From ab6fbdc44a4fa83b5696a497752bd71313a8d513 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Thu, 9 Feb 2023 10:52:59 -0300 Subject: [PATCH 1/8] gost_engine: add version 3.0.0.1 With OpenSSL soon to be updated to 3.0, the gost engine will have to be bumped as well. Gost 3.0.0.1 will not build with OpenSSL 1.1. To avoid disruption, this commit detects the OpenSSL version from ENGINES_DIR in include/openssl-engin, and sets the package version accordingly. Signed-off-by: Eneas U de Queiroz --- libs/gost_engine/Makefile | 18 ++++-- .../010-openssl-deprecated.patch | 0 .../020-cmake-allow-cross-compile.patch | 59 +++++++++++++++++++ .../patches-3/030-dont-build-provider.patch | 56 ++++++++++++++++++ 4 files changed, 128 insertions(+), 5 deletions(-) rename libs/gost_engine/{patches => patches-1.1}/010-openssl-deprecated.patch (100%) create mode 100644 libs/gost_engine/patches-3/020-cmake-allow-cross-compile.patch create mode 100644 libs/gost_engine/patches-3/030-dont-build-provider.patch diff --git a/libs/gost_engine/Makefile b/libs/gost_engine/Makefile index 0ba69f7269..94f6c990e5 100644 --- a/libs/gost_engine/Makefile +++ b/libs/gost_engine/Makefile @@ -1,19 +1,27 @@ include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/openssl-engine.mk PKG_NAME:=gost_engine -PKG_VERSION:=1.1.0.3 -PKG_RELEASE:=$(AUTORELEASE) +ifeq ($(ENGINES_DIR),engines-1.1) + PKG_VERSION:=1.1.0.3 + PKG_HASH:=fff725052e82c9adb5b738729b30141f61ac91fa457a4f4b5de18b8b24092f75 + PKG_LICENSE:=OpenSSL + PATCH_DIR=./patches-1.1 +else + PKG_VERSION:=3.0.1 + PKG_HASH:=bfeac85883724cfbe0ecc6d942ac0524b908143e019ab3d3b6abe47a3466a628 + PKG_LICENSE:=Apache-2.0 + PATCH_DIR=./patches-3 +endif +PKG_RELEASE:=7 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/gost-engine/engine/archive/v$(PKG_VERSION) -PKG_HASH:=fff725052e82c9adb5b738729b30141f61ac91fa457a4f4b5de18b8b24092f75 PKG_MAINTAINER:=Artur Petrov -PKG_LICENSE:=OpenSSL include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk -include $(INCLUDE_DIR)/openssl-engine.mk PKG_UNPACK:=$(HOST_TAR) -C "$(PKG_BUILD_DIR)" --strip-components=1 -xzf "$(DL_DIR)/$(PKG_SOURCE)" PKG_INSTALL:= diff --git a/libs/gost_engine/patches/010-openssl-deprecated.patch b/libs/gost_engine/patches-1.1/010-openssl-deprecated.patch similarity index 100% rename from libs/gost_engine/patches/010-openssl-deprecated.patch rename to libs/gost_engine/patches-1.1/010-openssl-deprecated.patch diff --git a/libs/gost_engine/patches-3/020-cmake-allow-cross-compile.patch b/libs/gost_engine/patches-3/020-cmake-allow-cross-compile.patch new file mode 100644 index 0000000000..e1a0e3d88a --- /dev/null +++ b/libs/gost_engine/patches-3/020-cmake-allow-cross-compile.patch @@ -0,0 +1,59 @@ +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -64,31 +64,35 @@ else() + add_definitions(-DL_ENDIAN) + endif() + +-check_c_source_runs(" +- #ifdef _MSC_VER +- # include +- #else +- # include +- #endif +- int main(void) { +- unsigned long long x = -1, y = 1, r; +- unsigned char cf; +- cf = _addcarry_u64(1, x, y, &r); +- return !(cf == 1 && r == 1); +- } +- " ADDCARRY_U64) ++if(NOT CMAKE_CROSSCOMPILING) ++ check_c_source_runs(" ++ #ifdef _MSC_VER ++ # include ++ #else ++ # include ++ #endif ++ int main(void) { ++ unsigned long long x = -1, y = 1, r; ++ unsigned char cf; ++ cf = _addcarry_u64(1, x, y, &r); ++ return !