On 2025/05/25 20:26, Tim van der Molen wrote:
> Here is an update to sqlcipher 4.9.0. OK?
ok.
maybe add a comment to the libressl-related patch explaining why?
iiuc it's because we don't have EVP_MAC* yet.
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/databases/sqlcipher/Makefile,v
> diff -p -u -r1.13 Makefile
> --- Makefile 17 May 2025 19:08:00 -0000 1.13
> +++ Makefile 25 May 2025 17:16:17 -0000
> @@ -2,10 +2,9 @@ COMMENT = encrypted SQLite database
>
> GH_ACCOUNT = sqlcipher
> GH_PROJECT = sqlcipher
> -GH_TAGNAME = v4.6.1
> -REVISION = 1
> +GH_TAGNAME = v4.9.0
>
> -SHARED_LIBS += sqlcipher 2.0 # 8.6
> +SHARED_LIBS += sqlcipher 3.0 # 8.6
>
> CATEGORIES = databases
>
> @@ -16,19 +15,36 @@ PERMIT_PACKAGE = Yes
>
> WANTLIB += c crypto curses m pthread readline z
>
> -CONFIGURE_STYLE = gnu
> +CONFIGURE_STYLE = simple
>
> -CONFIGURE_ARGS += --enable-tempstore=yes \
> - --disable-editline \
> - --disable-tcl
> -CONFIGURE_ENV += TCLSH_CMD=${MODTCL_BIN}
> +CONFIGURE_ARGS += --disable-tcl \
> + --includedir=${PREFIX}/include/sqlcipher \
> + --mandir=${PREFIX}/man \
> + --soname=${LIBsqlcipher_VERSION} \
> + --with-tempstore=yes
> +CONFIGURE_ENV += LDFLAGS='${LDFLAGS}'
>
> NO_TEST = Yes
>
> -CFLAGS += -DSQLITE_HAS_CODEC -DOMIT_MEMLOCK
> +CFLAGS += -DOMIT_MEMLOCK \
> + -DSQLITE_EXTRA_INIT=sqlcipher_extra_init \
> + -DSQLITE_EXTRA_SHUTDOWN=sqlcipher_extra_shutdown \
> + -DSQLITE_HAS_CODEC
> +
> +LDFLAGS += -lcrypto
>
> MODULES = lang/tcl
> MODTCL_VERSION = 8.6
> BUILD_DEPENDS = ${MODTCL_BUILD_DEPENDS}
> +
> +post-install:
> + mv ${PREFIX}/bin/{sqlite3,sqlcipher}
> + mv ${PREFIX}/lib/lib{sqlite3,sqlcipher}.a
> + rm ${PREFIX}/lib/libsqlite3.so{,.0}
> + mv ${PREFIX}/lib/libsqlite3.so.* \
> + ${PREFIX}/lib/libsqlcipher.so.${LIBsqlcipher_VERSION}
> + mv ${PREFIX}/lib/pkgconfig/{sqlite3,sqlcipher}.pc
> + mv ${PREFIX}/man/man1/{sqlite3,sqlcipher}.1
> + sed -i s/-lsqlite3/-lsqlcipher/ ${PREFIX}/lib/pkgconfig/sqlcipher.pc
>
> .include <bsd.port.mk>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/databases/sqlcipher/distinfo,v
> diff -p -u -r1.10 distinfo
> --- distinfo 4 Oct 2024 07:11:26 -0000 1.10
> +++ distinfo 25 May 2025 17:16:17 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (sqlcipher-4.6.1.tar.gz) =
> 2Pmvy8L0tV4xbKStpEJdrz0LSqsl9F4RqAKuQiufU6M=
> -SIZE (sqlcipher-4.6.1.tar.gz) = 19115004
> +SHA256 (sqlcipher-4.9.0.tar.gz) =
> kZNmMM5YqZed4xNr1SklNe4MCy2OkBxIMzWsT7K+QYU=
> +SIZE (sqlcipher-4.9.0.tar.gz) = 19168463
> Index: patches/patch-autosetup_sqlite-config_tcl
> ===================================================================
> RCS file: patches/patch-autosetup_sqlite-config_tcl
> diff -N patches/patch-autosetup_sqlite-config_tcl
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-autosetup_sqlite-config_tcl 25 May 2025 17:16:17 -0000
> @@ -0,0 +1,12 @@
> +Index: autosetup/sqlite-config.tcl
> +--- autosetup/sqlite-config.tcl.orig
> ++++ autosetup/sqlite-config.tcl
> +@@ -792,7 +792,7 @@ proc sqlite-handle-soname {} {
> + # use it as-is
> + } else {
> + # Assume it's a suffix
> +- set soname "libsqlite3.so.${soname}"
> ++ set soname "libsqlcipher.so.${soname}"
> + }
> + }
> + }
> Index: patches/patch-src_crypto_openssl_c
> ===================================================================
> RCS file: patches/patch-src_crypto_openssl_c
> diff -N patches/patch-src_crypto_openssl_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_crypto_openssl_c 25 May 2025 17:16:17 -0000
> @@ -0,0 +1,92 @@
> +Partial revert of
> +https://github.com/sqlcipher/sqlcipher/commit/801b81a8d0c42c13f66de89805c3bfa0d1d450aa
> +
