On Tue, Nov 22, 2022 at 12:36:25PM +0100, Theo Buehler wrote:
> Now that libcrypto has X25519 support via EVP, most of the patches
> aren't needed anymore. It suffices to map OPENSSL_clear_free to freezero.
> Hopefully that will make future updates less painful.
>
> This seems to work in light testing.
>
> 'make test' is broken, I haven't looked into fixing that.
Sorry, I forgot to add crypto to WANTLIB.
Index: Makefile
===================================================================
RCS file: /cvs/ports/x11/kitty/Makefile,v
retrieving revision 1.15
diff -u -p -r1.15 Makefile
--- Makefile 13 Nov 2022 15:30:22 -0000 1.15
+++ Makefile 22 Nov 2022 11:43:39 -0000
@@ -8,13 +8,13 @@ DISTNAME = kitty-${MODPY_EGG_VERSION}
CATEGORIES = x11
HOMEPAGE = https://sw.kovidgoyal.net/kitty/
MAINTAINER = Thomas Frohwein <t...@openbsd.org>
-REVISION = 0
+REVISION = 1
# GPLv3+
PERMIT_PACKAGE = Yes
# canberra, fontconfig, freetype are loaded dynamically
-WANTLIB += GL X11 X11-xcb Xcursor Xinerama Xrandr c canberra dbus-1
+WANTLIB += GL X11 X11-xcb Xcursor Xinerama Xrandr c canberra crypto dbus-1
WANTLIB += fontconfig freetype harfbuzz intl lcms2 m png pthread rsync
WANTLIB += util xcb xkbcommon xkbcommon-x11 z ${MODPY_WANTLIB}
@@ -52,10 +52,6 @@ TEST_ENV = CI=true \
# needed for 'make test'
USE_GMAKE = Yes
-
-# disable crypto for encrypted communication; depends on OpenSSL3; not worth it
-post-extract:
- rm ${WRKSRC}/kitty/crypto.c
pre-test:
mkdir -p ${WRKDIR}/tmp/cache
Index: patches/patch-kitty_boss_py
===================================================================
RCS file: patches/patch-kitty_boss_py
diff -N patches/patch-kitty_boss_py
--- patches/patch-kitty_boss_py 8 Nov 2022 15:59:51 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,25 +0,0 @@
-disable crypto/remote control functions
-
-Index: kitty/boss.py
---- kitty/boss.py.orig
-+++ kitty/boss.py
-@@ -35,7 +35,7 @@ from .fast_data_types import (
- CLOSE_BEING_CONFIRMED, GLFW_MOD_ALT, GLFW_MOD_CONTROL, GLFW_MOD_SHIFT,
- GLFW_MOD_SUPER, GLFW_MOUSE_BUTTON_LEFT, GLFW_PRESS,
GLFW_PRIMARY_SELECTION,
- IMPERATIVE_CLOSE_REQUESTED, NO_CLOSE_REQUESTED, ChildMonitor, Color,
-- EllipticCurveKey, KeyEvent, SingleKey, add_timer, apply_options_update,
-+ KeyEvent, SingleKey, add_timer, apply_options_update,
- background_opacity_of, change_background_opacity, change_os_window_state,
- cocoa_set_menubar_title, create_os_window,
- current_application_quit_request, current_os_window, destroy_global_data,
-@@ -245,8 +245,8 @@ class Boss:
- self.clipboard = Clipboard()
- self.primary_selection = Clipboard(GLFW_PRIMARY_SELECTION)
- self.update_check_started = False
-- self.encryption_key = EllipticCurveKey()
-- self.encryption_public_key =
f'{RC_ENCRYPTION_PROTOCOL_VERSION}:{base64.b85encode(self.encryption_key.public).decode("ascii")}'
-+ #self.encryption_key = EllipticCurveKey()
-+ #self.encryption_public_key =
f'{RC_ENCRYPTION_PROTOCOL_VERSION}:{base64.b85encode(self.encryption_key.public).decode("ascii")}'
- self.clipboard_buffers: Dict[str, str] = {}
- self.update_check_process: Optional['PopenType[bytes]'] = None
- self.window_id_map: WeakValueDictionary[int, Window] =
WeakValueDictionary()
Index: patches/patch-kitty_child_py
===================================================================
