x11/kitty: with X25519 support available in libcrypto's EVP, we no longer
need to patch out all the crypto. The only thing that needs to be done is replacing OPENSSL_clear_free() with freezero(). This should make future updates much easier. ok thfr (MAINTAINER)
This commit is contained in:
parent
25eed72c7b
commit
6f7e9ddf8e
@ -8,13 +8,13 @@ DISTNAME = kitty-${MODPY_EGG_VERSION}
|
||||
CATEGORIES = x11
|
||||
HOMEPAGE = https://sw.kovidgoyal.net/kitty/
|
||||
MAINTAINER = Thomas Frohwein <thfr@openbsd.org>
|
||||
REVISION = 0
|
||||
REVISION = 1
|
||||
|
||||
# GPLv3+
|
||||
PERMIT_PACKAGE = Yes
|
||||
|
||||
# canberra, fontconfig, freetype are loaded dynamically
|
||||
WANTLIB += GL X11 X11-xcb Xcursor Xinerama Xrandr c canberra dbus-1
|
||||
WANTLIB += GL X11 X11-xcb Xcursor Xinerama Xrandr c canberra crypto dbus-1
|
||||
WANTLIB += fontconfig freetype harfbuzz intl lcms2 m png pthread rsync
|
||||
WANTLIB += util xcb xkbcommon xkbcommon-x11 z ${MODPY_WANTLIB}
|
||||
|
||||
@ -53,10 +53,6 @@ TEST_ENV = CI=true \
|
||||
# needed for 'make test'
|
||||
USE_GMAKE = Yes
|
||||
|
||||
# disable crypto for encrypted communication; depends on OpenSSL3; not worth it
|
||||
post-extract:
|
||||
rm ${WRKSRC}/kitty/crypto.c
|
||||
|
||||
pre-test:
|
||||
mkdir -p ${WRKDIR}/tmp/cache
|
||||
|
||||
|
@ -1,25 +0,0 @@
|
||||
disable crypto/remote control functions
|
||||
|
||||
Index: kitty/boss.py
|
||||
--- kitty/boss.py.orig
|
||||
+++ kitty/boss.py
|
||||
@@ -35,7 +35,7 @@ from .fast_data_types import (
|
||||
CLOSE_BEING_CONFIRMED, GLFW_MOD_ALT, GLFW_MOD_CONTROL, GLFW_MOD_SHIFT,
|
||||
GLFW_MOD_SUPER, GLFW_MOUSE_BUTTON_LEFT, GLFW_PRESS, GLFW_PRIMARY_SELECTION,
|
||||
IMPERATIVE_CLOSE_REQUESTED, NO_CLOSE_REQUESTED, ChildMonitor, Color,
|
||||
- EllipticCurveKey, KeyEvent, SingleKey, add_timer, apply_options_update,
|
||||
+ KeyEvent, SingleKey, add_timer, apply_options_update,
|
||||
background_opacity_of, change_background_opacity, change_os_window_state,
|
||||
cocoa_set_menubar_title, create_os_window,
|
||||
current_application_quit_request, current_os_window, destroy_global_data,
|
||||
@@ -245,8 +245,8 @@ class Boss:
|
||||
self.clipboard = Clipboard()
|
||||
self.primary_selection = Clipboard(GLFW_PRIMARY_SELECTION)
|
||||
self.update_check_started = False
|
||||
- self.encryption_key = EllipticCurveKey()
|
||||
- self.encryption_public_key = f'{RC_ENCRYPTION_PROTOCOL_VERSION}:{base64.b85encode(self.encryption_key.public).decode("ascii")}'
|
||||
+ #self.encryption_key = EllipticCurveKey()
|
||||
+ #self.encryption_public_key = f'{RC_ENCRYPTION_PROTOCOL_VERSION}:{base64.b85encode(self.encryption_key.public).decode("ascii")}'
|
||||
self.clipboard_buffers: Dict[str, str] = {}
|
||||
self.update_check_process: Optional['PopenType[bytes]'] = None
|
||||
self.window_id_map: WeakValueDictionary[int, Window] = WeakValueDictionary()
|
@ -1,14 +0,0 @@
|
||||