(cf == 1 && r == 1); ++ } ++ " ADDCARRY_U64) ++ ++ check_c_source_runs(" ++ int main(void) { ++ char buf[16] = { 0, 1, 2 }; ++ int *p = (int *)(buf + 1); ++ int *q = (int *)(buf + 2); ++ return (*p == *q); ++ } ++ " RELAXED_ALIGNMENT) ++endif() ++ + if (ADDCARRY_U64) + add_definitions(-DHAVE_ADDCARRY_U64) + endif() + +-check_c_source_runs(" +- int main(void) { +- char buf[16] = { 0, 1, 2 }; +- int *p = (int *)(buf + 1); +- int *q = (int *)(buf + 2); +- return (*p == *q); +- } +- " RELAXED_ALIGNMENT) + if (NOT RELAXED_ALIGNMENT) + add_definitions(-DSTRICT_ALIGNMENT) + endif() diff --git a/libs/gost_engine/patches-3/030-dont-build-provider.patch b/libs/gost_engine/patches-3/030-dont-build-provider.patch new file mode 100644 index 0000000000..e0e1f5ddce --- /dev/null +++ b/libs/gost_engine/patches-3/030-dont-build-provider.patch @@ -0,0 +1,56 @@ +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -357,9 +357,11 @@ set_target_properties(lib_gost_engine PR + COMPILE_DEFINITIONS "BUILDING_ENGINE_AS_LIBRARY" + PUBLIC_HEADER gost-engine.h + OUTPUT_NAME "gost") +-target_link_libraries(lib_gost_engine PRIVATE gost_core gost_err) ++#target_link_libraries(lib_gost_engine PRIVATE gost_core gost_err) ++target_link_libraries(lib_gost_engine PRIVATE gost_core) + endif() + ++if (0) + # The GOST provider uses this + add_subdirectory(libprov) + +@@ -384,6 +386,7 @@ set_target_properties(lib_gost_prov PROP + ) + target_link_libraries(lib_gost_prov PRIVATE gost_core libprov) + endif() ++endif() + + set(GOST_SUM_SOURCE_FILES + gostsum.c +@@ -424,15 +427,15 @@ install(FILES gostsum.1 gost12sum.1 DEST + install(TARGETS gost_engine EXPORT GostEngineConfig + LIBRARY DESTINATION ${OPENSSL_ENGINES_DIR} + RUNTIME DESTINATION ${OPENSSL_ENGINES_DIR}) +-install(TARGETS gost_prov EXPORT GostProviderConfig +- LIBRARY DESTINATION ${OPENSSL_MODULES_DIR} +- RUNTIME DESTINATION ${OPENSSL_MODULES_DIR}) ++#install(TARGETS gost_prov EXPORT GostProviderConfig ++# LIBRARY DESTINATION ${OPENSSL_MODULES_DIR} ++# RUNTIME DESTINATION ${OPENSSL_MODULES_DIR}) + if (NOT MSVC) + # install engine and provider in library form + install(TARGETS lib_gost_engine EXPORT GostEngineConfig + LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) +-install(TARGETS lib_gost_prov EXPORT GostProviderConfig +- LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) ++#install(TARGETS lib_gost_prov EXPORT GostProviderConfig ++# LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) + endif() + + if (MSVC) +@@ -440,8 +443,8 @@ if (MSVC) + EXPORT GostEngineConfig DESTINATION ${CMAKE_INSTALL_BINDIR} OPTIONAL) + install(FILES $ + EXPORT GostEngineConfig DESTINATION ${OPENSSL_ENGINES_DIR} OPTIONAL) +- install(FILES $ +- EXPORT GostProviderConfig DESTINATION ${OPENSSL_MODULES_DIR} OPTIONAL) ++# install(FILES $ ++# EXPORT GostProviderConfig DESTINATION ${OPENSSL_MODULES_DIR} OPTIONAL) + endif() + install(EXPORT GostEngineConfig DESTINATION GostEngine/share/cmake/GostEngine) +-install(EXPORT GostProviderConfig DESTINATION GostEngine/share/cmake/GostProvider) ++#install(EXPORT GostProviderConfig DESTINATION GostEngine/share/cmake/GostProvider) From