git: 7e8ab83f6c92 - main - ftp/bsdftpd-ssl: convert to modern OpenSSL and unbreak the build on -CURRENT.
Alexey Dokuchaev
danfe at FreeBSD.org
Thu Aug 26 04:10:23 UTC 2021
The branch main has been updated by danfe:
URL: https://cgit.FreeBSD.org/ports/commit/?id=7e8ab83f6c92013a27fe9dfc4b02f738cb8ff51c
commit 7e8ab83f6c92013a27fe9dfc4b02f738cb8ff51c
Author: Alexey Dokuchaev <danfe at FreeBSD.org>
AuthorDate: 2021-08-26 04:08:16 +0000
Commit: Alexey Dokuchaev <danfe at FreeBSD.org>
CommitDate: 2021-08-26 04:08:58 +0000
ftp/bsdftpd-ssl: convert to modern OpenSSL and unbreak the build on -CURRENT.
---
ftp/bsdftpd-ssl/Makefile | 4 +-
ftp/bsdftpd-ssl/files/patch-ftp_Makefile.FreeBSD | 25 +++++
ftp/bsdftpd-ssl/files/patch-ftpd_Makefile.FreeBSD | 17 ++++
ftp/bsdftpd-ssl/files/patch-ftpd_ftpcmd.y | 18 ++++
ftp/bsdftpd-ssl/files/patch-gcc4 | 69 -------------
ftp/bsdftpd-ssl/files/patch-ssl_sslapp.c | 115 ++++++++++++++++++++++
6 files changed, 176 insertions(+), 72 deletions(-)
diff --git a/ftp/bsdftpd-ssl/Makefile b/ftp/bsdftpd-ssl/Makefile
index f6ed3913fe22..5d4b29b77754 100644
--- a/ftp/bsdftpd-ssl/Makefile
+++ b/ftp/bsdftpd-ssl/Makefile
@@ -30,9 +30,7 @@ LDFLAGS+= -lpam
.include <bsd.port.options.mk>
.if ${SSL_DEFAULT} == base
-BROKEN_FreeBSD_12= variable has incomplete type 'X509_STORE_CTX' (aka 'struct x509_store_ctx_st')
-BROKEN_FreeBSD_13= variable has incomplete type 'X509_STORE_CTX' (aka 'struct x509_store_ctx_st')
-BROKEN_FreeBSD_14= variable has incomplete type 'X509_STORE_CTX' (aka 'struct x509_store_ctx_st')
+BROKEN_FreeBSD_11= undefined reference to `X509_OBJECT_new'
.endif
.if ${PORT_OPTIONS:MSERVER} && ${PORT_OPTIONS:MEXAMPLES}
diff --git a/ftp/bsdftpd-ssl/files/patch-ftp_Makefile.FreeBSD b/ftp/bsdftpd-ssl/files/patch-ftp_Makefile.FreeBSD
new file mode 100644
index 000000000000..1cf26a0ca029
--- /dev/null
+++ b/ftp/bsdftpd-ssl/files/patch-ftp_Makefile.FreeBSD
@@ -0,0 +1,25 @@
+--- ftp/Makefile.FreeBSD.orig 2005-01-11 10:06:55 UTC
++++ ftp/Makefile.FreeBSD
+@@ -17,11 +17,11 @@ CFLAGS+=-DINET6
+ ### TLS/SSL support
+ ## Comment lines below to disable TLS/SSL support
+ CFLAGS+=-DUSE_SSL
+-LDADD+= -lssl -lcrypto
++LDADD+= -L${OPENSSLLIB} -lssl -lcrypto
+ ## Next lines must present regardless of TLS/SSL support state
+ .PATH: ${.CURDIR}/../ssl
+ SRCS+= sslapp.c ssl_port.c ssl_port_ftps.c
+-CFLAGS+=-I../ssl
++CFLAGS+= -I${OPENSSLINC} -I../ssl
+ ###
+
+ ###
+@@ -31,7 +31,7 @@ PROG= ftps
+ SRCS+= cmds.c cmdtab.c complete.c domacro.c fetch.c ftp.c main.c ruserpass.c \
+ util.c
+
+-CFLAGS+= -I../port -Wall
++CFLAGS+= -I../port -Wall -fcommon
+
+ LDADD+= ../port/libedit.a
+ .if defined(BSDTYPE) && ( ${BSDTYPE} == "NetBSD" )
diff --git a/ftp/bsdftpd-ssl/files/patch-ftpd_Makefile.FreeBSD b/ftp/bsdftpd-ssl/files/patch-ftpd_Makefile.FreeBSD
new file mode 100644
index 000000000000..62c17aabac20
--- /dev/null
+++ b/ftp/bsdftpd-ssl/files/patch-ftpd_Makefile.FreeBSD
@@ -0,0 +1,17 @@
+--- ftpd/Makefile.FreeBSD.orig 2005-01-11 22:49:16 UTC
++++ ftpd/Makefile.FreeBSD
+@@ -78,12 +78,12 @@ LDADD+= -lm
+ ### TLS/SSL support
+ .if defined(SSL_SUPPORT)
+ CFLAGS+=-DUSE_SSL
+-LDADD+= -lssl -lcrypto ../port/libbsdport.a
++LDADD+= -L${OPENSSLLIB} -lssl -lcrypto ../port/libbsdport.a
+ .endif
+ ## Next lines must present regardless of TLS/SSL support state
+ .PATH: ${.CURDIR}/../ssl
+ SRCS+= sslapp.c ssl_port.c ssl_port_ftpd.c
+-CFLAGS+=-I../ssl -I../port
++CFLAGS+= -I${OPENSSLINC} -I../ssl -I../port
+ ###
+
+ ### PAM support
