From: Tim van der Molen <tim@kariliq.nl>
Subject: UPDATE: databases/sqlcipher
To: ports@openbsd.org
Date: Sun, 25 May 2025 20:26:51 +0200

Here is an update to sqlcipher 4.9.0. OK?

Index: Makefile
===================================================================
RCS file: /cvs/ports/databases/sqlcipher/Makefile,v
diff -p -u -r1.13 Makefile
--- Makefile	17 May 2025 19:08:00 -0000	1.13
+++ Makefile	25 May 2025 17:16:17 -0000
@@ -2,10 +2,9 @@ COMMENT =	encrypted SQLite database
 
 GH_ACCOUNT =	sqlcipher
 GH_PROJECT =	sqlcipher
-GH_TAGNAME =	v4.6.1
-REVISION =	1
+GH_TAGNAME =	v4.9.0
 
-SHARED_LIBS +=  sqlcipher                 2.0 # 8.6
+SHARED_LIBS +=  sqlcipher                 3.0 # 8.6
 
 CATEGORIES =	databases
 
@@ -16,19 +15,36 @@ PERMIT_PACKAGE =	Yes
 
 WANTLIB +=		c crypto curses m pthread readline z
 
-CONFIGURE_STYLE =	gnu
+CONFIGURE_STYLE =	simple
 
-CONFIGURE_ARGS +=	--enable-tempstore=yes \
-			--disable-editline \
-			--disable-tcl
-CONFIGURE_ENV +=	TCLSH_CMD=${MODTCL_BIN}
+CONFIGURE_ARGS +=	--disable-tcl \
+			--includedir=${PREFIX}/include/sqlcipher \
+			--mandir=${PREFIX}/man \
+			--soname=${LIBsqlcipher_VERSION} \
+			--with-tempstore=yes
+CONFIGURE_ENV +=	LDFLAGS='${LDFLAGS}' 
 
 NO_TEST =		Yes
 
-CFLAGS +=		-DSQLITE_HAS_CODEC -DOMIT_MEMLOCK
+CFLAGS +=		-DOMIT_MEMLOCK \
+			-DSQLITE_EXTRA_INIT=sqlcipher_extra_init \
+			-DSQLITE_EXTRA_SHUTDOWN=sqlcipher_extra_shutdown \
+			-DSQLITE_HAS_CODEC
+
+LDFLAGS +=		-lcrypto
 
 MODULES =		lang/tcl
 MODTCL_VERSION =	8.6
 BUILD_DEPENDS =		${MODTCL_BUILD_DEPENDS}
+
+post-install:
+	mv ${PREFIX}/bin/{sqlite3,sqlcipher}
+	mv ${PREFIX}/lib/lib{sqlite3,sqlcipher}.a
+	rm ${PREFIX}/lib/libsqlite3.so{,.0}
+	mv ${PREFIX}/lib/libsqlite3.so.* \
+	    ${PREFIX}/lib/libsqlcipher.so.${LIBsqlcipher_VERSION}
+	mv ${PREFIX}/lib/pkgconfig/{sqlite3,sqlcipher}.pc
+	mv ${PREFIX}/man/man1/{sqlite3,sqlcipher}.1
+	sed -i s/-lsqlite3/-lsqlcipher/ ${PREFIX}/lib/pkgconfig/sqlcipher.pc
 
