kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

comms/kermit: the port had been updated and cleaned up (+)

Browse source 
- Update C-Kermit to version 9.0.305 Alpha.04 which integrates both
  modern and legacy OpenSSL support (thus drop our local patch)
- Do not install essentially empty dot-files as examples; they also
  contain references to full *.ini files which are no longer shipped
  as part of the C-Kermit distribution
- The only useful documentation now is README.TXT, install it in the
  dedicated option helper target
This commit is contained in:
Alexey Dokuchaev 2021-10-16 13:34:52 +00:00
parent 75e374f5f3
commit 994cdbddbc
5 changed files with 10 additions and 409 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
comms/kermit/Makefile
View file

@ -1,16 +1,17 @@
# Created by: Paul Traina <pst@FreeBSD.org>
PORTNAME= kermit
PORTVERSION= 9.0.304.24
PORTVERSION= 9.0.305.04
CATEGORIES= comms ftp net
MASTER_SITES= http://www.kermitproject.org/ftp/kermit/test/tar/ \
ftp://ftp.kermitproject.org/kermit/test/tar/
DISTNAME= cku${PORTVERSION:R:E}-dev${PORTVERSION:E}
DISTNAME= cku${PORTVERSION:R:E}-alpha${PORTVERSION:E}
MAINTAINER= danfe@FreeBSD.org
COMMENT= Portable scriptable network and serial communication program
LICENSE= BSD3CLAUSE
LICENSE_FILE= ${WRKSRC}/COPYING.TXT
USES= ssl
NO_WRKSUBDIR= yes
@ -20,9 +21,8 @@ MAKE_ARGS= CC2="${CC}" SSLINC="-I${OPENSSLINC}" SSLLIB="-L${OPENSSLLIB}"
PLIST_FILES= bin/kermit man/man1/kermit.1.gz
PORTDOCS= *
PORTEXAMPLES= *
OPTIONS_DEFINE= DOCS EXAMPLES
OPTIONS_DEFINE= DOCS
post-patch:
@${REINPLACE_CMD} -e 's,-O2 -pipe,${CFLAGS},' ${WRKSRC}/${MAKEFILE}
@ -31,13 +31,9 @@ do-install:
${INSTALL_PROGRAM} ${WRKSRC}/wermit ${STAGEDIR}${PREFIX}/bin/kermit
${INSTALL_MAN} ${WRKSRC}/ckuker.nr \
${STAGEDIR}${MANPREFIX}/man/man1/kermit.1
do-install-DOCS-on:
@${MKDIR} ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${WRKSRC}/*.txt ${STAGEDIR}${DOCSDIR}
${LN} -sf ckaaaa.txt ${STAGEDIR}${DOCSDIR}/READ.ME
@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
${INSTALL_DATA} ${PATCHDIR}/ckermit.ini \
${STAGEDIR}${EXAMPLESDIR}/dot.kermrc
${INSTALL_DATA} ${PATCHDIR}/ckermod.ini \
${STAGEDIR}${EXAMPLESDIR}/dot.mykermrc
${INSTALL_DATA} ${WRKSRC}/README.TXT ${STAGEDIR}${DOCSDIR}
.include <bsd.port.mk>

6
comms/kermit/distinfo
View file

@ -1,3 +1,3 @@
TIMESTAMP = 1588857229
SHA256 (cku304-dev24.tar.gz) = b7abde063e25013cfd85279c78a39270d331fd231d4724c158fe5399ef6c62a5
SIZE (cku304-dev24.tar.gz) = 2480314
TIMESTAMP = 1631718979
SHA256 (cku305-alpha04.tar.gz) = 72a0b55f30dea3dcbca5d486396ec432c57d23fb618f2010fda746b6acb3c35c
SIZE (cku305-alpha04.tar.gz) = 2551405

8
comms/kermit/files/ckermit.ini
View file

@ -1,8 +0,0 @@
COMMENT - Standard C-Kermit initialization file
;
echo
echo The very long standard initialization file that was distributed
echo with C-Kermit 6, 7, and 8 is no longer recommended as "standard",
echo since its features were little used. It is still available in
echo the C-Kermit distribution as ockermit.ini.
echo

8
comms/kermit/files/ckermod.ini
View file

@ -1,8 +0,0 @@
; File CKERMOD.INI, Sample C-Kermit 7.0 customization file.
;
echo
echo The very long standard initialization file that was distributed
echo with C-Kermit 6, 7, and 8 is no longer recommended as "standard",
echo since its features were little used. It is still available in
echo the C-Kermit distribution as ockermod.ini.
echo

