Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_149524435263890"
MIME-Version: 1.0
Date: Sat, 20 May 2017 01:39:12 +0000
From: "Amitai Schleier" <schmonz@netbsd.org>
Subject: CVS commit: pkgsrc/net/ucspi-ssl
To: pkgsrc-changes@NetBSD.org
Reply-To: schmonz@netbsd.org
Message-Id: <20170520013912.9E0B8FBE4@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_149524435263890
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	schmonz
Date:		Sat May 20 01:39:12 UTC 2017

Modified Files:
	pkgsrc/net/ucspi-ssl: Makefile distinfo options.mk

Log Message:
Update to 0.99 (new upstream). From the changelog:

Included ucspi-ssl-0.70_ucspitls-0.6.patch (STARTTLS support)
originally designed and provided by Scott Gifford (FEH).

Added Certchain support for sslserver and sslclient (FEH).

Integration and added man-pages (FEH).

Synced with ucspi-tcp6-0.95.

Fixed integration bug in ssl_very.c.
Included patches from Peter Conrad.

Bug fix in sslserver. Several small
corrections.

Fix for large X509 serial numbers on x86 (tx. Peter Conrad).
SAN DNSname has precedence over CN in subject.
Re-edited man pages and rts tests.

Added IPv6 support (tx. to Felix von Leitner and Brandon Turner).
UI: Changed sslserver client cert call from '-i/-I' to '-z/-Z'
for compatibility reasons.
Added '-4/-6' support for client scripts.

Added output environment variables TCP6* for sslserver.
sslperl, sslhandle, and sslprint are not IPv6 ready yet.

Added IPv6 capabilities to sslhandle, sslprint, sslperl.
Changed verification of X.509 certs.
Removed obsolete socket_4 calls in sslserver.

Streamlined code with ucspi-tcp6-1.00.
Supplied new certs with customized SAN.
Make rts working (at least some how).

Added support for personalized client certs.
New option '-m' in sslserver, complementing '-z'.
CCAFILE='-' disables client cert request.

Added verbose log output for SSL connection informations.

Fixed wrongly nested CONNECT error code for sslclient.c
producing wrong warning messages while connecting to
an IPv4 address.
Added call of '-ldl' in ssl.lib.

Mitigation of SSL connection hanging during
coincident change of daylight-saving settings.

Fixed bug in sslserver's dnsip lookup in case of paranoid settings
and additonal existance of IPv6 AAAA records for incoming IPv4 connection.

Serveral fixes from 'troy@' included to cope with compiler errors and
to solve a bug in function getbitasaddress in ip4_bit.c (= ucspi-tcp6-1.02).
Reordered conf-* variables in main dir to allow easier generation of
packages (i.e. RPM). Fixed script to identify different HW architecture
and OS. This version works in 32 bit mode on Raspian Linux / RasPi 7.

Added ECDH capabilites (tx to Frank Bergmann for the patches).

Added compatibility with LibreSSL.
Fixed missing negative return call treatment from 'poll' (tx Frank Bergmann).
Tentative 'emake' fix for Gentoo build.

Added OpenSSL 1.1 tweaks -- works under Debian (9) 'Stretch'.


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 pkgsrc/net/ucspi-ssl/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/ucspi-ssl/distinfo \
    pkgsrc/net/ucspi-ssl/options.mk

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_149524435263890
Content-Disposition: inline
Content-Length: 4031
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/net/ucspi-ssl/Makefile
diff -u pkgsrc/net/ucspi-ssl/Makefile:1.14 pkgsrc/net/ucspi-ssl/Makefile:1.15
--- pkgsrc/net/ucspi-ssl/Makefile:1.14	Wed Jun  8 19:24:16 2016
+++ pkgsrc/net/ucspi-ssl/Makefile	Sat May 20 01:39:12 2017
@@ -1,13 +1,13 @@
-# $NetBSD: Makefile,v 1.14 2016/06/08 19:24:16 wiz Exp $
+# $NetBSD: Makefile,v 1.15 2017/05/20 01:39:12 schmonz Exp $
 #
 
-DISTNAME=		ucspi-ssl-0.70
-PKGREVISION=		11
+DISTNAME=		ucspi-ssl-0.99
 CATEGORIES=		net
-MASTER_SITES=		${HOMEPAGE}
+MASTER_SITES=		http://www.fehcom.de/ipnet/ucspi-ssl/
+EXTRACT_SUFX=		.tgz
 
 MAINTAINER=		schmonz@NetBSD.org
-HOMEPAGE=		http://www.superscript.com/ucspi-ssl/
+HOMEPAGE=		http://www.fehcom.de/ipnet/ucspi-ssl.html
 COMMENT=		Command-line tools for SSL client-server applications
 
 DEPENDS+=		ucspi-tcp-[0-9]*:../../net/ucspi-tcp
@@ -27,19 +27,14 @@ SUBST_MESSAGE.paths=	Fixing paths.
 
