Date: Thu, 23 Jan 2014 00:01:14 GMT From: David Shane Holden <dpejesh@yahoo.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/186025: [patch] security/tinyca: add support for openssl 1.0.1 and fix warnings Message-ID: <201401230001.s0N01Eve037965@oldred.freebsd.org> Resent-Message-ID: <201401230010.s0N0A0Mt018288@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 186025 >Category: ports >Synopsis: [patch] security/tinyca: add support for openssl 1.0.1 and fix warnings >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Jan 23 00:10:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: David Shane Holden >Release: 10.0-RELEASE >Organization: >Environment: FreeBSD i7x 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014 root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 >Description: Since it appears TinyCA isn't really maintained anymore, Debian applied the following patches to their package to support OpenSSL 1.0.1 and to fix some warnings. After upgrading to FreeBSD 10 I ran into the same problem. To be consistent I just applied their patches in their entirety instead of pulling out the OpenSSL part. https://lists.debian.org/debian-release/2013/03/msg00954.html >How-To-Repeat: >Fix: Patch attached with submission follows: diff --git a/security/tinyca/Makefile b/security/tinyca/Makefile index 0b672ed..de7bae7 100644 --- a/security/tinyca/Makefile +++ b/security/tinyca/Makefile @@ -3,7 +3,7 @@ PORTNAME= tinyca PORTVERSION= 0.7.5 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security net MASTER_SITES= http://tinyca.sm-zone.net/ \ http://tinyca.sm-zone.net/old/ diff --git a/security/tinyca/files/patch-lib::GUI.pm b/security/tinyca/files/patch-lib::GUI.pm new file mode 100644 index 0000000..e25af89 --- /dev/null +++ b/security/tinyca/files/patch-lib::GUI.pm @@ -0,0 +1,92 @@ +--- lib/GUI.pm.orig ++++ lib/GUI.pm +@@ -978,7 +978,7 @@ + $piter = $store->append($root); + $store->set($piter, 0 => $t); + +- for my $l qw(CN EMAIL O OU C ST L) { ++ for my $l (qw(CN EMAIL O OU C ST L)) { + if(defined($parsed->{$l})) { + if($l eq "OU") { + foreach my $ou (@{$parsed->{'OU'}}) { +@@ -1003,7 +1003,7 @@ + $piter = $store->append($root); + $store->set($piter, 0 => $t); + +- for my $l qw(CN EMAIL O OU C ST L) { ++ for my $l (qw(CN EMAIL O OU C ST L)) { + if(defined($parsed->{'ISSUERDN'}->{$l})) { + if($l eq "OU") { + foreach my $ou (@{$parsed->{'ISSUERDN'}->{'OU'}}) { +@@ -1029,7 +1029,7 @@ + $piter = $store->append($root); + $store->set($piter, 0 => $t); + +- for my $l qw(STATUS NOTBEFORE NOTAFTER) { ++ for my $l (qw(STATUS NOTBEFORE NOTAFTER)) { + if(defined($parsed->{$l})) { + $citer = $store->append($piter); + $store->set($citer, +@@ -1045,7 +1045,7 @@ + $store->set($piter, 0 => $t); + + +- for my $l qw(STATUS SERIAL KEYSIZE PK_ALGORITHM SIG_ALGORITHM TYPE) { ++ for my $l (qw(STATUS SERIAL KEYSIZE PK_ALGORITHM SIG_ALGORITHM TYPE)) { + if(defined($parsed->{$l})) { + $citer = $store->append($piter); + $store->set($citer, +@@ -1060,7 +1060,7 @@ + $piter = $store->append($root); + $store->set($piter, 0 => $t); + +- for my $l qw(FINGERPRINTMD5 FINGERPRINTSHA1) { ++ for my $l (qw(FINGERPRINTMD5 FINGERPRINTSHA1)) { + if(defined($parsed->{$l})) { + $citer = $store->append($piter); + $store->set($citer, +@@ -1249,7 +1249,7 @@ + # table for request data + my $cc=0; + my $ous = 1; +- if(defined($opts->{'OU'})) { ++ if(defined($opts->{'OU'}) and defined @{$opts->{'OU'}}) { + $ous = @{$opts->{'OU'}} - 1; + } + $reqtable = Gtk2::Table->new(1, 13 + $ous, 0); +@@ -1297,7 +1297,7 @@ + _("Organization Name (eg. company):"), + \$opts->{'O'}, $reqtable, 10, 1); + +- if(defined($opts->{'OU'})) { ++ if(defined($opts->{'OU'}) and defined @{$opts->{'OU'}}) { + foreach my $ou (@{$opts->{'OU'}}) { + $entry = GUI::HELPERS::entry_to_table( + _("Organizational Unit Name (eg. section):"), +@@ -2521,7 +2521,7 @@ + my ($aboutdialog, $href, $label); + + $aboutdialog = Gtk2::AboutDialog->new(); +- $aboutdialog->set_name("TinyCA2"); ++ $aboutdialog->set_program_name("TinyCA2"); + $aboutdialog->set_version($main->{'version'}); + $aboutdialog->set_copyright("2002-2006 Stephan Martin"); + $aboutdialog->set_license("GNU Public License (GPL)"); +@@ -2534,6 +2534,8 @@ + _("French: Thibault Le Meur <Thibault.Lemeur\@supelec.fr>")); + + $aboutdialog->show_all(); ++ $aboutdialog->run; ++ $aboutdialog->destroy; + + return; + } +@@ -2634,7 +2636,7 @@ + + my ($box, $button_ok, $button_cancel, $t); + +- $t = _("The Certificate will be longer valid than your CA!"); ++ $t = _("The certificate will be valid longer than its CA!"); + $t .