Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/pkg_install/dist/lib Merge pkg_install-20171030
details: https://anonhg.NetBSD.org/src/rev/041e04d2a8ec
branches: trunk
changeset: 359195:041e04d2a8ec
user: maya <maya%NetBSD.org@localhost>
date: Sun Feb 04 09:00:51 2018 +0000
description:
Merge pkg_install-20171030
Bump version to 20171030 for netpgpverify fixes.
Add zsh to default_acceptable_licenses.
Undef bootstrap hack.
Fix OpenSSL 1.1.0 build
OpenSSL 1.1.0 makes xkusage and ex_flags opaque.
Use X509_check_ca rather than a custom and nearly identical implementation.
This is available since OpenSSL 0.9.8 (even in RHEL5).
This is also done because we cannot implement it identically under
OpenSSL 1.1.0 due to missing getters.
Test EXFLAG_XKUSAGE rather than zero xkusage test no usage to avoid openssl
1.1.0 getter returning a different code on this case.
Use getter for xkusage in the non-zero test case.
Provide fallback definitions for getters.
PR pkg/52298, PR pkg/52648
diffstat:
external/bsd/pkg_install/dist/lib/license.c | 5 ++-
external/bsd/pkg_install/dist/lib/pkcs7.c | 37 +++++++++-------------------
external/bsd/pkg_install/dist/lib/pkg_io.c | 5 ++-
external/bsd/pkg_install/dist/lib/version.h | 4 +-
4 files changed, 20 insertions(+), 31 deletions(-)
diffs (148 lines):
diff -r 4c131b6a4069 -r 041e04d2a8ec external/bsd/pkg_install/dist/lib/license.c
--- a/external/bsd/pkg_install/dist/lib/license.c Sun Feb 04 08:48:05 2018 +0000
+++ b/external/bsd/pkg_install/dist/lib/license.c Sun Feb 04 09:00:51 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: license.c,v 1.5 2017/04/20 13:18:23 joerg Exp $ */
+/* $NetBSD: license.c,v 1.6 2018/02/04 09:00:51 maya Exp $ */
/*-
* Copyright (c) 2009 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
@@ -92,7 +92,8 @@
"w3c "
"x11 "
"zlib "
- "zpl-2.0 zpl-2.1";
+ "zpl-2.0 zpl-2.1 "
+ "zsh";
#ifdef DEBUG
static size_t hash_collisions;
diff -r 4c131b6a4069 -r 041e04d2a8ec external/bsd/pkg_install/dist/lib/pkcs7.c
--- a/external/bsd/pkg_install/dist/lib/pkcs7.c Sun Feb 04 08:48:05 2018 +0000
+++ b/external/bsd/pkg_install/dist/lib/pkcs7.c Sun Feb 04 09:00:51 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pkcs7.c,v 1.2 2017/04/20 13:18:23 joerg Exp $ */
+/* $NetBSD: pkcs7.c,v 1.3 2018/02/04 09:00:51 maya Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
#endif
@@ -7,7 +7,7 @@
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: pkcs7.c,v 1.2 2017/04/20 13:18:23 joerg Exp $");
+__RCSID("$NetBSD: pkcs7.c,v 1.3 2018/02/04 09:00:51 maya Exp $");
/*-
* Copyright (c) 2004, 2008 The NetBSD Foundation, Inc.
@@ -55,25 +55,12 @@
#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
#endif
-static const unsigned int pkg_key_usage = XKU_CODE_SIGN | XKU_SMIME;
+#if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#define X509_get_extended_key_usage(x) x->ex_xkusage
+#define X509_get_extension_flags(x) x->ex_flags
+#endif
-static int
-check_ca(X509 *cert)
-{
- if ((cert->ex_flags & EXFLAG_KUSAGE) != 0 &&
- (cert->ex_kusage & KU_KEY_CERT_SIGN) != KU_KEY_CERT_SIGN)
- return 0;
- if ((cert->ex_flags & EXFLAG_BCONS) != 0)
- return (cert->ex_flags & EXFLAG_CA) == EXFLAG_CA;
- if ((cert->ex_flags & (EXFLAG_V1|EXFLAG_SS)) == (EXFLAG_V1|EXFLAG_SS))
- return 1;
- if ((cert->ex_flags & EXFLAG_KUSAGE) != 0)
- return 1;
- if ((cert->ex_flags & EXFLAG_NSCERT) != 0 &&
- (cert->ex_nscert & NS_ANY_CA) != 0)
- return 1;
- return 0;
-}
+static const unsigned int pkg_key_usage = XKU_CODE_SIGN | XKU_SMIME;
static STACK_OF(X509) *
file_to_certs(const char *file)
@@ -180,18 +167,18 @@
/* Compute ex_xkusage */
X509_check_purpose(sk_X509_value(signers, i), -1, -1);
- if (check_ca(sk_X509_value(signers, i))) {
+ if (X509_check_ca(sk_X509_value(signers, i))) {
warnx("CA keys are not valid for signatures");
goto cleanup;
}
if (is_pkg) {
- if (sk_X509_value(signers, i)->ex_xkusage != pkg_key_usage) {
+ if (X509_get_extended_key_usage(sk_X509_value(signers, i)) != pkg_key_usage) {
warnx("Certificate must have CODE SIGNING "
"and EMAIL PROTECTION property");
goto cleanup;
}
} else {
- if (sk_X509_value(signers, i)->ex_xkusage != 0) {
+ if (X509_get_extension_flags(sk_X509_value(signers, i)) & EXFLAG_XKUSAGE) {
warnx("Certificate must not have any property");
goto cleanup;
}
@@ -271,12 +258,12 @@
/* Compute ex_kusage */
X509_check_purpose(certificate, -1, 0);
- if (check_ca(certificate)) {
+ if (X509_check_ca(certificate)) {
warnx("CA keys are not valid for signatures");
goto cleanup;
}
- if (certificate->ex_xkusage != pkg_key_usage) {
+ if (X509_get_extended_key_usage(certificate) != pkg_key_usage) {
warnx("Certificate must have CODE SIGNING "
"and EMAIL PROTECTION property");
goto cleanup;
diff -r 4c131b6a4069 -r 041e04d2a8ec external/bsd/pkg_install/dist/lib/pkg_io.c
--- a/external/bsd/pkg_install/dist/lib/pkg_io.c Sun Feb 04 08:48:05 2018 +0000
+++ b/external/bsd/pkg_install/dist/lib/pkg_io.c Sun Feb 04 09:00:51 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pkg_io.c,v 1.2 2017/04/20 13:18:23 joerg Exp $ */
+/* $NetBSD: pkg_io.c,v 1.3 2018/02/04 09:00:51 maya Exp $ */
/*-
* Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
* All rights reserved.
@@ -36,7 +36,7 @@
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: pkg_io.c,v 1.2 2017/04/20 13:18:23 joerg Exp $");
+__RCSID("$NetBSD: pkg_io.c,v 1.3 2018/02/04 09:00:51 maya Exp $");
#include <archive.h>
#include <archive_entry.h>
@@ -49,6 +49,7 @@
#include <stdlib.h>
#ifdef BOOTSTRAP
+#undef IS_URL
#define IS_URL(x) 0
#else
#include <fetch.h>
diff -r 4c131b6a4069 -r 041e04d2a8ec external/bsd/pkg_install/dist/lib/version.h
--- a/external/bsd/pkg_install/dist/lib/version.h Sun Feb 04 08:48:05 2018 +0000
+++ b/external/bsd/pkg_install/dist/lib/version.h Sun Feb 04 09:00:51 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: version.h,v 1.11 2017/04/20 13:18:23 joerg Exp $ */
+/* $NetBSD: version.h,v 1.12 2018/02/04 09:00:51 maya Exp $ */
/*
* Copyright (c) 2001 Thomas Klausner. All rights reserved.
@@ -27,6 +27,6 @@
#ifndef _INST_LIB_VERSION_H_
#define _INST_LIB_VERSION_H_
-#define PKGTOOLS_VERSION 20170419
+#define PKGTOOLS_VERSION 20171030
#endif /* _INST_LIB_VERSION_H_ */
Home |
Main Index |
Thread Index |
Old Index