 PLIST_SRC=		${PKGDIR}/PLIST
 
+DJB_CONFIG_DIR=		${WRKSRC}
 DJB_CONFIG_CMDS=							\
-	${ECHO} ${LOCALBASE}/bin > conf-tcpbin;				\
+	${ECHO} ${PREFIX}/bin > conf-tcpbin;				\
 	${ECHO} > conf-ssl;						\
-	${ECHO} ${PKG_SYSCONFDIR} > conf-cadir;
+	${ECHO} ${SSLDIR} > conf-cadir;
 
 .include "../../mk/bsd.prefs.mk"
 
-# from ../../security/openssl/Makefile
-.if ${OPSYS} == "NetBSD"
-PKG_SYSCONFDIR.ucspi-ssl?=	/etc/openssl
-.endif
-PKG_SYSCONFSUBDIR=	openssl
-
 INSTALLATION_DIRS=	bin share/doc/ucspi-ssl
 
 do-install:
@@ -52,7 +47,7 @@ do-install:
 .	endfor
 
 .	for i in CHANGES TODO UCSPI-SSL
-	  ${INSTALL_DATA} ${WRKSRC}/src/${i} \
+	  ${INSTALL_DATA} ${WRKSRC}/doc/${i} \
 	    ${DESTDIR}${PREFIX}/share/doc/ucspi-ssl
 .	endfor
 

Index: pkgsrc/net/ucspi-ssl/distinfo
diff -u pkgsrc/net/ucspi-ssl/distinfo:1.3 pkgsrc/net/ucspi-ssl/distinfo:1.4
--- pkgsrc/net/ucspi-ssl/distinfo:1.3	Thu Dec 15 12:18:44 2016
+++ pkgsrc/net/ucspi-ssl/distinfo	Sat May 20 01:39:12 2017
@@ -1,10 +1,6 @@
-$NetBSD: distinfo,v 1.3 2016/12/15 12:18:44 schmonz Exp $
+$NetBSD: distinfo,v 1.4 2017/05/20 01:39:12 schmonz Exp $
 
-SHA1 (ucspi-ssl-0.70.tar.gz) = 56466bc4a7272ebd937f4ae20dbdcce30235be27
-RMD160 (ucspi-ssl-0.70.tar.gz) = 68e8118b954e0f626b8fede95f562bdaa1f72659
-SHA512 (ucspi-ssl-0.70.tar.gz) = fe2b7d3af8d40dedf07b644638f2d44f6780ae0a7d0b783ac11046738b862c7fa9fcd719ac11424f9c5ffd5de9bb0814ad2ef993c9cfa649dcc49aeacb2e948d
-Size (ucspi-ssl-0.70.tar.gz) = 85111 bytes
-SHA1 (ucspi-ssl-0.70-ucspitls-0.1.patch) = f49b9363ae69698c925aba4d3eb76ffce58f4e5b
-RMD160 (ucspi-ssl-0.70-ucspitls-0.1.patch) = 83f6dda689d3c5713d034c100dc09d6fc199dc0c
-SHA512 (ucspi-ssl-0.70-ucspitls-0.1.patch) = 90f8eb66d85c0f72ee1529b3a54e469a7fd6ae99299f9b893c876dd88f3007823363c9922a8527b71ad2273909d065642f79bafd72308720312081e5da272b4e
-Size (ucspi-ssl-0.70-ucspitls-0.1.patch) = 11967 bytes
+SHA1 (ucspi-ssl-0.99.tgz) = 4613681aaf7096a9851104779bfabfdaec167819
+RMD160 (ucspi-ssl-0.99.tgz) = aec40fcd5d5a9baa6f864130bc82a3aa779a7cbb
+SHA512 (ucspi-ssl-0.99.tgz) = 2fd29d0f6b31b54f2b53206c6ccd0cf35c759834f34aab26d2a883319d33ff2257163150fc85a2e450c7bd81ce7bbed7b59c4013d71a35a9b3446a6338cb406e
+Size (ucspi-ssl-0.99.tgz) = 112640 bytes
Index: pkgsrc/net/ucspi-ssl/options.mk
diff -u pkgsrc/net/ucspi-ssl/options.mk:1.3 pkgsrc/net/ucspi-ssl/options.mk:1.4
--- pkgsrc/net/ucspi-ssl/options.mk:1.3	Sat Sep 17 11:12:26 2011
+++ pkgsrc/net/ucspi-ssl/options.mk	Sat May 20 01:39:12 2017
@@ -1,8 +1,7 @@
-# $NetBSD: options.mk,v 1.3 2011/09/17 11:12:26 shattered Exp $
+# $NetBSD: options.mk,v 1.4 2017/05/20 01:39:12 schmonz Exp $
 
 PKG_OPTIONS_VAR=	PKG_OPTIONS.ucspi-ssl
-PKG_SUPPORTED_OPTIONS+=	perl tls
-PKG_OPTIONS_LEGACY_OPTS+=	ucspi-ssl-perl:perl
+PKG_SUPPORTED_OPTIONS+=	perl
 
 .include "../../mk/bsd.options.mk"
 
@@ -15,10 +14,3 @@ DJB_CONFIG_CMDS+=	${ECHO} ${PERL5} > con
 .else
 DJB_BUILD_ARGS+=	- sslperl
 .endif
-
-.if !empty(PKG_OPTIONS:Mtls)
-TLS_PATCH=		ucspi-ssl-0.70-ucspitls-0.1.patch
-PATCHFILES+=		${TLS_PATCH}
-SITES.${TLS_PATCH}=	http://www.suspectclass.com/~sgifford/ucspi-tls/files/
-PATCH_DIST_STRIP.${TLS_PATCH}=	-p1
-.endif


--_----------=_149524435263890--