Date: Sat, 3 Jun 2023 11:12:13 GMT From: Rene Ladan <rene@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: a96b72ed5f03 - main - net-mgmt/send: Remove expired port Message-ID: <202306031112.353BCD0H039906@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by rene: URL: https://cgit.FreeBSD.org/ports/commit/?id=a96b72ed5f03f080e862b739d25c65fb9dc84106 commit a96b72ed5f03f080e862b739d25c65fb9dc84106 Author: Rene Ladan <rene@FreeBSD.org> AuthorDate: 2023-06-03 11:11:47 +0000 Commit: Rene Ladan <rene@FreeBSD.org> CommitDate: 2023-06-03 11:11:47 +0000 net-mgmt/send: Remove expired port 2023-06-03 net-mgmt/send: Implementation is based on older obsolete RFC --- MOVED | 1 + net-mgmt/Makefile | 1 - net-mgmt/send/Makefile | 55 ---- net-mgmt/send/distinfo | 3 - net-mgmt/send/files/patch-Makefile.install | 15 - net-mgmt/send/files/patch-include-cga_keyutils.h | 12 - net-mgmt/send/files/patch-include-pkixip_ext.h | 33 --- net-mgmt/send/files/patch-include-pkixip_ext_asn.h | 33 --- net-mgmt/send/files/patch-libs-Makefile.lib.common | 9 - .../send/files/patch-libs-libcga-cga_keyutils.c | 19 -- net-mgmt/send/files/patch-libs-libcga-cga_mt.c | 54 ---- net-mgmt/send/files/patch-libs-libpkixipext-asn1.c | 25 -- .../patch-libs-libpkixipext-pkixip_ext_gram.y | 40 --- net-mgmt/send/files/patch-libs-libpkixipext-util.c | 30 -- net-mgmt/send/files/patch-libs-libpkixipext-ver.c | 240 ---------------- net-mgmt/send/files/patch-libs-libpkixipext-x509.c | 310 --------------------- net-mgmt/send/files/patch-sendd-Makefile | 13 - net-mgmt/send/files/patch-sendd-cert.c | 14 - net-mgmt/send/files/patch-sendd-cpa.c | 63 ----- net-mgmt/send/files/patch-sendd-openssl.c | 42 --- net-mgmt/send/files/patch-sendd-os-Makefile | 18 -- net-mgmt/send/files/patch-sendd-sig_rfc3971.c | 112 -------- net-mgmt/send/files/patch-sendd-snd_proto.h | 18 -- net-mgmt/send/files/patch-sendd_params__gram.y | 11 - net-mgmt/send/files/pkg-message.in | 9 - net-mgmt/send/files/sendd.in | 12 - net-mgmt/send/pkg-descr | 14 - net-mgmt/send/pkg-plist | 7 - 28 files changed, 1 insertion(+), 1212 deletions(-) diff --git a/MOVED b/MOVED index 061783758252..cfe507bca201 100644 --- a/MOVED +++ b/MOVED @@ -7613,3 +7613,4 @@ net-mgmt/nagircbot||2023-06-01|Has expired: Broken for more than a year and fail mail/spamdyke||2023-06-01|Has expired: Broken for more than a year and last upstream release was in 2015 net/haproxy17||2023-06-03|Has expired: Upstream EOL reached on 2021-03-31 net/haproxy18||2023-06-03|Has expired: Upstream EOL reached on 2022-12-31 +net-mgmt/send||2023-06-03|Has expired: Implementation is based on older obsolete RFC diff --git a/net-mgmt/Makefile b/net-mgmt/Makefile index 5a3305c86f0e..051a593f39b3 100644 --- a/net-mgmt/Makefile +++ b/net-mgmt/Makefile @@ -370,7 +370,6 @@ SUBDIR += seafile-gui SUBDIR += seafile-server SUBDIR += semaphore - SUBDIR += send SUBDIR += sendip SUBDIR += sipcalc SUBDIR += sjitter diff --git a/net-mgmt/send/Makefile b/net-mgmt/send/Makefile deleted file mode 100644 index 727bb7909f5d..000000000000 --- a/net-mgmt/send/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -PORTNAME= send -PORTVERSION= 0.3 -DISTVERSIONPREFIX= v -PORTREVISION= 4 -CATEGORIES= net-mgmt - -MAINTAINER= hrs@FreeBSD.org -COMMENT= Secure Neighbor Discovery implementation for IPv6 - -LICENSE= BSD3CLAUSE -LICENSE_FILE= ${WRKSRC}/LICENSE - -DEPRECATED= Implementation is based on older obsolete RFC -EXPIRATION_DATE= 2023-06-03 - -LIB_DEPENDS= libdnet.so:net/libdnet - -USES= gmake ncurses readline ssl -BROKEN_SSL= openssl30 openssl31 -BROKEN_SSL_REASON= error: unknown type name 'IPAddressRange' -USE_GITHUB= yes -GH_ACCOUNT= hrs-allbsd -USE_RC_SUBR= sendd - -SUB_FILES= pkg-message -PORTDOCS= README UserGuide.pdf -MAKE_JOBS_UNSAFE=yes - -OPTIONS_DEFINE= DOCS - -.include <bsd.port.pre.mk> - -.if ${OPSYS} == FreeBSD && ( ${OSVERSION} >= 1400079 || ( ${OSVERSION} >= 1302505 && ${OSVERSION} < 1400000 )) -CFLAGS+= -Wno-error=int-conversion -.endif - -post-extract: - ${INSTALL_DATA} ${WRKSRC}/examples/ipext/ipext_verify.conf \ - ${WRKSRC}/examples/ipext/ca/ipext.conf \ - ${WRKSRC}/examples/ - ${INSTALL_DATA} ${WRKSRC}/docs/UserGuide.pdf \ - ${WRKSRC}/UserGuide.pdf - -post-install: - ${MKDIR} ${STAGEDIR}${PREFIX}/etc/sendd - for F in sendd.conf params.conf ipext.conf ipext_verify.conf; do \ - ${INSTALL_DATA} ${WRKSRC}/examples/$$F \ - ${STAGEDIR}${PREFIX}/etc/sendd/$${F}-dist; \ - done - -post-install-DOCS-on: - ${MKDIR} ${STAGEDIR}${DOCSDIR} - cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR} - -.include <bsd.port.post.mk> diff --git a/net-mgmt/send/distinfo b/net-mgmt/send/distinfo deleted file mode 100644 index efc5713d134c..000000000000 --- a/net-mgmt/send/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1551288169 -SHA256 (hrs-allbsd-send-v0.3_GH0.tar.gz) = 527542b24fa2009e0cc99a85fd423215782ced69c427454727172745c7fbae92 -SIZE (hrs-allbsd-send-v0.3_GH0.tar.gz) = 1313559 diff --git a/net-mgmt/send/files/patch-Makefile.install b/net-mgmt/send/files/patch-Makefile.install deleted file mode 100644 index 741130d3d5ee..000000000000 --- a/net-mgmt/send/files/patch-Makefile.install +++ /dev/null @@ -1,15 +0,0 @@ ---- Makefile.install.orig 2019-02-27 16:25:45 UTC -+++ Makefile.install -@@ -1,9 +1,9 @@ --INSSBIN= $(PREFIXSBIN)/$(PROG) -+INSSBIN= $(DESTDIR)$(PREFIXSBIN)/$(PROG) - - $(INSSBIN): $(PROG) -- install $< $@ -+ $(BSD_INSTALL_PROGRAM) $< $@ - --install: all $(PREFIXSBIN) $(INSSBIN) $(EXTRAINSTALL) -+install: all $(DESTDIR)$(PREFIXSBIN) $(INSSBIN) $(DESTDIR)$(EXTRAINSTALL) - - $(PREFIXSBIN): - mkdir -p $@ diff --git a/net-mgmt/send/files/patch-include-cga_keyutils.h b/net-mgmt/send/files/patch-include-cga_keyutils.h deleted file mode 100644 index d7fa4434759b..000000000000 --- a/net-mgmt/send/files/patch-include-cga_keyutils.h +++ /dev/null @@ -1,12 +0,0 @@ ---- include/cga_keyutils.h.orig 2019-02-27 16:25:45 UTC -+++ include/cga_keyutils.h -@@ -36,6 +36,9 @@ - #include <openssl/x509.h> - #include <openssl/evp.h> - #include <openssl/stack.h> -+#if OPENSSL_VERSION_NUMBER >= 0x0090900fL -+#define STACK _STACK -+#endif - #include <cga.h> - - extern int cga_add_key(cga_ctx_t *, EVP_PKEY *, int, uint16_t); diff --git a/net-mgmt/send/files/patch-include-pkixip_ext.h b/net-mgmt/send/files/patch-include-pkixip_ext.h deleted file mode 100644 index bc32707d1911..000000000000 --- a/net-mgmt/send/files/patch-include-pkixip_ext.h +++ /dev/null @@ -1,33 +0,0 @@ ---- include/pkixip_ext.h.orig 2019-02-27 16:25:45 UTC -+++ include/pkixip_ext.h -@@ -47,14 +47,30 @@ struct pkixip_config { - char *certfile; - }; - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - extern int pkixip_aor_cmp(const char * const *, const char * const *); - extern int pkixip_ipf_cmp(const char * const *, const char * const *); -+#else -+extern int pkixip_aor_cmp(const IPAddressOrRange * const *, -+ const IPAddressOrRange * const *); -+extern int pkixip_ipf_cmp(const IPAddressFamily * const *, -+ const IPAddressFamily * const *); -+#endif - - extern int pkixip_add2stores_cert(X509 *); - extern int pkixip_add2stores_file(const char *); -+ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - extern int pkixip_add_store(int *, int (*cmp)(X509_OBJECT **, X509_OBJECT **)); -+#else -+extern int pkixip_add_store(int *, int (*cmp)(const X509_OBJECT * const *, const X509_OBJECT * const *)); -+#endif - extern void *pkixip_find_cert(void *, int); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - extern STACK *pkixip_get_mychain(void); -+#else -+extern STACK_OF(X509_OBJECT) *pkixip_get_mychain(void); -+#endif - extern X509_STORE_CTX *pkixip_get_store_ctx(void); - extern int