c4f3f54386b177b893ca4add268a5076aef5ce4a Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Thu, 9 Feb 2023 11:25:47 -0300 Subject: [PATCH 2/8] nginx-util: allow building with OpenSSL 3.0 Add -Wno-error=deprecated-declarations to CFLAGS to allow usage of deprecated API. Signed-off-by: Eneas U de Queiroz --- net/nginx-util/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/nginx-util/Makefile b/net/nginx-util/Makefile index f5bb54d114..2ff4da1944 100644 --- a/net/nginx-util/Makefile +++ b/net/nginx-util/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx-util PKG_VERSION:=1.6 -PKG_RELEASE:=$(AUTORELEASE) +PKG_RELEASE:=15 PKG_MAINTAINER:=Peter Stadler include $(INCLUDE_DIR)/package.mk @@ -11,6 +11,7 @@ include $(INCLUDE_DIR)/cmake.mk CMAKE_OPTIONS+= -DUBUS=y CMAKE_OPTIONS+= -DVERSION=$(PKG_VERSION) +TARGET_CFLAGS+= -Wno-error=deprecated-declarations define Package/nginx-ssl-util/default SECTION:=net From 94b06478ed6d2c20b75b2dc5eb81e0de2cdb98c5 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Thu, 9 Feb 2023 13:40:16 -0300 Subject: [PATCH 3/8] nsd: bump to 4.6.1 This version adds compatibility with OpenSSL 3.0. There's a patch, submitted upstream, to fix building without SSL. Signed-off-by: Eneas U de Queiroz --- net/nsd/Makefile | 5 ++- .../010-Fix-build-with-without-ssl.patch | 43 +++++++++++++++++++ 2 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 net/nsd/patches/010-Fix-build-with-without-ssl.patch diff --git a/net/nsd/Makefile b/net/nsd/Makefile index d1469b9b54..33cd8b8b48 100644 --- a/net/nsd/Makefile +++ b/net/nsd/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nsd -PKG_VERSION:=4.2.4 +PKG_VERSION:=4.6.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://www.nlnetlabs.nl/downloads/nsd -PKG_HASH:=9ebd6d766765631a56c0eb332eac26b310fa39f662e5582c8210488cf91ef27c +PKG_HASH:=3f60a3a13ec3f68e84bfa7e19daff663c82bcf1de96e4f53f2246525e773a27a PKG_MAINTAINER:=Vasilis Tsiligiannis PKG_LICENSE:=BSD-3-Clause @@ -21,6 +21,7 @@ PKG_LICENSE_FILES:=LICENSE PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 +PKG_FIXUP:=autoreconf include $(INCLUDE_DIR)/package.mk diff --git a/net/nsd/patches/010-Fix-build-with-without-ssl.patch b/net/nsd/patches/010-Fix-build-with-without-ssl.patch new file mode 100644 index 0000000000..71cb67bf99 --- /dev/null +++ b/net/nsd/patches/010-Fix-build-with-without-ssl.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Eneas U de Queiroz +Date: Thu, 9 Feb 2023 13:48:31 -0300 +Subject: [PATCH] Fix build with --without-ssl + +Don't include COMMON_OBJ when compiling nsd-control without SSL. + +Without SSL, nsd-control's only purpose is to print out an error +message. There's no need to include any other object files then. + +*** THIS PATCH SHOULD NOT BE APPLIED TO NSD'S NEXT RELEASE *** + +Signed-off-by: Eneas U de Queiroz + +--- a/Makefile.in ++++ b/Makefile.in +@@ -85,7 +85,7 @@ NSD_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) difffi + ALL_OBJ=$(NSD_OBJ) nsd-checkconf.o nsd-checkzone.o nsd-control.o nsd-mem.o xfr-inspect.o + NSD_CHECKCONF_OBJ=$(COMMON_OBJ) nsd-checkconf.o + NSD_CHECKZONE_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) dbaccess.o dbcreate.o difffile.o ipc.o mini_event.o netio.o server.o zonec.o zparser.o zlexer.o nsd-checkzone.o verify.o +-NSD_CONTROL_OBJ=$(COMMON_OBJ) nsd-control.o ++NSD_CONTROL_OBJ=@NSD_CONTROL_COMMON_OBJ@ nsd-control.o + CUTEST_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) dbaccess.o dbcreate.o difffile.o ipc.o mini_event.o netio.o server.o verify.o zonec.o zparser.o zlexer.o cutest_dname.o cutest_dns.o cutest_iterated_hash.o cutest_run.o cutest_radtree.o cutest_rbtree.o cutest_namedb.o cutest_options.o cutest_region.o cutest_rrl.o cutest_udb.o cutest_udbrad.o cutest_util.o cutest_bitset.o cutest_popen3.o cutest_iter.o cutest_event.o cutest.o qtest.o + NSD_MEM_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) dbaccess.o dbcreate.o difffile.o ipc.o mini_event.o netio.o verify.o server.o zonec.o zparser.o zlexer.o nsd-mem.o + all: $(TARGETS) $(MANUALS) +--- a/configure.ac ++++ b/configure.ac +@@ -1015,6 +1015,7 @@ AC_SUBST(ratelimit_default) + # we need SSL for TSIG (and maybe also for NSEC3). + CHECK_SSL + if test x$HAVE_SSL = x"yes"; then ++ AC_SUBST(NSD_CONTROL_COMMON_OBJ,'$(COMMON_OBJ)') + ACX_LIB_SSL + # remove space after -ldl if there. + LIBS=`echo "$LIBS" | sed -e 's/ $//'` +@@ -1091,6 +1092,7 @@ AC_INCLUDES_DEFAULT + else + AC_MSG_WARN([No SSL, therefore remote-control is disabled]) + AC_MSG_WARN([No SSL, therefore TLS is disabled]) ++ AC_SUBST(NSD_CONTROL_COMMON_OBJ,) + fi + + AC_ARG_ENABLE(nsec3, AS_HELP_STRING([--disable-nsec3],[Disable NSEC3 support])) From 78dcc29e47079b6f5aad917dcdf935325b5e4fdf Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Thu, 9 Feb 2023 15:05:30 -0300 Subject: [PATCH 4/8] squid: bump to release 5.7 This is the latest version and brings compatibility with OpenSSL 3.0. Signed-off-by: Eneas U de Queiroz --- net/squid/Makefile | 10 +++++----- net/squid/patches/001-glibc-compile.patch | 12 ------------ ...uildbxxflags.patch => 010-no-buildcxxflags.patch} | 2 +- .../patches/020-libxml-drop-xmlSetFeature.patch | 10 ---------- 4 files changed, 6 insertions(+), 28 deletions(-) delete mode 100644 net/squid/patches/001-glibc-compile.patch rename net/squid/patches/{010-no-buildbxxflags.patch => 010-no-buildcxxflags.patch} (91%) delete mode 100644 net/squid/patches/020-libxml-drop-xmlSetFeature.patch diff --git a/net/squid/Makefile b/net/squid/Makefile index f55dcf8410..79299e0b75 100644 --- a/net/squid/Makefile +++ b/net/squid/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=squid -PKG_VERSION:=4.17 -PKG_RELEASE:=$(AUTORELEASE) +PKG_VERSION:=5.7 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=http://www2.pl.squid-cache.org/Versions/v4/ \ - http://www.squid-cache.org/Versions/v4/ -PKG_HASH:=cb928ac08c7c86b151b1c8f827abe1a84d83181a2a86e0d512286163e1e31418 +PKG_SOURCE_URL:=http://www2.pl.squid-cache.org/Versions/v5/ \ + http://www.squid-cache.org/Versions/v5/ +PKG_HASH:=6b0753aaba4c9c4efd333e67124caecf7ad6cc2d38581f19d2f0321f5b7ecd81 PKG_MAINTAINER:=Marko Ratkaj PKG_LICENSE:=GPL-2.0-or-later diff --git a/net/squid/patches/001-glibc-compile.patch b/net/squid/patches/001-glibc-compile.patch deleted file mode 100644 index fd11e85ce4..0000000000 --- a/net/squid/patches/001-glibc-compile.