> +Index: src/crypto_openssl.c
> +--- src/crypto_openssl.c.orig
> ++++ src/crypto_openssl.c
> +@@ -156,6 +156,76 @@ static int sqlcipher_openssl_hmac(
> + ) {
> + int rc = 0;
> +
> ++#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER <
> 0x30000000L)
> ++ unsigned int outlen;
> ++ HMAC_CTX* hctx = NULL;
> ++
> ++ if(in == NULL) goto error;
> ++
> ++ hctx = HMAC_CTX_new();
> ++ if(hctx == NULL) {
> ++ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER,
> "sqlcipher_openssl_hmac: HMAC_CTX_new() failed");
> ++ sqlcipher_openssl_log_errors();
> ++ goto error;
> ++ }
> ++
> ++ switch(algorithm) {
> ++ case SQLCIPHER_HMAC_SHA1:
> ++ if(!(rc = HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL))) {
> ++ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER,
> "sqlcipher_openssl_hmac: HMAC_Init_ex() with key size %d and EVP_sha1()
> returned %d", key_sz, rc);
> ++ sqlcipher_openssl_log_errors();
> ++ goto error;
> ++ }
> ++ break;
> ++ case SQLCIPHER_HMAC_SHA256:
> ++ if(!(rc = HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha256(), NULL))) {
> ++ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER,
> "sqlcipher_openssl_hmac: HMAC_Init_ex() with key size %d and EVP_sha256()
> returned %d", key_sz, rc);
> ++ sqlcipher_openssl_log_errors();
> ++ goto error;
> ++ }
> ++ break;
> ++ case SQLCIPHER_HMAC_SHA512:
> ++ if(!(rc = HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha512(), NULL))) {
> ++ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER,
> "sqlcipher_openssl_hmac: HMAC_Init_ex() with key size %d and EVP_sha512()
> returned %d", key_sz, rc);
> ++ sqlcipher_openssl_log_errors();
> ++ goto error;
> ++ }
> ++ break;
> ++ default:
> ++ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER,
> "sqlcipher_openssl_hmac: invalid algorithm %d", algorithm);
> ++ goto error;
> ++ }
> ++
> ++ if(!(rc = HMAC_Update(hctx, in, in_sz))) {
> ++ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER,
> "sqlcipher_openssl_hmac: HMAC_Update() on 1st input buffer of %d bytes using
> algorithm %d returned %d", in_sz, algorithm, rc);
> ++ sqlcipher_openssl_log_errors();
> ++ goto error;
> ++ }
> ++
> ++ if(in2 != NULL) {
> ++ if(!(rc = HMAC_Update(hctx, in2, in2_sz))) {
> ++ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER,
> "sqlcipher_openssl_hmac: HMAC_Update() on 2nd input buffer of %d bytes using
> algorithm %d returned %d", in2_sz, algorithm, rc);
> ++ sqlcipher_openssl_log_errors();
> ++ goto error;
> ++ }
> ++ }
> ++
> ++ if(!(rc = HMAC_Final(hctx, out, &outlen))) {
> ++ sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER,
> "sqlcipher_openssl_hmac: HMAC_Final() using algorithm %d returned %d",
> algorithm, rc);
> ++ sqlcipher_openssl_log_errors();
> ++ goto error;
> ++ }
> ++
> ++ rc = SQLITE_OK;
> ++ goto cleanup;
> ++
> ++error:
> ++ rc = SQLITE_ERROR;
> ++
> ++cleanup:
> ++ if(hctx) HMAC_CTX_free(hctx);
> ++
> ++#else
> + size_t outlen;
> + EVP_MAC *mac = NULL;
> + EVP_MAC_CTX *hctx = NULL;
> +@@ -241,6 +311,8 @@ error:
> + cleanup:
> + if(hctx) EVP_MAC_CTX_free(hctx);
> + if(mac) EVP_MAC_free(mac);
> ++
> ++#endif
> +
> + return rc;
> + }
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/databases/sqlcipher/pkg/PLIST,v
> diff -p -u -r1.2 PLIST
> --- pkg/PLIST 11 Mar 2022 18:31:46 -0000 1.2
> +++ pkg/PLIST 25 May 2025 17:16:17 -0000
> @@ -3,6 +3,6 @@ include/sqlcipher/
> include/sqlcipher/sqlite3.h
> include/sqlcipher/sqlite3ext.h
> @static-lib lib/libsqlcipher.a
> -lib/libsqlcipher.la
> @lib lib/libsqlcipher.so.${LIBsqlcipher_VERSION}
> lib/pkgconfig/sqlcipher.pc
> +@man man/man1/sqlcipher.1
>
