LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

libevhtp: update to 1.2.18, add maintainer 

Versions earlier than 1.2.15 had security vulnerabilities, especially
related to the bundled oniguruma.  Now libevhtp uses a system-provided
library instead.  The API changed as well, requiring patches to
seafile-server.

Adds @cotequeiroz Eneas U de Queiroz as maintainer.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
lilik-openwrt-22.03
Eneas U de Queiroz 6 years ago
parent
7cb6405afe
commit
3bf5450b6d
No known key found for this signature in database GPG Key ID: 1EB043ABD7ACF202
6 changed files with 14 additions and 250 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +14
    -5
      libs/libevhtp/Makefile
  2. +0
    -49
      libs/libevhtp/patches/010-strcmp-endianness-fix.patch
  3. +0
    -132
      libs/libevhtp/patches/020-openssl-1.1-compatibility.patch
  4. +0
    -45
      libs/libevhtp/patches/021-openssl-thread.patch
  5. +0
    -12
      libs/libevhtp/patches/030-uclibc.patch
  6. +0
    -7
      libs/libevhtp/patches/040-oniguruma.patch

+ 14
- 5
libs/libevhtp/Makefile View File

@ -11,21 +11,24 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=libevhtp
PKG_VERSION:=1.2.0
PKG_RELEASE:=2
PKG_VERSION:=1.2.18
PKG_RELEASE:=1
# This package is building a static library, used by seafile-server
# Every time the built library changes (metadata changes are exempt),
# seafile-server needs a release bump to ensure the update is used.
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/criticalstack/libevhtp/tar.gz/$(PKG_VERSION)?
PKG_HASH:=d8d98072693f5f68ccd74d327dedfa2f6add4446ac2799689c2f58dd480aa301
PKG_HASH:=316ede0d672be3ae6fe489d4ac1c8c53a1db7d4fe05edaff3c7c853933e02795
PKG_MAINTAINER:=
PKG_MAINTAINER:=Eneas U de Queiroz <cote2004-github@yahoo.com>
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
CMAKE_INSTALL:=1
CMAKE_OPTIONS += \
-DLIB_INSTALL_DIR="$(STAGING_DIR)/usr/lib" \
-DINCLUDE_INSTALL_DIR="$(STAGING_DIR)/usr/include"
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
@ -35,7 +38,7 @@ define Package/libevhtp
CATEGORY:=Libraries
TITLE:=A more flexible replacement for libevent's httpd API
URL:=https://github.com/criticalstack/libevhtp
DEPENDS:=+libevent2 +libevent2-openssl +libevent2-pthreads
DEPENDS:=+libevent2 +libevent2-openssl +libevent2-pthreads +oniguruma
endef
define Package/libevhtp/description
@ -44,4 +47,10 @@ define Package/libevhtp/description
meaning the developer never thought of it being used for creating a full-fledged HTTP service.
endef
define Package/InstallDev
$(INSTALL_DIR) $(1)/usr/{lib,include}
$(CP) $(PKG_INSTALL_DIR)/usr/include/. $(1)/usr/include/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/. $(1)/usr/lib/
endef
$(eval $(call BuildPackage,libevhtp))