RCS file: patches/patch-kitty_child_py
diff -N patches/patch-kitty_child_py
--- patches/patch-kitty_child_py 8 Nov 2022 15:59:51 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,14 +0,0 @@
-disable crypto/remote control functionality
-
-Index: kitty/child.py
---- kitty/child.py.orig
-+++ kitty/child.py
-@@ -255,7 +255,7 @@ class Child:
- env['TERM'] = fast_data_types.get_options().term
- env['COLORTERM'] = 'truecolor'
- env['KITTY_PID'] = getpid()
-- env['KITTY_PUBLIC_KEY'] = boss.encryption_public_key
-+ #env['KITTY_PUBLIC_KEY'] = boss.encryption_public_key
- if self.add_listen_on_env_var and boss.listening_on:
- env['KITTY_LISTEN_ON'] = boss.listening_on
- else:
Index: patches/patch-kitty_complete_py
===================================================================
RCS file: patches/patch-kitty_complete_py
diff -N patches/patch-kitty_complete_py
--- patches/patch-kitty_complete_py 8 Nov 2022 15:59:51 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,14 +0,0 @@
-disable crypto/remote control functionality
-
-Index: kitty/complete.py
---- kitty/complete.py.orig
-+++ kitty/complete.py
-@@ -16,7 +16,7 @@ from kittens.runner import (
- from .cli import (
- OptionDict, options_for_completion, parse_option_spec, prettify
- )
--from .remote_control import global_options_spec
-+#from .remote_control import global_options_spec
- from .constants import config_dir, shell_integration_dir
- from .fast_data_types import truncate_point_for_length, wcswidth
- from .rc.base import all_command_names, command_for_name
Index: patches/patch-kitty_crypto_c
===================================================================
RCS file: patches/patch-kitty_crypto_c
diff -N patches/patch-kitty_crypto_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-kitty_crypto_c 22 Nov 2022 11:19:16 -0000
@@ -0,0 +1,14 @@
+Index: kitty/crypto.c
+--- kitty/crypto.c.orig
++++ kitty/crypto.c
+@@ -17,6 +17,10 @@
+ #include <sys/mman.h>
+ #include <structmember.h>
+
++#if defined(LIBRESSL_VERSION_NUMBER)
++#define OPENSSL_clear_free(a, b) freezero((a), (b))
++#endif
++
+ #define SHA1_DIGEST_LENGTH SHA_DIGEST_LENGTH
+
+ typedef enum HASH_ALGORITHM { SHA1_HASH, SHA224_HASH, SHA256_HASH,
SHA384_HASH, SHA512_HASH } HASH_ALGORITHM;
Index: patches/patch-kitty_data-types_c
===================================================================
RCS file: patches/patch-kitty_data-types_c
diff -N patches/patch-kitty_data-types_c
--- patches/patch-kitty_data-types_c 8 Nov 2022 15:59:51 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
-disable crypto functionality
-
-Index: kitty/data-types.c
---- kitty/data-types.c.orig
-+++ kitty/data-types.c
-@@ -263,7 +263,6 @@ extern int init_Line(PyObject *);
- extern int init_ColorProfile(PyObject *);
- extern int init_Screen(PyObject *);
- extern bool init_fontconfig_library(PyObject*);
--extern bool init_crypto_library(PyObject*);
- extern bool init_desktop(PyObject*);
- extern bool init_fonts(PyObject*);
- extern bool init_glfw(PyObject *m);
-@@ -346,7 +345,6 @@ PyInit_fast_data_types(void) {
- if (!init_fonts(m)) return NULL;
- if (!init_utmp(m)) return NULL;
- if (!init_loop_utils(m)) return NULL;
-- if (!init_crypto_library(m)) return NULL;
-
- CellAttrs a;
- #define s(name, attr) { a.val = 0; a.attr = 1; PyModule_AddIntConstant(m,
