Update to 1.7.22.

Take maintainer with permission. OK sebastia@, sthen@.
2022-06-08 20:08:06 +00:00 · 2022-06-08 20:08:06 +00:00 · 4d4448e8be
parent e39da46942
commit 4d4448e8be
8 changed files with 66 additions and 112 deletions
--- a/security/tcltls/Makefile
+++ b/security/tcltls/Makefile
@ -1,47 +1,57 @@
-BROKEN=	Needs update to less outdated version and checking of dependent ports
-
 COMMENT=	OpenSSL Tcl extension

-VERSION=	1.6
+VERSION=	1.7.22

-DISTNAME=	tls${VERSION}-src
-PKGNAME=	tcltls-${VERSION}
-REVISION=	4
+DISTNAME=	tcltls-${VERSION}

 CATEGORIES=	security

-HOMEPAGE=	http://tls.sourceforge.net/
+HOMEPAGE=	http://core.tcl-lang.org/tcltls/

-MAINTAINER=	Sebastian Reitenbach <sebastia@openbsd.org>
+MAINTAINER=	Stuart Cassoff <stwo@users.sourceforge.net>

 # BSD
 PERMIT_PACKAGE=	Yes

 WANTLIB=	ssl crypto

-MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=tls/}
+MASTER_SITES=	${HOMEPAGE:=uv/}

 MODULES=	lang/tcl
-
+MODTCL_VERSION=	8.6
 RUN_DEPENDS=	${MODTCL_RUN_DEPENDS}
 BUILD_DEPENDS=	${RUN_DEPENDS}

-WRKDIST=	${WRKDIR}/tls${VERSION}
+FAKE_FLAGS =	PACKAGE_INSTALL_DIR='$$(TCL_PACKAGE_PATH)/tcltls' \
+		INSTALL_PROGRAM='$$(INSTALL_DATA)'
+
+TEST_FLAGS =	TESTFLAGS='${TESTFLAGS}'
 SEPARATE_BUILD =Yes
 CONFIGURE_STYLE=gnu
+
 CONFIGURE_ARGS=	--libdir=${MODTCL_TCLDIR} \
 		--with-tcl=${MODTCL_LIBDIR} \
-		--with-tclinclude=${MODTCL_INCDIR} \
-		--with-ssl-dir=/usr \
-		--includedir=${PREFIX}/include/tcltls
+		--includedir=${PREFIX}/include/tcltls \
+		--disable-rpath \
+		--enable-deterministic \
+		--enable-ssl-fastpath
+
+# Tcltls configure will always choose tclsh8.6 (if installed) over tclsh8.5.
+# Ensure that the tclsh chosen matches MODTCL_VERSION.
+CONFIGURE_ENV += TCLSH_NATIVE=${MODTCL_BIN}

-FAKE_FLAGS =	PKG_DIR='$$(PACKAGE_NAME)' INSTALL_PROGRAM='$$(INSTALL_DATA)'
-INSTALL_TARGET=	install-binaries
 TEST_TARGET=	test
-CFLAGS +=	-DNO_SSL2 -DNO_SSL3
-SUBST_VARS=	VER

-VER=		${VERSION:S/.//g}
+# Use TESTFLAGS to control the Tcltls tests
+TESTFLAGS =
+
+# --enable-ssl-fastpath is the preferred option
+# but these tests will fail without it.
+# tlsIO-9.2 tlsIO-2.11 tlsIO-12.3
+# To be revisited.
+# 
+# Use premade DH primes instead of generating new; builds faster.
+# --enable-deterministic

