diff --git a/build-package.sh b/build-package.sh index 122ae6cc0..24119962e 100755 --- a/build-package.sh +++ b/build-package.sh @@ -349,7 +349,6 @@ termux_step_setup_variables() { # Set if a host build should be done in TERMUX_PKG_HOSTBUILD_DIR: TERMUX_PKG_HOSTBUILD="" TERMUX_PKG_MAINTAINER="Fredrik Fornwall @fornwall" - TERMUX_PKG_CLANG=yes # does nothing for cmake based packages. clang is chosen by cmake TERMUX_PKG_FORCE_CMAKE=no # if the package has autotools as well as cmake, then set this to prefer cmake TERMUX_CMAKE_BUILD=Ninja # Which cmake generator to use TERMUX_PKG_HAS_DEBUG=yes # set to no if debug build doesn't exist or doesn't work, for example for python based packages @@ -577,17 +576,9 @@ termux_step_setup_toolchain() { export CFLAGS="" export LDFLAGS="-L${TERMUX_PREFIX}/lib" - if [ "$TERMUX_PKG_CLANG" = "no" ]; then - export AS=${TERMUX_HOST_PLATFORM}-gcc - export CC=$TERMUX_HOST_PLATFORM-gcc - export CXX=$TERMUX_HOST_PLATFORM-g++ - LDFLAGS+=" -specs=$TERMUX_SCRIPTDIR/termux.spec" - CFLAGS+=" -specs=$TERMUX_SCRIPTDIR/termux.spec" - else - export AS=${TERMUX_HOST_PLATFORM}-clang - export CC=$TERMUX_HOST_PLATFORM-clang - export CXX=$TERMUX_HOST_PLATFORM-clang++ - fi + export AS=${TERMUX_HOST_PLATFORM}-clang + export CC=$TERMUX_HOST_PLATFORM-clang + export CXX=$TERMUX_HOST_PLATFORM-clang++ export AR=$TERMUX_HOST_PLATFORM-ar export CPP=${TERMUX_HOST_PLATFORM}-cpp @@ -609,9 +600,7 @@ termux_step_setup_toolchain() { # "We recommend using the -mthumb compiler flag to force the generation of 16-bit Thumb-2 instructions". # With r13 of the ndk ruby 2.4.0 segfaults when built on arm with clang without -mthumb. CFLAGS+=" -march=armv7-a -mfpu=neon -mfloat-abi=softfp -mthumb" - if [ "$TERMUX_PKG_CLANG" != "no" ]; then - CFLAGS+=" -fno-integrated-as" - fi + CFLAGS+=" -fno-integrated-as" LDFLAGS+=" -march=armv7-a" elif [ "$TERMUX_ARCH" = "i686" ]; then # From $NDK/docs/CPU-ARCH-ABIS.html: @@ -627,17 +616,13 @@ termux_step_setup_toolchain() { if [ -n "$TERMUX_DEBUG" ]; then CFLAGS+=" -g3 -O1 -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2" else - if [ "$TERMUX_PKG_CLANG" = "no" ]; then + # -Oz seems good for clang, see https://github.com/android-ndk/ndk/issues/133. + # However, on arm it has a lot of issues such as #1520, #1680, #1765 and + # https://bugs.llvm.org/show_bug.cgi?id=35379, so use so use -Os there for now: + if [ $TERMUX_ARCH = arm ]; then CFLAGS+=" -Os" else - # -Oz seems good for clang, see https://github.com/android-ndk/ndk/issues/133. - # However, on arm it has a lot of issues such as #1520, #1680, #1765 and - # https://bugs.llvm.org/show_bug.cgi?id=35379, so use so use -Os there for now: - if [ $TERMUX_ARCH = arm ]; then - CFLAGS+=" -Os" - else - CFLAGS+=" -Oz" - fi + CFLAGS+=" -Oz" fi fi diff --git a/disabled-packages/openssl/build.sh b/disabled-packages/openssl/build.sh deleted file mode 100755 index 20ca15e08..000000000 --- a/disabled-packages/openssl/build.sh +++ /dev/null @@ -1,44 +0,0 @@ -TERMUX_PKG_HOMEPAGE=https://www.openssl.org/ -TERMUX_PKG_DESCRIPTION="Library implementing the SSL and TLS protocols as well as general purpose cryptography functions" -TERMUX_PKG_DEPENDS="ca-certificates" -TERMUX_PKG_VERSION=1.1.1~pre9 -TERMUX_PKG_SHA256=95ebdfbb05e8451fb01a186ccaa4a7da0eff9a48999ede9fe1a7d90db75ccb4c -TERMUX_PKG_SRCURL=https://www.openssl.org/source/openssl-${TERMUX_PKG_VERSION/\~/-}.tar.gz -TERMUX_PKG_RM_AFTER_INSTALL="bin/c_rehash etc/ssl/misc" -TERMUX_PKG_BUILD_IN_SRC=yes - -# Information about compilation and installation of openssl: -# http://wiki.openssl.org/index.php/Compilation_and_Installation - -termux_step_configure () { - CFLAGS+=" -DNO_SYSLOG" - - perl -p -i -e "s@TERMUX_CFLAGS@$CFLAGS@g" Configure - rm -Rf $TERMUX_PREFIX/lib/libcrypto.* $TERMUX_PREFIX/lib/libssl.* - test $TERMUX_ARCH = "arm" && TERMUX_OPENSSL_PLATFORM="android-arm" - test $TERMUX_ARCH = "aarch64" && TERMUX_OPENSSL_PLATFORM="android-arm64" - test $TERMUX_ARCH = "i686" && TERMUX_OPENSSL_PLATFORM="android-x86" - test $TERMUX_ARCH = "x86_64" && TERMUX_OPENSSL_PLATFORM="android-x86_64" - # If enabling zlib-dynamic we need "zlib-dynamic" instead of "no-comp no-dso": - ./Configure $TERMUX_OPENSSL_PLATFORM \ - --prefix=$TERMUX_PREFIX \ - --openssldir=$TERMUX_PREFIX/etc/tls \ - shared \ - no-ssl \ - no-comp \ - no-dso \ - no-hw \ - no-engine \ - no-srp \ - no-tests -} - -termux_step_make () { - make depend - make -j $TERMUX_MAKE_PROCESSES all -} - -termux_step_make_install () { - # "install_sw" instead of "install" to not install man pages: - make -j 1 install_sw MANDIR=$TERMUX_PREFIX/share/man MANSUFFIX=.ssl -} diff --git a/disabled-packages/openssl/e_os.h.patch b/disabled-packages/openssl/e_os.h.patch deleted file mode 100644 index 2d5b44969..000000000 --- a/disabled-packages/openssl/e_os.h.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -uNr openssl-1.0.2o/e_os.h openssl-1.0.2o.mod/e_os.h ---- openssl-1.0.2o/e_os.h 2018-03-27 16:54:46.000000000 +0300 -+++ openssl-1.0.2o.mod/e_os.h 2018-06-19 15:24:21.644044663 +0300 -@@ -90,7 +90,7 @@ - * sockets will be tried in the order listed in case accessing the device - * files listed in DEVRANDOM did not return enough entropy. - */ --# define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy" -+# define DEVRANDOM_EGD "@TERMUX_PREFIX@/var/run/egd-pool","/dev/egd-pool","@TERMUX_PREFIX@/etc/egd-pool","@TERMUX_PREFIX@/etc/entropy" - # endif - - # if defined(OPENSSL_SYS_VXWORKS) diff --git a/disabled-packages/openssl/openssl-tool.subpackage.sh b/disabled-packages/openssl/openssl-tool.subpackage.sh deleted file mode 100644 index 62ede318f..000000000 --- a/disabled-packages/openssl/openssl-tool.subpackage.sh +++ /dev/null @@ -1,3 +0,0 @@ -TERMUX_SUBPKG_INCLUDE="bin" -TERMUX_SUBPKG_DESCRIPTION="The openssl command line cryptographic tool" -TERMUX_SUBPKG_DEPENDS="openssl" diff --git a/packages/alpine/build.sh b/packages/alpine/build.sh index 756972fb5..f9bdeea16 100644 --- a/packages/alpine/build.sh +++ b/packages/alpine/build.sh @@ -1,8 +1,7 @@ TERMUX_PKG_HOMEPAGE=http://repo.or.cz/alpine.git TERMUX_PKG_DESCRIPTION="Fast, easy to use email client" -TERMUX_PKG_VERSION=2.21 -TERMUX_PKG_REVISION=3 -TERMUX_PKG_SHA256=6030b6881b8168546756ab3a5e43628d8d564539b0476578e287775573a77438 +TERMUX_PKG_VERSION=2.21.9999 +TERMUX_PKG_SHA256=d5f436019860961f4cb6c9a847e2557e7a284043da59d4fab3263f9796ff646b TERMUX_PKG_SRCURL=https://fossies.org/linux/misc/alpine-$TERMUX_PKG_VERSION.tar.xz TERMUX_PKG_DEPENDS="libcrypt, ncurses, openssl-tool" TERMUX_PKG_EXTRA_CONFIGURE_ARGS=" diff --git a/packages/alpine/pithmake.am.patch b/packages/alpine/pithmake.am.patch deleted file mode 100644 index 04f34b810..000000000 --- a/packages/alpine/pithmake.am.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- ../cache/alpine-2.20/pith/Makefile.am 2015-01-12 05:12:25.585178823 +0000 -+++ ./pith/Makefile.am 2016-12-11 05:35:52.697766827 +0000 -@@ -29,19 +29,13 @@ - state.c status.c store.c stream.c string.c strlst.c takeaddr.c tempfile.c text.c \ - thread.c adjtime.c url.c util.c helptext.c smkeys.c smime.c - --help_c_gen$(EXEEXT): $(help_c_gen_OBJECTS) $(help_c_gen_DEPENDENCIES) -- @rm -f help_c_gen$(EXEEXT) -- $(LINK) $(help_c_gen_OBJECTS) $(help_c_gen_LDADD) --help_h_gen$(EXEEXT): $(help_h_gen_OBJECTS) $(help_h_gen_DEPENDENCIES) -- @rm -f help_h_gen$(EXEEXT) -- $(LINK) $(help_h_gen_OBJECTS) $(help_h_gen_LDADD) - --helptext.c: help_c_gen pine.hlp -+helptext.c: pine.hlp - ./help_c_gen < pine.hlp > $@ - --helptext.h: help_h_gen pine.hlp -+helptext.h: pine.hlp - ./help_h_gen < pine.hlp > $@ - - AM_CPPFLAGS = -I@top_builddir@/include -I@top_srcdir@/include - --CLEANFILES = helptext.c helptext.h help_h_gen help_c_gen -+CLEANFILES = helptext.c helptext.h diff --git a/packages/apache2/build.sh b/packages/apache2/build.sh index e1a3d8f0b..97605c951 100644 --- a/packages/apache2/build.sh +++ b/packages/apache2/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://httpd.apache.org TERMUX_PKG_DESCRIPTION="Apache Web Server" TERMUX_PKG_VERSION=2.4.34 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=fa53c95631febb08a9de41fd2864cfff815cf62d9306723ab0d4b8d7aa1638f0 TERMUX_PKG_SRCURL=https://www.apache.org/dist/httpd/httpd-$TERMUX_PKG_VERSION.tar.bz2 TERMUX_PKG_DEPENDS="apr, apr-util, pcre, openssl, libcrypt, libandroid-support, libnghttp2, libexpat" diff --git a/packages/aria2/build.sh b/packages/aria2/build.sh index e95ace53c..9b77e8493 100644 --- a/packages/aria2/build.sh +++ b/packages/aria2/build.sh @@ -1,7 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://aria2.github.io TERMUX_PKG_DESCRIPTION="Download utility supporting HTTP/HTTPS, FTP, BitTorrent and Metalink" TERMUX_PKG_VERSION=1.34.0 -TERMUX_PKG_REVISION=1 +TERMUX_PKG_REVISION=2 TERMUX_PKG_SHA256=3a44a802631606e138a9e172a3e9f5bcbaac43ce2895c1d8e2b46f30487e77a3 TERMUX_PKG_SRCURL=https://github.com/aria2/aria2/releases/download/release-${TERMUX_PKG_VERSION}/aria2-${TERMUX_PKG_VERSION}.tar.xz TERMUX_PKG_DEPENDS="c-ares, openssl, libxml2" diff --git a/packages/axel/build.sh b/packages/axel/build.sh index e98f3309e..6c039111d 100755 --- a/packages/axel/build.sh +++ b/packages/axel/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://github.com/axel-download-accelerator/axel TERMUX_PKG_DESCRIPTION="light command line download accelerator" TERMUX_PKG_VERSION=2.16.1 +TERMUX_PKG_REVISION=1 TERMUX_PKG_MAINTAINER="lokesh @hax4us" TERMUX_PKG_DEPENDS="openssl" TERMUX_PKG_BUILD_DEPENDS="pkg-config, gettext" diff --git a/packages/dnsutils/build.sh b/packages/dnsutils/build.sh index c34d0f23a..7c7d75bbd 100644 --- a/packages/dnsutils/build.sh +++ b/packages/dnsutils/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://www.isc.org/downloads/bind/ TERMUX_PKG_DESCRIPTION="Clients provided with BIND" TERMUX_PKG_VERSION=9.12.2-P1 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=9c4b55c2b8a2052ce488ebaeca1b715721d1a6cbffd7da3634c41287b86954a4 TERMUX_PKG_SRCURL="ftp://ftp.isc.org/isc/bind9/${TERMUX_PKG_VERSION}/bind-${TERMUX_PKG_VERSION}.tar.gz" TERMUX_PKG_DEPENDS="openssl, readline, resolv-conf" diff --git a/packages/elinks/build.sh b/packages/elinks/build.sh index 6659784af..f69cb849f 100644 --- a/packages/elinks/build.sh +++ b/packages/elinks/build.sh @@ -2,7 +2,7 @@ TERMUX_PKG_HOMEPAGE=http://elinks.or.cz TERMUX_PKG_DESCRIPTION="Full-Featured Text WWW Browser" _COMMIT=f86be659718c0cd0a67f88b42f07044c23d0d028 TERMUX_PKG_VERSION=0.13.GIT -TERMUX_PKG_REVISION=1 +TERMUX_PKG_REVISION=2 TERMUX_PKG_SRCURL=https://github.com/xeffyr/elinks/archive/${_COMMIT}.zip TERMUX_PKG_SHA256=3e65aaabcc4f6b2418643cf965786c00e3f196330f3e7863ca83f9e546d5e609 TERMUX_PKG_DEPENDS="libexpat, libidn, openssl, libbz2" diff --git a/packages/erlang/build.sh b/packages/erlang/build.sh index 87980c7e8..2bbca644a 100755 --- a/packages/erlang/build.sh +++ b/packages/erlang/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://www.erlang.org/ TERMUX_PKG_DESCRIPTION="General-purpose concurrent functional programming language" TERMUX_PKG_VERSION=21.0.8 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=593c0cd52937564b1af540fb0df66d6210407bdd46e3a43b48cb3ea4f975cb03 TERMUX_PKG_SRCURL=https://github.com/erlang/otp/archive/OTP-$TERMUX_PKG_VERSION.tar.gz TERMUX_PKG_DEPENDS="openssl, ncurses, libutil" diff --git a/packages/fossil/build.sh b/packages/fossil/build.sh index ff9890b7f..540662b15 100644 --- a/packages/fossil/build.sh +++ b/packages/fossil/build.sh @@ -2,6 +2,7 @@ TERMUX_PKG_HOMEPAGE=https://www.fossil-scm.org TERMUX_PKG_DESCRIPTION="DSCM with built-in wiki, http interface and server, tickets database" TERMUX_PKG_MAINTAINER="Vishal Biswas @vishalbiswas" TERMUX_PKG_VERSION=2.6 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=76a794555918be179850739a90f157de0edb8568ad552b4c40ce186c79ff6ed9 TERMUX_PKG_SRCURL=https://www.fossil-scm.org/index.html/uv/fossil-src-${TERMUX_PKG_VERSION}.tar.gz TERMUX_PKG_DEPENDS="libsqlite, openssl" diff --git a/packages/git/build.sh b/packages/git/build.sh index 3ce446110..1f8bbd6f2 100755 --- a/packages/git/build.sh +++ b/packages/git/build.sh @@ -3,6 +3,7 @@ TERMUX_PKG_DESCRIPTION="Fast, scalable, distributed revision control system" # less is required as a pager for git log, and the busybox less does not handle used escape sequences. TERMUX_PKG_DEPENDS="libcurl, less, openssl, pcre2" TERMUX_PKG_VERSION=2.18.0 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=8b40be383a603147ae29337136c00d1c634bdfdc169a30924a024596a7e30e92 TERMUX_PKG_SRCURL=https://www.kernel.org/pub/software/scm/git/git-${TERMUX_PKG_VERSION}.tar.xz ## This requires a working $TERMUX_PREFIX/bin/sh on the host building: diff --git a/packages/gst-plugins-bad/build.sh b/packages/gst-plugins-bad/build.sh index d6606077c..4be587eea 100644 --- a/packages/gst-plugins-bad/build.sh +++ b/packages/gst-plugins-bad/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://gstreamer.freedesktop.org/ TERMUX_PKG_DESCRIPTION="GStreamer Bad Plug-ins" TERMUX_PKG_VERSION=1.14.2 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=34fab7da70994465a64468330b2168a4a0ed90a7de7e4c499b6d127c6c1b1eaf TERMUX_PKG_SRCURL=https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-${TERMUX_PKG_VERSION}.tar.xz TERMUX_PKG_BUILD_IN_SRC=yes diff --git a/packages/httping/build.sh b/packages/httping/build.sh index 877f733a6..a547086f6 100644 --- a/packages/httping/build.sh +++ b/packages/httping/build.sh @@ -1,7 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://www.vanheusden.com/httping/ TERMUX_PKG_DESCRIPTION="ping-like program for http-requests" TERMUX_PKG_VERSION=2.5 -TERMUX_PKG_REVISION=1 +TERMUX_PKG_REVISION=2 TERMUX_PKG_SRCURL=https://fossies.org/linux/www/httping-${TERMUX_PKG_VERSION}.tgz TERMUX_PKG_SHA256=3e895a0a6d7bd79de25a255a1376d4da88eb09c34efdd0476ab5a907e75bfaf8 TERMUX_PKG_BUILD_IN_SRC=yes diff --git a/packages/hydra/build.sh b/packages/hydra/build.sh index b4f54714a..163e2edbd 100644 --- a/packages/hydra/build.sh +++ b/packages/hydra/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://github.com/vanhauser-thc/thc-hydra TERMUX_PKG_DESCRIPTION="Network logon cracker supporting different services" TERMUX_PKG_VERSION=8.6.20180104 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=794e5e10e32c9ef3eaf20bbefc0348b997bbb3824dda6de3b5aab91f49beec31 TERMUX_PKG_SRCURL=https://github.com/vanhauser-thc/thc-hydra/archive/9597bafb178a57f839502abdd3d62b0b43028993.zip TERMUX_PKG_BUILD_IN_SRC=yes diff --git a/packages/icecast/build.sh b/packages/icecast/build.sh index 6b40ad4e9..3a61f6698 100644 --- a/packages/icecast/build.sh +++ b/packages/icecast/build.sh @@ -1,7 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://icecast.org TERMUX_PKG_DESCRIPTION="Icecast is a streaming media (audio/video) server" TERMUX_PKG_VERSION=2.4.3 -TERMUX_PKG_REVISION=1 +TERMUX_PKG_REVISION=2 TERMUX_PKG_SRCURL=https://downloads.xiph.org/releases/icecast/icecast-$TERMUX_PKG_VERSION.tar.gz TERMUX_PKG_SHA256=c85ca48c765d61007573ee1406a797ae6cb31fb5961a42e7f1c87adb45ddc592 TERMUX_PKG_DEPENDS="libcurl, libgnutls, libogg, libvorbis, libxml2, libxslt, mime-support, openssl" diff --git a/packages/iperf3/build.sh b/packages/iperf3/build.sh index 8716757ce..68104c1a2 100644 --- a/packages/iperf3/build.sh +++ b/packages/iperf3/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://github.com/esnet/iperf TERMUX_PKG_DESCRIPTION="TCP, UDP, and SCTP network bandwidth measurement tool" TERMUX_PKG_VERSION=3.6 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=de5d51e46dc460cc590fb4d44f95e7cad54b74fea1eba7d6ebd6f8887d75946e