Index: branches/2018Q4/devel/android-tools-adb/Makefile =================================================================== --- branches/2018Q4/devel/android-tools-adb/Makefile (revision 482306) +++ branches/2018Q4/devel/android-tools-adb/Makefile (revision 482307) @@ -1,109 +1,109 @@ # $FreeBSD$ PORTNAME= android-tools-adb DISTVERSIONPREFIX= android- DISTVERSION?= 9.0.0_r3 -PORTREVISION?= 0 +PORTREVISION?= 1 CATEGORIES= devel comms MAINTAINER= jbeich@FreeBSD.org COMMENT= Android debug bridge command line tool LICENSE= APACHE20 USE_GITHUB= yes GH_ACCOUNT= aosp-mirror GH_PROJECT= platform_system_core CONFLICTS_INSTALL?= ${PORTNAME}-devel-* USES= compiler:c++14-lang pkgconfig ssl uidfix BUILD_WRKSRC= ${WRKSRC}/adb INSTALL_WRKSRC= ${BUILD_WRKSRC} TEST_WRKSRC= ${BUILD_WRKSRC} CPPFLAGS+= -D_GLIBCXX_USE_C99 # XXX ports/193528 MAKEFILE?= ${.CURDIR}/files/Makefile MAKE_ENV= BINDIR="${PREFIX}/bin" EXTRADIR="${FILESDIR}" \ FILESDIR="${DOCSDIR}" \ VERSION="${SDK_REVISION}-0 ${GH_REVISION}-android" ALL_TARGET= all TEST_TARGET= test PLIST_FILES= bin/adb PORTDOCS= * # Generated by "make update-revision" for "adb --version" SDK_REVISION?= 28.0.0 GH_REVISION= ${DISTVERSIONSUFFIX:U0fac9018f238:S/-g//} OPTIONS_DEFINE+=MDNSRESPONDER BASH DOCS TEST TEST_PYTHON OPTIONS_DEFAULT=MDNSRESPONDER OPTIONS_SUB= yes .if make(makesum) # for optional distfiles .MAKEFLAGS: WITH="${OPTIONS_DEFINE}" .endif BASH_GH_ACCOUNT= mbrubeck:bashcomp BASH_GH_PROJECT= android-completion:bashcomp BASH_GH_TAGNAME= c1b0656:bashcomp BASH_PLIST_FILES= etc/bash_completion.d/adb BASH_VARS= LICENSE+=MIT LICENSE_COMB=multi DOCS_MAKE_ARGS_OFF= FILES="" FILESDIR="" MDNSRESPONDER_LIB_DEPENDS= libdns_sd.so:net/mDNSResponder MDNSRESPONDER_USES= localbase:ldflags MDNSRESPONDER_LDFLAGS= -ldns_sd MDNSRESPONDER_MAKE_ENV_OFF= MDNSEXT=_unsupported TEST_BUILD_DEPENDS+= googlemock>=1.6.0:devel/googlemock \ googletest>=1.6.0:devel/googletest TEST_ALL_TARGET= adb_test TEST_PYTHON_DESC= ${TEST_DESC:S/tests/python &/} TEST_PYTHON_GH_PROJECT= platform_development:development TEST_PYTHON_BUILD_DEPENDS=${PYTHON_PKGNAMEPREFIX}mock>0:devel/py-mock@${PY_FLAVOR} TEST_PYTHON_USES= python:2.7,build post-patch: # XXX Hidden by poudriere/tinderbox, see lindev(4) for FreeBSD < 11.0 @if [ ! -e /dev/full ]; then \ ${REINPLACE_CMD} -e '/TEST/s/[^ ]*ENOSPC/DISABLED_&/' \ ${WRKSRC}/adb/adb_io_test.cpp; \ fi pre-install-TEST-on: do-test pre-install-TEST_PYTHON-on: # XXX python tests may leave behind running adb server ${SETENV} PATH=${BUILD_WRKSRC}:${PATH} \ PYTHONPATH=${WRKSRC_development}/python-packages \ ${PYTHON_CMD} -m unittest discover -vs ${BUILD_WRKSRC} post-install-BASH-on: ${MKDIR} ${STAGEDIR}${PREFIX}/${BASH_PLIST_FILES:H} ${INSTALL_DATA} ${WRKSRC_bashcomp}/android \ ${STAGEDIR}${PREFIX}/${BASH_PLIST_FILES} update-revision: @${REINPLACE_CMD} -i '' -e "/^SDK_REVISION?=/s/=.*/= $$(\ ${FETCH_CMD} -qo- \ https://github.com/${GH_ACCOUNT}/platform_build/raw/${GH_TAGNAME}/core/version_defaults.mk | \ ${SED} -n 's/^[[:space:]]*PLATFORM_SDK_VERSION := //p' \ ).0.0/" \ ${.CURDIR}/Makefile # https://developer.github.com/v3/repos/commits/#get-a-single-commit # Pretend to be curl(1) for pretty-printed JSON to help parse with sed(1) @${REINPLACE_CMD} -i '' -e "/^GH_REVISION=/s/:U[^}:]*/:U$$(\ ${SETENV} HTTP_USER_AGENT=curl ${FETCH_CMD} -qo- \ https://api.github.com/repos/${GH_ACCOUNT}/${GH_PROJECT}/commits/${GH_TAGNAME} | \ ${SED} -n '/sha/ { s/.