Sat Jan 13 12:49:10 2024 UTC (131d)
Pullup ticket #6832 - requested by riastradh
net/libfetch: enable HTTPS cert validation on NetBSD 10
pkgtools/pkg_install, pkgtools/pkgin: revbump

(via patch)

   net/libfetch: Enable HTTPS certificate validation, but limit it to
   NetBSD>=10 for now.

   The switch has been flipped on for all platforms in pkgsrc-current
   with net/libfetch 2.40.  To avoid trouble with future updates to
   pkgsrc-2024Q1, the attached patch -- which is limited at
   compile-time to NetBSD>=10 -- bumps the version to 2.39nb3 instead,
   so that the version in pkgsrc-2024Q1 will appear newer.

   See
   https://mail-index.netbsd.org/pkgsrc-users/2023/12/31/msg038682.html
   https://mail-index.netbsd.org/tech-pkg/2023/12/09/msg028590.html
   for discussion.  (A future pullup might rip off the NetBSD>=10
   bandaid, but I'd like to get this part in ASAP.)


(bsiegert)
diff -r1.64 -r1.64.2.1 pkgsrc/net/libfetch/Makefile
diff -r1.31 -r1.31.58.1 pkgsrc/net/libfetch/files/common.c
diff -r1.17 -r1.17.62.1 pkgsrc/net/libfetch/files/fetch.3
diff -r1.237 -r1.237.2.1 pkgsrc/pkgtools/pkg_install/Makefile
diff -r1.128 -r1.128.2.1 pkgsrc/pkgtools/pkgin/Makefile
cvs diff -r1.64 -r1.64.2.1 pkgsrc/net/libfetch/Makefile (expand / switch to unified diff)

--- pkgsrc/net/libfetch/Makefile 2023/10/24 22:10:22 1.64
+++ pkgsrc/net/libfetch/Makefile 2024/01/13 12:49:09 1.64.2.1
@@ -1,17 +1,17 @@ @@ -1,17 +1,17 @@
1# $NetBSD: Makefile,v 1.64 2023/10/24 22:10:22 wiz Exp $ 1# $NetBSD: Makefile,v 1.64.2.1 2024/01/13 12:49:09 bsiegert Exp $
2 2
3DISTNAME= libfetch-2.39 3DISTNAME= libfetch-2.39
4PKGREVISION= 2 4PKGREVISION= 3
5CATEGORIES= net 5CATEGORIES= net
6MASTER_SITES= # empty 6MASTER_SITES= # empty
7DISTFILES= # empty 7DISTFILES= # empty
8 8
9MAINTAINER= pkgsrc-users@NetBSD.org 9MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= https://www.FreeBSD.org/ 10HOMEPAGE= https://www.FreeBSD.org/
11COMMENT= Library to access HTTP/FTP server 11COMMENT= Library to access HTTP/FTP server
12LICENSE= modified-bsd 12LICENSE= modified-bsd
13 13
14USE_FEATURES= nbcompat 14USE_FEATURES= nbcompat
15 15
16USE_BSD_MAKEFILE= yes 16USE_BSD_MAKEFILE= yes
17 17
cvs diff -r1.31 -r1.31.58.1 pkgsrc/net/libfetch/files/common.c (expand / switch to unified diff)

