From e0f33c45b62847837b0fedd9e905c2e2ca6f36cd Mon Sep 17 00:00:00 2001 From: Hans de Graaff Date: Sun, 14 Jul 2019 09:33:19 +0200 Subject: [PATCH] app-arch/dump: fix openssl 1.1 compatibility Fixes: https://bugs.gentoo.org/674318 Signed-off-by: Hans de Graaff Package-Manager: Portage-2.3.66, Repoman-2.3.11 --- app-arch/dump/dump-0.4.46-r1.ebuild | 87 ++++++++++++++++++ .../dump/files/dump-0.4.46-openssl11.patch | 91 +++++++++++++++++++ 2 files changed, 178 insertions(+) create mode 100644 app-arch/dump/dump-0.4.46-r1.ebuild create mode 100644 app-arch/dump/files/dump-0.4.46-openssl11.patch diff --git a/app-arch/dump/dump-0.4.46-r1.ebuild b/app-arch/dump/dump-0.4.46-r1.ebuild new file mode 100644 index 000000000000..f984ca0ef78b --- /dev/null +++ b/app-arch/dump/dump-0.4.46-r1.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit versionator + +MY_P="${PN}-$(replace_version_separator 2 b)" +S=${WORKDIR}/${MY_P} +DESCRIPTION="Dump/restore ext2fs backup utilities" +HOMEPAGE="http://dump.sourceforge.net/" +SRC_URI="mirror://sourceforge/dump/${MY_P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" +# We keep uuid USE flag default dsiabled for this version. Don't forget +# to default enable it for later versions as this is the upstream default. +IUSE="bzip2 debug ermt libressl lzo readline selinux sqlite ssl static test uuid zlib" +REQUIRED_USE=" + ermt? ( ssl ) + ssl? ( zlib ) + test? ( sqlite? ( uuid ) ) +" + +RDEPEND=">=sys-fs/e2fsprogs-1.27:= + >=sys-libs/e2fsprogs-libs-1.27:= + sys-apps/util-linux + bzip2? ( >=app-arch/bzip2-1.0.2:= ) + zlib? ( >=sys-libs/zlib-1.1.4:= ) + lzo? ( dev-libs/lzo:2= ) + sqlite? ( dev-db/sqlite:3= ) + ermt? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + ) + ssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + ) + readline? ( + sys-libs/readline:0= + sys-libs/ncurses:= + static? ( sys-libs/ncurses:=[static-libs] ) + )" +DEPEND="${RDEPEND} + virtual/pkgconfig + virtual/os-headers" + +PATCHES=( "${FILESDIR}"/${P}-openssl11.patch ) + +src_configure() { + local myeconfargs=( + --with-dumpdatespath=/etc/dumpdates + --with-rmtpath='$(sbindir)/rmt' + --enable-blkid + $(use_enable bzip2) + $(use_enable debug) + $(use_enable ermt) + $(use_enable lzo) + $(use_enable readline) + $(use_enable selinux) + $(use_enable sqlite) + $(use_enable ssl) + $(use_enable static static-progs) + $(use_enable uuid) + $(use_enable zlib) + ) + econf "${myeconfargs[@]}" +} + +src_install() { + default + mv "${ED}"/usr/sbin/{,dump-}rmt || die + mv "${ED}"/usr/share/man/man8/{,dump-}rmt.8 || die + use ermt && newsbin rmt/ermt dump-ermt + + dodoc KNOWNBUGS MAINTAINERS REPORTING-BUGS + dodoc -r examples +} + +pkg_postinst() { + if [[ -z ${REPLACING_VERSIONS} ]] ; then + ewarn "app-arch/dump installs 'rmt' as 'dump-rmt'." + ewarn "This is to avoid conflicts with app-arch/tar 'rmt'." + fi +} diff --git a/app-arch/dump/files/dump-0.4.46-openssl11.patch b/app-arch/dump/files/dump-0.4.46-openssl11.patch new file mode 100644 index 000000000000..db18e8190f5c --- /dev/null +++ b/app-arch/dump/files/dump-0.4.46-openssl11.patch @@ -0,0 +1,91 @@ +Index: dump-0.4b46/common/transformation_ssl.c +=================================================================== +--- dump-0.4b46.orig/common/transformation_ssl.c ++++ dump-0.4b46/common/transformation_ssl.c +@@ -215,7 +215,10 @@ generateIV(Transformation *xform, unsign + /* to be exposed to any attacker anyway. */ + *saltlen = 16; + if (xform->enc == 1) { +- RAND_pseudo_bytes(salt, *saltlen); ++ if (!RAND_bytes(salt, *saltlen) != 1) { ++ /* PRNG not sufficiently seeded */ ++ return -1; ++ } + } + memcpy(ivbuffer, salt, 16); + +@@ -274,7 +277,7 @@ ssl_compress(Transformation *xform, stru + digestlen = sizeof(digest); + + /* generate salt, put it in header */ +- generateIV(xform, salt, &saltlen, iv, &ivlen); ++ generateIV(xform, salt, &saltlen, iv, &ivlen); /* TODO: check return value */ + memcpy(tpbin->buf, salt, saltlen); + + /* compress the buffer first - increase the entropy */ +@@ -351,7 +354,7 @@ ssl_decompress(Transformation *xform, st + + // how to know salt length? + memcpy(salt, src, saltlen); +- generateIV(xform, salt, &saltlen, iv, &ivlen); ++ generateIV(xform, salt, &saltlen, iv, &ivlen); /* TODO: check return value */ + + EVP_DecryptInit_ex(xform->state.ssl.dataCtx, xform->state.ssl.cipher, xform->state.ssl.engine, NULL, NULL); + //EVP_CIPHER_CTX_set_key_length(&ctx, 8); +@@ -515,7 +518,7 @@ Transformation + //EVP_CIPHER_CTX_rand_key(ctx, t->state.ssl.key); + //EVP_CIPHER_CTX_cleanup(ctx); + //EVP_CIPHER_CTX_free(ctx); +- RAND_bytes(t->state.ssl.key, t->state.ssl.cipher->key_len); ++ RAND_bytes(t->state.ssl.key, EVP_CIPHER_key_length(t->state.ssl.cipher)); + } else { + // how do we get keys? + } +Index: dump-0.4b46/rmt/cipher.c +=================================================================== +--- dump-0.4b46.orig/rmt/cipher.c ++++ dump-0.4b46/rmt/cipher.c +@@ -23,7 +23,7 @@ + char * + cipher(char *buf, int buflen, int do_encrypt) + { +- static EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); + static char *out = NULL; /* return value, grown as necessary */ + static int outlen = 0; + static int init = 0, which, blocksize; +@@ -71,13 +71,13 @@ cipher(char *buf, int buflen, int do_enc + } + EVP_BytesToKey(cipher, EVP_md5(), NULL, + buf, strlen(buf), 1, key, iv); +- EVP_CIPHER_CTX_init(&ctx); +- EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, do_encrypt); +- EVP_CIPHER_CTX_set_padding(&ctx, 0); // -nopad ++ EVP_CIPHER_CTX_init(ctx); ++ EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, do_encrypt); ++ EVP_CIPHER_CTX_set_padding(ctx, 0); // -nopad + OPENSSL_cleanse(buf, sizeof buf); + OPENSSL_cleanse(key, sizeof key); + OPENSSL_cleanse(iv, sizeof iv); +- blocksize = EVP_CIPHER_CTX_block_size(&ctx); ++ blocksize = EVP_CIPHER_CTX_block_size(ctx); + which = do_encrypt; + init = 1; + } +@@ -95,7 +95,7 @@ cipher(char *buf, int buflen, int do_enc + outlen = (buflen+blocksize) * 2; + out = realloc(out, outlen); + } +- if (!EVP_CipherUpdate(&ctx, out, &n, buf, buflen)) { ++ if (!EVP_CipherUpdate(ctx, out, &n, buf, buflen)) { + syslog(LOG_ERR, "EVP_CipherUpdate failed"); + errno = EINVAL; + return NULL; +@@ -106,6 +106,7 @@ cipher(char *buf, int buflen, int do_enc + return NULL; + } + // assert(ctx->buf_len == 0); ++ EVP_CIPHER_CTX_free(ctx); + return out; + } + -- 2.26.2