diff --git a/srcpkgs/xbps/patches/b5954c80db5d7fba2b0635e758126c4d949edbb3.patch b/srcpkgs/xbps/patches/b5954c80db5d7fba2b0635e758126c4d949edbb3.patch deleted file mode 100644 index 77a21c9bc14..00000000000 --- a/srcpkgs/xbps/patches/b5954c80db5d7fba2b0635e758126c4d949edbb3.patch +++ /dev/null @@ -1,55 +0,0 @@ -From b5954c80db5d7fba2b0635e758126c4d949edbb3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Piotr=20W=C3=B3jcik?= -Date: Sat, 2 Jul 2022 22:37:08 +0200 -Subject: [PATCH] lib/fetch: reuse http connection - -With HTTP 1.1 persistent connection is default and Connection -header is not sent. -Before patch, for every file, including 512b signature, there was -done dns query, tls handshake etc. ---- - lib/fetch/http.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/lib/fetch/http.c b/lib/fetch/http.c -index 395e7d8f..02b97a51 100644 ---- a/lib/fetch/http.c -+++ b/lib/fetch/http.c -@@ -424,7 +424,7 @@ http_cmd(conn_t *conn, const char *fmt, ...) - * Get and parse status line - */ - static int --http_get_reply(conn_t *conn) -+http_get_reply(conn_t *conn, int *keep_alive) - { - char *p; - -@@ -445,6 +445,10 @@ http_get_reply(conn_t *conn) - if (*p == '/') { - if (p[1] != '1' || p[2] != '.' || (p[3] != '0' && p[3] != '1')) - return (HTTP_PROTOCOL_ERROR); -+ /* HTTP/1.1 defaults to the use of "persistent connections" */ -+ if (keep_alive && p[3] == '1') { -+ *keep_alive = 1; -+ } - p += 4; - } - if (*p != ' ' || -@@ -760,7 +764,7 @@ http_connect(struct url *URL, struct url *purl, const char *flags, int *cached) - - http_cmd(conn, "\r\n"); - -- if (http_get_reply(conn) != HTTP_OK) { -+ if (http_get_reply(conn, NULL) != HTTP_OK) { - http_seterr(conn->err); - fetch_close(conn); - return (NULL); -@@ -1011,7 +1015,7 @@ http_request(struct url *URL, const char *op, struct url_stat *us, - sizeof(val)); - - /* get reply */ -- switch (http_get_reply(conn)) { -+ switch (http_get_reply(conn, &keep_alive)) { - case HTTP_OK: - case HTTP_PARTIAL: - case HTTP_NOT_MODIFIED: diff --git a/srcpkgs/xbps/patches/cflags.patch b/srcpkgs/xbps/patches/cflags.patch deleted file mode 100644 index bf95fea3beb..00000000000 --- a/srcpkgs/xbps/patches/cflags.patch +++ /dev/null @@ -1,17 +0,0 @@ -Both CFLAGS and LDFLAGS need to be passed during linkage as CFLAGS may contain -things that influence linkage (e.g. ssp_nonshared may be necessary to link -when using strong stack protector) - -diff --git lib/Makefile lib/Makefile -index 65342ef..847bfdd 100644 ---- a/lib/Makefile -+++ b/lib/Makefile -@@ -78,7 +78,7 @@ $(OBJS): %.o: %.c - - libxbps.so: $(LIBFETCH_OBJS) $(LIBPROP_OBJS) $(OBJS) - @printf " [CCLD]\t\t$@\n" -- ${SILENT}$(CC) $^ $(LDFLAGS) -o $(LIBXBPS_SHLIB) -+ ${SILENT}$(CC) $^ $(CFLAGS) $(LDFLAGS) -o $(LIBXBPS_SHLIB) - @-ln -sf $(LIBXBPS_SHLIB) libxbps.so.$(LIBXBPS_MAJOR) - @-ln -sf $(LIBXBPS_SHLIB) libxbps.so - diff --git a/srcpkgs/xbps/patches/openssl3.patch b/srcpkgs/xbps/patches/openssl3.patch deleted file mode 100644 index b47a998a5ac..00000000000 --- a/srcpkgs/xbps/patches/openssl3.patch +++ /dev/null @@ -1,46 +0,0 @@ -From db1766986c4389eb7e17c0e0076971b711617ef9 Mon Sep 17 00:00:00 2001 -From: Juan RP -Date: Thu, 16 Apr 2020 14:57:18 +0200 -Subject: [PATCH] configure: accept any openssl version. - ---- - configure | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure b/configure -index da8ae75fa..383bc927b 100755 ---- a/configure -+++ b/configure -@@ -704,7 +704,7 @@ fi - # libssl with pkg-config support is required. - # - printf "Checking for libssl via pkg-config ... " --if