jeans/LibreELEC.tv
jeans/LibreELEC.tv
1
0
Fork 0
mirror of https://github.com/LibreELEC/LibreELEC.tv.git synced 2025-07-24 11:16:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2471 from InuSasha/updates/openssl1.1.0

Browse Source 
openssl: update to 1.1.1b
This commit is contained in:
CvH 2019-03-08 19:55:11 +01:00 committed by GitHub
commit 955c01bbc8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 278 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
packages/addons/addon-depends/network-tools-depends/nmap/package.mk
View File

@ -16,7 +16,8 @@ PKG_CONFIGURE_OPTS_TARGET="--enable-static \
--with-libpcre=included \
--with-libdnet=included \
--with-liblua=included \
--with-liblinear=included"
--with-liblinear=included \
--with-openssl=$SYSROOT_PREFIX"
pre_configure_target() {
# nmap fails to build in subdirs

3
packages/multimedia/rtmpdump/package.mk
View File

@ -9,7 +9,7 @@ PKG_SITE="http://rtmpdump.mplayerhq.hu/"
PKG_URL="http://repo.or.cz/rtmpdump.git/snapshot/$PKG_VERSION.tar.gz"
PKG_DEPENDS_TARGET="toolchain zlib openssl"
PKG_LONGDESC="rtmpdump is a toolkit for RTMP streams."
PKG_BUILD_FLAGS="+pic -parallel"
PKG_BUILD_FLAGS="+pic"
make_target() {
make prefix=/usr \
@ -23,6 +23,7 @@ make_target() {
CRYPTO="OPENSSL" \
OPT="" \
XCFLAGS="$CFLAGS" \
XCFLAGS="$CFLAGS -Wno-unused-but-set-variable -Wno-unused-const-variable" \
XLDFLAGS="$LDFLAGS" \
XLIBS="-lm"
}

10
packages/multimedia/rtmpdump/patches/001_fix-racing-build-issue.patch Normal file
View File

@ -0,0 +1,10 @@
--- a/librtmp/Makefile 2018-02-01 18:38:52.866867721 +0100
+++ b/librtmp/Makefile 2018-02-01 18:39:23.315007740 +0100
@@ -115,6 +115,7 @@
cp librtmp.3 $(MANDIR)/man3
install_so: librtmp$(SO_EXT)
+ -mkdir -p $(SODIR)
cp librtmp$(SO_EXT) $(SODIR)
$(INSTALL_IMPLIB)
cd $(SODIR); ln -sf librtmp$(SO_EXT) librtmp.$(SOX)

251
packages/multimedia/rtmpdump/patches/002_build-with-openssl11.patch Normal file
View File

