svn commit: r410654 - in head/net/openntpd: . files

Christian Weisgerber naddy at FreeBSD.org
Tue Mar 8 20:19:09 UTC 2016 

Author: naddy
Date: Tue Mar  8 20:19:07 2016
New Revision: 410654
URL: https://svnweb.freebsd.org/changeset/ports/410654

Log:
  * Reenable certificate validation through libressl
    (libressl 2.2.6 seems to be happy enough with the ca_root_nss 3.22.2
    upgrade)
  * Avoid strptime %Z which is nonstandard and can give surprising
    results on different operating systems. (Same fix as upstream.)
  
  PR:		207685
  Submitted by:	mandree

Added:
  head/net/openntpd/files/patch-src_constraint.c   (contents, props changed)
Modified:
  head/net/openntpd/Makefile

Modified: head/net/openntpd/Makefile
==============================================================================
--- head/net/openntpd/Makefile	Tue Mar  8 20:11:27 2016	(r410653)
+++ head/net/openntpd/Makefile	Tue Mar  8 20:19:07 2016	(r410654)
@@ -2,7 +2,7 @@
 
 PORTNAME=	openntpd
 PORTVERSION=	5.7p4
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	2
 CATEGORIES=	net
 MASTER_SITES=	OPENBSD/OpenNTPD
@@ -20,25 +20,26 @@ USE_RC_SUBR=	openntpd
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--disable-silent-rules
 
-# XXX:
-# * LibreSSL fails with the certificiate bundle from ca_root_nss.
+# * LibreSSL fails with the certificiate bundle from ca_root_nss;
+#   3.22.2 appears to work just fine (unlike 3.22).
 # * USE_OPENSSL does not handle LibreSSL yet.
-#
-#OPTIONS_DEFINE=		RESSL
-#RESSL_DESC=		SSL/TLS support via LibreSSL
-#
-#OPTIONS_DEFAULT=	RESSL
-#
-#RESSL_LIB_DEPENDS=	libtls.so:${PORTSDIR}/security/libressl
-#RESSL_CONFIGURE_WITH=	cacert=${LOCALBASE}/etc/ssl/cert.pem
-#RESSL_CPPFLAGS=		-I${LOCALBASE}/include
-#RESSL_LDFLAGS=		-L${LOCALBASE}/lib
+
+OPTIONS_DEFINE=		RESSL
+RESSL_DESC=		SSL/TLS support via LibreSSL
+
+OPTIONS_DEFAULT=	RESSL
+
+RESSL_LIB_DEPENDS=	libtls.so:${PORTSDIR}/security/libressl
+RESSL_CONFIGURE_WITH=	cacert=${LOCALBASE}/etc/ssl/cert.pem
+RESSL_CPPFLAGS=		-I${LOCALBASE}/include
+RESSL_LDFLAGS=		-L${LOCALBASE}/lib
+RESSL_RUN_DEPENDS=	ca_root_nss>=3.22.2:${PORTSDIR}/security/ca_root_nss
 
 pre-build:
 	${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},g' \
 	    ${WRKSRC}/src/ntpd.conf.5 ${WRKSRC}/src/ntpd.8
 
 post-install:
-	cd ${STAGEDIR}${PREFIX}/etc; ${MV} ntpd.conf ntpd.conf.sample
+	cd ${STAGEDIR}${PREFIX}/etc && ${MV} ntpd.conf ntpd.conf.sample
 
 .include <bsd.port.mk>

Added: head/net/openntpd/files/patch-src_constraint.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/openntpd/files/patch-src_constraint.c	Tue Mar  8 20:19:07 2016	(r410654)
@@ -0,0 +1,11 @@
+--- src/constraint.c.orig	2015-03-14 21:24:11 UTC
++++ src/constraint.c
+@@ -665,7 +665,7 @@ httpsdate_request(struct httpsdate *http
+ 		 * or ANSI C's asctime() - the latter doesn't include
+ 		 * the timezone which is required here.
+ 		 */
+-		if (strptime(p, "%a, %d %h %Y %T %Z",
++		if (strptime(p, "%a, %d %h %Y %T GMT",
+ 		    &httpsdate->tls_tm) == NULL) {
+ 			log_warnx("unsupported date format");
+ 			free(line);

More information about the svn-ports-all mailing list