From owner-svn-ports-all@freebsd.org  Mon Apr  3 17:33:50 2017
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7EB67D2C09F;
 Mon,  3 Apr 2017 17:33:50 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5A0B132B;
 Mon,  3 Apr 2017 17:33:50 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v33HXngJ099013;
 Mon, 3 Apr 2017 17:33:49 GMT (envelope-from jkim@FreeBSD.org)
Received: (from jkim@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v33HXnZO099007;
 Mon, 3 Apr 2017 17:33:49 GMT (envelope-from jkim@FreeBSD.org)
Message-Id: <201704031733.v33HXnZO099007@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jkim set sender to
 jkim@FreeBSD.org using -f
From: Jung-uk Kim <jkim@FreeBSD.org>
Date: Mon, 3 Apr 2017 17:33:49 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r437668 - in head: Mk/Uses net/pipsecd net/pipsecd/files
 security/netpgp security/py-pow
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Apr 2017 17:33:50 -0000

Author: jkim
Date: Mon Apr  3 17:33:48 2017
New Revision: 437668
URL: https://svnweb.freebsd.org/changeset/ports/437668

Log:
  Remove obsolete OpenSSL hacks for IDEA crypto.
  
  We have some hacks in the ports tree to detect or to unconditionally disable
  IDEA crypto support.  These hacks existed because OpenSSL in FreeBSD 9.3 and
  earlier was shipped without IDEA support by default but we were allowed to
  enable it via WITH_IDEA src.conf(5) option.
  
  https://www.freebsd.org/cgi/man.cgi?query=src.conf&manpath=FreeBSD+9.3-RELEASE
  
  Therefore, we had to implement some hacks to support three different cases,
  i.e., a) 9.3 and earlier without IDEA crypto (default), b) 9.3 and earlier
  with IDEA crypto (via WITH_IDEA src.conf option), and c) 10.0 and later with
  unconditional IDEA support.  Now we can safely remove them because 9.3 and
  earlier is no longer supported.
  
  PR:		218233
  Exp-Run by:	antoine
  Approved by:	antoine (portmgr)

Modified:
  head/Mk/Uses/ssl.mk
  head/net/pipsecd/Makefile
  head/net/pipsecd/files/patch-tunip.c
  head/security/netpgp/Makefile
  head/security/py-pow/Makefile

Modified: head/Mk/Uses/ssl.mk
==============================================================================
--- head/Mk/Uses/ssl.mk	Mon Apr  3 17:20:32 2017	(r437667)
+++ head/Mk/Uses/ssl.mk	Mon Apr  3 17:33:48 2017	(r437668)
@@ -64,24 +64,6 @@ check-depends::
 	@${FALSE}
 .  endif
 
-# OpenSSL in the base system may not include IDEA for patent licensing reasons.
-.  if defined(MAKE_IDEA) && !defined(OPENSSL_IDEA)
-OPENSSL_IDEA=		${MAKE_IDEA}
-.  else
-OPENSSL_IDEA?=		NO
-.  endif
-
-.  if ${OPENSSL_IDEA} == "NO"
-# XXX This is a hack to work around the fact that /etc/make.conf clobbers
-#     our CFLAGS. It might not be enough for all future ports.
-.    if defined(HAS_CONFIGURE)
-CFLAGS+=		-DNO_IDEA
-.    else
-OPENSSL_CFLAGS+=	-DNO_IDEA
-.    endif
-MAKE_ARGS+=		OPENSSL_CFLAGS="${OPENSSL_CFLAGS}"
-.  endif
-
 .else # ${SSL_DEFAULT} != base
 
 OPENSSLBASE=		${LOCALBASE}

Modified: head/net/pipsecd/Makefile
==============================================================================
--- head/net/pipsecd/Makefile	Mon Apr  3 17:20:32 2017	(r437667)
+++ head/net/pipsecd/Makefile	Mon Apr  3 17:33:48 2017	(r437668)
@@ -3,7 +3,7 @@
 
 PORTNAME=	pipsecd
 PORTVERSION=	19991014
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	net security
 MASTER_SITES=	http://perso.telecom-paristech.fr/~beyssac/pipsec/ \
 		http://www.komquats.com/distfiles/

Modified: head/net/pipsecd/files/patch-tunip.c
==============================================================================
--- head/net/pipsecd/files/patch-tunip.c	Mon Apr  3 17:20:32 2017	(r437667)
+++ head/net/pipsecd/files/patch-tunip.c	Mon Apr  3 17:33:48 2017	(r437668)
@@ -9,13 +9,7 @@
  #include <netinet/in_systm.h>
  #include <netinet/in.h>
  #include <netinet/ip.h>
-@@ -54,12 +56,14 @@
- #include <blowfish.h>
- #include <cast.h>
- #include <des.h>
-+#ifndef NO_IDEA
- #include <idea.h>
-+#endif
+@@ -58,8 +60,8 @@
  
