 @@ -1,37 +1,25 @@
-# $NetBSD: Makefile,v 1.51 2020/04/24 12:14:01 nia Exp $
+# $NetBSD: Makefile,v 1.52 2020/04/25 13:47:31 nia Exp $
 DISTNAME=		cadaver-0.23.3
-PKGREVISION=		5
+PKGREVISION=		6
 CATEGORIES=		www
-#MASTER_SITES=		http://www.webdav.org/cadaver/
+MASTER_SITES=		http://www.webdav.org/cadaver/
 MAINTAINER=		pkgsrc-users@NetBSD.org
-#HOMEPAGE=		http://www.webdav.org/cadaver/
+HOMEPAGE=		http://www.webdav.org/cadaver/
 COMMENT=		Command-line WebDAV client
 LICENSE=		gnu-gpl-v2
 BROKEN=			"Fails to build with OpenSSL 1.1"
 BUILD_TARGET=		cadaver
 GNU_CONFIGURE=		YES
 USE_PKGLOCALEDIR=	yes
 CONFIGURE_ARGS+=	--enable-netrc
 CONFIGURE_ARGS+=	--with-expat
-#CONFIGURE_ARGS+=	--with-included-neon
+CONFIGURE_ARGS+=	--with-ssl=gnutls
 CONFIGURE_ARGS+=	--with-ssl=yes
 LIBS+=			${BUILDLINK_LDADD.termcap}
 #INSTALL_MAKE_FLAGS+=	bindir=${DESTDIR:Q}${PREFIX:Q}/bin		\
 #			mandir=${DESTDIR:Q}${PREFIX:Q}/${PKGMANDIR:Q}
 .include "../../mk/readline.buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
 .include "../../textproc/expat/buildlink3.mk"
 .include "../../www/neon/buildlink3.mk"
 .include "../../devel/gettext-lib/buildlink3.mk"
-# DON'T make this package depend on the www/neon package until neon
+.include "../../security/gnutls/buildlink3.mk"
 # becomes stable; keep it using its internal copy of neon as with
 # www/sitecopy.  This package has in the past bounced back and forth
 # between using external and internal neon because neon moves faster
 # than cadaver, and does so incompatibly.
 .include "../../mk/bsd.pkg.mk"

 @@ -1,7 +1,11 @@
-$NetBSD: distinfo,v 1.10 2015/11/04 02:46:51 agc Exp $
+$NetBSD: distinfo,v 1.11 2020/04/25 13:47:31 nia Exp $
 SHA1 (cadaver-0.23.3.tar.gz) = 4ad8ea2341b77e7dee26b46e4a8a496f1a2962cd
 RMD160 (cadaver-0.23.3.tar.gz) = 104f687cfd121b091ba2f509b37574509b4ffabd
 SHA512 (cadaver-0.23.3.tar.gz) = 48fe0a266be0ca7239f325377e5e2a8dc57a5d60466c7160e36c060ad24c09a50727695b9fa931844b1e66e173ebbb838f390d6c60fd07b614bd3b636cd4dd41
 Size (cadaver-0.23.3.tar.gz) = 831884 bytes
 SHA1 (patch-aa) = 6b8391e825d8bc4131fdab4aee7214a0181a9b69
 SHA1 (patch-lib_neon_ne__auth.c) = b3be23038af390d52830e1c00c8313606e79ba96
 SHA1 (patch-lib_neon_ne__gnutls.c) = ab502c65db85b2e2db100dcbaad3f51de3e9e895
 SHA1 (patch-lib_neon_ne__privssl.h) = 83431345d2333423c664ce4f764683b1ee48b571
 SHA1 (patch-lib_neon_ne__socket.c) = effeded3caa19853b1845fdeea4754491f11e009

$NetBSD: patch-lib_neon_ne__auth.c,v 1.1 2020/04/25 13:47:31 nia Exp $ Fix build with newer gnutls. --- lib/neon/ne_auth.c.orig 2009-12-02 21:27:34.000000000 +0000 +++ lib/neon/ne_auth.c @@ -46,7 +46,7 @@ #ifdef HAVE_OPENSSL #include <openssl/rand.h> #elif defined(HAVE_GNUTLS) -#include <gcrypt.h> +#include <gnutls/crypto.h> #endif #include <errno.h> @@ -316,7 +316,7 @@ static char *get_cnonce(void) #ifdef HAVE_GNUTLS if (1) { - gcry_create_nonce(data, sizeof data); + gnutls_rnd(GNUTLS_RND_NONCE, data, sizeof data); ne_md5_process_bytes(data, sizeof data, hash); } else

$NetBSD: patch-lib_neon_ne__gnutls.c,v 1.1 2020/04/25 13:47:31 nia Exp $ Fix build with newer gnutls. --- lib/neon/ne_gnutls.c.orig 2009-12-02 21:40:41.000000000 +0000 +++ lib/neon/ne_gnutls.c @@ -33,15 +33,13 @@ #include <errno.h> #include <gnutls/gnutls.h> +#include <gnutls/abstract.h> #include <gnutls/pkcs12.h> #ifdef NE_HAVE_TS_SSL #include <errno.h> #include <pthread.h> -#include <gcrypt.h> GCRY_THREAD_OPTION_PTHREAD_IMPL; -#else -#include <gcrypt.h> #endif #ifdef HAVE_ICONV @@ -67,30 +65,30 @@ struct ne_ssl_dname_s { gnutls_x509_dn_t dn; #else int