--- pkgsrc/net/libfetch/files/common.c 2016/10/20 21:25:57 1.31
+++ pkgsrc/net/libfetch/files/common.c 2024/01/13 12:49:09 1.31.58.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: common.c,v 1.31 2016/10/20 21:25:57 joerg Exp $ */ 1/* $NetBSD: common.c,v 1.31.58.1 2024/01/13 12:49:09 bsiegert Exp $ */
2/*- 2/*-
3 * Copyright (c) 1998-2004 Dag-Erling Coïdan Smørgrav 3 * Copyright (c) 1998-2004 Dag-Erling Coïdan Smørgrav
4 * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org> 4 * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 8 * modification, are permitted provided that the following conditions
9 * are met: 9 * are met:
10 * 1. Redistributions of source code must retain the above copyright 10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer 11 * notice, this list of conditions and the following disclaimer
12 * in this position and unchanged. 12 * in this position and unchanged.
13 * 2. Redistributions in binary form must reproduce the above copyright 13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the 14 * notice, this list of conditions and the following disclaimer in the
@@ -27,26 +27,30 @@ @@ -27,26 +27,30 @@
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 * 29 *
30 * $FreeBSD: common.c,v 1.53 2007/12/19 00:26:36 des Exp $ 30 * $FreeBSD: common.c,v 1.53 2007/12/19 00:26:36 des Exp $
31 */ 31 */
32 32
33#if HAVE_CONFIG_H 33#if HAVE_CONFIG_H
34#include "config.h" 34#include "config.h"
35#endif 35#endif
36#ifndef NETBSD 36#ifndef NETBSD
37#include <nbcompat.h> 37#include <nbcompat.h>
38#endif 38#endif
39 39
 40#ifdef __NetBSD__
 41#include <sys/param.h> /* __NetBSD_Version__ */
 42#endif
 43
40#include <sys/types.h> 44#include <sys/types.h>
41#include <sys/socket.h> 45#include <sys/socket.h>
42#include <sys/time.h> 46#include <sys/time.h>
43#include <sys/uio.h> 47#include <sys/uio.h>
44#if HAVE_POLL_H 48#if HAVE_POLL_H
45#include <poll.h> 49#include <poll.h>
46#elif HAVE_SYS_POLL_H 50#elif HAVE_SYS_POLL_H
47#include <sys/poll.h> 51#include <sys/poll.h>
48#endif 52#endif
49#include <netinet/in.h> 53#include <netinet/in.h>
50#include <arpa/inet.h> 54#include <arpa/inet.h>
51 55
52#include <ctype.h> 56#include <ctype.h>
@@ -441,26 +445,32 @@ fetch_ssl(conn_t *conn, const struct url @@ -441,26 +445,32 @@ fetch_ssl(conn_t *conn, const struct url
441 445
442#ifdef WITH_SSL 446#ifdef WITH_SSL
443 /* Init the SSL library and context */ 447 /* Init the SSL library and context */
444 if (!SSL_library_init()){ 448 if (!SSL_library_init()){
445 fprintf(stderr, "SSL library init failed\n"); 449 fprintf(stderr, "SSL library init failed\n");
446 return (-1); 450 return (-1);
447 } 451 }
448 452
449 SSL_load_error_strings(); 453 SSL_load_error_strings();
450 454
451 conn->ssl_meth = SSLv23_client_method(); 455 conn->ssl_meth = SSLv23_client_method();
452 conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth); 456 conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth);
453 SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY); 457 SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY);
 458#if defined(__NetBSD__) && __NetBSD_Version__ >= 1000000000
 459 if (getenv("SSL_NO_VERIFY_PEER") == NULL) {
 460 SSL_CTX_set_default_verify_paths(conn->ssl_ctx);
 461 SSL_CTX_set_verify(conn->ssl_ctx, SSL_VERIFY_PEER, NULL);
 462 }
 463#endif
454 464
455 conn->ssl = SSL_new(conn->ssl_ctx); 465 conn->ssl = SSL_new(conn->ssl_ctx);
456 if (conn->ssl == NULL){ 466 if (conn->ssl == NULL){
457 fprintf(stderr, "SSL context creation failed\n"); 467 fprintf(stderr, "SSL context creation failed\n");
458 return (-1); 468 return (-1);
459 } 469 }
460 conn->buf_events = 0; 470 conn->buf_events = 0;
461 SSL_set_fd(conn->ssl, conn->sd); 471 SSL_set_fd(conn->ssl, conn->sd);
462#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) 472#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
463 if (!SSL_set_tlsext_host_name(conn->ssl, (char *)(uintptr_t)URL->host)) { 473 if (!SSL_set_tlsext_host_name(conn->ssl, (char *)(uintptr_t)URL->host)) {
464 fprintf(stderr, 474 fprintf(stderr,
465 "TLS server name indication extension failed for host %s\n", 475 "TLS server name indication extension failed for host %s\n",
466 URL->host); 476 URL->host);
cvs diff -r1.17 -r1.17.62.1 pkgsrc/net/libfetch/files/fetch.3 (expand / switch to unified diff)