 post-install:
 	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/tcltls/
--- a/security/tcltls/distinfo
+++ b/security/tcltls/distinfo
@ -1,2 +1,2 @@
-SHA256 (tls1.6-src.tar.gz) = rexQFDqa1jSmcdJPfHu/JFVIfrXxLSkPQXl8MqmLk/M=
-SIZE (tls1.6-src.tar.gz) = 168043
+SHA256 (tcltls-1.7.22.tar.gz) = 6E4reideyCxKqp0bH5eG2+Q1jIFekXU5/+f2Z/9Lw7Q=
+SIZE (tcltls-1.7.22.tar.gz) = 165206
--- a/security/tcltls/patches/patch-configure
+++ b/security/tcltls/patches/patch-configure
@ -1,12 +0,0 @@
-Index: configure
--- configure.orig
-+++ configure
-@@ -8155,7 +8155,7 @@ echo "${ECHO_T}$tcl_cv_ld_elf" >&6
- 	    DL_LIBS=""
- 	    CC_SEARCH_FLAGS='-Wl,-rpath,${LIB_RUNTIME_DIR}'
- 	    LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS}
-	    SHARED_LIB_SUFFIX='${TCL_TRIM_DOTS}.so.1.0'
-+	    SHARED_LIB_SUFFIX='${TCL_TRIM_DOTS}.so'
- 	    echo "$as_me:$LINENO: checking for ELF" >&5
- echo $ECHO_N "checking for ELF... $ECHO_C" >&6
- if test "${tcl_cv_ld_elf+set}" = set; then
--- a/security/tcltls/patches/patch-tests_ciphers_test
+++ b/security/tcltls/patches/patch-tests_ciphers_test
@ -1,39 +0,0 @@
-Those tests will fail.
-
--- tests/ciphers.test.orig	Fri Jun 22 23:03:34 2007
-+++ tests/ciphers.test	Sun Dec  5 12:57:05 2010
-@@ -105,22 +105,22 @@ test ciphers-1.2 {Tls::ciphers for tls1} {rsabsafe} {
-     listcompare $::EXPECTEDCIPHERS(rsabsafe) [tls::ciphers tls1]
- } {}
- 
-test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} {
-    # This will fail if you compiled against RSA bsafe or with a
-    # different set of defines than the default.
-    # Change the constraint setting above.
-    listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers ssl3]
-} {}
-+#test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} {
-+#    # This will fail if you compiled against RSA bsafe or with a
-+#    # different set of defines than the default.
-+#    # Change the constraint setting above.
-+#    listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers ssl3]
-+#} {}
- 
- # This version of the test is correct for OpenSSL only.
- # An equivalent test for the RSA BSAFE SSL-C is earlier in this file.
- 
-test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {
-    # This will fail if you compiled against RSA bsafe or with a
-    # different set of defines than the default.
-    # Change the constraint setting in all.tcl
-    listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers tls1]
-} {}
-+#test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {
-+#    # This will fail if you compiled against RSA bsafe or with a
-+#    # different set of defines than the default.
-+#    # Change the constraint setting in all.tcl
-+#    listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers tls1]
-+#} {}
- 
- 
- # cleanup
--- a/security/tcltls/patches/patch-tlsBIO_c
+++ b/security/tcltls/patches/patch-tlsBIO_c
@ -0,0 +1,20 @@
+Found in the Debian port:
+http://deb.debian.org/debian/pool/main/t/tcltls/tcltls_1.7.22-2.debian.tar.xz
+
+Index: tlsBIO.c
+--- tlsBIO.c.orig
+++ tlsBIO.c
+@@ -231,9 +231,12 @@ static long BioCtrl(BIO *bio, int cmd, long num, void 
+ 	switch (cmd) {
+ 		case BIO_CTRL_RESET:
+ 			dprintf("Got BIO_CTRL_RESET");
+-			num = 0;
+			ret = 0;
+			break;
+ 		case BIO_C_FILE_SEEK:
+ 			dprintf("Got BIO_C_FILE_SEEK");
+			ret = 0;
+			break;
+ 		case BIO_C_FILE_TELL:
+ 			dprintf("Got BIO_C_FILE_TELL");
+ 			ret = 0;
--- a/security/tcltls/patches/patch-tlsInt_h
+++ b/security/tcltls/patches/patch-tlsInt_h
@ -0,0 +1,12 @@
+Index: tlsInt.h
+--- tlsInt.h.orig
+++ tlsInt.h
+@@ -54,7 +54,7 @@
+  * Determine if we should use the pre-OpenSSL 1.1.0 API
+  */
+ #undef TCLTLS_OPENSSL_PRE_1_1
+-#if (defined(LIBRESSL_VERSION_NUMBER)) || OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #  define TCLTLS_OPENSSL_PRE_1_1_API 1
+ #endif
+ 
--- a/security/tcltls/patches/patch-tlsX509_c
+++ b/security/tcltls/patches/patch-tlsX509_c
@ -1,36 +0,0 @@
-Index: tlsX509.c
--- tlsX509.c.orig
-+++ tlsX509.c
-@@ -102,8 +102,11 @@ Tls_NewX509Obj( interp, cert)
-     char notAfter[BUFSIZ];
- #ifndef NO_SSL_SHA
-     int shai;
-    char sha_hash[SHA_DIGEST_LENGTH*2];
-+    char sha_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
-+    unsigned char sha_hash_binary[SHA_DIGEST_LENGTH];
-     const char *shachars="0123456789ABCDEF";
-+
-+    sha_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
- #endif
- 
-     if ((bio = BIO_new(BIO_s_mem())) == NULL) {
-@@ -139,15 +142,16 @@ Tls_NewX509Obj( interp, cert)
-     strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));
- 
- #ifndef NO_SSL_SHA
-+    X509_digest(cert, EVP_sha1(), sha_hash_binary, NULL);
-     for (shai=0;shai<SHA_DIGEST_LENGTH;shai++)
-     {
-        sha_hash[shai * 2]=shachars[(cert->sha1_hash[shai] & 0xF0) >> 4];
-        sha_hash[shai * 2 + 1]=shachars[(cert->sha1_hash[shai] & 0x0F)];
-+        sha_hash_ascii[shai * 2]=shachars[(sha_hash_binary[shai] & 0xF0) >> 4];
-+        sha_hash_ascii[shai * 2 + 1]=shachars[(sha_hash_binary[shai] & 0x0F)];
-     }
-     Tcl_ListObjAppendElement( interp, certPtr,
- 	    Tcl_NewStringObj( "sha1_hash", -1) );
-     Tcl_ListObjAppendElement( interp, certPtr,
-	    Tcl_NewStringObj( sha_hash, SHA_DIGEST_LENGTH*2) );
-+	    Tcl_NewStringObj( sha_hash_ascii, SHA_DIGEST_LENGTH*2) );
- 
- #endif
-     Tcl_ListObjAppendElement( interp, certPtr,
--- a/security/tcltls/pkg/PLIST
+++ b/security/tcltls/pkg/PLIST
@ -1,6 +1,5 @@
-lib/tcl/tls/
-lib/tcl/tls/libtls${VER}.so
-lib/tcl/tls/pkgIndex.tcl
-lib/tcl/tls/tls.tcl
+lib/tcl/tcltls/
+lib/tcl/tcltls/pkgIndex.tcl
+@so lib/tcl/tcltls/tcltls.so
 share/doc/tcltls/
 share/doc/tcltls/tls.htm