379
comms/kermit/files/patch-ck__ssl.c
View file

@ -1,379 +0,0 @@
--- ck_ssl.c.orig 2017-04-26 15:56:23 UTC
+++ ck_ssl.c
@@ -303,7 +303,7 @@ X509_STORE_CTX *ctx;
break;
default:
printf("Error %d while verifying certificate.\r\n",
- ctx->error);
+ error);
break;
}
}
@@ -935,13 +935,32 @@ static DH *
get_dh512()
{
DH *dh=NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ BIGNUM *p, *g;
+#endif
if ((dh=DH_new()) == NULL)
return(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+ g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+ if (p == NULL || g == NULL) {
+ BN_free(g);
+ BN_free(p);
+ DH_free(dh);
+ return(NULL);
+ } else
+ DH_set0_pqg(dh, p, NULL, g);
+#else
dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+ BN_free(dh->g);
+ BN_free(dh->p);
+ DH_free(dh);
return(NULL);
+ }
+#endif
return(dh);
}
@@ -949,13 +968,32 @@ static DH *
get_dh768()
{
DH *dh=NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ BIGNUM *p, *g;
+#endif
if ((dh=DH_new()) == NULL)
return(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
+ g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
+ if (p == NULL || g == NULL) {
+ BN_free(g);
+ BN_free(p);
+ DH_free(dh);
+ return(NULL);
+ } else
+ DH_set0_pqg(dh, p, NULL, g);
+#else
dh->p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
dh->g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+ BN_free(dh->g);
+ BN_free(dh->p);
+ DH_free(dh);
return(NULL);
+ }
+#endif
return(dh);
}
@@ -963,13 +1001,32 @@ static DH *
get_dh1024()
{
DH *dh=NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ BIGNUM *p, *g;
+#endif
if ((dh=DH_new()) == NULL)
return(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+ g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+ if (p == NULL || g == NULL) {
+ BN_free(g);
+ BN_free(p);
+ DH_free(dh);
+ return(NULL);
+ } else
+ DH_set0_pqg(dh, p, NULL, g);
+#else
dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+ BN_free(dh->g);
+ BN_free(dh->p);
+ DH_free(dh);
return(NULL);
+ }
+#endif
return(dh);
}
@@ -977,13 +1034,32 @@ static DH *
get_dh1536()
{
DH *dh=NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ BIGNUM *p, *g;
+#endif
if ((dh=DH_new()) == NULL)
return(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
+ g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
+ if (p == NULL || g == NULL) {
+ BN_free(g);
+ BN_free(p);
+ DH_free(dh);
+ return(NULL);
+ } else
+ DH_set0_pqg(dh, p, NULL, g);
+#else
dh->p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
dh->g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+ BN_free(dh->g);
+ BN_free(dh->p);
+ DH_free(dh);
return(NULL);
+ }
+#endif
return(dh);
}
@@ -991,13 +1067,32 @@ static DH *
get_dh2048()
{
DH *dh=NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ BIGNUM *p, *g;
+#endif
if ((dh=DH_new()) == NULL)
return(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+ g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+ if (p == NULL || g == NULL) {
+ BN_free(g);
+ BN_free(p);
+ DH_free(dh);
+ return(NULL);
+ } else
+ DH_set0_pqg(dh, p, NULL, g);
+#else
dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+ BN_free(dh->g);
+ BN_free(dh->p);
+ DH_free(dh);
return(NULL);
+ }
+#endif
return(dh);
}
#endif /* NO_DH */
@@ -1057,13 +1152,13 @@ ssl_display_comp(SSL * ssl)
return;
#ifndef OPENSSL_NO_COMP /* ifdefs Bernard Spil 12/2015 */
- if (ssl->expand == NULL || ssl->expand->meth == NULL)
+ if (SSL_get_current_expansion(ssl) == NULL)
#endif /* OPENSSL_NO_COMP */
printf("Compression: None\r\n");
#ifndef OPENSSL_NO_COMP /* ifdefs Bernard Spil 12/2015 */
else {
- printf("Compression: %s\r\n",ssl->expand->meth->name);
+ printf("Compression: %s\r\n", SSL_COMP_get_name(SSL_get_current_expansion(ssl)));
}
#endif /* OPENSSL_NO_COMP */
}
@@ -1489,13 +1584,23 @@ the build.\r\n\r\n");
#ifdef ZLIB
cm = COMP_zlib();
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ if (cm != NULL && COMP_get_type(cm) != NID_undef) {
+#else
if (cm != NULL && cm->type != NID_undef) {
+#endif
SSL_COMP_add_compression_method(0xe0, cm); /* EAY's ZLIB ID */
}
#endif /* ZLIB */
+#ifdef NID_rle_compression
cm = COMP_rle();
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ if (cm != NULL && COMP_get_type(cm) != NID_undef)
+#else
if (cm != NULL && cm->type != NID_undef)
+#endif
SSL_COMP_add_compression_method(0xe1, cm); /* EAY's RLE ID */
+#endif /* NID_rle_compression */
