Date: Sat, 20 May 2017 18:49:11 +0000 (UTC) From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r441330 - head/mail/postfix-current/files Message-ID: <201705201849.v4KInBJb060839@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brnrd Date: Sat May 20 18:49:10 2017 New Revision: 441330 URL: https://svnweb.freebsd.org/changeset/ports/441330 Log: mail/postfix-current: Fix x25519 kex with LibreSSL - Add patches for LibreSSL PR: 216790 Obtained from: OpenBSD ports Approved by: ohauer (maintainer) Modified: head/mail/postfix-current/files/patch-src_tls_tls.h head/mail/postfix-current/files/patch-src_tls_tls__dh.c Modified: head/mail/postfix-current/files/patch-src_tls_tls.h ============================================================================== --- head/mail/postfix-current/files/patch-src_tls_tls.h Sat May 20 18:34:55 2017 (r441329) +++ head/mail/postfix-current/files/patch-src_tls_tls.h Sat May 20 18:49:10 2017 (r441330) @@ -1,7 +1,8 @@ -# fix build against LibreSSL -# Obtained from: http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/mail/postfix/stable/patches/ -# ---- src/tls/tls.h.orig 2016-02-06 20:09:41 UTC +$OpenBSD: patch-src_tls_tls_h,v 1.2 2017/03/04 22:09:43 sthen Exp $ + +Fix building with LibreSSL + +--- src/tls/tls.h.orig 2017-01-01 22:22:13 UTC +++ src/tls/tls.h @@ -89,7 +89,7 @@ extern const char *str_tls_level(int); #endif @@ -12,3 +13,13 @@ #define OpenSSL_version_num SSLeay #define OpenSSL_version SSLeay_version #define OPENSSL_VERSION SSLEAY_VERSION +@@ -104,6 +104,9 @@ extern const char *str_tls_level(int); + #define ASN1_STRING_get0_data ASN1_STRING_data + #define X509_getm_notBefore X509_get_notBefore + #define X509_getm_notAfter X509_get_notAfter ++#endif ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #define TLS_method SSLv23_method + #define TLS_client_method SSLv23_client_method + #define TLS_server_method SSLv23_server_method Modified: head/mail/postfix-current/files/patch-src_tls_tls__dh.c ============================================================================== --- head/mail/postfix-current/files/patch-src_tls_tls__dh.c Sat May 20 18:34:55 2017 (r441329) +++ head/mail/postfix-current/files/patch-src_tls_tls__dh.c Sat May 20 18:49:10 2017 (r441330) @@ -1,48 +1,15 @@ -PR 216732: Fix build with libressl < 2.5.1 -========================================================= +$OpenBSD: patch-src_tls_tls_dh_c,v 1.1 2017/03/04 22:09:43 sthen Exp $ + +Fix building with LibreSSL + --- src/tls/tls_dh.c.orig 2016-12-26 23:47:24 UTC +++ src/tls/tls_dh.c -@@ -94,7 +94,7 @@ - #define TLS_INTERNAL - #include <tls.h> - #include <openssl/dh.h> --#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) -+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) && !defined(LIBRESSL_VERSION_NUMBER) - #include <openssl/ec.h> - #endif - -@@ -244,7 +244,7 @@ DH *tls_tmp_dh_cb(SSL *unused_ssl, i - - void tls_auto_eecdh_curves(SSL_CTX *ctx) - { --#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) -+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) && !defined(LIBRESSL_VERSION_NUMBER) - SSL_CTX *tmpctx; - int *nids; - int space = 5; -@@ -337,14 +337,14 @@ void tls_set_eecdh_curve(SSL_CTX *ser - #define TLS_EECDH_NONE 1 - #define TLS_EECDH_STRONG 2 - #define TLS_EECDH_ULTRA 3 --#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL -+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(LIBRESSL_VERSION_NUMBER) - #define TLS_EECDH_AUTO 4 - #endif - static NAME_CODE eecdh_table[] = { - "none", TLS_EECDH_NONE, - "strong", TLS_EECDH_STRONG, - "ultra", TLS_EECDH_ULTRA, --#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL -+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(LIBRESSL_VERSION_NUMBER) - "auto", TLS_EECDH_AUTO, - #endif - 0, TLS_EECDH_INVALID, -@@ -364,7 +364,7 @@ void tls_set_eecdh_curve(SSL_CTX *ser - case TLS_EECDH_ULTRA: - curve = var_tls_eecdh_ultra; - break; --#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL -+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(LIBRESSL_VERSION_NUMBER) - case TLS_EECDH_AUTO: - tls_auto_eecdh_curves(server_ctx); - return; +@@ -314,7 +314,7 @@ void tls_auto_eecdh_curves(SSL_CTX *c + * This is a NOP in OpenSSL 1.1.0 and later, where curves are always + * auto-negotiated. + */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000UL ++#if OPENSSL_VERSION_NUMBER < 0x10100000UL || defined(LIBRESSL_VERSION_NUMBER) + if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0) { + msg_warn("failed to enable automatic ECDHE curve selection"); + tls_print_errors();
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201705201849.v4KInBJb060839>