Date: Thu, 26 Aug 2021 04:10:23 GMT From: Alexey Dokuchaev <danfe@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 7e8ab83f6c92 - main - ftp/bsdftpd-ssl: convert to modern OpenSSL and unbreak the build on -CURRENT. Message-ID: <202108260410.17Q4AN6F033780@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by danfe: URL: https://cgit.FreeBSD.org/ports/commit/?id=7e8ab83f6c92013a27fe9dfc4b02f738cb8ff51c commit 7e8ab83f6c92013a27fe9dfc4b02f738cb8ff51c Author: Alexey Dokuchaev <danfe@FreeBSD.org> AuthorDate: 2021-08-26 04:08:16 +0000 Commit: Alexey Dokuchaev <danfe@FreeBSD.org> CommitDate: 2021-08-26 04:08:58 +0000 ftp/bsdftpd-ssl: convert to modern OpenSSL and unbreak the build on -CURRENT. --- ftp/bsdftpd-ssl/Makefile | 4 +- ftp/bsdftpd-ssl/files/patch-ftp_Makefile.FreeBSD | 25 +++++ ftp/bsdftpd-ssl/files/patch-ftpd_Makefile.FreeBSD | 17 ++++ ftp/bsdftpd-ssl/files/patch-ftpd_ftpcmd.y | 18 ++++ ftp/bsdftpd-ssl/files/patch-gcc4 | 69 ------------- ftp/bsdftpd-ssl/files/patch-ssl_sslapp.c | 115 ++++++++++++++++++++++ 6 files changed, 176 insertions(+), 72 deletions(-) diff --git a/ftp/bsdftpd-ssl/Makefile b/ftp/bsdftpd-ssl/Makefile index f6ed3913fe22..5d4b29b77754 100644 --- a/ftp/bsdftpd-ssl/Makefile +++ b/ftp/bsdftpd-ssl/Makefile @@ -30,9 +30,7 @@ LDFLAGS+= -lpam .include <bsd.port.options.mk> .if ${SSL_DEFAULT} == base -BROKEN_FreeBSD_12= variable has incomplete type 'X509_STORE_CTX' (aka 'struct x509_store_ctx_st') -BROKEN_FreeBSD_13= variable has incomplete type 'X509_STORE_CTX' (aka 'struct x509_store_ctx_st') -BROKEN_FreeBSD_14= variable has incomplete type 'X509_STORE_CTX' (aka 'struct x509_store_ctx_st') +BROKEN_FreeBSD_11= undefined reference to `X509_OBJECT_new' .endif .if ${PORT_OPTIONS:MSERVER} && ${PORT_OPTIONS:MEXAMPLES} diff --git a/ftp/bsdftpd-ssl/files/patch-ftp_Makefile.FreeBSD b/ftp/bsdftpd-ssl/files/patch-ftp_Makefile.FreeBSD new file mode 100644 index 000000000000..1cf26a0ca029 --- /dev/null +++ b/ftp/bsdftpd-ssl/files/patch-ftp_Makefile.FreeBSD @@ -0,0 +1,25 @@ +--- ftp/Makefile.FreeBSD.orig 2005-01-11 10:06:55 UTC ++++ ftp/Makefile.FreeBSD +@@ -17,11 +17,11 @@ CFLAGS+=-DINET6 + ### TLS/SSL support + ## Comment lines below to disable TLS/SSL support + CFLAGS+=-DUSE_SSL +-LDADD+= -lssl -lcrypto ++LDADD+= -L${OPENSSLLIB} -lssl -lcrypto + ## Next lines must present regardless of TLS/SSL support state + .PATH: ${.CURDIR}/../ssl + SRCS+= sslapp.c ssl_port.c ssl_port_ftps.c +-CFLAGS+=-I../ssl ++CFLAGS+= -I${OPENSSLINC} -I../ssl + ### + + ### +@@ -31,7 +31,7 @@ PROG= ftps + SRCS+= cmds.c cmdtab.c complete.c domacro.c fetch.c ftp.c main.c ruserpass.c \ + util.c + +-CFLAGS+= -I../port -Wall ++CFLAGS+= -I../port -Wall -fcommon + + LDADD+= ../port/libedit.a + .if defined(BSDTYPE) && ( ${BSDTYPE} == "NetBSD" ) diff --git a/ftp/bsdftpd-ssl/files/patch-ftpd_Makefile.FreeBSD b/ftp/bsdftpd-ssl/files/patch-ftpd_Makefile.FreeBSD new file mode 100644 index 000000000000..62c17aabac20 --- /dev/null +++ b/ftp/bsdftpd-ssl/files/patch-ftpd_Makefile.FreeBSD @@ -0,0 +1,17 @@ +--- ftpd/Makefile.FreeBSD.orig 2005-01-11 22:49:16 UTC ++++ ftpd/Makefile.FreeBSD +@@ -78,12 +78,12 @@ LDADD+= -lm + ### TLS/SSL support + .if defined(SSL_SUPPORT) + CFLAGS+=-DUSE_SSL +-LDADD+= -lssl -lcrypto ../port/libbsdport.a ++LDADD+= -L${OPENSSLLIB} -lssl -lcrypto ../port/libbsdport.a + .endif + ## Next lines must present regardless of TLS/SSL support state + .PATH: ${.CURDIR}/../ssl + SRCS+= sslapp.c ssl_port.c ssl_port_ftpd.c +-CFLAGS+=-I../ssl -I../port ++CFLAGS+= -I${OPENSSLINC} -I../ssl -I../port + ### + + ### PAM support diff --git a/ftp/bsdftpd-ssl/files/patch-ftpd_ftpcmd.y b/ftp/bsdftpd-ssl/files/patch-ftpd_ftpcmd.y index 020eaada2dee..751cc0de6c81 100644 --- a/ftp/bsdftpd-ssl/files/patch-ftpd_ftpcmd.y +++ b/ftp/bsdftpd-ssl/files/patch-ftpd_ftpcmd.y @@ -1,5 +1,14 @@ --- ftpd/ftpcmd.y.orig 2004-12-19 18:44:42 UTC +++ ftpd/ftpcmd.y +@@ -1376,7 +1376,7 @@ static void toolong(int); + #ifdef INET6 + static void v4map_data_dest(void); + #endif +-static int yylex(void); ++int yylex(void); + + static struct tab * + lookup(struct tab *p, char *cmd) @@ -1394,7 +1394,7 @@ lookup(struct tab *p, char *cmd) * getline - a hacked up version of fgets to ignore TELNET escape codes. */ @@ -9,6 +18,15 @@ { int c; register char *cs; +@@ -1530,7 +1530,7 @@ check_syntax(struct tab *cmd, char *cbuf, size_t cpos) + return 1; + } + +-static int ++int + yylex(void) + { + static int cpos; @@ -1545,7 +1545,7 @@ yylex(void) case CMD: (void) signal(SIGALRM, toolong); diff --git a/ftp/bsdftpd-ssl/files/patch-gcc4 b/ftp/bsdftpd-ssl/files/patch-gcc4 index 5076f96e973e..d8cc291e4621 100644 --- a/ftp/bsdftpd-ssl/files/patch-gcc4 +++ b/ftp/bsdftpd-ssl/files/patch-gcc4 @@ -126,72 +126,3 @@ .if !target(${PROG}) SRCS= ${PROG}.c ---- ssl/sslapp.c.orig 2005-01-10 23:34:59 UTC -+++ ssl/sslapp.c -@@ -108,8 +108,8 @@ do_ssleay_init(int server) - * export things work... If so we generate one now! - */ - if (server) { -- const char ctx_sid[] = "BSDftpd-ssl"; -- SSL_CTX_set_session_id_context(ssl_ctx, ctx_sid, strlen(ctx_sid)); -+ const unsigned char ctx_sid[] = "BSDftpd-ssl"; -+ SSL_CTX_set_session_id_context(ssl_ctx, ctx_sid, strlen((const char*)ctx_sid)); - - if (SSL_CTX_need_tmp_RSA(ssl_ctx)) { - RSA *rsa; -@@ -474,12 +474,12 @@ ssl_log_msg(BIO *bio, const char *fmt, . - va_end(ap); - if (outputbuf == NULL) { - BIO_printf(bio, "\r\nRan out of memory.\r\n"); -- BIO_flush(bio); -+ (void)BIO_flush(bio); - return; - } - - BIO_printf(bio, "%s", outputbuf); -- BIO_flush(bio); -+ (void)BIO_flush(bio); - - free(outputbuf); - } -@@ -498,12 +498,12 @@ ssl_log_msgn(BIO *bio, const char *fmt, - va_end(ap); - if (outputbuf == NULL) { - BIO_printf(bio, "\r\nRan out of memory.\r\n"); -- BIO_flush(bio); -+ (void)BIO_flush(bio); - return; - } - - BIO_printf(bio, "\r\n%s\r\n", outputbuf); -- BIO_flush(bio); -+ (void)BIO_flush(bio); - - free(outputbuf); - } -@@ -519,7 +519,7 @@ ssl_log_vwarn_common(BIO *bio, int debug - vasprintf(&tmp, fmt, ap); - if (tmp == NULL) { - BIO_printf(bio, "\r\nRan out of memory.\r\n"); -- BIO_flush(bio); -+ (void)BIO_flush(bio); - if (ssl_logerr_syslog) - syslog(LOG_ERR, "Ran out of memory."); - return; -@@ -531,14 +531,14 @@ ssl_log_vwarn_common(BIO *bio, int debug - free(tmp); - if (outputbuf == NULL) { - BIO_printf(bio, "\r\nRan out of memory.\r\n"); -- BIO_flush(bio); -+ (void)BIO_flush(bio); - if (ssl_logerr_syslog) - syslog(LOG_ERR, "Ran out of memory."); - return; - } - - BIO_printf(bio, "%s\r\n", outputbuf); -- BIO_flush(bio); -+ (void)BIO_flush(bio); - if (ssl_logerr_syslog) - syslog(LOG_WARNING, "%s", outputbuf); - free(outputbuf); diff --git a/ftp/bsdftpd-ssl/files/patch-ssl_sslapp.c b/ftp/bsdftpd-ssl/files/patch-ssl_sslapp.c new file mode 100644 index 000000000000..6938b20fd3ce --- /dev/null +++ b/ftp/bsdftpd-ssl/files/patch-ssl_sslapp.c @@ -0,0 +1,115 @@ +--- ssl/sslapp.c.orig 2005-01-10 23:34:59 UTC ++++ ssl/sslapp.c +@@ -113,10 +113,14 @@ do_ssleay_init(int server) + + if (SSL_CTX_need_tmp_RSA(ssl_ctx)) { + RSA *rsa; ++ BIGNUM *e; + + if (ssl_debug_flag) + ssl_log_msgn(bio_err, "Generating