#name, shift_to_first_set_bit(a)); }
Index: patches/patch-kitty_remote_control_py
===================================================================
RCS file: patches/patch-kitty_remote_control_py
diff -N patches/patch-kitty_remote_control_py
--- patches/patch-kitty_remote_control_py 8 Nov 2022 15:59:51 -0000
1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,40 +0,0 @@
-disable encrypted communication functionality
-
-Index: kitty/remote_control.py
---- kitty/remote_control.py.orig
-+++ kitty/remote_control.py
-@@ -19,7 +19,7 @@ from .cli import emph, parse_args
- from .cli_stub import RCOptions
- from .constants import RC_ENCRYPTION_PROTOCOL_VERSION, appname, version
- from .fast_data_types import (
-- AES256GCMDecrypt, AES256GCMEncrypt, EllipticCurveKey, get_boss,
-+ get_boss,
- get_options, read_command_response, send_data_to_peer
- )
- from .rc.base import (
-@@ -39,7 +39,7 @@ def encode_response_for_peer(response: Any) -> bytes:
- return b'\x1bP@kitty-cmd' + json.dumps(response).encode('utf-8') +
b'\x1b\\'
-
-
--def parse_cmd(serialized_cmd: str, encryption_key: EllipticCurveKey) ->
Dict[str, Any]:
-+def parse_cmd(serialized_cmd: str, encryption_key: '') -> Dict[str, Any]:
- try:
- pcmd = json.loads(serialized_cmd)
- except Exception:
-@@ -48,6 +48,8 @@ def parse_cmd(serialized_cmd: str, encryption_key: Ell
- return {}
- pcmd.pop('password', None)
- if 'encrypted' in pcmd:
-+ raise NotImplementedError("encrypted communication disabled on
OpenBSD")
-+ """
- if pcmd.get('enc_proto', '1') != RC_ENCRYPTION_PROTOCOL_VERSION:
- log_error(f'Ignoring encrypted rc command with unsupported
protocol: {pcmd.get("enc_proto")}')
- return {}
-@@ -65,6 +67,7 @@ def parse_cmd(serialized_cmd: str, encryption_key: Ell
- f'Ignoring encrypted rc command with timestamp {delta /
1e9:.1f} seconds from now.'
- ' Could be an attempt at a replay attack or an incorrect
clock on a remote machine.')
- return {}
-+ """
- return pcmd
-
-
Index: patches/patch-setup_py
===================================================================
RCS file: /cvs/ports/x11/kitty/patches/patch-setup_py,v
retrieving revision 1.9
diff -u -p -r1.9 patch-setup_py
--- patches/patch-setup_py 8 Nov 2022 15:59:51 -0000 1.9
+++ patches/patch-setup_py 22 Nov 2022 11:13:08 -0000
@@ -37,24 +37,6 @@ Index: setup.py
)
ldflags = shlex.split(ldflags_)
ldflags.append('-shared')
-@@ -447,7 +445,7 @@ def kitty_env() -> Env:
- at_least_version('harfbuzz', 1, 5)
- cflags.extend(pkg_config('libpng', '--cflags-only-I'))
- cflags.extend(pkg_config('lcms2', '--cflags-only-I'))
-- cflags.extend(libcrypto_cflags)
-+ #cflags.extend(libcrypto_cflags)
- if is_macos:
- platform_libs = [
- '-framework', 'Carbon', '-framework', 'CoreText', '-framework',
'CoreGraphics',
-@@ -472,7 +470,7 @@ def kitty_env() -> Env:
- gl_libs = ['-framework', 'OpenGL'] if is_macos else pkg_config('gl',
'--libs')
- libpng = pkg_config('libpng', '--libs')
- lcms2 = pkg_config('lcms2', '--libs')
-- ans.ldpaths += pylib + platform_libs + gl_libs + libpng + lcms2 +
libcrypto_ldflags
-+ ans.ldpaths += pylib + platform_libs + gl_libs + libpng + lcms2 #+
libcrypto_ldflags
- if is_macos:
- ans.ldpaths.extend('-framework Cocoa'.split())
- elif not is_openbsd:
@@ -761,7 +759,7 @@ def find_c_files() -> Tuple[List[str], List[str]]:
