Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_158708287886640"
MIME-Version: 1.0
Date: Fri, 17 Apr 2020 00:21:18 +0000
From: "Joerg Sonnenberger" <joerg@netbsd.org>
Subject: CVS commit: pkgsrc/mail/cone
To: pkgsrc-changes@NetBSD.org
Reply-To: joerg@netbsd.org
Message-Id: <20200417002118.13E35FB27@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_158708287886640
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	joerg
Date:		Fri Apr 17 00:21:17 UTC 2020

Modified Files:
	pkgsrc/mail/cone: distinfo
Added Files:
	pkgsrc/mail/cone/patches: patch-tcpd_configure
	    patch-tcpd_libcouriertls.c

Log Message:
Adjust for OpenSSL 1.1


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/cone/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/mail/cone/patches/patch-tcpd_configure \
    pkgsrc/mail/cone/patches/patch-tcpd_libcouriertls.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_158708287886640
Content-Disposition: inline
Content-Length: 6323
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/mail/cone/distinfo
diff -u pkgsrc/mail/cone/distinfo:1.11 pkgsrc/mail/cone/distinfo:1.12
--- pkgsrc/mail/cone/distinfo:1.11	Sun Mar 22 21:24:56 2020
+++ pkgsrc/mail/cone/distinfo	Fri Apr 17 00:21:17 2020
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.11 2020/03/22 21:24:56 joerg Exp $
+$NetBSD: distinfo,v 1.12 2020/04/17 00:21:17 joerg Exp $
 
 SHA1 (cone-0.90.tar.bz2) = 51614269ed0b8c091de4573bacefe5f394a08311
 RMD160 (cone-0.90.tar.bz2) = 2b2a924d8726535654c74c9d98d7e444aff9fd5e
@@ -18,3 +18,5 @@ SHA1 (patch-libmail-mboxgetmessage.C) = 
 SHA1 (patch-libmail-mboxread.C) = 940eab3b9040d9362f816d9af4d9bcc305701ae6
 SHA1 (patch-libmail-tmpaccount.C) = dbd3d7bde51e9c94b3258fcb2fca6b9077f9ad12
 SHA1 (patch-libmail_addmessage.H) = 27a07ef263bd351938e658c7f8c7faed44376479
+SHA1 (patch-tcpd_configure) = eba2223ad6a62e273c8da6cfe0ba2cf141680470
+SHA1 (patch-tcpd_libcouriertls.c) = ffe6d71d7c1092c88f5ac496ee12e41d2db5e3bb

Added files:

Index: pkgsrc/mail/cone/patches/patch-tcpd_configure
diff -u /dev/null pkgsrc/mail/cone/patches/patch-tcpd_configure:1.1
--- /dev/null	Fri Apr 17 00:21:18 2020
+++ pkgsrc/mail/cone/patches/patch-tcpd_configure	Fri Apr 17 00:21:17 2020
@@ -0,0 +1,54 @@
+$NetBSD: patch-tcpd_configure,v 1.1 2020/04/17 00:21:17 joerg Exp $
+
+SSL_load_error_strings is no long a symbol in OpenSSL 1.1.
+
+--- tcpd/configure.orig	2020-04-13 20:46:43.239442081 +0000
++++ tcpd/configure
+@@ -12863,9 +12863,9 @@ else
+ fi
+ 
+ 
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_load_error_strings in -lssl" >&5
+-$as_echo_n "checking for SSL_load_error_strings in -lssl... " >&6; }
+-if ${ac_cv_lib_ssl_SSL_load_error_strings+:} false; then :
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL_init_ssl in -lssl" >&5
++$as_echo_n "checking for OPENSSL_init_ssl in -lssl... " >&6; }
++if ${ac_cv_lib_ssl_OPENSSL_init_ssl+:} false; then :
+   $as_echo_n "(cached) " >&6
+ else
+   ac_check_lib_save_LIBS=$LIBS
+@@ -12879,27 +12879,27 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_
+ #ifdef __cplusplus
+ extern "C"
+ #endif
+-char SSL_load_error_strings ();
++char OPENSSL_init_ssl ();
+ int
+ main ()
+ {
+-return SSL_load_error_strings ();
++return OPENSSL_init_ssl ();
+   ;
+   return 0;
+ }
+ _ACEOF
+ if ac_fn_c_try_link "$LINENO"; then :
+-  ac_cv_lib_ssl_SSL_load_error_strings=yes
++  ac_cv_lib_ssl_OPENSSL_init_ssl=yes
+ else
+-  ac_cv_lib_ssl_SSL_load_error_strings=no
++  ac_cv_lib_ssl_OPENSSL_init_ssl=no
+ fi
+ rm -f core conftest.err conftest.$ac_objext \
+     conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_load_error_strings" >&5
+-$as_echo "$ac_cv_lib_ssl_SSL_load_error_strings" >&6; }
+-if test "x$ac_cv_lib_ssl_SSL_load_error_strings" = xyes; then :
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_OPENSSL_init_ssl" >&5
++$as_echo "$ac_cv_lib_ssl_OPENSSL_init_ssl" >&6; }
++if test "x$ac_cv_lib_ssl_OPENSSL_init_ssl" = xyes; then :
+   have_ssl=yes
+ else
+   have_ssl=no
Index: pkgsrc/mail/cone/patches/patch-tcpd_libcouriertls.c
diff -u /dev/null pkgsrc/mail/cone/patches/patch-tcpd_libcouriertls.c:1.1
--- /dev/null	Fri Apr 17 00:21:18 2020
+++ pkgsrc/mail/cone/patches/patch-tcpd_libcouriertls.c	Fri Apr 17 00:21:17 2020
@@ -0,0 +1,90 @@
+$NetBSD: patch-tcpd_libcouriertls.c,v 1.1 2020/04/17 00:21:17 joerg Exp $
+
+Update for OpenSSL 1.1 interface.
+
+--- tcpd/libcouriertls.c.orig	2020-04-13 20:52:41.051633714 +0000
++++ tcpd/libcouriertls.c
+@@ -138,9 +138,9 @@ static int verifypeer(const struct tls_i
+ 	{
+ 		STACK_OF(X509) *peer_cert_chain=SSL_get_peer_cert_chain(ssl);
+ 
+-		if (peer_cert_chain && peer_cert_chain->stack.num > 0)
++		if (peer_cert_chain && sk_X509_num(peer_cert_chain) > 0)
+ 		{
+-			X509 *xx=(X509 *)peer_cert_chain->stack.data[0];
++			X509 *xx=sk_X509_value(peer_cert_chain, 0);
+ 
+ 			if (xx)
+ 				subj=X509_get_subject_name(xx);
+@@ -415,16 +415,15 @@ static int client_cert_cb(ssl_handle ssl
+ 			continue;
+ 		}
+ 
+-		for (i=0; client_cas && i<client_cas->stack.num; i++)
++		for (i=0; client_cas && i<sk_X509_NAME_num(client_cas); i++)
+ 		{
+-			X509_NAME *cert=(X509_NAME *)client_cas->stack.data[i];
++			X509_NAME *cert=sk_X509_NAME_value(client_cas, i);
+ 
+-			if (X509_NAME_cmp(cert,
+-					  x->cert_info->issuer) == 0)
++			if (X509_NAME_cmp(cert, X509_get_issuer_name(x)) == 0)
+ 				break;
+ 		}
+ 
+-		if (!client_cas || i >= client_cas->stack.num)
++		if (!client_cas || i >= sk_X509_NAME_num(client_cas))
+ 		{
+ 			BIO_free(certbio);
+ 			continue;
+@@ -552,7 +551,7 @@ SSL_CTX *tls_create(int isserver, const 
+ 		protocol="SSL23";
+ 
+ 	ctx=SSL_CTX_new(protocol && strcmp(protocol, "SSL3") == 0
+-			? SSLv3_method():
++			? SSLv23_method():
+ 			protocol && strcmp(protocol, "SSL23") == 0
+ 			? SSLv23_method():
+ 			TLSv1_method());
+@@ -740,8 +739,8 @@ static int cache_add(SSL *ssl, SSL_SESSI
+ 	unsigned char *ucp;
+ 	time_t timeout= (time_t)SSL_SESSION_get_time(sess)
+ 		+ SSL_SESSION_get_timeout(sess);
+-	void *session_id=(void *)sess->session_id;
+-	size_t session_id_len=sess->session_id_length;
++	unsigned int session_id_len;
++	void *session_id = SSL_SESSION_get_id(sess, &session_id_len);
+ 	size_t sess_len=i2d_SSL_SESSION(sess, NULL);
+ 
+ 	if (sizeof(timeout) + sizeof(session_id_len) + session_id_len +
+@@ -851,9 +850,7 @@ static void cache_del(SSL_CTX *ctx, SSL_
+ 	struct walk_info wi;
+ 
+ 	wi.now=0;
+-
+-	wi.id=(unsigned char *)sess->session_id;
+-	wi.id_len=sess->session_id_length;
++	wi.id = SSL_SESSION_get_id(sess, &wi.id_len);
+ 	if (tls_cache_walk(info->tlscache, del_func, &wi) < 0)
+ 		perror("ALERT: tls_cache_walk: ");
+ }
+@@ -1360,8 +1357,8 @@ void tls_dump_connection_info(ssl_handle
+ 			}
+ 		}
+ 
+-		for (i=0; peer_cert_chain && i<peer_cert_chain->stack.num; i++)
+-			dump_x509((X509 *)peer_cert_chain->stack.data[i],
++		for (i=0; peer_cert_chain && i<sk_X509_num(peer_cert_chain); i++)
++			dump_x509(sk_X509_value(peer_cert_chain, i),
+ 				  dump_func, dump_arg);
+ 	}
+ 
+@@ -1539,7 +1536,7 @@ char *tls_cert_name(const char *buf, siz
+ 
+ 	if (x)
+ 	{
+-		p=X509_NAME_oneline(x->cert_info->subject, NULL, 0);
++		p=X509_NAME_oneline(X509_get_subject_name(x), NULL, 0);
+ 		X509_free(x);
+ 	}
+ 	ERR_clear_error();


--_----------=_158708287886640--