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/src/tools.cc -+++ b/src/tools.cc -@@ -582,7 +582,8 @@ enter_suid(void) - } - #else - -- setuid(0); -+ if (setuid(0) < 0) -+ debugs(50, 1, "no_suid: setuid (0)"); - #endif - #if HAVE_PRCTL && defined(PR_SET_DUMPABLE) - /* Set Linux DUMPABLE flag */ diff --git a/net/squid/patches/010-no-buildbxxflags.patch b/net/squid/patches/010-no-buildcxxflags.patch similarity index 91% rename from net/squid/patches/010-no-buildbxxflags.patch rename to net/squid/patches/010-no-buildcxxflags.patch index 1632485451..c5a5eb61b5 100644 --- a/net/squid/patches/010-no-buildbxxflags.patch +++ b/net/squid/patches/010-no-buildcxxflags.patch @@ -1,6 +1,6 @@ --- a/src/Makefile.am +++ b/src/Makefile.am -@@ -765,7 +765,7 @@ cache_cf.o: cf_parser.cci +@@ -761,7 +761,7 @@ cache_cf.o: cf_parser.cci # cf_gen builds the configuration files. cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci diff --git a/net/squid/patches/020-libxml-drop-xmlSetFeature.patch b/net/squid/patches/020-libxml-drop-xmlSetFeature.patch deleted file mode 100644 index 02be06ab05..0000000000 --- a/net/squid/patches/020-libxml-drop-xmlSetFeature.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/src/esi/Libxml2Parser.cc -+++ b/src/esi/Libxml2Parser.cc -@@ -91,7 +91,6 @@ ESILibxml2Parser::ESILibxml2Parser(ESIPa - - /* TODO: grab the document encoding from the headers */ - parser = xmlCreatePushParserCtxt(&sax, static_cast(this), NULL, 0, NULL); -- xmlSetFeature(parser, "substitute entities", 0); - - if (entity_doc == NULL) - entity_doc = htmlNewDoc(NULL, NULL); From 6b40dccedf068f69c6886fe8d024846dbceb01da Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Thu, 9 Feb 2023 15:15:21 -0300 Subject: [PATCH 5/8] umurmur: fix compilation with OpenSSL 3.0 Remove a call to CRYPTO_mem_ctrl(), which is used only for debugging, Signed-off-by: Eneas U de Queiroz --- net/umurmur/Makefile | 2 +- net/umurmur/patches/010-umurmur-0.2.20-openssl3.patch | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 net/umurmur/patches/010-umurmur-0.2.20-openssl3.patch diff --git a/net/umurmur/Makefile b/net/umurmur/Makefile index 5f5c3fae8c..30ed236548 100644 --- a/net/umurmur/Makefile +++ b/net/umurmur/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=umurmur PKG_VERSION:=0.2.20 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/umurmur/umurmur/tar.gz/$(PKG_VERSION)? diff --git a/net/umurmur/patches/010-umurmur-0.2.20-openssl3.patch b/net/umurmur/patches/010-umurmur-0.2.20-openssl3.patch new file mode 100644 index 0000000000..c82541aba6 --- /dev/null +++ b/net/umurmur/patches/010-umurmur-0.2.20-openssl3.patch @@ -0,0 +1,11 @@ +--- a/src/ssli_openssl.c ++++ b/src/ssli_openssl.c +@@ -142,8 +142,6 @@ static EVP_PKEY *SSL_generate_cert_and_k + + Log_info("Generating new server certificate."); + +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); +- + x509 = X509_new(); + if (!x509) + goto err_out; From 51fda9dde7b3a802c7e8d042b35a452e28fea4ca Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Thu, 9 Feb 2023 12:03:32 -0300 Subject: [PATCH 6/8] boinc: Add compatibility with OpenSSL 3.0 This adds a patch from upstream allowing to build with OpenSSL 3.0. Signed-off-by: Eneas U de Queiroz --- net/boinc/Makefile | 2 +- .../patches/003-update-to-openssl-3.0.0.patch | 34 +++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 net/boinc/patches/003-update-to-openssl-3.0.0.patch diff --git