  #include "defs.h"
  
@@ -26,7 +20,7 @@
  #define _PATH_DEV_RANDOM	"/dev/random"
  
  #ifdef USE_ETHERTAP
-@@ -100,6 +104,7 @@ struct ethtap_header ethtap;
+@@ -100,6 +102,7 @@ struct ethtap_header ethtap;
  #endif
  
  unsigned char buf[MAX_HEADER+MAX_PACKET];
@@ -34,7 +28,7 @@
  
  typedef union {
      MD5_CTX md5;
-@@ -124,14 +129,16 @@ typedef struct hash_method {
+@@ -124,11 +127,11 @@ typedef struct hash_method {
  
  typedef union {
      BF_KEY bf;
@@ -49,49 +43,8 @@
 +	DES_key_schedule k3;
      } des3;
      CAST_KEY cast;
-+#ifndef NO_IDEA
      IDEA_KEY_SCHEDULE idea;
-+#endif
- } crypt_key;
- 
- typedef struct crypt_method {
-@@ -304,12 +311,14 @@ void cast_cbc_encrypt(unsigned char *iv,
- void cast_cbc_decrypt(unsigned char *iv, crypt_key *dk,
- 		      unsigned char *ct, unsigned int len);
- int cast_setkey(unsigned char *b, unsigned int len, crypt_key *k);
-+#ifndef NO_IDEA
- void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek,
- 			 unsigned char *t, unsigned int len);
- void my_idea_cbc_decrypt(unsigned char *iv, crypt_key *dk,
- 			 unsigned char *ct, unsigned int len);
- int my_idea_set_encrypt_key(unsigned char *b, unsigned int len, crypt_key *k);
- int my_idea_set_decrypt_key(unsigned char *b, unsigned int len, crypt_key *k);
-+#endif
- void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek,
- 			unsigned char *t, unsigned int len);
- void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk,
-@@ -379,14 +388,20 @@ hash_method_t hash_ripemd160 = {
- 
- hash_method_t *hash_list = &hash_ripemd160;
- 
-+#ifndef NO_IDEA
- crypt_method_t crypt_idea = {
-     NULL,
-     "idea_cbc", 8, 8,
-     my_idea_cbc_encrypt, my_idea_cbc_decrypt,
-     my_idea_set_encrypt_key, my_idea_set_decrypt_key
- };
-+#endif
- crypt_method_t crypt_cast = {
-+#ifndef NO_IDEA
-     &crypt_idea,
-+#else
-+    NULL,
-+#endif
-     "cast_cbc", 8, 8,
-     cast_cbc_encrypt, cast_cbc_decrypt,
-     cast_setkey, cast_setkey
-@@ -704,13 +719,22 @@ void tun_new(struct tun_method *this,
+@@ -704,13 +707,22 @@ void tun_new(struct tun_method *this,
   */
  int tun_send_ip(struct tun_method *this, struct encap_method *encap, int fd)
  {
@@ -115,7 +68,7 @@
      sent = write(fd, encap->buf, encap->buflen);
      if (sent != encap->buflen)
          syslog(LOG_ERR, "truncated in: %d -> %d\n", encap->buflen, sent);
-@@ -1120,6 +1144,7 @@ void config_read(FILE *cf)
+@@ -1120,6 +1132,7 @@ void config_read(FILE *cf)
  	    }
  	} else if (strcmp(arg, "if") == 0) {
  	    int fd;
@@ -123,7 +76,7 @@
  	    struct sa_desc *local_sa, *remote_sa;
  	    struct peer_desc *peer;
  
-@@ -1128,6 +1153,7 @@ void config_read(FILE *cf)
+@@ -1128,6 +1141,7 @@ void config_read(FILE *cf)
  		perror(arg);
  		continue;
  	    }
@@ -131,20 +84,7 @@
  
  	    local_sa = NULL;
  	    remote_sa = NULL;
-@@ -1974,6 +2000,7 @@ int cast_setkey(unsigned char *b, unsign
-     return 0;
- }
- 
-+#ifndef NO_IDEA
- void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek,
- 			 unsigned char *t, unsigned int len)
- {
-@@ -2002,11 +2029,12 @@ int my_idea_set_decrypt_key(unsigned cha
-     idea_set_decrypt_key(&k->idea, &k->idea);
-     return 0;
- }
-+#endif
- 
+@@ -2006,7 +2020,7 @@ int my_idea_set_decrypt_key(unsigned cha
  void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek,
  			unsigned char *t, unsigned int len)
  {
@@ -153,7 +93,7 @@
  }
  