diff --git a/ftp/bsdftpd-ssl/files/patch-ftpd_ftpcmd.y b/ftp/bsdftpd-ssl/files/patch-ftpd_ftpcmd.y
index 020eaada2dee..751cc0de6c81 100644
--- a/ftp/bsdftpd-ssl/files/patch-ftpd_ftpcmd.y
+++ b/ftp/bsdftpd-ssl/files/patch-ftpd_ftpcmd.y
@@ -1,5 +1,14 @@
--- ftpd/ftpcmd.y.orig 2004-12-19 18:44:42 UTC
+++ ftpd/ftpcmd.y
+@@ -1376,7 +1376,7 @@ static void toolong(int);
+ #ifdef INET6
+ static void v4map_data_dest(void);
+ #endif
+-static int yylex(void);
++int yylex(void);
+
+ static struct tab *
+ lookup(struct tab *p, char *cmd)
@@ -1394,7 +1394,7 @@ lookup(struct tab *p, char *cmd)
* getline - a hacked up version of fgets to ignore TELNET escape codes.
*/
@@ -9,6 +18,15 @@
{
int c;
register char *cs;
+@@ -1530,7 +1530,7 @@ check_syntax(struct tab *cmd, char *cbuf, size_t cpos)
+ return 1;
+ }
+
+-static int
++int
+ yylex(void)
+ {
+ static int cpos;
@@ -1545,7 +1545,7 @@ yylex(void)
case CMD:
(void) signal(SIGALRM, toolong);
diff --git a/ftp/bsdftpd-ssl/files/patch-gcc4 b/ftp/bsdftpd-ssl/files/patch-gcc4
index 5076f96e973e..d8cc291e4621 100644
--- a/ftp/bsdftpd-ssl/files/patch-gcc4
+++ b/ftp/bsdftpd-ssl/files/patch-gcc4
@@ -126,72 +126,3 @@
.if !target(${PROG})
SRCS= ${PROG}.c
---- ssl/sslapp.c.orig 2005-01-10 23:34:59 UTC
-+++ ssl/sslapp.c
-@@ -108,8 +108,8 @@ do_ssleay_init(int server)
- * export things work... If so we generate one now!
- */
- if (server) {
-- const char ctx_sid[] = "BSDftpd-ssl";
-- SSL_CTX_set_session_id_context(ssl_ctx, ctx_sid, strlen(ctx_sid));
-+ const unsigned char ctx_sid[] = "BSDftpd-ssl";
-+ SSL_CTX_set_session_id_context(ssl_ctx, ctx_sid, strlen((const char*)ctx_sid));
-
- if (SSL_CTX_need_tmp_RSA(ssl_ctx)) {
- RSA *rsa;
-@@ -474,12 +474,12 @@ ssl_log_msg(BIO *bio, const char *fmt, .
- va_end(ap);
- if (outputbuf == NULL) {
- BIO_printf(bio, "\r\nRan out of memory.\r\n");
-- BIO_flush(bio);
-+ (void)BIO_flush(bio);
- return;
- }
-
- BIO_printf(bio, "%s", outputbuf);
-- BIO_flush(bio);
-+ (void)BIO_flush(bio);
-
- free(outputbuf);
- }
-@@ -498,12 +498,12 @@ ssl_log_msgn(BIO *bio, const char *fmt,
- va_end(ap);
- if (outputbuf == NULL) {
- BIO_printf(bio, "\r\nRan out of memory.\r\n");
-- BIO_flush(bio);
-+ (void)BIO_flush(bio);
- return;
- }
-
- BIO_printf(bio, "\r\n%s\r\n", outputbuf);
-- BIO_flush(bio);
-+ (void)BIO_flush(bio);
-
- free(outputbuf);
- }
-@@ -519,7 +519,7 @@ ssl_log_vwarn_common(BIO *bio, int debug
- vasprintf(&tmp, fmt, ap);
- if (tmp == NULL) {
- BIO_printf(bio, "\r\nRan out of memory.\r\n");
-- BIO_flush(bio);
-+ (void)BIO_flush(bio);
- if (ssl_logerr_syslog)
- syslog(LOG_ERR, "Ran out of memory.");
- return;
-@@ -531,14 +531,14 @@ ssl_log_vwarn_common(BIO *bio, int debug
- free(tmp);
- if (outputbuf == NULL) {
- BIO_printf(bio, "\r\nRan out of memory.\r\n");
-- BIO_flush(bio);
-+ (void)BIO_flush(bio);
- if (ssl_logerr_syslog)
- syslog(LOG_ERR, "Ran out of memory.");
- return;
- }
-
- BIO_printf(bio, "%s\r\n", outputbuf);
-- BIO_flush(bio);
-+ (void)BIO_flush(bio);
- if (ssl_logerr_syslog)
- syslog(LOG_WARNING, "%s", outputbuf);
- free(outputbuf);
diff --git a/ftp/bsdftpd-ssl/files/patch-ssl_sslapp.c b/ftp/bsdftpd-ssl/files/patch-ssl_sslapp.c
new file mode 100644
index 000000000000..6938b20fd3ce
--- /dev/null
+++ b/ftp/bsdftpd-ssl/files/patch-ssl_sslapp.c
@@ -0,0 +1,115 @@
+--- ssl/sslapp.c.orig 2005-01-10 23:34:59 UTC
++++ ssl/sslapp.c
+@@ -113,10 +113,14 @@ do_ssleay_init(int server)
+
+ if (SSL_CTX_need_tmp_RSA(ssl_ctx)) {
+ RSA *rsa;
++ BIGNUM *e;
+
+ if (ssl_debug_flag)
+ ssl_log_msgn(bio_err, "Generating temp (512 bit) RSA key...");