a/net/boinc/Makefile b/net/boinc/Makefile index 694acd70da..cb91155129 100644 --- a/net/boinc/Makefile +++ b/net/boinc/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=boinc PKG_VERSION:=7.16.16 PKG_VERSION_SHORT:=$(shell echo $(PKG_VERSION)| cut -f1,2 -d.) -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE_DATE:=2020-02-25 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz diff --git a/net/boinc/patches/003-update-to-openssl-3.0.0.patch b/net/boinc/patches/003-update-to-openssl-3.0.0.patch new file mode 100644 index 0000000000..75fab90584 --- /dev/null +++ b/net/boinc/patches/003-update-to-openssl-3.0.0.patch @@ -0,0 +1,34 @@ +From 689dc20ede9768377d4032ff8c70b58269c8dc9c Mon Sep 17 00:00:00 2001 +From: Charlie Fenton +Date: Mon, 18 Oct 2021 01:43:08 -0700 +Subject: [PATCH] Mac: update dependent libraries to latest: c-ares-1.17.2, + curl-7.79.1, freetype-2.11.0, openssl-3.0.0 Previously updated to + wxWidgets-3.1.5. FTGL version ftgl-2.1.3~rc5 is still the current version. + +--- +cotequeiroz: Trimming original commit to lib/crypt.cpp only + + lib/crypt.cpp | 7 +- + +--- a/lib/crypt.cpp ++++ b/lib/crypt.cpp +@@ -1,6 +1,6 @@ + // This file is part of BOINC. + // http://boinc.berkeley.edu +-// Copyright (C) 2008 University of California ++// Copyright (C) 2021 University of California + // + // BOINC is free software; you can redistribute it and/or modify it + // under the terms of the GNU Lesser General Public License +@@ -670,7 +670,10 @@ int check_validity_of_cert( + } + #ifdef HAVE_OPAQUE_RSA_DSA_DH + RSA *rsa; +- rsa = EVP_PKEY_get0_RSA(pubKey); ++ // CAUTION: In OpenSSL 3.0.0, EVP_PKEY_get0_RSA() now returns a ++ // pointer of type "const struct rsa_st*" to an immutable value. ++ // Do not try to modify the contents of the returned struct. ++ rsa = (rsa_st*)EVP_PKEY_get0_RSA(pubKey); + if (!RSA_blinding_on(rsa, c)) { + #else + if (!RSA_blinding_on(pubKey->pkey.rsa, c)) { From d0d2f1862bbb4e0780bd73cbe1ae3ba8844521ca Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Thu, 9 Feb 2023 11:25:47 -0300 Subject: [PATCH 7/8] libuhttpd: allow building with OpenSSL 3.0 Add -Wno-error=deprecated-declarations to CFLAGS to allow usage of deprecated API. Signed-off-by: Eneas U de Queiroz --- libs/libuhttpd/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libs/libuhttpd/Makefile b/libs/libuhttpd/Makefile index 362a0c56e8..fabe63b895 100644 --- a/libs/libuhttpd/Makefile +++ b/libs/libuhttpd/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libuhttpd PKG_VERSION:=3.14.1 -PKG_RELEASE:=$(AUTORELEASE) +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL=https://github.com/zhaojh329/libuhttpd/releases/download/v$(PKG_VERSION) @@ -41,6 +41,7 @@ Package/libuhttpd-mbedtls=$(call Package/libuhttpd/Default,mbedtls,+PACKAGE_libu Package/libuhttpd-nossl=$(call Package/libuhttpd/Default,nossl) CMAKE_OPTIONS += -DBUILD_EXAMPLE=OFF +TARGET_CFLAGS += -Wno-error=deprecated-declarations ifeq ($(BUILD_VARIANT),openssl) CMAKE_OPTIONS += -DUSE_OPENSSL=ON From ac547f5af8cfcd0cc75c3bf375859099d9a24de8 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Thu, 9 Feb 2023 11:33:24 -0300 Subject: [PATCH 8/8] apfree-wifidog: add support for OpenSSL 3.0 This adds an upstream commit to allow building with