+ 0
- 49
libs/libevhtp/patches/010-strcmp-endianness-fix.patch View File

@ -1,49 +0,0 @@
diff -rupN libevhtp-1.2.9.orig/htparse/htparse.c libevhtp-1.2.9/htparse/htparse.c
--- libevhtp-1.2.9.orig/htparse/htparse.c 2014-03-23 12:50:50.000000000 +0100
+++ libevhtp-1.2.9/htparse/htparse.c 2014-12-09 01:12:22.242001241 +0100
@@ -197,6 +197,7 @@ static const char * method_strmap[] = {
#define _MIN_READ(a, b) ((a) < (b) ? (a) : (b))
+#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
#define _str3_cmp(m, c0, c1, c2, c3) \
*(uint32_t *)m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0)
@@ -226,6 +227,37 @@ static const char * method_strmap[] = {
*(uint32_t *)m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0) \
&& ((uint32_t *)m)[1] == ((c7 << 24) | (c6 << 16) | (c5 << 8) | c4) \
&& m[8] == c8
+#elif __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+#define _str3_cmp(m, c0, c1, c2, c3) \
+ *(uint32_t *)m == ((c0 << 24) | (c1 << 16) | (c2 << 8) | c3)
+
+#define _str3Ocmp(m, c0, c1, c2, c3) \
+ *(uint32_t *)m == ((c0 << 24) | (c1 << 16) | (c2 << 8) | c3)
+
+#define _str4cmp(m, c0, c1, c2, c3) \
+ *(uint32_t *)m == ((c0 << 24) | (c1 << 16) | (c2 << 8) | c3)
+
+#define _str5cmp(m, c0, c1, c2, c3, c4) \
+ *(uint32_t *)m == ((c0 << 24) | (c1 << 16) | (c2 << 8) | c3) \
+ && m[4] == c4
+
+#define _str6cmp(m, c0, c1, c2, c3, c4, c5) \
+ *(uint32_t *)m == ((c0 << 24) | (c1 << 16) | (c2 << 8) | c3) \
+ && (((uint32_t *)m)[1] & 0xffff0000) == ((c4 << 24) | c5 << 16)
+
+#define _str7_cmp(m, c0, c1, c2, c3, c4, c5, c6, c7) \
+ *(uint32_t *)m == ((c0 << 24) | (c1 << 16) | (c2 << 8) | c3) \
+ && ((uint32_t *)m)[1] == ((c4 << 24) | (c5 << 16) | (c6 << 8) | c7)
+
+#define _str8cmp(m, c0, c1, c2, c3, c4, c5, c6, c7) \
+ *(uint32_t *)m == ((c0 << 24) | (c1 << 16) | (c2 << 8) | c3) \
+ && ((uint32_t *)m)[1] == ((c4 << 24) | (c5 << 16) | (c6 << 8) | c7)
+
+#define _str9cmp(m, c0, c1, c2, c3, c4, c5, c6, c7, c8) \
+ *(uint32_t *)m == ((c0 << 24) | (c1 << 16) | (c2 << 8) | c3) \
+ && ((uint32_t *)m)[1] == ((c4 << 24) | (c5 << 16) | (c6 << 8) | c7) \
+ && m[8] == c8
+#endif
#define __HTPARSE_GENHOOK(__n) \
static inline int hook_ ## __n ## _run(htparser * p, htparse_hooks * hooks) { \

