cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

x11/kitty: with X25519 support available in libcrypto's EVP, we no longer

Browse Source 
need to patch out all the crypto. The only thing that needs to be done is
replacing OPENSSL_clear_free() with freezero(). This should make future
updates much easier.

ok thfr (MAINTAINER)
This commit is contained in:
tb 2022-11-23 14:45:21 +00:00
parent 25eed72c7b
commit 6f7e9ddf8e
8 changed files with 18 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
x11/kitty/Makefile
View File

@ -8,13 +8,13 @@ DISTNAME = kitty-${MODPY_EGG_VERSION}
CATEGORIES = x11
HOMEPAGE = https://sw.kovidgoyal.net/kitty/
MAINTAINER = Thomas Frohwein <thfr@openbsd.org>
REVISION = 0
REVISION = 1
# GPLv3+
PERMIT_PACKAGE = Yes
# canberra, fontconfig, freetype are loaded dynamically
WANTLIB += GL X11 X11-xcb Xcursor Xinerama Xrandr c canberra dbus-1
WANTLIB += GL X11 X11-xcb Xcursor Xinerama Xrandr c canberra crypto dbus-1
WANTLIB += fontconfig freetype harfbuzz intl lcms2 m png pthread rsync
WANTLIB += util xcb xkbcommon xkbcommon-x11 z ${MODPY_WANTLIB}
@ -53,10 +53,6 @@ TEST_ENV = CI=true \
# needed for 'make test'
USE_GMAKE = Yes
# disable crypto for encrypted communication; depends on OpenSSL3; not worth it
post-extract:
rm ${WRKSRC}/kitty/crypto.c
pre-test:
mkdir -p ${WRKDIR}/tmp/cache

25
x11/kitty/patches/patch-kitty_boss_py
View File

@ -1,25 +0,0 @@
disable crypto/remote control functions
Index: kitty/boss.py
--- kitty/boss.py.orig
+++ kitty/boss.py
@@ -35,7 +35,7 @@ from .fast_data_types import (
CLOSE_BEING_CONFIRMED, GLFW_MOD_ALT, GLFW_MOD_CONTROL, GLFW_MOD_SHIFT,
GLFW_MOD_SUPER, GLFW_MOUSE_BUTTON_LEFT, GLFW_PRESS, GLFW_PRIMARY_SELECTION,
IMPERATIVE_CLOSE_REQUESTED, NO_CLOSE_REQUESTED, ChildMonitor, Color,
- EllipticCurveKey, KeyEvent, SingleKey, add_timer, apply_options_update,
+ KeyEvent, SingleKey, add_timer, apply_options_update,
background_opacity_of, change_background_opacity, change_os_window_state,
cocoa_set_menubar_title, create_os_window,
current_application_quit_request, current_os_window, destroy_global_data,
@@ -245,8 +245,8 @@ class Boss:
self.clipboard = Clipboard()
self.primary_selection = Clipboard(GLFW_PRIMARY_SELECTION)
self.update_check_started = False
- self.encryption_key = EllipticCurveKey()
- self.encryption_public_key = f'{RC_ENCRYPTION_PROTOCOL_VERSION}:{base64.b85encode(self.encryption_key.public).decode("ascii")}'
+ #self.encryption_key = EllipticCurveKey()
+ #self.encryption_public_key = f'{RC_ENCRYPTION_PROTOCOL_VERSION}:{base64.b85encode(self.encryption_key.public).decode("ascii")}'
self.clipboard_buffers: Dict[str, str] = {}
self.update_check_process: Optional['PopenType[bytes]'] = None
self.window_id_map: WeakValueDictionary[int, Window] = WeakValueDictionary()

14
x11/kitty/patches/patch-kitty_child_py
View File

@ -1,14 +0,0 @@
disable crypto/remote control functionality
Index: kitty/child.py
--- kitty/child.py.orig
+++ kitty/child.py
@@ -255,7 +255,7 @@ class Child:
env['TERM'] = fast_data_types.get_options().term
env['COLORTERM'] = 'truecolor'
env['KITTY_PID'] = getpid()
- env['KITTY_PUBLIC_KEY'] = boss.encryption_public_key
+ #env['KITTY_PUBLIC_KEY'] = boss.encryption_public_key
if self.add_listen_on_env_var and boss.listening_on:
env['KITTY_LISTEN_ON'] = boss.listening_on
else:

14
x11/kitty/patches/patch-kitty_complete_py
View File

@ -1,14 +0,0 @@
disable crypto/remote control functionality
Index: kitty/complete.py
--- kitty/complete.py.orig
+++ kitty/complete.py
@@ -16,7 +16,7 @@ from kittens.runner import (
from .cli import (
OptionDict, options_for_completion, parse_option_spec, prettify
)
-from .remote_control import global_options_spec
+#from .remote_control import global_options_spec
from .constants import config_dir, shell_integration_dir
from .fast_data_types import truncate_point_for_length, wcswidth
from .rc.base import all_command_names, command_for_name

