main/apk-tools: upgrade to 2.12.14

4cd1b0cf · Timo Teräs · 96f4b71c · 96f4b71c · 4cd1b0cf
Commit 4cd1b0cf authored 11 months ago by Timo Teräs
--- a/main/apk-tools/0001-pkg-always-use-real-digest-openssl-fips-module-crash.patch
+++ b/main/apk-tools/0001-pkg-always-use-real-digest-openssl-fips-module-crash.patch
-From 891c10e6b2ca907c6d74c366b884c9b0400f3fc1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
-Date: Tue, 2 Apr 2024 00:36:25 +0300
-Subject: [PATCH] pkg: always use real digest, openssl-fips module crashes
- otherwise
-
-Turns out the fips module crashes if EVP_md_null is used.
-
-fixes #10992
-
-(cherry picked from commit ffc313c67ba506c4719cef0685b5f0a4971c6ee9)
---
- src/package.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/src/package.c b/src/package.c
-index b17c616..a852446 100644
--- a/src/package.c
-+++ b/src/package.c
-@@ -477,20 +477,19 @@ void apk_sign_ctx_init(struct apk_sign_ctx *ctx, int action,
- 	case APK_SIGN_VERIFY:
- 		/* If we're only verifing, we're going to start with a
- 		 * signature section, which we don't need a hash of */
-		ctx->md = EVP_md_null();
- 		ctx->verify_error = -ENOKEY;
- 		break;
- 	case APK_SIGN_VERIFY_IDENTITY:
- 		/* If we're checking the package against a particular hash,
- 		 * we need to start with that hash, because there may not
- 		 * be a signature section to deduce it from */
-		ctx->md = EVP_sha1();
- 		memcpy(&ctx->identity, identity, sizeof(ctx->identity));
- 		break;
- 	default:
- 		assert(!"valid sign mode");
- 		break;
- 	}
-+	ctx->md = EVP_sha1();
- 	ctx->mdctx = EVP_MD_CTX_new();
- 	EVP_DigestInit_ex(ctx->mdctx, ctx->md, NULL);
- }
-- 
-2.44.0
-
--- a/main/apk-tools/APKBUILD
+++ b/main/apk-tools/APKBUILD
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=apk-tools
-pkgver=2.12.13
-pkgrel=1
+pkgver=2.12.14
+pkgrel=0
 pkgdesc="Alpine Package Keeper - package manager for alpine"
 arch="all"
 url="https://gitlab.alpinelinux.org/alpine/apk-tools"
@@ -23,7 +23,6 @@ if [ "$CBUILD" = "$CHOST" ]; then
 	depends="$depends ca-certificates-bundle"
 fi
 source="https://gitlab.alpinelinux.org/alpine/$pkgname/-/archive/v$pkgver/$pkgname-v$pkgver.tar.gz
-	0001-pkg-always-use-real-digest-openssl-fips-module-crash.patch
 	_apk
 	"
 builddir="$srcdir/$pkgname-v$pkgver"
@@ -87,7 +86,6 @@ luaapk() {
 }

 sha512sums="
-19d5b80f8cfc1d9820f00d77b5d0f867ebf3d57eec7ff44a382951044cbb8dac8f56e42a5afa3389a4583d3691d06b70649ce90f2a867ccf8ae4f7527e3f7ed1  apk-tools-v2.12.13.tar.gz
-262adf408d2e4997fb19f4ddd1a0ce2e66a406a5662caf8b08e0e48dd3062d550f6f114b426c7c527036f51cf157e833b85731fbf102baa5cb2c9af171971de5  0001-pkg-always-use-real-digest-openssl-fips-module-crash.patch
+7c6251b6f4c1f69291897350030e59c86384d9d0acffbf6ea4b51fddc5695089f4043463cc0996968589bafb9382de9cf372cc557098aa388085914b70113cee  apk-tools-v2.12.14.tar.gz
 7870676720f5007eee9482786e02246f8e3474afb90e76c9c83aebe914747a8e007b5d2eed6441933f4922024b3f0664db270f21981ad6c2db877a110b0cd79e  _apk
 "