Pullup ticket #6832 - requested by riastradh net/libfetch: enable HTTPS cert validation on NetBSD 10 pkgtools/pkg_install, pkgtools/pkgin: revbump (via patch) net/libfetch: Enable HTTPS certificate validation, but limit it to NetBSD>=10 for now. The switch has been flipped on for all platforms in pkgsrc-current with net/libfetch 2.40. To avoid trouble with future updates to pkgsrc-2024Q1, the attached patch -- which is limited at compile-time to NetBSD>=10 -- bumps the version to 2.39nb3 instead, so that the version in pkgsrc-2024Q1 will appear newer. See https://mail-index.netbsd.org/pkgsrc-users/2023/12/31/msg038682.html https://mail-index.netbsd.org/tech-pkg/2023/12/09/msg028590.html for discussion. (A future pullup might rip off the NetBSD>=10 bandaid, but I'd like to get this part in ASAP.)diff -r1.64 -r1.64.2.1 pkgsrc/net/libfetch/Makefile
(bsiegert)
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.64 2023/10/24 22:10:22 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.64.2.1 2024/01/13 12:49:09 bsiegert Exp $ | |
2 | 2 | |||
3 | DISTNAME= libfetch-2.39 | 3 | DISTNAME= libfetch-2.39 | |
4 | PKGREVISION= 2 | 4 | PKGREVISION= 3 | |
5 | CATEGORIES= net | 5 | CATEGORIES= net | |
6 | MASTER_SITES= # empty | 6 | MASTER_SITES= # empty | |
7 | DISTFILES= # empty | 7 | DISTFILES= # empty | |
8 | 8 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= https://www.FreeBSD.org/ | 10 | HOMEPAGE= https://www.FreeBSD.org/ | |
11 | COMMENT= Library to access HTTP/FTP server | 11 | COMMENT= Library to access HTTP/FTP server | |
12 | LICENSE= modified-bsd | 12 | LICENSE= modified-bsd | |
13 | 13 | |||
14 | USE_FEATURES= nbcompat | 14 | USE_FEATURES= nbcompat | |
15 | 15 | |||
16 | USE_BSD_MAKEFILE= yes | 16 | USE_BSD_MAKEFILE= yes | |
17 | 17 |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: common.c,v 1.31 2016/10/20 21:25:57 joerg Exp $ */ | 1 | /* $NetBSD: common.c,v 1.31.58.1 2024/01/13 12:49:09 bsiegert Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 1998-2004 Dag-Erling Coïdan Smørgrav | 3 | * Copyright (c) 1998-2004 Dag-Erling Coïdan Smørgrav | |
4 | * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org> | 4 | * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org> | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer | 11 | * notice, this list of conditions and the following disclaimer | |
12 | * in this position and unchanged. | 12 | * in this position and unchanged. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | 13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in the | 14 | * notice, this list of conditions and the following disclaimer in the | |
@@ -27,26 +27,30 @@ | @@ -27,26 +27,30 @@ | |||
27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
28 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
29 | * | 29 | * | |
30 | * $FreeBSD: common.c,v 1.53 2007/12/19 00:26:36 des Exp $ | 30 | * $FreeBSD: common.c,v 1.53 2007/12/19 00:26:36 des Exp $ | |
31 | */ | 31 | */ | |
32 | 32 | |||
33 | #if HAVE_CONFIG_H | 33 | #if HAVE_CONFIG_H | |
34 | #include "config.h" | 34 | #include "config.h" | |
35 | #endif | 35 | #endif | |
36 | #ifndef NETBSD | 36 | #ifndef NETBSD | |
37 | #include <nbcompat.h> | 37 | #include <nbcompat.h> | |
38 | #endif | 38 | #endif | |
39 | 39 | |||
40 | #ifdef __NetBSD__ | |||
41 | #include <sys/param.h> /* __NetBSD_Version__ */ | |||
42 | #endif | |||
43 | ||||
40 | #include <sys/types.h> | 44 | #include <sys/types.h> | |