subject; /* non-zero if this is the subject DN object */ - gnutls_x509_crt cert; + gnutls_x509_crt_t cert; #endif }; struct ne_ssl_certificate_s { ne_ssl_dname subj_dn, issuer_dn; - gnutls_x509_crt subject; + gnutls_x509_crt_t subject; ne_ssl_certificate *issuer; char *identity; }; struct ne_ssl_client_cert_s { - gnutls_pkcs12 p12; + gnutls_pkcs12_t p12; int decrypted; /* non-zero if successfully decrypted. */ int keyless; ne_ssl_certificate cert; - gnutls_x509_privkey pkey; + gnutls_x509_privkey_t pkey; char *friendly_name; }; /* Returns the highest used index in subject (or issuer) DN of * certificate CERT for OID, or -1 if no RDNs are present in the DN * using that OID. */ -static int oid_find_highest_index(gnutls_x509_crt cert, int subject, const char *oid) +static int oid_find_highest_index(gnutls_x509_crt_t cert, int subject, const char *oid) { int ret, idx = -1; @@ -113,7 +111,7 @@ static int oid_find_highest_index(gnutls #ifdef HAVE_ICONV static void convert_dirstring(ne_buffer *buf, const char *charset, - gnutls_datum *data) + gnutls_datum_t *data) { iconv_t id = iconv_open("UTF-8", charset); size_t inlen = data->size, outlen = buf->length - buf->used; @@ -150,7 +148,7 @@ static void convert_dirstring(ne_buffer #define TAG_UNIVERSAL (28) #define TAG_BMP (30) -static void append_dirstring(ne_buffer *buf, gnutls_datum *data, unsigned long tag) +static void append_dirstring(ne_buffer *buf, gnutls_datum_t *data, unsigned long tag) { switch (tag) { case TAG_UTF8: @@ -240,7 +238,7 @@ char *ne_ssl_readable_dname(const ne_ssl /* Appends the value of RDN with given oid from certitifcate x5 * subject (if subject is non-zero), or issuer DN to buffer 'buf': */ -static void append_rdn(ne_buffer *buf, gnutls_x509_crt x5, int subject, const char *oid) +static void append_rdn(ne_buffer *buf, gnutls_x509_crt_t x5, int subject, const char *oid) { int idx, top, ret; char rdn[50]; @@ -353,7 +351,7 @@ void ne_ssl_cert_validity_time(const ne_ * If 'identity' is non-NULL, store the malloc-allocated identity in * *identity. If 'server' is non-NULL, it must be the network address * of the server in use, and identity must be NULL. */ -static int check_identity(const ne_uri *server, gnutls_x509_crt cert, +static int check_identity(const ne_uri *server, gnutls_x509_crt_t cert, char **identity) { char name[255]; @@ -460,7 +458,7 @@ static int check_identity(const ne_uri * * that x5 is owned by returned cert object and must not be otherwise * freed by the caller. */ static ne_ssl_certificate *populate_cert(ne_ssl_certificate *cert, - gnutls_x509_crt x5) + gnutls_x509_crt_t x5) { #ifdef HAVE_NEW_DN_API gnutls_x509_crt_get_subject(x5, &cert->subj_dn.dn); @@ -479,12 +477,12 @@ static ne_ssl_certificate *populate_cert } /* Returns a copy certificate of certificate SRC. */ -static gnutls_x509_crt x509_crt_copy(gnutls_x509_crt src) +static gnutls_x509_crt_t x509_crt_copy(gnutls_x509_crt_t src) { int ret; size_t size; - gnutls_datum tmp; - gnutls_x509_crt dest; + gnutls_datum_t tmp; + gnutls_x509_crt_t dest; if (gnutls_x509_crt_init(&dest) != 0) { return NULL; @@ -547,10 +545,10 @@ dup_error: } /* Callback invoked when the SSL server requests a client certificate. */ -static int provide_client_cert(gnutls_session session, - const gnutls_datum *req_ca_rdn, int nreqs, - const gnutls_pk_algorithm *sign_algos, - int sign_algos_length, gnutls_retr_st *st) +static int provide_client_cert(gnutls_session_t session, + const gnutls_datum_t *req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t *sign_algos, + int sign_algos_length, gnutls_retr2_st *st) { ne_session *sess = gnutls_session_get_ptr(session); @@ -606,11 +604,11 @@ static int provide_client_cert(gnutls_se } if (sess->client_cert) { - gnutls_certificate_type type = gnutls_certificate_type_get(session); + gnutls_certificate_type_t type = gnutls_certificate_type_get(session); if (type == GNUTLS_CRT_X509) { NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n"); - st->type = type; + st->cert_type = type; st->ncerts = 1; st->cert.x509 = &sess->client_cert->cert.subject; st->key.x509 = sess->client_cert->pkey; @@ -639,8 +637,7 @@ ne_ssl_context *ne_ssl_context_create(in ne_ssl_context *ctx = ne_calloc(sizeof *ctx); gnutls_certificate_allocate_credentials(&ctx->cred); if (flags == NE_SSL_CTX_CLIENT) { - gnutls_certificate_client_set_retrieve_function(ctx->cred, - provide_client_cert); + gnutls_certificate_set_retrieve_function(ctx->cred, provide_client_cert); } gnutls_certificate_set_verify_flags(ctx->cred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); @@ -689,9 +686,9 @@ void ne_ssl_context_destroy(ne_ssl_conte #ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS /* Return the issuer of the given certificate, or NULL if none can be * found. */ -static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list, +static gnutls_x509_crt_t find_issuer(gnutls_x509_crt_t *ca_list, unsigned int num_cas, - gnutls_x509_crt cert) + gnutls_x509_crt_t cert) { unsigned int n; @@ -705,11 +702,11 @@ static gnutls_x509_crt find_issuer(gnutl #endif /* Return the certificate chain sent by the peer, or NULL on error. */ -static ne_ssl_certificate *make_peers_chain(gnutls_session sock, - gnutls_certificate_credentials crd) +static ne_ssl_certificate *make_peers_chain(gnutls_session_t sock, + gnutls_certificate_credentials_t crd) { ne_ssl_certificate *current = NULL, *top = NULL; - const gnutls_datum *certs; + const gnutls_datum_t *certs; unsigned int n, count; ne_ssl_certificate *cert; @@ -721,7 +718,7 @@ static ne_ssl_certificate *make_peers_ch NE_DEBUG(NE_DBG_SSL, "ssl: Got %u certs in peer chain.\n", count); for (n = 0; n < count; n++) { - gnutls_x509_crt x5; + gnutls_x509_crt_t x5; if (gnutls_x509_crt_init(&x5) || gnutls_x509_crt_import(x5, &certs[n], GNUTLS_X509_FMT_DER)) { @@ -746,8 +743,8 @@ static ne_ssl_certificate *make_peers_ch * in the Certificate list during the handshake. Fill in the * complete chain manually against the certs we trust: */ if (current->issuer == NULL) { - gnutls_x509_crt issuer; - gnutls_x509_crt *ca_list; + gnutls_x509_crt_t issuer; + gnutls_x509_crt_t *ca_list; unsigned int num_cas; gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas); @@ -849,7 +846,7 @@ static int check_chain_expiry(ne_ssl_cer } /* Verifies an SSL server certificate. */ -static int check_certificate(ne_session *sess, gnutls_session sock, +static int check_certificate(ne_session *sess, gnutls_session_t sock, ne_ssl_certificate *chain) { int ret, failures; @@ -911,7 +908,7 @@ int ne__negotiate_ssl(ne_session *sess) { ne_ssl_context *const ctx = sess->ssl_context; ne_ssl_certificate *chain; - gnutls_session sock; + gnutls_session_t sock; NE_DEBUG(NE_DBG_SSL, "Negotiating SSL connection.