disable crypto/remote control functionality
|
||||
|
||||
Index: kitty/child.py
|
||||
--- kitty/child.py.orig
|
||||
+++ kitty/child.py
|
||||
@@ -255,7 +255,7 @@ class Child:
|
||||
env['TERM'] = fast_data_types.get_options().term
|
||||
env['COLORTERM'] = 'truecolor'
|
||||
env['KITTY_PID'] = getpid()
|
||||
- env['KITTY_PUBLIC_KEY'] = boss.encryption_public_key
|
||||
+ #env['KITTY_PUBLIC_KEY'] = boss.encryption_public_key
|
||||
if self.add_listen_on_env_var and boss.listening_on:
|
||||
env['KITTY_LISTEN_ON'] = boss.listening_on
|
||||
else:
|
@ -1,14 +0,0 @@
|
||||
disable crypto/remote control functionality
|
||||
|
||||
Index: kitty/complete.py
|
||||
--- kitty/complete.py.orig
|
||||
+++ kitty/complete.py
|
||||
@@ -16,7 +16,7 @@ from kittens.runner import (
|
||||
from .cli import (
|
||||
OptionDict, options_for_completion, parse_option_spec, prettify
|
||||
)
|
||||
-from .remote_control import global_options_spec
|
||||
+#from .remote_control import global_options_spec
|
||||
from .constants import config_dir, shell_integration_dir
|
||||
from .fast_data_types import truncate_point_for_length, wcswidth
|
||||
from .rc.base import all_command_names, command_for_name
|
16
x11/kitty/patches/patch-kitty_crypto_c
Normal file
16
x11/kitty/patches/patch-kitty_crypto_c
Normal file
@ -0,0 +1,16 @@
|
||||
Use freezero() since OPENSSL_clear_free() is not available in LibreSSL.
|
||||
|
||||
Index: kitty/crypto.c
|
||||
--- kitty/crypto.c.orig
|
||||
+++ kitty/crypto.c
|
||||
@@ -17,6 +17,10 @@
|
||||
#include <sys/mman.h>
|
||||
#include <structmember.h>
|
||||
|
||||
+#if defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#define OPENSSL_clear_free(a, b) freezero((a), (b))
|
||||
+#endif
|
||||
+
|
||||
#define SHA1_DIGEST_LENGTH SHA_DIGEST_LENGTH
|
||||
|
||||
typedef enum HASH_ALGORITHM { SHA1_HASH, SHA224_HASH, SHA256_HASH, SHA384_HASH, SHA512_HASH } HASH_ALGORITHM;
|
@ -1,21 +0,0 @@
|
||||
disable crypto functionality
|
||||
|
||||
Index: kitty/data-types.c
|
||||
--- kitty/data-types.c.orig
|
||||
+++ kitty/data-types.c
|
||||
@@ -263,7 +263,6 @@ extern int init_Line(PyObject *);
|
||||
extern int init_ColorProfile(PyObject *);
|
||||
extern int init_Screen(PyObject *);
|
||||
extern bool init_fontconfig_library(PyObject*);
|
||||
-extern bool init_crypto_library(PyObject*);
|
||||
extern bool init_desktop(PyObject*);
|
||||
extern bool init_fonts(PyObject*);
|
||||
extern bool init_glfw(PyObject *m);
|
||||
@@ -346,7 +345,6 @@ PyInit_fast_data_types(void) {
|
||||
if (!init_fonts(m)) return NULL;
|
||||
if (!init_utmp(m)) return NULL;
|
||||
if (!init_loop_utils(m)) return NULL;
|
||||
- if (!init_crypto_library(m)) return NULL;
|
||||
|
||||
CellAttrs a;
|
||||
#define s(name, attr) { a.val = 0; a.attr = 1; PyModule_AddIntConstant(m, #name, shift_to_first_set_bit(a)); }
|
@ -1,40 +0,0 @@
|
||||
disable encrypted communication functionality
|
||||
|
||||