pkg-config --exists 'libssl < 1.2' && ! pkg-config --exists libtls ; then -+if pkg-config --exists 'libssl' && ! pkg-config --exists libtls ; then - echo "found OpenSSL version $(pkg-config --modversion libssl)." - elif pkg-config --exists libssl libtls; then - echo "found LibreSSL version $(pkg-config --modversion libssl)." - ---- -From a65013e7370479243de62d56b44eb08d6bae943d Mon Sep 17 00:00:00 2001 -From: classabbyamp -Date: Tue, 8 Aug 2023 01:32:17 -0400 -Subject: [PATCH] configure: workaround for openssl3 compat - ---- - configure | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/configure b/configure -index 303c90a1..c7d78bf1 100755 ---- a/configure -+++ b/configure -@@ -368,6 +368,8 @@ fi - if [ "$CC" = "tcc" ]; then - echo "CFLAGS += -Wno-error" >>$CONFIG_MK - fi -+# openssl 3 compatibility -+echo "CFLAGS += -Wno-error=deprecated-declarations">>$CONFIG_MK - - # libfetch - echo "CPPFLAGS += -I\$(TOPDIR)/lib/fetch" >>$CONFIG_MK diff --git a/srcpkgs/xbps/patches/sig2.patch b/srcpkgs/xbps/patches/sig2.patch deleted file mode 100644 index 973a84173d4..00000000000 --- a/srcpkgs/xbps/patches/sig2.patch +++ /dev/null @@ -1,246 +0,0 @@ -https://github.com/void-linux/xbps/pull/565 but rebased on 0.59.1 - -From d7a0fc190b00fbb083688993971f466df834ceaa Mon Sep 17 00:00:00 2001 -From: classabbyamp -Date: Tue, 8 Aug 2023 00:36:10 -0400 -Subject: [PATCH] lib/, bin/: fix signature type, now called *.sig2 - -Since 8d5c48b, xbps has used a sha1 ASN1 prefix with a sha256 hash, and -as of openssl v3, openssl cares about this. This works around that in a -compatible way by moving to a second sig file, binpkg.sig2. - -For xbps-remove -O and xbps-rindex -r, also clean up obselete .sig files. ---- - bin/xbps-remove/clean-cache.c | 10 +++++++++- - bin/xbps-rindex/remove-obsoletes.c | 13 +++++++++++-- - bin/xbps-rindex/sign.c | 9 ++------- - include/xbps.h.in | 4 ++-- - lib/transaction_fetch.c | 10 +++++----- - lib/util.c | 6 +++--- - lib/verifysig.c | 4 ++-- - 7 files changed, 34 insertions(+), 22 deletions(-) - -diff --git a/bin/xbps-remove/clean-cache.c b/bin/xbps-remove/clean-cache.c -index 43ff6057..680a4d1e 100644 ---- a/bin/xbps-remove/clean-cache.c -+++ b/bin/xbps-remove/clean-cache.c -@@ -43,7 +43,7 @@ cleaner_cb(struct xbps_handle *xhp, xbps_object_t obj, - { - xbps_dictionary_t repo_pkgd; - const char *binpkg, *rsha256; -- char *binpkgsig, *pkgver, *arch; -+ char *binpkgsig, *binpkgsig2, *pkgver, *arch; - bool drun = false; - - /* Extract drun (dry-run) flag from arg*/ -@@ -78,6 +78,7 @@ cleaner_cb(struct xbps_handle *xhp, xbps_object_t obj, - } - } - binpkgsig = xbps_xasprintf("%s.sig", binpkg); -+ binpkgsig2 = xbps_xasprintf("%s.sig2", binpkg); - if (!drun && unlink(binpkg) == -1) { - fprintf(stderr, "Failed to remove `%s': %s\n", - binpkg, strerror(errno)); -@@ -91,6 +92,13 @@ cleaner_cb(struct xbps_handle *xhp, xbps_object_t obj, - } - } - free(binpkgsig); -+ if (!drun && unlink(binpkgsig2) == -1) { -+ if (errno != ENOENT) { -+ fprintf(stderr, "Failed to remove `%s': %s\n", -+ binpkgsig2, strerror(errno)); -+ } -+ } -+ free(binpkgsig2); - - return 0; - } -diff --git a/bin/xbps-rindex/remove-obsoletes.c b/bin/xbps-rindex/remove-obsoletes.c -index 80cf2fff..de776145 100644 ---- a/bin/xbps-rindex/remove-obsoletes.c -+++ b/bin/xbps-rindex/remove-obsoletes.c -@@ -39,11 +39,12 @@ - static int - remove_pkg(const char *repodir, const char *file) - { -- char *filepath, *sigpath; -+ char *filepath, *sigpath, *sig2path; - int rv = 0; - - filepath = xbps_xasprintf("%s/%s", repodir, file); - sigpath = xbps_xasprintf("%s.sig", filepath); -+ sig2path = xbps_xasprintf("%s.sig2", filepath); - if (remove(filepath) == -1) { - if (errno != ENOENT) { - rv = errno; -@@ -55,10 +56,18 @@ remove_pkg(const char *repodir, const char *file) - if (errno != ENOENT) { - rv = errno; - fprintf(stderr, "xbps-rindex: failed to remove " -- "package signature `%s': %s\n", sigpath, strerror(rv)); -+ "legacy package signature `%s': %s\n", sigpath, strerror(rv)); -+ } -+ } -+ if (remove(sig2path) == -1) { -+ if (errno != ENOENT) { -+ rv = errno; -+ xbps_error_printf("xbps-rindex: failed to remove " -+ "package signature `%s': %s\n", sig2path, strerror(rv)); - } - } - free(sigpath); -+ free(sig2path); - free(filepath); - - return rv; -diff --git a/bin/xbps-rindex/sign.c b/bin/xbps-rindex/sign.c -index 666f7e24..94886f80 100644 ---- a/bin/xbps-rindex/sign.c -+++ b/bin/xbps-rindex/sign.c -@@ -106,12 +106,7 @@ rsa_sign_file(RSA *rsa, const char *file, - return false; - } - -- /* -- * XXX: NID_sha1 is wrong, doesn't make it any weaker -- * but the ASN1 is wrong, OpenSSL/LibreSSL doesn't care. -- * Other implementations like golang fail because of this. -- */ -- if (!RSA_sign(NID_sha1, digest, XBPS_SHA256_DIGEST_SIZE, -+ if (!RSA_sign(NID_sha256, digest, XBPS_SHA256_DIGEST_SIZE, - *sigret, siglen, rsa)) { - free(*sigret); - return false; -@@ -262,7 +257,7 @@ sign_pkg(struct xbps_handle *xhp, const char *binpkg, const char *privkey, bool - char *sigfile = NULL; - int rv = 0, sigfile_fd = -1; - -- sigfile = xbps_xasprintf("%s.sig", binpkg); -+ sigfile = xbps_xasprintf("%s.sig2", binpkg); - /* - * Skip pkg if file signature exists - */ -diff --git a/include/xbps.h.in b/include/xbps.h.in -index a8024a2b..07af916b 100644 ---- a/include/xbps.h.in -+++ b/include/xbps.h.in -@@ -1958,8 +1958,8 @@ bool xbps_verify_signature(struct xbps_repo *repo, const char *sigfile, - * in \a repo. - * - * @param[in] repo Repository to use with the RSA public key associated. -- * @param[in] fname The filename to verify, the signature file must have a .sig -- * extension, i.e `.sig`. -+ * @param[in] fname The filename to verify, the signature file must have a .sig2 -+ * extension, i.e `.sig2`. - * - * @return True if the signature is valid, false otherwise. - */ -diff --git a/lib/transaction_fetch.c b/lib/transaction_fetch.c -index c3cc7ed0..456d500d 100644 ---- a/lib/transaction_fetch.c -+++ b/lib/transaction_fetch.c -@@ -69,7 +69,7 @@ verify_binpkg(struct xbps_handle *xhp, xbps_dictionary_t pkgd) - xbps_set_cb_state(xhp, XBPS_STATE_VERIFY_FAIL, rv, pkgver, - "%s: removed pkg archive and its signature.", pkgver); - (void)remove(binfile); -- sigfile = xbps_xasprintf("%s.sig", binfile); -+ sigfile = xbps_xasprintf("%s.sig2", binfile); - (void)remove(sigfile); - free(sigfile); - goto out; -@@ -108,8 +108,8 @@ download_binpkg(struct xbps_handle *xhp, xbps_dictionary_t repo_pkgd) - xbps_dictionary_get_cstring_nocopy(repo_pkgd, "pkgver", &pkgver); - xbps_dictionary_get_cstring_nocopy(repo_pkgd, "architecture", &arch); - -- snprintf(buf, sizeof buf, "%s/%s.%s.xbps.sig", repoloc, pkgver, arch); -- sigsuffix = buf+(strlen(buf)-sizeof (".sig")+1); -+ snprintf(buf, sizeof buf, "%s/%s.%s.xbps.sig2", repoloc, pkgver, arch); -+ sigsuffix = buf+(strlen(buf)-sizeof (".sig2")+1); - - xbps_set_cb_state(xhp, XBPS_STATE_DOWNLOAD, 0, pkgver, - "Downloading `%s' signature (from `%s')...", pkgver, repoloc); -@@ -143,8 +143,8 @@ download_binpkg(struct xbps_handle *xhp, xbps_dictionary_t repo_pkgd) - xbps_set_cb_state(xhp, XBPS_STATE_VERIFY, 0, pkgver, - "%s: verifying RSA signature...", pkgver); - -- snprintf(buf, sizeof buf, "%s/%s.