yafic: Unbreak with OpenSSL 1.1. Patch taken from FreeBSD Ports.

author: nia <nia@pkgsrc.org> 2020-04-25 13:57:47 +0000
committer: nia <nia@pkgsrc.org> 2020-04-25 13:57:47 +0000
commit: 0e13f25e551cf2044b2d5f11b7d9ffc1f5345f2e (patch)
tree: ae2d0fed7b96e519a725a4bd45873c227f3b2395 /security
parent: aeb4226d596428789004ef823196cd271fd278dd (diff)
download: pkgsrc-0e13f25e551cf2044b2d5f11b7d9ffc1f5345f2e.tar.gz
3 files changed, 197 insertions, 4 deletions
diff --git a/security/yafic/Makefile b/security/yafic/Makefile
index 5766c8be32e..af71a259325 100644
--- a/security/yafic/Makefile
+++ b/security/yafic/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.12 2020/04/24 11:41:38 nia Exp $
+# $NetBSD: Makefile,v 1.13 2020/04/25 13:57:47 nia Exp $
 
 DISTNAME=	yafic-1.2.2
 PKGREVISION=	2
@@ -10,8 +10,6 @@ HOMEPAGE=	https://www.saddi.com/software/yafic/
 COMMENT=	File integrity checker
 LICENSE=	modified-bsd
 
-BROKEN=		"Fails to build with OpenSSL 1.1"
-
 GNU_CONFIGURE=	YES
 
 .include "../../security/openssl/buildlink3.mk"
diff --git a/security/yafic/distinfo b/security/yafic/distinfo
index 073ae99d765..dd1c09aabce 100644
--- a/security/yafic/distinfo
+++ b/security/yafic/distinfo
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.3 2015/11/04 01:18:12 agc Exp $
+$NetBSD: distinfo,v 1.4 2020/04/25 13:57:47 nia Exp $
 
