From owner-svn-ports-all@freebsd.org Fri Apr 12 17:11:39 2019 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65F7E1581A56; Fri, 12 Apr 2019 17:11:39 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0658F83DAF; Fri, 12 Apr 2019 17:11:39 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D3CFE2459C; Fri, 12 Apr 2019 17:11:38 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x3CHBcLX074071; Fri, 12 Apr 2019 17:11:38 GMT (envelope-from feld@FreeBSD.org) Received: (from feld@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x3CHBcp1074069; Fri, 12 Apr 2019 17:11:38 GMT (envelope-from feld@FreeBSD.org) Message-Id: <201904121711.x3CHBcp1074069@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: feld set sender to feld@FreeBSD.org using -f From: Mark Felder Date: Fri, 12 Apr 2019 17:11:38 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r498731 - in branches/2019Q2/security/tlswrap: . files X-SVN-Group: ports-branches X-SVN-Commit-Author: feld X-SVN-Commit-Paths: in branches/2019Q2/security/tlswrap: . files X-SVN-Commit-Revision: 498731 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 0658F83DAF X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.95 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.95)[-0.953,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 17:11:39 -0000 Author: feld Date: Fri Apr 12 17:11:38 2019 New Revision: 498731 URL: https://svnweb.freebsd.org/changeset/ports/498731 Log: MFH: r498730 security/tlswrap: Add patch to fix support for modern OpenSSL PR: 236137 Modified: branches/2019Q2/security/tlswrap/Makefile branches/2019Q2/security/tlswrap/files/patch-tls.c Directory Properties: branches/2019Q2/ (props changed) Modified: branches/2019Q2/security/tlswrap/Makefile ============================================================================== --- branches/2019Q2/security/tlswrap/Makefile Fri Apr 12 17:10:31 2019 (r498730) +++ branches/2019Q2/security/tlswrap/Makefile Fri Apr 12 17:11:38 2019 (r498731) @@ -3,7 +3,7 @@ PORTNAME= tlswrap PORTVERSION= 1.0.4 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= http://www.tlswrap.com/ DISTNAME= ${PORTNAME}-1.04 @@ -19,11 +19,6 @@ CFLAGS+= -I${OPENSSLINC} OPTIONS_DEFINE= DOCS .include - -.if ${SSL_DEFAULT} == base -BROKEN_FreeBSD_12= incomplete definition of type 'struct X509_extension_st' -BROKEN_FreeBSD_13= incomplete definition of type 'struct X509_extension_st' -.endif post-patch: @${REINPLACE_CMD} -E 's,^(CC|CFLAGS|LDFLAGS).*=,\1?=,g' \ Modified: branches/2019Q2/security/tlswrap/files/patch-tls.c ============================================================================== --- branches/2019Q2/security/tlswrap/files/patch-tls.c Fri Apr 12 17:10:31 2019 (r498730) +++ branches/2019Q2/security/tlswrap/files/patch-tls.c Fri Apr 12 17:11:38 2019 (r498731) @@ -1,6 +1,6 @@ ---- tls.c.orig 2006-11-25 19:52:08.000000000 +0100 -+++ tls.c 2015-04-19 15:53:43.000000000 +0200 -@@ -73,10 +73,12 @@ void tls_init(char *egd_sock) { +--- tls.c.orig 2006-11-25 18:52:08.000000000 +0000 ++++ tls.c 2019-03-22 17:37:16.971621000 +0000 +@@ -73,10 +73,12 @@ printf("egd_sock is %s\n", egd_sock); #ifdef HAVE_RAND_STATUS if (RAND_status() != 1) { @@ -13,3 +13,42 @@ if (RAND_status() != 1) sys_err("ssl_init: System without /dev/urandom, PRNG seeding must be done manually.\r\n"); } +@@ -258,7 +260,7 @@ + X509 *x509_peer; + X509_NAME *x509_subj; + X509_EXTENSION *x509_ext; +- X509V3_EXT_METHOD *x509_meth; ++ const X509V3_EXT_METHOD *x509_meth; + int ok, extcount, i, j; + char *extstr; + SSL *ssl; +@@ -294,15 +296,17 @@ + extstr = (char*)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(x509_ext))); + if (debug) printf("extstr = %s\n", extstr); + if (!strcmp(extstr, "subjectAltName")) { ++ ASN1_OCTET_STRING *x509_ext_data; + subjectaltname = 1; + if (!(x509_meth = X509V3_EXT_get(x509_ext))) + break; +- data1 = x509_ext->value->data; ++ x509_ext_data = X509_EXTENSION_get_data(x509_ext); ++ data1 = x509_ext_data->data; + #if (OPENSSL_VERSION_NUMBER > 0x00907000L) + if (x509_meth->it) +- ext_str = ASN1_item_d2i(NULL, &data1, x509_ext->value->length, ASN1_ITEM_ptr(x509_meth->it)); ++ ext_str = ASN1_item_d2i(NULL, &data1, x509_ext_data->length, ASN1_ITEM_ptr(x509_meth->it)); + else +- ext_str = x509_meth->d2i(NULL, &data1, x509_ext->value->length); ++ ext_str = x509_meth->d2i(NULL, &data1, x509_ext_data->length); + #else + ext_str = x509_meth->d2i(NULL, &data1, x509_ext->value->length); + #endif +@@ -341,7 +345,7 @@ + tls_auth_cont(struct user_data *ud, int data) + { + int status, sslerr, cert_ok; +- SSL_CIPHER *cipher; ++ const SSL_CIPHER *cipher; + char cipher_info[128]; + SSL *ssl; +