+ 0
- 132
libs/libevhtp/patches/020-openssl-1.1-compatibility.patch View File

@ -1,132 +0,0 @@
--- a/evhtp.c
+++ b/evhtp.c
@@ -1817,16 +1817,15 @@ _evhtp_ssl_thread_lock(int mode, int typ
#endif
static void
_evhtp_ssl_delete_scache_ent(evhtp_ssl_ctx_t * ctx, evhtp_ssl_sess_t * sess) {
- evhtp_t * htp;
- evhtp_ssl_cfg_t * cfg;
- unsigned char * sid;
- unsigned int slen;
+ evhtp_t * htp;
+ evhtp_ssl_cfg_t * cfg;
+ evhtp_ssl_data_t * sid;
+ unsigned int slen;
htp = (evhtp_t *)SSL_CTX_get_app_data(ctx);
cfg = htp->ssl_cfg;
- sid = sess->session_id;
- slen = sess->session_id_length;
+ sid = (evhtp_ssl_data_t *)SSL_SESSION_get_id(sess, &slen);
if (cfg->scache_del) {
(cfg->scache_del)(htp, sid, slen);
@@ -1837,14 +1836,17 @@ static int
_evhtp_ssl_add_scache_ent(evhtp_ssl_t * ssl, evhtp_ssl_sess_t * sess) {
evhtp_connection_t * connection;
evhtp_ssl_cfg_t * cfg;
- unsigned char * sid;
+ evhtp_ssl_data_t * sid;
int slen;
connection = (evhtp_connection_t *)SSL_get_app_data(ssl);
- cfg = connection->htp->ssl_cfg;
+ if (connection->htp == NULL)
+ {
+ return 0; /* We cannot get the ssl_cfg */
+ }
- sid = sess->session_id;
- slen = sess->session_id_length;
+ cfg = connection->htp->ssl_cfg;
+ sid = (evhtp_ssl_data_t *)SSL_SESSION_get_id(sess, &slen);
SSL_set_timeout(sess, cfg->scache_timeout);
@@ -1856,7 +1858,7 @@ _evhtp_ssl_add_scache_ent(evhtp_ssl_t *
}
static evhtp_ssl_sess_t *
-_evhtp_ssl_get_scache_ent(evhtp_ssl_t * ssl, unsigned char * sid, int sid_len, int * copy) {
+_evhtp_ssl_get_scache_ent(evhtp_ssl_t * ssl, evhtp_ssl_data_t * sid, int sid_len, int * copy) {
evhtp_connection_t * connection;
evhtp_ssl_cfg_t * cfg;
evhtp_ssl_sess_t * sess;
@@ -1898,12 +1900,12 @@ _evhtp_ssl_servername(evhtp_ssl_t * ssl,
connection->vhost_via_sni = 1;
SSL_set_SSL_CTX(ssl, evhtp_vhost->ssl_ctx);
- SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx));
+ SSL_set_options(ssl, SSL_CTX_get_options(SSL_get_SSL_CTX(ssl)));
if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
(SSL_num_renegotiations(ssl) == 0)) {
- SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx),
- SSL_CTX_get_verify_callback(ssl->ctx));
+ SSL_set_verify(ssl, SSL_CTX_get_verify_mode(SSL_get_SSL_CTX(ssl)),
+ SSL_CTX_get_verify_callback(SSL_get_SSL_CTX(ssl)));
}
return SSL_TLSEXT_ERR_OK;
@@ -3197,15 +3199,21 @@ evhtp_ssl_init(evhtp_t * htp, evhtp_ssl_
return -1;
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_library_init();
SSL_load_error_strings();
+#endif
RAND_poll();
STACK_OF(SSL_COMP) * comp_methods = SSL_COMP_get_compression_methods();
sk_SSL_COMP_zero(comp_methods);
htp->ssl_cfg = cfg;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
htp->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
+#else
+ htp->ssl_ctx = SSL_CTX_new(TLS_server_method());
+#endif
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
SSL_CTX_set_options(htp->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
@@ -3242,7 +3250,11 @@ evhtp_ssl_init(evhtp_t * htp, evhtp_ssl_
SSL_CTX_set_verify(htp->ssl_ctx, cfg->verify_peer, cfg->x509_verify_cb);
if (cfg->x509_chk_issued_cb != NULL) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
htp->ssl_ctx->cert_store->check_issued = cfg->x509_chk_issued_cb;
+#else
+ X509_STORE_set_check_issued(SSL_CTX_get_cert_store(htp->ssl_ctx), cfg->x509_chk_issued_cb);
+#endif
}
if (cfg->verify_depth) {
--- a/evhtp.h
+++ b/evhtp.h
@@ -34,6 +34,11 @@ typedef SSL evhtp_
typedef SSL_CTX evhtp_ssl_ctx_t;
typedef X509 evhtp_x509_t;
typedef X509_STORE_CTX evhtp_x509_store_ctx_t;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+typedef unsigned char evhtp_ssl_data_t;
+#else
+typedef const unsigned char evhtp_ssl_data_t;
+#endif
#else
typedef void evhtp_ssl_sess_t;
typedef void evhtp_ssl_t;
@@ -157,9 +162,9 @@ typedef int (*evhtp_headers_iterator)(ev
typedef int (*evhtp_ssl_verify_cb)(int pre_verify, evhtp_x509_store_ctx_t * ctx);
typedef int (*evhtp_ssl_chk_issued_cb)(evhtp_x509_store_ctx_t * ctx, evhtp_x509_t * x, evhtp_x509_t * issuer);
-typedef int (*evhtp_ssl_scache_add)(evhtp_connection_t * connection, unsigned char * sid, int sid_len, evhtp_ssl_sess_t * sess);
-typedef void (*evhtp_ssl_scache_del)(evhtp_t * htp, unsigned char * sid, int sid_len);
-typedef evhtp_ssl_sess_t * (*evhtp_ssl_scache_get)(evhtp_connection_t * connection, unsigned char * sid, int sid_len);
+typedef int (*evhtp_ssl_scache_add)(evhtp_connection_t * connection, evhtp_ssl_data_t * sid, int sid_len, evhtp_ssl_sess_t * sess);
+typedef void (*evhtp_ssl_scache_del)(evhtp_t * htp, evhtp_ssl_data_t * sid, int sid_len);
+typedef evhtp_ssl_sess_t * (*evhtp_ssl_scache_get)(evhtp_connection_t * connection, evhtp_ssl_data_t * sid, int sid_len);
typedef void * (*evhtp_ssl_scache_init)(evhtp_t *);
#define EVHTP_VERSION "1.2.0"