41 | #include <sys/socket.h> | 45 | #include <sys/socket.h> | |
42 | #include <sys/time.h> | 46 | #include <sys/time.h> | |
43 | #include <sys/uio.h> | 47 | #include <sys/uio.h> | |
44 | #if HAVE_POLL_H | 48 | #if HAVE_POLL_H | |
45 | #include <poll.h> | 49 | #include <poll.h> | |
46 | #elif HAVE_SYS_POLL_H | 50 | #elif HAVE_SYS_POLL_H | |
47 | #include <sys/poll.h> | 51 | #include <sys/poll.h> | |
48 | #endif | 52 | #endif | |
49 | #include <netinet/in.h> | 53 | #include <netinet/in.h> | |
50 | #include <arpa/inet.h> | 54 | #include <arpa/inet.h> | |
51 | 55 | |||
52 | #include <ctype.h> | 56 | #include <ctype.h> | |
@@ -441,26 +445,32 @@ fetch_ssl(conn_t *conn, const struct url | @@ -441,26 +445,32 @@ fetch_ssl(conn_t *conn, const struct url | |||
441 | 445 | |||
442 | #ifdef WITH_SSL | 446 | #ifdef WITH_SSL | |
443 | /* Init the SSL library and context */ | 447 | /* Init the SSL library and context */ | |
444 | if (!SSL_library_init()){ | 448 | if (!SSL_library_init()){ | |
445 | fprintf(stderr, "SSL library init failed\n"); | 449 | fprintf(stderr, "SSL library init failed\n"); | |
446 | return (-1); | 450 | return (-1); | |
447 | } | 451 | } | |
448 | 452 | |||
449 | SSL_load_error_strings(); | 453 | SSL_load_error_strings(); | |
450 | 454 | |||
451 | conn->ssl_meth = SSLv23_client_method(); | 455 | conn->ssl_meth = SSLv23_client_method(); | |
452 | conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth); | 456 | conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth); | |
453 | SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY); | 457 | SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY); | |
458 | #if defined(__NetBSD__) && __NetBSD_Version__ >= 1000000000 | |||
459 | if (getenv("SSL_NO_VERIFY_PEER") == NULL) { | |||
460 | SSL_CTX_set_default_verify_paths(conn->ssl_ctx); | |||
461 | SSL_CTX_set_verify(conn->ssl_ctx, SSL_VERIFY_PEER, NULL); | |||
462 | } | |||
463 | #endif | |||
454 | 464 | |||
455 | conn->ssl = SSL_new(conn->ssl_ctx); | 465 | conn->ssl = SSL_new(conn->ssl_ctx); | |
456 | if (conn->ssl == NULL){ | 466 | if (conn->ssl == NULL){ | |
457 | fprintf(stderr, "SSL context creation failed\n"); | 467 | fprintf(stderr, "SSL context creation failed\n"); | |
458 | return (-1); | 468 | return (-1); | |
459 | } | 469 | } | |
460 | conn->buf_events = 0; | 470 | conn->buf_events = 0; | |
461 | SSL_set_fd(conn->ssl, conn->sd); | 471 | SSL_set_fd(conn->ssl, conn->sd); | |
462 | #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) | 472 | #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) | |
463 | if (!SSL_set_tlsext_host_name(conn->ssl, (char *)(uintptr_t)URL->host)) { | 473 | if (!SSL_set_tlsext_host_name(conn->ssl, (char *)(uintptr_t)URL->host)) { | |
464 | fprintf(stderr, | 474 | fprintf(stderr, | |
465 | "TLS server name indication extension failed for host %s\n", | 475 | "TLS server name indication extension failed for host %s\n", | |
466 | URL->host); | 476 | URL->host); |
@@ -15,29 +15,29 @@ | @@ -15,29 +15,29 @@ | |||
15 | .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | 15 | .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |
16 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 16 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
17 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 17 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
18 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 18 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
