ if (flipABit) {
+@@ -315,7 +330,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ ZERO(tmp);
+ tmp[BLOCKSIZE - 1] = SWAPPED(len * 8);
+ XOR(tmp, tmp, delta);
+- AESencrypt(tmp, pad, &encrypt_key);
++ AESencrypt(tmp, pad, raw_key);
+ memcpy(tmp, plain, len);
+ memcpy(reinterpret_cast< unsigned char * >(tmp) + len, reinterpret_cast< const unsigned char * >(pad) + len,
+ AES_BLOCK_SIZE - len);
+@@ -325,7 +340,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+
+ S3(delta);
+ XOR(tmp, delta, checksum);
+- AESencrypt(tmp, tag, &encrypt_key);
++ AESencrypt(tmp, tag, raw_key);
+
+ return success;
+ }
+@@ -336,13 +351,13 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ bool success = true;
+
+ // Initialize
+- AESencrypt(nonce, delta, &encrypt_key);
++ AESencrypt(nonce, delta, raw_key);
+ ZERO(checksum);
+
+ while (len > AES_BLOCK_SIZE) {
+ S2(delta);
+ XOR(tmp, delta, reinterpret_cast< const subblock * >(encrypted));
+- AESdecrypt(tmp, tmp, &decrypt_key);
++ AESdecrypt(tmp, tmp, raw_key);
+ XOR(reinterpret_cast< subblock * >(plain), delta, tmp);
+ XOR(checksum, checksum, reinterpret_cast< const subblock * >(plain));
+ len -= AES_BLOCK_SIZE;
+@@ -354,7 +369,7 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ ZERO(tmp);
+ tmp[BLOCKSIZE - 1] = SWAPPED(len * 8);
+ XOR(tmp, tmp, delta);
+- AESencrypt(tmp, pad, &encrypt_key);
++ AESencrypt(tmp, pad, raw_key);
+ memset(tmp, 0, AES_BLOCK_SIZE);
+ memcpy(tmp, encrypted, len);
+ XOR(tmp, tmp, pad);
+@@ -372,7 +387,7 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+
+ S3(delta);
+ XOR(tmp, delta, checksum);
+- AESencrypt(tmp, tag, &encrypt_key);
++ AESencrypt(tmp, tag, raw_key);
+
+ return success;
+ }
+@@ -381,5 +396,5 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ #undef SHIFTBITS
+ #undef SWAPPED
+ #undef HIGHBIT
+-#undef AES_encrypt
+-#undef AES_decrypt
++#undef AESencrypt
++#undef AESdecrypt
+diff --git a/src/crypto/CryptStateOCB2.h b/src/crypto/CryptStateOCB2.h
+index 53d4b4b6aa..cc3f1c0bc3 100644
+--- a/src/crypto/CryptStateOCB2.h
++++ b/src/crypto/CryptStateOCB2.h
+@@ -8,8 +8,9 @@
+
+ #include "CryptState.h"
+
+-#include <openssl/aes.h>
++#include <openssl/evp.h>
+
++#define AES_BLOCK_SIZE 16
+ #define AES_KEY_SIZE_BITS 128
+ #define AES_KEY_SIZE_BYTES (AES_KEY_SIZE_BITS / 8)
+
+@@ -17,7 +18,7 @@
+ class CryptStateOCB2 : public CryptState {
+ public:
+ CryptStateOCB2();
+- ~CryptStateOCB2(){};
++ ~CryptStateOCB2() noexcept override;
+
+ virtual bool isValid() const Q_DECL_OVERRIDE;
+ virtual void genKey() Q_DECL_OVERRIDE;
+@@ -43,8 +44,8 @@ class CryptStateOCB2 : public CryptState {
+ unsigned char decrypt_iv[AES_BLOCK_SIZE];
+ unsigned char decrypt_history[0x100];
+
+- AES_KEY encrypt_key;
+- AES_KEY decrypt_key;
++ EVP_CIPHER_CTX *enc_ctx;
++ EVP_CIPHER_CTX *dec_ctx;
+ };
+
+
+From f8d47db318f302f5a7d343f15c9936c7030c49c4 Mon Sep 17 00:00:00 2001
+From: Terry Geng <terry@terriex.com>
+Date: Sun, 12 Dec 2021 22:39:38 -0500
+Subject: [PATCH] FIX(crypto): Sharing EVP context between threads crushes
+ Mumble
+
+Functions ocb_encrypt and ocb_decrypt share the same set
+of encrypt and decrypt contexts. However, they are invoked
+in different threads (audio input thread and server
+handler thread).
+This may lead to conflicts that would crash Mumble.
+This patch separates contexts used in these two functions
+to avoid such conflicts.
