Date: Sun, 4 Mar 2018 17:45:26 +0000 (UTC) From: Dirk Meyer <dinoex@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r463590 - in head/mail/sendmail: . files Message-ID: <201803041745.w24HjQKn071973@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dinoex Date: Sun Mar 4 17:45:26 2018 New Revision: 463590 URL: https://svnweb.freebsd.org/changeset/ports/463590 Log: - fix build with openssl 1.1 and libressl Added: head/mail/sendmail/files/patch-sm_os_freebsd.h - copied unchanged from r463589, head/mail/sendmail/files/patch-include_sm_os_sm__os__freebsd.h head/mail/sendmail/files/patch-tls.c (contents, props changed) Deleted: head/mail/sendmail/files/patch-include_sm_os_sm__os__freebsd.h Modified: head/mail/sendmail/Makefile Modified: head/mail/sendmail/Makefile ============================================================================== --- head/mail/sendmail/Makefile Sun Mar 4 17:45:25 2018 (r463589) +++ head/mail/sendmail/Makefile Sun Mar 4 17:45:26 2018 (r463590) @@ -2,7 +2,7 @@ PORTNAME= sendmail PORTVERSION= 8.15.2 -PORTREVISION= 7 +PORTREVISION= 8 CATEGORIES= mail ipv6 MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/ PKGNAMESUFFIX?= ${TLS_SUFFIX}${SASL_SUFFIX}${LDAP_SUFFIX}${BDB_SUFFIX}${PKGNAMESUFFIX2} Copied: head/mail/sendmail/files/patch-sm_os_freebsd.h (from r463589, head/mail/sendmail/files/patch-include_sm_os_sm__os__freebsd.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/mail/sendmail/files/patch-sm_os_freebsd.h Sun Mar 4 17:45:26 2018 (r463590, copy of r463589, head/mail/sendmail/files/patch-include_sm_os_sm__os__freebsd.h) @@ -0,0 +1,14 @@ +--- include/sm/os/sm_os_freebsd.h.orig ++++ include/sm/os/sm_os_freebsd.h +@@ -34,7 +34,11 @@ + # define SM_CONF_SHM 1 + #endif /* SM_CONF_SHM */ + #ifndef SM_CONF_SEM ++#if __FreeBSD_version < 1200059 + # define SM_CONF_SEM 1 ++#else ++# define SM_CONF_SEM 2 ++#endif + #endif /* SM_CONF_SEM */ + #ifndef SM_CONF_MSG + # define SM_CONF_MSG 1 Added: head/mail/sendmail/files/patch-tls.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/mail/sendmail/files/patch-tls.c Sun Mar 4 17:45:26 2018 (r463590) @@ -0,0 +1,184 @@ +--- sendmail/tls.c.orig 2015-06-20 01:37:28 UTC ++++ sendmail/tls.c +@@ -16,6 +16,9 @@ SM_RCSID("@(#)$Id: tls.c,v 8.127 2013-11 + # include <openssl/err.h> + # include <openssl/bio.h> + # include <openssl/pem.h> ++# if !NO_DH ++# include <openssl/dh.h> ++# endif /* !NO_DH */ + # ifndef HASURANDOMDEV + # include <openssl/rand.h> + # endif /* ! HASURANDOMDEV */ +@@ -44,6 +47,22 @@ static bool tls_safe_f __P((char *, long + static int tls_verify_log __P((int, X509_STORE_CTX *, const char *)); + + # if !NO_DH ++# if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100001L || \ ++ defined(LIBRESSL_VERSION_NUMBER) ++static int ++DH_set0_pqg(dh, p, q, g) ++ DH *dh; ++ BIGNUM *p; ++ BIGNUM *q; ++ BIGNUM *g; ++{ ++ dh->p=p; ++ dh->q=q; ++ dh->g=g; ++ return 1; /* success */ ++} ++# endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ ++ + static DH *get_dh512 __P((void)); + + static unsigned char dh512_p[] = +@@ -64,13 +83,21 @@ static DH * + get_dh512() + { + DH *dh = NULL; ++ BIGNUM *dhp_bn, *dhg_bn; + + if ((dh = DH_new()) == NULL) + return NULL; +- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); +- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) +- return NULL; ++ dhp_bn=BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); ++ dhg_bn=BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); ++ if ((dhp_bn == NULL) || (dhg_bn == NULL) || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) ++ { ++ DH_free(dh); ++ BN_free(dhp_bn); ++ BN_free(dhg_bn); ++ return(NULL); ++ } ++ BN_free(dhp_bn); ++ BN_free(dhg_bn); + return dh; + } + +@@ -117,16 +144,21 @@ get_dh2048() + }; + static unsigned char dh2048_g[]={ 0x02, }; + DH *dh; ++ BIGNUM *dhp_bn, *dhg_bn; + + if ((dh=DH_new()) == NULL) + return(NULL); +- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); +- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ dhp_bn=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); ++ dhg_bn=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); ++ if ((dhp_bn == NULL) || (dhg_bn == NULL) || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) + { + DH_free(dh); ++ BN_free(dhp_bn); ++ BN_free(dhg_bn); + return(NULL); + } ++ BN_free(dhp_bn); ++ BN_free(dhg_bn); + return(dh); + } + # endif /* !NO_DH */ +@@ -708,6 +740,44 @@ load_certkey(ssl, srv, certfile, keyfile + + static char server_session_id_context[] = "sendmail8"; + ++# if !TLS_NO_RSA ++static RSA * ++sm_RSA_generate_key(num, e) ++ int num; ++ unsigned long e; ++{ ++ RSA *rsa; ++ BIGNUM *bn_rsa_r4; ++ int rc; ++ ++ rsa = RSA_new(); ++ if (rsa == NULL) ++ { ++ if (LogLevel > 0) ++ sm_syslog(LOG_ERR, NOQID, ++ "STARTTLS=server, tmp_rsa_key: RSA_new failed!"); ++ return NULL; ++ } ++ rc = BN_set_word(bn_rsa_r4, RSA_F4); ++ if (rc == 0) ++ { ++ if (LogLevel > 0) ++ sm_syslog(LOG_ERR, NOQID, ++ "STARTTLS=server, tmp_rsa_key: BN_set_word failed!"); ++ RSA_free(rsa); ++ return NULL; ++ } ++ rc = RSA_generate_key_ex(rsa, RSA_KEYLENGTH, bn_rsa_r4, NULL); ++ BN_free(bn_rsa_r4); ++ if (rc != 0) ++ { ++ RSA_free(rsa); ++ return NULL; ++ } ++ return rsa; ++} ++# endif /* !TLS_NO_RSA */ ++ + /* 0.9.8a and b have a problem with SSL_OP_TLS_BLOCK_PADDING_BUG */ + #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) + # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 1 +@@ -926,7 +996,7 @@ inittls(ctx, req, options, srv, certfile + { + /* get a pointer to the current certificate validation store */ + store = SSL_CTX_get_cert_store(*ctx); /* does not fail */ +- crl_file = BIO_new(BIO_s_file_internal()); ++ crl_file = BIO_new(BIO_s_file()); + if (crl_file != NULL) + { + if (BIO_read_filename(crl_file, CRLFile) >= 0) +@@ -1003,8 +1073,7 @@ inittls(ctx, req, options, srv, certfile + if (bitset(TLS_I_RSA_TMP, req) + # if SM_CONF_SHM + && ShmId != SM_SHM_NO_ID && +- (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, +- NULL)) == NULL ++ (rsa_tmp = sm_RSA_generate_key(RSA_KEYLENGTH, RSA_F4)) == NULL + # else /* SM_CONF_SHM */ + && 0 /* no shared memory: no need to generate key now */ + # endif /* SM_CONF_SHM */ +@@ -1209,9 +1278,10 @@ inittls(ctx, req, options, srv, certfile + if (tTd(96, 2)) + sm_dprintf("inittls: Generating %d bit DH parameters\n", bits); + ++ dsa=DSA_new(); + /* this takes a while! */ +- dsa = DSA_generate_parameters(bits, NULL, 0, NULL, +- NULL, 0, NULL); ++ (void)DSA_generate_parameters_ex(dsa, bits, NULL, 0, ++ NULL, NULL, NULL); + dh = DSA_dup_DH(dsa); + DSA_free(dsa); + } +@@ -1744,7 +1814,7 @@ tmp_rsa_key(s, export, keylength) + + if (rsa_tmp != NULL) + RSA_free(rsa_tmp); +- rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL); ++ rsa_tmp = sm_RSA_generate_key(RSA_KEYLENGTH, RSA_F4); + if (rsa_tmp == NULL) + { + if (LogLevel > 0) +@@ -1971,9 +2041,9 @@ x509_verify_cb(ok, ctx) + { + if (LogLevel > 13) + tls_verify_log(ok, ctx, "x509"); +- if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL) ++ if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL) + { +- ctx->error = 0; ++ X509_STORE_CTX_set_error(ctx, 0); + return 1; /* override it */ + } + }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803041745.w24HjQKn071973>