TERMUX_PKG_SRCURL=https://fossies.org/linux/privat/iperf-$TERMUX_PKG_VERSION.tar.gz TERMUX_PKG_DEPENDS="openssl" diff --git a/packages/irssi/build.sh b/packages/irssi/build.sh index 50f204bc9..d42f4e8a5 100755 --- a/packages/irssi/build.sh +++ b/packages/irssi/build.sh @@ -2,6 +2,7 @@ TERMUX_PKG_HOMEPAGE=https://irssi.org/ TERMUX_PKG_DESCRIPTION="Terminal based IRC client" TERMUX_PKG_DEPENDS="ncurses, openssl, glib, libandroid-glob" TERMUX_PKG_VERSION=1.1.1 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=784807e7a1ba25212347f03e4287cff9d0659f076edfb2c6b20928021d75a1bf TERMUX_PKG_SRCURL=https://github.com/irssi/irssi/releases/download/$TERMUX_PKG_VERSION/irssi-$TERMUX_PKG_VERSION.tar.xz TERMUX_PKG_BUILD_IN_SRC=yes diff --git a/packages/krb5/build.sh b/packages/krb5/build.sh index e88dc7a1a..8f589ee46 100644 --- a/packages/krb5/build.sh +++ b/packages/krb5/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://web.mit.edu/kerberos TERMUX_PKG_DESCRIPTION="The Kerberos network authentication system" TERMUX_PKG_VERSION=1.16.1 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=214ffe394e3ad0c730564074ec44f1da119159d94281bbec541dc29168d21117 TERMUX_PKG_SRCURL=https://fossies.org/linux/misc/krb5-$TERMUX_PKG_VERSION.tar.gz TERMUX_PKG_DEPENDS="libandroid-support, libandroid-glob, readline, openssl, libutil, libdb" diff --git a/packages/ldns/build.sh b/packages/ldns/build.sh index 2ca6698c2..ee8197456 100755 --- a/packages/ldns/build.sh +++ b/packages/ldns/build.sh @@ -2,13 +2,12 @@ TERMUX_PKG_HOMEPAGE=https://www.nlnetlabs.nl/projects/ldns/ TERMUX_PKG_DESCRIPTION="Library for simplifying DNS programming and supporting recent and experimental RFCs" TERMUX_PKG_DEPENDS="openssl" TERMUX_PKG_VERSION=1.7.0 -TERMUX_PKG_REVISION=4 +TERMUX_PKG_REVISION=5 TERMUX_PKG_SRCURL=https://www.nlnetlabs.nl/downloads/ldns/ldns-${TERMUX_PKG_VERSION}.tar.gz TERMUX_PKG_SHA256=c19f5b1b4fb374cfe34f4845ea11b1e0551ddc67803bd6ddd5d2a20f0997a6cc -# --disable-dane-verify needed until openssl 1.1.0: TERMUX_PKG_EXTRA_CONFIGURE_ARGS=" --with-ssl=$TERMUX_PREFIX ---disable-dane-verify +--disable-gost " TERMUX_PKG_INCLUDE_IN_DEVPACKAGE="bin/ldns-config share/man/man1/ldns-config.1" diff --git a/packages/lftp/build.sh b/packages/lftp/build.sh index 858c08326..54932ad21 100644 --- a/packages/lftp/build.sh +++ b/packages/lftp/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://lftp.tech/ TERMUX_PKG_DESCRIPTION="FTP/HTTP client and file transfer program" TERMUX_PKG_VERSION=4.8.4 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=4ebc271e9e5cea84a683375a0f7e91086e5dac90c5d51bb3f169f75386107a62 TERMUX_PKG_SRCURL=https://lftp.tech/ftp/lftp-${TERMUX_PKG_VERSION}.tar.xz # (1) Android has dn_expand, but lftp assumes that dn_skipname then exists, which it does not on android. diff --git a/packages/libarchive/build.sh b/packages/libarchive/build.sh index 1af784d39..97809a793 100644 --- a/packages/libarchive/build.sh +++ b/packages/libarchive/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://www.libarchive.org/ TERMUX_PKG_DESCRIPTION="Multi-format archive and compression library" TERMUX_PKG_VERSION=3.3.3 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=ba7eb1781c9fbbae178c4c6bad1c6eb08edab9a1496c64833d1715d022b30e2e TERMUX_PKG_SRCURL=https://www.libarchive.org/downloads/libarchive-${TERMUX_PKG_VERSION}.tar.gz TERMUX_PKG_DEPENDS="libbz2, liblzma, libxml2, openssl" diff --git a/packages/libcrypt/build.sh b/packages/libcrypt/build.sh index c93d4ce99..4f38903a5 100644 --- a/packages/libcrypt/build.sh +++ b/packages/libcrypt/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=http://michael.dipperstein.com/crypt/ TERMUX_PKG_DESCRIPTION="A crypt(3) implementation" TERMUX_PKG_VERSION=0.2 +TERMUX_PKG_REVISION=1 TERMUX_PKG_DEPENDS="openssl" termux_step_make_install () { diff --git a/packages/libcurl/build.sh b/packages/libcurl/build.sh index d0c95aaab..a9da4028d 100755 --- a/packages/libcurl/build.sh +++ b/packages/libcurl/build.sh @@ -2,6 +2,7 @@ TERMUX_PKG_HOMEPAGE=https://curl.haxx.se/ TERMUX_PKG_DESCRIPTION="Easy-to-use client-side URL transfer library" TERMUX_PKG_DEPENDS="openssl, libnghttp2" TERMUX_PKG_VERSION=7.61.1 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=a308377dbc9a16b2e994abd55455e5f9edca4e31666f8f8fcfe7a1a4aea419b9 TERMUX_PKG_SRCURL=https://curl.haxx.se/download/curl-${TERMUX_PKG_VERSION}.tar.bz2 TERMUX_PKG_EXTRA_CONFIGURE_ARGS=" diff --git a/packages/libgit2/build.sh b/packages/libgit2/build.sh index 40257d1b7..5c3b9d708 100644 --- a/packages/libgit2/build.sh +++ b/packages/libgit2/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://libgit2.github.com/ TERMUX_PKG_DESCRIPTION="C library implementing Git core methods" TERMUX_PKG_VERSION=0.27.4 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=0b7ca31cb959ff1b22afa0da8621782afe61f99242bf716c403802ffbdb21d51 TERMUX_PKG_SRCURL=https://github.com/libgit2/libgit2/archive/v${TERMUX_PKG_VERSION}.tar.gz TERMUX_PKG_DEPENDS="libcurl, openssl" diff --git a/packages/libgrpc/build.sh b/packages/libgrpc/build.sh index a4f3250c1..ebbd8acda 100644 --- a/packages/libgrpc/build.sh +++ b/packages/libgrpc/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://grpc.io/ TERMUX_PKG_DESCRIPTION="High performance, open source, general RPC framework that puts mobile and HTTP/2 first" TERMUX_PKG_VERSION=1.14.1 +TERMUX_PKG_REVISION=1 TERMUX_PKG_MAINTAINER="Vishal Biswas @vishalbiswas" TERMUX_PKG_DEPENDS="openssl, protobuf, c-ares" TERMUX_PKG_HOSTBUILD=true diff --git a/packages/libmesode/build.sh b/packages/libmesode/build.sh index c9673d85a..d4b8ea45e 100644 --- a/packages/libmesode/build.sh +++ b/packages/libmesode/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://github.com/boothj5/libmesode TERMUX_PKG_DESCRIPTION="libmesode is a minimal XMPP library written in C. Fork of libstrophe for use with Profanity XMPP Client. Provides extra TLS functionality such as manual SSL certificate verfication" TERMUX_PKG_VERSION=0.9.1 +TERMUX_PKG_REVISION=1 TERMUX_PKG_MAINTAINER="Oliver Schmidhauser @Neo-Oli" TERMUX_PKG_SRCURL=https://github.com/boothj5/libmesode/archive/${TERMUX_PKG_VERSION}.tar.gz TERMUX_PKG_SHA256=e693ea1577f0d9e6e58dd8ada9825c359784a225620cbc2fde7295369d295245 diff --git a/packages/libmosquitto/build.sh b/packages/libmosquitto/build.sh index d9d57e30b..7ec5eca69 100644 --- a/packages/libmosquitto/build.sh +++ b/packages/libmosquitto/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://mosquitto.org/ TERMUX_PKG_DESCRIPTION="MQTT library" TERMUX_PKG_VERSION=1.5.1 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=8557bc7ae34dfaf32a0fb56d2491b7a7f731269c88337227233013502df4d5b0 TERMUX_PKG_SRCURL=https://mosquitto.org/files/source/mosquitto-${TERMUX_PKG_VERSION}.tar.gz TERMUX_PKG_DEPENDS="c-ares, openssl" diff --git a/packages/libssh/build.sh b/packages/libssh/build.sh index 15157fe11..e0edd1cc7 100644 --- a/packages/libssh/build.sh +++ b/packages/libssh/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://www.libssh.org/ TERMUX_PKG_DESCRIPTION="Tiny C SSH library" TERMUX_PKG_VERSION=0.8.2 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=1f5bb2c64a757a11959c22556493c6e31ea17aacd7d61e6e181692cca05686c2 TERMUX_PKG_SRCURL=https://git.libssh.org/projects/libssh.git/snapshot/libssh-${TERMUX_PKG_VERSION}.tar.bz2 TERMUX_PKG_DEPENDS="openssl" diff --git a/packages/libssh2/build.sh b/packages/libssh2/build.sh index 99173c113..b59d2ea10 100644 --- a/packages/libssh2/build.sh +++ b/packages/libssh2/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://www.libssh2.org TERMUX_PKG_DESCRIPTION="Client-side library implementing the SSH2 protocol" TERMUX_PKG_VERSION=1.8.0 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=39f34e2f6835f4b992cafe8625073a88e5a28ba78f83e8099610a7b3af4676d4 TERMUX_PKG_SRCURL=https://www.libssh2.org/download/libssh2-$TERMUX_PKG_VERSION.tar.gz TERMUX_PKG_DEPENDS="openssl" diff --git a/packages/lighttpd/build.sh b/packages/lighttpd/build.sh index af24711a7..4981bb76c 100644 --- a/packages/lighttpd/build.sh +++ b/packages/lighttpd/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=http://www.lighttpd.net TERMUX_PKG_DESCRIPTION="Fast webserver with minimal memory footprint" TERMUX_PKG_VERSION=1.4.50 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=29378312d8887cbc14ffe8a7fadef2d5a08c7e7e1be942795142346ad95629eb TERMUX_PKG_SRCURL=http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${TERMUX_PKG_VERSION}.tar.xz TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--with-bzip2 --with-openssl --with-pcre --with-zlib" diff --git a/packages/lynx/build.sh b/packages/lynx/build.sh index d8820414f..fcb4c2c2c 100644 --- a/packages/lynx/build.sh +++ b/packages/lynx/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=http://lynx.browser.org/ TERMUX_PKG_DESCRIPTION="The text web browser" TERMUX_PKG_VERSION=2.8.9rel.1 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=387f193d7792f9cfada14c60b0e5c0bff18f227d9257a39483e14fa1aaf79595 TERMUX_PKG_SRCURL=http://invisible-mirror.net/archives/lynx/tarballs/lynx${TERMUX_PKG_VERSION}.tar.bz2 TERMUX_PKG_DEPENDS="ncurses, openssl, libbz2, libidn" diff --git a/packages/mariadb/build.sh b/packages/mariadb/build.sh index c5e76e176..21d12e5e1 100644 --- a/packages/mariadb/build.sh +++ b/packages/mariadb/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://mariadb.org TERMUX_PKG_DESCRIPTION="A drop-in replacement for mysql server" TERMUX_PKG_VERSION=10.3.9 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=561c6969bbd24dbb22d1d196a6b037665389b91e6dab881f39c5616389f156f4 TERMUX_PKG_SRCURL=https://ftp.osuosl.org/pub/mariadb/mariadb-$TERMUX_PKG_VERSION/source/mariadb-$TERMUX_PKG_VERSION.tar.gz TERMUX_PKG_EXTRA_CONFIGURE_ARGS=" diff --git a/packages/megatools/build.sh b/packages/megatools/build.sh index 4649b0c9d..b3d2a5574 100644 --- a/packages/megatools/build.sh +++ b/packages/megatools/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://github.com/megous/megatools TERMUX_PKG_DESCRIPTION="Open-source command line tools and C library (libmega) for accessing Mega.co.nz cloud storage" TERMUX_PKG_VERSION=1.10.2 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=48468536492bfecd8b10a42e7608129eba9922e03cbce0a11dd9e338e2a0632d TERMUX_PKG_SRCURL=https://github.com/megous/megatools/archive/$TERMUX_PKG_VERSION.tar.gz TERMUX_PKG_DEPENDS="glib, libandroid-support, libcurl, libgmp, openssl" diff --git a/packages/mosh/build.sh b/packages/mosh/build.sh index faaf5d774..f67a45d43 100644 --- a/packages/mosh/build.sh +++ b/packages/mosh/build.sh @@ -1,7 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://mosh.org TERMUX_PKG_DESCRIPTION="Mobile shell that supports roaming and intelligent local echo" TERMUX_PKG_VERSION=1.3.2 -TERMUX_PKG_REVISION=6 +TERMUX_PKG_REVISION=7 TERMUX_PKG_SHA256=da600573dfa827d88ce114e0fed30210689381bbdcff543c931e4d6a2e851216 TERMUX_PKG_SRCURL=https://github.com/mobile-shell/mosh/releases/download/mosh-${TERMUX_PKG_VERSION}/mosh-${TERMUX_PKG_VERSION}.tar.gz TERMUX_PKG_DEPENDS="libandroid-support, libprotobuf, ncurses, openssl, openssh, libutil" diff --git a/packages/mutt/build.sh b/packages/mutt/build.sh index a32288018..a9f6890c3 100644 --- a/packages/mutt/build.sh +++ b/packages/mutt/build.sh @@ -1,7 +1,7 @@ TERMUX_PKG_HOMEPAGE=http://www.mutt.org/ TERMUX_PKG_DESCRIPTION="Mail client with patches from neomutt" TERMUX_PKG_VERSION=1.10.1 -TERMUX_PKG_REVISION=1 +TERMUX_PKG_REVISION=2 TERMUX_PKG_SHA256=734a3883158ec3d180cf6538d8bd7f685ce641d2cdef657aa0038f76e79a54a0 TERMUX_PKG_SRCURL=ftp://ftp.mutt.org/pub/mutt/mutt-${TERMUX_PKG_VERSION}.tar.gz TERMUX_PKG_DEPENDS="libandroid-support, ncurses, gdbm, openssl, libsasl, mime-support" diff --git a/packages/ncmpcpp/build.sh b/packages/ncmpcpp/build.sh index 32a1cd8ac..6c8715fac 100644 --- a/packages/ncmpcpp/build.sh +++ b/packages/ncmpcpp/build.sh @@ -1,7 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://rybczak.net/ncmpcpp/ TERMUX_PKG_DESCRIPTION="NCurses Music Player Client (Plus Plus)" TERMUX_PKG_VERSION=0.8.2 -TERMUX_PKG_REVISION=3 +TERMUX_PKG_REVISION=4 TERMUX_PKG_SHA256=650ba3e8089624b7ad9e4cc19bc1ac6028edb7523cc111fa1686ea44c0921554 TERMUX_PKG_SRCURL=https://rybczak.net/ncmpcpp/stable/ncmpcpp-${TERMUX_PKG_VERSION}.tar.bz2 TERMUX_PKG_DEPENDS="fftw, boost, readline, libcurl, libmpdclient, ncurses" diff --git a/packages/nginx/build.sh b/packages/nginx/build.sh index 00d5e4c93..2da6396ed 100644 --- a/packages/nginx/build.sh +++ b/packages/nginx/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://www.nginx.org TERMUX_PKG_DESCRIPTION="Lightweight HTTP server" TERMUX_PKG_VERSION=1.14.0 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=5d15becbf69aba1fe33f8d416d97edd95ea8919ea9ac519eff9bafebb6022cb5 TERMUX_PKG_SRCURL=http://nginx.org/download/nginx-$TERMUX_PKG_VERSION.tar.gz TERMUX_PKG_BUILD_IN_SRC=true diff --git a/packages/nmap/build.sh b/packages/nmap/build.sh index 20f5d602d..8da4083ef 100644 --- a/packages/nmap/build.sh +++ b/packages/nmap/build.sh @@ -1,7 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://nmap.org/ TERMUX_PKG_DESCRIPTION="Utility for network discovery and security auditing" TERMUX_PKG_VERSION=7.70 -TERMUX_PKG_REVISION=1 +TERMUX_PKG_REVISION=2 TERMUX_PKG_SHA256=847b068955f792f4cc247593aca6dc3dc4aae12976169873247488de147a6e18 TERMUX_PKG_SRCURL=https://nmap.org/dist/nmap-${TERMUX_PKG_VERSION}.tar.bz2 # Depend on netcat so that it gets installed automatically when installing diff --git a/packages/nmap/libssh2-src-openssl.h.patch b/packages/nmap/libssh2-src-openssl.h.patch new file mode 100644 index 000000000..a8e6dfc12 --- /dev/null +++ b/packages/nmap/libssh2-src-openssl.h.patch @@ -0,0 +1,29 @@ +diff -u -r ../nmap-7.70/libssh2/src/openssl.h ./libssh2/src/openssl.h +--- ../nmap-7.70/libssh2/src/openssl.h 2017-11-11 17:43:24.000000000 +0000 ++++ ./libssh2/src/openssl.h 2018-08-24 08:59:09.372633959 +0000 +@@ -227,14 +227,18 @@ + #endif + + #if OPENSSL_VERSION_NUMBER >= 0x10100000L +-#define libssh2_crypto_init() \ +- ENGINE_load_builtin_engines(); \ +- ENGINE_register_all_complete() ++# ifdef OPENSSL_NO_ENGINE ++# define libssh2_crypto_init() ++# else ++# define libssh2_crypto_init() \ ++ ENGINE_load_builtin_engines(); \ ++ ENGINE_register_all_complete() ++# endif + #else +-#define libssh2_crypto_init() \ +- OpenSSL_add_all_algorithms(); \ +- ENGINE_load_builtin_engines(); \ +- ENGINE_register_all_complete() ++# define libssh2_crypto_init() \ ++ OpenSSL_add_all_algorithms(); \ ++ ENGINE_load_builtin_engines(); \ ++ ENGINE_register_all_complete() + #endif + + #define libssh2_crypto_exit() diff --git a/packages/nodejs-current/build.sh b/packages/nodejs-current/build.sh index 0fd4ead22..dd1bf974f 100644 --- a/packages/nodejs-current/build.sh +++ b/packages/nodejs-current/build.sh @@ -1,7 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://nodejs.org/ TERMUX_PKG_DESCRIPTION="Platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications" -TERMUX_PKG_VERSION=9.11.1 -TERMUX_PKG_SHA256=23dc3d133924f5c7453c479d5eceb3b6af932415cb67d99798c313573d9b9d4c +TERMUX_PKG_VERSION=10.9.0 +TERMUX_PKG_SHA256=d17ef8eb72d6a31f50a663d554beb9bcb55aa2ce57cf189abfc9b1ba20530d02 TERMUX_PKG_SRCURL=https://nodejs.org/dist/v${TERMUX_PKG_VERSION}/node-v${TERMUX_PKG_VERSION}.tar.xz # Note that we do not use a shared libuv to avoid an issue with the Android # linker, which does not use symbols of linked shared libraries when resolving @@ -12,6 +12,7 @@ TERMUX_PKG_BUILD_IN_SRC=yes TERMUX_PKG_CONFLICTS="nodejs" termux_step_configure () { + local DEST_CPU if [ $TERMUX_ARCH = "arm" ]; then DEST_CPU="arm" elif [ $TERMUX_ARCH = "i686" ]; then @@ -25,6 +26,9 @@ termux_step_configure () { fi export GYP_DEFINES="host_os=linux" + export CC_host=gcc + export CXX_host=g++ + export LINK_host=g++ # See note above TERMUX_PKG_DEPENDS why we do not use a shared libuv. ./configure \ @@ -38,4 +42,7 @@ termux_step_configure () { --without-intl \ --without-snapshot \ --cross-compiling + + perl -p -i -e 's/LIBS := \$\(LIBS\)/LIBS := -lpthread/' \ + $TERMUX_PKG_SRCDIR/out/deps/v8/gypfiles/torque.host.mk } diff --git a/packages/nodejs-current/deps-v8-gypfiles-v8.gyp.patch b/packages/nodejs-current/deps-v8-gypfiles-v8.gyp.patch new file mode 100644 index 000000000..c841b6ea3 --- /dev/null +++ b/packages/nodejs-current/deps-v8-gypfiles-v8.gyp.patch @@ -0,0 +1,13 @@ +diff -u -r ../node-v10.9.0/deps/v8/gypfiles/v8.gyp ./deps/v8/gypfiles/v8.gyp +--- ../node-v10.9.0/deps/v8/gypfiles/v8.gyp 2018-08-15 13:53:24.000000000 +0000 ++++ ./deps/v8/gypfiles/v8.gyp 2018-08-23 21:43:30.588264328 +0000 +@@ -2053,8 +2053,7 @@ + # library order and break (see crbug.com/469973). + # These libraries do not exist on Mac hosted builds. + 'libraries': [ +- '-ldl', +- '-lrt' ++ '-ldl' + ] + }] + ] diff --git a/packages/nodejs-current/lib-os.js.patch b/packages/nodejs-current/lib-os.js.patch index 9f3e97657..02d345fa5 100644 --- a/packages/nodejs-current/lib-os.js.patch +++ b/packages/nodejs-current/lib-os.js.patch @@ -1,10 +1,10 @@ -diff -u -r ../node-v5.10.0/lib/os.js ./lib/os.js ---- ../node-v5.10.0/lib/os.js 2016-03-31 21:52:17.000000000 -0400 -+++ ./lib/os.js 2016-04-04 04:46:05.148105544 -0400 -@@ -36,7 +36,7 @@ - path = process.env.TMPDIR || - process.env.TMP || - process.env.TEMP || +diff -u -r ../node-v10.9.0/lib/os.js ./lib/os.js +--- ../node-v10.9.0/lib/os.js 2018-08-15 13:53:34.000000000 +0000 ++++ ./lib/os.js 2018-08-23 20:42:39.611186774 +0000 +@@ -130,7 +130,7 @@ + path = safeGetenv('TMPDIR') || + safeGetenv('TMP') || + safeGetenv('TEMP') || - '/tmp'; + '@TERMUX_PREFIX@/tmp'; if (path.length > 1 && path.endsWith('/')) diff --git a/packages/nodejs-current/node.gyp.patch b/packages/nodejs-current/node.gyp.patch index 43dc40311..765587831 100644 --- a/packages/nodejs-current/node.gyp.patch +++ b/packages/nodejs-current/node.gyp.patch @@ -1,7 +1,7 @@ -diff -u -r ../node-v9.7.1/node.gyp ./node.gyp ---- ../node-v9.7.1/node.gyp 2018-03-02 01:58:17.000000000 +0000 -+++ ./node.gyp 2018-03-05 10:52:38.637165269 +0000 -@@ -901,70 +901,6 @@ +diff -u -r ../node-v10.9.0/node.gyp ./node.gyp +--- ../node-v10.9.0/node.gyp 2018-08-15 13:53:34.000000000 +0000 ++++ ./node.gyp 2018-08-23 20:43:38.262489188 +0000 +@@ -925,72 +925,6 @@ ], } ], ] @@ -41,6 +41,8 @@ diff -u -r ../node-v9.7.1/node.gyp ./node.gyp - 'test/cctest/test_base64.cc', - 'test/cctest/test_node_postmortem_metadata.cc', - 'test/cctest/test_environment.cc', +- 'test/cctest/test_platform.cc', +- 'test/cctest/test_traced_value.cc', - 'test/cctest/test_util.cc', - 'test/cctest/test_url.cc' - ], diff --git a/packages/nodejs-current/npm-tmp-patch.patch b/packages/nodejs-current/npm-tmp-patch.patch deleted file mode 100644 index ac8a760fd..000000000 --- a/packages/nodejs-current/npm-tmp-patch.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -u -r ../node-v0.12.7/deps/npm/node_modules/osenv/node_modules/os-tmpdir/index.js ./deps/npm/node_modules/osenv/node_modules/os-tmpdir/index.js ---- ../node-v0.12.7/deps/npm/node_modules/osenv/node_modules/os-tmpdir/index.js 2015-07-09 18:41:19.000000000 -0400 -+++ ./deps/npm/node_modules/osenv/node_modules/os-tmpdir/index.js 2015-07-24 20:56:42.278310940 -0400 -@@ -14,7 +14,7 @@ - path = process.env.TMPDIR || - process.env.TMP || - process.env.TEMP || -- '/tmp'; -+ '@TERMUX_PREFIX@/tmp'; - } - - if (trailingSlashRe.test(path)) { diff --git a/packages/nodejs-current/src-node.cc.patch b/packages/nodejs-current/src-node.cc.patch index 7b6a0fa2a..df51d5cfe 100644 --- a/packages/nodejs-current/src-node.cc.patch +++ b/packages/nodejs-current/src-node.cc.patch @@ -1,11 +1,7 @@ -Without this patch functions such as process.getgroups -are not built on Android, which breaks things such as -npm/node_modules/which/which.js. - -diff -u -r ../node-v9.1.0/src/node.cc ./src/node.cc ---- ../node-v9.1.0/src/node.cc 2017-11-07 16:08:24.000000000 +0100 -+++ ./src/node.cc 2017-11-11 19:19:05.080439199 +0100 -@@ -108,7 +108,7 @@ +diff -u -r ../node-v10.9.0/src/node.cc ./src/node.cc +--- ../node-v10.9.0/src/node.cc 2018-08-15 13:53:34.000000000 +0000 ++++ ./src/node.cc 2018-08-23 20:49:59.353995878 +0000 +@@ -106,7 +106,7 @@ #include // setuid, getuid #endif @@ -14,39 +10,28 @@ diff -u -r ../node-v9.1.0/src/node.cc ./src/node.cc #include // getpwnam() #include // getgrnam() #endif -@@ -2122,7 +2122,7 @@ - } - - --#if defined(__POSIX__) && !defined(__ANDROID__) && !defined(__CloudABI__) -+#if defined(__POSIX__) && !defined(__CloudABI__) - - static const uid_t uid_not_found = static_cast(-1); - static const gid_t gid_not_found = static_cast(-1); -@@ -2441,7 +2441,7 @@ - } - } - --#endif // __POSIX__ && !defined(__ANDROID__) && !defined(__CloudABI__) -+#endif // __POSIX__ && !defined(__CloudABI__) - - - static void WaitForInspectorDisconnect(Environment* env) { -@@ -3711,7 +3711,7 @@ - - env->SetMethod(process, "umask", Umask); +@@ -690,7 +690,7 @@ + + // Look up environment variable unless running as setuid root. + bool SafeGetenv(const char* key, std::string* text) { +-#if !defined(__CloudABI__) && !defined(_WIN32) ++#if !defined(__CloudABI__) && !defined(_WIN32) && !defined(__ANDROID__) + if (linux_at_secure || getuid() != geteuid() || getgid() != getegid()) + goto fail; + #endif +@@ -2402,13 +2402,13 @@ + env->SetMethod(process, "reallyExit", Exit); + env->SetMethodNoSideEffect(process, "uptime", Uptime); -#if defined(__POSIX__) && !defined(__ANDROID__) && !defined(__CloudABI__) +#if defined(__POSIX__) && !defined(__CloudABI__) - env->SetMethod(process, "getuid", GetUid); - env->SetMethod(process, "geteuid", GetEUid); - env->SetMethod(process, "setuid", SetUid); -@@ -3725,7 +3725,7 @@ - env->SetMethod(process, "getgroups", GetGroups); - env->SetMethod(process, "setgroups", SetGroups); - env->SetMethod(process, "initgroups", InitGroups); + env->SetMethodNoSideEffect(process, "getuid", GetUid); + env->SetMethodNoSideEffect(process, "geteuid", GetEUid); + env->SetMethodNoSideEffect(process, "getgid", GetGid); + env->SetMethodNoSideEffect(process, "getegid", GetEGid); + env->SetMethodNoSideEffect(process, "getgroups", GetGroups); -#endif // __POSIX__ && !defined(__ANDROID__) && !defined(__CloudABI__) +#endif // __POSIX__ && !defined(__CloudABI__) + } - env->SetMethod(process, "_kill", Kill); diff --git a/packages/nodejs-current/src-node_internals.h.patch b/packages/nodejs-current/src-node_internals.h.patch new file mode 100644 index 000000000..e51b68682 --- /dev/null +++ b/packages/nodejs-current/src-node_internals.h.patch @@ -0,0 +1,21 @@ +diff -u -r ../node-v10.9.0/src/node_internals.h ./src/node_internals.h +--- ../node-v10.9.0/src/node_internals.h 2018-08-15 13:53:35.000000000 +0000 ++++ ./src/node_internals.h 2018-08-24 00:07:40.104037627 +0000 +@@ -951,7 +951,7 @@ + void Umask(const v8::FunctionCallbackInfo& args); + void Uptime(const v8::FunctionCallbackInfo& args); + +-#if defined(__POSIX__) && !defined(__ANDROID__) && !defined(__CloudABI__) ++#if defined(__POSIX__) && !defined(__CloudABI__) + void SetGid(const v8::FunctionCallbackInfo& args); + void SetEGid(const v8::FunctionCallbackInfo& args); + void SetUid(const v8::FunctionCallbackInfo& args); +@@ -963,7 +963,7 @@ + void GetEUid(const v8::FunctionCallbackInfo& args); + void GetEGid(const v8::FunctionCallbackInfo& args); + void GetGroups(const v8::FunctionCallbackInfo& args); +-#endif // __POSIX__ && !defined(__ANDROID__) && !defined(__CloudABI__) ++#endif // __POSIX__ && !defined(__CloudABI__) + + } // namespace node + diff --git a/packages/nodejs-current/src-node_process.cc.patch b/packages/nodejs-current/src-node_process.cc.patch new file mode 100644 index 000000000..8dd18c4b4 --- /dev/null +++ b/packages/nodejs-current/src-node_process.cc.patch @@ -0,0 +1,29 @@ +diff -u -r ../node-v10.9.0/src/node_process.cc ./src/node_process.cc +--- ../node-v10.9.0/src/node_process.cc 2018-08-15 13:53:35.000000000 +0000 ++++ ./src/node_process.cc 2018-08-23 23:40:53.046488108 +0000 +@@ -20,7 +20,7 @@ + #include // setuid, getuid + #endif + +-#if defined(__POSIX__) && !defined(__ANDROID__) && !defined(__CloudABI__) ++#if defined(__POSIX__) && !defined(__CloudABI__) + #include // getpwnam() + #include // getgrnam() + #endif +@@ -247,7 +247,7 @@ + } + + +-#if defined(__POSIX__) && !defined(__ANDROID__) && !defined(__CloudABI__) ++#if defined(__POSIX__) && !defined(__CloudABI__) + + static const uid_t uid_not_found = static_cast(-1); + static const gid_t gid_not_found = static_cast(-1); +@@ -546,6 +546,6 @@ + return env->ThrowErrnoException(errno, "initgroups"); + } + +-#endif // __POSIX__ && !defined(__ANDROID__) && !defined(__CloudABI__) ++#endif // __POSIX__ && !defined(__CloudABI__) + + } // namespace node diff --git a/packages/nodejs/build.sh b/packages/nodejs/build.sh index 1e375a35e..0d84d590d 100644 --- a/packages/nodejs/build.sh +++ b/packages/nodejs/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://nodejs.org/ TERMUX_PKG_DESCRIPTION="Platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications" TERMUX_PKG_VERSION=8.11.4 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=fbce7de6d96b0bcb0db0bf77f0e6ea999b6755e6930568aedaab06847552a609 TERMUX_PKG_SRCURL=https://nodejs.org/dist/v${TERMUX_PKG_VERSION}/node-v${TERMUX_PKG_VERSION}.tar.xz # Note that we do not use a shared libuv to avoid an issue with the Android diff --git a/packages/nzbget/build.sh b/packages/nzbget/build.sh index 167d04670..d03da577f 100644 --- a/packages/nzbget/build.sh +++ b/packages/nzbget/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://nzbget.net/ TERMUX_PKG_DESCRIPTION="The most efficient usenet downloader" TERMUX_PKG_VERSION=20.0 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SRCURL=https://github.com/nzbget/nzbget/releases/download/v${TERMUX_PKG_VERSION}/nzbget-${TERMUX_PKG_VERSION}-src.tar.gz TERMUX_PKG_SHA256=04dc36d432549c33d55145ecd95cc4309b3ab4a7731a1a03d954de389eacd06f TERMUX_PKG_DEPENDS="libxml2, ncurses, openssl, unrar, p7zip" diff --git a/packages/oathtool/build.sh b/packages/oathtool/build.sh index e297d7020..5602f5625 100644 --- a/packages/oathtool/build.sh +++ b/packages/oathtool/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=http://www.nongnu.org/oath-toolkit/ TERMUX_PKG_DESCRIPTION="One-time password components" TERMUX_PKG_VERSION=2.6.2 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SRCURL=http://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-$TERMUX_PKG_VERSION.tar.gz TERMUX_PKG_SHA256=b03446fa4b549af5ebe4d35d7aba51163442d255660558cd861ebce536824aa0 TERMUX_PKG_DEPENDS="xmlsec" diff --git a/packages/openssh/build.sh b/packages/openssh/build.sh index 8cc69af55..aae7b77af 100755 --- a/packages/openssh/build.sh +++ b/packages/openssh/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://www.openssh.com/ TERMUX_PKG_DESCRIPTION="Secure shell for logging into a remote machine" TERMUX_PKG_VERSION=7.8p1 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=1a484bb15152c183bb2514e112aa30dd34138c3cfb032eee5490a66c507144ca TERMUX_PKG_SRCURL=https://fastly.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${TERMUX_PKG_VERSION}.tar.gz TERMUX_PKG_DEPENDS="libandroid-support, ldns, openssl, libedit, libutil" diff --git a/packages/openssh/openssl-1.1.patch b/packages/openssh/openssl-1.1.patch new file mode 100644 index 000000000..2483728cb --- /dev/null +++ b/packages/openssh/openssl-1.1.patch @@ -0,0 +1,1954 @@ +https://git.archlinux.org/svntogit/packages.git/plain/trunk/openssl-1.1.0.patch?h=packages/openssh + +fetched at 2018-08-26. + +diff -aurp old/auth-pam.c new/auth-pam.c +--- old/auth-pam.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/auth-pam.c 2018-08-23 21:31:53.324592767 -0700 +@@ -128,6 +128,10 @@ extern u_int utmp_len; + typedef pthread_t sp_pthread_t; + #else + typedef pid_t sp_pthread_t; ++# define pthread_create(a, b, c, d) _ssh_compat_pthread_create(a, b, c, d) ++# define pthread_exit(a) _ssh_compat_pthread_exit(a) ++# define pthread_cancel(a) _ssh_compat_pthread_cancel(a) ++# define pthread_join(a, b) _ssh_compat_pthread_join(a, b) + #endif + + struct pam_ctxt { +diff -aurp old/cipher.c new/cipher.c +--- old/cipher.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/cipher.c 2018-08-23 21:31:53.327926112 -0700 +@@ -299,7 +299,10 @@ cipher_init(struct sshcipher_ctx **ccp, + goto out; + } + } +- if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) { ++ /* in OpenSSL 1.1.0, EVP_CipherInit clears all previous setups; ++ use EVP_CipherInit_ex for augmenting */ ++ if (EVP_CipherInit_ex(cc->evp, NULL, NULL, (u_char *)key, NULL, -1) == 0) ++ { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } +@@ -485,7 +488,7 @@ cipher_get_keyiv(struct sshcipher_ctx *c + len, iv)) + return SSH_ERR_LIBCRYPTO_ERROR; + } else +- memcpy(iv, cc->evp->iv, len); ++ memcpy(iv, EVP_CIPHER_CTX_iv(cc->evp), len); + #endif + return 0; + } +@@ -519,14 +522,19 @@ cipher_set_keyiv(struct sshcipher_ctx *c + EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) + return SSH_ERR_LIBCRYPTO_ERROR; + } else +- memcpy(cc->evp->iv, iv, evplen); ++ memcpy(EVP_CIPHER_CTX_iv(cc->evp), iv, evplen); + #endif + return 0; + } + + #ifdef WITH_OPENSSL +-#define EVP_X_STATE(evp) (evp)->cipher_data +-#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size ++# if OPENSSL_VERSION_NUMBER >= 0x10100000UL ++#define EVP_X_STATE(evp) EVP_CIPHER_CTX_get_cipher_data(evp) ++#define EVP_X_STATE_LEN(evp) EVP_CIPHER_impl_ctx_size(EVP_CIPHER_CTX_cipher(evp)) ++# else ++#define EVP_X_STATE(evp) (evp).cipher_data ++#define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size ++# endif + #endif + + int +diff -aurp old/cipher.h new/cipher.h +--- old/cipher.h 2018-08-22 22:41:42.000000000 -0700 ++++ new/cipher.h 2018-08-23 21:31:53.327926112 -0700 +@@ -46,7 +46,18 @@ + #define CIPHER_DECRYPT 0 + + struct sshcipher; ++#if 0 ++struct sshcipher_ctx { ++ int plaintext; ++ int encrypt; ++ EVP_CIPHER_CTX *evp; ++ struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ ++ struct aesctr_ctx ac_ctx; /* XXX union with evp? */ ++ const struct sshcipher *cipher; ++}; ++#else + struct sshcipher_ctx; ++#endif + + const struct sshcipher *cipher_by_name(const char *); + const char *cipher_warning_message(const struct sshcipher_ctx *); +diff -aurp old/configure new/configure +--- old/configure 2018-08-23 00:09:30.000000000 -0700 ++++ new/configure 2018-08-23 21:31:53.331259457 -0700 +@@ -13032,7 +13032,6 @@ if ac_fn_c_try_run "$LINENO"; then : + 100*) ;; # 1.0.x + 200*) ;; # LibreSSL + *) +- as_fn_error $? "OpenSSL >= 1.1.0 is not yet supported (have \"$ssl_library_ver\")" "$LINENO" 5 + ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5 +diff -aurp old/dh.c new/dh.c +--- old/dh.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/dh.c 2018-08-23 21:39:18.863765579 -0700 +@@ -216,14 +216,15 @@ choose_dh(int min, int wantbits, int max + /* diffie-hellman-groupN-sha1 */ + + int +-dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) ++dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub) + { + int i; + int n = BN_num_bits(dh_pub); + int bits_set = 0; + BIGNUM *tmp; ++ const BIGNUM *p; + +- if (dh_pub->neg) { ++ if (BN_is_negative(dh_pub)) { + logit("invalid public DH value: negative"); + return 0; + } +@@ -236,7 +237,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) + error("%s: BN_new failed", __func__); + return 0; + } +- if (!BN_sub(tmp, dh->p, BN_value_one()) || ++ DH_get0_pqg(dh, &p, NULL, NULL); ++ if (!BN_sub(tmp, p, BN_value_one()) || + BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ + BN_clear_free(tmp); + logit("invalid public DH value: >= p-1"); +@@ -247,14 +249,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) + for (i = 0; i <= n; i++) + if (BN_is_bit_set(dh_pub, i)) + bits_set++; +- debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); ++ debug2("bits set: %d/%d", bits_set, BN_num_bits(p)); + + /* + * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial + */ + if (bits_set < 4) { + logit("invalid public DH value (%d/%d)", +- bits_set, BN_num_bits(dh->p)); ++ bits_set, BN_num_bits(p)); + return 0; + } + return 1; +@@ -264,9 +266,13 @@ int + dh_gen_key(DH *dh, int need) + { + int pbits; ++ const BIGNUM *p, *pub_key; ++ BIGNUM *priv_key; + +- if (need < 0 || dh->p == NULL || +- (pbits = BN_num_bits(dh->p)) <= 0 || ++ DH_get0_pqg(dh, &p, NULL, NULL); ++ ++ if (need < 0 || p == NULL || ++ (pbits = BN_num_bits(p)) <= 0 || + need > INT_MAX / 2 || 2 * need > pbits) + return SSH_ERR_INVALID_ARGUMENT; + if (need < 256) +@@ -275,11 +281,13 @@ dh_gen_key(DH *dh, int need) + * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)), + * so double requested need here. + */ +- dh->length = MINIMUM(need * 2, pbits - 1); +- if (DH_generate_key(dh) == 0 || +- !dh_pub_is_valid(dh, dh->pub_key)) { +- BN_clear_free(dh->priv_key); +- dh->priv_key = NULL; ++ DH_set_length(dh, MIN(need * 2, pbits - 1)); ++ if (DH_generate_key(dh) == 0) { ++ return SSH_ERR_LIBCRYPTO_ERROR; ++ } ++ DH_get0_key(dh, &pub_key, &priv_key); ++ if (!dh_pub_is_valid(dh, pub_key)) { ++ BN_clear(priv_key); + return SSH_ERR_LIBCRYPTO_ERROR; + } + return 0; +@@ -288,16 +296,27 @@ dh_gen_key(DH *dh, int need) + DH * + dh_new_group_asc(const char *gen, const char *modulus) + { +- DH *dh; ++ DH *dh = NULL; ++ BIGNUM *p=NULL, *g=NULL; + +- if ((dh = DH_new()) == NULL) +- return NULL; +- if (BN_hex2bn(&dh->p, modulus) == 0 || +- BN_hex2bn(&dh->g, gen) == 0) { +- DH_free(dh); +- return NULL; ++ if ((dh = DH_new()) == NULL || ++ (p = BN_new()) == NULL || ++ (g = BN_new()) == NULL) ++ goto null; ++ if (BN_hex2bn(&p, modulus) == 0 || ++ BN_hex2bn(&g, gen) == 0) { ++ goto null; + } ++ if (DH_set0_pqg(dh, p, NULL, g) == 0) { ++ goto null; ++ } ++ p = g = NULL; + return (dh); ++null: ++ BN_free(p); ++ BN_free(g); ++ DH_free(dh); ++ return NULL; + } + + /* +@@ -312,8 +331,8 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulu + + if ((dh = DH_new()) == NULL) + return NULL; +- dh->p = modulus; +- dh->g = gen; ++ if (DH_set0_pqg(dh, modulus, NULL, gen) == 0) ++ return NULL; + + return (dh); + } +diff -aurp old/dh.h new/dh.h +--- old/dh.h 2018-08-22 22:41:42.000000000 -0700 ++++ new/dh.h 2018-08-23 21:31:53.331259457 -0700 +@@ -42,7 +42,7 @@ DH *dh_new_group18(void); + DH *dh_new_group_fallback(int); + + int dh_gen_key(DH *, int); +-int dh_pub_is_valid(DH *, BIGNUM *); ++int dh_pub_is_valid(const DH *, const BIGNUM *); + + u_int dh_estimate(int); + +diff -aurp old/digest-openssl.c new/digest-openssl.c +--- old/digest-openssl.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/digest-openssl.c 2018-08-23 21:31:53.331259457 -0700 +@@ -43,7 +43,7 @@ + + struct ssh_digest_ctx { + int alg; +- EVP_MD_CTX mdctx; ++ EVP_MD_CTX *mdctx; + }; + + struct ssh_digest { +@@ -106,20 +106,21 @@ ssh_digest_bytes(int alg) + size_t + ssh_digest_blocksize(struct ssh_digest_ctx *ctx) + { +- return EVP_MD_CTX_block_size(&ctx->mdctx); ++ return EVP_MD_CTX_block_size(ctx->mdctx); + } + + struct ssh_digest_ctx * + ssh_digest_start(int alg) + { + const struct ssh_digest *digest = ssh_digest_by_alg(alg); +- struct ssh_digest_ctx *ret; ++ struct ssh_digest_ctx *ret = NULL; + + if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL)) + return NULL; + ret->alg = alg; +- EVP_MD_CTX_init(&ret->mdctx); +- if (EVP_DigestInit_ex(&ret->mdctx, digest->mdfunc(), NULL) != 1) { ++ if ((ret->mdctx = EVP_MD_CTX_new()) == NULL || ++ EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) { ++ EVP_MD_CTX_free(ret->mdctx); + free(ret); + return NULL; + } +@@ -132,7 +133,7 @@ ssh_digest_copy_state(struct ssh_digest_ + if (from->alg != to->alg) + return SSH_ERR_INVALID_ARGUMENT; + /* we have bcopy-style order while openssl has memcpy-style */ +- if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx)) ++ if (!EVP_MD_CTX_copy_ex(to->mdctx, from->mdctx)) + return SSH_ERR_LIBCRYPTO_ERROR; + return 0; + } +@@ -140,7 +141,7 @@ ssh_digest_copy_state(struct ssh_digest_ + int + ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) + { +- if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1) ++ if (EVP_DigestUpdate(ctx->mdctx, m, mlen) != 1) + return SSH_ERR_LIBCRYPTO_ERROR; + return 0; + } +@@ -161,7 +162,7 @@ ssh_digest_final(struct ssh_digest_ctx * + return SSH_ERR_INVALID_ARGUMENT; + if (dlen < digest->digest_len) /* No truncation allowed */ + return SSH_ERR_INVALID_ARGUMENT; +- if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1) ++ if (EVP_DigestFinal_ex(ctx->mdctx, d, &l) != 1) + return SSH_ERR_LIBCRYPTO_ERROR; + if (l != digest->digest_len) /* sanity */ + return SSH_ERR_INTERNAL_ERROR; +@@ -172,7 +173,7 @@ void + ssh_digest_free(struct ssh_digest_ctx *ctx) + { + if (ctx != NULL) { +- EVP_MD_CTX_cleanup(&ctx->mdctx); ++ EVP_MD_CTX_free(ctx->mdctx); + explicit_bzero(ctx, sizeof(*ctx)); + free(ctx); + } +diff -aurp old/kexdhc.c new/kexdhc.c +--- old/kexdhc.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/kexdhc.c 2018-08-23 21:31:53.331259457 -0700 +@@ -81,11 +81,16 @@ kexdh_client(struct ssh *ssh) + goto out; + } + debug("sending SSH2_MSG_KEXDH_INIT"); +- if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || +- (r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || +- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || ++ { ++ const BIGNUM *pub_key; ++ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) ++ goto out; ++ DH_get0_key(kex->dh, &pub_key, NULL); ++ if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || ++ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || + (r = sshpkt_send(ssh)) != 0) + goto out; ++ } + #ifdef DEBUG_KEXDH + DHparams_print_fp(stderr, kex->dh); + fprintf(stderr, "pub= "); +@@ -169,6 +174,9 @@ input_kex_dh(int type, u_int32_t seq, st + + /* calc and verify H */ + hashlen = sizeof(hash); ++ { ++ const BIGNUM *pub_key; ++ DH_get0_key(kex->dh, &pub_key, NULL); + if ((r = kex_dh_hash( + kex->hash_alg, + kex->client_version_string, +@@ -176,11 +184,13 @@ input_kex_dh(int type, u_int32_t seq, st + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + server_host_key_blob, sbloblen, +- kex->dh->pub_key, ++ pub_key, + dh_server_pub, + shared_secret, +- hash, &hashlen)) != 0) ++ hash, &hashlen)) != 0) { + goto out; ++ } ++ } + + if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, + kex->hostkey_alg, ssh->compat)) != 0) +diff -aurp old/kexdhs.c new/kexdhs.c +--- old/kexdhs.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/kexdhs.c 2018-08-23 21:36:50.600564263 -0700 +@@ -163,6 +163,9 @@ input_kex_dh_init(int type, u_int32_t se + goto out; + /* calc H */ + hashlen = sizeof(hash); ++ { ++ const BIGNUM *pub_key; ++ DH_get0_key(kex->dh, &pub_key, NULL); + if ((r = kex_dh_hash( + kex->hash_alg, + kex->client_version_string, +@@ -171,10 +174,12 @@ input_kex_dh_init(int type, u_int32_t se + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + server_host_key_blob, sbloblen, + dh_client_pub, +- kex->dh->pub_key, ++ pub_key, + shared_secret, +- hash, &hashlen)) != 0) ++ hash, &hashlen)) != 0) { + goto out; ++ } ++ } + + /* save session id := H */ + if (kex->session_id == NULL) { +@@ -195,12 +200,16 @@ input_kex_dh_init(int type, u_int32_t se + /* destroy_sensitive_data(); */ + + /* send server hostkey, DH pubkey 'f' and signed H */ ++ { ++ const BIGNUM *pub_key; ++ DH_get0_key(kex->dh, &pub_key, NULL); + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || + (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || +- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ ++ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ + (r = sshpkt_put_string(ssh, signature, slen)) != 0 || + (r = sshpkt_send(ssh)) != 0) + goto out; ++ } + + if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) + r = kex_send_newkeys(ssh); +diff -aurp old/kexgexc.c new/kexgexc.c +--- old/kexgexc.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/kexgexc.c 2018-08-23 21:31:53.331259457 -0700 +@@ -118,11 +118,17 @@ input_kex_dh_gex_group(int type, u_int32 + p = g = NULL; /* belong to kex->dh now */ + + /* generate and send 'e', client DH public key */ +- if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || +- (r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || +- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || +- (r = sshpkt_send(ssh)) != 0) ++ { ++ const BIGNUM *pub_key; ++ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) ++ goto out; ++ DH_get0_key(kex->dh, &pub_key, NULL); ++ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || ++ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || ++ (r = sshpkt_send(ssh)) != 0) { + goto out; ++ } ++ } + debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); + #ifdef DEBUG_KEXDH + DHparams_print_fp(stderr, kex->dh); +@@ -212,6 +218,10 @@ input_kex_dh_gex_reply(int type, u_int32 + + /* calc and verify H */ + hashlen = sizeof(hash); ++ { ++ const BIGNUM *p, *g, *pub_key; ++ DH_get0_pqg(kex->dh, &p, NULL, &g); ++ DH_get0_key(kex->dh, &pub_key, NULL); + if ((r = kexgex_hash( + kex->hash_alg, + kex->client_version_string, +@@ -220,12 +230,14 @@ input_kex_dh_gex_reply(int type, u_int32 + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + server_host_key_blob, sbloblen, + kex->min, kex->nbits, kex->max, +- kex->dh->p, kex->dh->g, +- kex->dh->pub_key, ++ p, g, ++ pub_key, + dh_server_pub, + shared_secret, +- hash, &hashlen)) != 0) ++ hash, &hashlen)) != 0) { + goto out; ++ } ++ } + + if ((r = sshkey_verify(server_host_key, signature, slen, hash, + hashlen, kex->hostkey_alg, ssh->compat)) != 0) +diff -aurp old/kexgexs.c new/kexgexs.c +--- old/kexgexs.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/kexgexs.c 2018-08-23 21:36:11.493972372 -0700 +@@ -101,11 +101,16 @@ input_kex_dh_gex_request(int type, u_int + goto out; + } + debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); ++ { ++ const BIGNUM *p, *g; ++ DH_get0_pqg(kex->dh, &p, NULL, &g); + if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 || +- (r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 || +- (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 || +- (r = sshpkt_send(ssh)) != 0) ++ (r = sshpkt_put_bignum2(ssh, p)) != 0 || ++ (r = sshpkt_put_bignum2(ssh, g)) != 0 || ++ (r = sshpkt_send(ssh)) != 0) { + goto out; ++ } ++ } + + /* Compute our exchange value in parallel with the client */ + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) +@@ -191,6 +196,10 @@ input_kex_dh_gex_init(int type, u_int32_ + goto out; + /* calc H */ + hashlen = sizeof(hash); ++ { ++ const BIGNUM *p, *g, *pub_key; ++ DH_get0_pqg(kex->dh, &p, NULL, &g); ++ DH_get0_key(kex->dh, &pub_key, NULL); + if ((r = kexgex_hash( + kex->hash_alg, + kex->client_version_string, +@@ -199,12 +208,14 @@ input_kex_dh_gex_init(int type, u_int32_ + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + server_host_key_blob, sbloblen, + kex->min, kex->nbits, kex->max, +- kex->dh->p, kex->dh->g, ++ p, g, + dh_client_pub, +- kex->dh->pub_key, ++ pub_key, + shared_secret, +- hash, &hashlen)) != 0) ++ hash, &hashlen)) != 0) { + goto out; ++ } ++ } + + /* save session id := H */ + if (kex->session_id == NULL) { +@@ -225,12 +236,16 @@ input_kex_dh_gex_init(int type, u_int32_ + /* destroy_sensitive_data(); */ + + /* send server hostkey, DH pubkey 'f' and signed H */ ++ { ++ const BIGNUM *pub_key; ++ DH_get0_key(kex->dh, &pub_key, NULL); + if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || + (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || +- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ ++ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ + (r = sshpkt_put_string(ssh, signature, slen)) != 0 || + (r = sshpkt_send(ssh)) != 0) + goto out; ++ } + + if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) + r = kex_send_newkeys(ssh); +diff -aurp old/monitor.c new/monitor.c +--- old/monitor.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/monitor.c 2018-08-23 21:34:14.594343260 -0700 +@@ -589,10 +589,12 @@ mm_answer_moduli(int sock, struct sshbuf + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + return (0); + } else { ++ const BIGNUM *p, *g; ++ DH_get0_pqg(dh, &p, NULL, &g); + /* Send first bignum */ + if ((r = sshbuf_put_u8(m, 1)) != 0 || +- (r = sshbuf_put_bignum2(m, dh->p)) != 0 || +- (r = sshbuf_put_bignum2(m, dh->g)) != 0) ++ (r = sshbuf_put_bignum2(m, p)) != 0 || ++ (r = sshbuf_put_bignum2(m, g)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + DH_free(dh); +diff -aurp old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat.c +--- old/openbsd-compat/openssl-compat.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/openbsd-compat/openssl-compat.c 2018-08-23 21:31:53.334592801 -0700 +@@ -75,7 +75,6 @@ ssh_OpenSSL_add_all_algorithms(void) + /* Enable use of crypto hardware */ + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); +- OPENSSL_config(NULL); + } + #endif + +diff -aurp old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey/test_file.c +--- old/regress/unittests/sshkey/test_file.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/regress/unittests/sshkey/test_file.c 2018-08-23 21:31:53.334592801 -0700 +@@ -60,9 +60,14 @@ sshkey_file_tests(void) + a = load_bignum("rsa_1.param.n"); + b = load_bignum("rsa_1.param.p"); + c = load_bignum("rsa_1.param.q"); +- ASSERT_BIGNUM_EQ(k1->rsa->n, a); +- ASSERT_BIGNUM_EQ(k1->rsa->p, b); +- ASSERT_BIGNUM_EQ(k1->rsa->q, c); ++ { ++ const BIGNUM *n, *p, *q; ++ RSA_get0_key(k1->rsa, &n, NULL, NULL); ++ RSA_get0_factors(k1->rsa, &p, &q); ++ ASSERT_BIGNUM_EQ(n, a); ++ ASSERT_BIGNUM_EQ(p, b); ++ ASSERT_BIGNUM_EQ(q, c); ++ } + BN_free(a); + BN_free(b); + BN_free(c); +@@ -151,9 +156,14 @@ sshkey_file_tests(void) + a = load_bignum("dsa_1.param.g"); + b = load_bignum("dsa_1.param.priv"); + c = load_bignum("dsa_1.param.pub"); +- ASSERT_BIGNUM_EQ(k1->dsa->g, a); +- ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b); +- ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c); ++ { ++ const BIGNUM *g, *priv_key, *pub_key; ++ DSA_get0_pqg(k1->dsa, NULL, NULL, &g); ++ DSA_get0_key(k1->dsa, &pub_key, &priv_key); ++ ASSERT_BIGNUM_EQ(g, a); ++ ASSERT_BIGNUM_EQ(priv_key, b); ++ ASSERT_BIGNUM_EQ(pub_key, c); ++ } + BN_free(a); + BN_free(b); + BN_free(c); +diff -aurp old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshkey/test_sshkey.c +--- old/regress/unittests/sshkey/test_sshkey.