--- pkgsrc/net/libfetch/files/fetch.3 2016/05/31 18:02:36 1.17
+++ pkgsrc/net/libfetch/files/fetch.3 2024/01/13 12:49:09 1.17.62.1
@@ -15,29 +15,29 @@ @@ -15,29 +15,29 @@
15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25.\" SUCH DAMAGE. 25.\" SUCH DAMAGE.
26.\" 26.\"
27.\" $FreeBSD: fetch.3,v 1.64 2007/12/18 11:03:26 des Exp $ 27.\" $FreeBSD: fetch.3,v 1.64 2007/12/18 11:03:26 des Exp $
28.\" $NetBSD: fetch.3,v 1.17 2016/05/31 18:02:36 abhinav Exp $ 28.\" $NetBSD: fetch.3,v 1.17.62.1 2024/01/13 12:49:09 bsiegert Exp $
29.\" 29.\"
30.Dd January 22, 2010 30.Dd December 22, 2023
31.Dt FETCH 3 31.Dt FETCH 3
32.Os 32.Os
33.Sh NAME 33.Sh NAME
34.Nm fetchMakeURL , 34.Nm fetchMakeURL ,
35.Nm fetchParseURL , 35.Nm fetchParseURL ,
36.Nm fetchCopyURL , 36.Nm fetchCopyURL ,
37.Nm fetchFreeURL , 37.Nm fetchFreeURL ,
38.Nm fetchXGetURL , 38.Nm fetchXGetURL ,
39.Nm fetchGetURL , 39.Nm fetchGetURL ,
40.Nm fetchPutURL , 40.Nm fetchPutURL ,
41.Nm fetchStatURL , 41.Nm fetchStatURL ,
42.Nm fetchListURL , 42.Nm fetchListURL ,
43.Nm fetchXGet , 43.Nm fetchXGet ,
@@ -628,26 +628,30 @@ Specifies a file to use instead of @@ -628,26 +628,30 @@ Specifies a file to use instead of
628to look up login names and passwords for FTP sites. 628to look up login names and passwords for FTP sites.
629See 629See
630.Xr ftp 1 630.Xr ftp 1
631for a description of the file format. 631for a description of the file format.
632This feature is experimental. 632This feature is experimental.
633.It Ev NO_PROXY 633.It Ev NO_PROXY
634Either a single asterisk, which disables the use of proxies 634Either a single asterisk, which disables the use of proxies
635altogether, or a comma- or whitespace-separated list of hosts for 635altogether, or a comma- or whitespace-separated list of hosts for
636which proxies should not be used. 636which proxies should not be used.
637.It Ev no_proxy 637.It Ev no_proxy
638Same as 638Same as
639.Ev NO_PROXY , 639.Ev NO_PROXY ,
640for compatibility. 640for compatibility.
 641.It Ev SSL_NO_VERIFY_PEER
 642If defined,
 643.Nm
 644will skip validating certificates when fetching HTTPS URLs.
641.El 645.El
642.Sh EXAMPLES 646.Sh EXAMPLES
643To access a proxy server on 647To access a proxy server on
644.Pa proxy.example.com 648.Pa proxy.example.com
645port 8080, set the 649port 8080, set the
646.Ev HTTP_PROXY 650.Ev HTTP_PROXY
647environment variable in a manner similar to this: 651environment variable in a manner similar to this:
648.Pp 652.Pp
649.Dl HTTP_PROXY=http://proxy.example.com:8080 653.Dl HTTP_PROXY=http://proxy.example.com:8080
650.Pp 654.Pp
651If the proxy server requires authentication, there are 655If the proxy server requires authentication, there are
652two options available for passing the authentication data. 656two options available for passing the authentication data.
653The first method is by using the proxy URL: 657The first method is by using the proxy URL:
cvs diff -r1.237 -r1.237.2.1 pkgsrc/pkgtools/pkg_install/Makefile (expand / switch to unified diff)