Index: kitty/remote_control.py
|
||||
--- kitty/remote_control.py.orig
|
||||
+++ kitty/remote_control.py
|
||||
@@ -19,7 +19,7 @@ from .cli import emph, parse_args
|
||||
from .cli_stub import RCOptions
|
||||
from .constants import RC_ENCRYPTION_PROTOCOL_VERSION, appname, version
|
||||
from .fast_data_types import (
|
||||
- AES256GCMDecrypt, AES256GCMEncrypt, EllipticCurveKey, get_boss,
|
||||
+ get_boss,
|
||||
get_options, read_command_response, send_data_to_peer
|
||||
)
|
||||
from .rc.base import (
|
||||
@@ -39,7 +39,7 @@ def encode_response_for_peer(response: Any) -> bytes:
|
||||
return b'\x1bP@kitty-cmd' + json.dumps(response).encode('utf-8') + b'\x1b\\'
|
||||
|
||||
|
||||
-def parse_cmd(serialized_cmd: str, encryption_key: EllipticCurveKey) -> Dict[str, Any]:
|
||||
+def parse_cmd(serialized_cmd: str, encryption_key: '') -> Dict[str, Any]:
|
||||
try:
|
||||
pcmd = json.loads(serialized_cmd)
|
||||
except Exception:
|
||||
@@ -48,6 +48,8 @@ def parse_cmd(serialized_cmd: str, encryption_key: Ell
|
||||
return {}
|
||||
pcmd.pop('password', None)
|
||||
if 'encrypted' in pcmd:
|
||||
+ raise NotImplementedError("encrypted communication disabled on OpenBSD")
|
||||
+ """
|
||||
if pcmd.get('enc_proto', '1') != RC_ENCRYPTION_PROTOCOL_VERSION:
|
||||
log_error(f'Ignoring encrypted rc command with unsupported protocol: {pcmd.get("enc_proto")}')
|
||||
return {}
|
||||
@@ -65,6 +67,7 @@ def parse_cmd(serialized_cmd: str, encryption_key: Ell
|
||||
f'Ignoring encrypted rc command with timestamp {delta / 1e9:.1f} seconds from now.'
|
||||
' Could be an attempt at a replay attack or an incorrect clock on a remote machine.')
|
||||
return {}
|
||||
+ """
|
||||
return pcmd
|
||||
|
||||
|
@ -37,24 +37,6 @@ Index: setup.py
|
||||
)
|
||||
ldflags = shlex.split(ldflags_)
|
||||
ldflags.append('-shared')
|
||||
@@ -447,7 +445,7 @@ def kitty_env() -> Env:
|
||||
at_least_version('harfbuzz', 1, 5)
|
||||
cflags.extend(pkg_config('libpng', '--cflags-only-I'))
|
||||
cflags.extend(pkg_config('lcms2', '--cflags-only-I'))
|
||||
- cflags.extend(libcrypto_cflags)
|
||||
+ #cflags.extend(libcrypto_cflags)
|
||||
if is_macos:
|
||||
platform_libs = [
|
||||
'-framework', 'Carbon', '-framework', 'CoreText', '-framework', 'CoreGraphics',
|
||||
@@ -472,7 +470,7 @@ def kitty_env() -> Env:
|
||||
gl_libs = ['-framework', 'OpenGL'] if is_macos else pkg_config('gl', '--libs')
|
||||
libpng = pkg_config('libpng', '--libs')
|
||||
lcms2 = pkg_config('lcms2', '--libs')
|
||||
- ans.ldpaths += pylib + platform_libs + gl_libs + libpng + lcms2 + libcrypto_ldflags
|
||||
+ ans.ldpaths += pylib + platform_libs + gl_libs + libpng + lcms2 #+ libcrypto_ldflags
|
||||
if is_macos:
|
||||
ans.ldpaths.extend('-framework Cocoa'.split())
|
||||
elif not is_openbsd:
|
||||
@@ -761,7 +759,7 @@ def find_c_files() -> Tuple[List[str], List[str]]:
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user