From f86774ef67ec0bb3524a60a2215699814793e1c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= Date: Mon, 22 Mar 2021 09:32:35 +0000 Subject: [PATCH] rhbz#1936659 disable rhel redland digests entirely used only by deprecated librdf_uri_get_digest so stub that to take only the return NULL error patch --- ...1936659-restore-with-openssl-digests.patch | 305 ------------------ 0001-rhbz-1936659-stub-deprecated.patch | 69 ++++ redland.spec | 20 +- 3 files changed, 81 insertions(+), 313 deletions(-) delete mode 100644 0001-rhbz-1936659-restore-with-openssl-digests.patch create mode 100644 0001-rhbz-1936659-stub-deprecated.patch diff --git a/0001-rhbz-1936659-restore-with-openssl-digests.patch b/0001-rhbz-1936659-restore-with-openssl-digests.patch deleted file mode 100644 index aed2c02..0000000 --- a/0001-rhbz-1936659-restore-with-openssl-digests.patch +++ /dev/null @@ -1,305 +0,0 @@ -From f9687b876e7faa65a1a897803ae5b07c94dd304e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= -Date: Tue, 9 Mar 2021 11:35:40 +0000 -Subject: [PATCH] rhbz#1936659 restore --with-openssl-digests - -which makes it possible to use --enable-digests=ripemd160 ---- - INSTALL.html | 9 +- - configure.ac | 49 ++++++++++ - src/Makefile.am | 2 +- - src/rdf_digest_openssl.c | 188 +++++++++++++++++++++++++++++++++++++++ - 4 files changed, 245 insertions(+), 3 deletions(-) - create mode 100644 src/rdf_digest_openssl.c - -diff --git a/INSTALL.html b/INSTALL.html -index 18ff49d3..2a7626b9 100644 ---- a/INSTALL.html -+++ b/INSTALL.html -@@ -140,8 +140,13 @@ Maintainer mode automatically enables this.

- - -
--enable-digests=LIST
--

Does nothing - only builtin content digests are available now: --MD5 and SHA1.

-+

Select the list of content digests to be included if the are -+availble. The valid list of digests are: md5 sha1 -+ripem160 (the default). The digest functions can be provided -+by external libraries such as the -+OpenSSL libcrypto library or by -+provided portable versions (only MD5 supported in this -+release).

- -
--enable-parsers=LIST
-

Select the list of RDF parsers to be included if the are availble. The -diff --git a/configure.ac b/configure.ac -index ab4ffae8..c9986a5b 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -574,7 +574,56 @@ AC_MSG_RESULT($digest_modules) - DIGEST_OBJS= - DIGEST_SRCS= - -+AC_ARG_WITH(openssl-digests, [ --with-openssl-digests Use openssl digests (default=yes)], enable_openssl_digests="$withval", enable_openssl_digests="yes") -+ -+# This is needed because autoheader can't work out which computed -+# symbols must be pulled from acconfig.h into config.h.in -+if test "x" = "y"; then -+ AC_DEFINE(HAVE_OPENSSL_CRYPTO_MD5_DIGEST, 1, [Have openssl MD5 digest]) -+ AC_DEFINE(HAVE_OPENSSL_CRYPTO_SHA1_DIGEST, 1, [Have openssl SHA1 digest]) -+ AC_DEFINE(HAVE_OPENSSL_CRYPTO_RIPEMD160_DIGEST, 1, [Have openssl RIPEMD160 digest]) -+fi -+ - digest_modules_available= -+AC_MSG_CHECKING(whether to use openssl digests) -+if test "$enable_openssl_digests" = yes ; then -+ AC_MSG_RESULT(yes) -+ AC_CHECK_HEADERS(openssl/crypto.h) -+ if test "$ac_cv_header_openssl_crypto_h" = yes ; then -+ AC_DEFINE(HAVE_OPENSSL_DIGESTS, 1, [Have openssl digests]) -+ new_digest_modules= -+ LIBS="$LIBRDF_LIBS -lcrypto" -+ have_libcrypto=no -+ -+ for module in $digest_modules; do -+ func=`echo $module | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` -+ found= -+ AC_MSG_CHECKING(for openssl $func digest