Date: Sun, 30 Oct 2022 15:44:42 GMT From: Felix Palmen <zirias@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 5a84f8764063 - main - security/krb5-120: Fix build with libressl 3.5 Message-ID: <202210301544.29UFigAO040466@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by zirias: URL: https://cgit.FreeBSD.org/ports/commit/?id=5a84f8764063d95a1f6f2965785fd9b7effbb40f commit 5a84f8764063d95a1f6f2965785fd9b7effbb40f Author: Felix Palmen <zirias@FreeBSD.org> AuthorDate: 2022-10-17 08:44:39 +0000 Commit: Felix Palmen <zirias@FreeBSD.org> CommitDate: 2022-10-30 15:43:23 +0000 security/krb5-120: Fix build with libressl 3.5 Approved by: cy (maintainer), tcberner (mentor) Differential Revision: https://reviews.freebsd.org/D37046 --- security/krb5-120/Makefile | 2 - ...lugins_preauth_pkinit_pkinit__crypto__openssl.c | 54 +++++++++++++++------- 2 files changed, 37 insertions(+), 19 deletions(-) diff --git a/security/krb5-120/Makefile b/security/krb5-120/Makefile index d7fd0095f7a3..71b22f51b4fc 100644 --- a/security/krb5-120/Makefile +++ b/security/krb5-120/Makefile @@ -18,8 +18,6 @@ LICENSE= MIT CONFLICTS= heimdal krb5 krb5-11* CONFLICTS_BUILD= boringssl -IGNORE_SSL= libressl libressl-devel - KERBEROSV_URL= http://web.mit.edu/kerberos/ USES= compiler:c++11-lang cpe gmake gettext-runtime \ gssapi:bootstrap,mit libtool:build localbase \ diff --git a/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c b/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c index a26d295ebf75..71d27a31b406 100644 --- a/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c +++ b/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c @@ -1,23 +1,43 @@ ---- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2021-11-05 16:24:07.000000000 -0700 -+++ plugins/preauth/pkinit/pkinit_crypto_openssl.c 2021-11-08 10:10:45.431325000 -0800 -@@ -178,7 +178,8 @@ +--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2022-10-17 09:52:43 UTC ++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -184,6 +184,17 @@ pkcs11err(int err); (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) #endif --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \ -+ defined(LIBRESSL_VERSION_NUMBER) - - /* 1.1 standardizes constructor and destructor names, renaming - * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ -@@ -722,6 +723,10 @@ - DH_free(dh); - return pkey; - } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + -+#if defined(LIBRESSL_VERSION_NUMBER) && !defined(static_ASN1_SEQUENCE_END_name) -+#define static_ASN1_SEQUENCE_END_name ASN1_SEQUENCE_END_name ++/* ++ * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we ++ * need for PKINIT. For 1.0 we must use the original DH type when creating ++ * EVP_PKEY objects. ++ */ ++#define EVP_PKEY_DHX EVP_PKEY_DH ++#define d2i_DHxparams d2i_DHparams +#endif ++ + #if OPENSSL_VERSION_NUMBER < 0x10100000L - static struct pkcs11_errstrings { - short code; + /* 1.1 standardizes constructor and destructor names, renaming +@@ -193,13 +204,6 @@ pkcs11err(int err); + #define EVP_MD_CTX_free EVP_MD_CTX_destroy + #define ASN1_STRING_get0_data ASN1_STRING_data + +-/* +- * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we +- * need for PKINIT. For 1.0 we must use the original DH type when creating +- * EVP_PKEY objects. +- */ +-#define EVP_PKEY_DHX EVP_PKEY_DH +- + /* 1.1 makes many handle types opaque and adds accessors. Add compatibility + * versions of the new accessors we use for pre-1.1. */ + +@@ -588,7 +592,7 @@ set_padded_derivation(EVP_PKEY_CTX *ctx) + { + EVP_PKEY_CTX_set_dh_pad(ctx, 1); + } +-#elif OPENSSL_VERSION_NUMBER >= 0x10100000L ++#elif OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + static void + set_padded_derivation(EVP_PKEY_CTX *ctx) + {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202210301544.29UFigAO040466>