*\"\([0-9a-f]\{12\}\).*/\1/p; q; }' \ )/" \ ${.CURDIR}/Makefile .include # XXX Work around !target(makesum) .ifndef DISTVERSIONSUFFIX makesum: update-revision .endif Index: branches/2018Q4/devel/android-tools-adb/files/patch-libcrypto__utils_android__pubkey.c =================================================================== --- branches/2018Q4/devel/android-tools-adb/files/patch-libcrypto__utils_android__pubkey.c (revision 482306) +++ branches/2018Q4/devel/android-tools-adb/files/patch-libcrypto__utils_android__pubkey.c (revision 482307) @@ -1,79 +1,204 @@ --- libcrypto_utils/android_pubkey.c.orig 2016-04-16 00:01:39 UTC +++ libcrypto_utils/android_pubkey.c -@@ -110,6 +110,76 @@ cleanup: +@@ -61,10 +61,49 @@ static void reverse_bytes(uint8_t* buffer, size_t size + } + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++// http://github.com/google/boringssl/commit/5a91503826ad ++static void RSA_get0_key(const RSA *rsa, const BIGNUM **out_n, const BIGNUM **out_e, ++ const BIGNUM **out_d) { ++ if (out_n != NULL) { ++ *out_n = rsa->n; ++ } ++ if (out_e != NULL) { ++ *out_e = rsa->e; ++ } ++ if (out_d != NULL) { ++ *out_d = rsa->d; ++ } ++} ++ ++static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) { ++ if ((rsa->n == NULL && n == NULL) || ++ (rsa->e == NULL && e == NULL)) { ++ return 0; ++ } ++ ++ if (n != NULL) { ++ BN_free(rsa->n); ++ rsa->n = n; ++ } ++ if (e != NULL) { ++ BN_free(rsa->e); ++ rsa->e = e; ++ } ++ if (d != NULL) { ++ BN_free(rsa->d); ++ rsa->d = d; ++ } ++ ++ return 1; ++} ++#endif ++ + bool android_pubkey_decode(const uint8_t* key_buffer, size_t size, RSA** key) { + const RSAPublicKey* key_struct = (RSAPublicKey*)key_buffer; + bool ret = false; + uint8_t modulus_buffer[ANDROID_PUBKEY_MODULUS_SIZE]; ++ BIGNUM *new_key_n, *new_key_e; + RSA* new_key = RSA_new(); + if (!new_key) { + goto cleanup; +@@ -81,14 +120,14 @@ bool android_pubkey_decode(const uint8_t* key_buffer, + // Convert the modulus to big-endian byte order as expected by BN_bin2bn. + memcpy(modulus_buffer, key_struct->modulus, sizeof(modulus_buffer)); + reverse_bytes(modulus_buffer, sizeof(modulus_buffer)); +- new_key->n = BN_bin2bn(modulus_buffer, sizeof(modulus_buffer), NULL); +- if (!new_key->n) { ++ new_key_n = BN_bin2bn(modulus_buffer, sizeof(modulus_buffer), NULL); ++ if (!new_key_n) { + goto cleanup; + } + + // Read the exponent. +- new_key->e = BN_new(); +- if (!new_key->e || !BN_set_word(new_key->e, key_struct->exponent)) { ++ new_key_e = BN_new(); ++ if (!new_key_e || !BN_set_word(new_key_e, key_struct->exponent)) { + goto cleanup; + } + +@@ -100,6 +139,7 @@ bool android_pubkey_decode(const uint8_t* key_buffer, + // be added here if/when we want the additional speedup from using the + // pre-computed montgomery parameters. + ++ RSA_set0_key(new_key, new_key_n, new_key_e, NULL); + *key = new_key; + ret = true; + +@@ -110,6 +150,83 @@ cleanup: return ret; } +#if !defined(OPENSSL_IS_BORINGSSL) +// https://android.googlesource.com/platform/external/chromium_org/third_party/boringssl/src/+/6887edb%5E!/ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++struct bignum_st { ++ BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks in little-endian ++ order. */ ++ int top; // Index of last used element in |d|, plus one. ++ int dmax; // Size of |d|, in words. ++ int neg; // one if the number is negative ++ int flags; // bitmask of BN_FLG_* values ++}; ++#endif + -+/* constant_time_select_ulong returns |x| if |v| is 1 and |y| if |v| is 0. Its -+ * behavior is undefined if |v| takes any other value. */ ++// constant_time_select_ulong returns |x| if |v| is 1 and |y| if |v| is 0. Its ++// behavior is undefined if |v| takes any other value. +static BN_ULONG constant_time_select_ulong(int v, BN_ULONG x, BN_ULONG y) { + BN_ULONG mask = v; + mask--; + + return (~mask & x) | (mask & y); +} + -+/* constant_time_le_size_t returns 1 if |x| <= |y| and 0 otherwise. |x| and |y| -+ * must not have their MSBs set. */ ++// constant_time_le_size_t returns 1 if |x| <= |y| and 0 otherwise. |x| and |y| ++// must not have their MSBs set. +static int constant_time_le_size_t(size_t x, size_t y) { + return ((x - y - 1) >> (sizeof(size_t) * 8 - 1)) & 1; +} + -+/* read_word_padded returns the |i|'th word of |in|, if it is not out of -+ * bounds. Otherwise, it returns 0. It does so without branches on the size of -+ * |in|, however it necessarily does not have the same memory access pattern. If -+ * the access would be out of bounds, it reads the last word of |in|. |in| must -+ * not be zero. */ ++// read_word_padded returns the |i|'th word of |in|, if it is not out of ++// bounds. Otherwise, it returns 0. It does so without branches on the size of ++// |in|, however it necessarily does not have the same memory access pattern. If ++// the access would be out of bounds, it reads the last word of |in|. |in| must ++// not be zero. +static BN_ULONG read_word_padded(const BIGNUM *in, size_t i) { -+ /* Read |in->d[i]| if valid. Otherwise, read the last word. */ ++ // Read |in->d[i]| if valid. Otherwise, read the last word. + BN_ULONG l = in->d[constant_time_select_ulong( + constant_time_le_size_t(in->dmax, i), in->dmax - 1, i)]; + -+ /* Clamp to zero if above |d->top|. */ ++ // Clamp to zero if above |d->top|. + return constant_time_select_ulong(constant_time_le_size_t(in->top, i), 0, l); +} + -+static int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in) { -+ size_t i; -+ BN_ULONG l; -+ -+ /* Special case for |in| = 0. Just branch as the probability is negligible. */ ++int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in) { ++ // Special case for |in| = 0. Just branch as the probability is negligible. + if (BN_is_zero(in)) { + memset(out, 0, len); + return 1; + } + -+ /* Check if the integer is too big. This case can exit early in non-constant -+ * time. */ ++ // Check if the integer is too big. This case can exit early in non-constant ++ // time. + if ((size_t)in->top > (len + (BN_BYTES - 1)) / BN_BYTES) { + return 0; + } + if ((len % BN_BYTES) != 0) { -+ l = read_word_padded(in, len / BN_BYTES); ++ BN_ULONG l = read_word_padded(in, len / BN_BYTES); + if (l >> (8 * (len % BN_BYTES)) != 0) { + return 0; + } + } + -+ /* Write the bytes out one by one. Serialization is done without branching on -+ * the bits of |in| or on |in->top|, but if the routine would otherwise read -+ * out of bounds, the memory access pattern can't be fixed. However, for an -+ * RSA key of size a multiple of the word size, the probability of BN_BYTES -+ * leading zero octets is low. -+ * -+ * See Falko Stenzke, "Manger's Attack revisited", ICICS 2010. */ -+ i = len; ++ // Write the bytes out one by one. Serialization is done without branching on ++ // the bits of |in| or on |in->top|, but if the routine would otherwise read ++ // out of bounds, the memory access pattern can't be fixed. However, for an ++ // RSA key of size a multiple of the word size, the probability of BN_BYTES ++ // leading zero octets is low. ++ // ++ // See Falko Stenzke, "Manger's Attack revisited", ICICS 2010. ++ size_t i = len; + while (i--) { -+ l = read_word_padded(in, i / BN_BYTES); ++ BN_ULONG l = read_word_padded(in, i / BN_BYTES); + *(out++) = (uint8_t)(l >> (8 * (i % BN_BYTES))) & 0xff; + } + return 1; +} +#endif + static bool android_pubkey_encode_bignum(const BIGNUM* num, uint8_t* buffer) { if (!BN_bn2bin_padded(buffer, ANDROID_PUBKEY_MODULUS_SIZE, num)) { return false; +@@ -120,6 +237,7 @@ static bool android_pubkey_encode_bignum(const BIGNUM* + } + + bool android_pubkey_encode(const RSA* key, uint8_t* key_buffer, size_t size) { ++ const BIGNUM *key_n, *key_e; + RSAPublicKey* key_struct = (RSAPublicKey*)key_buffer; + bool ret = false; + BN_CTX* ctx = BN_CTX_new(); +@@ -136,27 +254,28 @@ bool android_pubkey_encode(const RSA* key, uint8_t* ke + key_struct->modulus_size_words = ANDROID_PUBKEY_MODULUS_SIZE_WORDS; + + // Compute and store n0inv = -1 / N[0] mod 2^32. ++ RSA_get0_key(key, &key_n, &key_e, NULL); + if (!ctx || !r32 || !n0inv || !BN_set_bit(r32, 32) || +- !BN_mod(n0inv, key->n, r32, ctx) || ++ !BN_mod(n0inv, key_n, r32, ctx) || + !BN_mod_inverse(n0inv, n0inv, r32, ctx) || !BN_sub(n0inv, r32, n0inv)) { + goto cleanup; + } + key_struct->n0inv = (uint32_t)BN_get_word(n0inv); + + // Store the modulus. +- if (!android_pubkey_encode_bignum(key->n, key_struct->modulus)) { ++ if (!android_pubkey_encode_bignum(key_n, key_struct->modulus)) { + goto cleanup; + } + + // Compute and store rr = (2^(rsa_size)) ^ 2 mod N. + if (!ctx || !rr || !BN_set_bit(rr, ANDROID_PUBKEY_MODULUS_SIZE * 8) || +- !BN_mod_sqr(rr, rr, key->n, ctx) || ++ !BN_mod_sqr(rr, rr, key_n, ctx) || + !android_pubkey_encode_bignum(rr, key_struct->rr)) { + goto cleanup; + } + + // Store the exponent. +- key_struct->exponent = (uint32_t)BN_get_word(key->e); ++ key_struct->exponent = (uint32_t)BN_get_word(key_e); + + ret = true; + Index: branches/2018Q4 =================================================================== --- branches/2018Q4 (revision 482306) +++ branches/2018Q4 (revision 482307) Property changes on: branches/2018Q4 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r482120,482122