--- pkgsrc/pkgtools/pkg_install/Makefile 2023/10/24 22:10:40 1.237
+++ pkgsrc/pkgtools/pkg_install/Makefile 2024/01/13 12:49:09 1.237.2.1
@@ -1,23 +1,23 @@ @@ -1,23 +1,23 @@
1# $NetBSD: Makefile,v 1.237 2023/10/24 22:10:40 wiz Exp $ 1# $NetBSD: Makefile,v 1.237.2.1 2024/01/13 12:49:09 bsiegert Exp $
2 2
3# Notes to package maintainers: 3# Notes to package maintainers:
4# 4#
5# Updating this package does not automatically necessitate bumping 5# Updating this package does not automatically necessitate bumping
6# PKGTOOLS_REQD in bsd.pkg.mk. Do so if and only if there is a critical 6# PKGTOOLS_REQD in bsd.pkg.mk. Do so if and only if there is a critical
7# change in the pkg_* tools that pkgsrc relies on for proper operation. 7# change in the pkg_* tools that pkgsrc relies on for proper operation.
8 8
9PKGNAME= pkg_install-${VERSION} 9PKGNAME= pkg_install-${VERSION}
10PKGREVISION= 1 10PKGREVISION= 2
11CATEGORIES= pkgtools 11CATEGORIES= pkgtools
12 12
13MAINTAINER= agc@NetBSD.org 13MAINTAINER= agc@NetBSD.org
14HOMEPAGE= https://www.pkgsrc.org/ 14HOMEPAGE= https://www.pkgsrc.org/
15COMMENT= Package management and administration tools for pkgsrc 15COMMENT= Package management and administration tools for pkgsrc
16LICENSE= modified-bsd 16LICENSE= modified-bsd
17 17
18BOOTSTRAP_PKG= yes 18BOOTSTRAP_PKG= yes
19SKIP_LICENSE_CHECK= yes 19SKIP_LICENSE_CHECK= yes
20 20
21CONFLICTS+= audit-packages-[0-9]* 21CONFLICTS+= audit-packages-[0-9]*
22 22
23GNU_CONFIGURE= yes 23GNU_CONFIGURE= yes
cvs diff -r1.128 -r1.128.2.1 pkgsrc/pkgtools/pkgin/Makefile (expand / switch to unified diff)

--- pkgsrc/pkgtools/pkgin/Makefile 2023/11/08 13:20:39 1.128
+++ pkgsrc/pkgtools/pkgin/Makefile 2024/01/13 12:49:09 1.128.2.1
@@ -1,17 +1,17 @@ @@ -1,17 +1,17 @@
1# $NetBSD: Makefile,v 1.128 2023/11/08 13:20:39 wiz Exp $ 1# $NetBSD: Makefile,v 1.128.2.1 2024/01/13 12:49:09 bsiegert Exp $
2 2
3DISTNAME= pkgin-23.8.1 3DISTNAME= pkgin-23.8.1
4PKGREVISION= 2 4PKGREVISION= 3
5CATEGORIES= pkgtools 5CATEGORIES= pkgtools
6MASTER_SITES= ${MASTER_SITE_GITHUB:=NetBSDfr/} 6MASTER_SITES= ${MASTER_SITE_GITHUB:=NetBSDfr/}
7GITHUB_TAG= v${PKGVERSION_NOREV} 7GITHUB_TAG= v${PKGVERSION_NOREV}
8 8
9MAINTAINER= jperkin@pkgsrc.org 9MAINTAINER= jperkin@pkgsrc.org
10HOMEPAGE= http://pkgin.net/ 10HOMEPAGE= http://pkgin.net/
11COMMENT= Apt / yum like tool for managing pkgsrc binary packages 11COMMENT= Apt / yum like tool for managing pkgsrc binary packages
12LICENSE= modified-bsd 12LICENSE= modified-bsd
13 13
14EGDIR= ${PREFIX}/share/examples/${PKGBASE} 14EGDIR= ${PREFIX}/share/examples/${PKGBASE}
15CONF_FILES= ${EGDIR}/repositories.conf.example \ 15CONF_FILES= ${EGDIR}/repositories.conf.example \
16 ${PKG_SYSCONFDIR}/${PKGBASE}/repositories.conf 16 ${PKG_SYSCONFDIR}/${PKGBASE}/repositories.conf
17 17