@ -0,0 +1,251 @@
Source: https://github.com/xbmc/inputstream.rtmp/tree/master/depends/common/librtmp
Date: 21. Oct 2018
--- a/librtmp/dh.h
+++ b/librtmp/dh.h
@@ -253,20 +253,44 @@
if (!dh)
goto failed;
+#if !defined(USE_OPENSSL) || !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
MP_new(dh->g);
if (!dh->g)
goto failed;
+#else
+ BIGNUM *g = NULL;
+ MP_new(g);
+ if (!g)
+ goto failed;
+
+ DH_set0_pqg(dh, NULL, g, NULL);
+#endif
+#if !defined(USE_OPENSSL) || !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
MP_gethex(dh->p, P1024, res); /* prime P1024, see dhgroups.h */
+#else
+ BIGNUM* p = NULL;
+ DH_get0_pqg(dh, (BIGNUM const**)&p, NULL, NULL);
+ MP_gethex(p, P1024, res); /* prime P1024, see dhgroups.h */
+#endif
if (!res)
{
goto failed;
}
+#if !defined(USE_OPENSSL) || !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
MP_set_w(dh->g, 2); /* base 2 */
+#else
+ MP_set_w(g, 2); /* base 2 */
+ DH_set0_pqg(dh, NULL, g, NULL);
+#endif
+#if !defined(USE_OPENSSL) || !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
dh->length = nKeyBits;
+#else
+ DH_set_length(dh, nKeyBits);
+#endif
return dh;
failed:
@@ -293,12 +317,24 @@
MP_gethex(q1, Q1024, res);
assert(res);
+#if !defined(USE_OPENSSL) || !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
res = isValidPublicKey(dh->pub_key, dh->p, q1);
+#else
+ BIGNUM const* pub_key = NULL;
+ BIGNUM const* p = NULL;
+ DH_get0_key(dh, &pub_key, NULL);
+ DH_get0_pqg(dh, &p, NULL, NULL);
+ res = isValidPublicKey((BIGNUM*)pub_key, (BIGNUM*)p, q1);
+#endif
if (!res)
{
+#if !defined(USE_OPENSSL) || !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
MP_free(dh->pub_key);
MP_free(dh->priv_key);
dh->pub_key = dh->priv_key = 0;
+#else
+ DH_free(dh);
+#endif
}
MP_free(q1);
@@ -314,15 +350,29 @@
DHGetPublicKey(MDH *dh, uint8_t *pubkey, size_t nPubkeyLen)
{
int len;
+#if !defined(USE_OPENSSL) || !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
if (!dh || !dh->pub_key)
+#else
+ BIGNUM const* pub_key = NULL;
+ DH_get0_key(dh, &pub_key, NULL);
+ if (!dh || !pub_key)
+#endif
return 0;
+#if !defined(USE_OPENSSL) || !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
len = MP_bytes(dh->pub_key);
+#else
+ len = MP_bytes(pub_key);
+#endif
if (len <= 0 || len > (int) nPubkeyLen)
return 0;
memset(pubkey, 0, nPubkeyLen);
+#if !defined(USE_OPENSSL) || !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
MP_setbin(dh->pub_key, pubkey + (nPubkeyLen - len), len);
+#else
+ MP_setbin(pub_key, pubkey + (nPubkeyLen - len), len);
+#endif
return 1;
}
@@ -364,7 +414,13 @@
MP_gethex(q1, Q1024, len);
assert(len);
+#if !defined(USE_OPENSSL) || !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
if (isValidPublicKey(pubkeyBn, dh->p, q1))
+#else
+ BIGNUM const* p = NULL;
+ DH_get0_pqg(dh, &p, NULL, NULL);
+ if (isValidPublicKey(pubkeyBn, (BIGNUM*)p, q1))
