From nobody Sun Oct 30 15:44:42 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N0gZf6pTLz4h9Fq; Sun, 30 Oct 2022 15:44:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4N0gZf69srz42x3; Sun, 30 Oct 2022 15:44:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1667144682; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Km7Q70lef71NsalZroZEbXq6MD74HQmowjh3/yJckAw=; b=dydXpRRFg3VnCjb5uI+63NZO6psktwnCEZ8HzMgyJSqj9r49B/4PCWNaMChSaQ69HHFfqc 2pzZx5tjz1S74YGaecLq8rQ4cfZpM4ioQPH7N3rAkh5qWNyDbEr7SJGeyf+BuPjo7pSKUQ /+9wwZmwW+J/zA6/u9JewQ6oce1KAm5AQfBWO8wS0i/e2bdzhOnvB/CeAvg/dcKwdFbDB/ vm5v2/FiB2V2wYHG/z6hD1/zwEwQp+/NDh4tNKksYKS2MqiieFlSBr8JwpcnGz53IuTEIW Uu7xnsHDNNtXtGGecu+PnaZh2zhHRRQubDV6YCdYaygoMSlxtc2+zL3O+yn98g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4N0gZf5BWSz12B4; Sun, 30 Oct 2022 15:44:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 29UFigQn040467; Sun, 30 Oct 2022 15:44:42 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 29UFigAO040466; Sun, 30 Oct 2022 15:44:42 GMT (envelope-from git) Date: Sun, 30 Oct 2022 15:44:42 GMT Message-Id: <202210301544.29UFigAO040466@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Felix Palmen Subject: git: 5a84f8764063 - main - security/krb5-120: Fix build with libressl 3.5 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: zirias X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5a84f8764063d95a1f6f2965785fd9b7effbb40f Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1667144682; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Km7Q70lef71NsalZroZEbXq6MD74HQmowjh3/yJckAw=; b=V0VzQOvX6g3tguJA0y8WvDPY2qq56C3sPtD943z6ix1/iUE1ghm/lWH7ZglcFQeVfVzzFS WEjInnzRTpV2Nx/rC2PCfFROkRiD3ZL4VF3OzKZvcLbUwJKM2pfL3HPLrPyQTXUE3J3uSU WMmieZfwYf5DS51V2ALFkqzzCLADzM+L4tpGh0L8YUU3Zta2m1uEgJilaiDNjHkIvu/50h YCZxqkjeqWgcCT42wvVX/wNRTKpuIVF2tVIjtC9bevy7qO9iCJzuLo7uGdt5OPNDhdQp7u DZJ3ICgwr+hGBPQlYfwiY4ZklNSD8q/9vkbZSJLKA+t+uPrBVqkkSNPNmrdsAQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1667144682; a=rsa-sha256; cv=none; b=xP6mrGQTRinUU6+6FPBZcgfqZpj08SvWTXLKvfpqRi4kADglDFkC+dvlVOLDucA7h3GBtU H/jEyVFr1KGMClvkbsu2IFNYzCNfHqDF8INVXlu/Kv1BzNWsO8tw48eAKGOTmB+lAYJQi7 dx9p6Djzdvn7uJ68VHY1jN9lgGZUJLG7TaEWwmMd9+m6JWgZtv2dD02/AcySQ3p6nk+5or uMz1GTSQKci+i2TsAz0iW+K4t7cqfvmcu1KRRpnf9OKZ/dKlbLPOi+C+stWCFpMcb9pB9w EBO3qieo1kmyyD0rA5fO8mX7jyBIWs7bgKJ636X3Wg73+cCGE8CUFSY93c1yWQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by zirias: URL: https://cgit.FreeBSD.org/ports/commit/?id=5a84f8764063d95a1f6f2965785fd9b7effbb40f commit 5a84f8764063d95a1f6f2965785fd9b7effbb40f Author: Felix Palmen AuthorDate: 2022-10-17 08:44:39 +0000 Commit: Felix Palmen CommitDate: 2022-10-30 15:43:23 +0000 security/krb5-120: Fix build with libressl 3.5 Approved by: cy (maintainer), tcberner (mentor) Differential Revision: https://reviews.freebsd.org/D37046 --- security/krb5-120/Makefile | 2 - ...lugins_preauth_pkinit_pkinit__crypto__openssl.c | 54 +++++++++++++++------- 2 files changed, 37 insertions(+), 19 deletions(-) diff --git a/security/krb5-120/Makefile b/security/krb5-120/Makefile index d7fd0095f7a3..71b22f51b4fc 100644 --- a/security/krb5-120/Makefile +++ b/security/krb5-120/Makefile @@ -18,8 +18,6 @@ LICENSE= MIT CONFLICTS= heimdal krb5 krb5-11* CONFLICTS_BUILD= boringssl -IGNORE_SSL= libressl libressl-devel - KERBEROSV_URL= http://web.mit.edu/kerberos/ USES= compiler:c++11-lang cpe gmake gettext-runtime \ gssapi:bootstrap,mit libtool:build localbase \ diff --git a/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c b/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c index a26d295ebf75..71d27a31b406 100644 --- a/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c +++ b/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c @@ -1,23 +1,43 @@ ---- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2021-11-05 16:24:07.000000000 -0700 -+++ plugins/preauth/pkinit/pkinit_crypto_openssl.c 2021-11-08 10:10:45.431325000 -0800 -@@ -178,7 +178,8 @@ +--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2022-10-17 09:52:43 UTC ++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -184,6 +184,17 @@ pkcs11err(int err); (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) #endif --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \ -+ defined(LIBRESSL_VERSION_NUMBER) - - /* 1.1 standardizes constructor and destructor names, renaming - * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ -@@ -722,6 +723,10 @@ - DH_free(dh); - return pkey; - } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + -+#if defined(LIBRESSL_VERSION_NUMBER) && !defined(static_ASN1_SEQUENCE_END_name) -+#define static_ASN1_SEQUENCE_END_name ASN1_SEQUENCE_END_name ++/* ++ * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we ++ * need for PKINIT. For 1.0 we must use the original DH type when creating ++ * EVP_PKEY objects. ++ */ ++#define EVP_PKEY_DHX EVP_PKEY_DH ++#define d2i_DHxparams d2i_DHparams +#endif ++ + #if OPENSSL_VERSION_NUMBER < 0x10100000L - static struct pkcs11_errstrings { - short code; + /* 1.1 standardizes constructor and destructor names, renaming +@@ -193,13 +204,6 @@ pkcs11err(int err); + #define EVP_MD_CTX_free EVP_MD_CTX_destroy + #define ASN1_STRING_get0_data ASN1_STRING_data + +-/* +- * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we +- * need for PKINIT. For 1.0 we must use the original DH type when creating +- * EVP_PKEY objects. +- */ +-#define EVP_PKEY_DHX EVP_PKEY_DH +- + /* 1.1 makes many handle types opaque and adds accessors. Add compatibility + * versions of the new accessors we use for pre-1.1. */ + +@@ -588,7 +592,7 @@ set_padded_derivation(EVP_PKEY_CTX *ctx) + { + EVP_PKEY_CTX_set_dh_pad(ctx, 1); + } +-#elif OPENSSL_VERSION_NUMBER >= 0x10100000L ++#elif OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + static void + set_padded_derivation(EVP_PKEY_CTX *ctx) + {