module) -+ AC_CACHE_VAL(ac_cv_lib_crypto_$func, -+ [AC_TRY_LINK(, $func(), -+ [eval "ac_cv_lib_crypto_$func=yes"], -+ [eval "ac_cv_lib_crypto_$func=no"])]) -+ if eval "test \"`echo '$ac_cv_lib_crypto_'$func`\" = yes"; then -+ AC_MSG_RESULT(yes) -+ n=HAVE_OPENSSL_CRYPTO_${func}_DIGEST -+ AC_DEFINE_UNQUOTED($n) -+ have_libcrypto=yes -+ digest_modules_available="$digest_modules_available $module(openssl)" -+ else -+ AC_MSG_RESULT(no) -+ new_digest_modules="${new_digest_modules} $module" -+ fi -+ done -+ if test "$have_libcrypto" = yes; then -+ LIBRDF_LIBS="$LIBRDF_LIBS -lcrypto" -+ fi -+ DIGEST_OBJS="$DIGEST_OBJS rdf_digest_openssl.lo" -+ DIGEST_SRCS="$DIGEST_SRCS rdf_digest_openssl.c" -+ digest_modules=$new_digest_modules -+ fi -+else -+ AC_MSG_RESULT(no) -+fi - - - dnl hashes -diff --git a/src/Makefile.am b/src/Makefile.am -index b0b708b8..cb32d058 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -189,7 +189,7 @@ librdf_la_DEPENDENCIES = \ - @LIBRDF_INTERNAL_DEPS@ - - EXTRA_librdf_la_SOURCES = rdf_hash_bdb.c \ --rdf_digest_md5.c rdf_digest_sha1.c \ -+rdf_digest_md5.c rdf_digest_sha1.c rdf_digest_openssl.c \ - rdf_parser_raptor.c - - EXTRA_DIST=\ -diff --git a/src/rdf_digest_openssl.c b/src/rdf_digest_openssl.c -new file mode 100644 -index 00000000..be04cb4f ---- /dev/null -+++ b/src/rdf_digest_openssl.c -@@ -0,0 +1,188 @@ -+/* -*- Mode: c; c-basic-offset: 2 -*- -+ * -+ * rdf_digest_openssl.c - RDF Digest OpenSSL Digest interface -+ * -+ * Copyright (C) 2000-2008, David Beckett http://www.dajobe.org/ -+ * Copyright (C) 2000-2004, University of Bristol, UK http://www.bristol.ac.uk/ -+ * -+ * This package is Free Software and part of Redland http://librdf.org/ -+ * -+ * It is licensed under the following three licenses as alternatives: -+ * 1. GNU Lesser General Public License (LGPL) V2.1 or any newer version -+ * 2. GNU General Public License (GPL) V2 or any newer version -+ * 3. Apache License, V2.0 or any newer version -+ * -+ * You may not use this file except in compliance with at least one of -+ * the above three licenses. -+ * -+ * See LICENSE.html or LICENSE.txt at the top of this package for the -+ * complete terms and further detail along with the license texts for -+ * the licenses in COPYING.LIB, COPYING and LICENSE-2.0.txt respectively. -+ * -+ * -+ */ -+ -+ -+#ifdef HAVE_CONFIG_H -+#include -+#endif -+ -+#ifdef WIN32 -+#include -+#endif -+ -+ -+#include -+#include -+#include -+ -+#include -+ -+#include -+#include -+ -+#ifdef HAVE_OPENSSL_CRYPTO_MD5_DIGEST -+#include -+ -+ -+/* The new struct contains the old one at start (so casting works) plus -+ * a space for the digest to be stored once calculated -+ */ -+typedef struct -+{ -+ MD5_CTX contex; -+ unsigned char digest[MD5_DIGEST_LENGTH]; -+} MD5_CTX_2; -+ -+ -+static void -+md5_final(MD5_CTX_2 *c) -+{ -+ MD5_Final(c->digest, (MD5_CTX*)c); -+} -+ -+static unsigned char * -+md5_get_digest(MD5_CTX_2 *c) -+{ -+ return c->digest; -+} -+ -+ -+static void -+librdf_openssl_md5_register_factory(librdf_digest_factory *factory) -+{ -+ factory->context_length = sizeof(MD5_CTX_2); -+ factory->digest_length = MD5_DIGEST_LENGTH; -+ -+ factory->init = (void (*)(void *))MD5_Init; -+ factory->update = (void (*)(void *, const unsigned char*, size_t))MD5_Update; -+ factory->final = (void (*)(void *))md5_final; -+ factory->get_digest = (unsigned char *(*)(void *))md5_get_digest; -+} -+#endif -+ -+ -+#ifdef HAVE_OPENSSL_CRYPTO_SHA1_DIGEST -+#include -+ -+/* The new struct contains the old one at start (so casting works) plus -+ * a space for the digest to be stored once calculated -+ */ -+typedef struct -+{ -+ SHA_CTX contex; -+ unsigned char digest[SHA_DIGEST_LENGTH]; -+} SHA_CTX_2; -+ -+ -+static void -+sha1_final(SHA_CTX_2 *c) -+{ -+ SHA1_Final(c->digest, (SHA_CTX*)c); -+} -+ -+static unsigned char * -+sha1_get_digest(SHA_CTX_2 *c) -+{ -+ return c->digest; -+} -+ -+ -+static void -+librdf_openssl_sha1_register_factory(librdf_digest_factory *factory) -+{ -+ factory->context_length = sizeof(SHA_CTX_2); -+ factory->digest_length = SHA_DIGEST_LENGTH; -+ -+ factory->init = (void (*)(void *))SHA1_Init; -+ factory->update = (void (*)(void *, const unsigned char*, size_t))SHA1_Update; -+ factory->final = (void (*)(void *))sha1_final; -+ factory->get_digest = (unsigned char *(*)(void *))sha1_get_digest; -+} -+#endif -+ -+ -+#ifdef HAVE_OPENSSL_CRYPTO_RIPEMD160_DIGEST -+#include -+ -+/* The new struct contains the old one at start (so casting works) plus -+ * a space for the digest to be stored once calculated -+ */ -+typedef struct -+{ -+ RIPEMD160_CTX contex; -+ unsigned char digest[RIPEMD160_DIGEST_LENGTH]; -+} RIPEMD160_CTX_2; -+ -+ -+static void -+ripemd160_final(RIPEMD160_CTX_2 *c) -+{ -+ RIPEMD160_Final(c->digest, (RIPEMD160_CTX*)c); -+} -+ -+static unsigned char * -+ripemd160_get_digest(RIPEMD160_CTX_2 *c) -+{ -+ return c->digest; -+} -+ -+ -+static void -+librdf_openssl_ripemd160_register_factory(librdf_digest_factory *factory) -+{ -+ factory->context_length = sizeof(RIPEMD160_CTX_2); -+ factory->digest_length = RIPEMD160_DIGEST_LENGTH; -+ -+ factory->init = (void (*)(void *))RIPEMD160_Init; -+ factory->update = (void (*)(void *, const unsigned char*, size_t))RIPEMD160_Update; -+ factory->final = (void (*)(void *))ripemd160_final; -+ factory->get_digest = (unsigned char *(*)(void *))ripemd160_get_digest; -+} -+#endif -+ -+ -+/** -+ * librdf_digest_openssl_constructor: -+ * @world: redland world object -+ * -+ * Initialise the OpenSSL digest module. -+ * -+ **/ -+void -+librdf_digest_openssl_constructor(librdf_world *world) -+{ -+#ifdef HAVE_OPENSSL_CRYPTO_MD5_DIGEST -+ librdf_digest_register_factory(world, -+ "MD5", &librdf_openssl_md5_register_factory); -+#endif -+#ifdef HAVE_OPENSSL_CRYPTO_RIPEMD160_DIGEST -+ librdf_digest_register_factory(world, -+ "RIPEMD160", &librdf_openssl_ripemd160_register_factory); -+#endif -+#ifdef HAVE_OPENSSL_CRYPTO_SHA1_DIGEST -+ librdf_digest_register_factory(world, -+ "SHA1", &librdf_openssl_sha1_register_factory); -+#endif -+ -+} --- -2.29.2 - diff --git a/0001-rhbz-1936659-stub-deprecated.patch b/0001-rhbz-1936659-stub-deprecated.patch new file mode 100644 index 0000000..673c031 --- /dev/null +++ b/0001-rhbz-1936659-stub-deprecated.patch @@ -0,0 +1,69 @@ +diff -ru redland-1.0.17.orig/src/rdf_uri.c redland-1.0.17/src/rdf_uri.c +--- redland-1.0.17.orig/src/rdf_uri.c 2021-03-22 09:02:42.420115182 +0000 ++++ redland-1.0.17/src/rdf_uri.c 2021-03-22 09:06:54.432694225 +0000 +@@ -358,32 +358,14 @@ + * @world: #librdf_world object + * @uri: #librdf_uri object + * +- * Get a digest for the URI. +- * +- * Generates a digest object for the URI. The digest factory used is +- * determined at class initialisation time by librdf_init_uri(). +- * +- * Return value: new #librdf_digest object or NULL on failure. ++ * exported public in error but never usable ++ * ++ * Return value: NULL. + **/ + librdf_digest* + librdf_uri_get_digest(librdf_world* world, librdf_uri* uri) + { +- librdf_digest* d; +- unsigned char *str; +- size_t len; +- +- LIBRDF_ASSERT_OBJECT_POINTER_RETURN_VALUE(uri, librdf_uri, NULL); +- +- d = librdf_new_digest_from_factory(world, world->digest_factory); +- if(!d) +- return NULL; +- +- str = librdf_uri_as_counted_string(uri, &len); +- +- librdf_digest_update(d, str, len); +- librdf_digest_final(d); +- +- return d; ++ return NULL; + } + + +@@ -536,7 +518,6 @@ + { + const unsigned char *hp_string=(const unsigned char*)"http://purl.org/net/dajobe/"; + librdf_uri *uri1, *uri2, *uri3, *uri4, *uri5, *uri6, *uri7, *uri8, *uri9; +- librdf_digest *d; + const char *program=librdf_basename((const char*)argv[0]); + const char *file_string="/big/long/directory/file"; + const unsigned char *file_uri_string=(const unsigned char*)"file:///big/long/directory/file"; +@@ -571,18 +552,11 @@ + librdf_uri_print(uri2, stderr); + fputs("\n", stderr); + +- +- fprintf(stderr, "%s: Getting digest for URI\n", program); +- d = librdf_uri_get_digest(world, uri2); +- if(!d) { +- fprintf(stderr, "%s: Failed to get digest for URI %s\n", program, ++ if(librdf_uri_get_digest(world, uri2)) { ++ fprintf(stderr, "%s: Didn't fail to get digest for URI %s\n", program, + librdf_uri_as_string(uri2)); + return(1); + } +- fprintf(stderr, "%s: Digest is: ", program); +- librdf_digest_print(d, stderr); +- fputs("\n", stderr); +- librdf_free_digest(d); + + uri3=librdf_new_uri(world, (const unsigned char*)"file:/big/long/directory/"); + uri4=librdf_new_uri(world, (const unsigned char*)"http://somewhere/dir/"); diff --git a/redland.spec b/redland.spec index 596f84e..ddf549a 100644 --- a/redland.spec +++ b/redland.spec @@ -1,14 +1,16 @@ Name: redland Version: 1.0.17 -Release: 25%{?dist} +Release: 26%{?dist} Summary: RDF Application Framework License: LGPLv2+ or ASL 2.0 URL: http://librdf.org/ Source0: http://download.librdf.org/source/%{name}-%{version}.tar.gz -Patch1: 0001-rhbz-1936659-restore-with-openssl-digests.patch +%if 0%{?rhel} +Patch1: 0001-rhbz-1936659-stub-deprecated.patch +%endif BuildRequires: make BuildRequires: curl-devel @@ -26,8 +28,6 @@ BuildRequires: libdb-devel BuildRequires: libpq-devel BuildRequires: mariadb-connector-c-devel BuildRequires: sqlite-devel -%else -BuildRequires: openssl-devel %endif %if 0%{?rhel} @@ -69,8 +69,9 @@ persistently with PostgreSQL files or URIs. %prep %setup -q - -%patch1 -p1 -b .rhbz1936659 +%if 0%{?rhel} +%patch1 -p1 -b .stub-deprecated +%endif NOCONFIGURE=1 ./autogen.sh @@ -83,10 +84,10 @@ sed -i -e 's|"/lib /usr/lib|"/%{_lib} %{_libdir}|' configure %build %if 0%{?rhel} -%define distrooptions --with-openssl-digests --enable-digests=ripemd160 --without-bdb --without-sqlite --without-mysql --without-postgresql +%define distrooptions --disable-digests --without-bdb --without-sqlite --without-mysql --without-postgresql %else # fedora -%define distrooptions --without-openssl-digests --with-bdb --with-sqlite --with-mysql --with-postgresql +%define distrooptions --with-bdb --with-sqlite --with-mysql --with-postgresql %endif export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" @@ -155,6 +156,9 @@ make check %changelog +* Mon Mar 22 2021 Caolán McNamara - 1.0.7-26 +- rhbz#1936659 disable rhel redland digests and stub deprecated librdf_uri_get_digest + * Tue Mar 09 2021 Caolán McNamara - 1.0.7-25 - rhbz#1936659 rhel redland uses deprecated SHA-1 algorithm by default