19 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 19 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
20 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 20 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
21 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 21 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
22 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 22 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
23 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 23 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
24 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 24 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
25 | .\" SUCH DAMAGE. | 25 | .\" SUCH DAMAGE. | |
26 | .\" | 26 | .\" | |
27 | .\" $FreeBSD: fetch.3,v 1.64 2007/12/18 11:03:26 des Exp $ | 27 | .\" $FreeBSD: fetch.3,v 1.64 2007/12/18 11:03:26 des Exp $ | |
28 | .\" $NetBSD: fetch.3,v 1.17 2016/05/31 18:02:36 abhinav Exp $ | 28 | .\" $NetBSD: fetch.3,v 1.17.62.1 2024/01/13 12:49:09 bsiegert Exp $ | |
29 | .\" | 29 | .\" | |
30 | .Dd January 22, 2010 | 30 | .Dd December 22, 2023 | |
31 | .Dt FETCH 3 | 31 | .Dt FETCH 3 | |
32 | .Os | 32 | .Os | |
33 | .Sh NAME | 33 | .Sh NAME | |
34 | .Nm fetchMakeURL , | 34 | .Nm fetchMakeURL , | |
35 | .Nm fetchParseURL , | 35 | .Nm fetchParseURL , | |
36 | .Nm fetchCopyURL , | 36 | .Nm fetchCopyURL , | |
37 | .Nm fetchFreeURL , | 37 | .Nm fetchFreeURL , | |
38 | .Nm fetchXGetURL , | 38 | .Nm fetchXGetURL , | |
39 | .Nm fetchGetURL , | 39 | .Nm fetchGetURL , | |
40 | .Nm fetchPutURL , | 40 | .Nm fetchPutURL , | |
41 | .Nm fetchStatURL , | 41 | .Nm fetchStatURL , | |
42 | .Nm fetchListURL , | 42 | .Nm fetchListURL , | |
43 | .Nm fetchXGet , | 43 | .Nm fetchXGet , | |
@@ -628,26 +628,30 @@ Specifies a file to use instead of | @@ -628,26 +628,30 @@ Specifies a file to use instead of | |||
628 | to look up login names and passwords for FTP sites. | 628 | to look up login names and passwords for FTP sites. | |
629 | See | 629 | See | |
630 | .Xr ftp 1 | 630 | .Xr ftp 1 | |
631 | for a description of the file format. | 631 | for a description of the file format. | |
632 | This feature is experimental. | 632 | This feature is experimental. | |
633 | .It Ev NO_PROXY | 633 | .It Ev NO_PROXY | |
634 | Either a single asterisk, which disables the use of proxies | 634 | Either a single asterisk, which disables the use of proxies | |
635 | altogether, or a comma- or whitespace-separated list of hosts for | 635 | altogether, or a comma- or whitespace-separated list of hosts for | |
636 | which proxies should not be used. | 636 | which proxies should not be used. | |
637 | .It Ev no_proxy | 637 | .It Ev no_proxy | |
638 | Same as | 638 | Same as | |
639 | .Ev NO_PROXY , | 639 | .Ev NO_PROXY , | |
640 | for compatibility. | 640 | for compatibility. | |
641 | .It Ev SSL_NO_VERIFY_PEER | |||
642 | If defined, | |||
643 | .Nm | |||
644 | will skip validating certificates when fetching HTTPS URLs. | |||
641 | .El | 645 | .El | |
642 | .Sh EXAMPLES | 646 | .Sh EXAMPLES | |
643 | To access a proxy server on | 647 | To access a proxy server on | |
644 | .Pa proxy.example.com | 648 | .Pa proxy.example.com | |
645 | port 8080, set the | 649 | port 8080, set the | |
646 | .Ev HTTP_PROXY | 650 | .Ev HTTP_PROXY | |
647 | environment variable in a manner similar to this: | 651 | environment variable in a manner similar to this: | |
