git: 7e8ab83f6c92 - main - ftp/bsdftpd-ssl: convert to modern OpenSSL and unbreak the build on -CURRENT.

Alexey Dokuchaev danfe at FreeBSD.org
Thu Aug 26 04:10:23 UTC 2021


The branch main has been updated by danfe:

URL: https://cgit.FreeBSD.org/ports/commit/?id=7e8ab83f6c92013a27fe9dfc4b02f738cb8ff51c

commit 7e8ab83f6c92013a27fe9dfc4b02f738cb8ff51c
Author:     Alexey Dokuchaev <danfe at FreeBSD.org>
AuthorDate: 2021-08-26 04:08:16 +0000
Commit:     Alexey Dokuchaev <danfe at FreeBSD.org>
CommitDate: 2021-08-26 04:08:58 +0000

    ftp/bsdftpd-ssl: convert to modern OpenSSL and unbreak the build on -CURRENT.
---
 ftp/bsdftpd-ssl/Makefile                          |   4 +-
 ftp/bsdftpd-ssl/files/patch-ftp_Makefile.FreeBSD  |  25 +++++
 ftp/bsdftpd-ssl/files/patch-ftpd_Makefile.FreeBSD |  17 ++++
 ftp/bsdftpd-ssl/files/patch-ftpd_ftpcmd.y         |  18 ++++
 ftp/bsdftpd-ssl/files/patch-gcc4                  |  69 -------------
 ftp/bsdftpd-ssl/files/patch-ssl_sslapp.c          | 115 ++++++++++++++++++++++
 6 files changed, 176 insertions(+), 72 deletions(-)

diff --git a/ftp/bsdftpd-ssl/Makefile b/ftp/bsdftpd-ssl/Makefile
index f6ed3913fe22..5d4b29b77754 100644
--- a/ftp/bsdftpd-ssl/Makefile
+++ b/ftp/bsdftpd-ssl/Makefile
@@ -30,9 +30,7 @@ LDFLAGS+=	-lpam
 .include <bsd.port.options.mk>
 
 .if ${SSL_DEFAULT} == base
-BROKEN_FreeBSD_12=	variable has incomplete type 'X509_STORE_CTX' (aka 'struct x509_store_ctx_st')
-BROKEN_FreeBSD_13=	variable has incomplete type 'X509_STORE_CTX' (aka 'struct x509_store_ctx_st')
-BROKEN_FreeBSD_14=	variable has incomplete type 'X509_STORE_CTX' (aka 'struct x509_store_ctx_st')
+BROKEN_FreeBSD_11=	undefined reference to `X509_OBJECT_new'
 .endif
 
 .if ${PORT_OPTIONS:MSERVER} && ${PORT_OPTIONS:MEXAMPLES}
diff --git a/ftp/bsdftpd-ssl/files/patch-ftp_Makefile.FreeBSD b/ftp/bsdftpd-ssl/files/patch-ftp_Makefile.FreeBSD
new file mode 100644
index 000000000000..1cf26a0ca029
--- /dev/null
+++ b/ftp/bsdftpd-ssl/files/patch-ftp_Makefile.FreeBSD
@@ -0,0 +1,25 @@
+--- ftp/Makefile.FreeBSD.orig	2005-01-11 10:06:55 UTC
++++ ftp/Makefile.FreeBSD
+@@ -17,11 +17,11 @@ CFLAGS+=-DINET6
+ ### TLS/SSL support
+ ## Comment lines below to disable TLS/SSL support
+ CFLAGS+=-DUSE_SSL
+-LDADD+=	-lssl -lcrypto
++LDADD+=	-L${OPENSSLLIB} -lssl -lcrypto
+ ## Next lines must present regardless of TLS/SSL support state
+ .PATH:	${.CURDIR}/../ssl
+ SRCS+= sslapp.c ssl_port.c ssl_port_ftps.c
+-CFLAGS+=-I../ssl
++CFLAGS+= -I${OPENSSLINC} -I../ssl
+ ###
+ 
+ ###
+@@ -31,7 +31,7 @@ PROG=	ftps
+ SRCS+=	cmds.c cmdtab.c complete.c domacro.c fetch.c ftp.c main.c ruserpass.c \
+ 	util.c
+ 
+-CFLAGS+= -I../port -Wall
++CFLAGS+= -I../port -Wall -fcommon
+ 
+ LDADD+=	../port/libedit.a
+ .if defined(BSDTYPE) && ( ${BSDTYPE} == "NetBSD" )
diff --git a/ftp/bsdftpd-ssl/files/patch-ftpd_Makefile.FreeBSD b/ftp/bsdftpd-ssl/files/patch-ftpd_Makefile.FreeBSD
new file mode 100644
index 000000000000..62c17aabac20
--- /dev/null
+++ b/ftp/bsdftpd-ssl/files/patch-ftpd_Makefile.FreeBSD
@@ -0,0 +1,17 @@
+--- ftpd/Makefile.FreeBSD.orig	2005-01-11 22:49:16 UTC
++++ ftpd/Makefile.FreeBSD
+@@ -78,12 +78,12 @@ LDADD+=	-lm
+ ### TLS/SSL support
+ .if defined(SSL_SUPPORT)
+ CFLAGS+=-DUSE_SSL
+-LDADD+= -lssl -lcrypto ../port/libbsdport.a
++LDADD+= -L${OPENSSLLIB} -lssl -lcrypto ../port/libbsdport.a
+ .endif
+ ## Next lines must present regardless of TLS/SSL support state
+ .PATH:	${.CURDIR}/../ssl
+ SRCS+=	sslapp.c ssl_port.c ssl_port_ftpd.c
+-CFLAGS+=-I../ssl -I../port
++CFLAGS+= -I${OPENSSLINC} -I../ssl -I../port
+ ###
+ 
+ ### PAM support
diff --git a/ftp/bsdftpd-ssl/files/patch-ftpd_ftpcmd.y b/ftp/bsdftpd-ssl/files/patch-ftpd_ftpcmd.y
index 020eaada2dee..751cc0de6c81 100644
--- a/ftp/bsdftpd-ssl/files/patch-ftpd_ftpcmd.y
+++ b/ftp/bsdftpd-ssl/files/patch-ftpd_ftpcmd.y
@@ -1,5 +1,14 @@
 --- ftpd/ftpcmd.y.orig	2004-12-19 18:44:42 UTC
 +++ ftpd/ftpcmd.y
+@@ -1376,7 +1376,7 @@ static void	 toolong(int);
+ #ifdef INET6
+ static void	 v4map_data_dest(void);
+ #endif
+-static int	 yylex(void);
++int	 yylex(void);
+ 
+ static struct tab *
+ lookup(struct tab *p, char *cmd)
 @@ -1394,7 +1394,7 @@ lookup(struct tab *p, char *cmd)
   * getline - a hacked up version of fgets to ignore TELNET escape codes.
   */
@@ -9,6 +18,15 @@
  {
  	int c;
  	register char *cs;
+@@ -1530,7 +1530,7 @@ check_syntax(struct tab *cmd, char *cbuf, size_t cpos)
+ 	return 1;
+ }
+ 
+-static int
++int
+ yylex(void)
+ {
+ 	static int cpos;
 @@ -1545,7 +1545,7 @@ yylex(void)
  		case CMD:
  			(void) signal(SIGALRM, toolong);
diff --git a/ftp/bsdftpd-ssl/files/patch-gcc4 b/ftp/bsdftpd-ssl/files/patch-gcc4
index 5076f96e973e..d8cc291e4621 100644
--- a/ftp/bsdftpd-ssl/files/patch-gcc4
+++ b/ftp/bsdftpd-ssl/files/patch-gcc4
@@ -126,72 +126,3 @@
  
  .if !target(${PROG})
  SRCS=	${PROG}.c
---- ssl/sslapp.c.orig	2005-01-10 23:34:59 UTC
-+++ ssl/sslapp.c
-@@ -108,8 +108,8 @@ do_ssleay_init(int server)
-      * export things work... If so we generate one now!
-      */
-     if (server) {
--	    const char ctx_sid[] = "BSDftpd-ssl";
--	    SSL_CTX_set_session_id_context(ssl_ctx, ctx_sid, strlen(ctx_sid));
-+	    const unsigned char ctx_sid[] = "BSDftpd-ssl";
-+	    SSL_CTX_set_session_id_context(ssl_ctx, ctx_sid, strlen((const char*)ctx_sid));
- 
- 	    if (SSL_CTX_need_tmp_RSA(ssl_ctx)) {
- 		    RSA *rsa;
-@@ -474,12 +474,12 @@ ssl_log_msg(BIO *bio, const char *fmt, .
-     va_end(ap);
-     if (outputbuf == NULL) {
- 	    BIO_printf(bio, "\r\nRan out of memory.\r\n");
--	    BIO_flush(bio);
-+	    (void)BIO_flush(bio);
- 	    return;
-     }
- 
-     BIO_printf(bio, "%s", outputbuf);
--    BIO_flush(bio);
-+    (void)BIO_flush(bio);
- 
-     free(outputbuf);
- }
-@@ -498,12 +498,12 @@ ssl_log_msgn(BIO *bio, const char *fmt, 
-     va_end(ap);
-     if (outputbuf == NULL) {
- 	    BIO_printf(bio, "\r\nRan out of memory.\r\n");
--	    BIO_flush(bio);
-+	    (void)BIO_flush(bio);
- 	    return;
-     }
- 
-     BIO_printf(bio, "\r\n%s\r\n", outputbuf);
--    BIO_flush(bio);
-+    (void)BIO_flush(bio);
- 
-     free(outputbuf);
- }
-@@ -519,7 +519,7 @@ ssl_log_vwarn_common(BIO *bio, int debug
-     vasprintf(&tmp, fmt, ap);
-     if (tmp == NULL) {
- 	    BIO_printf(bio, "\r\nRan out of memory.\r\n");
--	    BIO_flush(bio);
-+	    (void)BIO_flush(bio);
- 	    if (ssl_logerr_syslog)
- 		    syslog(LOG_ERR, "Ran out of memory.");
- 	    return;
-@@ -531,14 +531,14 @@ ssl_log_vwarn_common(BIO *bio, int debug
-     free(tmp);
-     if (outputbuf == NULL) {
- 	    BIO_printf(bio, "\r\nRan out of memory.\r\n");
--	    BIO_flush(bio);
-+	    (void)BIO_flush(bio);
- 	    if (ssl_logerr_syslog)
- 		    syslog(LOG_ERR, "Ran out of memory.");
- 	    return;
-     }
- 
-     BIO_printf(bio, "%s\r\n", outputbuf);
--    BIO_flush(bio);
-+    (void)BIO_flush(bio);
-     if (ssl_logerr_syslog)
- 	    syslog(LOG_WARNING, "%s", outputbuf);
-     free(outputbuf);
diff --git a/ftp/bsdftpd-ssl/files/patch-ssl_sslapp.c b/ftp/bsdftpd-ssl/files/patch-ssl_sslapp.c
new file mode 100644
index 000000000000..6938b20fd3ce
--- /dev/null
+++ b/ftp/bsdftpd-ssl/files/patch-ssl_sslapp.c
@@ -0,0 +1,115 @@
+--- ssl/sslapp.c.orig	2005-01-10 23:34:59 UTC
++++ ssl/sslapp.c
+@@ -113,10 +113,14 @@ do_ssleay_init(int server)
+ 
+ 	    if (SSL_CTX_need_tmp_RSA(ssl_ctx)) {
+ 		    RSA *rsa;
++		    BIGNUM *e;
+ 
+ 		    if (ssl_debug_flag)
+ 			    ssl_log_msgn(bio_err, "Generating temp (512 bit) RSA key...");
+-		    rsa = RSA_generate_key(512, RSA_F4, NULL, NULL);
++
++		    e = BN_new();
++		    BN_set_word(e, RSA_F4);
++		    RSA_generate_key_ex(rsa, 512, e, NULL);
+ 		    if (ssl_debug_flag)
+ 			    ssl_log_msgn(bio_err, "Generation of temp (512 bit) RSA key done");
+ 
+@@ -289,12 +293,13 @@ int
+ ssl_X509_STORE_lookup(X509_STORE *pStore, int nType,
+ 			X509_NAME *pName, X509_OBJECT *pObj)
+ {
+-    X509_STORE_CTX pStoreCtx;
++    X509_STORE_CTX *pStoreCtx;
+     int rc;
+ 
+-    X509_STORE_CTX_init(&pStoreCtx, pStore, NULL, NULL);
+-    rc = X509_STORE_get_by_subject(&pStoreCtx, nType, pName, pObj);
+-    X509_STORE_CTX_cleanup(&pStoreCtx);
++    pStoreCtx = X509_STORE_CTX_new();
++    X509_STORE_CTX_init(pStoreCtx, pStore, NULL, NULL);
++    rc = X509_STORE_get_by_subject(pStoreCtx, nType, pName, pObj);
++    X509_STORE_CTX_free(pStoreCtx);
+     return rc;
+ }
+ 
+@@ -311,7 +316,7 @@ ssl_X509_STORE_lookup(X509_STORE *pStore, int nType,
+ int
+ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
+ {
+-    X509_OBJECT obj;
++    X509_OBJECT *obj;
+     X509_NAME *subject;
+     X509_NAME *issuer;
+     X509 *xs;
+@@ -368,16 +373,16 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
+      * Try to retrieve a CRL corresponding to the _subject_ of
+      * the current certificate in order to verify it's integrity.
+      */
+-    memset((char *)&obj, 0, sizeof(obj));
+-    rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, subject, &obj);
+-    crl = obj.data.crl;
++    obj = X509_OBJECT_new();
++    rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, subject, obj);
++    crl = X509_OBJECT_get0_X509_CRL(obj);
+     if (rc > 0 && crl != NULL) {
+         /*
+          * Verify the signature on this CRL
+          */
+         if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) {
+             X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
+-            X509_OBJECT_free_contents(&obj);
++            X509_OBJECT_free(obj);
+             return 0;
+         }
+ 
+@@ -387,24 +392,24 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
+         i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
+         if (i == 0) {
+             X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
+-            X509_OBJECT_free_contents(&obj);
++            X509_OBJECT_free(obj);
+             return 0;
+         }
+         if (i < 0) {
+             X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
+-            X509_OBJECT_free_contents(&obj);
++            X509_OBJECT_free(obj);
+             return 0;
+         }
+-        X509_OBJECT_free_contents(&obj);
++        X509_OBJECT_free(obj);
+     }
+ 
+     /*
+      * Try to retrieve a CRL corresponding to the _issuer_ of
+      * the current certificate in order to check for revocation.
+      */
+-    memset((char *)&obj, 0, sizeof(obj));
+-    rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, issuer, &obj);
+-    crl = obj.data.crl;
++    obj = X509_OBJECT_new();
++    rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, issuer, obj);
++    crl = X509_OBJECT_get0_X509_CRL(obj);
+     if (rc > 0 && crl != NULL) {
+         /*
+          * Check if the current certificate is revoked by this CRL
+@@ -412,13 +417,14 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
+         n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
+         for (i = 0; i < n; i++) {
+             revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
+-            if (ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(xs)) == 0) {
++            if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked),
++              X509_get_serialNumber(xs)) == 0) {
+                 X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
+-                X509_OBJECT_free_contents(&obj);
++                X509_OBJECT_free(obj);
+                 return 0;
+             }
+         }
+-        X509_OBJECT_free_contents(&obj);
++        X509_OBJECT_free(obj);
+     }
+     return ok;
+ }


More information about the dev-commits-ports-all mailing list