\n"); @@ -980,7 +977,7 @@ const char *ne_ssl_cert_identity(const n void ne_ssl_context_trustcert(ne_ssl_context *ctx, const ne_ssl_certificate *cert) { - gnutls_x509_crt certs = cert->subject; + gnutls_x509_crt_t certs = cert->subject; gnutls_certificate_set_x509_trust(ctx->cred, &certs, 1); } @@ -994,7 +991,7 @@ void ne_ssl_trust_default_ca(ne_session } /* Read the contents of file FILENAME into *DATUM. */ -static int read_to_datum(const char *filename, gnutls_datum *datum) +static int read_to_datum(const char *filename, gnutls_datum_t *datum) { FILE *f = fopen(filename, "r"); ne_buffer *buf; @@ -1026,11 +1023,11 @@ static int read_to_datum(const char *fil /* Parses a PKCS#12 structure and loads the certificate, private key * and friendly name if possible. Returns zero on success, non-zero * on error. */ -static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, - gnutls_x509_crt *x5, char **friendly_name, +static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey_t *pkey, + gnutls_x509_crt_t *x5, char **friendly_name, const char *password) { - gnutls_pkcs12_bag bag = NULL; + gnutls_pkcs12_bag_t bag = NULL; int i, j, ret = 0; for (i = 0; ret == 0; ++i) { @@ -1045,8 +1042,8 @@ static int pkcs12_parse(gnutls_pkcs12 p1 gnutls_pkcs12_bag_decrypt(bag, password); for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) { - gnutls_pkcs12_bag_type type; - gnutls_datum data; + gnutls_pkcs12_bag_type_t type; + gnutls_datum_t data; if (friendly_name && *friendly_name == NULL) { char *name = NULL; @@ -1113,12 +1110,12 @@ static int pkcs12_parse(gnutls_pkcs12 p1 ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) { int ret; - gnutls_datum data; - gnutls_pkcs12 p12; + gnutls_datum_t data; + gnutls_pkcs12_t p12; ne_ssl_client_cert *cc; char *friendly_name = NULL; - gnutls_x509_crt cert = NULL; - gnutls_x509_privkey pkey = NULL; + gnutls_x509_crt_t cert = NULL; + gnutls_x509_privkey_t pkey = NULL; if (read_to_datum(filename, &data)) return NULL; @@ -1162,8 +1159,8 @@ ne_ssl_client_cert *ne__ssl_clicert_exke size_t der_len) { ne_ssl_client_cert *cc; - gnutls_x509_crt x5; - gnutls_datum datum; + gnutls_x509_crt_t x5; + gnutls_datum_t datum; datum.data = (unsigned char *)der; datum.size = der_len; @@ -1190,8 +1187,8 @@ int ne_ssl_clicert_encrypted(const ne_ss int ne_ssl_clicert_decrypt(ne_ssl_client_cert *cc, const char *password) { int ret; - gnutls_x509_crt cert = NULL; - gnutls_x509_privkey pkey = NULL; + gnutls_x509_crt_t cert = NULL; + gnutls_x509_privkey_t pkey = NULL; if (gnutls_pkcs12_verify_mac(cc->p12, password) != 0) { return -1; @@ -1228,8 +1225,8 @@ const char *ne_ssl_clicert_name(const ne ne_ssl_certificate *ne_ssl_cert_read(const char *filename) { int ret; - gnutls_datum data; - gnutls_x509_crt x5; + gnutls_datum_t data; + gnutls_x509_crt_t x5; if (read_to_datum(filename, &data)) return NULL; @@ -1300,8 +1297,8 @@ ne_ssl_certificate *ne_ssl_cert_import(c int ret; size_t len; unsigned char *der; - gnutls_datum buffer = { NULL, 0 }; - gnutls_x509_crt x5; + gnutls_datum_t buffer = { NULL, 0 }; + gnutls_x509_crt_t x5; if (gnutls_x509_crt_init(&x5) != 0) return NULL; @@ -1369,10 +1366,6 @@ int ne_ssl_cert_digest(const ne_ssl_cert int ne__ssl_init(void) { -#ifdef NE_HAVE_TS_SSL - gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); -#endif - gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); return gnutls_global_init(); }

$NetBSD: patch-lib_neon_ne__privssl.h,v 1.1 2020/04/25 13:47:31 nia Exp $ Fix build with newer gnutls. --- lib/neon/ne_privssl.h.orig 2009-09-02 14:04:43.000000000 +0000 +++ lib/neon/ne_privssl.h @@ -59,7 +59,7 @@ ne__ssl_clicert_exkey_import(const unsig #include <gnutls/gnutls.h> struct ne_ssl_context_s { - gnutls_certificate_credentials cred; + gnutls_certificate_credentials_t cred; int verify; /* non-zero if client cert verification required */ const char *hostname; /* for SNI */ @@ -67,10 +67,10 @@ struct ne_ssl_context_s { /* Session cache. */ union ne_ssl_scache { struct { - gnutls_datum key, data; + gnutls_datum_t key, data; } server; #if defined(HAVE_GNUTLS_SESSION_GET_DATA2) - gnutls_datum client; + gnutls_datum_t client; #else struct { char *data; @@ -85,7 +85,7 @@ struct ne_ssl_context_s { #endif }; -typedef gnutls_session ne_ssl_socket; +typedef gnutls_session_t ne_ssl_socket; NE_PRIVATE ne_ssl_client_cert * ne__ssl_clicert_exkey_import(const unsigned char *der, size_t der_len);