+
+Fixes #5361
+---
+ src/crypto/CryptStateOCB2.cpp | 55 ++++++++++++++++++++++-------------
+ src/crypto/CryptStateOCB2.h | 6 ++--
+ 2 files changed, 38 insertions(+), 23 deletions(-)
+
+diff --git a/src/crypto/CryptStateOCB2.cpp b/src/crypto/CryptStateOCB2.cpp
+index 640fdedac8..3b3473ffec 100644
+--- a/src/crypto/CryptStateOCB2.cpp
++++ b/src/crypto/CryptStateOCB2.cpp
+@@ -30,7 +30,9 @@
+ #include <cstring>
+ #include <openssl/rand.h>
+
+-CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), dec_ctx(EVP_CIPHER_CTX_new()) {
++CryptStateOCB2::CryptStateOCB2()
++ : CryptState(), enc_ctx_ocb_enc(EVP_CIPHER_CTX_new()), dec_ctx_ocb_enc(EVP_CIPHER_CTX_new()),
++ enc_ctx_ocb_dec(EVP_CIPHER_CTX_new()), dec_ctx_ocb_dec(EVP_CIPHER_CTX_new()) {
+ for (int i = 0; i < 0x100; i++)
+ decrypt_history[i] = 0;
+ memset(raw_key, 0, AES_KEY_SIZE_BYTES);
+@@ -39,8 +41,10 @@ CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()),
+ }
+
+ CryptStateOCB2::~CryptStateOCB2() noexcept {
+- EVP_CIPHER_CTX_free(enc_ctx);
+- EVP_CIPHER_CTX_free(dec_ctx);
++ EVP_CIPHER_CTX_free(enc_ctx_ocb_enc);
++ EVP_CIPHER_CTX_free(dec_ctx_ocb_enc);
++ EVP_CIPHER_CTX_free(enc_ctx_ocb_dec);
++ EVP_CIPHER_CTX_free(dec_ctx_ocb_dec);
+ }
+
+ bool CryptStateOCB2::isValid() const {
+@@ -257,25 +261,28 @@ static void inline ZERO(keyblock &block) {
+ block[i] = 0;
+ }
+
+-#define AESencrypt(src, dst, key) \
+- { \
+- int outlen = 0; \
+- EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
+- EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
+- EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
+- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
+- EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++#define AESencrypt_ctx(src, dst, key, enc_ctx) \
++ { \
++ int outlen = 0; \
++ EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
++ EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \
+ }
+-#define AESdecrypt(src, dst, key) \
+- { \
+- int outlen = 0; \
+- EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
+- EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
+- EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
+- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
+- EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
++#define AESdecrypt_ctx(src, dst, key, dec_ctx) \
++ { \
++ int outlen = 0; \
++ EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
++ EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \
+ }
+
++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_enc)
++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_enc)
++
+ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encrypted, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag, bool modifyPlainOnXEXStarAttack) {
+ keyblock checksum, delta, tmp, pad;
+@@ -345,6 +352,12 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ return success;
+ }
+
++#undef AESencrypt
++#undef AESdecrypt
++
++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_dec)
++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_dec)
++
+ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *plain, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag) {
+ keyblock checksum, delta, tmp, pad;
+@@ -392,9 +405,9 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ return success;
+ }
+
++#undef AESencrypt
++#undef AESdecrypt
+ #undef BLOCKSIZE
+ #undef SHIFTBITS
+ #undef SWAPPED
+ #undef HIGHBIT
+-#undef AESencrypt
+-#undef AESdecrypt
+diff --git a/src/crypto/CryptStateOCB2.h b/src/crypto/CryptStateOCB2.h
+index cc3f1c0bc3..0fd3000ade 100644
+--- a/src/crypto/CryptStateOCB2.h
++++ b/src/crypto/CryptStateOCB2.h
+@@ -44,8 +44,10 @@ class CryptStateOCB2 : public CryptState {
+ unsigned char decrypt_iv[AES_BLOCK_SIZE];
+ unsigned char decrypt_history[0x100];
+
+- EVP_CIPHER_CTX *enc_ctx;
+- EVP_CIPHER_CTX *dec_ctx;
++ EVP_CIPHER_CTX *enc_ctx_ocb_enc;
++ EVP_CIPHER_CTX *dec_ctx_ocb_enc;
++ EVP_CIPHER_CTX *enc_ctx_ocb_dec;
++ EVP_CIPHER_CTX *dec_ctx_ocb_dec;
+ };
+
+
diff --git a/srcpkgs/mumble/template b/srcpkgs/mumble/template
index 2e6f50da0140..acb6af454e0f 100644
--- a/srcpkgs/mumble/template
+++ b/srcpkgs/mumble/template
@@ -1,7 +1,7 @@
# Template file for 'mumble'
pkgname=mumble
version=1.4.287
-revision=1
+revision=2
build_style=cmake
make_cmd=make
configure_args="-Doverlay-xcompile=OFF -Dbundled-opus=OFF
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PR PATCH] [Merged]: poco: update to build with openssl3
2023-01-30 15:18 [PR PATCH] poco: update to build with openssl3 dkwo
` (12 preceding siblings ...)
2023-01-31 18:45 ` [PR PATCH] [Updated] " dkwo
@ 2023-01-31 19:53 ` Johnnynator
13 siblings, 0 replies; 15+ messages in thread
From: Johnnynator @ 2023-01-31 19:53 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 318 bytes --]
There's a merged pull request on the void-packages repository
poco: update to build with openssl3
https://github.com/void-linux/void-packages/pull/41963
Description:
- I tested the changes in this PR: no
- I built this PR locally for my native architecture, (x86_64-musl)
required to build with openssl3 #37681
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2023-01-31 19:53 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-30 15:18 [PR PATCH] poco: update to build with openssl3 dkwo
2023-01-30 15:40 ` dkwo
2023-01-30 15:45 ` [PR PATCH] [Updated] " dkwo
2023-01-30 15:48 ` juliendehos
2023-01-30 16:11 ` [PR PATCH] [Updated] " dkwo
2023-01-30 19:33 ` dkwo
2023-01-30 20:00 ` dkwo
2023-01-30 20:19 ` dkwo
2023-01-30 20:26 ` dkwo
2023-01-30 21:58 ` Johnnynator
2023-01-30 22:52 ` [PR PATCH] [Updated] " dkwo
2023-01-30 22:52 ` dkwo
2023-01-31 1:56 ` Johnnynator
2023-01-31 18:45 ` [PR PATCH] [Updated] " dkwo
2023-01-31 19:53 ` [PR PATCH] [Merged]: " Johnnynator
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).