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/regress/unittests/sshkey/test_sshkey.c 2018-08-23 21:31:53.334592801 -0700 +@@ -197,9 +197,14 @@ sshkey_tests(void) + k1 = sshkey_new(KEY_RSA); + ASSERT_PTR_NE(k1, NULL); + ASSERT_PTR_NE(k1->rsa, NULL); +- ASSERT_PTR_NE(k1->rsa->n, NULL); +- ASSERT_PTR_NE(k1->rsa->e, NULL); +- ASSERT_PTR_EQ(k1->rsa->p, NULL); ++ { ++ const BIGNUM *n, *e, *p; ++ RSA_get0_key(k1->rsa, &n, &e, NULL); ++ RSA_get0_factors(k1->rsa, &p, NULL); ++ ASSERT_PTR_NE(n, NULL); ++ ASSERT_PTR_NE(e, NULL); ++ ASSERT_PTR_EQ(p, NULL); ++ } + sshkey_free(k1); + TEST_DONE(); + +@@ -207,8 +212,13 @@ sshkey_tests(void) + k1 = sshkey_new(KEY_DSA); + ASSERT_PTR_NE(k1, NULL); + ASSERT_PTR_NE(k1->dsa, NULL); +- ASSERT_PTR_NE(k1->dsa->g, NULL); +- ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); ++ { ++ const BIGNUM *g, *priv_key; ++ DSA_get0_pqg(k1->dsa, NULL, NULL, &g); ++ DSA_get0_key(k1->dsa, NULL, &priv_key); ++ ASSERT_PTR_NE(g, NULL); ++ ASSERT_PTR_EQ(priv_key, NULL); ++ } + sshkey_free(k1); + TEST_DONE(); + +@@ -234,9 +244,14 @@ sshkey_tests(void) + k1 = sshkey_new_private(KEY_RSA); + ASSERT_PTR_NE(k1, NULL); + ASSERT_PTR_NE(k1->rsa, NULL); +- ASSERT_PTR_NE(k1->rsa->n, NULL); +- ASSERT_PTR_NE(k1->rsa->e, NULL); +- ASSERT_PTR_NE(k1->rsa->p, NULL); ++ { ++ const BIGNUM *n, *e, *p; ++ RSA_get0_key(k1->rsa, &n, &e, NULL); ++ RSA_get0_factors(k1->rsa, &p, NULL); ++ ASSERT_PTR_NE(n, NULL); ++ ASSERT_PTR_NE(e, NULL); ++ ASSERT_PTR_NE(p, NULL); ++ } + ASSERT_INT_EQ(sshkey_add_private(k1), 0); + sshkey_free(k1); + TEST_DONE(); +@@ -245,8 +260,13 @@ sshkey_tests(void) + k1 = sshkey_new_private(KEY_DSA); + ASSERT_PTR_NE(k1, NULL); + ASSERT_PTR_NE(k1->dsa, NULL); +- ASSERT_PTR_NE(k1->dsa->g, NULL); +- ASSERT_PTR_NE(k1->dsa->priv_key, NULL); ++ { ++ const BIGNUM *g, *priv_key; ++ DSA_get0_pqg(k1->dsa, NULL, NULL, &g); ++ DSA_get0_key(k1->dsa, NULL, &priv_key); ++ ASSERT_PTR_NE(g, NULL); ++ ASSERT_PTR_NE(priv_key, NULL); ++ } + ASSERT_INT_EQ(sshkey_add_private(k1), 0); + sshkey_free(k1); + TEST_DONE(); +@@ -285,18 +305,28 @@ sshkey_tests(void) + ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0); + ASSERT_PTR_NE(kr, NULL); + ASSERT_PTR_NE(kr->rsa, NULL); +- ASSERT_PTR_NE(kr->rsa->n, NULL); +- ASSERT_PTR_NE(kr->rsa->e, NULL); +- ASSERT_PTR_NE(kr->rsa->p, NULL); +- ASSERT_INT_EQ(BN_num_bits(kr->rsa->n), 1024); ++ { ++ const BIGNUM *n, *e, *p; ++ RSA_get0_key(kr->rsa, &n, &e, NULL); ++ RSA_get0_factors(kr->rsa, &p, NULL); ++ ASSERT_PTR_NE(n, NULL); ++ ASSERT_PTR_NE(e, NULL); ++ ASSERT_PTR_NE(p, NULL); ++ ASSERT_INT_EQ(BN_num_bits(n), 1024); ++ } + TEST_DONE(); + + TEST_START("generate KEY_DSA"); + ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0); + ASSERT_PTR_NE(kd, NULL); + ASSERT_PTR_NE(kd->dsa, NULL); +- ASSERT_PTR_NE(kd->dsa->g, NULL); +- ASSERT_PTR_NE(kd->dsa->priv_key, NULL); ++ { ++ const BIGNUM *g, *priv_key; ++ DSA_get0_pqg(kd->dsa, NULL, NULL, &g); ++ DSA_get0_key(kd->dsa, NULL, &priv_key); ++ ASSERT_PTR_NE(g, NULL); ++ ASSERT_PTR_NE(priv_key, NULL); ++ } + TEST_DONE(); + + #ifdef OPENSSL_HAS_ECC +@@ -323,9 +353,14 @@ sshkey_tests(void) + ASSERT_PTR_NE(kr, k1); + ASSERT_INT_EQ(k1->type, KEY_RSA); + ASSERT_PTR_NE(k1->rsa, NULL); +- ASSERT_PTR_NE(k1->rsa->n, NULL); +- ASSERT_PTR_NE(k1->rsa->e, NULL); +- ASSERT_PTR_EQ(k1->rsa->p, NULL); ++ { ++ const BIGNUM *n, *e, *p; ++ RSA_get0_key(k1->rsa, &n, &e, NULL); ++ RSA_get0_factors(k1->rsa, &p, NULL); ++ ASSERT_PTR_NE(n, NULL); ++ ASSERT_PTR_NE(e, NULL); ++ ASSERT_PTR_EQ(p, NULL); ++ } + TEST_DONE(); + + TEST_START("equal KEY_RSA/demoted KEY_RSA"); +@@ -339,8 +374,13 @@ sshkey_tests(void) + ASSERT_PTR_NE(kd, k1); + ASSERT_INT_EQ(k1->type, KEY_DSA); + ASSERT_PTR_NE(k1->dsa, NULL); +- ASSERT_PTR_NE(k1->dsa->g, NULL); +- ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); ++ { ++ const BIGNUM *g, *priv_key; ++ DSA_get0_pqg(k1->dsa, NULL, NULL, &g); ++ DSA_get0_key(k1->dsa, NULL, &priv_key); ++ ASSERT_PTR_NE(g, NULL); ++ ASSERT_PTR_EQ(priv_key, NULL); ++ } + TEST_DONE(); + + TEST_START("equal KEY_DSA/demoted KEY_DSA"); +diff -aurp old/ssh-dss.c new/ssh-dss.c +--- old/ssh-dss.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/ssh-dss.c 2018-08-23 21:31:53.334592801 -0700 +@@ -53,6 +53,7 @@ ssh_dss_sign(const struct sshkey *key, u + DSA_SIG *sig = NULL; + u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; + size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); ++ const BIGNUM *r, *s; + struct sshbuf *b = NULL; + int ret = SSH_ERR_INVALID_ARGUMENT; + +@@ -76,15 +77,16 @@ ssh_dss_sign(const struct sshkey *key, u + goto out; + } + +- rlen = BN_num_bytes(sig->r); +- slen = BN_num_bytes(sig->s); ++ DSA_SIG_get0(sig, &r, &s); ++ rlen = BN_num_bytes(r); ++ slen = BN_num_bytes(s); + if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { + ret = SSH_ERR_INTERNAL_ERROR; + goto out; + } + explicit_bzero(sigblob, SIGBLOB_LEN); +- BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); +- BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen); ++ BN_bn2bin(r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); ++ BN_bn2bin(s, sigblob + SIGBLOB_LEN - slen); + + if ((b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; +@@ -154,17 +156,26 @@ ssh_dss_verify(const struct sshkey *key, + } + + /* parse signature */ ++ { ++ BIGNUM *r=NULL, *s=NULL; + if ((sig = DSA_SIG_new()) == NULL || +- (sig->r = BN_new()) == NULL || +- (sig->s = BN_new()) == NULL) { ++ (r = BN_new()) == NULL || ++ (s = BN_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; ++ BN_free(r); ++ BN_free(s); + goto out; + } +- if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || +- (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) { ++ if ((BN_bin2bn(sigblob, INTBLOB_LEN, r) == NULL) || ++ (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, s) == NULL)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; ++ BN_free(r); ++ BN_free(s); + goto out; + } ++ DSA_SIG_set0(sig, r, s); ++ r = s = NULL; ++ } + + /* sha1 the data */ + if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, +diff -aurp old/ssh-ecdsa.c new/ssh-ecdsa.c +--- old/ssh-ecdsa.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/ssh-ecdsa.c 2018-08-23 21:31:53.334592801 -0700 +@@ -80,9 +80,14 @@ ssh_ecdsa_sign(const struct sshkey *key, + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } +- if ((ret = sshbuf_put_bignum2(bb, sig->r)) != 0 || +- (ret = sshbuf_put_bignum2(bb, sig->s)) != 0) ++ { ++ const BIGNUM *r, *s; ++ ECDSA_SIG_get0(sig, &r, &s); ++ if ((ret = sshbuf_put_bignum2(bb, r)) != 0 || ++ (ret = sshbuf_put_bignum2(bb, s)) != 0) { + goto out; ++ } ++ } + if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 || + (ret = sshbuf_put_stringb(b, bb)) != 0) + goto out; +@@ -150,11 +155,27 @@ ssh_ecdsa_verify(const struct sshkey *ke + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } +- if (sshbuf_get_bignum2(sigbuf, sig->r) != 0 || +- sshbuf_get_bignum2(sigbuf, sig->s) != 0) { ++ { ++ BIGNUM *r=NULL, *s=NULL; ++ if ((r = BN_new()) == NULL || ++ (s = BN_new()) == NULL) { ++ ret = SSH_ERR_ALLOC_FAIL; ++ goto out_rs; ++ } ++ if (sshbuf_get_bignum2(sigbuf, r) != 0 || ++ sshbuf_get_bignum2(sigbuf, s) != 0) { + ret = SSH_ERR_INVALID_FORMAT; ++ goto out_rs; ++ } ++ if (ECDSA_SIG_set0(sig, r, s) == 0) { ++ ret = SSH_ERR_LIBCRYPTO_ERROR; ++out_rs: ++ BN_free(r); ++ BN_free(s); + goto out; + } ++ r = s = NULL; ++ } + if (sshbuf_len(sigbuf) != 0) { + ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; +diff -aurp old/ssh-keygen.c new/ssh-keygen.c +--- old/ssh-keygen.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/ssh-keygen.c 2018-08-23 21:31:53.334592801 -0700 +@@ -494,11 +494,33 @@ do_convert_private_ssh2_from_blob(u_char + + switch (key->type) { + case KEY_DSA: +- buffer_get_bignum_bits(b, key->dsa->p); +- buffer_get_bignum_bits(b, key->dsa->g); +- buffer_get_bignum_bits(b, key->dsa->q); +- buffer_get_bignum_bits(b, key->dsa->pub_key); +- buffer_get_bignum_bits(b, key->dsa->priv_key); ++ { ++ BIGNUM *p=NULL, *g=NULL, *q=NULL, *pub_key=NULL, *priv_key=NULL; ++ if ((p=BN_new()) == NULL || ++ (g=BN_new()) == NULL || ++ (q=BN_new()) == NULL || ++ (pub_key=BN_new()) == NULL || ++ (priv_key=BN_new()) == NULL) { ++ BN_free(p); ++ BN_free(g); ++ BN_free(q); ++ BN_free(pub_key); ++ BN_free(priv_key); ++ return NULL; ++ } ++ buffer_get_bignum_bits(b, p); ++ buffer_get_bignum_bits(b, g); ++ buffer_get_bignum_bits(b, q); ++ buffer_get_bignum_bits(b, pub_key); ++ buffer_get_bignum_bits(b, priv_key); ++ if (DSA_set0_pqg(key->dsa, p, q, g) == 0 || ++ DSA_set0_key(key->dsa, pub_key, priv_key) == 0) { ++ fatal("failed to set DSA key"); ++ BN_free(p); BN_free(g); BN_free(q); ++ BN_free(pub_key); BN_free(priv_key); ++ return NULL; ++ } ++ } + break; + case KEY_RSA: + if ((r = sshbuf_get_u8(b, &e1)) != 0 || +@@ -515,16 +537,52 @@ do_convert_private_ssh2_from_blob(u_char + e += e3; + debug("e %lx", e); + } +- if (!BN_set_word(key->rsa->e, e)) { ++ { ++ BIGNUM *rsa_e = NULL; ++ BIGNUM *d=NULL, *n=NULL, *iqmp=NULL, *q=NULL, *p=NULL; ++ BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy input to set in RSA_set0_crt_params */ ++ rsa_e = BN_new(); ++ if (!rsa_e || !BN_set_word(rsa_e, e)) { ++ if (rsa_e) BN_free(rsa_e); + sshbuf_free(b); + sshkey_free(key); + return NULL; + } +- buffer_get_bignum_bits(b, key->rsa->d); +- buffer_get_bignum_bits(b, key->rsa->n); +- buffer_get_bignum_bits(b, key->rsa->iqmp); +- buffer_get_bignum_bits(b, key->rsa->q); +- buffer_get_bignum_bits(b, key->rsa->p); ++ if ((d=BN_new()) == NULL || ++ (n=BN_new()) == NULL || ++ (iqmp=BN_new()) == NULL || ++ (q=BN_new()) == NULL || ++ (p=BN_new()) == NULL || ++ (dmp1=BN_new()) == NULL || ++ (dmq1=BN_new()) == NULL) { ++ BN_free(d); BN_free(n); BN_free(iqmp); ++ BN_free(q); BN_free(p); ++ BN_free(dmp1); BN_free(dmq1); ++ return NULL; ++ } ++ BN_clear(dmp1); BN_clear(dmq1); ++ buffer_get_bignum_bits(b, d); ++ buffer_get_bignum_bits(b, n); ++ buffer_get_bignum_bits(b, iqmp); ++ buffer_get_bignum_bits(b, q); ++ buffer_get_bignum_bits(b, p); ++ if (RSA_set0_key(key->rsa, n, rsa_e, d) == 0) ++ goto null; ++ n = d = NULL; ++ if (RSA_set0_factors(key->rsa, p, q) == 0) ++ goto null; ++ p = q = NULL; ++ /* dmp1, dmq1 should not be NULL for initial set0 */ ++ if (RSA_set0_crt_params(key->rsa, dmp1, dmq1, iqmp) == 0) { ++ null: ++ fatal("Failed to set RSA parameters"); ++ BN_free(d); BN_free(n); BN_free(iqmp); ++ BN_free(q); BN_free(p); ++ BN_free(dmp1); BN_free(dmq1); ++ return NULL; ++ } ++ dmp1 = dmq1 = iqmp = NULL; ++ } + if ((r = ssh_rsa_generate_additional_parameters(key)) != 0) + fatal("generate RSA parameters failed: %s", ssh_err(r)); + break; +@@ -634,7 +692,7 @@ do_convert_from_pkcs8(struct sshkey **k, + identity_file); + } + fclose(fp); +- switch (EVP_PKEY_type(pubkey->type)) { ++ switch (EVP_PKEY_type(EVP_PKEY_id(pubkey))) { + case EVP_PKEY_RSA: + if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) + fatal("sshkey_new failed"); +@@ -658,7 +716,7 @@ do_convert_from_pkcs8(struct sshkey **k, + #endif + default: + fatal("%s: unsupported pubkey type %d", __func__, +- EVP_PKEY_type(pubkey->type)); ++ EVP_PKEY_type(EVP_PKEY_id(pubkey))); + } + EVP_PKEY_free(pubkey); + return; +diff -aurp old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c +--- old/ssh-pkcs11-client.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/ssh-pkcs11-client.c 2018-08-23 21:31:53.334592801 -0700 +@@ -156,12 +156,13 @@ pkcs11_rsa_private_encrypt(int flen, con + static int + wrap_key(RSA *rsa) + { +- static RSA_METHOD helper_rsa; ++ static RSA_METHOD *helper_rsa; + +- memcpy(&helper_rsa, RSA_get_default_method(), sizeof(helper_rsa)); +- helper_rsa.name = "ssh-pkcs11-helper"; +- helper_rsa.rsa_priv_enc = pkcs11_rsa_private_encrypt; +- RSA_set_method(rsa, &helper_rsa); ++ if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL) ++ return (-1); /* XXX but caller isn't checking */ ++ RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper"); ++ RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt); ++ RSA_set_method(rsa, helper_rsa); + return (0); + } + +diff -aurp old/ssh-pkcs11.c new/ssh-pkcs11.c +--- old/ssh-pkcs11.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/ssh-pkcs11.c 2018-08-23 21:31:53.334592801 -0700 +@@ -67,7 +67,7 @@ struct pkcs11_key { + struct pkcs11_provider *provider; + CK_ULONG slotidx; + int (*orig_finish)(RSA *rsa); +- RSA_METHOD rsa_method; ++ RSA_METHOD *rsa_method; + char *keyid; + int keyid_len; + }; +@@ -326,13 +326,15 @@ pkcs11_rsa_wrap(struct pkcs11_provider * + k11->keyid = xmalloc(k11->keyid_len); + memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); + } +- k11->orig_finish = def->finish; +- memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method)); +- k11->rsa_method.name = "pkcs11"; +- k11->rsa_method.rsa_priv_enc = pkcs11_rsa_private_encrypt; +- k11->rsa_method.rsa_priv_dec = pkcs11_rsa_private_decrypt; +- k11->rsa_method.finish = pkcs11_rsa_finish; +- RSA_set_method(rsa, &k11->rsa_method); ++ k11->orig_finish = RSA_meth_get_finish(def); ++ ++ if ((k11->rsa_method = RSA_meth_new("pkcs11", RSA_meth_get_flags(def))) == NULL) ++ return -1; ++ RSA_meth_set_priv_enc(k11->rsa_method, pkcs11_rsa_private_encrypt); ++ RSA_meth_set_priv_dec(k11->rsa_method, pkcs11_rsa_private_decrypt); ++ RSA_meth_set_finish(k11->rsa_method, pkcs11_rsa_finish); ++ ++ RSA_set_method(rsa, k11->rsa_method); + RSA_set_app_data(rsa, k11); + return (0); + } +@@ -512,10 +514,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p + if ((rsa = RSA_new()) == NULL) { + error("RSA_new failed"); + } else { +- rsa->n = BN_bin2bn(attribs[1].pValue, +- attribs[1].ulValueLen, NULL); +- rsa->e = BN_bin2bn(attribs[2].pValue, +- attribs[2].ulValueLen, NULL); ++ BIGNUM *n=NULL, *e=NULL; ++ n = BN_new(); ++ e = BN_new(); ++ if (n == NULL || e == NULL) ++ error("BN_new alloc failed"); ++ if (BN_bin2bn(attribs[1].pValue, ++ attribs[1].ulValueLen, n) == NULL || ++ BN_bin2bn(attribs[2].pValue, ++ attribs[2].ulValueLen, e) == NULL) ++ error("BN_bin2bn failed"); ++ if (RSA_set0_key(rsa, n, e, NULL) == 0) ++ error("RSA_set0_key failed"); ++ n = e = NULL; + } + } else { + cp = attribs[2].pValue; +@@ -525,16 +536,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p + == NULL) { + error("d2i_X509 failed"); + } else if ((evp = X509_get_pubkey(x509)) == NULL || +- evp->type != EVP_PKEY_RSA || +- evp->pkey.rsa == NULL) { ++ EVP_PKEY_id(evp) != EVP_PKEY_RSA || ++ EVP_PKEY_get0_RSA(evp) == NULL) { + debug("X509_get_pubkey failed or no rsa"); +- } else if ((rsa = RSAPublicKey_dup(evp->pkey.rsa)) ++ } else if ((rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(evp))) + == NULL) { + error("RSAPublicKey_dup"); + } + X509_free(x509); + } +- if (rsa && rsa->n && rsa->e && ++ { ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, NULL); ++ if (rsa && n && e && + pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { + if ((key = sshkey_new(KEY_UNSPEC)) == NULL) + fatal("sshkey_new failed"); +@@ -554,6 +568,7 @@ pkcs11_fetch_keys_filter(struct pkcs11_p + } else if (rsa) { + RSA_free(rsa); + } ++ } + for (i = 0; i < 3; i++) + free(attribs[i].pValue); + } +diff -aurp old/ssh-rsa.c new/ssh-rsa.c +--- old/ssh-rsa.