$NetBSD: patch-lib_neon_ne__socket.c,v 1.1 2020/04/25 13:47:31 nia Exp $ Fix build with newer gnutls. --- lib/neon/ne_socket.c.orig 2009-12-02 21:27:34.000000000 +0000 +++ lib/neon/ne_socket.c @@ -1608,14 +1608,14 @@ void ne_sock_connect_timeout(ne_socket * * session. */ /* Copy datum 'src' to 'dest'. */ -static void copy_datum(gnutls_datum *dest, gnutls_datum *src) +static void copy_datum(gnutls_datum_t *dest, gnutls_datum_t *src) { dest->size = src->size; dest->data = memcpy(gnutls_malloc(src->size), src->data, src->size); } /* Callback to store a session 'data' with id 'key'. */ -static int store_sess(void *userdata, gnutls_datum key, gnutls_datum data) +static int store_sess(void *userdata, gnutls_datum_t key, gnutls_datum_t data) { ne_ssl_context *ctx = userdata; @@ -1631,17 +1631,17 @@ static int store_sess(void *userdata, gn } /* Returns non-zero if d1 and d2 are the same datum. */ -static int match_datum(gnutls_datum *d1, gnutls_datum *d2) +static int match_datum(gnutls_datum_t *d1, gnutls_datum_t *d2) { return d1->size == d2->size && memcmp(d1->data, d2->data, d1->size) == 0; } /* Callback to retrieve a session of id 'key'. */ -static gnutls_datum retrieve_sess(void *userdata, gnutls_datum key) +static gnutls_datum_t retrieve_sess(void *userdata, gnutls_datum_t key) { ne_ssl_context *ctx = userdata; - gnutls_datum ret = { NULL, 0 }; + gnutls_datum_t ret = { NULL, 0 }; if (match_datum(&ctx->cache.server.key, &key)) { copy_datum(&ret, &ctx->cache.server.data); @@ -1652,7 +1652,7 @@ static gnutls_datum retrieve_sess(void * /* Callback to remove a session of id 'key'; stub needed but * implementation seems unnecessary. */ -static int remove_sess(void *userdata, gnutls_datum key) +static int remove_sess(void *userdata, gnutls_datum_t key) { return -1; } @@ -1678,6 +1678,8 @@ int ne_sock_accept_ssl(ne_socket *sock, NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n"); } #elif defined(HAVE_GNUTLS) + unsigned int verify_status; + gnutls_init(&ssl, GNUTLS_SERVER); gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); gnutls_set_default_priority(ssl); @@ -1689,15 +1691,15 @@ int ne_sock_accept_ssl(ne_socket *sock, gnutls_db_set_ptr(ssl, ctx); if (ctx->verify) - gnutls_certificate_server_set_request(ssl, GNUTLS_CERT_REQUEST); + gnutls_certificate_server_set_request(ssl, GNUTLS_CERT_REQUIRE); sock->ssl = ssl; - gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr)(long)sock->fd); + gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr_t)(long)sock->fd); ret = gnutls_handshake(ssl); if (ret < 0) { return error_gnutls(sock, ret); } - if (ctx->verify && gnutls_certificate_verify_peers(ssl)) { + if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) { set_error(sock, _("Client certificate verification failed")); return NE_SOCK_ERROR; } @@ -1774,7 +1776,7 @@ int ne_sock_connect_ssl(ne_socket *sock, strlen(ctx->hostname)); } - gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr)(long)sock->fd); + gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr_t)(long)sock->fd); if (ctx->cache.client.data) { #if defined(HAVE_GNUTLS_SESSION_GET_DATA2)