From 625e9e301e2d04d5c499ee61546d17ec9f76cf51 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 11 Oct 2016 16:43:39 +0200 Subject: [PATCH] rebuild with OpenSSL 1.1.0 --- libarchive-3.2.1-openssl-1.1.patch | 365 +++++++++++++++++++++++++++++ libarchive.spec | 7 +- 2 files changed, 371 insertions(+), 1 deletion(-) create mode 100644 libarchive-3.2.1-openssl-1.1.patch diff --git a/libarchive-3.2.1-openssl-1.1.patch b/libarchive-3.2.1-openssl-1.1.patch new file mode 100644 index 0000000..372cf14 --- /dev/null +++ b/libarchive-3.2.1-openssl-1.1.patch @@ -0,0 +1,365 @@ +diff -up libarchive-3.2.1/libarchive/archive_cryptor.c.openssl-1.1 libarchive-3.2.1/libarchive/archive_cryptor.c +--- libarchive-3.2.1/libarchive/archive_cryptor.c.openssl-1.1 2016-04-24 23:57:10.000000000 +0200 ++++ libarchive-3.2.1/libarchive/archive_cryptor.c 2016-10-11 16:18:16.979989705 +0200 +@@ -302,6 +302,7 @@ aes_ctr_release(archive_crypto_ctx *ctx) + static int + aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len) + { ++ ctx->ctx = EVP_CIPHER_CTX_new(); + + switch (key_len) { + case 16: ctx->type = EVP_aes_128_ecb(); break; +@@ -314,7 +315,7 @@ aes_ctr_init(archive_crypto_ctx *ctx, co + memcpy(ctx->key, key, key_len); + memset(ctx->nonce, 0, sizeof(ctx->nonce)); + ctx->encr_pos = AES_BLOCK_SIZE; +- EVP_CIPHER_CTX_init(&ctx->ctx); ++ EVP_CIPHER_CTX_init(ctx->ctx); + return 0; + } + +@@ -324,10 +325,10 @@ aes_ctr_encrypt_counter(archive_crypto_c + int outl = 0; + int r; + +- r = EVP_EncryptInit_ex(&ctx->ctx, ctx->type, NULL, ctx->key, NULL); ++ r = EVP_EncryptInit_ex(ctx->ctx, ctx->type, NULL, ctx->key, NULL); + if (r == 0) + return -1; +- r = EVP_EncryptUpdate(&ctx->ctx, ctx->encr_buf, &outl, ctx->nonce, ++ r = EVP_EncryptUpdate(ctx->ctx, ctx->encr_buf, &outl, ctx->nonce, + AES_BLOCK_SIZE); + if (r == 0 || outl != AES_BLOCK_SIZE) + return -1; +@@ -337,7 +338,7 @@ aes_ctr_encrypt_counter(archive_crypto_c + static int + aes_ctr_release(archive_crypto_ctx *ctx) + { +- EVP_CIPHER_CTX_cleanup(&ctx->ctx); ++ EVP_CIPHER_CTX_free(ctx->ctx); + memset(ctx->key, 0, ctx->key_len); + memset(ctx->nonce, 0, sizeof(ctx->nonce)); + return 0; +diff -up libarchive-3.2.1/libarchive/archive_cryptor_private.h.openssl-1.1 libarchive-3.2.1/libarchive/archive_cryptor_private.h +--- libarchive-3.2.1/libarchive/archive_cryptor_private.h.openssl-1.1 2016-04-24 23:56:47.000000000 +0200 ++++ libarchive-3.2.1/libarchive/archive_cryptor_private.h 2016-10-11 16:18:16.979989705 +0200 +@@ -104,7 +104,7 @@ typedef struct { + #define AES_MAX_KEY_SIZE 32 + + typedef struct { +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx; + const EVP_CIPHER *type; + uint8_t key[AES_MAX_KEY_SIZE]; + unsigned key_len; +diff -up libarchive-3.2.1/libarchive/archive_digest.c.openssl-1.1 libarchive-3.2.1/libarchive/archive_digest.c +--- libarchive-3.2.1/libarchive/archive_digest.c.openssl-1.1 2015-09-05 06:24:18.000000000 +0200 ++++ libarchive-3.2.1/libarchive/archive_digest.c 2016-10-11 16:31:25.785624324 +0200 +@@ -207,7 +207,9 @@ __archive_nettle_md5final(archive_md5_ct + static int + __archive_openssl_md5init(archive_md5_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_md5()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_md5()); + return (ARCHIVE_OK); + } + +@@ -215,7 +217,7 @@ static int + __archive_openssl_md5update(archive_md5_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + +@@ -226,8 +228,11 @@ __archive_openssl_md5final(archive_md5_c + * this is meant to cope with that. Real fix is probably to fix + * archive_write_set_format_xar.c + */ +- if (ctx->digest) +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -359,7 +364,9 @@ __archive_nettle_ripemd160final(archive_ + static int + __archive_openssl_ripemd160init(archive_rmd160_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_ripemd160()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_ripemd160()); + return (ARCHIVE_OK); + } + +@@ -367,14 +374,18 @@ static int + __archive_openssl_ripemd160update(archive_rmd160_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_ripemd160final(archive_rmd160_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -509,7 +520,9 @@ __archive_nettle_sha1final(archive_sha1_ + static int + __archive_openssl_sha1init(archive_sha1_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha1()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha1()); + return (ARCHIVE_OK); + } + +@@ -517,7 +530,7 @@ static int + __archive_openssl_sha1update(archive_sha1_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + +@@ -528,8 +541,11 @@ __archive_openssl_sha1final(archive_sha1 + * this is meant to cope with that. Real fix is probably to fix + * archive_write_set_format_xar.c + */ +- if (ctx->digest) +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -733,7 +749,9 @@ __archive_nettle_sha256final(archive_sha + static int + __archive_openssl_sha256init(archive_sha256_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha256()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha256()); + return (ARCHIVE_OK); + } + +@@ -741,14 +759,18 @@ static int + __archive_openssl_sha256update(archive_sha256_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_sha256final(archive_sha256_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -928,7 +950,9 @@ __archive_nettle_sha384final(archive_sha + static int + __archive_openssl_sha384init(archive_sha384_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha384()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha384()); + return (ARCHIVE_OK); + } + +@@ -936,14 +960,18 @@ static int + __archive_openssl_sha384update(archive_sha384_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_sha384final(archive_sha384_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -1147,7 +1175,9 @@ __archive_nettle_sha512final(archive_sha + static int + __archive_openssl_sha512init(archive_sha512_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha512()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha512()); + return (ARCHIVE_OK); + } + +@@ -1155,14 +1185,18 @@ static int + __archive_openssl_sha512update(archive_sha512_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_sha512final(archive_sha512_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +diff -up libarchive-3.2.1/libarchive/archive_digest_private.h.openssl-1.1 libarchive-3.2.1/libarchive/archive_digest_private.h +--- libarchive-3.2.1/libarchive/archive_digest_private.h.openssl-1.1 2015-09-05 06:24:18.000000000 +0200 ++++ libarchive-3.2.1/libarchive/archive_digest_private.h 2016-10-11 16:20:24.348996576 +0200 +@@ -161,7 +161,7 @@ typedef CC_MD5_CTX archive_md5_ctx; + #elif defined(ARCHIVE_CRYPTO_MD5_NETTLE) + typedef struct md5_ctx archive_md5_ctx; + #elif defined(ARCHIVE_CRYPTO_MD5_OPENSSL) +-typedef EVP_MD_CTX archive_md5_ctx; ++typedef EVP_MD_CTX *archive_md5_ctx; + #elif defined(ARCHIVE_CRYPTO_MD5_WIN) + typedef Digest_CTX archive_md5_ctx; + #else +@@ -175,7 +175,7 @@ typedef RIPEMD160_CTX archive_rmd160_ctx + #elif defined(ARCHIVE_CRYPTO_RMD160_NETTLE) + typedef struct ripemd160_ctx archive_rmd160_ctx; + #elif defined(ARCHIVE_CRYPTO_RMD160_OPENSSL) +-typedef EVP_MD_CTX archive_rmd160_ctx; ++typedef EVP_MD_CTX *archive_rmd160_ctx; + #else + typedef unsigned char archive_rmd160_ctx; + #endif +@@ -189,7 +189,7 @@ typedef CC_SHA1_CTX archive_sha1_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA1_NETTLE) + typedef struct sha1_ctx archive_sha1_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA1_OPENSSL) +-typedef EVP_MD_CTX archive_sha1_ctx; ++typedef EVP_MD_CTX *archive_sha1_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA1_WIN) + typedef Digest_CTX archive_sha1_ctx; + #else +@@ -209,7 +209,7 @@ typedef CC_SHA256_CTX archive_sha256_ctx + #elif defined(ARCHIVE_CRYPTO_SHA256_NETTLE) + typedef struct sha256_ctx archive_sha256_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA256_OPENSSL) +-typedef EVP_MD_CTX archive_sha256_ctx; ++typedef EVP_MD_CTX *archive_sha256_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA256_WIN) + typedef Digest_CTX archive_sha256_ctx; + #else +@@ -227,7 +227,7 @@ typedef CC_SHA512_CTX archive_sha384_ctx + #elif defined(ARCHIVE_CRYPTO_SHA384_NETTLE) + typedef struct sha384_ctx archive_sha384_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA384_OPENSSL) +-typedef EVP_MD_CTX archive_sha384_ctx; ++typedef EVP_MD_CTX *archive_sha384_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA384_WIN) + typedef Digest_CTX archive_sha384_ctx; + #else +@@ -247,7 +247,7 @@ typedef CC_SHA512_CTX archive_sha512_ctx + #elif defined(ARCHIVE_CRYPTO_SHA512_NETTLE) + typedef struct sha512_ctx archive_sha512_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA512_OPENSSL) +-typedef EVP_MD_CTX archive_sha512_ctx; ++typedef EVP_MD_CTX *archive_sha512_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA512_WIN) + typedef Digest_CTX archive_sha512_ctx; + #else +diff -up libarchive-3.2.1/libarchive/archive_hmac.c.openssl-1.1 libarchive-3.2.1/libarchive/archive_hmac.c +--- libarchive-3.2.1/libarchive/archive_hmac.c.openssl-1.1 2016-04-24 23:57:03.000000000 +0200 ++++ libarchive-3.2.1/libarchive/archive_hmac.c 2016-10-11 16:25:54.074787000 +0200 +@@ -176,8 +176,10 @@ __hmac_sha1_cleanup(archive_hmac_sha1_ct + static int + __hmac_sha1_init(archive_hmac_sha1_ctx *ctx, const uint8_t *key, size_t key_len) + { +- HMAC_CTX_init(ctx); +- HMAC_Init(ctx, key, key_len, EVP_sha1()); ++ *ctx = HMAC_CTX_new(); ++ if (*ctx == NULL) ++ return -1; ++ HMAC_Init_ex(*ctx, key, key_len, EVP_sha1(), NULL); + return 0; + } + +@@ -185,22 +187,22 @@ static void + __hmac_sha1_update(archive_hmac_sha1_ctx *ctx, const uint8_t *data, + size_t data_len) + { +- HMAC_Update(ctx, data, data_len); ++ HMAC_Update(*ctx, data, data_len); + } + + static void + __hmac_sha1_final(archive_hmac_sha1_ctx *ctx, uint8_t *out, size_t *out_len) + { + unsigned int len = (unsigned int)*out_len; +- HMAC_Final(ctx, out, &len); ++ HMAC_Final(*ctx, out, &len); + *out_len = len; + } + + static void + __hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx) + { +- HMAC_CTX_cleanup(ctx); +- memset(ctx, 0, sizeof(*ctx)); ++ HMAC_CTX_free(*ctx); ++ *ctx = NULL; + } + + #else +diff -up libarchive-3.2.1/libarchive/archive_hmac_private.h.openssl-1.1 libarchive-3.2.1/libarchive/archive_hmac_private.h +--- libarchive-3.2.1/libarchive/archive_hmac_private.h.openssl-1.1 2016-04-24 23:56:55.000000000 +0200 ++++ libarchive-3.2.1/libarchive/archive_hmac_private.h 2016-10-11 16:18:16.979989705 +0200 +@@ -72,7 +72,7 @@ typedef struct hmac_sha1_ctx archive_hma + #elif defined(HAVE_LIBCRYPTO) + #include + +-typedef HMAC_CTX archive_hmac_sha1_ctx; ++typedef HMAC_CTX* archive_hmac_sha1_ctx; + + #else + diff --git a/libarchive.spec b/libarchive.spec index af19ddd..5a3b774 100644 --- a/libarchive.spec +++ b/libarchive.spec @@ -1,6 +1,6 @@ Name: libarchive Version: 3.2.1 -Release: 4%{?dist} +Release: 5%{?dist} Summary: A library for handling streaming archive formats License: BSD @@ -13,6 +13,8 @@ Patch0: RHBZ#1378669.patch Patch1: RHBZ#1378668.patch # stack based buffer overflow in bsdtar_expand_char (util.c) Patch2: RHBZ#1378666.patch +# Make it build with OpenSSL 1.1.0 +Patch3: libarchive-3.2.1-openssl-1.1.patch BuildRequires: bison BuildRequires: sharutils @@ -218,6 +220,9 @@ run_testsuite %changelog +* Tue Oct 11 2016 Tomáš Mráz - 3.2.1-5 +- rebuild with OpenSSL 1.1.0 + * Mon Sep 26 2016 Tomas Repik - 3.2.1-4 - fix some stack and heap overflows - resolves (rhbz#1378669, rhbz#1378668, rhbz#1378666)