From nobody Wed Jan 3 02:54:50 2024 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T4Z7t5mTxz56VBZ; Wed, 3 Jan 2024 02:54:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4T4Z7t59Vqz4Mfl; Wed, 3 Jan 2024 02:54:50 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704250490; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ki0rwEEC1ZbqIpc128rLQP/aLhR0S5fHuen75wagyVQ=; b=IkerVF5RND+BcYLWddb05X8Ov1oXMpEHVqp7rxkyoAs84x2XzFalac/MoBBEDjRdDh3Mxi nKt8g29uYbi9ko1oAaJvF+yV8g/saet5CKaSk/hf06Vid/FFMRvwuxjQNNc35mu9u9nFQR fWcF6fB+PWqJQ/Ls9UeDbR1YyaJIymxNjQ7mNH8RDzJcktvGSPHD5bQCW7A9lsGF/BwffM pL+IR0uJlalQAF6vNi24nHW8NRNviGez+Tg3pI/546HLd/gjwtrnmvM5R1GybSkTZ59qSd 83THjcA9BSxLtnap59G6oMmS0M51LFT3LQkfWZ01zZ+K/mqlkNJfQyY+kI/9VA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1704250490; a=rsa-sha256; cv=none; b=PyqR+DKjxSUEenKfKsNvjlTsv2kjFMNWgzzmMWQw5s3ROmKa/gY3Eh3DgV6MR1+bJnrZ5B vGdNAN6sRqa4QC4eOqbeMyy1SUibbs1pXdtL/RDO+0Mq342yDcF9xzQbXhZKggswNO8LuL 2o9hpLI58nFGXQqRXgTGttwUfiUE6rijCNANKgJ/Ttmlnc1Qd8CX0dNNl9zvFwd3F9iySn GuFBkMqDuOvfEr4bjIo4go/dD95FCoALj2HvmyI/Xd+ZBkjcs9USChPqJOhvQMbQYgGEmt LNzJhLTTJc5Qu99ZMnXOl5toaEwJxBSyOq0nKnfoddcxlkl6aGCk8PdaviwfJg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704250490; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ki0rwEEC1ZbqIpc128rLQP/aLhR0S5fHuen75wagyVQ=; b=W5CJBqbrUlz/pnsomjpjP4dGpw3F8ejQVLW2dB6uauPuweQhNXq1y19p2ZVgJK8u8pBAYK 9iyreJ8lxfT0pmZN6238HqxpdgqSUZNsnvzFJ2Z/4lStBppkwvMu0oh9+faxqHFng9g5Hj VumcmV2rUPuK4CWYPzZ5EDvcaHft25Fy5gbwRScg3+eExNAOPTwYdwvf34SaFmvEP6gRZD 76qhS97+7xyCxQJzDvf8YCIJMCPklYNAB5tBFID3peh4fXrGaAIVqwj6PS9cIolFoIIVL+ IsTR3J4hxeXXszZqJnKgecQiUW3NjesUBD9uh5joIrOf1h3xFEFbv3IoMqO/jA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4T4Z7t46WXz1Qxy; Wed, 3 Jan 2024 02:54:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 4032soJG039777; Wed, 3 Jan 2024 02:54:50 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 4032sote039774; Wed, 3 Jan 2024 02:54:50 GMT (envelope-from git) Date: Wed, 3 Jan 2024 02:54:50 GMT Message-Id: <202401030254.4032sote039774@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Mikhail Teterin Subject: git: 393b3925c695 - main - security/sst: upgrade from 1.23 to 1.26 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mi X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 393b3925c695f1ab2cb8ab9af27d6e02dc97ba5e Auto-Submitted: auto-generated The branch main has been updated by mi: URL: https://cgit.FreeBSD.org/ports/commit/?id=393b3925c695f1ab2cb8ab9af27d6e02dc97ba5e commit 393b3925c695f1ab2cb8ab9af27d6e02dc97ba5e Author: Mikhail Teterin AuthorDate: 2024-01-03 02:50:38 +0000 Commit: Mikhail Teterin CommitDate: 2024-01-03 02:52:34 +0000 security/sst: upgrade from 1.23 to 1.26 Nudged by: portscout --- security/sst/Makefile | 2 +- security/sst/distinfo | 6 +- security/sst/files/Makefile | 3 +- security/sst/files/patch-sst.c | 322 ++--------------------------------------- 4 files changed, 20 insertions(+), 313 deletions(-) diff --git a/security/sst/Makefile