Date: Thu, 8 Mar 2018 13:49:32 +0000 (UTC) From: Dirk Meyer <dinoex@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r463887 - in head/mail/sendmail: . files Message-ID: <201803081349.w28DnWum050213@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dinoex Date: Thu Mar 8 13:49:32 2018 New Revision: 463887 URL: https://svnweb.freebsd.org/changeset/ports/463887 Log: - fix "exited on signal 11" when dhparams file is missing. PR: 226431 Modified: head/mail/sendmail/Makefile head/mail/sendmail/files/patch-tls.c Modified: head/mail/sendmail/Makefile ============================================================================== --- head/mail/sendmail/Makefile Thu Mar 8 12:43:48 2018 (r463886) +++ head/mail/sendmail/Makefile Thu Mar 8 13:49:32 2018 (r463887) @@ -2,7 +2,7 @@ PORTNAME= sendmail PORTVERSION= 8.15.2 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES= mail ipv6 MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/ PKGNAMESUFFIX?= ${TLS_SUFFIX}${SASL_SUFFIX}${LDAP_SUFFIX}${BDB_SUFFIX}${PKGNAMESUFFIX2} Modified: head/mail/sendmail/files/patch-tls.c ============================================================================== --- head/mail/sendmail/files/patch-tls.c Thu Mar 8 12:43:48 2018 (r463886) +++ head/mail/sendmail/files/patch-tls.c Thu Mar 8 13:49:32 2018 (r463887) @@ -10,7 +10,7 @@ # ifndef HASURANDOMDEV # include <openssl/rand.h> # endif /* ! HASURANDOMDEV */ -@@ -44,6 +47,22 @@ static bool tls_safe_f __P((char *, long +@@ -44,6 +47,23 @@ static bool tls_safe_f __P((char *, long static int tls_verify_log __P((int, X509_STORE_CTX *, const char *)); # if !NO_DH @@ -24,7 +24,8 @@ + BIGNUM *g; +{ + dh->p=p; -+ dh->q=q; ++ if (q != NULL) ++ dh->q=q; + dh->g=g; + return 1; /* success */ +} @@ -33,7 +34,7 @@ static DH *get_dh512 __P((void)); static unsigned char dh512_p[] = -@@ -64,13 +83,21 @@ static DH * +@@ -64,13 +84,19 @@ static DH * get_dh512() { DH *dh = NULL; @@ -45,8 +46,8 @@ - dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - return NULL; -+ dhp_bn=BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); -+ dhg_bn=BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); ++ dhp_bn = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); ++ dhg_bn = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); + if ((dhp_bn == NULL) || (dhg_bn == NULL) || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) + { + DH_free(dh); @@ -54,12 +55,10 @@ + BN_free(dhg_bn); + return(NULL); + } -+ BN_free(dhp_bn); -+ BN_free(dhg_bn); return dh; } -@@ -117,16 +144,21 @@ get_dh2048() +@@ -117,14 +143,17 @@ get_dh2048() }; static unsigned char dh2048_g[]={ 0x02, }; DH *dh; @@ -70,8 +69,8 @@ - dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); - dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); - if ((dh->p == NULL) || (dh->g == NULL)) -+ dhp_bn=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); -+ dhg_bn=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); ++ dhp_bn = BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); ++ dhg_bn = BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); + if ((dhp_bn == NULL) || (dhg_bn == NULL) || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) { DH_free(dh); @@ -79,12 +78,8 @@ + BN_free(dhg_bn); return(NULL); } -+ BN_free(dhp_bn); -+ BN_free(dhg_bn); return(dh); - } - # endif /* !NO_DH */ -@@ -708,6 +740,44 @@ load_certkey(ssl, srv, certfile, keyfile +@@ -708,6 +737,32 @@ load_certkey(ssl, srv, certfile, keyfile static char server_session_id_context[] = "sendmail8"; @@ -94,34 +89,22 @@ + int num; + unsigned long e; +{ -+ RSA *rsa; ++ RSA *rsa = NULL; + BIGNUM *bn_rsa_r4; + int rc; + -+ rsa = RSA_new(); -+ if (rsa == NULL) -+ { -+ if (LogLevel > 0) -+ sm_syslog(LOG_ERR, NOQID, -+ "STARTTLS=server, tmp_rsa_key: RSA_new failed!"); -+ return NULL; -+ } ++ bn_rsa_r4 = BN_new(); + rc = BN_set_word(bn_rsa_r4, RSA_F4); -+ if (rc == 0) ++ if ((bn_rsa_r4 != NULL) && BN_set_word(bn_rsa_r4, RSA_F4) && (rsa = RSA_new()) != NULL) + { -+ if (LogLevel > 0) -+ sm_syslog(LOG_ERR, NOQID, -+ "STARTTLS=server, tmp_rsa_key: BN_set_word failed!"); -+ RSA_free(rsa); ++ if (!RSA_generate_key_ex(rsa, RSA_KEYLENGTH, bn_rsa_r4, NULL)) ++ { ++ RSA_free(rsa); ++ rsa = NULL; ++ } + return NULL; + } -+ rc = RSA_generate_key_ex(rsa, RSA_KEYLENGTH, bn_rsa_r4, NULL); + BN_free(bn_rsa_r4); -+ if (rc != 0) -+ { -+ RSA_free(rsa); -+ return NULL; -+ } + return rsa; +} +# endif /* !TLS_NO_RSA */ @@ -129,7 +112,7 @@ /* 0.9.8a and b have a problem with SSL_OP_TLS_BLOCK_PADDING_BUG */ #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 1 -@@ -926,7 +996,7 @@ inittls(ctx, req, options, srv, certfile +@@ -926,7 +981,7 @@ inittls(ctx, req, options, srv, certfile { /* get a pointer to the current certificate validation store */ store = SSL_CTX_get_cert_store(*ctx); /* does not fail */ @@ -138,7 +121,7 @@ if (crl_file != NULL) { if (BIO_read_filename(crl_file, CRLFile) >= 0) -@@ -1003,8 +1073,7 @@ inittls(ctx, req, options, srv, certfile +@@ -1003,8 +1058,7 @@ inittls(ctx, req, options, srv, certfile if (bitset(TLS_I_RSA_TMP, req) # if SM_CONF_SHM && ShmId != SM_SHM_NO_ID && @@ -148,7 +131,7 @@ # else /* SM_CONF_SHM */ && 0 /* no shared memory: no need to generate key now */ # endif /* SM_CONF_SHM */ -@@ -1209,9 +1278,10 @@ inittls(ctx, req, options, srv, certfile +@@ -1209,9 +1263,10 @@ inittls(ctx, req, options, srv, certfile if (tTd(96, 2)) sm_dprintf("inittls: Generating %d bit DH parameters\n", bits); @@ -161,7 +144,7 @@ dh = DSA_dup_DH(dsa); DSA_free(dsa); } -@@ -1744,7 +1814,7 @@ tmp_rsa_key(s, export, keylength) +@@ -1744,7 +1799,7 @@ tmp_rsa_key(s, export, keylength) if (rsa_tmp != NULL) RSA_free(rsa_tmp); @@ -170,7 +153,7 @@ if (rsa_tmp == NULL) { if (LogLevel > 0) -@@ -1971,9 +2041,9 @@ x509_verify_cb(ok, ctx) +@@ -1971,9 +2026,9 @@ x509_verify_cb(ok, ctx) { if (LogLevel > 13) tls_verify_log(ok, ctx, "x509");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803081349.w28DnWum050213>