= "\n"; + $t .= _("This may cause problems with some software!!"); + diff --git a/security/tinyca/files/patch-lib::OpenSSL.pm b/security/tinyca/files/patch-lib::OpenSSL.pm new file mode 100644 index 0000000..7ee03bf --- /dev/null +++ b/security/tinyca/files/patch-lib::OpenSSL.pm @@ -0,0 +1,143 @@ +--- lib/OpenSSL.pm.orig ++++ lib/OpenSSL.pm +@@ -22,6 +22,7 @@ + + use POSIX; + use IPC::Open3; ++use IO::Select; + use Time::Local; + + sub new { +@@ -41,7 +42,7 @@ + close(TEST); + + # set version (format: e.g. 0.9.7 or 0.9.7a) +- if($v =~ /\b(0\.9\.[678][a-z]?)\b/) { ++ if($v =~ /\b(0\.9\.[6-9][a-z]?)\b/ || $v =~ /\b(1\.0\.[01][a-z]?)\b/) { + $self->{'version'} = $1; + } + +@@ -817,7 +818,7 @@ + my $self = shift; + my $opts = { @_ }; + +- my ($tmp, $ext, $ret, $file, $pid, $cmd); ++ my ($tmp, $ext, $ret, $file, $pid, $cmd, $cmdout, $cmderr); + $file = HELPERS::mktmp($self->{'tmp'}."/data"); + + $cmd = "$self->{'bin'} $opts->{'cmd'}"; +@@ -830,16 +831,7 @@ + $cmd .= " -outform $opts->{'outform'}"; + } + +- my($rdfh, $wtfh); +- $ext = "$cmd\n\n"; +- $pid = open3($wtfh, $rdfh, $rdfh, $cmd); +- print $wtfh "$opts->{'data'}\n"; +- while(<$rdfh>){ +- $ext .= $_; +- # print STDERR "DEBUG: cmd ret: $_"; +- }; +- waitpid($pid, 0); +- $ret = $?>>8; ++ ($ret, $tmp, $ext) = _run_with_fixed_input($cmd, $opts->{'data'}); + + if($self->{'broken'}) { + if(($ret != 0 && $opts->{'cmd'} ne 'crl') || +@@ -859,14 +851,15 @@ + } + } + +- open(IN, $file) || do { +- my $t = sprintf(_("Can't open file %s: %s"), $file, $!); +- GUI::HELPERS::print_warning($t); +- return; +- }; +- $tmp .= $_ while(<IN>); +- close(IN); +- ++ if (-s $file) { # If the file is empty, the payload is in $tmp (via STDOUT of the called process). ++ open(IN, $file) || do { ++ my $t = sprintf(_("Can't open file %s: %s"), $file, $!); ++ GUI::HELPERS::print_warning($t); ++ return; ++ }; ++ $tmp .= $_ while(<IN>); ++ close(IN); ++ } + unlink($file); + + return($ret, $tmp, $ext); +@@ -1076,4 +1069,72 @@ + } + } + ++ ++=over ++ ++=item _run_with_fixed_input($cmd, $input) ++ ++This function runs C<$cmd> and writes the C<$input> to STDIN of the ++new process (all at once). ++ ++While the command runs, all of its output to STDOUT and STDERR is ++collected. ++ ++After the command terminates (closes both STDOUT and STDIN) the ++function returns the command's return value as well as everything it ++wrote to its STDOUT and STDERR in a list. ++ ++=back ++ ++=cut ++ ++sub _run_with_fixed_input { ++ my $cmd = shift; ++ my $input = shift; ++ ++ my ($wtfh, $rdfh, $erfh, $pid, $sel, $ret, $stdout, $stderr); ++ $erfh = Symbol::gensym; # Must not be false, otherwise it is lumped together with rdfh ++ ++ # Run the command ++ $pid = open3($wtfh, $rdfh, $erfh, $cmd); ++ print $wtfh $input, "\n"; ++ ++ $stdout = ''; ++ $stderr = ''; ++ $sel = new IO::Select($rdfh, $erfh); ++ while (my @fhs = $sel->can_read()) { ++ foreach my $fh (@fhs) { ++ if ($fh == $rdfh) { # STDOUT ++ my $bytes_read = sysread($fh, my $buf='', 1024); ++ if ($bytes_read == -1) { ++ warn("Error reading from child's STDOUT: $!\n"); ++ $sel->remove($fh); ++ } elsif ($bytes_read == 0) { ++ # print("Child's STDOUT closed.\n"); ++ $sel->remove($fh); ++ } else { ++ $stdout .= $buf; ++ } ++ } ++ elsif ($fh == $erfh) { # STDERR ++ my $bytes_read = sysread($fh, my $buf='', 1024); ++ if ($bytes_read == -1) { ++ warn("Error reading from child's STDERR: $!\n"); ++ $sel->remove($fh); ++ } elsif ($bytes_read == 0) { ++ # print("Child's STDERR closed.\n"); ++ $sel->remove($fh); ++ } else { ++ $stderr .= $buf; ++ } ++ } ++ } ++ } ++ ++ waitpid($pid, 0); ++ $ret = $?>>8; ++ ++ return ($ret, $stdout, $stderr) ++ } ++ + 1 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401230001.s0N01Eve037965>