diff --git a/0001-rhbz-1936659-restore-with-openssl-digests.patch b/0001-rhbz-1936659-restore-with-openssl-digests.patch new file mode 100644 index 0000000..aed2c02 --- /dev/null +++ b/0001-rhbz-1936659-restore-with-openssl-digests.patch @@ -0,0 +1,305 @@ +From f9687b876e7faa65a1a897803ae5b07c94dd304e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Tue, 9 Mar 2021 11:35:40 +0000 +Subject: [PATCH] rhbz#1936659 restore --with-openssl-digests + +which makes it possible to use --enable-digests=ripemd160 +--- + INSTALL.html | 9 +- + configure.ac | 49 ++++++++++ + src/Makefile.am | 2 +- + src/rdf_digest_openssl.c | 188 +++++++++++++++++++++++++++++++++++++++ + 4 files changed, 245 insertions(+), 3 deletions(-) + create mode 100644 src/rdf_digest_openssl.c + +diff --git a/INSTALL.html b/INSTALL.html +index 18ff49d3..2a7626b9 100644 +--- a/INSTALL.html ++++ b/INSTALL.html +@@ -140,8 +140,13 @@ Maintainer mode automatically enables this.

+ + +
--enable-digests=LIST
+-

Does nothing - only builtin content digests are available now: +-MD5 and SHA1.

++

Select the list of content digests to be included if the are ++availble. The valid list of digests are: md5 sha1 ++ripem160 (the default). The digest functions can be provided ++by external libraries such as the ++OpenSSL libcrypto library or by ++provided portable versions (only MD5 supported in this ++release).

