From nobody Mon Nov 20 03:41:04 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SYYFX5vPhz51pbT; Mon, 20 Nov 2023 03:41:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SYYFX5Cx8z4QZf; Mon, 20 Nov 2023 03:41:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1700451664; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=H40XUcSTvOs4VRKb02x0joOx4lUhe0XlO5ksPp5ExfQ=; b=jpH0fxLk95uOw0tcbSrGJhl9NuE8Y/XF/9kQ9B0lVsE1VUk7MjJJYBuQqJx1FecEIcqTOh m1K4N1QYALB8LIF7vGyRYApScDXqEEh+WlS9fAJ5fnz/Rl0BAfWg1JGMFVhAcerojnHr0A jimQw3zYG5lcYxHos3Spg+G6x/cmOxFsVgQMtM93SHY2Bhum2IiWMNRePQ6hoOPtKFgYf8 AexAlUrCw0Kff2hSZRf7D28K2DCPqjlLR/wao1QtXGTLTFhg7ufIkRppfUOUakLeqH0Y7o qWmHhQmevN9La6OgQxM66MCOWbQadhefbTTgl/9gdWLpl5iAEpyzAG/rse8JcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1700451664; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=H40XUcSTvOs4VRKb02x0joOx4lUhe0XlO5ksPp5ExfQ=; b=B7Ib+LYRJYH14HZg1WPJF/FERzPwMw7o0uEXYfPmZlGXhoQwmCMrVBdzpG7+gEZPca/okC mwLfzO6cgl+Wu7SwVsKkqDN3FQSDJwxwII6c7xVMBB4HjUI1Tfa/TYMoZKwqj0OYqDWPG+ OsUYX/5ppilkRpH3aMunvRmP3MVWpLNM1S0ka5WJImlis5XvzNyHya/QjBlm5tNuYHtbhX zamnMZBEAKg5k9OQRvQWYoiZM6yC26iEbGZf1wsJWfmTcTJ+4jnQZwwovFfgi61sIhdPaJ FTY9m4f93t9eCOtvzE27snprXoa1geZxfh1+srJII3NVwqYneCwkWa7V23SFxw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700451664; a=rsa-sha256; cv=none; b=NQI3Dty2Qf0WUB7voOmJBPd2T4obchCC+qBuXMAwS0JRWfDvGEkAlfEXN5/QT0jD2MJSWF PzmyTul7GGVaOaHdSvcRDyQ49bgQcODipo4sXeIiIlXLmHmXehTZ2axD9PUw1O3K8EJOda b8MS71ZjduAoug0ByqosFC+Cb0cTbZ5jch1d/xhlqhfM2Ipb369CYPYkgK4tzpl0kqbsME 4Li/4pI9+yiijm3EUHyYmnJarHYw28k1tGioaIj3v1SdgfFg5TSByOpOcLKtSgHDwu/R3x 6O+jh+7dMNaYLBuaZdabS4BwszEovSVam9x2CDO8BK0rh2GDwqTVFRCc2PgOVQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SYYFX4G1NzcQR; Mon, 20 Nov 2023 03:41:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3AK3f4Ye052496; Mon, 20 Nov 2023 03:41:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3AK3f4wu052493; Mon, 20 Nov 2023 03:41:04 GMT (envelope-from git) Date: Mon, 20 Nov 2023 03:41:04 GMT Message-Id: <202311200341.3AK3f4wu052493@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Mikhail Teterin Subject: git: 2ed62c75d123 - main - devel/tcltls: adapt to OpenSSL-3.0, upgrade, fix tests. List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mi X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2ed62c75d1230bbe8268a1a3c54de2972d50dcf8 Auto-Submitted: auto-generated The branch main has been updated by mi: URL: https://cgit.FreeBSD.org/ports/commit/?id=2ed62c75d1230bbe8268a1a3c54de2972d50dcf8 commit 2ed62c75d1230bbe8268a1a3c54de2972d50dcf8 Author: Mikhail Teterin AuthorDate: 2023-11-20 03:38:38 +0000 Commit: Mikhail Teterin CommitDate: 2023-11-20 03:40:58 +0000 devel/tcltls: adapt to OpenSSL-3.0, upgrade, fix tests. PR: 275160 --- devel/tcltls/Makefile | 11 ++++++- devel/tcltls/distinfo | 6 ++-- devel/tcltls/files/dh_params.h | 28 ++++++++++++++++ devel/tcltls/files/patch-gen_dh_params | 27 --------------- devel/tcltls/files/patch-ssl_ignore_unexpected_eof | 14 ++++++++ devel/tcltls/files/patch-tests | 38 ++++++++++++++++++++++ devel/tcltls/files/patch-warnings | 30 +++++++++++++++++ 7 files changed, 123 insertions(+), 31 deletions(-) diff --git a/devel/tcltls/Makefile b/devel/tcltls/Makefile index 0480c0772178..d370430fad53 100644 --- a/devel/tcltls/Makefile +++ b/devel/tcltls/Makefile @@ -1,5 +1,5 @@ PORTNAME= tcltls -PORTVERSION= 1.7.18 +PORTVERSION= 1.7.22 CATEGORIES= devel security tcl MASTER_SITES= http://core.tcl.tk/tcltls/uv/ \ http://tcltls.rkeene.org/uv/ @@ -38,6 +38,15 @@ CFLAGS+= -Wno-error=int-conversion post-patch: ${MV} ${WRKSRC}/tests/ciphers.test ${WRKSRC}/tests/ciphers.test.broken + ${CP} ${FILESDIR}/dh_params.h ${WRKSRC}/ + +# Newer openssl-dhparam has no "-C" option, we emulate it here :-/ +post-configure: + ${OPENSSLBASE}/bin/openssl dhparam -text 2048 | \ + ${SED} -E -e '/^---/,/^---/d' \ + -e '/(DH|prime|generator)/d' \ + -e 's/([0-9a-h]{2})(:|$$)/0x\1, /g' \ + -e w${WRKSRC}/generateddh.txt post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR} diff --git a/devel/tcltls/distinfo b/devel/tcltls/distinfo index d0704b78bc7d..4602cf7c8969 100644 --- a/devel/tcltls/distinfo +++ b/devel/tcltls/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1556815670 -SHA256 (tcltls-1.7.18.tar.gz) = 6b21e7a4343bf8ae87358f933e98c61ea9c22162b916f35c9433e053a8f19b49 -SIZE (tcltls-1.7.18.tar.gz) = 163473 +TIMESTAMP = 1700353727 +SHA256 (tcltls-1.7.22.tar.gz) = e84e2b7a275ec82c4aaa9d1b1f9786dbe4358c815e917539ffe7f667ff4bc3b4 +SIZE (tcltls-1.7.22.tar.gz) = 165206 diff --git a/devel/tcltls/files/dh_params.h b/devel/tcltls/files/dh_params.h new file mode 100644 index 000000000000..21512fb11235 --- /dev/null +++ b/devel/tcltls/files/dh_params.h @@ -0,0 +1,28 @@ +/* + * OpenSSL no longer offers the "-C" option for its dhparam + * subcommand, so we keep our own C-code here... + */ + +static DH * get_dhParams(void) { + static unsigned char dhp_2048[] = { +#include "generateddh.txt" + }; + static unsigned char dhg_2048[] = { + 0x02 + }; + DH *dh = DH_new(); + BIGNUM *p, *g; + + if (dh == NULL) + return NULL; + p = BN_bin2bn(dhp_2048, sizeof(dhp_2048), NULL); + g = BN_bin2bn(dhg_2048, sizeof(dhg_2048), NULL); + if (p == NULL || g == NULL + || !DH_set0_pqg(dh, p, NULL, g)) { + DH_free(dh); + BN_free(p); + BN_free(g); + return NULL; + } + return dh; +} diff --git a/devel/tcltls/files/patch-gen_dh_params b/devel/tcltls/files/patch-gen_dh_params deleted file mode 100644 index 4179d9dd5884..000000000000 --- a/devel/tcltls/files/patch-gen_dh_params +++ /dev/null @@ -1,27 +0,0 @@ ---- gen_dh_params 2017-05-01 10:45:59.000000000 -0400 -+++ gen_dh_params 2017-05-16 18:19:20.703957000 -0400 -@@ -12,11 +12,8 @@ - - openssl_dhparam() { -- if [ -x "`which openssl 2>/dev/null`" ]; then -- o_output="`openssl dhparam -C "$@" 2>/dev/null`" || return 1 -- o_output="`echo "${o_output}" | sed 's/get_dh[0-9][0-9]*/get_dhParams/'`" || return 1 -- o_output="`echo "${o_output}" | sed '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d'`" || return 1 -- -- echo "${o_output}" -- -+ if openssl dhparam -C "$@" | sed \ -+ -e 's/^\(static \)*DH \*get_dh[0-9]*/static DH *get_dhParams/' \ -+ -e '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d' -+ then - return 0 - fi -@@ -273,6 +270,6 @@ - echo "*****************************" >&2 - gen_dh_params_openssl && exit 0 --gen_dh_params_remote && exit 0 --gen_dh_params_fallback && exit 0 -+# gen_dh_params_remote && exit 0 -+# gen_dh_params_fallback && exit 0 - - echo "Unable to generate parameters for DH of ${bits} bits" >&2 diff --git a/devel/tcltls/files/patch-ssl_ignore_unexpected_eof b/devel/tcltls/files/patch-ssl_ignore_unexpected_eof new file mode 100644 index 000000000000..6f588ed2e00d --- /dev/null +++ b/devel/tcltls/files/patch-ssl_ignore_unexpected_eof @@ -0,0 +1,14 @@ +See bug-report: + + https://core.tcl-lang.org/tcltls/tktview/88c0c84969 + +--- tls.c 2020-10-12 16:39:22.000000000 -0400 ++++ tls.c 2023-11-19 21:44:39.676318000 -0500 +@@ -1215,4 +1214,7 @@ + SSL_CTX_set_options( ctx, SSL_OP_ALL); /* all SSL bug workarounds */ + SSL_CTX_set_options( ctx, off); /* all SSL bug workarounds */ ++#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF ++ SSL_CTX_set_options( ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); ++#endif + SSL_CTX_sess_set_cache_size( ctx, 128); + diff --git a/devel/tcltls/files/patch-tests b/devel/tcltls/files/patch-tests new file mode 100644 index 000000000000..f5870aa09486 --- /dev/null +++ b/devel/tcltls/files/patch-tests @@ -0,0 +1,38 @@ +See bug-reports: + + https://core.tcl-lang.org/tcltls/tktview/bb7085cfdc + https://core.tcl-lang.org/tcltls/tktview/c6b35cf0e3 + https://core.tcl-lang.org/tcltls/tktview/64cdb76212 + +--- tests/tlsIO.test 2020-10-12 16:39:22.000000000 -0400 ++++ tests/tlsIO.test 2023-11-19 21:03:22.658062000 -0500 +@@ -1106,4 +1106,5 @@ + # need update to complete TLS handshake in-process + update ++ fconfigure $s1 -blocking 1 + set z [gets $s1] + close $s +@@ -2027,5 +2028,5 @@ + } {{} 0 {} 0 {}} + +-test tls-bug58-1.0 {test protocol negotiation failure} {socket} { ++test tls-bug58-1.0 {test protocol negotiation failure} -constraints {socket} -body { + # Following code is based on what was reported in bug #58. Prior + # to fix the program would crash with a segfault. +@@ -2062,5 +2063,5 @@ + } + set ::done +-} {handshake failed: wrong version number} ++} -result {handshake failed: *} -match glob + + # cleanup +--- tests/all.tcl 2020-10-12 16:39:22.000000000 -0400 ++++ tests/all.tcl 2023-11-19 21:19:34.128221000 -0500 +@@ -55,5 +55,5 @@ + # cleanup + puts stdout "\nTests ended at [eval $timeCmd]" ++set failCount [llength $::tcltest::failFiles] + ::tcltest::cleanupTests 1 +-return +- ++exit [expr $failCount > 0] diff --git a/devel/tcltls/files/patch-warnings b/devel/tcltls/files/patch-warnings new file mode 100644 index 000000000000..783d462e014b --- /dev/null +++ b/devel/tcltls/files/patch-warnings @@ -0,0 +1,30 @@ +See bug-report: + + https://core.tcl-lang.org/tcltls/tktview/539d25f105 + +--- tls.c 2020-10-12 16:39:22.000000000 -0400 ++++ tls.c 2023-11-19 21:30:03.357601000 -0500 +@@ -62,5 +62,5 @@ + Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]); + +-static SSL_CTX *CTX_Init(State *statePtr, int isServer, int proto, char *key, ++static SSL_CTX *CTX_Init(State *statePtr, int proto, char *key, + char *certfile, unsigned char *key_asn1, unsigned char *cert_asn1, + int key_asn1_len, int cert_asn1_len, char *CAdir, char *CAfile, +@@ -897,5 +897,5 @@ + ctx = ((State *)Tcl_GetChannelInstanceData(chan))->ctx; + } else { +- if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, ++ if ((ctx = CTX_Init(statePtr, proto, keyfile, certfile, key, + cert, key_len, cert_len, CAdir, CAfile, ciphers, + DHparams)) == (SSL_CTX*)0) { +@@ -1067,8 +1067,7 @@ + + static SSL_CTX * +-CTX_Init(statePtr, isServer, proto, keyfile, certfile, key, cert, ++CTX_Init(statePtr, proto, keyfile, certfile, key, cert, + key_len, cert_len, CAdir, CAfile, ciphers, DHparams) + State *statePtr; +- int isServer; + int proto; + char *keyfile;