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/ssh-rsa.c 2018-08-23 21:31:53.334592801 -0700 +@@ -108,7 +108,6 @@ ssh_rsa_generate_additional_parameters(s + { + BIGNUM *aux = NULL; + BN_CTX *ctx = NULL; +- BIGNUM d; + int r; + + if (key == NULL || key->rsa == NULL || +@@ -123,16 +122,27 @@ ssh_rsa_generate_additional_parameters(s + } + BN_set_flags(aux, BN_FLG_CONSTTIME); + +- BN_init(&d); +- BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME); +- +- if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) || +- (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) || +- (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) || +- (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) { ++ { ++ const BIGNUM *q, *d, *p; ++ BIGNUM *dmq1=NULL, *dmp1=NULL; ++ if ((dmq1 = BN_new()) == NULL || ++ (dmp1 = BN_new()) == NULL ) { ++ r = SSH_ERR_ALLOC_FAIL; ++ goto out; ++ } ++ RSA_get0_key(key->rsa, NULL, NULL, &d); ++ RSA_get0_factors(key->rsa, &p, &q); ++ if ((BN_sub(aux, q, BN_value_one()) == 0) || ++ (BN_mod(dmq1, d, aux, ctx) == 0) || ++ (BN_sub(aux, p, BN_value_one()) == 0) || ++ (BN_mod(dmp1, d, aux, ctx) == 0) || ++ RSA_set0_crt_params(key->rsa, dmp1, dmq1, NULL) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; ++ BN_clear_free(dmp1); ++ BN_clear_free(dmq1); + goto out; + } ++ } + r = 0; + out: + BN_clear_free(aux); +@@ -163,7 +173,7 @@ ssh_rsa_sign(const struct sshkey *key, u + if (key == NULL || key->rsa == NULL || hash_alg == -1 || + sshkey_type_plain(key->type) != KEY_RSA) + return SSH_ERR_INVALID_ARGUMENT; +- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) ++ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) + return SSH_ERR_KEY_LENGTH; + slen = RSA_size(key->rsa); + if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) +@@ -235,7 +245,7 @@ ssh_rsa_verify(const struct sshkey *key, + sshkey_type_plain(key->type) != KEY_RSA || + sig == NULL || siglen == 0) + return SSH_ERR_INVALID_ARGUMENT; +- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) ++ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) + return SSH_ERR_KEY_LENGTH; + + if ((b = sshbuf_from(sig, siglen)) == NULL) +diff -aurp old/sshkey.c new/sshkey.c +--- old/sshkey.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/sshkey.c 2018-08-23 21:31:53.334592801 -0700 +@@ -292,10 +292,18 @@ sshkey_size(const struct sshkey *k) + #ifdef WITH_OPENSSL + case KEY_RSA: + case KEY_RSA_CERT: +- return BN_num_bits(k->rsa->n); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000UL ++ return RSA_bits(k->rsa); ++#else ++ return RSA_bits(key->rsa); ++#endif + case KEY_DSA: + case KEY_DSA_CERT: ++#if OPENSSL_VERSION_NUMBER >= 0x10100000UL ++ return DSA_bits(k->dsa); ++#else + return BN_num_bits(k->dsa->p); ++#endif + case KEY_ECDSA: + case KEY_ECDSA_CERT: + return sshkey_curve_nid_to_bits(k->ecdsa_nid); +@@ -500,26 +508,53 @@ sshkey_new(int type) + #ifdef WITH_OPENSSL + case KEY_RSA: + case KEY_RSA_CERT: ++ { ++ BIGNUM *n=NULL, *e=NULL; /* just allocate */ + if ((rsa = RSA_new()) == NULL || +- (rsa->n = BN_new()) == NULL || +- (rsa->e = BN_new()) == NULL) { ++ (n = BN_new()) == NULL || ++ (e = BN_new()) == NULL) { ++ BN_free(n); ++ BN_free(e); + RSA_free(rsa); + free(k); + return NULL; + } ++ BN_clear(n); BN_clear(e); ++ if (RSA_set0_key(rsa, n, e, NULL) == 0) ++ return NULL; ++ n = e = NULL; ++ } + k->rsa = rsa; + break; + case KEY_DSA: + case KEY_DSA_CERT: ++ { ++ BIGNUM *p=NULL, *q=NULL, *g=NULL, *pubkey=NULL; /* just allocate */ + if ((dsa = DSA_new()) == NULL || +- (dsa->p = BN_new()) == NULL || +- (dsa->q = BN_new()) == NULL || +- (dsa->g = BN_new()) == NULL || +- (dsa->pub_key = BN_new()) == NULL) { ++ (p = BN_new()) == NULL || ++ (q = BN_new()) == NULL || ++ (g = BN_new()) == NULL || ++ (pubkey = BN_new()) == NULL) { ++ BN_free(p); ++ BN_free(q); ++ BN_free(g); ++ BN_free(pubkey); + DSA_free(dsa); + free(k); + return NULL; + } ++ if (DSA_set0_pqg(dsa, p, q, g) == 0) { ++ BN_free(p); BN_free(q); BN_free(g); ++ BN_free(pubkey); ++ return NULL; ++ } ++ p = q = g = NULL; ++ if (DSA_set0_key(dsa, pubkey, NULL) == 0) { ++ BN_free(pubkey); ++ return NULL; ++ } ++ pubkey = NULL; ++ } + k->dsa = dsa; + break; + case KEY_ECDSA: +@@ -557,6 +592,51 @@ sshkey_add_private(struct sshkey *k) + #ifdef WITH_OPENSSL + case KEY_RSA: + case KEY_RSA_CERT: ++#if OPENSSL_VERSION_NUMBER >= 0x10100000UL ++ /* Allocate BIGNUM. This is a mess. ++ For OpenSSL 1.1.x API these shouldn't be mandatory, ++ but some regression tests for non-NULL pointer of ++ the data. */ ++#define new_or_dup(bn, nbn) \ ++ if (bn == NULL) { \ ++ if ((nbn = BN_new()) == NULL) \ ++ return SSH_ERR_ALLOC_FAIL; \ ++ } else { \ ++ /* otherwise use-after-free will occur */ \ ++ if ((nbn = BN_dup(bn)) == NULL) \ ++ return SSH_ERR_ALLOC_FAIL; \ ++ } ++ { ++ const BIGNUM *d, *iqmp, *q, *p, *dmq1, *dmp1; /* allocate if NULL */ ++ BIGNUM *nd, *niqmp, *nq, *np, *ndmq1, *ndmp1; ++ ++ RSA_get0_key(k->rsa, NULL, NULL, &d); ++ RSA_get0_factors(k->rsa, &p, &q); ++ RSA_get0_crt_params(k->rsa, &dmp1, &dmq1, &iqmp); ++ ++ new_or_dup(d, nd); ++ new_or_dup(iqmp, niqmp); ++ new_or_dup(q, nq); ++ new_or_dup(p, np); ++ new_or_dup(dmq1, ndmq1); ++ new_or_dup(dmp1, ndmp1); ++ ++ if (RSA_set0_key(k->rsa, NULL, NULL, nd) == 0) ++ goto error1; ++ nd = NULL; ++ if (RSA_set0_factors(k->rsa, np, nq) == 0) ++ goto error1; ++ np = nq = NULL; ++ if (RSA_set0_crt_params(k->rsa, ndmp1, ndmq1, niqmp) == 0) { ++error1: ++ BN_free(nd); ++ BN_free(np); BN_free(nq); ++ BN_free(ndmp1); BN_free(ndmq1); BN_free(niqmp); ++ return SSH_ERR_LIBCRYPTO_ERROR; ++ } ++ ndmp1 = ndmq1 = niqmp = NULL; ++ } ++#else + #define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) + if (bn_maybe_alloc_failed(k->rsa->d) || + bn_maybe_alloc_failed(k->rsa->iqmp) || +@@ -565,13 +645,28 @@ sshkey_add_private(struct sshkey *k) + bn_maybe_alloc_failed(k->rsa->dmq1) || + bn_maybe_alloc_failed(k->rsa->dmp1)) + return SSH_ERR_ALLOC_FAIL; ++#endif + break; + case KEY_DSA: + case KEY_DSA_CERT: ++#if OPENSSL_VERSION_NUMBER >= 0x10100000UL ++ { ++ const BIGNUM *priv_key; ++ BIGNUM *npriv_key; ++ DSA_get0_key(k->dsa, NULL, &priv_key); ++ new_or_dup(priv_key, npriv_key); ++ if (DSA_set0_key(k->dsa, NULL, npriv_key) == 0) { ++ BN_free(npriv_key); ++ return SSH_ERR_LIBCRYPTO_ERROR; ++ } ++ } ++#else + if (bn_maybe_alloc_failed(k->dsa->priv_key)) + return SSH_ERR_ALLOC_FAIL; ++#endif + break; + #undef bn_maybe_alloc_failed ++#undef new_or_dup + case KEY_ECDSA: + case KEY_ECDSA_CERT: + /* Cannot do anything until we know the group */ +@@ -695,16 +790,34 @@ sshkey_equal_public(const struct sshkey + #ifdef WITH_OPENSSL + case KEY_RSA_CERT: + case KEY_RSA: +- return a->rsa != NULL && b->rsa != NULL && +- BN_cmp(a->rsa->e, b->rsa->e) == 0 && +- BN_cmp(a->rsa->n, b->rsa->n) == 0; ++ { ++ const BIGNUM *a_e, *b_e, *a_n, *b_n; ++ const BIGNUM *a_d, *b_d; ++ if (a->rsa == NULL) return 0; ++ if (b->rsa == NULL) return 0; ++ RSA_get0_key(a->rsa, &a_n, &a_e, &a_d); ++ RSA_get0_key(b->rsa, &b_n, &b_e, &b_d); ++ return ++ BN_cmp(a_e, b_e) == 0 && ++ BN_cmp(a_n, b_n) == 0; ++ } + case KEY_DSA_CERT: + case KEY_DSA: +- return a->dsa != NULL && b->dsa != NULL && +- BN_cmp(a->dsa->p, b->dsa->p) == 0 && +- BN_cmp(a->dsa->q, b->dsa->q) == 0 && +- BN_cmp(a->dsa->g, b->dsa->g) == 0 && +- BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; ++ { ++ const BIGNUM *a_p, *a_q, *a_g, *a_pub_key; ++ const BIGNUM *b_p, *b_q, *b_g, *b_pub_key; ++ if (a->dsa == NULL) return 0; ++ if (b->dsa == NULL) return 0; ++ DSA_get0_pqg(a->dsa, &a_p, &a_q, &a_g); ++ DSA_get0_pqg(b->dsa, &b_p, &b_q, &b_g); ++ DSA_get0_key(a->dsa, &a_pub_key, NULL); ++ DSA_get0_key(b->dsa, &b_pub_key, NULL); ++ return ++ BN_cmp(a_p, b_p) == 0 && ++ BN_cmp(a_q, b_q) == 0 && ++ BN_cmp(a_g, b_g) == 0 && ++ BN_cmp(a_pub_key, b_pub_key) == 0; ++ } + # ifdef OPENSSL_HAS_ECC + case KEY_ECDSA_CERT: + case KEY_ECDSA: +@@ -793,12 +906,17 @@ to_blob_buf(const struct sshkey *key, st + case KEY_DSA: + if (key->dsa == NULL) + return SSH_ERR_INVALID_ARGUMENT; ++ { ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(key->dsa, &p, &q, &g); ++ DSA_get0_key(key->dsa, &pub_key, NULL); + if ((ret = sshbuf_put_cstring(b, typename)) != 0 || +- (ret = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || +- (ret = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || +- (ret = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || +- (ret = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0) ++ (ret = sshbuf_put_bignum2(b, p)) != 0 || ++ (ret = sshbuf_put_bignum2(b, q)) != 0 || ++ (ret = sshbuf_put_bignum2(b, g)) != 0 || ++ (ret = sshbuf_put_bignum2(b, pub_key)) != 0) + return ret; ++ } + break; + # ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: +@@ -814,10 +932,14 @@ to_blob_buf(const struct sshkey *key, st + case KEY_RSA: + if (key->rsa == NULL) + return SSH_ERR_INVALID_ARGUMENT; ++ { ++ const BIGNUM *e, *n; ++ RSA_get0_key(key->rsa, &n, &e, NULL); + if ((ret = sshbuf_put_cstring(b, typename)) != 0 || +- (ret = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || +- (ret = sshbuf_put_bignum2(b, key->rsa->n)) != 0) ++ (ret = sshbuf_put_bignum2(b, e)) != 0 || ++ (ret = sshbuf_put_bignum2(b, n)) != 0) + return ret; ++ } + break; + #endif /* WITH_OPENSSL */ + case KEY_ED25519: +@@ -1758,13 +1880,32 @@ sshkey_from_private(const struct sshkey + case KEY_DSA_CERT: + if ((n = sshkey_new(k->type)) == NULL) + return SSH_ERR_ALLOC_FAIL; +- if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || +- (BN_copy(n->dsa->q, k->dsa->q) == NULL) || +- (BN_copy(n->dsa->g, k->dsa->g) == NULL) || +- (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) { ++ { ++ const BIGNUM *p, *q, *g, *pub_key, *priv_key; ++ BIGNUM *cp=NULL, *cq=NULL, *cg=NULL, *cpub_key=NULL; ++ DSA_get0_pqg(k->dsa, &p, &q, &g); ++ DSA_get0_key(k->dsa, &pub_key, &priv_key); ++ if ((cp = BN_dup(p)) == NULL || ++ (cq = BN_dup(q)) == NULL || ++ (cg = BN_dup(g)) == NULL || ++ (cpub_key = BN_dup(pub_key)) == NULL) { ++ BN_free(cp); BN_free(cq); BN_free(cg); ++ BN_free(cpub_key); + sshkey_free(n); + return SSH_ERR_ALLOC_FAIL; + } ++ if (DSA_set0_pqg(n->dsa, cp, cq, cg) == 0) ++ goto error1; ++ cp = cq = cg = NULL; ++ if (DSA_set0_key(n->dsa, cpub_key, NULL) == 0) { ++error1: ++ BN_free(cp); BN_free(cq); BN_free(cg); ++ BN_free(cpub_key); ++ sshkey_free(n); ++ return SSH_ERR_LIBCRYPTO_ERROR; ++ } ++ cpub_key = NULL; ++ } + break; + # ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: +@@ -1788,11 +1929,23 @@ sshkey_from_private(const struct sshkey + case KEY_RSA_CERT: + if ((n = sshkey_new(k->type)) == NULL) + return SSH_ERR_ALLOC_FAIL; +- if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || +- (BN_copy(n->rsa->e, k->rsa->e) == NULL)) { ++ { ++ const BIGNUM *nn, *e, *d; ++ BIGNUM *cn=NULL, *ce=NULL; ++ RSA_get0_key(k->rsa, &nn, &e, &d); ++ if ((cn = BN_dup(nn)) == NULL || ++ (ce = BN_dup(e)) == NULL ) { ++ BN_free(cn); BN_free(ce); + sshkey_free(n); + return SSH_ERR_ALLOC_FAIL; + } ++ if (RSA_set0_key(n->rsa, cn, ce, NULL) == 0) { ++ BN_free(cn); BN_free(ce); ++ sshkey_free(n); ++ return SSH_ERR_LIBCRYPTO_ERROR; ++ } ++ cn = ce = NULL; ++ } + break; + #endif /* WITH_OPENSSL */ + case KEY_ED25519: +@@ -2013,12 +2166,27 @@ sshkey_from_blob_internal(struct sshbuf + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } +- if (sshbuf_get_bignum2(b, key->rsa->e) != 0 || +- sshbuf_get_bignum2(b, key->rsa->n) != 0) { ++ { ++ BIGNUM *e=NULL, *n=NULL; ++ if ((e = BN_new()) == NULL || ++ (n = BN_new()) == NULL ) { ++ ret = SSH_ERR_ALLOC_FAIL; ++ BN_free(e); BN_free(n); ++ goto out; ++ } ++ if (sshbuf_get_bignum2(b, e) != 0 || ++ sshbuf_get_bignum2(b, n) != 0) { + ret = SSH_ERR_INVALID_FORMAT; ++ BN_free(e); BN_free(n); + goto out; + } +- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { ++ if (RSA_set0_key(key->rsa, n, e, NULL) == 0) { ++ BN_free(e); BN_free(n); ++ return SSH_ERR_LIBCRYPTO_ERROR; ++ } ++ n = e = NULL; ++ } ++ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + ret = SSH_ERR_KEY_LENGTH; + goto out; + } +@@ -2038,13 +2206,36 @@ sshkey_from_blob_internal(struct sshbuf + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } +- if (sshbuf_get_bignum2(b, key->dsa->p) != 0 || +- sshbuf_get_bignum2(b, key->dsa->q) != 0 || +- sshbuf_get_bignum2(b, key->dsa->g) != 0 || +- sshbuf_get_bignum2(b, key->dsa->pub_key) != 0) { ++ { ++ BIGNUM *p=NULL, *q=NULL, *g=NULL, *pub_key=NULL; ++ if ((p = BN_new()) == NULL || ++ (q = BN_new()) == NULL || ++ (g = BN_new()) == NULL || ++ (pub_key = BN_new()) == NULL) { ++ ret = SSH_ERR_ALLOC_FAIL; ++ goto error1; ++ } ++ if (sshbuf_get_bignum2(b, p) != 0 || ++ sshbuf_get_bignum2(b, q) != 0 || ++ sshbuf_get_bignum2(b, g) != 0 || ++ sshbuf_get_bignum2(b, pub_key) != 0) { + ret = SSH_ERR_INVALID_FORMAT; ++ goto error1; ++ } ++ if (DSA_set0_pqg(key->dsa, p, q, g) == 0) { ++ ret = SSH_ERR_LIBCRYPTO_ERROR; ++ goto error1; ++ } ++ p = q = g = NULL; ++ if (DSA_set0_key(key->dsa, pub_key, NULL) == 0) { ++ ret = SSH_ERR_LIBCRYPTO_ERROR; ++error1: ++ BN_free(p); BN_free(q); BN_free(g); ++ BN_free(pub_key); + goto out; + } ++ pub_key = NULL; ++ } + #ifdef DEBUG_PK + DSA_print_fp(stderr, key->dsa, 8); + #endif +@@ -2389,26 +2580,63 @@ sshkey_demote(const struct sshkey *k, st + goto fail; + /* FALLTHROUGH */ + case KEY_RSA: +- if ((pk->rsa = RSA_new()) == NULL || +- (pk->rsa->e = BN_dup(k->rsa->e)) == NULL || +- (pk->rsa->n = BN_dup(k->rsa->n)) == NULL) { ++ if ((pk->rsa = RSA_new()) == NULL ){ + ret = SSH_ERR_ALLOC_FAIL; + goto fail; + } ++ { ++ const BIGNUM *ke, *kn; ++ BIGNUM *pke=NULL, *pkn=NULL; ++ RSA_get0_key(k->rsa, &kn, &ke, NULL); ++ if ((pke = BN_dup(ke)) == NULL || ++ (pkn = BN_dup(kn)) == NULL) { ++ ret = SSH_ERR_ALLOC_FAIL; ++ BN_free(pke); BN_free(pkn); ++ goto fail; ++ } ++ if (RSA_set0_key(pk->rsa, pkn, pke, NULL) == 0) { ++ ret = SSH_ERR_LIBCRYPTO_ERROR; ++ BN_free(pke); BN_free(pkn); ++ goto fail; ++ } ++ pkn = pke = NULL; ++ } + break; + case KEY_DSA_CERT: + if ((ret = sshkey_cert_copy(k, pk)) != 0) + goto fail; + /* FALLTHROUGH */ + case KEY_DSA: +- if ((pk->dsa = DSA_new()) == NULL || +- (pk->dsa->p = BN_dup(k->dsa->p)) == NULL || +- (pk->dsa->q = BN_dup(k->dsa->q)) == NULL || +- (pk->dsa->g = BN_dup(k->dsa->g)) == NULL || +- (pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) { ++ if ((pk->dsa = DSA_new()) == NULL ) { + ret = SSH_ERR_ALLOC_FAIL; + goto fail; + } ++ { ++ const BIGNUM *kp, *kq, *kg, *kpub_key; ++ BIGNUM *pkp=NULL, *pkq=NULL, *pkg=NULL, *pkpub_key=NULL; ++ DSA_get0_pqg(k->dsa, &kp, &kq, &kg); ++ DSA_get0_key(k->dsa, &kpub_key, NULL); ++ if ((pkp = BN_dup(kp)) == NULL || ++ (pkq = BN_dup(kq)) == NULL || ++ (pkg = BN_dup(kg)) == NULL || ++ (pkpub_key = BN_dup(kpub_key)) == NULL) { ++ ret = SSH_ERR_ALLOC_FAIL; ++ goto error1; ++ } ++ if (DSA_set0_pqg(pk->dsa, pkp, pkq, pkg) == 0) { ++ ret = SSH_ERR_LIBCRYPTO_ERROR; ++ goto error1; ++ } ++ pkp = pkq = pkg = NULL; ++ if (DSA_set0_key(pk->dsa, pkpub_key, NULL) == 0) { ++ ret = SSH_ERR_LIBCRYPTO_ERROR; ++error1: ++ BN_free(pkp); BN_free(pkq); BN_free(pkg); ++ BN_free(pkpub_key); ++ goto fail; ++ } ++ pkpub_key = NULL; ++ } + break; + case KEY_ECDSA_CERT: + if ((ret = sshkey_cert_copy(k, pk)) != 0) +@@ -2558,11 +2786,17 @@ sshkey_certify_custom(struct sshkey *k, + switch (k->type) { + #ifdef WITH_OPENSSL + case KEY_DSA_CERT: +- if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 || +- (ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 || +- (ret = sshbuf_put_bignum2(cert, k->dsa->g)) != 0 || +- (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0) ++ { ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(k->dsa, &p, &q, &g); ++ DSA_get0_key(k->dsa, &pub_key, NULL); ++ if ((ret = sshbuf_put_bignum2(cert, p)) != 0 || ++ (ret = sshbuf_put_bignum2(cert, q)) != 0 || ++ (ret = sshbuf_put_bignum2(cert, g)) != 0 || ++ (ret = sshbuf_put_bignum2(cert, pub_key)) != 0) { + goto out; ++ } ++ } + break; + # ifdef OPENSSL_HAS_ECC + case KEY_ECDSA_CERT: +@@ -2575,9 +2809,15 @@ sshkey_certify_custom(struct sshkey *k, + break; + # endif /* OPENSSL_HAS_ECC */ + case KEY_RSA_CERT: +- if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 || +- (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0) ++ { ++ const BIGNUM *e, *n; ++ RSA_get0_key(k->rsa, &n, &e, NULL); ++ if (n == NULL || e == NULL || ++ (ret = sshbuf_put_bignum2(cert, e)) != 0 || ++ (ret = sshbuf_put_bignum2(cert, n)) != 0) { + goto out; ++ } ++ } + break; + #endif /* WITH_OPENSSL */ + case KEY_ED25519_CERT: +@@ -2764,42 +3004,67 @@ sshkey_private_serialize_opt(const struc + switch (key->type) { + #ifdef WITH_OPENSSL + case KEY_RSA: +- if ((r = sshbuf_put_bignum2(b, key->rsa->n)) != 0 || +- (r = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || +- (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || +- (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || +- (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || +- (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) ++ { ++ const BIGNUM *n, *e, *d, *iqmp, *p, *q; ++ RSA_get0_key(key->rsa, &n, &e, &d); ++ RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp); ++ RSA_get0_factors(key->rsa, &p, &q); ++ if ((r = sshbuf_put_bignum2(b, n)) != 0 || ++ (r = sshbuf_put_bignum2(b, e)) != 0 || ++ (r = sshbuf_put_bignum2(b, d)) != 0 || ++ (r = sshbuf_put_bignum2(b, iqmp)) != 0 || ++ (r = sshbuf_put_bignum2(b, p)) != 0 || ++ (r = sshbuf_put_bignum2(b, q)) != 0) { + goto out; ++ } ++ } + break; + case KEY_RSA_CERT: + if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } ++ { ++ const BIGNUM *d, *iqmp, *p, *q; ++ RSA_get0_key(key->rsa, NULL, NULL, &d); ++ RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp); ++ RSA_get0_factors(key->rsa, &p, &q); + if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || +- (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || +- (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || +- (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || +- (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) ++ (r = sshbuf_put_bignum2(b, d)) != 0 || ++ (r = sshbuf_put_bignum2(b, iqmp)) != 0 || ++ (r = sshbuf_put_bignum2(b, p)) != 0 || ++ (r = sshbuf_put_bignum2(b, q)) != 0) { + goto out; ++ } ++ } + break; + case KEY_DSA: +- if ((r = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || +- (r = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || +- (r = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || +- (r = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0 || +- (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) ++ { ++ const BIGNUM *p, *q, *g, *pub_key, *priv_key; ++ DSA_get0_pqg(key->dsa, &p, &q, &g); ++ DSA_get0_key(key->dsa, &pub_key, &priv_key); ++ if ((r = sshbuf_put_bignum2(b, p)) != 0 || ++ (r = sshbuf_put_bignum2(b, q)) != 0 || ++ (r = sshbuf_put_bignum2(b, g)) != 0 || ++ (r = sshbuf_put_bignum2(b, pub_key)) != 0 || ++ (r = sshbuf_put_bignum2(b, priv_key)) != 0) { + goto out; ++ } ++ } + break; + case KEY_DSA_CERT: + if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } ++ { ++ const BIGNUM *priv_key; ++ DSA_get0_key(key->dsa, NULL, &priv_key); + if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || +- (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) ++ (r = sshbuf_put_bignum2(b, priv_key)) != 0) { + goto out; ++ } ++ } + break; + # ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: +@@ -2913,18 +3178,61 @@ sshkey_private_deserialize(struct sshbuf + r = SSH_ERR_ALLOC_FAIL; + goto out; + } +- if ((r = sshbuf_get_bignum2(buf, k->dsa->p)) != 0 || +- (r = sshbuf_get_bignum2(buf, k->dsa->q)) != 0 || +- (r = sshbuf_get_bignum2(buf, k->dsa->g)) != 0 || +- (r = sshbuf_get_bignum2(buf, k->dsa->pub_key)) != 0 || +- (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) ++ { ++ BIGNUM *p=NULL, *q=NULL, *g=NULL, *pub_key=NULL, *priv_key=NULL; ++ if ((p = BN_new()) == NULL || ++ (q = BN_new()) == NULL || ++ (g = BN_new()) == NULL || ++ (pub_key = BN_new()) == NULL || ++ (priv_key = BN_new()) == NULL) { ++ r = SSH_ERR_ALLOC_FAIL; ++ goto error1; ++ } ++ if (p == NULL || q == NULL || g == NULL || ++ pub_key == NULL || priv_key == NULL || ++ (r = sshbuf_get_bignum2(buf, p)) != 0 || ++ (r = sshbuf_get_bignum2(buf, q)) != 0 || ++ (r = sshbuf_get_bignum2(buf, g)) != 0 || ++ (r = sshbuf_get_bignum2(buf, pub_key)) != 0 || ++ (r = sshbuf_get_bignum2(buf, priv_key)) != 0) { ++ goto error1; ++ } ++ if (DSA_set0_pqg(k->dsa, p, q, g) == 0) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++ goto error1; ++ } ++ p = q = g = NULL; ++ if (DSA_set0_key(k->dsa, pub_key, priv_key) == 0) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++error1: ++ BN_free(p); BN_free(q); BN_free(g); ++ BN_free(pub_key); BN_free(priv_key); + goto out; ++ } ++ pub_key = priv_key = NULL; ++ } + break; + case KEY_DSA_CERT: +- if ((r = sshkey_froms(buf, &k)) != 0 || ++ { ++ BIGNUM *priv_key=NULL; ++ if ((priv_key = BN_new()) == NULL) { ++ r = SSH_ERR_ALLOC_FAIL; ++ goto out; ++ } ++ if (priv_key == NULL || ++ (r = sshkey_froms(buf, &k)) != 0 || + (r = sshkey_add_private(k)) != 0 || +- (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) ++ (r = sshbuf_get_bignum2(buf, priv_key)) != 0) { ++ BN_free(priv_key); ++ goto out; ++ } ++ if (DSA_set0_key(k->dsa, NULL, priv_key) == 0) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++ BN_free(priv_key); + goto out; ++ } ++ priv_key = NULL; ++ } + break; + # ifdef OPENSSL_HAS_ECC + case KEY_ECDSA: +@@ -2983,29 +3291,104 @@ sshkey_private_deserialize(struct sshbuf + r = SSH_ERR_ALLOC_FAIL; + goto out; + } +- if ((r = sshbuf_get_bignum2(buf, k->rsa->n)) != 0 || +- (r = sshbuf_get_bignum2(buf, k->rsa->e)) != 0 || +- (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || +- (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || +- (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || +- (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || +- (r = ssh_rsa_generate_additional_parameters(k)) != 0) ++ { ++ BIGNUM *n=NULL, *e=NULL, *d=NULL, *iqmp=NULL, *p=NULL, *q=NULL; ++ BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy for RSA_set0_crt_params */ ++ if ((n = BN_new()) == NULL || ++ (e = BN_new()) == NULL || ++ (d = BN_new()) == NULL || ++ (iqmp = BN_new()) == NULL || ++ (p = BN_new()) == NULL || ++ (q = BN_new()) == NULL || ++ (dmp1 = BN_new()) == NULL || ++ (dmq1 = BN_new()) == NULL) { ++ r = SSH_ERR_ALLOC_FAIL; ++ goto error2; ++ } ++ BN_clear(dmp1); BN_clear(dmq1); ++ if ((r = sshbuf_get_bignum2(buf, n)) != 0 || ++ (r = sshbuf_get_bignum2(buf, e)) != 0 || ++ (r = sshbuf_get_bignum2(buf, d)) != 0 || ++ (r = sshbuf_get_bignum2(buf, iqmp)) != 0 || ++ (r = sshbuf_get_bignum2(buf, p)) != 0 || ++ (r = sshbuf_get_bignum2(buf, q)) != 0) { ++ goto error2; ++ } ++ if (RSA_set0_key(k->rsa, n, e, d) == 0) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++ goto error2; ++ } ++ n = e = d = NULL; ++ /* dmp1,dmpq1 should be non NULL to set iqmp value */ ++ if (RSA_set0_crt_params(k->rsa, dmp1, dmq1, iqmp) == 0) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++ goto error2; ++ } ++ dmp1 = dmq1 = iqmp = NULL; ++ if (RSA_set0_factors(k->rsa, p, q) == 0) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++ error2: ++ BN_free(n); BN_free(e); BN_free(d); ++ BN_free(iqmp); ++ BN_free(p); BN_free(q); ++ BN_free(dmp1); BN_free(dmq1); ++ goto out; ++ } ++ p = q = NULL; ++ if ((r = ssh_rsa_generate_additional_parameters(k)) != 0) { + goto out; +- if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { ++ } ++ } ++ if (RSA_bits(k->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + r = SSH_ERR_KEY_LENGTH; + goto out; + } + break; + case KEY_RSA_CERT: ++ { ++ BIGNUM *d=NULL, *iqmp=NULL, *p=NULL, *q=NULL; ++ BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy for RSA_set0_crt_params */ ++ if ((d = BN_new()) == NULL || ++ (iqmp = BN_new()) == NULL || ++ (p = BN_new()) == NULL || ++ (q = BN_new()) == NULL || ++ (dmp1 = BN_new()) == NULL || ++ (dmq1 = BN_new()) == NULL) { ++ r = SSH_ERR_ALLOC_FAIL; ++ goto error3; ++ } ++ BN_clear(dmp1); BN_clear(dmq1); + if ((r = sshkey_froms(buf, &k)) != 0 || + (r = sshkey_add_private(k)) != 0 || +- (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || +- (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || +- (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || +- (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || +- (r = ssh_rsa_generate_additional_parameters(k)) != 0) ++ (r = sshbuf_get_bignum2(buf, d)) != 0 || ++ (r = sshbuf_get_bignum2(buf, iqmp)) != 0 || ++ (r = sshbuf_get_bignum2(buf, p)) != 0 || ++ (r = sshbuf_get_bignum2(buf, q)) != 0) { ++ goto error3; ++ } ++ if (RSA_set0_key(k->rsa, NULL, NULL, d) == 0) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++ goto error3; ++ } ++ /* dmp1,dmpq1 should be non NULL to set value */ ++ if (RSA_set0_crt_params(k->rsa, dmp1, dmq1, iqmp) == 0) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++ goto error3; ++ } ++ dmp1 = dmq1 = iqmp = NULL; ++ if (RSA_set0_factors(k->rsa, p, q) == 0) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++ error3: ++ BN_free(d); BN_free(iqmp); ++ BN_free(p); BN_free(q); ++ BN_free(dmp1); BN_free(dmq1); + goto out; +- if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { ++ } ++ p = q = NULL; ++ if ((r = ssh_rsa_generate_additional_parameters(k)) != 0) ++ goto out; ++ } ++ if (RSA_bits(k->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + r = SSH_ERR_KEY_LENGTH; + goto out; + } +@@ -3769,7 +4152,6 @@ translate_libcrypto_error(unsigned long + switch (pem_reason) { + case EVP_R_BAD_DECRYPT: + return SSH_ERR_KEY_WRONG_PASSPHRASE; +- case EVP_R_BN_DECODE_ERROR: + case EVP_R_DECODE_ERROR: + #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR + case EVP_R_PRIVATE_KEY_DECODE_ERROR: +@@ -3834,7 +4216,7 @@ sshkey_parse_private_pem_fileblob(struct + r = convert_libcrypto_error(); + goto out; + } +- if (pk->type == EVP_PKEY_RSA && ++ if (EVP_PKEY_id(pk) == EVP_PKEY_RSA && + (type == KEY_UNSPEC || type == KEY_RSA)) { + if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; +@@ -3849,11 +4231,11 @@ sshkey_parse_private_pem_fileblob(struct + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } +- if (BN_num_bits(prv->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { ++ if (RSA_bits(prv->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + r = SSH_ERR_KEY_LENGTH; + goto out; + } +- } else if (pk->type == EVP_PKEY_DSA && ++ } else if (EVP_PKEY_id(pk) == EVP_PKEY_DSA && + (type == KEY_UNSPEC || type == KEY_DSA)) { + if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; +@@ -3865,7 +4247,7 @@ sshkey_parse_private_pem_fileblob(struct + DSA_print_fp(stderr, prv->dsa, 8); + #endif + #ifdef OPENSSL_HAS_ECC +- } else if (pk->type == EVP_PKEY_EC && ++ } else if (EVP_PKEY_id(pk) == EVP_PKEY_EC && + (type == KEY_UNSPEC || type == KEY_ECDSA)) { + if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; diff --git a/disabled-packages/openssl/Configurations-15-android.conf.patch b/packages/openssl/Configurations-15-android.conf.patch similarity index 100% rename from disabled-packages/openssl/Configurations-15-android.conf.patch rename to packages/openssl/Configurations-15-android.conf.patch diff --git a/packages/openssl/Configure.patch b/packages/openssl/Configure.patch deleted file mode 100644 index f66cef874..000000000 --- a/packages/openssl/Configure.patch +++ /dev/null @@ -1,48 +0,0 @@ -The first chunks are to set custom CFLAGS. - -The last chunk is a fix for the no-hw option - see no-hw-option.patch - -diff -u -r ../openssl-1.0.2h/Configure ./Configure ---- ../openssl-1.0.2h/Configure 2016-05-03 09:44:42.000000000 -0400 -+++ ./Configure 2016-06-21 17:46:40.583766442 -0400 -@@ -403,7 +403,7 @@ - # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 - # - "linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-aarch64","gcc: TERMUX_CFLAGS -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - # Configure script adds minimally required -march for assembly support, - # if no -march was specified at command line. mips32 and mips64 below - # refer to contemporary MIPS Architecture specifications, MIPS32 and -@@ -421,7 +421,7 @@ - "linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", - "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-x86_64", "gcc:-m64 -DL_ENDIAN TERMUX_CFLAGS -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - "linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - "debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - "linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -@@ -469,10 +469,10 @@ - "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - - # Android: linux-* but without pointers to headers and libs. --"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"android","gcc: TERMUX_CFLAGS -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"android-x86","gcc: TERMUX_CFLAGS -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"android-armv7","gcc: TERMUX_CFLAGS -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"android-mips","gcc: TERMUX_CFLAGS -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - - #### *BSD [do see comment about ${BSDthreads} above!] - "BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -@@ -1157,6 +1157,7 @@ - print " OPENSSL_NO_$ALGO"; - - if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; } -+ elsif (/^hw$/) { $flags .= "-DOPENSSL_NO_HW "; } - elsif (/^asm$/) { $no_asm = 1; } - } - else diff --git a/disabled-packages/openssl/apps-ocsp.c.patch b/packages/openssl/apps-ocsp.c.patch similarity index 100% rename from disabled-packages/openssl/apps-ocsp.c.patch rename to packages/openssl/apps-ocsp.c.patch diff --git a/packages/openssl/build.sh b/packages/openssl/build.sh index 152b08abe..e8e344335 100755 --- a/packages/openssl/build.sh +++ b/packages/openssl/build.sh @@ -1,45 +1,41 @@ TERMUX_PKG_HOMEPAGE=https://www.openssl.org/ TERMUX_PKG_DESCRIPTION="Library implementing the SSL and TLS protocols as well as general purpose cryptography functions" TERMUX_PKG_DEPENDS="ca-certificates" -TERMUX_PKG_VERSION=1.0.2p -TERMUX_PKG_SHA256=50a98e07b1a89eb8f6a99477f262df71c6fa7bef77df4dc83025a2845c827d00 -TERMUX_PKG_SRCURL=https://www.openssl.org/source/openssl-${TERMUX_PKG_VERSION}.tar.gz +TERMUX_PKG_VERSION=1.1.1 +TERMUX_PKG_SHA256=2836875a0f89c03d0fdf483941512613a50cfb421d6fd94b9f41d7279d586a3d +TERMUX_PKG_SRCURL=https://www.openssl.org/source/openssl-${TERMUX_PKG_VERSION/\~/-}.tar.gz TERMUX_PKG_RM_AFTER_INSTALL="bin/c_rehash etc/ssl/misc" TERMUX_PKG_BUILD_IN_SRC=yes -# Avoid assembly errors, see -# https://github.com/android-ndk/ndk/issues/144 -# https://github.com/openssl/openssl/issues/1498 -# May be fixed in later openssl version. -if [ "$TERMUX_ARCH" = arm ]; then - TERMUX_PKG_CLANG=no -fi # Information about compilation and installation of openssl: # http://wiki.openssl.org/index.php/Compilation_and_Installation termux_step_configure () { + CFLAGS+=" -DNO_SYSLOG" + perl -p -i -e "s@TERMUX_CFLAGS@$CFLAGS@g" Configure rm -Rf $TERMUX_PREFIX/lib/libcrypto.* $TERMUX_PREFIX/lib/libssl.