On Tue, Nov 22, 2022 at 12:46:34PM +0100, Theo Buehler wrote:
> On Tue, Nov 22, 2022 at 12:36:25PM +0100, Theo Buehler wrote:
> > Now that libcrypto has X25519 support via EVP, most of the patches
> > aren't needed anymore. It suffices to map OPENSSL_clear_free to freezero.
> > Hopefully that will make future updates less painful.
The amount of patches reduced with your diff is great and will reduce
the work for future updates.
> >
> > This seems to work in light testing.
> >
> > 'make test' is broken, I haven't looked into fixing that.
works well on light testing here, too. 'make test' is broken since the
last update; no straightforward fix; I hope to figure this out in a
future update.
This diff is ok with me, seems to me more sustainable than keeping up
with patching out the crypto stuff entirely.
>
> Sorry, I forgot to add crypto to WANTLIB.
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/x11/kitty/Makefile,v
> retrieving revision 1.15
> diff -u -p -r1.15 Makefile
> --- Makefile 13 Nov 2022 15:30:22 -0000 1.15
> +++ Makefile 22 Nov 2022 11:43:39 -0000
> @@ -8,13 +8,13 @@ DISTNAME = kitty-${MODPY_EGG_VERSION}
> CATEGORIES = x11
> HOMEPAGE = https://sw.kovidgoyal.net/kitty/
> MAINTAINER = Thomas Frohwein <t...@openbsd.org>
> -REVISION = 0
> +REVISION = 1
>
> # GPLv3+
> PERMIT_PACKAGE = Yes
>
> # canberra, fontconfig, freetype are loaded dynamically
> -WANTLIB += GL X11 X11-xcb Xcursor Xinerama Xrandr c canberra dbus-1
> +WANTLIB += GL X11 X11-xcb Xcursor Xinerama Xrandr c canberra crypto dbus-1
> WANTLIB += fontconfig freetype harfbuzz intl lcms2 m png pthread rsync
> WANTLIB += util xcb xkbcommon xkbcommon-x11 z ${MODPY_WANTLIB}
>
> @@ -52,10 +52,6 @@ TEST_ENV = CI=true \
>
> # needed for 'make test'
> USE_GMAKE = Yes
> -
> -# disable crypto for encrypted communication; depends on OpenSSL3; not worth
> it
> -post-extract:
> - rm ${WRKSRC}/kitty/crypto.c
>
> pre-test:
> mkdir -p ${WRKDIR}/tmp/cache
> Index: patches/patch-kitty_boss_py
> ===================================================================
> RCS file: patches/patch-kitty_boss_py
> diff -N patches/patch-kitty_boss_py
> --- patches/patch-kitty_boss_py 8 Nov 2022 15:59:51 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,25 +0,0 @@
> -disable crypto/remote control functions
> -
> -Index: kitty/boss.py
> ---- kitty/boss.py.orig
> -+++ kitty/boss.py
> -@@ -35,7 +35,7 @@ from .fast_data_types import (
> - CLOSE_BEING_CONFIRMED, GLFW_MOD_ALT, GLFW_MOD_CONTROL, GLFW_MOD_SHIFT,
> - GLFW_MOD_SUPER, GLFW_MOUSE_BUTTON_LEFT, GLFW_PRESS,
> GLFW_PRIMARY_SELECTION,
> - IMPERATIVE_CLOSE_REQUESTED, NO_CLOSE_REQUESTED, ChildMonitor, Color,
> -- EllipticCurveKey, KeyEvent, SingleKey, add_timer, apply_options_update,
> -+ KeyEvent, SingleKey, add_timer, apply_options_update,
> - background_opacity_of, change_background_opacity,
> change_os_window_state,
> - cocoa_set_menubar_title, create_os_window,
> - current_application_quit_request, current_os_window,
> destroy_global_data,
> -@@ -245,8 +245,8 @@ class Boss:
> - self.clipboard = Clipboard()
> - self.primary_selection = Clipboard(GLFW_PRIMARY_SELECTION)
> - self.update_check_started = False
> -- self.encryption_key = EllipticCurveKey()
> -- self.encryption_public_key =
> f'{RC_ENCRYPTION_PROTOCOL_VERSION}:{base64.b85encode(self.encryption_key.public).decode("ascii")}'
> -+ #self.encryption_key = EllipticCurveKey()
> -+ #self.encryption_public_key =
> f'{RC_ENCRYPTION_PROTOCOL_VERSION}:{base64.b85encode(self.encryption_key.public).decode("ascii")}'
> - self.clipboard_buffers: Dict[str, str] = {}