b/security/sst/Makefile index 42d26ac5a149..9e7f37755fb1 100644 --- a/security/sst/Makefile +++ b/security/sst/Makefile @@ -1,5 +1,5 @@ PORTNAME= sst -PORTVERSION= 1.23 +PORTVERSION= 1.26 CATEGORIES= security MASTER_SITES= http://utcc.utoronto.ca/~pkern/stuff/sst/ diff --git a/security/sst/distinfo b/security/sst/distinfo index dab3f9c94762..63ed7a32120d 100644 --- a/security/sst/distinfo +++ b/security/sst/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1540048110 -SHA256 (sst-1.23.tar.xz) = 664031f4d2156a50225b27775bed35e94905b1a070a500511bec913200ae68d4 -SIZE (sst-1.23.tar.xz) = 11436 +TIMESTAMP = 1704245495 +SHA256 (sst-1.26.tar.xz) = 3c6f9a674f6d4813e2151d82f5a334c429cb8807f16daf6e3b11610168dbb781 +SIZE (sst-1.26.tar.xz) = 11728 diff --git a/security/sst/files/Makefile b/security/sst/files/Makefile index cfccf86ceb2b..53f82fe5b786 100644 --- a/security/sst/files/Makefile +++ b/security/sst/files/Makefile @@ -5,7 +5,8 @@ MANDIR=${PREFIX}/man/man CFLAGS+= -DCONFDIR='"${OPENSSLDIR}"' -DCERTF='"certs/sst.pem"' \ -I${OPENSSLINC} -Wno-comment -# -Wno-dangling-else not available in gcc-4.2, which is still around... +CFLAGS+= -Wno-deprecated +CFLAGS+= -Wno-dangling-else .if exists(/usr/bin/nc) CFLAGS+= -DNETCAT='"/usr/bin/nc"' .else diff --git a/security/sst/files/patch-sst.c b/security/sst/files/patch-sst.c index 326598238071..20b911e5a066 100644 --- a/security/sst/files/patch-sst.c +++ b/security/sst/files/patch-sst.c @@ -1,310 +1,16 @@ ---- sst.c 2015-05-06 09:24:06.000000000 -0400 -+++ sst.c 2018-11-04 18:57:40.626302000 -0500 -@@ -213,5 +213,5 @@ - */ - #ifndef lint --static char rcsid[] = "$Header: /c/src/local.bin/sst/RCS/sst.c,v 1.23 2015/05/06 13:24:00 pkern Exp $"; -+static const char rcsid[] = "$Header: /c/src/local.bin/sst/RCS/sst.c,v 1.23 2015/05/06 13:24:00 pkern Exp $"; - #endif - -@@ -267,8 +267,8 @@ - int self_signed_ok = 1; - --char *prog = "sst"; --char *host = NULL; --char *port = NULL; --char *method = NULL; -+const char *prog = "sst"; -+const char *host = NULL; -+const char *port = NULL; -+const char *method = NULL; - - char certfbuf[MAXPATHLEN], ssldbuf[MAXPATHLEN]; -@@ -316,6 +316,6 @@ - * All rights reserved. - */ --void --ERR_log_errors() -+static void -+ERR_log_errors(void) - { - unsigned long l; -@@ -333,5 +333,5 @@ - } - --void -+static void - show_SSL_errors() - { -@@ -340,4 +340,8 @@ - } - -+#ifndef __GNUC__ -+# define __attribute__(x) -+#endif -+ - #define SHOW_x(L,F,x) do { \ - if (logging) syslog((L), "%s", (x)); \ -@@ -367,5 +371,5 @@ - - --char *usageopts[] = { -+static const char *usageopts[] = { - "", - " options:", -@@ -389,5 +393,5 @@ - " -K pkey-file = use instead of the default private key file.", - " -D ssl-conf = use as the path to default cert/keys.", --" -M method = use a specific SSL method (ssl2, ssl3 or tls1).", -+" -M method = use a specific SSL method (ssl3 or tls1, etc.).", - #ifdef USE_EGD - " -E skt-path = use instead of the default EGD socket.", -@@ -403,7 +407,40 @@ - }; - --usage() -+struct