%s.xbps.sig", xhp->cachedir, pkgver, arch); -- sigsuffix = buf+(strlen(buf)-sizeof (".sig")+1); -+ snprintf(buf, sizeof buf, "%s/%s.%s.xbps.sig2", xhp->cachedir, pkgver, arch); -+ sigsuffix = buf+(strlen(buf)-sizeof (".sig2")+1); - - if ((repo = xbps_rpool_get_repo(repoloc)) == NULL) { - rv = errno; -diff --git a/lib/util.c b/lib/util.c -index 71afd43b..296c399d 100644 ---- a/lib/util.c -+++ b/lib/util.c -@@ -403,15 +403,15 @@ xbps_remote_binpkg_exists(struct xbps_handle *xhp, xbps_dictionary_t pkgd) - "architecture", &arch)) - return NULL; - -- snprintf(path, sizeof(path), "%s/%s.%s.xbps.sig", xhp->cachedir, -+ snprintf(path, sizeof(path), "%s/%s.%s.xbps.sig2", xhp->cachedir, - pkgver, arch); - - /* check if the signature file exists */ - if (access(path, R_OK) != 0) - return false; - -- /* strip the .sig suffix and check if binpkg file exists */ -- path[strlen(path)-sizeof (".sig")+1] = '\0'; -+ /* strip the .sig2 suffix and check if binpkg file exists */ -+ path[strlen(path)-sizeof (".sig2")+1] = '\0'; - - return access(path, R_OK) == 0; - } -diff --git a/lib/verifysig.c b/lib/verifysig.c -index 56537989..9aa574c2 100644 ---- a/lib/verifysig.c -+++ b/lib/verifysig.c -@@ -63,7 +63,7 @@ rsa_verify_hash(struct xbps_repo *repo, xbps_data_t pubkey, - return false; - } - -- rv = RSA_verify(NID_sha1, sha256, SHA256_DIGEST_LENGTH, sig, siglen, rsa); -+ rv = RSA_verify(NID_sha256, sha256, SHA256_DIGEST_LENGTH, sig, siglen, rsa); - RSA_free(rsa); - BIO_free(bio); - ERR_free_strings(); -@@ -145,7 +145,7 @@ xbps_verify_file_signature(struct xbps_repo *repo, const char *fname) - return false; - } - -- snprintf(sig, sizeof sig, "%s.sig", fname); -+ snprintf(sig, sizeof sig, "%s.sig2", fname); - val = xbps_verify_signature(repo, sig, digest); - - return val; --- -2.41.0 ---- -From 51e886baec3fd0edf1ed74e7c29badc3936f3696 Mon Sep 17 00:00:00 2001 -From: classabbyamp -Date: Tue, 15 Aug 2023 16:42:33 -0400 -Subject: [PATCH] lib/transaction_fetch.c: don't rely on digest being NULL - -caused issues when .xbps existed locally but .sig2 did not. ---- - lib/transaction_fetch.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/transaction_fetch.c b/lib/transaction_fetch.c -index 4af461db..4cbe288e 100644 ---- a/lib/transaction_fetch.c -+++ b/lib/transaction_fetch.c -@@ -159,7 +159,7 @@ download_binpkg(struct xbps_handle *xhp, xbps_dictionary_t repo_pkgd) - * If digest is not set, binary package was not downloaded, - * i.e. 304 not modified, verify by file instead. - */ -- if (*digest) { -+ if (fetchLastErrCode == FETCH_UNCHANGED) { - *sigsuffix = '\0'; - if (!xbps_verify_file_signature(repo, buf)) { - rv = EPERM; --- -2.41.0 - diff --git a/srcpkgs/xbps/template b/srcpkgs/xbps/template index 4dcb7a1f6e2..5b34b331d58 100644 --- a/srcpkgs/xbps/template +++ b/srcpkgs/xbps/template @@ -1,7 +1,7 @@ # Template file for 'xbps' pkgname=xbps -version=0.59.1 -revision=10 +version=0.59.2 +revision=1 bootstrap=yes build_style=configure short_desc="XBPS package system utilities" @@ -10,7 +10,7 @@ license="BSD-2-Clause, BSD-3-Clause, ISC" homepage="https://github.com/void-linux/xbps" changelog="https://github.com/void-linux/xbps/blob/master/NEWS" distfiles="https://github.com/void-linux/xbps/archive/${version}.tar.gz" -checksum=0cbd8d5f23a62047c75974bca21da9f004a94efffd7f37c68562a8dbc869fb2a +checksum=a6607e83fcd654a0ae846d729e43fefd8da9a61323e91430f884caf895b4f59b hostmakedepends="pkgconf" checkdepends="kyua"