 SHA1 (yafic-1.2.2.tar.gz) = 0592df76f87a6b5b972c1e8c1c08c771e3ffdf7f
 RMD160 (yafic-1.2.2.tar.gz) = 976cb8a75bb9cdf75961a60929c5e778049a97b4
 SHA512 (yafic-1.2.2.tar.gz) = 8e05a0838fc2063f1c6bb69d660e9ff5c9fbdc4199e1396232327498c04d037b35307c348d64d928e561875f5cf0ad40c24fd097680cd814b2308608cf738957
 Size (yafic-1.2.2.tar.gz) = 96893 bytes
 SHA1 (patch-aa) = 288f5793947fbd844e0cdf7706cabd9b9f37abcc
+SHA1 (patch-crypto.c) = 91912dcdfcabc285deea64914bdf9e81e47de359
diff --git a/security/yafic/patches/patch-crypto.c b/security/yafic/patches/patch-crypto.c
new file mode 100644
index 00000000000..ec799808540
--- /dev/null
+++ b/security/yafic/patches/patch-crypto.c
@@ -0,0 +1,194 @@
+$NetBSD: patch-crypto.c,v 1.1 2020/04/25 13:57:48 nia Exp $
+
+Fix build with OpenSSL >=1.1.
+
+From FreeBSD Ports.
+
+--- crypto.c.orig	2004-03-21 12:02:32.000000000 +0000
++++ crypto.c
+@@ -56,6 +56,30 @@ static const char rcsid[] =
+ 
+ static EVP_PKEY *pkey;
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
++static void *OPENSSL_zalloc (size_t num)
++{
++  void *ret = OPENSSL_malloc (num);
++
++  if (ret != NULL)
++    memset (ret, 0, num);
++  return ret;
++}
++
++EVP_MD_CTX *EVP_MD_CTX_new (void)
++{
++  return OPENSSL_zalloc (sizeof (EVP_MD_CTX));
++}
++
++void EVP_MD_CTX_free (EVP_MD_CTX *ctx)
++{
++  EVP_MD_CTX_cleanup (ctx);
++  OPENSSL_free (ctx);
++}
++
++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
++
+ static void
+ opensslError (const char *what)
+ {
+@@ -100,7 +124,7 @@ void
+ SignFile (int fd, const char *filename, const char *sigfile)
+ {
+   const EVP_MD *mdType;
+-  EVP_MD_CTX ctx;
++  EVP_MD_CTX *ctx;
+   ssize_t len;
+   unsigned char *sig = NULL;
+   unsigned int sigLen;
+@@ -111,8 +135,12 @@ SignFile (int fd, const char *filename, 
+   if (!pkey)
+     return;
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+   mdType = EVP_PKEY_type (pkey->type) == EVP_PKEY_DSA ? EVP_dss1 () :
+     EVP_sha1 ();
++#else
++  mdType = EVP_sha1 ();
++#endif
+ 
+   if (!sigfile) {
+     int tlen = strlen (filename) + 4 + 1;
+@@ -122,21 +150,23 @@ SignFile (int fd, const char *filename, 
+     sigfile = tsigfile;
+   }
+ 
++  if ((ctx = EVP_MD_CTX_new ()) == NULL)
++    opensslError ("EVP_MD_CTX_new");
+ #ifdef HAVE_EVP_MD_CTX_INIT
+-  EVP_MD_CTX_init (&ctx);
++  EVP_MD_CTX_init (ctx);
+ #endif
+ #ifdef EVP_DIGESTINIT_VOID
+-  EVP_SignInit (&ctx, mdType);
++  EVP_SignInit (ctx, mdType);
+ #else
+-  if (!EVP_SignInit (&ctx, mdType))
++  if (!EVP_SignInit (ctx, mdType))
+     opensslError ("EVP_SignInit");
+ #endif
+ 
+   while ((len = read (fd, HashBuffer, HASH_BUFFER_SIZE)) > 0) {
+ #ifdef EVP_DIGESTINIT_VOID
+-    EVP_SignUpdate (&ctx, HashBuffer, len);
++    EVP_SignUpdate (ctx, HashBuffer, len);
+ #else
+-    if (!EVP_SignUpdate (&ctx, HashBuffer, len))
++    if (!EVP_SignUpdate (ctx, HashBuffer, len))
+       opensslError ("EVP_SignUpdate");
+ #endif
+   }
+@@ -146,7 +176,7 @@ SignFile (int fd, const char *filename, 
+ 
+   sig = mymalloc (EVP_PKEY_size (pkey));
+ 
+-  if (EVP_SignFinal (&ctx, sig, &sigLen, pkey)) {
++  if (EVP_SignFinal (ctx, sig, &sigLen, pkey)) {
+     if ((f = open (sigfile, O_CREAT|O_WRONLY|O_TRUNC, 0600)) != -1) {
+       if (write (f, sig, sigLen) != sigLen)
+ 	yaficError (sigfile);
+@@ -162,15 +192,16 @@ SignFile (int fd, const char *filename, 
+   if (sig) free (sig);
+   if (tsigfile) free (tsigfile);
+ #ifdef HAVE_EVP_MD_CTX_CLEANUP
+-  EVP_MD_CTX_cleanup (&ctx);
++  EVP_MD_CTX_cleanup (ctx);
+ #endif
++  EVP_MD_CTX_free (ctx);
+ }
+ 
+ void
+ VerifyFile (int fd, const char *filename, const char *sigfile)
+ {
+   const EVP_MD *mdType;
+-  EVP_MD_CTX ctx;
++  EVP_MD_CTX *ctx;
+   ssize_t len;
+   unsigned char *sig = NULL;
+   int f;
+@@ -181,8 +212,12 @@ VerifyFile (int fd, const char *filename
+   if (!pkey)
+     return;
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+   mdType = EVP_PKEY_type (pkey->type) == EVP_PKEY_DSA ? EVP_dss1 () :
+     EVP_sha1 ();
++#else
++  mdType = EVP_sha1 ();
++#endif
+ 
+   if (!sigfile) {
+     int tlen = strlen (filename) + 4 + 1;
+@@ -195,13 +230,15 @@ VerifyFile (int fd, const char *filename
+   fprintf (stderr, "Verifying %s: ", filename);
+   fflush (stderr);
+ 
++  if ((ctx = EVP_MD_CTX_new ()) == NULL)
++    opensslError ("EVP_MD_CTX_new");
+ #ifdef HAVE_EVP_MD_CTX_INIT
+-  EVP_MD_CTX_init (&ctx);
++  EVP_MD_CTX_init (ctx);
+ #endif
+ #ifdef EVP_DIGESTINIT_VOID
+-  EVP_VerifyInit (&ctx, mdType);
++  EVP_VerifyInit (ctx, mdType);
+ #else
+-  if (!EVP_VerifyInit (&ctx, mdType)) {
++  if (!EVP_VerifyInit (ctx, mdType)) {
+     fprintf (stderr, "Error\n");
+     opensslError ("EVP_VerifyInit");
+   }
+@@ -209,9 +246,9 @@ VerifyFile (int fd, const char *filename
+ 
+   while ((len = read (fd, HashBuffer, HASH_BUFFER_SIZE)) > 0) {
+ #ifdef EVP_DIGESTINIT_VOID
+-    EVP_VerifyUpdate (&ctx, HashBuffer, len);
++    EVP_VerifyUpdate (ctx, HashBuffer, len);
+ #else
+-    if (!EVP_VerifyUpdate (&ctx, HashBuffer, len)) {
++    if (!EVP_VerifyUpdate (ctx, HashBuffer, len)) {
+       fprintf (stderr, "Error\n");
+       opensslError ("EVP_SignUpdate");
+     }
+@@ -233,7 +270,7 @@ VerifyFile (int fd, const char *filename
+ 
+     close (f);
+ 
+-    ret = EVP_VerifyFinal (&ctx, sig, len, pkey);
++    ret = EVP_VerifyFinal (ctx, sig, len, pkey);
+     if (ret < 0) {
+       fprintf (stderr, "Error\n");
+       opensslError ("EVP_VerifyFinal");
+@@ -254,8 +291,9 @@ VerifyFile (int fd, const char *filename
+   if (sig) free (sig);
+   if (tsigfile) free (tsigfile);
+ #ifdef HAVE_EVP_MD_CTX_CLEANUP
+-  EVP_MD_CTX_cleanup (&ctx);
++  EVP_MD_CTX_cleanup (ctx);
+ #endif
++  EVP_MD_CTX_free (ctx);
+ }
+ 
+ const char *
+@@ -265,7 +303,11 @@ KeyTypeStr (void)
+ 
+   if (pkey) {
+     int bits = EVP_PKEY_bits (pkey);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     int type = EVP_PKEY_type (pkey->type);
++#else
++    int type = EVP_PKEY_base_id (pkey);
++#endif
+ 
+     switch (type) {
+     case EVP_PKEY_RSA:
author	nia <nia@pkgsrc.org>	2020-04-25 13:57:47 +0000
committer	nia <nia@pkgsrc.org>	2020-04-25 13:57:47 +0000
commit	0e13f25e551cf2044b2d5f11b7d9ffc1f5345f2e (patch)
tree	ae2d0fed7b96e519a725a4bd45873c227f3b2395 /security
parent	aeb4226d596428789004ef823196cd271fd278dd (diff)
download	pkgsrc-0e13f25e551cf2044b2d5f11b7d9ffc1f5345f2e.tar.gz