method { -+ const char *name; -+ const SSL_METHOD * (*meth)(void); -+} methods[] = { -+#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x1010000fL -+ { "ssl2", SSLv2_method }, -+#endif -+#if !defined(OPENSSL_NO_SSL3) && OPENSSL_VERSION_NUMBER < 0x1020000fL -+ { "ssl3", SSLv3_method }, -+#endif -+#if !defined(OPENSSL_NO_TLS1_METHOD) -+ { "tls1", TLSv1_method }, -+#endif -+#if !defined(OPENSSL_NO_TLS1_1_METHOD) -+ { "tls1.1", TLSv1_1_method }, -+#endif -+#if !defined(OPENSSL_NO_TLS1_2_METHOD) -+ { "tls1.2", TLSv1_2_method }, -+#endif -+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL -+ { "dtls", DTLS_method }, -+#endif -+#if !defined(OPENSSL_NO_DTLS1_METHOD) && OPENSSL_VERSION_NUMBER >= 0x1010000fL -+ { "dtls1", DTLSv1_method }, -+#endif -+#if !defined(OPENSSL_NO_TLS1_2_METHOD) && OPENSSL_VERSION_NUMBER >= 0x1010000fL -+ { "dtls1.2", DTLSv1_2_method }, -+#endif -+ { NULL, SSLv23_method } -+}; -+ -+static void -+usage(void) - { -- char **uop = usageopts; -+ const char **uop = usageopts; -+ const struct method *m; - - if (logging) { -@@ -415,9 +452,14 @@ - while (*uop != NULL) fprintf(stderr, "%s\n", *uop++); - } -+ fprintf(stderr, " methods avalable for the -M option:\n"); -+ fprintf(stderr, " -----------------------------------\n"); -+ for (m = methods; m->name != NULL; m++) -+ fprintf(stderr, " %s", m->name); -+ fprintf(stderr, "\n"); - } - - /* reaper -- zombie prevention */ --void --reaper() -+static void -+reaper(int signal __attribute__((unused))) +--- sst.c 2019-07-23 20:08:49.000000000 -0400 ++++ sst.c 2024-01-02 21:39:44.403629000 -0500 +@@ -799,5 +799,5 @@ { - int w; -@@ -459,4 +501,5 @@ - * - EOF on rd when in server mode means the actual server has finished. - */ -+static void - relay(ssl, sd, rd, wd) - SSL *ssl; -@@ -594,28 +637,10 @@ - - if (verbose) { -- if (sizeof(off_t) > 4) { -- if (ssl != NULL) { -- SHOW_info1("bytes from ssl: %qd", nsr); -- SHOW_info1("bytes to ssl: %qd", nsw); -- } -- else { -- SHOW_info1("bytes from remote: %qd", nsr); -- SHOW_info1("bytes to remote: %qd", nsw); -- } -- SHOW_info1("bytes from local: %qd", nlr); -- SHOW_info1("bytes to local: %qd", nlw); -- } -- else { -- if (ssl != NULL) { -- SHOW_info1("bytes from ssl: %ld", nsr); -- SHOW_info1("bytes to ssl: %ld", nsw); -- } -- else { -- SHOW_info1("bytes from remote: %ld", nsr); -- SHOW_info1("bytes to remote: %ld", nsw); -- } -- SHOW_info1("bytes from local: %ld", nlr); -- SHOW_info1("bytes to local: %ld", nlw); -- } -+ const char *id = ssl ? "ssl" : "remote"; -+ -+ SHOW_info2("bytes from %5s: %jd", id, (intmax_t)nsr); -+ SHOW_info2("bytes to %5s: %jd", id, (intmax_t)nsw); -+ SHOW_info1("bytes from local: %jd", (intmax_t)nlr); -+ SHOW_info1("bytes to local: %jd", (intmax_t)nlw); - } - } -@@ -646,5 +671,5 @@ - - bp = X509_NAME_oneline(X509_get_subject_name(err_cert), 0, 0); -- if (bp) { subj = strdup(bp); CRYPTO_free(bp); } -+ if (bp) { subj = strdup(bp); OPENSSL_free(bp); } - - /* -@@ -688,9 +713,10 @@ - switch (err) { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: -- bp = X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), 0, 0); -+ bp = X509_NAME_oneline(X509_get_issuer_name( -+ X509_STORE_CTX_get_current_cert(ctx)), 0, 0); - if (bp == NULL) SHOW_err("verify: cert: no issuer."); - else { - if (debug > 1) SHOW_info1("verify: cert issuer: %s", bp); -- CRYPTO_free(bp); -+ OPENSSL_free(bp); - } - break; -@@ -703,5 +729,5 @@ - } - -- -+static void - peer_cert_prep(ctx) - SSL_CTX *ctx; -@@ -725,4 +751,5 @@ - * (note: beware of dynamic allocation) - */ -+static void - peer_cert_chk(ctx, ssl) - SSL_CTX *ctx; -@@ -751,5 +778,5 @@ - else { - SHOW_info1("peer cert subject: %s", bp); -- CRYPTO_free(bp); -+ OPENSSL_free(bp); - } - -@@ -758,5 +785,5 @@ - else { - SHOW_info1("peer cert issuer: %s", bp); -- CRYPTO_free(bp); -+ OPENSSL_free(bp); - } - } -@@ -782,5 +809,5 @@ - } - -- -+static void - cert_prep(ctx) - SSL_CTX *ctx; -@@ -804,5 +831,25 @@ - } - -+static const SSL_METHOD * -+discern_ssl_method(requested) -+const char *requested; -+{ -+ const struct method *m; -+ -+ if (requested == NULL) -+ goto highest; -+ -+ for (m = methods; m->name != NULL; m++) { -+ if (strcmp(m->name, requested) == 0) -+ return m->meth(); -+ } -+ -+ SHOW_info1("method `%s' not known, trying best available", requested); -+highest: -+ m = methods + sizeof(methods)/sizeof(methods[0]) - 1; /* Last entry */ -+ return m->meth(); -+} - -+static void - srvr_prep(ctx, ssl, sd) - SSL_CTX **ctx; -@@ -811,6 +858,5 @@ - { - int err; -- SSL_METHOD *meth; -- X509 *client_cert; -+ const SSL_METHOD *meth; - - /* -@@ -821,14 +867,5 @@ - SSLeay_add_ssl_algorithms(); - -- if (method == NULL) -- meth = SSLv23_server_method(); -- else if (strcmp(method, "ssl2") == 0) -- meth = SSLv2_server_method(); -- else if (strcmp(method, "ssl3") == 0) -- meth = SSLv3_server_method(); -- else if (strcmp(method, "tls1") == 0) -- meth = TLSv1_server_method(); -- else -- meth = SSLv23_server_method(); -+ meth = discern_ssl_method(method); - - *ctx = SSL_CTX_new (meth); -@@ -854,5 +891,5 @@ - } - -- -+static void - clnt_prep(ctx, ssl, sd) - SSL_CTX **ctx; -@@ -861,6 +898,5 @@ - { - int err; -- SSL_METHOD *meth; -- X509 *server_cert; -+ const SSL_METHOD *meth; - - /* -@@ -871,14 +907,5 @@ - SSLeay_add_ssl_algorithms(); - -- if (method == NULL) -- meth = SSLv23_client_method(); -- else if (strcmp(method, "ssl2") == 0) -- meth = SSLv2_client_method(); -- else if (strcmp(method, "ssl3") == 0) -- meth = SSLv3_client_method(); -- else if (strcmp(method, "tls1") == 0) -- meth = TLSv1_client_method(); -- else -- meth = SSLv23_client_method(); -+ meth = discern_ssl_method(method); - - *ctx = SSL_CTX_new (meth); -@@ -903,5 +930,5 @@ - } - -- -+int - main(ac, av) - int ac; -@@ -958,5 +985,4 @@ + int im; +- char *want = requested; ++ const char *want = requested; + + struct { +@@ -828,5 +828,5 @@ + { "dtls", DTLS_method }, + { "ssl23" , SSLv23_method }, +- { NULL, (SSL_METHOD *) NULL } ++ { NULL } + }; - if (errflg) { --usage: - usage(); - quit(1);