From 2ed62c75d1230bbe8268a1a3c54de2972d50dcf8 Mon Sep 17 00:00:00 2001 From: Mikhail Teterin Date: Sun, 19 Nov 2023 22:38:38 -0500 Subject: [PATCH] devel/tcltls: adapt to OpenSSL-3.0, upgrade, fix tests. PR: 275160 --- devel/tcltls/Makefile | 11 +++++- devel/tcltls/distinfo | 6 +-- devel/tcltls/files/dh_params.h | 28 ++++++++++++++ devel/tcltls/files/patch-gen_dh_params | 27 ------------- .../files/patch-ssl_ignore_unexpected_eof | 14 +++++++ devel/tcltls/files/patch-tests | 38 +++++++++++++++++++ devel/tcltls/files/patch-warnings | 30 +++++++++++++++ 7 files changed, 123 insertions(+), 31 deletions(-) create mode 100644 devel/tcltls/files/dh_params.h delete mode 100644 devel/tcltls/files/patch-gen_dh_params create mode 100644 devel/tcltls/files/patch-ssl_ignore_unexpected_eof create mode 100644 devel/tcltls/files/patch-tests create mode 100644 devel/tcltls/files/patch-warnings diff --git a/devel/tcltls/Makefile b/devel/tcltls/Makefile index 0480c07721786..d370430fad53b 100644 --- a/devel/tcltls/Makefile +++ b/devel/tcltls/Makefile @@ -1,5 +1,5 @@ PORTNAME= tcltls -PORTVERSION= 1.7.18 +PORTVERSION= 1.7.22 CATEGORIES= devel security tcl MASTER_SITES= http://core.tcl.tk/tcltls/uv/ \ http://tcltls.rkeene.org/uv/ @@ -38,6 +38,15 @@ CFLAGS+= -Wno-error=int-conversion post-patch: ${MV} ${WRKSRC}/tests/ciphers.test ${WRKSRC}/tests/ciphers.test.broken + ${CP} ${FILESDIR}/dh_params.h ${WRKSRC}/ + +# Newer openssl-dhparam has no "-C" option, we emulate it here :-/ +post-configure: + ${OPENSSLBASE}/bin/openssl dhparam -text 2048 | \ + ${SED} -E -e '/^---/,/^---/d' \ + -e '/(DH|prime|generator)/d' \ + -e 's/([0-9a-h]{2})(:|$$)/0x\1, /g' \ + -e w${WRKSRC}/generateddh.txt post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR} diff --git a/devel/tcltls/distinfo b/devel/tcltls/distinfo index d0704b78bc7d1..4602cf7c89696 100644 --- a/devel/tcltls/distinfo +++ b/devel/tcltls/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1556815670 -SHA256 (tcltls-1.7.18.tar.gz) = 6b21e7a4343bf8ae87358f933e98c61ea9c22162b916f35c9433e053a8f19b49 -SIZE (tcltls-1.7.18.tar.gz) = 163473 +TIMESTAMP = 1700353727 +SHA256 (tcltls-1.7.22.tar.gz) = e84e2b7a275ec82c4aaa9d1b1f9786dbe4358c815e917539ffe7f667ff4bc3b4 +SIZE (tcltls-1.7.22.tar.gz) = 165206 diff --git a/devel/tcltls/files/dh_params.h b/devel/tcltls/files/dh_params.h new file mode 100644 index 0000000000000..21512fb11235f --- /dev/null +++ b/devel/tcltls/files/dh_params.h @@ -0,0 +1,28 @@ +/* + * OpenSSL no longer offers the "-C" option for its dhparam + * subcommand, so we keep our own C-code here... + */ + +static DH * get_dhParams(void) { + static unsigned char dhp_2048[] = { +#include "generateddh.txt" + }; + static unsigned char dhg_2048[] = { + 0x02 + }; + DH *dh = DH_new(); + BIGNUM *p, *g; + + if (dh == NULL) + return NULL; + p = BN_bin2bn(dhp_2048, sizeof(dhp_2048), NULL); + g = BN_bin2bn(dhg_2048, sizeof(dhg_2048), NULL); + if (p == NULL || g == NULL + || !DH_set0_pqg(dh, p, NULL, g)) { + DH_free(dh); + BN_free(p); + BN_free(g); + return NULL; + } + return dh; +} diff --git a/devel/tcltls/files/patch-gen_dh_params b/devel/tcltls/files/patch-gen_dh_params deleted file mode 100644 index 4179d9dd58840..0000000000000 --- a/devel/tcltls/files/patch-gen_dh_params +++ /dev/null @@ -1,27 +0,0 @@ ---- gen_dh_params 2017-05-01 10:45:59.000000000 -0400 -+++ gen_dh_params 2017-05-16 18:19:20.703957000 -0400 -@@ -12,11 +12,8 @@ - - openssl_dhparam() { -- if [ -x "`which openssl 2>/dev/null`" ]; then -- o_output="`openssl dhparam -C "$@" 2>/dev/null`" || return 1 -- o_output="`echo "${o_output}" | sed 's/get_dh[0-9][0-9]*/get_dhParams/'`" || return 1 -- o_output="`echo "${o_output}" | sed '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d'`" || return 1 -- -- echo "${o_output}" -- -+ if openssl dhparam -C "$@" | sed \ -+ -e 's/^\(static \)*DH \*get_dh[0-9]*/static DH *get_dhParams/' \ -+ -e '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d' -+ then - return 0 - fi -@@ -273,6 +270,6 @@ - echo "*****************************" >&2 - gen_dh_params_openssl && exit 0 --gen_dh_params_remote && exit 0 --gen_dh_params_fallback && exit 0 -+# gen_dh_params_remote && exit 0 -+# gen_dh_params_fallback && exit 0 - - echo "Unable to generate parameters for DH of ${bits} bits" >&2 diff --git a/devel/tcltls/files/patch-ssl_ignore_unexpected_eof b/devel/tcltls/files/patch-ssl_ignore_unexpected_eof new file mode 100644 index 0000000000000..6f588ed2e00d2 --- /dev/null +++ b/devel/tcltls/files/patch-ssl_ignore_unexpected_eof @@ -0,0 +1,14 @@ +See bug-report: + + https://core.tcl-lang.org/tcltls/tktview/88c0c84969 + +--- tls.c 2020-10-12 16:39:22.000000000 -0400 ++++ tls.c 2023-11-19 21:44:39.676318000 -0500 +@@ -1215,4 +1214,7 @@ + SSL_CTX_set_options( ctx, SSL_OP_ALL); /* all SSL bug workarounds */ + SSL_CTX_set_options( ctx, off); /* all SSL bug workarounds */ ++#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF ++ SSL_CTX_set_options( ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); ++#endif + SSL_CTX_sess_set_cache_size( ctx, 128); + diff --git a/devel/tcltls/files/patch-tests b/devel/tcltls/files/patch-tests new file mode 100644 index 0000000000000..f5870aa094864 --- /dev/null +++ b/devel/tcltls/files/patch-tests @@ -0,0 +1,38 @@ +See bug-reports: + + https://core.tcl-lang.org/tcltls/tktview/bb7085cfdc + https://core.tcl-lang.org/tcltls/tktview/c6b35cf0e3 + https://core.tcl-lang.org/tcltls/tktview/64cdb76212 + +--- tests/tlsIO.test 2020-10-12 16:39:22.000000000 -0400 ++++ tests/tlsIO.test 2023-11-19 21:03:22.658062000 -0500 +@@ -1106,4 +1106,5 @@ + # need update to complete TLS handshake in-process + update ++ fconfigure $s1 -blocking 1 + set z [gets $s1] + close $s +@@ -2027,5 +2028,5 @@ + } {{} 0 {} 0 {}} + +-test tls-bug58-1.0 {test protocol negotiation failure} {socket} { ++test tls-bug58-1.0 {test protocol negotiation failure} -constraints {socket} -body { + # Following code is based on what was reported in bug #58. Prior + # to fix the program would crash with a segfault. +@@ -2062,5 +2063,5 @@ + } + set ::done +-} {handshake failed: wrong version number} ++} -result {handshake failed: *} -match glob + + # cleanup +--- tests/all.tcl 2020-10-12 16:39:22.000000000 -0400 ++++ tests/all.tcl 2023-11-19 21:19:34.128221000 -0500 +@@ -55,5 +55,5 @@ + # cleanup + puts stdout "\nTests ended at [eval $timeCmd]" ++set failCount [llength $::tcltest::failFiles] + ::tcltest::cleanupTests 1 +-return +- ++exit [expr $failCount > 0] diff --git a/devel/tcltls/files/patch-warnings b/devel/tcltls/files/patch-warnings new file mode 100644 index 0000000000000..783d462e014b2 --- /dev/null +++ b/devel/tcltls/files/patch-warnings @@ -0,0 +1,30 @@ +See bug-report: + + https://core.tcl-lang.org/tcltls/tktview/539d25f105 + +--- tls.c 2020-10-12 16:39:22.000000000 -0400 ++++ tls.c 2023-11-19 21:30:03.357601000 -0500 +@@ -62,5 +62,5 @@ + Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]); + +-static SSL_CTX *CTX_Init(State *statePtr, int isServer, int proto, char *key, ++static SSL_CTX *CTX_Init(State *statePtr, int proto, char *key, + char *certfile, unsigned char *key_asn1, unsigned char *cert_asn1, + int key_asn1_len, int cert_asn1_len, char *CAdir, char *CAfile, +@@ -897,5 +897,5 @@ + ctx = ((State *)Tcl_GetChannelInstanceData(chan))->ctx; + } else { +- if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, ++ if ((ctx = CTX_Init(statePtr, proto, keyfile, certfile, key, + cert, key_len, cert_len, CAdir, CAfile, ciphers, + DHparams)) == (SSL_CTX*)0) { +@@ -1067,8 +1067,7 @@ + + static SSL_CTX * +-CTX_Init(statePtr, isServer, proto, keyfile, certfile, key, cert, ++CTX_Init(statePtr, proto, keyfile, certfile, key, cert, + key_len, cert_len, CAdir, CAfile, ciphers, DHparams) + State *statePtr; +- int isServer; + int proto; + char *keyfile;