pkixip_has_ext(X509 *x); - extern X509 *pkixip_load_cert(const char *); diff --git a/net-mgmt/send/files/patch-include-pkixip_ext_asn.h b/net-mgmt/send/files/patch-include-pkixip_ext_asn.h deleted file mode 100644 index c1f7b7b8be6a..000000000000 --- a/net-mgmt/send/files/patch-include-pkixip_ext_asn.h +++ /dev/null @@ -1,33 +0,0 @@ ---- include/pkixip_ext_asn.h.orig 2019-02-27 16:25:45 UTC -+++ include/pkixip_ext_asn.h -@@ -33,7 +33,12 @@ - #ifndef _PKIXIP_EXT_ASN_H - #define _PKIXIP_EXT_ASN_H - -+#include <openssl/stack.h> -+#if OPENSSL_VERSION_NUMBER >= 0x0090900fL -+#define STACK _STACK -+#endif - #include <openssl/asn1t.h> -+#include <openssl/asn1.h> - #include <openssl/err.h> - #include <openssl/x509v3.h> - -@@ -45,7 +50,7 @@ - #define IANA_SAFI_BOTH 3 - #define IANA_SAFI_MPLS 4 - --/* -+#ifdef LIBRESSL_VERSION_NUMBER - typedef struct IPAddressRange_st { - ASN1_BIT_STRING *min; - ASN1_BIT_STRING *max; -@@ -79,7 +84,7 @@ typedef struct IPAddressFamily_st { - ASN1_OCTET_STRING *addressFamily; - IPAddressChoice *ipAddressChoice; - } IPAddressFamily; --*/ -+#endif - - #define IP_AOR_PREFIX 0 - #define IP_AOR_RANGE 1 diff --git a/net-mgmt/send/files/patch-libs-Makefile.lib.common b/net-mgmt/send/files/patch-libs-Makefile.lib.common deleted file mode 100644 index 02c297955be6..000000000000 --- a/net-mgmt/send/files/patch-libs-Makefile.lib.common +++ /dev/null @@ -1,9 +0,0 @@ ---- libs/Makefile.lib.common.orig 2019-02-27 16:25:45 UTC -+++ libs/Makefile.lib.common -@@ -1,5 +1,5 @@ - --CFLAGS += -Wall -O3 -+CFLAGS?= -Wall -O3 - - ifeq ($(DEBUG_POLICY),DEBUG) - CPPFLAGS += -g # enable for general debugging diff --git a/net-mgmt/send/files/patch-libs-libcga-cga_keyutils.c b/net-mgmt/send/files/patch-libs-libcga-cga_keyutils.c deleted file mode 100644 index 30423a55492d..000000000000 --- a/net-mgmt/send/files/patch-libs-libcga-cga_keyutils.c +++ /dev/null @@ -1,19 +0,0 @@ ---- libs/libcga/cga_keyutils.c.orig 2019-02-27 16:25:45 UTC -+++ libs/libcga/cga_keyutils.c -@@ -45,6 +45,7 @@ - #include <pthread.h> - #include <openssl/err.h> - #include <openssl/pem.h> -+#include <openssl/x509.h> - - #include "config.h" - #include <applog.h> -@@ -80,7 +81,7 @@ cga_load_cert(cga_ctx_t *cga, const char *f) - goto fail; - } - -- k = X509_PUBKEY_get(x->cert_info->key); -+ k = X509_PUBKEY_get(X509_get_X509_PUBKEY(x)); - - if (cga->key && cga->free_key) { - free(cga->key); diff --git a/net-mgmt/send/files/patch-libs-libcga-cga_mt.c b/net-mgmt/send/files/patch-libs-libcga-cga_mt.c deleted file mode 100644 index a70b51c861e4..000000000000 --- a/net-mgmt/send/files/patch-libs-libcga-cga_mt.c +++ /dev/null @@ -1,54 +0,0 @@ ---- libs/libcga/cga_mt.c.orig 2019-02-27 16:25:45 UTC -+++ libs/libcga/cga_mt.c -@@ -77,10 +77,10 @@ SPIN(void) - static int - add_mod(uint8_t *m, uint32_t s) - { -- BIGNUM bn[1], *bnp; -+ BIGNUM *bn, *bnp; - int blen; - -- BN_init(bn); -+ bn = BN_new(); - if ((bnp = BN_bin2bn(m, CGA_MODLEN, bn)) == NULL) { - ssl_err(__FUNCTION__, "BN_bin2bin failed"); - return (-1); -@@ -88,6 +88,7 @@ add_mod(uint8_t *m, uint32_t s) - BN_add_word(bnp, s); - blen = BN_num_bytes(bnp); - BN_bn2bin(bnp, m + (CGA_MODLEN - blen)); -+ BN_free(bn); - - return (0); - } -@@ -177,12 +178,16 @@ done: - static void - opssec(struct timeval *start, uint8_t *startmod) - { -- BIGNUM sm[1], em[1], ops[1], t[1], dv[1]; -+ BIGNUM *sm, *em, *ops, *t, *dv; - BN_CTX *bc; - struct timeval tv[1]; - char *dec; - -- BN_init(sm); BN_init(em); BN_init(ops); BN_init(t); BN_init(dv); -+ sm = BN_new(); -+ em = BN_new(); -+ ops = BN_new(); -+ t = BN_new(); -+ dv = BN_new(); - BN_bin2bn(startmod, CGA_MODLEN, sm); - BN_bin2bn(state->mod, CGA_MODLEN, em); - BN_sub(ops, em, sm); -@@ -210,6 +215,11 @@ opssec(struct timeval *start, uint8_t *startmod) - - OPENSSL_free(dec); - BN_CTX_free(bc); -+ BN_free(sm); -+ BN_free(em); -+ BN_free(ops); -+ BN_free(t); -+ BN_free(dv); - } - - void diff --git a/net-mgmt/send/files/patch-libs-libpkixipext-asn1.c b/net-mgmt/send/files/patch-libs-libpkixipext-asn1.c deleted file mode 100644 index be53eca5e80c..000000000000 --- a/net-mgmt/send/files/patch-libs-libpkixipext-asn1.c +++ /dev/null @@ -1,25 +0,0 @@ ---- libs/libpkixipext/asn1.c.orig 2019-02-27 16:25:45 UTC -+++ libs/libpkixipext/asn1.c -@@ -187,9 +187,8 @@ i2v_IPAddressChoice(X509V3_EXT_METHOD *method, IPAddre - break; - case IPA_CHOICE_AOR: - X509V3_add_value(" Prefix or Range", NULL, &extlist); -- for (i = 0; i < sk_num(ipc->u.addressesOrRanges); i++) { -- aor = (IPAddressOrRange *) -- sk_value(ipc->u.addressesOrRanges, i); -+ for (i = 0; i < sk_IPAddressOrRange_num(ipc->u.addressesOrRanges); i++) { -+ aor = sk_IPAddressOrRange_value(ipc->u.addressesOrRanges, i); - i2v_IPAddressOrRange(method, aor, extlist, af); - } - break; -@@ -265,8 +264,8 @@ i2v_IPAddrBlocks(X509V3_EXT_METHOD *method, IPAddrBloc - return (NULL); - } - -- for (i = 0; i < sk_num(ipb); i++) { -- ipf = (IPAddressFamily *)sk_value(ipb, i); -+ for (i = 0; i < sk_IPAddressFamily_num(ipb); i++) { -+ ipf = sk_IPAddressFamily_value(ipb, i); - i2v_IPAddressFamily(method, ipf, extlist); - } - diff --git a/net-mgmt/send/files/patch-libs-libpkixipext-pkixip_ext_gram.y b/net-mgmt/send/files/patch-libs-libpkixipext-pkixip_ext_gram.y deleted file mode 100644 index ef68ee80da79..000000000000 --- a/net-mgmt/send/files/patch-libs-libpkixipext-pkixip_ext_gram.y +++ /dev/null @@ -1,40 +0,0 @@ ---- libs/libpkixipext/pkixip_ext_gram.y.orig 2019-02-27 16:25:45 UTC -+++ libs/libpkixipext/pkixip_ext_gram.y -@@ -42,7 +42,7 @@ - #include "pkixip_ext.h" - #include "pkixip_local.h" - --int linecnt; -+extern int linecnt; - - extern char *pkixip_text; - extern int pkixip_lex(void); -@@ -350,7 +350,7 @@ new_aor(void) - - if (!ipc->u.addressesOrRanges && - !(ipc->u.addressesOrRanges = -- sk_new(pkixip_aor_cmp))) { -+ sk_IPAddressOrRange_new(pkixip_aor_cmp))) { - applog(LOG_CRIT, "no memory"); - return (-1); - } -@@ -361,7 +361,7 @@ new_aor(void) - applog(LOG_CRIT, "%s: no memory", __FUNCTION__); - return (-1); - } -- if (!sk_push(ipc->u.addressesOrRanges, (char *)aor)) { -+ if (!sk_IPAddressOrRange_push(ipc->u.addressesOrRanges, (char *)aor)) { - applog(LOG_CRIT, "sk_push() failed"); - return (-1); - } -@@ -459,8 +459,8 @@ af_already_exists(void) - int i; - IPAddressFamily *e_ipf; - -- for (i = 0; i < sk_num(parse_ipb); i++) { -- e_ipf = (IPAddressFamily *)sk_value(parse_ipb, i); -+ for (i = 0; i < sk_IPAddressFamily_num(parse_ipb); i++) { -+ e_ipf = sk_IPAddressFamily_value(parse_ipb, i); - if (af_match(ipf, e_ipf)) { - return (1); - } diff --git a/net-mgmt/send/files/patch-libs-libpkixipext-util.c b/net-mgmt/send/files/patch-libs-libpkixipext-util.c deleted file mode 100644 index b22140586ff3..000000000000 --- a/net-mgmt/send/files/patch-libs-libpkixipext-util.c +++ /dev/null @@ -1,30 +0,0 @@ ---- libs/libpkixipext/util.c.orig 2019-02-27 16:25:45 UTC -+++ libs/libpkixipext/util.c -@@ -37,8 +37,13 @@ - #include "config.h" - #include "pkixip_ext_asn.h" - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - int - pkixip_aor_cmp(const char * const *a1, const char * const *a2) -+#else -+int -+pkixip_aor_cmp(const IPAddressOrRange * const *a1, const IPAddressOrRange * const *a2) -+#endif - { - int by1, by2, bi1, bi2, bytes, bits; - uint8_t *d1, *d2, x1, x2, mask; -@@ -119,8 +124,13 @@ pkixip_aor_cmp(const char * const *a1, const char * co - return (0); - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - int - pkixip_ipf_cmp(const char * const *a1, const char * const *a2) -+#else -+int -+pkixip_ipf_cmp(const IPAddressFamily * const *a1, const IPAddressFamily * const *a2) -+#endif - { - IPAddressFamily *ipf1 = (IPAddressFamily *)*a1; - IPAddressFamily *ipf2 = (IPAddressFamily *)*a2; diff --git a/net-mgmt/send/files/patch-libs-libpkixipext-ver.c b/net-mgmt/send/files/patch-libs-libpkixipext-ver.c deleted file mode 100644 index 1b51ece804ca..000000000000 --- a/net-mgmt/send/files/patch-libs-libpkixipext-ver.c +++ /dev/null @@ -1,240 +0,0 @@ ---- libs/libpkixipext/ver.c.orig 2019-02-27 16:25:45 UTC -+++ libs/libpkixipext/ver.c -@@ -101,11 +101,15 @@ static int - in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1, ASN1_BIT_STRING *min2, - ASN1_BIT_STRING *max2, int af) - { -- BIGNUM bpmin[1], bpmax[1], bmin[1], bmax[1]; -- int alen, len, bits; -+ BIGNUM *bpmin, *bpmax, *bmin, *bmax; -+ int alen, len, bits, ret; - uint8_t mask, buf[sizeof (struct in6_addr)]; - -- BN_init(bpmin); BN_init(bpmax); BN_init(bmin); BN_init(bmax); -+ bpmin = BN_new(); -+ bpmax = BN_new(); -+ bmin = BN_new(); -+ bmax = BN_new(); -+ ret = 0; - switch (af) { - case AF_INET: - alen = sizeof (struct in_addr); -@@ -115,14 +119,14 @@ in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1, - break; - default: - DBG(&dbg_ver, "Unsupported AF"); -- return (0); -+ goto end; - } - - len = min1->length < alen ? min1->length : alen; - memset(buf, 0, sizeof (buf)); - memcpy(buf, min1->data, len); - if (!BN_bin2bn(buf, alen, bpmin)) { -- return (0); -+ goto end; - } - - len = max1->length < alen ? max1->length : alen; -@@ -135,14 +139,14 @@ in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1, - buf[len - 1] |= mask; - } - if (!BN_bin2bn(buf, alen, bpmax)) { -- return (0); -+ goto end; - } - - len = min2->length < alen ? min2->length : alen; - memset(buf, 0, sizeof (buf)); - memcpy(buf, min2->data, len); - if (!BN_bin2bn(buf, alen, bmin)) { -- return (0); -+ goto end; - } - - len = max2->length < alen ? max2->length : alen; -@@ -155,18 +159,24 @@ in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1, - buf[len - 1] |= mask; - } - if (!BN_bin2bn(buf, alen, bmax)) { -- return (0); -+ goto end; - } - - /* bmin <= bpmin <= bpmax <= bmax. We already know bpmin <= bpmax */ - if (BN_cmp(bmin, bpmin) == 1) { -- return (0); -+ goto end; - } - if (BN_cmp(bpmax, bmax) == 1) { -- return (0); -+ goto end; - } -+ ret = 1; -+end: -+ BN_free(bpmin); -+ BN_free(bpmax); -+ BN_free(bmin); -+ BN_free(bmax); - -- return (1); -+ return (ret); - } - - static int -@@ -247,16 +257,14 @@ af_cmp(IPAddressFamily *ipf1, IPAddressFamily *ipf2) - } - - DBG(&dbg_ver, "Pre-cmp ipc AOR count: %d", -- sk_num(ipc1->u.addressesOrRanges)); -+ sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges)); - -- for (i = 0; i < sk_num(ipc1->u.addressesOrRanges); i++) { -- aor1 = -- (IPAddressOrRange *)sk_value(ipc1->u.addressesOrRanges, i); -- for (j = 0; j < sk_num(ipc2->u.addressesOrRanges); j++) { -- aor2 = (IPAddressOrRange *) -- sk_value(ipc2->u.addressesOrRanges, j); -+ for (i = 0; i < sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges); i++) { -+ aor1 = sk_IPAddressOrRange_value(ipc1->u.addressesOrRanges, i); -+ for (j = 0; j < sk_IPAddressOrRange_num(ipc2->u.addressesOrRanges); j++) { -+ aor2 = sk_IPAddressOrRange_value(ipc2->u.addressesOrRanges, j); - if (aor_match(aor1, aor2, af) == 0) { -- sk_delete(ipc1->u.addressesOrRanges, i--); -+ sk_IPAddressOrRange_delete(ipc1->u.addressesOrRanges, i--); - IPAddressOrRange_free(aor1); - break; - } -@@ -264,9 +272,9 @@ af_cmp(IPAddressFamily *ipf1, IPAddressFamily *ipf2) - } - - DBG(&dbg_ver, "Post-cmp ipc AOR count: %d", -- sk_num(ipc1->u.addressesOrRanges)); -+ sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges)); - -- if (sk_num(ipc1->u.addressesOrRanges) == 0) { -+ if (sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges) == 0) { - return (0); - } - -@@ -307,7 +315,7 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 * - IPAddressFamily *ipf1, *ipf2; - int i, j, inherit = 