OpenSSL 3.0. Signed-off-by: Eneas U de Queiroz --- net/apfree-wifidog/Makefile | 2 +- .../patches/010-support-openssl-3.0.patch | 53 +++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 net/apfree-wifidog/patches/010-support-openssl-3.0.patch diff --git a/net/apfree-wifidog/Makefile b/net/apfree-wifidog/Makefile index 876f6107f6..d15d8493d7 100644 --- a/net/apfree-wifidog/Makefile +++ b/net/apfree-wifidog/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=apfree-wifidog PKG_VERSION:=4.08.1771 -PKG_RELEASE:=6 +PKG_RELEASE:=7 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/liudf0716/apfree_wifidog.git diff --git a/net/apfree-wifidog/patches/010-support-openssl-3.0.patch b/net/apfree-wifidog/patches/010-support-openssl-3.0.patch new file mode 100644 index 0000000000..4c8147e0a8 --- /dev/null +++ b/net/apfree-wifidog/patches/010-support-openssl-3.0.patch @@ -0,0 +1,53 @@ +From 53a042836063e965f8df9fc85bb32e8e46da8a05 Mon Sep 17 00:00:00 2001 +From: staylightblow8 +Date: Thu, 20 Oct 2022 10:47:59 +0800 +Subject: [PATCH] support openssl > 3.0 + +--- + cmake/Modules/FindOpenSSL.cmake | 27 +++++++++++++++++++++++---- + 1 file changed, 23 insertions(+), 4 deletions(-) + +--- a/cmake/Modules/FindOpenSSL.cmake ++++ b/cmake/Modules/FindOpenSSL.cmake +@@ -282,11 +282,11 @@ function(from_hex HEX DEC) + set(${DEC} ${_res} PARENT_SCOPE) + endfunction() + +-if (OPENSSL_INCLUDE_DIR) +- if(OPENSSL_INCLUDE_DIR AND EXISTS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h") +- file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" openssl_version_str +- REGEX "^# *define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])+.*") ++if(OPENSSL_INCLUDE_DIR AND EXISTS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h") ++ file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" openssl_version_str ++ REGEX "^#[\t ]*define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])+.*") + ++ if(openssl_version_str) + # The version number is encoded as 0xMNNFFPPS: major minor fix patch status + # The status gives if this is a developer or prerelease and is ignored here. + # Major, minor, and fix directly translate into the version numbers shown in +@@ -315,6 +315,25 @@ if (OPENSSL_INCLUDE_DIR) + endif () + + set(OPENSSL_VERSION "${OPENSSL_VERSION_MAJOR}.${OPENSSL_VERSION_MINOR}.${OPENSSL_VERSION_FIX}${OPENSSL_VERSION_PATCH_STRING}") ++ else () ++ # Since OpenSSL 3.0.0, the new version format is MAJOR.MINOR.PATCH and ++ # a new OPENSSL_VERSION_STR macro contains exactly that ++ file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" OPENSSL_VERSION_STR ++ REGEX "^#[\t ]*define[\t ]+OPENSSL_VERSION_STR[\t ]+\"([0-9])+\\.([0-9])+\\.([0-9])+\".*") ++ string(REGEX REPLACE "^.*OPENSSL_VERSION_STR[\t ]+\"([0-9]+\\.[0-9]+\\.[0-9]+)\".*$" ++ "\\1" OPENSSL_VERSION_STR "${OPENSSL_VERSION_STR}") ++ ++ set(OPENSSL_VERSION "${OPENSSL_VERSION_STR}") ++ ++ # Setting OPENSSL_VERSION_MAJOR OPENSSL_VERSION_MINOR and OPENSSL_VERSION_FIX ++ string(REGEX MATCHALL "([0-9])+" OPENSSL_VERSION_NUMBER "${OPENSSL_VERSION}") ++ list(POP_FRONT OPENSSL_VERSION_NUMBER ++ OPENSSL_VERSION_MAJOR ++ OPENSSL_VERSION_MINOR ++ OPENSSL_VERSION_FIX) ++ ++ unset(OPENSSL_VERSION_NUMBER) ++ unset(OPENSSL_VERSION_STR) + endif () + endif () +