  void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk,
-@@ -2018,7 +2046,7 @@ void my_des_cbc_decrypt(unsigned char *i
+@@ -2018,7 +2032,7 @@ void my_des_cbc_decrypt(unsigned char *i
      for (i = 0; i < len; i++) printf(" %02x", ct[i]);
      printf("\n");
  #endif
@@ -162,7 +102,7 @@
  #if 0
      printf("%d bytes after decrypt\n", len);
      for (i = 0; i < len; i++) printf(" %02x", ct[i]);
-@@ -2029,23 +2057,23 @@ void my_des_cbc_decrypt(unsigned char *i
+@@ -2029,23 +2043,23 @@ void my_des_cbc_decrypt(unsigned char *i
  int my_des_setkey(unsigned char *b, unsigned int len, crypt_key *k)
  {
      if (len == 8)
@@ -191,7 +131,7 @@
  			 iv, DES_DECRYPT);
  }
  
-@@ -2054,11 +2082,11 @@ int my_des3_setkey(unsigned char *b, uns
+@@ -2054,11 +2068,11 @@ int my_des3_setkey(unsigned char *b, uns
      if (len != 24)
  	return -1;
  
@@ -206,7 +146,7 @@
  	return -1;
  
      return 0;
-@@ -2081,6 +2109,11 @@ int null_setkey(unsigned char *b, unsign
+@@ -2081,6 +2095,11 @@ int null_setkey(unsigned char *b, unsign
      return 0;
  }
  
@@ -218,7 +158,7 @@
  int main(int argc, char **argv)
  {
      time_t t;
-@@ -2088,9 +2121,14 @@ int main(int argc, char **argv)
+@@ -2088,9 +2107,14 @@ int main(int argc, char **argv)
      int pack, i;
      struct sockaddr_in from;
      struct stat sb;
@@ -233,7 +173,7 @@
      openlog ("pipsecd", LOG_PID, LOG_DAEMON);
      syslog (LOG_NOTICE, "pipsecd starting");
  
-@@ -2113,7 +2151,21 @@ int main(int argc, char **argv)
+@@ -2113,7 +2137,21 @@ int main(int argc, char **argv)
      if (encap_icmp_new(&encap_meth[ENCAP_ICMP], IPPROTO_ICMP) == -1)
  	exit(1);
  
@@ -256,7 +196,7 @@
      if (f == NULL) {
  	perror("configuration file");
  	exit(1);
-@@ -2123,8 +2175,8 @@ int main(int argc, char **argv)
+@@ -2123,8 +2161,8 @@ int main(int argc, char **argv)
      fclose(f);
  
      /* Execute startup script, if any */

Modified: head/security/netpgp/Makefile
==============================================================================
--- head/security/netpgp/Makefile	Mon Apr  3 17:20:32 2017	(r437667)
+++ head/security/netpgp/Makefile	Mon Apr  3 17:33:48 2017	(r437668)
@@ -18,8 +18,5 @@ INSTALL_TARGET=	install-strip
 CPPFLAGS+=	-I${OPENSSLINC}
 CFLAGS+=	-I${OPENSSLINC} -Wno-error
 LDFLAGS+=	-L${OPENSSLLIB}
-.if !exists(${OPENSSLINC}/openssl/idea.h)
-CFLAGS+=	-DOPENSSL_NO_IDEA
-.endif
 
 .include <bsd.port.post.mk>

Modified: head/security/py-pow/Makefile
==============================================================================
--- head/security/py-pow/Makefile	Mon Apr  3 17:20:32 2017	(r437667)
+++ head/security/py-pow/Makefile	Mon Apr  3 17:33:48 2017	(r437668)
@@ -3,7 +3,7 @@
 
 PORTNAME=	pow
 PORTVERSION=	0.7
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security python
 MASTER_SITES=	SF/${PORTNAME}/POW/POW-${PORTVERSION}
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
@@ -26,7 +26,7 @@ post-patch:
 	@${REINPLACE_CMD} -e 's|licence|license|' ${WRKSRC}/setup.py
 
 do-build:
-	cd ${WRKSRC} && ${PYTHON_CMD} ${PYSETUP} build_ext -D NO_IDEA -D NO_RC5_32_12_16 ${PYDISTUTILS_BUILD_TARGET}
+	cd ${WRKSRC} && ${PYTHON_CMD} ${PYSETUP} build_ext -D NO_RC5_32_12_16 ${PYDISTUTILS_BUILD_TARGET}
 
 post-install:
 	@${STRIP_CMD} ${STAGEDIR}${PYTHONPREFIX_SITELIBDIR}/POW/_POW.so