0; - -- DBG(&dbg_ver, "vipb stack cnt: %d idx: %d", sk_num(vipb), idx); -+ DBG(&dbg_ver, "vipb stack cnt: %d idx: %d", sk_IPAddressFamily_num(vipb), idx); - - ipb = X509_get_ext_d2i(x, pkix_ip_ext_method.ext_nid, NULL, NULL); - if (!ipb) { -@@ -315,18 +323,18 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 * - return (-1); - } - -- for (i = 0; i < sk_num(vipb); i++) { -- ipf1 = (IPAddressFamily *)sk_value(vipb, i); -+ for (i = 0; i < sk_IPAddressFamily_num(vipb); i++) { -+ ipf1 = sk_IPAddressFamily_value(vipb, i); - - /* Ignore inherits in vipb */ - if (is_inherit(ipf1)) { -- sk_delete(vipb, i--); -+ sk_IPAddressFamily_delete(vipb, i--); - IPAddressFamily_free(ipf1); - continue; - } - -- for (j = 0; j < sk_num(ipb); j++) { -- ipf2 = (IPAddressFamily *)sk_value(ipb, j); -+ for (j = 0; j < sk_IPAddressFamily_num(ipb); j++) { -+ ipf2 = sk_IPAddressFamily_value(ipb, j); - if (af_match(ipf1, ipf2)) { - /* - * Inherits in ipb need to be checked -@@ -338,7 +346,7 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 * - } - - if (af_cmp(ipf1, ipf2) == 0) { -- sk_delete(vipb, i--); -+ sk_IPAddressFamily_delete(vipb, i--); - IPAddressFamily_free(ipf1); - break; - } -@@ -346,18 +354,18 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 * - } - } - -- if (!inherit || (++idx) == sk_num(ctx->chain)) { -+ if (!inherit || (++idx) == sk_num(X509_STORE_CTX_get_chain(ctx))) { - /* end of the line */ - goto done; - } -- x = (X509 *)sk_value(ctx->chain, idx); -+ x = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), idx); - verify_ipext_cert(ctx, idx, x, vipb); - - done: - IPAddrBlocks_free(ipb); - - /* If the vipb stack is now empty all ipf's matched */ -- if (sk_num(vipb) != 0) { -+ if (sk_IPAddressFamily_num(vipb) != 0) { - return (-1); - } - -@@ -376,13 +384,13 @@ verify_ipext(X509_STORE_CTX *ctx, IPAddrBlocks *vipb) - i2v_IPAddrBlocks(NULL, vipb, NULL), 8, 1); - #endif - -- if (sk_num(vipb) == 0) { -+ if (sk_IPAddressFamily_num(vipb) == 0) { - DBG(&dbg_ver, "IPAddrBlock empty; rejecting"); - return (-1); - } - -- for (i = 0; i < sk_num(ctx->chain); i++) { -- x = (X509 *)sk_value(ctx->chain, i); -+ for (i = 0; i < sk_num(X509_STORE_CTX_get_chain(ctx)); i++) { -+ x = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), i); - - DBG(&dbg_ver, "%s", - X509_NAME_oneline(X509_get_subject_name(x), nbuf, -@@ -391,7 +399,7 @@ verify_ipext(X509_STORE_CTX *ctx, IPAddrBlocks *vipb) - if (verify_ipext_cert(ctx, i, x, vipb) < 0) { - return (-1); - } -- if (sk_num(vipb) == 0) { -+ if (sk_IPAddressFamily_num(vipb) == 0) { - break; - } - } -@@ -408,9 +416,9 @@ verify_ipext_chain(X509_STORE_CTX *ctx) - - DBG(&dbg_ver, "Verifying IP Exts in the certificate chain"); - -- for (i = 1; i < sk_num(ctx->chain); i++) { -- vx = (X509 *)sk_value(ctx->chain, i - 1); -- x = (X509 *)sk_value(ctx->chain, i); -+ for (i = 1; i < sk_num(X509_STORE_CTX_get_chain(ctx)); i++) { -+ vx = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), i - 1); -+ x = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), i); - - DBG(&dbg_ver, "%s", - X509_NAME_oneline(X509_get_subject_name(vx), nbuf, -@@ -446,7 +454,7 @@ pkixip_verify_cb(int ok, X509_STORE_CTX *ctx) - X509_NAME_oneline(X509_get_subject_name(x), nbuf, sizeof (nbuf)); - #endif - if (!ok) { -- if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) { -+ if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) { - /* - * OpenSSL doesn't explicitly support PKIX IP Ext, - * so it throws this error when it encounters the -@@ -458,7 +466,7 @@ pkixip_verify_cb(int ok, X509_STORE_CTX *ctx) - } else { - DBG(&dbg_ver, "Not OK at %s", nbuf); - DBG(&dbg_ver, "%s", -- X509_verify_cert_error_string(ctx->error)); -+ X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx))); - } - } else { - DBG(&dbg_ver, "OK at %s", nbuf); diff --git