16
x11/kitty/patches/patch-kitty_crypto_c Normal file
View File

@ -0,0 +1,16 @@
Use freezero() since OPENSSL_clear_free() is not available in LibreSSL.
Index: kitty/crypto.c
--- kitty/crypto.c.orig
+++ kitty/crypto.c
@@ -17,6 +17,10 @@
#include <sys/mman.h>
#include <structmember.h>
+#if defined(LIBRESSL_VERSION_NUMBER)
+#define OPENSSL_clear_free(a, b) freezero((a), (b))
+#endif
+
#define SHA1_DIGEST_LENGTH SHA_DIGEST_LENGTH
typedef enum HASH_ALGORITHM { SHA1_HASH, SHA224_HASH, SHA256_HASH, SHA384_HASH, SHA512_HASH } HASH_ALGORITHM;

21
x11/kitty/patches/patch-kitty_data-types_c
View File

@ -1,21 +0,0 @@
disable crypto functionality
Index: kitty/data-types.c
--- kitty/data-types.c.orig
+++ kitty/data-types.c
@@ -263,7 +263,6 @@ extern int init_Line(PyObject *);
extern int init_ColorProfile(PyObject *);
extern int init_Screen(PyObject *);
extern bool init_fontconfig_library(PyObject*);
-extern bool init_crypto_library(PyObject*);
extern bool init_desktop(PyObject*);
extern bool init_fonts(PyObject*);
extern bool init_glfw(PyObject *m);
@@ -346,7 +345,6 @@ PyInit_fast_data_types(void) {
if (!init_fonts(m)) return NULL;
if (!init_utmp(m)) return NULL;
if (!init_loop_utils(m)) return NULL;
- if (!init_crypto_library(m)) return NULL;
CellAttrs a;
#define s(name, attr) { a.val = 0; a.attr = 1; PyModule_AddIntConstant(m, #name, shift_to_first_set_bit(a)); }

40
x11/kitty/patches/patch-kitty_remote_control_py
View File

@ -1,40 +0,0 @@
disable encrypted communication functionality
Index: kitty/remote_control.py
--- kitty/remote_control.py.orig
+++ kitty/remote_control.py
@@ -19,7 +19,7 @@ from .cli import emph, parse_args
from .cli_stub import RCOptions
from .constants import RC_ENCRYPTION_PROTOCOL_VERSION, appname, version
from .fast_data_types import (
- AES256GCMDecrypt, AES256GCMEncrypt, EllipticCurveKey, get_boss,
+ get_boss,
get_options, read_command_response, send_data_to_peer
)
from .rc.base import (
@@ -39,7 +39,7 @@ def encode_response_for_peer(response: Any) -> bytes:
return b'\x1bP@kitty-cmd' + json.dumps(response).encode('utf-8') + b'\x1b\\'
-def parse_cmd(serialized_cmd: str, encryption_key: EllipticCurveKey) -> Dict[str, Any]:
+def parse_cmd(serialized_cmd: str, encryption_key: '') -> Dict[str, Any]:
try:
pcmd = json.loads(serialized_cmd)
except Exception:
@@ -48,6 +48,8 @@ def parse_cmd(serialized_cmd: str, encryption_key: Ell
return {}
pcmd.pop('password', None)
if 'encrypted' in pcmd:
+ raise NotImplementedError("encrypted communication disabled on OpenBSD")
+ """
if pcmd.get('enc_proto', '1') != RC_ENCRYPTION_PROTOCOL_VERSION:
log_error(f'Ignoring encrypted rc command with unsupported protocol: {pcmd.get("enc_proto")}')
return {}
@@ -65,6 +67,7 @@ def parse_cmd(serialized_cmd: str, encryption_key: Ell
f'Ignoring encrypted rc command with timestamp {delta / 1e9:.1f} seconds from now.'
' Could be an attempt at a replay attack or an incorrect clock on a remote machine.')
return {}
+ """
return pcmd

18
x11/kitty/patches/patch-setup_py
View File

@ -37,24 +37,6 @@ Index: setup.py
)
ldflags = shlex.split(ldflags_)
ldflags.append('-shared')
@@ -447,7 +445,7 @@ def kitty_env() -> Env:
at_least_version('harfbuzz', 1, 5)
cflags.extend(pkg_config('libpng', '--cflags-only-I'))
cflags.extend(pkg_config('lcms2', '--cflags-only-I'))
- cflags.extend(libcrypto_cflags)
+ #cflags.extend(libcrypto_cflags)
if is_macos:
platform_libs = [
'-framework', 'Carbon', '-framework', 'CoreText', '-framework', 'CoreGraphics',
@@ -472,7 +470,7 @@ def kitty_env() -> Env:
gl_libs = ['-framework', 'OpenGL'] if is_macos else pkg_config('gl', '--libs')
libpng = pkg_config('libpng', '--libs')
lcms2 = pkg_config('lcms2', '--libs')
- ans.ldpaths += pylib + platform_libs + gl_libs + libpng + lcms2 + libcrypto_ldflags
+ ans.ldpaths += pylib + platform_libs + gl_libs + libpng + lcms2 #+ libcrypto_ldflags
if is_macos:
ans.ldpaths.extend('-framework Cocoa'.split())
elif not is_openbsd:
@@ -761,7 +759,7 @@ def find_c_files() -> Tuple[List[str], List[str]]: