From owner-svn-ports-all@freebsd.org  Sun May 14 10:04:29 2017
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 41E56D698AB;
 Sun, 14 May 2017 10:04:29 +0000 (UTC)
 (envelope-from brnrd@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1EFA71AD;
 Sun, 14 May 2017 10:04:29 +0000 (UTC)
 (envelope-from brnrd@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v4EA4Sdl061019;
 Sun, 14 May 2017 10:04:28 GMT (envelope-from brnrd@FreeBSD.org)
Received: (from brnrd@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v4EA4SBD061017;
 Sun, 14 May 2017 10:04:28 GMT (envelope-from brnrd@FreeBSD.org)
Message-Id: <201705141004.v4EA4SBD061017@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: brnrd set sender to
 brnrd@FreeBSD.org using -f
From: Bernard Spil <brnrd@FreeBSD.org>
Date: Sun, 14 May 2017 10:04:28 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r440871 - in head/ftp/proftpd: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 14 May 2017 10:04:29 -0000

Author: brnrd
Date: Sun May 14 10:04:27 2017
New Revision: 440871
URL: https://svnweb.freebsd.org/changeset/ports/440871

Log:
  ftp/proftpd: Fix LibreSSL patch
  
   - Adjust patch for mod_tls move to contrib/
   - Remove broken with LibreSSL
  
  PR:		217025
  Submitted by:	Ralf van der Enden <tremere@cainites.net>
  Approved by:	maintainer timeout

Added:
  head/ftp/proftpd/files/patch-contrib_mod__tls.c   (contents, props changed)
Modified:
  head/ftp/proftpd/Makefile

Modified: head/ftp/proftpd/Makefile
==============================================================================
--- head/ftp/proftpd/Makefile	Sun May 14 09:40:25 2017	(r440870)
+++ head/ftp/proftpd/Makefile	Sun May 14 10:04:27 2017	(r440871)
@@ -174,9 +174,6 @@ CONFIGURE_ARGS+=	--with-libraries=${LIBD
 .if ${SSL_DEFAULT:Mopenssl-devel}
 BROKEN=		Does not build with openssl-devel
 .endif
-.if ${SSL_DEFAULT:Mlibressl*}
-BROKEN=		Does not build with libressl
-.endif
 
 .if !defined(_BUILDING_PROFTPD_MODULE)
 

Added: head/ftp/proftpd/files/patch-contrib_mod__tls.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/ftp/proftpd/files/patch-contrib_mod__tls.c	Sun May 14 10:04:27 2017	(r440871)
@@ -0,0 +1,200 @@
+--- contrib/mod_tls.c.orig	2017-01-16 01:13:01 UTC
++++ contrib/mod_tls.c
+@@ -96,7 +96,7 @@ static DH *get_dh(BIGNUM *p, BIGNUM *g) 
+     return NULL;
+   }
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   if (DH_set0_pqg(dh, p, NULL, g) != 1) {
+     pr_trace_msg(trace_channel, 3, "error setting DH p/q parameters: %s",
+       ERR_error_string(ERR_get_error(), NULL));
+@@ -114,7 +114,7 @@ static DH *get_dh(BIGNUM *p, BIGNUM *g) 
+ static X509 *read_cert(FILE *fh, SSL_CTX *ssl_ctx) {
+   X509 *cert;
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   cert = PEM_read_X509(fh, NULL, SSL_CTX_get_default_passwd_cb(ssl_ctx),
+     SSL_CTX_get_default_passwd_cb_userdata(ssl_ctx));
+ #else
+@@ -128,7 +128,7 @@ static X509 *read_cert(FILE *fh, SSL_CTX
+ static int get_pkey_type(EVP_PKEY *pkey) {
+   int pkey_type;
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   pkey_type = EVP_PKEY_id(pkey);
+ #else
+   pkey_type = EVP_PKEY_type(pkey->type);
+@@ -609,7 +609,7 @@ static void tls_diags_cb(const SSL *ssl,
+         break;
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+       case TLS_ST_OK:
+ #else
+       case SSL_ST_OK:
+@@ -633,7 +633,7 @@ static void tls_diags_cb(const SSL *ssl,
+ 
+     ssl_state = SSL_get_state(ssl);
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     if (ssl_state == TLS_ST_SR_CLNT_HELLO) {
+ #else
+     if (ssl_state == SSL3_ST_SR_CLNT_HELLO_A ||
+@@ -675,7 +675,7 @@ static void tls_diags_cb(const SSL *ssl,
+       }
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x009080cfL && \
+-    OPENSSL_VERSION_NUMBER < 0x10100000L
++    (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
+     } else if (ssl_state & SSL_ST_RENEGOTIATE) {
+       if ((ssl == ctrl_ssl && !tls_ctrl_need_init_handshake) ||
+           (ssl != ctrl_ssl && !tls_data_need_init_handshake)) {
+@@ -2932,7 +2932,8 @@ static int tls_init_ctx(void) {
+   }
+ 
+   SSL_CTX_set_tmp_dh_callback(ssl_ctx, tls_dh_cb);
+-#if defined(PR_USE_OPENSSL_ECC) && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if defined(PR_USE_OPENSSL_ECC) && \
++	(OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
+   SSL_CTX_set_tmp_ecdh_callback(ssl_ctx, tls_ecdh_cb);
+ #endif /* PR_USE_OPENSSL_ECC */
+ 
+@@ -4837,7 +4838,7 @@ static int tls_dotlogin_allow(const char
+ 
+     pr_signals_handle();
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     X509_get0_signature(&client_sig, NULL, client_cert);
+     X509_get0_signature(&file_sig, NULL, file_cert);
+ #else
+@@ -4845,7 +4846,7 @@ static int tls_dotlogin_allow(const char
+     file_sig = file_cert->signature;
+ #endif /* OpenSSL-1.1.x and later */
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     if (!ASN1_STRING_cmp(client_sig, file_sig)) {
+ #else
+     if (!M_ASN1_BIT_STRING_cmp(client_sig, file_sig)) {
+@@ -5320,7 +5321,7 @@ static void tls_setup_cert_dn_environ(co
+   int nentries;
+   char *k, *v;
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   nentries = X509_NAME_entry_count(name);
+ #else
+   nentries = sk_X509_NAME_ENTRY_num(name->entries);
+@@ -5333,7 +5334,7 @@ static void tls_setup_cert_dn_environ(co
+ 
+     pr_signals_handle();
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     entry = X509_NAME_get_entry(name, i);
+     nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(entry));
+     entry_data = ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry));
+@@ -5512,7 +5513,7 @@ static void tls_setup_cert_environ(const
+     BIO_free(bio);
+ 
+     bio = BIO_new(BIO_s_mem());
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     X509_get0_signature(NULL, &algo, cert);
+ #else
+     algo = cert->cert_info->signature;
+@@ -5528,7 +5529,7 @@ static void tls_setup_cert_environ(const
+     BIO_free(bio);
+ 
+     bio = BIO_new(BIO_s_mem());
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     pubkey = X509_get_X509_PUBKEY(cert);
+     X509_PUBKEY_get0_param(NULL, NULL, NULL, &algo, pubkey);
+ #else
+@@ -5587,7 +5588,7 @@ static void tls_setup_environ(SSL *ssl) 
+       const unsigned char *sess_data;
+       unsigned int sess_datalen;
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+       sess_data = SSL_SESSION_get_id(ssl_session, &sess_datalen);
+ #else
+       sess_datalen = ssl_session->session_id_length;
+@@ -5738,7 +5739,7 @@ static int tls_verify_cb(int ok, X509_ST
+     X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
+     int ctx_error, depth = X509_STORE_CTX_get_error_depth(ctx);
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     verify_err = X509_STORE_CTX_get_error(ctx);
+ #else
+     verify_err = ctx->error;
+@@ -5755,7 +5756,7 @@ static int tls_verify_cb(int ok, X509_ST
+       X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_CHAIN_TOO_LONG);
+     }
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     ctx_error = X509_STORE_CTX_get_error(ctx);
+ #else
+     ctx_error = ctx->error;
+@@ -5886,7 +5887,7 @@ static int tls_verify_crl(int ok, X509_S
+   X509_STORE_CTX_init(store_ctx, tls_crl_store, NULL, NULL);
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   crls = X509_STORE_CTX_get1_crls(store_ctx, subject);
+ #elif OPENSSL_VERSION_NUMBER >= 0x10000000L
+   crls = X509_STORE_get1_crls(store_ctx, subject);
+@@ -5906,14 +5907,14 @@ static int tls_verify_crl(int ok, X509_S
+       X509_NAME_print(b, issuer, 0);
+ 
+       BIO_printf(b, ", lastUpdate: ");
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+       ASN1_UTCTIME_print(b, X509_CRL_get_lastUpdate(crl));
+ #else
+       ASN1_UTCTIME_print(b, crl->crl->lastUpdate);
+ #endif /* OpenSSL-1.1.x and later */
+ 
+       BIO_printf(b, ", nextUpdate: ");
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+       ASN1_UTCTIME_print(b, X509_CRL_get_nextUpdate(crl));
+ #else
+       ASN1_UTCTIME_print(b, crl->crl->nextUpdate);
+@@ -5983,7 +5984,7 @@ static int tls_verify_crl(int ok, X509_S
+    * the current certificate in order to check for revocation.
+    */
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   crls = X509_STORE_CTX_get1_crls(store_ctx, subject);
+ #elif OPENSSL_VERSION_NUMBER >= 0x10000000L
+   crls = X509_STORE_get1_crls(store_ctx, subject);
+@@ -6005,7 +6006,7 @@ static int tls_verify_crl(int ok, X509_S
+         ASN1_INTEGER *sn;
+ 
+         revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+         sn = X509_REVOKED_get0_serialNumber(revoked);
+ #else
+         sn = revoked->serialNumber;
+@@ -6371,7 +6372,7 @@ static int tls_verify_ocsp_url(X509_STOR
+     return FALSE;
+   }
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   store = X509_STORE_CTX_get0_store(ctx);
+ #else
+   store = ctx->ctx;