a/net-mgmt/send/files/patch-libs-libpkixipext-x509.c b/net-mgmt/send/files/patch-libs-libpkixipext-x509.c deleted file mode 100644 index 1668b9ba4ddc..000000000000 --- a/net-mgmt/send/files/patch-libs-libpkixipext-x509.c +++ /dev/null @@ -1,310 +0,0 @@ ---- libs/libpkixipext/x509.c.orig 2019-02-27 16:25:45 UTC -+++ libs/libpkixipext/x509.c -@@ -57,34 +57,54 @@ static char nbuf[1024]; - extern int pkixip_verify_cb(int, X509_STORE_CTX *); - - X509V3_EXT_METHOD pkix_ip_ext_method = { -- ext_flags : X509V3_EXT_MULTILINE, -- it : ASN1_ITEM_ref(IPAddrBlocks), -- i2v : (X509V3_EXT_I2V)i2v_IPAddrBlocks, -+ .ext_flags = X509V3_EXT_MULTILINE, -+ .it = ASN1_ITEM_ref(IPAddrBlocks), -+ .i2v = (X509V3_EXT_I2V)i2v_IPAddrBlocks, - }; - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - static STACK *stores[PKIXIP_MAX_STORES]; -+#else -+static STACK_OF(X509_OBJECT) *stores[PKIXIP_MAX_STORES]; -+#endif - static X509_STORE_CTX *ctx_bysubj; - static int next_store = 1; - static void *(*wrap_store_cert)(X509 *x); - static void (*trustanchor_cb)(X509 *x); - pthread_mutex_t stores_lock = PTHREAD_MUTEX_INITIALIZER; - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - static STACK *mychain; -+#else -+static STACK_OF(X509_OBJECT) *mychain; -+#endif - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#define X509_OBJECT_get_type(a) ((a)->type) -+#define X509_OBJECT_get0_X509(a) ((a)->data.x509) -+#define X509_OBJECT_get0_X509_CRL(a) ((a)->data.crl) -+#define X509_STORE_get0_objects(a) ((a)->objs) -+#define X509_STORE_CTX_get0_chain(a) ((a)->chain) -+#endif - /* Lifted from openssl x509_lu.c */ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - static int - x509_object_cmp(X509_OBJECT **a, X509_OBJECT **b) -+#else -+static int -+x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) -+#endif - { - int ret; - -- ret=((*a)->type - (*b)->type); -+ ret=(X509_OBJECT_get_type(*a) - X509_OBJECT_get_type(*b)); - if (ret) return ret; -- switch ((*a)->type) { -+ switch (X509_OBJECT_get_type(*a)) { - case X509_LU_X509: -- ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509); -+ ret=X509_subject_name_cmp(X509_OBJECT_get0_X509(*a),X509_OBJECT_get0_X509(*b)); - break; - case X509_LU_CRL: -- ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl); -+ ret=X509_CRL_cmp(X509_OBJECT_get0_X509_CRL(*a),X509_OBJECT_get0_X509_CRL(*b)); - break; - default: - /* abort(); */ -@@ -243,7 +263,11 @@ pkixip_load_pkey(const char *f) - return (pkey); - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - static STACK * -+#else -+static STACK_OF(X509_OBJECT) * -+#endif - pkixip_get_store(int handle) - { - if (handle >= PKIXIP_MAX_STORES || handle < 0) { -@@ -257,7 +281,11 @@ pkixip_get_store(int handle) - void - pkixip_walk_store(int (*cb)(X509 *, void *), void *cookie, int handle) - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - STACK *objs; -+#else -+ STACK_OF(X509_OBJECT) *objs; -+#endif - int i; - X509_OBJECT *xo; - -@@ -266,12 +294,16 @@ pkixip_walk_store(int (*cb)(X509 *, void *), void *coo - goto done; - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - for (i = 0; i < sk_num(objs); i++) { -+#else -+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { -+#endif - xo = sk_X509_OBJECT_value(objs, i); -- if (xo->type != X509_LU_X509) { -+ if (X509_OBJECT_get_type(xo) != X509_LU_X509) { - continue; - } -- if (!cb(xo->data.x509, cookie)) { -+ if (!cb(X509_OBJECT_get0_X509(xo), cookie)) { - break; - } - } -@@ -282,7 +314,11 @@ done: - void * - pkixip_find_cert(void *k, int handle) - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - STACK *store; -+#else -+ STACK_OF(X509_OBJECT) *store; -+#endif - int i; - void *r = NULL; - -@@ -291,11 +327,19 @@ pkixip_find_cert(void *k, int handle) - goto done; - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - if ((i = sk_find(store, k)) < 0) { -+#else -+ if ((i = sk_X509_OBJECT_find(store, k)) < 0) { -+#endif - goto done; - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - r = sk_value(store, i); -+#else -+ r = sk_X509_OBJECT_value(store, i); -+#endif - - done: - pthread_mutex_unlock(&stores_lock); -@@ -304,8 +348,13 @@ done: - - /* Caller must hold stores_lock */ - static int -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - pkixip_do_add_store(int handle, int (*cmp)(X509_OBJECT **, X509_OBJECT **), - STACK *objs) -+#else -+pkixip_do_add_store(int handle, int (*cmp)(const X509_OBJECT * const *, X509_OBJECT * const *), -+ STACK_OF(X509_OBJECT) *objs) -+#endif - { - if (objs == NULL && (objs = sk_X509_OBJECT_new(cmp)) == NULL) { - applog(LOG_CRIT, "no memory"); -@@ -316,8 +365,13 @@ pkixip_do_add_store(int handle, int (*cmp)(X509_OBJECT - return (0); - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - int - pkixip_add_store(int *handle, int (*cmp)(X509_OBJECT **, X509_OBJECT **)) -+#else -+int -+pkixip_add_store(int *handle, int (*cmp)(const X509_OBJECT * const *, const X509_OBJECT * const *)) -+#endif - { - int r = 0; - -@@ -369,7 +423,7 @@ pkixip_get_store_ctx(void) - } - - pthread_mutex_lock(&stores_lock); -- if (pkixip_do_add_store(PKIXIP_STORE_BYSUBJ, x509_object_cmp, st->objs) -+ if (pkixip_do_add_store(PKIXIP_STORE_BYSUBJ, x509_object_cmp, X509_STORE_get0_objects(st)) - < 0) { - X509_STORE_free(st); - X509_STORE_CTX_free(ctx_bysubj); -@@ -396,17 +450,24 @@ pkixip_store_ctx_light_cleanup(X509_STORE_CTX *ctx) - { - // X509_STORE_CTX_cleanup(ctx); - -- if (ctx->chain != NULL) { -- sk_X509_pop_free(ctx->chain, noop_free); -+ if (X509_STORE_CTX_get0_chain(ctx) != NULL) { -+ sk_X509_pop_free(X509_STORE_CTX_get0_chain(ctx), noop_free); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - ctx->chain=NULL; -+#endif - } -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, - &(ctx->ex_data)); - memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); -+#else -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, -+ X509_STORE_CTX_get_app_data(ctx)); -+#endif - - #if 0 -- while (sk_num(ctx->chain) > 0) { -- sk_pop(ctx->chain); -+ while (sk_num(X509_STORE_CTX_get0_chain(ctx)) > 0) { -+ sk_pop(X509_STORE_CTX_get0_chain(ctx)); - } - #endif - } -@@ -445,10 +506,19 @@ pkixip_add2stores_cert(X509 *x) - int i, r = 0; - X509_STORE_CTX *ctx; - void *wrapper; -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - X509_OBJECT o[1]; -+#else -+ X509_OBJECT *o; - -- if ((ctx = pkixip_get_store_ctx()) == NULL) { -+ o = X509_OBJECT_new(); -+ if (o == NULL) - return (-1); -+#endif -+ -+ if ((ctx = pkixip_get_store_ctx()) == NULL) { -+ r = -1; -+ goto done2; - } - - pthread_mutex_lock(&stores_lock); -@@ -459,7 +529,11 @@ pkixip_add2stores_cert(X509 *x) - goto done; - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (X509_STORE_add_cert(ctx->ctx, x) != 1) { -+#else -+ if (X509_STORE_add_cert(X509_STORE_CTX_get0_store(ctx), x) != 1) { -+#endif - pkixip_ssl_err(__FUNCTION__, "X509_STORE_add_cert() failed"); - r = -1; - goto done; -@@ -467,7 +541,8 @@ pkixip_add2stores_cert(X509 *x) - - if (wrap_store_cert) { - if ((wrapper = wrap_store_cert(x)) == NULL) { -- return (-1); -+ r = -1; -+ goto done2; - } - } else { - wrapper = x; -@@ -475,7 +550,11 @@ pkixip_add2stores_cert(X509 *x) - - for (i = 1; i < PKIXIP_MAX_STORES; i++) { - if (stores[i]) { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - sk_push(stores[i], wrapper); -+#else -+ sk_X509_OBJECT_push(stores[i], wrapper); -+#endif - } - } - -@@ -484,6 +563,10 @@ pkixip_add2stores_cert(X509 *x) - - done: - pthread_mutex_unlock(&stores_lock); -+done2: -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ free(o); -+#endif - return (r); - } *** 445 LINES SKIPPED ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202306031112.353BCD0H039906>