+- rsa = RSA_generate_key(512, RSA_F4, NULL, NULL);
++
++ e = BN_new();
++ BN_set_word(e, RSA_F4);
++ RSA_generate_key_ex(rsa, 512, e, NULL);
+ if (ssl_debug_flag)
+ ssl_log_msgn(bio_err, "Generation of temp (512 bit) RSA key done");
+
+@@ -289,12 +293,13 @@ int
+ ssl_X509_STORE_lookup(X509_STORE *pStore, int nType,
+ X509_NAME *pName, X509_OBJECT *pObj)
+ {
+- X509_STORE_CTX pStoreCtx;
++ X509_STORE_CTX *pStoreCtx;
+ int rc;
+
+- X509_STORE_CTX_init(&pStoreCtx, pStore, NULL, NULL);
+- rc = X509_STORE_get_by_subject(&pStoreCtx, nType, pName, pObj);
+- X509_STORE_CTX_cleanup(&pStoreCtx);
++ pStoreCtx = X509_STORE_CTX_new();
++ X509_STORE_CTX_init(pStoreCtx, pStore, NULL, NULL);
++ rc = X509_STORE_get_by_subject(pStoreCtx, nType, pName, pObj);
++ X509_STORE_CTX_free(pStoreCtx);
+ return rc;
+ }
+
+@@ -311,7 +316,7 @@ ssl_X509_STORE_lookup(X509_STORE *pStore, int nType,
+ int
+ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
+ {
+- X509_OBJECT obj;
++ X509_OBJECT *obj;
+ X509_NAME *subject;
+ X509_NAME *issuer;
+ X509 *xs;
+@@ -368,16 +373,16 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
+ * Try to retrieve a CRL corresponding to the _subject_ of
+ * the current certificate in order to verify it's integrity.
+ */
+- memset((char *)&obj, 0, sizeof(obj));
+- rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, subject, &obj);
+- crl = obj.data.crl;
++ obj = X509_OBJECT_new();
++ rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, subject, obj);
++ crl = X509_OBJECT_get0_X509_CRL(obj);
+ if (rc > 0 && crl != NULL) {
+ /*
+ * Verify the signature on this CRL
+ */
+ if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) {
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
+- X509_OBJECT_free_contents(&obj);
++ X509_OBJECT_free(obj);
+ return 0;
+ }
+
+@@ -387,24 +392,24 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
+ i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
+ if (i == 0) {
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
+- X509_OBJECT_free_contents(&obj);
++ X509_OBJECT_free(obj);
+ return 0;
+ }
+ if (i < 0) {
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
+- X509_OBJECT_free_contents(&obj);
++ X509_OBJECT_free(obj);
+ return 0;
+ }
+- X509_OBJECT_free_contents(&obj);
++ X509_OBJECT_free(obj);
+ }
+
+ /*
+ * Try to retrieve a CRL corresponding to the _issuer_ of
+ * the current certificate in order to check for revocation.
+ */
+- memset((char *)&obj, 0, sizeof(obj));
+- rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, issuer, &obj);
+- crl = obj.data.crl;
++ obj = X509_OBJECT_new();
++ rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, issuer, obj);
++ crl = X509_OBJECT_get0_X509_CRL(obj);
+ if (rc > 0 && crl != NULL) {
+ /*
+ * Check if the current certificate is revoked by this CRL
+@@ -412,13 +417,14 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
+ n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
+ for (i = 0; i < n; i++) {
+ revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
+- if (ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(xs)) == 0) {
++ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked),
++ X509_get_serialNumber(xs)) == 0) {
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
+- X509_OBJECT_free_contents(&obj);
++ X509_OBJECT_free(obj);
+ return 0;
+ }
+ }
+- X509_OBJECT_free_contents(&obj);
++ X509_OBJECT_free(obj);
+ }
+ return ok;
+ }
More information about the dev-commits-ports-all
mailing list