648 | .Pp | 652 | .Pp | |
649 | .Dl HTTP_PROXY=http://proxy.example.com:8080 | 653 | .Dl HTTP_PROXY=http://proxy.example.com:8080 | |
650 | .Pp | 654 | .Pp | |
651 | If the proxy server requires authentication, there are | 655 | If the proxy server requires authentication, there are | |
652 | two options available for passing the authentication data. | 656 | two options available for passing the authentication data. | |
653 | The first method is by using the proxy URL: | 657 | The first method is by using the proxy URL: |
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | # $NetBSD: Makefile,v 1.237 2023/10/24 22:10:40 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.237.2.1 2024/01/13 12:49:09 bsiegert Exp $ | |
2 | 2 | |||
3 | # Notes to package maintainers: | 3 | # Notes to package maintainers: | |
4 | # | 4 | # | |
5 | # Updating this package does not automatically necessitate bumping | 5 | # Updating this package does not automatically necessitate bumping | |
6 | # PKGTOOLS_REQD in bsd.pkg.mk. Do so if and only if there is a critical | 6 | # PKGTOOLS_REQD in bsd.pkg.mk. Do so if and only if there is a critical | |
7 | # change in the pkg_* tools that pkgsrc relies on for proper operation. | 7 | # change in the pkg_* tools that pkgsrc relies on for proper operation. | |
8 | 8 | |||
9 | PKGNAME= pkg_install-${VERSION} | 9 | PKGNAME= pkg_install-${VERSION} | |
10 | PKGREVISION= 1 | 10 | PKGREVISION= 2 | |
11 | CATEGORIES= pkgtools | 11 | CATEGORIES= pkgtools | |
12 | 12 | |||
13 | MAINTAINER= agc@NetBSD.org | 13 | MAINTAINER= agc@NetBSD.org | |
14 | HOMEPAGE= https://www.pkgsrc.org/ | 14 | HOMEPAGE= https://www.pkgsrc.org/ | |
15 | COMMENT= Package management and administration tools for pkgsrc | 15 | COMMENT= Package management and administration tools for pkgsrc | |
16 | LICENSE= modified-bsd | 16 | LICENSE= modified-bsd | |
17 | 17 | |||
18 | BOOTSTRAP_PKG= yes | 18 | BOOTSTRAP_PKG= yes | |
19 | SKIP_LICENSE_CHECK= yes | 19 | SKIP_LICENSE_CHECK= yes | |
20 | 20 | |||
21 | CONFLICTS+= audit-packages-[0-9]* | 21 | CONFLICTS+= audit-packages-[0-9]* | |
22 | 22 | |||
23 | GNU_CONFIGURE= yes | 23 | GNU_CONFIGURE= yes |
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.128 2023/11/08 13:20:39 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.128.2.1 2024/01/13 12:49:09 bsiegert Exp $ | |
2 | 2 | |||
3 | DISTNAME= pkgin-23.8.1 | 3 | DISTNAME= pkgin-23.8.1 | |
4 | PKGREVISION= 2 | 4 | PKGREVISION= 3 | |
5 | CATEGORIES= pkgtools | 5 | CATEGORIES= pkgtools | |
6 | MASTER_SITES= ${MASTER_SITE_GITHUB:=NetBSDfr/} | 6 | MASTER_SITES= ${MASTER_SITE_GITHUB:=NetBSDfr/} | |
7 | GITHUB_TAG= v${PKGVERSION_NOREV} | 7 | GITHUB_TAG= v${PKGVERSION_NOREV} | |
8 | 8 | |||
9 | MAINTAINER= jperkin@pkgsrc.org | 9 | MAINTAINER= jperkin@pkgsrc.org | |
10 | HOMEPAGE= http://pkgin.net/ | 10 | HOMEPAGE= http://pkgin.net/ | |
11 | COMMENT= Apt / yum like tool for managing pkgsrc binary packages | 11 | COMMENT= Apt / yum like tool for managing pkgsrc binary packages | |
12 | LICENSE= modified-bsd | 12 | LICENSE= modified-bsd | |
13 | 13 | |||
14 | EGDIR= ${PREFIX}/share/examples/${PKGBASE} | 14 | EGDIR= ${PREFIX}/share/examples/${PKGBASE} | |
15 | CONF_FILES= ${EGDIR}/repositories.conf.example \ | 15 | CONF_FILES= ${EGDIR}/repositories.conf.example \ | |
16 | ${PKG_SYSCONFDIR}/${PKGBASE}/repositories.conf | 16 | ${PKG_SYSCONFDIR}/${PKGBASE}/repositories.conf | |
17 | 17 |