/* Ensure the Random number generator has enough entropy */
if ( !RAND_status() ) {
@@ -2623,7 +2728,11 @@ ssl_anonymous_cipher(ssl) SSL * ssl;
int
ssl_verify_crl(int ok, X509_STORE_CTX *ctx)
{
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ X509_OBJECT *obj;
+#else
X509_OBJECT obj;
+#endif
X509_NAME *subject = NULL;
X509_NAME *issuer = NULL;
X509 *xs = NULL;
@@ -2643,6 +2752,12 @@ ssl_verify_crl(int ok, X509_STORE_CTX *ctx)
if (!crl_store)
return ok;
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ obj = X509_OBJECT_new();
+ if (!obj)
+ return(ok);
+#endif
+
store_ctx = X509_STORE_CTX_new();
if ( !store_ctx )
return(ok);
@@ -2689,11 +2804,19 @@ ssl_verify_crl(int ok, X509_STORE_CTX *ctx)
* Try to retrieve a CRL corresponding to the _subject_ of
* the current certificate in order to verify it's integrity.
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
memset((char *)&obj, 0, sizeof(obj));
+#endif
X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
+ X509_STORE_CTX_cleanup(store_ctx);
+ crl = X509_OBJECT_get0_X509_CRL(obj);
+#else
rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, &obj);
X509_STORE_CTX_cleanup(store_ctx);
crl = obj.data.crl;
+#endif
if (rc > 0 && crl != NULL) {
/*
* Verify the signature on this CRL
@@ -2701,7 +2824,11 @@ ssl_verify_crl(int ok, X509_STORE_CTX *ctx)
if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) {
fprintf(stderr, "Invalid signature on CRL!\n");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ X509_OBJECT_free(obj);
+#else
X509_OBJECT_free_contents(&obj);
+#endif
X509_STORE_CTX_free(store_ctx);
return 0;
}
@@ -2714,7 +2841,11 @@ ssl_verify_crl(int ok, X509_STORE_CTX *ctx)
fprintf(stderr, "Found CRL has invalid nextUpdate field.\n");
X509_STORE_CTX_set_error(ctx,
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ X509_OBJECT_free(obj);
+#else
X509_OBJECT_free_contents(&obj);
+#endif
X509_STORE_CTX_free(store_ctx);
return 0;
}
@@ -2723,22 +2854,38 @@ ssl_verify_crl(int ok, X509_STORE_CTX *ctx)
"Found CRL is expired - revoking all certificates until you get updated CRL.\n"
);
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ X509_OBJECT_free(obj);
+#else
X509_OBJECT_free_contents(&obj);
+#endif
X509_STORE_CTX_free(store_ctx);
return 0;
}
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ X509_OBJECT_free(obj);
+#else
X509_OBJECT_free_contents(&obj);
+#endif
}
/*
* Try to retrieve a CRL corresponding to the _issuer_ of
* the current certificate in order to check for revocation.
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
memset((char *)&obj, 0, sizeof(obj));
+#endif
X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
+ X509_STORE_CTX_free(store_ctx); /* calls X509_STORE_CTX_cleanup() */
+ crl = X509_OBJECT_get0_X509_CRL(obj);
+#else
rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, &obj);
X509_STORE_CTX_free(store_ctx); /* calls X509_STORE_CTX_cleanup() */
crl = obj.data.crl;
+#endif
if (rc > 0 && crl != NULL) {
/*
* Check if the current certificate is revoked by this CRL
@@ -2746,19 +2893,34 @@ ssl_verify_crl(int ok, X509_STORE_CTX *ctx)
n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
for (i = 0; i < n; i++) {
revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked),
+ X509_get_serialNumber(xs)) == 0) {
+
+ serial = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(revoked));
+#else
if (ASN1_INTEGER_cmp(revoked->serialNumber,
X509_get_serialNumber(xs)) == 0) {
serial = ASN1_INTEGER_get(revoked->serialNumber);
+#endif
cp = X509_NAME_oneline(issuer, NULL, 0);
free(cp);
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ X509_OBJECT_free(obj);
+#else
X509_OBJECT_free_contents(&obj);
+#endif
return 0;
}
}
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ X509_OBJECT_free(obj);
+#else
X509_OBJECT_free_contents(&obj);
+#endif
}
return ok;
}
@@ -4399,7 +4561,14 @@ X509_userok(X509 * peer_cert, const char * userid)
if (!(fp = fopen(buf, "r")))
return 0;
while (!r && (file_cert = PEM_read_X509(fp, NULL, NULL, NULL))) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ ASN1_BIT_STRING *peer_cert_sig, *file_cert_sig;
+ X509_get0_signature(&peer_cert_sig, NULL, peer_cert);
+ X509_get0_signature(&file_cert_sig, NULL, file_cert);
+ if (!ASN1_STRING_cmp(peer_cert_sig, file_cert_sig))
+#else
if (!ASN1_STRING_cmp(peer_cert->signature, file_cert->signature))
+#endif
r = 1;
X509_free(file_cert);
}