> - self.update_check_process: Optional['PopenType[bytes]'] = None
> - self.window_id_map: WeakValueDictionary[int, Window] =
> WeakValueDictionary()
> Index: patches/patch-kitty_child_py
> ===================================================================
> RCS file: patches/patch-kitty_child_py
> diff -N patches/patch-kitty_child_py
> --- patches/patch-kitty_child_py 8 Nov 2022 15:59:51 -0000 1.3
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,14 +0,0 @@
> -disable crypto/remote control functionality
> -
> -Index: kitty/child.py
> ---- kitty/child.py.orig
> -+++ kitty/child.py
> -@@ -255,7 +255,7 @@ class Child:
> - env['TERM'] = fast_data_types.get_options().term
> - env['COLORTERM'] = 'truecolor'
> - env['KITTY_PID'] = getpid()
> -- env['KITTY_PUBLIC_KEY'] = boss.encryption_public_key
> -+ #env['KITTY_PUBLIC_KEY'] = boss.encryption_public_key
> - if self.add_listen_on_env_var and boss.listening_on:
> - env['KITTY_LISTEN_ON'] = boss.listening_on
> - else:
> Index: patches/patch-kitty_complete_py
> ===================================================================
> RCS file: patches/patch-kitty_complete_py
> diff -N patches/patch-kitty_complete_py
> --- patches/patch-kitty_complete_py 8 Nov 2022 15:59:51 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,14 +0,0 @@
> -disable crypto/remote control functionality
> -
> -Index: kitty/complete.py
> ---- kitty/complete.py.orig
> -+++ kitty/complete.py
> -@@ -16,7 +16,7 @@ from kittens.runner import (
> - from .cli import (
> - OptionDict, options_for_completion, parse_option_spec, prettify
> - )
> --from .remote_control import global_options_spec
> -+#from .remote_control import global_options_spec
> - from .constants import config_dir, shell_integration_dir
> - from .fast_data_types import truncate_point_for_length, wcswidth
> - from .rc.base import all_command_names, command_for_name
> Index: patches/patch-kitty_crypto_c
> ===================================================================
> RCS file: patches/patch-kitty_crypto_c
> diff -N patches/patch-kitty_crypto_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-kitty_crypto_c 22 Nov 2022 11:19:16 -0000
> @@ -0,0 +1,14 @@
> +Index: kitty/crypto.c
> +--- kitty/crypto.c.orig
> ++++ kitty/crypto.c
> +@@ -17,6 +17,10 @@
> + #include <sys/mman.h>
> + #include <structmember.h>
> +
> ++#if defined(LIBRESSL_VERSION_NUMBER)
> ++#define OPENSSL_clear_free(a, b) freezero((a), (b))
> ++#endif
> ++
> + #define SHA1_DIGEST_LENGTH SHA_DIGEST_LENGTH
> +
> + typedef enum HASH_ALGORITHM { SHA1_HASH, SHA224_HASH, SHA256_HASH,
> SHA384_HASH, SHA512_HASH } HASH_ALGORITHM;
> Index: patches/patch-kitty_data-types_c
> ===================================================================
> RCS file: patches/patch-kitty_data-types_c
> diff -N patches/patch-kitty_data-types_c
> --- patches/patch-kitty_data-types_c 8 Nov 2022 15:59:51 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,21 +0,0 @@
> -disable crypto functionality
> -
> -Index: kitty/data-types.c
> ---- kitty/data-types.c.orig
> -+++ kitty/data-types.c
> -@@ -263,7 +263,6 @@ extern int init_Line(PyObject *);
> - extern int init_ColorProfile(PyObject *);
> - extern int init_Screen(PyObject *);
> - extern bool init_fontconfig_library(PyObject*);
> --extern bool init_crypto_library(PyObject*);
> - extern bool init_desktop(PyObject*);
> - extern bool init_fonts(PyObject*);
> - extern bool init_glfw(PyObject *m);
> -@@ -346,7 +345,6 @@ PyInit_fast_data_types(void) {
> - if (!init_fonts(m)) return NULL;
> - if (!init_utmp(m)) return NULL;
> - if (!init_loop_utils(m)) return NULL;