temp (512 bit) RSA key..."); +- rsa = RSA_generate_key(512, RSA_F4, NULL, NULL); ++ ++ e = BN_new(); ++ BN_set_word(e, RSA_F4); ++ RSA_generate_key_ex(rsa, 512, e, NULL); + if (ssl_debug_flag) + ssl_log_msgn(bio_err, "Generation of temp (512 bit) RSA key done"); + +@@ -289,12 +293,13 @@ int + ssl_X509_STORE_lookup(X509_STORE *pStore, int nType, + X509_NAME *pName, X509_OBJECT *pObj) + { +- X509_STORE_CTX pStoreCtx; ++ X509_STORE_CTX *pStoreCtx; + int rc; + +- X509_STORE_CTX_init(&pStoreCtx, pStore, NULL, NULL); +- rc = X509_STORE_get_by_subject(&pStoreCtx, nType, pName, pObj); +- X509_STORE_CTX_cleanup(&pStoreCtx); ++ pStoreCtx = X509_STORE_CTX_new(); ++ X509_STORE_CTX_init(pStoreCtx, pStore, NULL, NULL); ++ rc = X509_STORE_get_by_subject(pStoreCtx, nType, pName, pObj); ++ X509_STORE_CTX_free(pStoreCtx); + return rc; + } + +@@ -311,7 +316,7 @@ ssl_X509_STORE_lookup(X509_STORE *pStore, int nType, + int + verify_cb_CRL(int ok, X509_STORE_CTX *ctx) + { +- X509_OBJECT obj; ++ X509_OBJECT *obj; + X509_NAME *subject; + X509_NAME *issuer; + X509 *xs; +@@ -368,16 +373,16 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx) + * Try to retrieve a CRL corresponding to the _subject_ of + * the current certificate in order to verify it's integrity. + */ +- memset((char *)&obj, 0, sizeof(obj)); +- rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, subject, &obj); +- crl = obj.data.crl; ++ obj = X509_OBJECT_new(); ++ rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, subject, obj); ++ crl = X509_OBJECT_get0_X509_CRL(obj); + if (rc > 0 && crl != NULL) { + /* + * Verify the signature on this CRL + */ + if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) { + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE); +- X509_OBJECT_free_contents(&obj); ++ X509_OBJECT_free(obj); + return 0; + } + +@@ -387,24 +392,24 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx) + i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl)); + if (i == 0) { + X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD); +- X509_OBJECT_free_contents(&obj); ++ X509_OBJECT_free(obj); + return 0; + } + if (i < 0) { + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED); +- X509_OBJECT_free_contents(&obj); ++ X509_OBJECT_free(obj); + return 0; + } +- X509_OBJECT_free_contents(&obj); ++ X509_OBJECT_free(obj); + } + + /* + * Try to retrieve a CRL corresponding to the _issuer_ of + * the current certificate in order to check for revocation. + */ +- memset((char *)&obj, 0, sizeof(obj)); +- rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, issuer, &obj); +- crl = obj.data.crl; ++ obj = X509_OBJECT_new(); ++ rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, issuer, obj); ++ crl = X509_OBJECT_get0_X509_CRL(obj); + if (rc > 0 && crl != NULL) { + /* + * Check if the current certificate is revoked by this CRL +@@ -412,13 +417,14 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx) + n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl)); + for (i = 0; i < n; i++) { + revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i); +- if (ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(xs)) == 0) { ++ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked), ++ X509_get_serialNumber(xs)) == 0) { + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED); +- X509_OBJECT_free_contents(&obj); ++ X509_OBJECT_free(obj); + return 0; + } + } +- X509_OBJECT_free_contents(&obj); ++ X509_OBJECT_free(obj); + } + return ok; + }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108260410.17Q4AN6F033780>