* - test $TERMUX_ARCH = "arm" && TERMUX_OPENSSL_PLATFORM="android-armv7" - test $TERMUX_ARCH = "aarch64" && TERMUX_OPENSSL_PLATFORM="linux-aarch64" + test $TERMUX_ARCH = "arm" && TERMUX_OPENSSL_PLATFORM="android-arm" + test $TERMUX_ARCH = "aarch64" && TERMUX_OPENSSL_PLATFORM="android-arm64" test $TERMUX_ARCH = "i686" && TERMUX_OPENSSL_PLATFORM="android-x86" - test $TERMUX_ARCH = "x86_64" && TERMUX_OPENSSL_PLATFORM="linux-x86_64" + test $TERMUX_ARCH = "x86_64" && TERMUX_OPENSSL_PLATFORM="android-x86_64" # If enabling zlib-dynamic we need "zlib-dynamic" instead of "no-comp no-dso": ./Configure $TERMUX_OPENSSL_PLATFORM \ --prefix=$TERMUX_PREFIX \ --openssldir=$TERMUX_PREFIX/etc/tls \ shared \ + no-ssl \ no-comp \ no-dso \ - no-ssl2 \ no-hw \ - no-engines \ - no-srp + no-engine \ + no-srp \ + no-tests } termux_step_make () { make depend - make -j 1 all + make -j $TERMUX_MAKE_PROCESSES all } termux_step_make_install () { diff --git a/packages/openssl/e_os.h.patch b/packages/openssl/e_os.h.patch index 7246f098e..2d5b44969 100644 --- a/packages/openssl/e_os.h.patch +++ b/packages/openssl/e_os.h.patch @@ -10,14 +10,3 @@ diff -uNr openssl-1.0.2o/e_os.h openssl-1.0.2o.mod/e_os.h # endif # if defined(OPENSSL_SYS_VXWORKS) -@@ -723,6 +723,10 @@ - # define NO_SYSLOG - # endif - -+#ifdef __ANDROID__ -+# define NO_SYSLOG -+#endif -+ - /* vxworks */ - # if defined(OPENSSL_SYS_VXWORKS) - # include diff --git a/packages/openssl/no-hw-option.patch b/packages/openssl/no-hw-option.patch deleted file mode 100644 index 95357215b..000000000 --- a/packages/openssl/no-hw-option.patch +++ /dev/null @@ -1,27 +0,0 @@ -"openssl 1.0.0b fails to install when compiled with the no-hw option" -http://rt.openssl.org/Ticket/Display.html?id=2384&user=guest&pass=guest - -On part is extracted to Configure.patch - -diff -u -r ../openssl-1.0.1f/engines/Makefile ./engines/Makefile ---- ../openssl-1.0.1f/engines/Makefile 2014-01-06 15:36:06.000000000 +0100 -+++ ./engines/Makefile 2014-03-02 22:04:09.000000000 +0100 -@@ -113,6 +113,7 @@ - pfx=lib; \ - if [ "$(PLATFORM)" != "Cygwin" ]; then \ - case "$(CFLAGS)" in \ -+ *OPENSSL_NO_HW*) echo ... skipping install OPENSSL_NO_HW defined; continue;; \ - *DSO_BEOS*) sfx=".so";; \ - *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \ - *DSO_DL*) sfx=".sl";; \ -diff -u -r ../openssl-1.0.1f/engines/ccgost/Makefile ./engines/ccgost/Makefile ---- ../openssl-1.0.1f/engines/ccgost/Makefile 2014-01-06 15:36:06.000000000 +0100 -+++ ./engines/ccgost/Makefile 2014-03-02 22:04:09.000000000 +0100 -@@ -47,6 +47,7 @@ - pfx=lib; \ - if [ "$(PLATFORM)" != "Cygwin" ]; then \ - case "$(CFLAGS)" in \ -+ *OPENSSL_NO_HW*) echo ... skipping install OPENSSL_NO_HW defined; exit;; \ - *DSO_BEOS*) sfx=".so";; \ - *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \ - *DSO_DL*) sfx=".sl";; \ diff --git a/packages/php/build.sh b/packages/php/build.sh index 30616fe53..3e43d713c 100644 --- a/packages/php/build.sh +++ b/packages/php/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://php.net TERMUX_PKG_DESCRIPTION="Server-side, HTML-embedded scripting language" TERMUX_PKG_VERSION=7.2.9 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=3585c1222e00494efee4f5a65a8e03a1e6eca3dfb834814236ee7f02c5248ae0 TERMUX_PKG_SRCURL=https://secure.php.net/distributions/php-${TERMUX_PKG_VERSION}.tar.xz # Build native php for phar to build (see pear-Makefile.frag.patch): diff --git a/packages/picolisp/build.sh b/packages/picolisp/build.sh index db318e033..912db84a9 100644 --- a/packages/picolisp/build.sh +++ b/packages/picolisp/build.sh @@ -2,6 +2,7 @@ TERMUX_PKG_HOMEPAGE=https://picolisp.com TERMUX_PKG_DESCRIPTION="Lisp interpreter and application server framework" TERMUX_PKG_DEPENDS="libcrypt, openssl" TERMUX_PKG_VERSION=18.7.18 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=b88ab3c65d014b653be2aac90b36bb303b6f888954f994cb98eb2a44852f19df # We use our bintray mirror since old version snapshots are not kept on main site. TERMUX_PKG_SRCURL=https://dl.bintray.com/termux/upstream/picolisp_${TERMUX_PKG_VERSION}.tar.gz diff --git a/packages/postgresql/build.sh b/packages/postgresql/build.sh index b001c0ec2..62fba05ed 100644 --- a/packages/postgresql/build.sh +++ b/packages/postgresql/build.sh @@ -2,6 +2,7 @@ TERMUX_PKG_HOMEPAGE=https://www.postgresql.org TERMUX_PKG_DESCRIPTION="Object-relational SQL database" TERMUX_PKG_MAINTAINER='Vishal Biswas @vishalbiswas' TERMUX_PKG_VERSION=10.5 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=6c8e616c91a45142b85c0aeb1f29ebba4a361309e86469e0fb4617b6a73c4011 TERMUX_PKG_SRCURL=https://ftp.postgresql.org/pub/source/v$TERMUX_PKG_VERSION/postgresql-$TERMUX_PKG_VERSION.tar.bz2 TERMUX_PKG_DEPENDS="openssl, libcrypt, readline, libandroid-shmem, libuuid, libxml2" diff --git a/packages/pure-ftpd/build.sh b/packages/pure-ftpd/build.sh index 859830c60..61855b666 100644 --- a/packages/pure-ftpd/build.sh +++ b/packages/pure-ftpd/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://www.pureftpd.org/project/pure-ftpd TERMUX_PKG_DESCRIPTION="Pure-FTPd is a free (BSD), secure, production-quality and standard-conformant FTP server" TERMUX_PKG_VERSION=1.0.47 +TERMUX_PKG_REVISION=2 TERMUX_PKG_SRCURL=https://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-$TERMUX_PKG_VERSION.tar.gz TERMUX_PKG_SHA256=4740c316f5df879a2d68464489fb9b8b90113fe7dce58e2cdd2054a4768f27ad TERMUX_PKG_DEPENDS="libcrypt, openssl" diff --git a/packages/python/build.sh b/packages/python/build.sh index e2467e614..9cd65e9d3 100644 --- a/packages/python/build.sh +++ b/packages/python/build.sh @@ -3,6 +3,7 @@ TERMUX_PKG_DESCRIPTION="Python 3 programming language intended to enable clear p TERMUX_PKG_DEPENDS="libandroid-support, ncurses, readline, libffi, openssl, libutil, libbz2, libsqlite, gdbm, ncurses-ui-libs, libcrypt, liblzma" _MAJOR_VERSION=3.6 TERMUX_PKG_VERSION=${_MAJOR_VERSION}.6 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=d79bc15d456e73a3173a2938f18a17e5149c850ebdedf84a78067f501ee6e16f TERMUX_PKG_SRCURL=https://www.python.org/ftp/python/${TERMUX_PKG_VERSION}/Python-${TERMUX_PKG_VERSION}.tar.xz diff --git a/packages/python2/build.sh b/packages/python2/build.sh index adc3e00c3..6a690fdb3 100644 --- a/packages/python2/build.sh +++ b/packages/python2/build.sh @@ -9,7 +9,7 @@ TERMUX_PKG_HOSTBUILD=true _MAJOR_VERSION=2.7 TERMUX_PKG_VERSION=${_MAJOR_VERSION}.15 -TERMUX_PKG_REVISION=2 +TERMUX_PKG_REVISION=3 TERMUX_PKG_SHA256=22d9b1ac5b26135ad2b8c2901a9413537e08749a753356ee913c84dbd2df5574 TERMUX_PKG_SRCURL=https://www.python.org/ftp/python/${TERMUX_PKG_VERSION}/Python-${TERMUX_PKG_VERSION}.tar.xz diff --git a/packages/qalc/build.sh b/packages/qalc/build.sh index d30c9ded4..b67bca962 100644 --- a/packages/qalc/build.sh +++ b/packages/qalc/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://qalculate.github.io/ TERMUX_PKG_DESCRIPTION="Powerful and easy to use command line calculator" TERMUX_PKG_VERSION=2.6.2 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=bb52944426646a369a3b113d79f19bb92c7569bb3801f65f4fd416bed67e98d7 TERMUX_PKG_SRCURL=https://github.com/Qalculate/libqalculate/releases/download/v$TERMUX_PKG_VERSION/libqalculate-$TERMUX_PKG_VERSION.tar.gz TERMUX_PKG_DEPENDS="libcurl, libmpfr, libxml2, readline, libgmp" diff --git a/packages/rhash/build.sh b/packages/rhash/build.sh index 13982d5be..68d1e2d9c 100644 --- a/packages/rhash/build.sh +++ b/packages/rhash/build.sh @@ -1,7 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://github.com/rhash/RHash TERMUX_PKG_DESCRIPTION="Console utility for calculation and verification of magnet links and a wide range of hash sums" TERMUX_PKG_VERSION=1.3.6 -TERMUX_PKG_REVISION=3 +TERMUX_PKG_REVISION=4 TERMUX_PKG_SHA256=964df972b60569b5cb35ec989ced195ab8ea514fc46a74eab98e86569ffbcf92 TERMUX_PKG_SRCURL=https://github.com/rhash/RHash/archive/v$TERMUX_PKG_VERSION.tar.gz TERMUX_PKG_DEPENDS="openssl" diff --git a/packages/rtmpdump/build.sh b/packages/rtmpdump/build.sh index e0d3caa04..80d380f08 100644 --- a/packages/rtmpdump/build.sh +++ b/packages/rtmpdump/build.sh @@ -1,8 +1,11 @@ TERMUX_PKG_HOMEPAGE=https://rtmpdump.mplayerhq.hu/ TERMUX_PKG_DESCRIPTION="Small dumper for media content streamed over the RTMP protocol" +# NOTE: Special handling of unofficial support for openssl 1.1 from +# https://gitlab.com/JudgeZarbi/RTMPDump-OpenSSL-1.1 TERMUX_PKG_VERSION=2.4 -TERMUX_PKG_SRCURL=http://dev.gentoo.org/~hwoarang/distfiles/rtmpdump-${TERMUX_PKG_VERSION}.tar.gz -TERMUX_PKG_SHA256=51f54d37907f19bfa00219d57ec6e12d09458bb31360e8cf004883df745f094c +TERMUX_PKG_REVISION=1 +TERMUX_PKG_SRCURL=https://gitlab.com/JudgeZarbi/RTMPDump-OpenSSL-1.1/-/archive/019592918b0f961104eaf71b56c1db0fa26ed497/RTMPDump-OpenSSL-1.1-019592918b0f961104eaf71b56c1db0fa26ed497.tar.bz2 +TERMUX_PKG_SHA256=42978d5b1cfe9fe4e01305f81c183935056a6c1ad46b9cd2e582f9147196fa87 TERMUX_PKG_BUILD_IN_SRC=yes TERMUX_PKG_DEPENDS="openssl" TERMUX_PKG_MAINTAINER="Pierre Rudloff @Rudloff" diff --git a/packages/ruby/build.sh b/packages/ruby/build.sh index 0fd773584..7a5003eda 100644 --- a/packages/ruby/build.sh +++ b/packages/ruby/build.sh @@ -2,7 +2,7 @@ TERMUX_PKG_HOMEPAGE=https://www.ruby-lang.org/ TERMUX_PKG_DESCRIPTION="Dynamic programming language with a focus on simplicity and productivity" _MAJOR_VERSION=2.5 TERMUX_PKG_VERSION=${_MAJOR_VERSION}.1 -TERMUX_PKG_REVISION=1 +TERMUX_PKG_REVISION=2 TERMUX_PKG_SHA256=886ac5eed41e3b5fc699be837b0087a6a5a3d10f464087560d2d21b3e71b754d TERMUX_PKG_SRCURL=https://cache.ruby-lang.org/pub/ruby/${_MAJOR_VERSION}/ruby-${TERMUX_PKG_VERSION}.tar.xz # libbffi is used by the fiddle extension module: diff --git a/packages/scrypt/build.sh b/packages/scrypt/build.sh index 8aca556c7..faefa170f 100644 --- a/packages/scrypt/build.sh +++ b/packages/scrypt/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://www.tarsnap.com/scrypt.html TERMUX_PKG_DESCRIPTION="scrypt KDF library and file encryption tool" TERMUX_PKG_VERSION=1.2.1 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SRCURL=https://www.tarsnap.com/scrypt/scrypt-1.2.1.tgz TERMUX_PKG_SHA256=4621f5e7da2f802e20850436219370092e9fcda93bd598f6d4236cce33f4c577 TERMUX_PKG_DEPENDS="openssl" diff --git a/packages/serf/build.sh b/packages/serf/build.sh index a6b53b8ba..d6ef4931f 100644 --- a/packages/serf/build.sh +++ b/packages/serf/build.sh @@ -1,7 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://serf.apache.org/ TERMUX_PKG_DESCRIPTION="High performance C-based HTTP client library" TERMUX_PKG_VERSION=1.3.9 -TERMUX_PKG_REVISION=1 +TERMUX_PKG_REVISION=2 TERMUX_PKG_SRCURL=https://archive.apache.org/dist/serf/serf-${TERMUX_PKG_VERSION}.tar.bz2 TERMUX_PKG_SHA256=549c2d21c577a8a9c0450facb5cca809f26591f048e466552240947bdf7a87cc TERMUX_PKG_DEPENDS="apr, apr-util, openssl" diff --git a/packages/socat/build.sh b/packages/socat/build.sh index 9ec09c6d3..e0139c224 100644 --- a/packages/socat/build.sh +++ b/packages/socat/build.sh @@ -2,6 +2,7 @@ TERMUX_PKG_HOMEPAGE=http://www.dest-unreach.org/socat/ TERMUX_PKG_DESCRIPTION="Relay for bidirectional data transfer between two independent data channels" TERMUX_PKG_DEPENDS="openssl, readline, libutil" TERMUX_PKG_VERSION=1.7.3.2 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SRCURL=http://www.dest-unreach.org/socat/download/socat-${TERMUX_PKG_VERSION}.tar.gz TERMUX_PKG_SHA256=ce3efc17e3e544876ebce7cd6c85b3c279fda057b2857fcaaf67b9ab8bdaf034 TERMUX_PKG_EXTRA_CONFIGURE_ARGS="ac_header_resolv_h=no ac_cv_c_compiler_gnu=yes ac_compiler_gnu=yes" # sc_cv_sys_crdly_shift=9 sc_cv_sys_csize_shift=4 sc_cv_sys_tabdly_shift=11" diff --git a/packages/squid/build.sh b/packages/squid/build.sh index 8f1f90afb..05359e478 100644 --- a/packages/squid/build.sh +++ b/packages/squid/build.sh @@ -2,6 +2,7 @@ TERMUX_PKG_HOMEPAGE=http://www.squid-cache.org TERMUX_PKG_DESCRIPTION="Full-featured Web proxy cache server" TERMUX_PKG_MAINTAINER="Vishal Biswas @vishalbiswas" TERMUX_PKG_VERSION=4.2 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=994807762c59991b32449caf29418fd0ec9d2329746b18eb19bd930b6806d208 TERMUX_PKG_SRCURL=http://www.squid-cache.org/Versions/v4/squid-$TERMUX_PKG_VERSION.tar.xz TERMUX_PKG_DEPENDS="libcrypt, openssl, libnettle, libltdl" diff --git a/packages/stunnel/build.sh b/packages/stunnel/build.sh index c96a3e7ce..fe0dd953f 100644 --- a/packages/stunnel/build.sh +++ b/packages/stunnel/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://www.stunnel.org/ TERMUX_PKG_DESCRIPTION="Socket wrapper which can provide TLS support to ordinary applications" TERMUX_PKG_VERSION=5.49 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=3d6641213a82175c19f23fde1c3d1c841738385289eb7ca1554f4a58b96d955e TERMUX_PKG_SRCURL=https://www.stunnel.org/downloads/stunnel-${TERMUX_PKG_VERSION}.tar.gz TERMUX_PKG_DEPENDS="openssl, libutil" diff --git a/packages/tor/build.sh b/packages/tor/build.sh index c0ca39d4b..e2ee32b6d 100644 --- a/packages/tor/build.sh +++ b/packages/tor/build.sh @@ -2,6 +2,7 @@ TERMUX_PKG_HOMEPAGE=https://www.torproject.org TERMUX_PKG_DESCRIPTION="The Onion Router anonymizing overlay network" TERMUX_PKG_DEPENDS="libevent, openssl, liblzma" TERMUX_PKG_VERSION=0.3.4.8 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=826a4cb2c099a29c7cf91516ffffcfcb5aace7533b8853a8c8bddcfe2bfb1023 TERMUX_PKG_SRCURL=https://www.torproject.org/dist/tor-$TERMUX_PKG_VERSION.tar.gz TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--disable-zstd --disable-unittests" diff --git a/packages/transmission/build.sh b/packages/transmission/build.sh index 1455a1fea..2513ece0c 100755 --- a/packages/transmission/build.sh +++ b/packages/transmission/build.sh @@ -2,6 +2,7 @@ TERMUX_PKG_HOMEPAGE=https://transmissionbt.com/ TERMUX_PKG_DESCRIPTION="Easy, lean and powerful BitTorrent client" TERMUX_PKG_DEPENDS="libevent, openssl, libcurl" TERMUX_PKG_VERSION=2.94 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SRCURL=https://github.com/transmission/transmission/archive/${TERMUX_PKG_VERSION}.tar.gz TERMUX_PKG_SHA256=440c2fd0f89b1ab59d8a4b79ecd7bffd61bc000e36fb5b6c8e88142a4fadbb1f TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--disable-gtk --enable-lightweight --cache-file=termux_configure.cache" diff --git a/packages/wget/build.sh b/packages/wget/build.sh index 6cd9fd632..1e88a80c8 100644 --- a/packages/wget/build.sh +++ b/packages/wget/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://www.gnu.org/software/wget/ TERMUX_PKG_DESCRIPTION="Commandline tool for retrieving files using HTTP, HTTPS and FTP" TERMUX_PKG_VERSION=1.19.5 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=29fbe6f3d5408430c572a63fe32bd43d5860f32691173dfd84edc06869edca75 TERMUX_PKG_SRCURL=https://mirrors.kernel.org/gnu/wget/wget-${TERMUX_PKG_VERSION}.tar.lz TERMUX_PKG_DEPENDS="pcre, openssl, libuuid, libandroid-support, libunistring" diff --git a/packages/xmlsec/build.sh b/packages/xmlsec/build.sh index 38d5699a2..3e7756be7 100644 --- a/packages/xmlsec/build.sh +++ b/packages/xmlsec/build.sh @@ -1,6 +1,7 @@ TERMUX_PKG_HOMEPAGE=https://www.aleksey.com/xmlsec/ TERMUX_PKG_DESCRIPTION="XML Security Library" TERMUX_PKG_VERSION=1.2.26 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SHA256=8d8276c9c720ca42a3b0023df8b7ae41a2d6c5f9aa8d20ed1672d84cc8982d50 TERMUX_PKG_SRCURL=http://www.aleksey.com/xmlsec/download/xmlsec1-$TERMUX_PKG_VERSION.tar.gz TERMUX_PKG_DEPENDS="libxslt, openssl, libgcrypt, libgpg-error" diff --git a/termux.spec b/termux.spec deleted file mode 100644 index bcd2f1d2e..000000000 --- a/termux.spec +++ /dev/null @@ -1,10 +0,0 @@ -# Android 5 requires position-independent executables, so we use the -# %{!S:X} Substitutes X, if the -S switch is not given to GCC" -# construct (see https://gcc.gnu.org/onlinedocs/gcc/Spec-Files.html for full reference) -# to add -fPIE and -pie flags as appropriate. - -*cc1_options: -+ %{!fpie: %{!fPIE: %{!fpic: %{!fPIC: %{!fno-pic:-fPIE}}}}} - -*link: -+ %{!nopie: %{!static: %{!shared: %{!nostdlib: %{!nostartfiles: %{!fno-PIE: %{!fno-pie: -pie}}}}}}}