 .include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/databases/sqlcipher/distinfo,v
diff -p -u -r1.10 distinfo
--- distinfo	4 Oct 2024 07:11:26 -0000	1.10
+++ distinfo	25 May 2025 17:16:17 -0000
@@ -1,2 +1,2 @@
-SHA256 (sqlcipher-4.6.1.tar.gz) = 2Pmvy8L0tV4xbKStpEJdrz0LSqsl9F4RqAKuQiufU6M=
-SIZE (sqlcipher-4.6.1.tar.gz) = 19115004
+SHA256 (sqlcipher-4.9.0.tar.gz) = kZNmMM5YqZed4xNr1SklNe4MCy2OkBxIMzWsT7K+QYU=
+SIZE (sqlcipher-4.9.0.tar.gz) = 19168463
Index: patches/patch-autosetup_sqlite-config_tcl
===================================================================
RCS file: patches/patch-autosetup_sqlite-config_tcl
diff -N patches/patch-autosetup_sqlite-config_tcl
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-autosetup_sqlite-config_tcl	25 May 2025 17:16:17 -0000
@@ -0,0 +1,12 @@
+Index: autosetup/sqlite-config.tcl
+--- autosetup/sqlite-config.tcl.orig
++++ autosetup/sqlite-config.tcl
+@@ -792,7 +792,7 @@ proc sqlite-handle-soname {} {
+         # use it as-is
+       } else {
+         # Assume it's a suffix
+-        set soname "libsqlite3.so.${soname}"
++        set soname "libsqlcipher.so.${soname}"
+       }
+     }
+   }
Index: patches/patch-src_crypto_openssl_c
===================================================================
RCS file: patches/patch-src_crypto_openssl_c
diff -N patches/patch-src_crypto_openssl_c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_crypto_openssl_c	25 May 2025 17:16:17 -0000
@@ -0,0 +1,92 @@
+Partial revert of
+https://github.com/sqlcipher/sqlcipher/commit/801b81a8d0c42c13f66de89805c3bfa0d1d450aa
+
+Index: src/crypto_openssl.c
+--- src/crypto_openssl.c.orig
++++ src/crypto_openssl.c
+@@ -156,6 +156,76 @@ static int sqlcipher_openssl_hmac(
+ ) {
+   int rc = 0;
+ 
++#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x30000000L)
++  unsigned int outlen;
++  HMAC_CTX* hctx = NULL;
++
++  if(in == NULL) goto error;
++
++  hctx = HMAC_CTX_new();
++  if(hctx == NULL) {
++    sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: HMAC_CTX_new() failed");
++    sqlcipher_openssl_log_errors();
++    goto error;
++  }
++
++  switch(algorithm) {
++    case SQLCIPHER_HMAC_SHA1:
++      if(!(rc = HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL))) {
++        sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: HMAC_Init_ex() with key size %d and EVP_sha1() returned %d", key_sz, rc);
++        sqlcipher_openssl_log_errors();
++        goto error;
++      }
++      break;
++    case SQLCIPHER_HMAC_SHA256:
++      if(!(rc = HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha256(), NULL))) {
++        sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: HMAC_Init_ex() with key size %d and EVP_sha256() returned %d", key_sz, rc);
++        sqlcipher_openssl_log_errors();
++        goto error;
++      }
++      break;
++    case SQLCIPHER_HMAC_SHA512:
++      if(!(rc = HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha512(), NULL))) {
++        sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: HMAC_Init_ex() with key size %d and EVP_sha512() returned %d", key_sz, rc);
++        sqlcipher_openssl_log_errors();
++        goto error;
++      }
++      break;
++    default:
++      sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: invalid algorithm %d", algorithm);
++      goto error;
++  }
++
++  if(!(rc = HMAC_Update(hctx, in, in_sz))) {
++    sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: HMAC_Update() on 1st input buffer of %d bytes using algorithm %d returned %d", in_sz, algorithm, rc);
++    sqlcipher_openssl_log_errors();
++    goto error;
++  }
++
++  if(in2 != NULL) {
++    if(!(rc = HMAC_Update(hctx, in2, in2_sz))) {
++      sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: HMAC_Update() on 2nd input buffer of %d bytes using algorithm %d returned %d", in2_sz, algorithm, rc);
++      sqlcipher_openssl_log_errors();
++      goto error;
++    }
++  }
++
++  if(!(rc = HMAC_Final(hctx, out, &outlen))) {
++    sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_PROVIDER, "sqlcipher_openssl_hmac: HMAC_Final() using algorithm %d returned %d", algorithm, rc);
++    sqlcipher_openssl_log_errors();
++    goto error;
++  }
++
++  rc = SQLITE_OK;
++  goto cleanup;
++
++error:
++  rc = SQLITE_ERROR;
++
++cleanup:
++  if(hctx) HMAC_CTX_free(hctx);
++
++#else
+   size_t outlen;
+   EVP_MAC *mac = NULL;
+   EVP_MAC_CTX *hctx = NULL;
+@@ -241,6 +311,8 @@ error:
+ cleanup:
+   if(hctx) EVP_MAC_CTX_free(hctx);
+   if(mac) EVP_MAC_free(mac);
++
++#endif
+ 
+   return rc;
+ }
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/databases/sqlcipher/pkg/PLIST,v
diff -p -u -r1.2 PLIST
--- pkg/PLIST	11 Mar 2022 18:31:46 -0000	1.2
+++ pkg/PLIST	25 May 2025 17:16:17 -0000
@@ -3,6 +3,6 @@ include/sqlcipher/
 include/sqlcipher/sqlite3.h
 include/sqlcipher/sqlite3ext.h
 @static-lib lib/libsqlcipher.a
-lib/libsqlcipher.la
 @lib lib/libsqlcipher.so.${LIBsqlcipher_VERSION}
 lib/pkgconfig/sqlcipher.pc
+@man man/man1/sqlcipher.1