+ +
--enable-parsers=LIST
+

Select the list of RDF parsers to be included if the are availble. The +diff --git a/configure.ac b/configure.ac +index ab4ffae8..c9986a5b 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -574,7 +574,56 @@ AC_MSG_RESULT($digest_modules) + DIGEST_OBJS= + DIGEST_SRCS= + ++AC_ARG_WITH(openssl-digests, [ --with-openssl-digests Use openssl digests (default=yes)], enable_openssl_digests="$withval", enable_openssl_digests="yes") ++ ++# This is needed because autoheader can't work out which computed ++# symbols must be pulled from acconfig.h into config.h.in ++if test "x" = "y"; then ++ AC_DEFINE(HAVE_OPENSSL_CRYPTO_MD5_DIGEST, 1, [Have openssl MD5 digest]) ++ AC_DEFINE(HAVE_OPENSSL_CRYPTO_SHA1_DIGEST, 1, [Have openssl SHA1 digest]) ++ AC_DEFINE(HAVE_OPENSSL_CRYPTO_RIPEMD160_DIGEST, 1, [Have openssl RIPEMD160 digest]) ++fi ++ + digest_modules_available= ++AC_MSG_CHECKING(whether to use openssl digests) ++if test "$enable_openssl_digests" = yes ; then ++ AC_MSG_RESULT(yes) ++ AC_CHECK_HEADERS(openssl/crypto.h) ++ if test "$ac_cv_header_openssl_crypto_h" = yes ; then ++ AC_DEFINE(HAVE_OPENSSL_DIGESTS, 1, [Have openssl digests]) ++ new_digest_modules= ++ LIBS="$LIBRDF_LIBS -lcrypto" ++ have_libcrypto=no ++ ++ for module in $digest_modules; do ++ func=`echo $module | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` ++ found= ++ AC_MSG_CHECKING(for openssl $func digest module) ++ AC_CACHE_VAL(ac_cv_lib_crypto_$func, ++ [AC_TRY_LINK(, $func(), ++ [eval "ac_cv_lib_crypto_$func=yes"], ++ [eval "ac_cv_lib_crypto_$func=no"])]) ++ if eval "test \"`echo '$ac_cv_lib_crypto_'$func`\" = yes"; then ++ AC_MSG_RESULT(yes) ++ n=HAVE_OPENSSL_CRYPTO_${func}_DIGEST ++ AC_DEFINE_UNQUOTED($n) ++ have_libcrypto=yes ++ digest_modules_available="$digest_modules_available $module(openssl)" ++ else ++ AC_MSG_RESULT(no) ++ new_digest_modules="${new_digest_modules} $module" ++ fi ++ done ++ if test "$have_libcrypto" = yes; then ++ LIBRDF_LIBS="$LIBRDF_LIBS -lcrypto" ++ fi ++ DIGEST_OBJS="$DIGEST_OBJS rdf_digest_openssl.lo" ++ DIGEST_SRCS="$DIGEST_SRCS rdf_digest_openssl.c" ++ digest_modules=$new_digest_modules ++ fi ++else ++ AC_MSG_RESULT(no) ++fi + + + dnl hashes +diff --git a/src/Makefile.am b/src/Makefile.am +index b0b708b8..cb32d058 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -189,7 +189,7 @@ librdf_la_DEPENDENCIES = \ + @LIBRDF_INTERNAL_DEPS@ + + EXTRA_librdf_la_SOURCES = rdf_hash_bdb.c \ +-rdf_digest_md5.c rdf_digest_sha1.c \ ++rdf_digest_md5.c rdf_digest_sha1.c rdf_digest_openssl.c \ + rdf_parser_raptor.c + + EXTRA_DIST=\ +diff --git a/src/rdf_digest_openssl.c b/src/rdf_digest_openssl.c +new file mode 100644 +index 00000000..be04cb4f +--- /dev/null ++++ b/src/rdf_digest_openssl.c +@@ -0,0 +1,188 @@ ++/* -*- Mode: c; c-basic-offset: 2 -*- ++ * ++ * rdf_digest_openssl.c - RDF Digest OpenSSL Digest interface ++ * ++ * Copyright (C) 2000-2008, David Beckett http://www.dajobe.org/ ++ * Copyright (C) 2000-2004, University of Bristol, UK http://www.bristol.ac.uk/ ++ * ++ * This package is Free Software and part of Redland http://librdf.org/ ++ * ++ * It is licensed under the following three licenses as alternatives: ++ * 1. GNU Lesser General Public License (LGPL) V2.1 or any newer version ++ * 2. GNU General Public License (GPL) V2 or any newer version ++ * 3. Apache License, V2.0 or any newer version ++ * ++ * You may not use this file except in compliance with at least one of ++ * the above three licenses. ++ * ++ * See LICENSE.html or LICENSE.txt at the top of this package for the ++ * complete terms and further detail along with the license texts for ++ * the licenses in COPYING.LIB, COPYING and LICENSE-2.0.txt respectively. ++ * ++ * ++ */ ++ ++ ++#ifdef HAVE_CONFIG_H ++#include ++#endif ++ ++#ifdef WIN32 ++#include ++#endif ++ ++ ++#include ++#include ++#include ++ ++#include ++ ++#include ++#include ++ ++#ifdef HAVE_OPENSSL_CRYPTO_MD5_DIGEST ++#include ++ ++ ++/* The new struct contains the old one at start (so casting works) plus ++ * a space for the digest to be stored once calculated ++ */ ++typedef struct ++{ ++ MD5_CTX contex; ++ unsigned char digest[MD5_DIGEST_LENGTH]; ++} MD5_CTX_2; ++ ++ ++static void ++md5_final(MD5_CTX_2 *c) ++{ ++ MD5_Final(c->digest, (MD5_CTX*)c); ++} ++ ++static unsigned char * ++md5_get_digest(MD5_CTX_2 *c) ++{ ++ return c->digest; ++} ++ ++ ++static void ++librdf_openssl_md5_register_factory(librdf_digest_factory *factory) ++{ ++ factory->context_length = sizeof(MD5_CTX_2); ++ factory->digest_length = MD5_DIGEST_LENGTH; ++ ++ factory->init = (void (*)(void *))MD5_Init; ++ factory->update = (void (*)(void *, const unsigned char*, size_t))MD5_Update; ++ factory->final = (void (*)(void *))md5_final; ++ factory->get_digest = (unsigned char *(*)(void *))md5_get_digest; ++} ++#endif ++ ++ ++#ifdef HAVE_OPENSSL_CRYPTO_SHA1_DIGEST ++#include ++ ++/* The new struct contains the old one at start (so casting works) plus ++ * a space for the digest to be stored once calculated ++ */ ++typedef struct ++{ ++ SHA_CTX contex; ++ unsigned char digest[SHA_DIGEST_LENGTH]; ++} SHA_CTX_2; ++ ++ ++static void ++sha1_final(SHA_CTX_2 *c) ++{ ++ SHA1_Final(c->digest, (SHA_CTX*)c); ++} ++ ++static unsigned char * ++sha1_get_digest(SHA_CTX_2 *c) ++{ ++ return c->digest; ++} ++ ++ ++static void ++librdf_openssl_sha1_register_factory(librdf_digest_factory *factory) ++{ ++ factory->context_length = sizeof(SHA_CTX_2); ++ factory->digest_length = SHA_DIGEST_LENGTH; ++ ++ factory->init = (void (*)(void *))SHA1_Init; ++ factory->update = (void (*)(void *, const unsigned char*, size_t))SHA1_Update; ++ factory->final = (void (*)(void *))sha1_final; ++ factory->get_digest = (unsigned char *(*)(void *))sha1_get_digest; ++} ++#endif ++ ++ ++#ifdef HAVE_OPENSSL_CRYPTO_RIPEMD160_DIGEST ++#include ++ ++/* The new struct contains the old one at start (so casting works) plus ++ * a space for the digest to be stored once calculated ++ */ ++typedef struct ++{ ++ RIPEMD160_CTX contex; ++ unsigned char digest[RIPEMD160_DIGEST_LENGTH]; ++} RIPEMD160_CTX_2; ++ ++ ++static void ++ripemd160_final(RIPEMD160_CTX_2 *c) ++{ ++ RIPEMD160_Final(c->digest, (RIPEMD160_CTX*)c); ++} ++ ++static unsigned char * ++ripemd160_get_digest(RIPEMD160_CTX_2 *c) ++{ ++ return c->digest; ++} ++ ++ ++static void ++librdf_openssl_ripemd160_register_factory(librdf_digest_factory *factory) ++{ ++ factory->context_length = sizeof(RIPEMD160_CTX_2); ++ factory->digest_length = RIPEMD160_DIGEST_LENGTH; ++ ++ factory->init = (void (*)(void *))RIPEMD160_Init; ++ factory->update = (void (*)(void *, const unsigned char*, size_t))RIPEMD160_Update; ++ factory->final = (void (*)(void *))ripemd160_final; ++ factory->get_digest = (unsigned char *(*)(void *))ripemd160_get_digest; ++} ++#endif ++ ++ ++/** ++ * librdf_digest_openssl_constructor: ++ * @world: redland world object ++ * ++ * Initialise the OpenSSL digest module. ++ * ++ **/ ++void ++librdf_digest_openssl_constructor(librdf_world *world) ++{ ++#ifdef HAVE_OPENSSL_CRYPTO_MD5_DIGEST ++ librdf_digest_register_factory(world, ++ "MD5", &librdf_openssl_md5_register_factory); ++#endif ++#ifdef HAVE_OPENSSL_CRYPTO_RIPEMD160_DIGEST ++ librdf_digest_register_factory(world, ++ "RIPEMD160", &librdf_openssl_ripemd160_register_factory); ++#endif ++#ifdef HAVE_OPENSSL_CRYPTO_SHA1_DIGEST ++ librdf_digest_register_factory(world, ++ "SHA1", &librdf_openssl_sha1_register_factory); ++#endif ++ ++} +-- +2.29.2 + diff --git a/redland.spec b/redland.spec index edfc1a1..596f84e 100644 --- a/redland.spec +++ b/redland.spec @@ -1,16 +1,20 @@ Name: redland Version: 1.0.17 -Release: 24%{?dist} +Release: 25%{?dist} Summary: RDF Application Framework License: LGPLv2+ or ASL 2.0 URL: http://librdf.org/ Source0: http://download.librdf.org/source/%{name}-%{version}.tar.gz +Patch1: 0001-rhbz-1936659-restore-with-openssl-digests.patch + BuildRequires: make BuildRequires: curl-devel BuildRequires: gcc-c++ +BuildRequires: gtk-doc +BuildRequires: libtool BuildRequires: libtool-ltdl-devel BuildRequires: libxml2-devel >= 2.4.0 BuildRequires: perl-interpreter @@ -22,6 +26,8 @@ BuildRequires: libdb-devel BuildRequires: libpq-devel BuildRequires: mariadb-connector-c-devel BuildRequires: sqlite-devel +%else +BuildRequires: openssl-devel %endif %if 0%{?rhel} @@ -64,6 +70,10 @@ persistently with PostgreSQL files or URIs. %prep %setup -q +%patch1 -p1 -b .rhbz1936659 + +NOCONFIGURE=1 ./autogen.sh + # hack to nuke rpaths %if "%{_libdir}" != "/usr/lib" sed -i -e 's|"/lib /usr/lib|"/%{_lib} %{_libdir}|' configure @@ -73,10 +83,10 @@ sed -i -e 's|"/lib /usr/lib|"/%{_lib} %{_libdir}|' configure %build %if 0%{?rhel} -%define distrooptions --without-bdb --without-sqlite --without-mysql --without-postgresql +%define distrooptions --with-openssl-digests --enable-digests=ripemd160 --without-bdb --without-sqlite --without-mysql --without-postgresql %else # fedora -%define distrooptions --with-bdb --with-sqlite --with-mysql --with-postgresql +%define distrooptions --without-openssl-digests --with-bdb --with-sqlite --with-mysql --with-postgresql %endif export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" @@ -145,6 +155,9 @@ make check %changelog +* Tue Mar 09 2021 Caolán McNamara - 1.0.7-25 +- rhbz#1936659 rhel redland uses deprecated SHA-1 algorithm by default + * Tue Mar 09 2021 Caolán McNamara - 1.0.7-24 - reduce rhel dependencies to what's needed