+ 0
- 45
libs/libevhtp/patches/021-openssl-thread.patch View File

@ -1,45 +0,0 @@
--- a/evhtp.c
+++ b/evhtp.c
@@ -1797,10 +1797,10 @@ _evhtp_accept_cb(evserv_t * serv, int fd, struct sockaddr * s, int sl, void * ar
}
#ifndef EVHTP_DISABLE_SSL
-#ifndef EVHTP_DISABLE_EVTHR
-static unsigned long
-_evhtp_ssl_get_thread_id(void) {
- return (unsigned long)pthread_self();
+#if !defined(EVHTP_DISABLE_EVTHR) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
+static void
+_evhtp_ssl_get_thread_id(CRYPTO_THREADID *id) {
+ CRYPTO_THREADID_set_numeric(id, (unsigned long)pthread_self());
}
static void
@@ -3050,7 +3050,9 @@ evhtp_use_threads(evhtp_t * htp, evhtp_thread_init_cb init_cb, int nthreads, voi
htp->thread_init_cbarg = arg;
#ifndef EVHTP_DISABLE_SSL
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
evhtp_ssl_use_threads();
+#endif
#endif
if (!(htp->thr_pool = evthr_pool_new(nthreads, _evhtp_thread_init, htp))) {
@@ -3161,7 +3163,7 @@ evhtp_set_post_accept_cb(evhtp_t * htp, evhtp_post_accept_cb cb, void * arg) {
}
#ifndef EVHTP_DISABLE_SSL
-#ifndef EVHTP_DISABLE_EVTHR
+#if !defined(EVHTP_DISABLE_EVTHR) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
int
evhtp_ssl_use_threads(void) {
int i;
@@ -3179,7 +3181,7 @@ evhtp_ssl_use_threads(void) {
pthread_mutex_init(&(ssl_locks[i]), NULL);
}
- CRYPTO_set_id_callback(_evhtp_ssl_get_thread_id);
+ CRYPTO_THREADID_set_callback(_evhtp_ssl_get_thread_id);
CRYPTO_set_locking_callback(_evhtp_ssl_thread_lock);
return 0;

+ 0
- 12
libs/libevhtp/patches/030-uclibc.patch View File

@ -1,12 +0,0 @@
--- a/test_proxy.c
+++ b/test_proxy.c
@@ -5,6 +5,9 @@
#include <errno.h>
#include <evhtp.h>
+#ifndef SIGTERM
+#define SIGTERM 15
+#endif
int
make_request(evbase_t * evbase,

+ 0
- 7
libs/libevhtp/patches/040-oniguruma.patch View File

@ -1,7 +0,0 @@
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -241,3 +241,4 @@ endif()
install (FILES evhtp.h DESTINATION include)
install (FILES htparse/htparse.h DESTINATION include)
install (FILES evthr/evthr.h DESTINATION include)
+install (FILES oniguruma/onigposix.h DESTINATION include)

Write Preview
Loading…
Cancel
Save