> -- if (!init_crypto_library(m)) return NULL;
> -
> - CellAttrs a;
> - #define s(name, attr) { a.val = 0; a.attr = 1; PyModule_AddIntConstant(m,
> #name, shift_to_first_set_bit(a)); }
> Index: patches/patch-kitty_remote_control_py
> ===================================================================
> RCS file: patches/patch-kitty_remote_control_py
> diff -N patches/patch-kitty_remote_control_py
> --- patches/patch-kitty_remote_control_py 8 Nov 2022 15:59:51 -0000
> 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,40 +0,0 @@
> -disable encrypted communication functionality
> -
> -Index: kitty/remote_control.py
> ---- kitty/remote_control.py.orig
> -+++ kitty/remote_control.py
> -@@ -19,7 +19,7 @@ from .cli import emph, parse_args
> - from .cli_stub import RCOptions
> - from .constants import RC_ENCRYPTION_PROTOCOL_VERSION, appname, version
> - from .fast_data_types import (
> -- AES256GCMDecrypt, AES256GCMEncrypt, EllipticCurveKey, get_boss,
> -+ get_boss,
> - get_options, read_command_response, send_data_to_peer
> - )
> - from .rc.base import (
> -@@ -39,7 +39,7 @@ def encode_response_for_peer(response: Any) -> bytes:
> - return b'\x1bP@kitty-cmd' + json.dumps(response).encode('utf-8') +
> b'\x1b\\'
> -
> -
> --def parse_cmd(serialized_cmd: str, encryption_key: EllipticCurveKey) ->
> Dict[str, Any]:
> -+def parse_cmd(serialized_cmd: str, encryption_key: '') -> Dict[str, Any]:
> - try:
> - pcmd = json.loads(serialized_cmd)
> - except Exception:
> -@@ -48,6 +48,8 @@ def parse_cmd(serialized_cmd: str, encryption_key: Ell
> - return {}
> - pcmd.pop('password', None)
> - if 'encrypted' in pcmd:
> -+ raise NotImplementedError("encrypted communication disabled on
> OpenBSD")
> -+ """
> - if pcmd.get('enc_proto', '1') != RC_ENCRYPTION_PROTOCOL_VERSION:
> - log_error(f'Ignoring encrypted rc command with unsupported
> protocol: {pcmd.get("enc_proto")}')
> - return {}
> -@@ -65,6 +67,7 @@ def parse_cmd(serialized_cmd: str, encryption_key: Ell
> - f'Ignoring encrypted rc command with timestamp {delta /
> 1e9:.1f} seconds from now.'
> - ' Could be an attempt at a replay attack or an incorrect
> clock on a remote machine.')
> - return {}
> -+ """
> - return pcmd
> -
> -
> Index: patches/patch-setup_py
> ===================================================================
> RCS file: /cvs/ports/x11/kitty/patches/patch-setup_py,v
> retrieving revision 1.9
> diff -u -p -r1.9 patch-setup_py
> --- patches/patch-setup_py 8 Nov 2022 15:59:51 -0000 1.9
> +++ patches/patch-setup_py 22 Nov 2022 11:13:08 -0000
> @@ -37,24 +37,6 @@ Index: setup.py
> )
> ldflags = shlex.split(ldflags_)
> ldflags.append('-shared')
> -@@ -447,7 +445,7 @@ def kitty_env() -> Env:
> - at_least_version('harfbuzz', 1, 5)
> - cflags.extend(pkg_config('libpng', '--cflags-only-I'))
> - cflags.extend(pkg_config('lcms2', '--cflags-only-I'))
> -- cflags.extend(libcrypto_cflags)
> -+ #cflags.extend(libcrypto_cflags)
> - if is_macos:
> - platform_libs = [
> - '-framework', 'Carbon', '-framework', 'CoreText', '-framework',
> 'CoreGraphics',
> -@@ -472,7 +470,7 @@ def kitty_env() -> Env:
> - gl_libs = ['-framework', 'OpenGL'] if is_macos else pkg_config('gl',
> '--libs')
> - libpng = pkg_config('libpng', '--libs')
> - lcms2 = pkg_config('lcms2', '--libs')
> -- ans.ldpaths += pylib + platform_libs + gl_libs + libpng + lcms2 +
> libcrypto_ldflags
> -+ ans.ldpaths += pylib + platform_libs + gl_libs + libpng + lcms2 #+
> libcrypto_ldflags
> - if is_macos:
> - ans.ldpaths.extend('-framework Cocoa'.split())
> - elif not is_openbsd:
> @@ -761,7 +759,7 @@ def find_c_files() -> Tuple[List[str], List[str]]:
>
>