+#endif
res = MDH_compute_key(secret, nPubkeyLen, pubkeyBn, dh);
else
res = -1;
--- a/librtmp/handshake.h
+++ b/librtmp/handshake.h
@@ -31,9 +31,9 @@
#define SHA256_DIGEST_LENGTH 32
#endif
#define HMAC_CTX sha2_context
-#define HMAC_setup(ctx, key, len) sha2_hmac_starts(&ctx, (unsigned char *)key, len, 0)
-#define HMAC_crunch(ctx, buf, len) sha2_hmac_update(&ctx, buf, len)
-#define HMAC_finish(ctx, dig, dlen) dlen = SHA256_DIGEST_LENGTH; sha2_hmac_finish(&ctx, dig)
+#define HMAC_setup(ctx, key, len) sha2_hmac_starts(ctx, (unsigned char *)key, len, 0)
+#define HMAC_crunch(ctx, buf, len) sha2_hmac_update(ctx, buf, len)
+#define HMAC_finish(ctx, dig, dlen) dlen = SHA256_DIGEST_LENGTH; sha2_hmac_finish(ctx, dig)
typedef arc4_context * RC4_handle;
#define RC4_alloc(h) *h = malloc(sizeof(arc4_context))
@@ -50,9 +50,9 @@
#endif
#undef HMAC_CTX
#define HMAC_CTX struct hmac_sha256_ctx
-#define HMAC_setup(ctx, key, len) hmac_sha256_set_key(&ctx, len, key)
-#define HMAC_crunch(ctx, buf, len) hmac_sha256_update(&ctx, len, buf)
-#define HMAC_finish(ctx, dig, dlen) dlen = SHA256_DIGEST_LENGTH; hmac_sha256_digest(&ctx, SHA256_DIGEST_LENGTH, dig)
+#define HMAC_setup(ctx, key, len) hmac_sha256_set_key(ctx, len, key)
+#define HMAC_crunch(ctx, buf, len) hmac_sha256_update(ctx, len, buf)
+#define HMAC_finish(ctx, dig, dlen) dlen = SHA256_DIGEST_LENGTH; hmac_sha256_digest(ctx, SHA256_DIGEST_LENGTH, dig)
#define HMAC_close(ctx)
typedef struct arcfour_ctx* RC4_handle;
@@ -64,14 +64,23 @@
#else /* USE_OPENSSL */
#include <openssl/sha.h>
+#include <openssl/ossl_typ.h>
#include <openssl/hmac.h>
#include <openssl/rc4.h>
#if OPENSSL_VERSION_NUMBER < 0x0090800 || !defined(SHA256_DIGEST_LENGTH)
#error Your OpenSSL is too old, need 0.9.8 or newer with SHA256
#endif
-#define HMAC_setup(ctx, key, len) HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, len, EVP_sha256(), 0)
-#define HMAC_crunch(ctx, buf, len) HMAC_Update(&ctx, buf, len)
-#define HMAC_finish(ctx, dig, dlen) HMAC_Final(&ctx, dig, &dlen); HMAC_CTX_cleanup(&ctx)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define HMAC_setup(ctx, key, len) HMAC_CTX_init(ctx); HMAC_Init_ex(ctx, key, len, EVP_sha256(), 0)
+#else
+#define HMAC_setup(ctx, key, len) HMAC_CTX_reset(ctx); HMAC_Init_ex(ctx, key, len, EVP_sha256(), 0)
+#endif
+#define HMAC_crunch(ctx, buf, len) HMAC_Update(ctx, buf, len)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define HMAC_finish(ctx, dig, dlen) HMAC_Final(ctx, dig, &dlen); HMAC_CTX_cleanup(ctx)
+#else
+#define HMAC_finish(ctx, dig, dlen) HMAC_Final(ctx, dig, &dlen); HMAC_CTX_free(ctx)
+#endif
typedef RC4_KEY * RC4_handle;
#define RC4_alloc(h) *h = malloc(sizeof(RC4_KEY))
@@ -117,7 +126,7 @@
{
uint8_t digest[SHA256_DIGEST_LENGTH];
unsigned int digestLen = 0;
- HMAC_CTX ctx;
+ HMAC_CTX* ctx = NULL;
RC4_alloc(rc4keyIn);
RC4_alloc(rc4keyOut);
@@ -266,7 +275,7 @@
size_t keylen, uint8_t *digest)
{
unsigned int digestLen;
- HMAC_CTX ctx;
+ HMAC_CTX* ctx = NULL;
HMAC_setup(ctx, key, keylen);
HMAC_crunch(ctx, message, messageLen);
--- a/librtmp/hashswf.c
+++ b/librtmp/hashswf.c
@@ -37,9 +37,9 @@
#define SHA256_DIGEST_LENGTH 32
#endif
#define HMAC_CTX sha2_context
-#define HMAC_setup(ctx, key, len) sha2_hmac_starts(&ctx, (unsigned char *)key, len, 0)
-#define HMAC_crunch(ctx, buf, len) sha2_hmac_update(&ctx, buf, len)
-#define HMAC_finish(ctx, dig, dlen) dlen = SHA256_DIGEST_LENGTH; sha2_hmac_finish(&ctx, dig)
+#define HMAC_setup(ctx, key, len) sha2_hmac_starts(ctx, (unsigned char *)key, len, 0)
+#define HMAC_crunch(ctx, buf, len) sha2_hmac_update(ctx, buf, len)
+#define HMAC_finish(ctx, dig, dlen) dlen = SHA256_DIGEST_LENGTH; sha2_hmac_finish(ctx, dig)
#define HMAC_close(ctx)
#elif defined(USE_GNUTLS)
#include <nettle/hmac.h>
@@ -48,19 +48,27 @@
#endif
#undef HMAC_CTX
#define HMAC_CTX struct hmac_sha256_ctx
-#define HMAC_setup(ctx, key, len) hmac_sha256_set_key(&ctx, len, key)
-#define HMAC_crunch(ctx, buf, len) hmac_sha256_update(&ctx, len, buf)
-#define HMAC_finish(ctx, dig, dlen) dlen = SHA256_DIGEST_LENGTH; hmac_sha256_digest(&ctx, SHA256_DIGEST_LENGTH, dig)
+#define HMAC_setup(ctx, key, len) hmac_sha256_set_key(ctx, len, key)
+#define HMAC_crunch(ctx, buf, len) hmac_sha256_update(ctx, len, buf)
+#define HMAC_finish(ctx, dig, dlen) dlen = SHA256_DIGEST_LENGTH; hmac_sha256_digest(ctx, SHA256_DIGEST_LENGTH, dig)
#define HMAC_close(ctx)
#else /* USE_OPENSSL */
#include <openssl/ssl.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <openssl/rc4.h>
-#define HMAC_setup(ctx, key, len) HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, (unsigned char *)key, len, EVP_sha256(), 0)
-#define HMAC_crunch(ctx, buf, len) HMAC_Update(&ctx, (unsigned char *)buf, len)
-#define HMAC_finish(ctx, dig, dlen) HMAC_Final(&ctx, (unsigned char *)dig, &dlen);
-#define HMAC_close(ctx) HMAC_CTX_cleanup(&ctx)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define HMAC_setup(ctx, key, len) HMAC_CTX_init(ctx); HMAC_Init_ex(ctx, (unsigned char *)key, len, EVP_sha256(), 0)
+#else
+#define HMAC_setup(ctx, key, len) HMAC_CTX_reset(ctx); HMAC_Init_ex(ctx, (unsigned char *)key, len, EVP_sha256(), 0)
+#endif
+#define HMAC_crunch(ctx, buf, len) HMAC_Update(ctx, (unsigned char *)buf, len)
+#define HMAC_finish(ctx, dig, dlen) HMAC_Final(ctx, (unsigned char *)dig, &dlen);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define HMAC_close(ctx) HMAC_CTX_cleanup(ctx)
+#else
+#define HMAC_close(ctx) HMAC_CTX_reset(ctx); HMAC_CTX_free(ctx)
+#endif
#endif
extern void RTMP_TLS_Init();
@@ -289,7 +297,7 @@
struct info
{
z_stream *zs;
- HMAC_CTX ctx;
+ HMAC_CTX *ctx;
int first;
int zlib;
int size;

5
packages/network/openssh/patches/openssh-7.9p1-keydir.patch
View File

@ -107,12 +107,13 @@ diff -u a/pathnames.h b/pathnames.h
-#define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key"
-#define _PATH_HOST_XMSS_KEY_FILE SSHDIR "/ssh_host_xmss_key"
-#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key"
-#define _PATH_DH_MODULI SSHDIR "/moduli"
+#define _PATH_HOST_DSA_KEY_FILE KEYDIR "/ssh_host_dsa_key"
+#define _PATH_HOST_ECDSA_KEY_FILE KEYDIR "/ssh_host_ecdsa_key"
+#define _PATH_HOST_ED25519_KEY_FILE KEYDIR "/ssh_host_ed25519_key"
+#define _PATH_HOST_XMSS_KEY_FILE KEYDIR "/ssh_host_xmss_key"
+#define _PATH_HOST_RSA_KEY_FILE KEYDIR "/ssh_host_rsa_key"
#define _PATH_DH_MODULI SSHDIR "/moduli"
+#define _PATH_DH_MODULI KEYDIR "/moduli"
#ifndef _PATH_SSH_PROGRAM
Common subdirectories: a/regress and b/regress
#define _PATH_SSH_PROGRAM "/usr/bin/ssh"

23
packages/security/openssl/package.mk
View File

@ -2,32 +2,27 @@
# Copyright (C) 2016-present Team LibreELEC (https://libreelec.tv)
PKG_NAME="openssl"
PKG_VERSION="1.0.2r"
PKG_SHA256="ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6"
PKG_VERSION="1.1.1b"
PKG_SHA256="5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b"
PKG_LICENSE="BSD"
PKG_SITE="https://www.openssl.org"
PKG_URL="https://www.openssl.org/source/$PKG_NAME-$PKG_VERSION.tar.gz"
PKG_DEPENDS_HOST="ccache:host"
PKG_DEPENDS_TARGET="toolchain"
PKG_LONGDESC="The Open Source toolkit for Secure Sockets Layer and Transport Layer Security"
PKG_TOOLCHAIN="configure"
PKG_BUILD_FLAGS="-parallel"
PKG_CONFIGURE_OPTS_SHARED="--libdir=lib \
shared \
threads \
no-ec2m \
no-gmp \
no-jpake \
no-krb5 \
no-libunbound \
no-md2 \
no-rc5 \
no-rfc3779
no-rfc3779 \
no-sctp \
no-ssl-trace \
no-ssl2 \
no-ssl3 \
no-store \
no-unit-test \
no-weak-ssl-ciphers \
no-zlib \
@ -39,6 +34,10 @@ PKG_CONFIGURE_OPTS_HOST="--prefix=$TOOLCHAIN \
PKG_CONFIGURE_OPTS_TARGET="--prefix=/usr \
--openssldir=/etc/ssl"
post_unpack() {
find $PKG_BUILD/apps -type f | xargs -n 1 -t sed 's|./demoCA|/etc/ssl|' -i
}
pre_configure_host() {
mkdir -p $PKG_BUILD/.$HOST_NAME
cp -a $PKG_BUILD/* $PKG_BUILD/.$HOST_NAME/
@ -77,10 +76,8 @@ configure_target() {
}
makeinstall_target() {
make INSTALL_PREFIX=$INSTALL install_sw
make INSTALL_PREFIX=$SYSROOT_PREFIX install_sw
chmod 755 $INSTALL/usr/lib/*.so*
chmod 755 $INSTALL/usr/lib/engines/*.so
make DESTDIR=$INSTALL install_sw
make DESTDIR=$SYSROOT_PREFIX install_sw
}
post_makeinstall_target() {

33
packages/security/openssl/patches/openssl-0001-ca-dir.patch
View File

@ -1,33 +0,0 @@
--- openssl-1.0.2j/apps/CA.pl.in 2006-04-28 02:30:49.000000000 +0200
+++ openssl-1.0.2j/apps/CA.pl.in 2010-04-01 00:35:02.600553509 +0200
@@ -53,7 +53,7 @@
$X509="$openssl x509";
$PKCS12="$openssl pkcs12";
-$CATOP="./demoCA";
+$CATOP="/etc/ssl";
$CAKEY="cakey.pem";
$CAREQ="careq.pem";
$CACERT="cacert.pem";
--- openssl-1.0.2j/apps/CA.sh 2009-10-15 19:27:47.000000000 +0200
+++ openssl-1.0.2j/apps/CA.sh 2010-04-01 00:35:02.600553509 +0200
@@ -68,7 +68,7 @@
X509="$OPENSSL x509"
PKCS12="openssl pkcs12"
-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
+if [ -z "$CATOP" ] ; then CATOP=/etc/ssl ; fi
CAKEY=./cakey.pem
CAREQ=./careq.pem
CACERT=./cacert.pem
--- openssl-1.0.2j/apps/openssl.cnf 2009-04-04 20:09:43.000000000 +0200
+++ openssl-1.0.2j/apps/openssl.cnf 2010-04-01 00:35:02.607220681 +0200
@@ -39,7 +39,7 @@
####################################################################
[ CA_default ]
-dir = ./demoCA # Where everything is kept
+dir = /etc/ssl # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.