From 4d4448e8beb90ae5080bb91820d66fd777385eba Mon Sep 17 00:00:00 2001
From: stu <stu@openbsd.org>
Date: Wed, 8 Jun 2022 20:08:06 +0000
Subject: [PATCH] Update to 1.7.22. Take maintainer with permission.

OK sebastia@, sthen@.
---
 security/tcltls/Makefile                      | 48 +++++++++++--------
 security/tcltls/distinfo                      |  4 +-
 security/tcltls/patches/patch-configure       | 12 -----
 .../tcltls/patches/patch-tests_ciphers_test   | 39 ---------------
 security/tcltls/patches/patch-tlsBIO_c        | 20 ++++++++
 security/tcltls/patches/patch-tlsInt_h        | 12 +++++
 security/tcltls/patches/patch-tlsX509_c       | 36 --------------
 security/tcltls/pkg/PLIST                     |  7 ++-
 8 files changed, 66 insertions(+), 112 deletions(-)
 delete mode 100644 security/tcltls/patches/patch-configure
 delete mode 100644 security/tcltls/patches/patch-tests_ciphers_test
 create mode 100644 security/tcltls/patches/patch-tlsBIO_c
 create mode 100644 security/tcltls/patches/patch-tlsInt_h
 delete mode 100644 security/tcltls/patches/patch-tlsX509_c

diff --git a/security/tcltls/Makefile b/security/tcltls/Makefile
index 3e9cabfd7fd..e3c31869bda 100644
--- a/security/tcltls/Makefile
+++ b/security/tcltls/Makefile
@@ -1,47 +1,57 @@
-BROKEN=	Needs update to less outdated version and checking of dependent ports
-
 COMMENT=	OpenSSL Tcl extension
 
-VERSION=	1.6
+VERSION=	1.7.22
 
-DISTNAME=	tls${VERSION}-src
-PKGNAME=	tcltls-${VERSION}
-REVISION=	4
+DISTNAME=	tcltls-${VERSION}
 
 CATEGORIES=	security
 
-HOMEPAGE=	http://tls.sourceforge.net/
+HOMEPAGE=	http://core.tcl-lang.org/tcltls/
 
-MAINTAINER=	Sebastian Reitenbach <sebastia@openbsd.org>
+MAINTAINER=	Stuart Cassoff <stwo@users.sourceforge.net>
 
 # BSD
 PERMIT_PACKAGE=	Yes
 
 WANTLIB=	ssl crypto
 
-MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=tls/}
+MASTER_SITES=	${HOMEPAGE:=uv/}
 
 MODULES=	lang/tcl
-
+MODTCL_VERSION=	8.6
 RUN_DEPENDS=	${MODTCL_RUN_DEPENDS}
 BUILD_DEPENDS=	${RUN_DEPENDS}
 
-WRKDIST=	${WRKDIR}/tls${VERSION}
+FAKE_FLAGS =	PACKAGE_INSTALL_DIR='$$(TCL_PACKAGE_PATH)/tcltls' \
+		INSTALL_PROGRAM='$$(INSTALL_DATA)'
+
+TEST_FLAGS =	TESTFLAGS='${TESTFLAGS}'
 SEPARATE_BUILD =Yes
 CONFIGURE_STYLE=gnu
+
 CONFIGURE_ARGS=	--libdir=${MODTCL_TCLDIR} \
 		--with-tcl=${MODTCL_LIBDIR} \
-		--with-tclinclude=${MODTCL_INCDIR} \
-		--with-ssl-dir=/usr \
-		--includedir=${PREFIX}/include/tcltls
+		--includedir=${PREFIX}/include/tcltls \
+		--disable-rpath \
+		--enable-deterministic \
+		--enable-ssl-fastpath
+
+# Tcltls configure will always choose tclsh8.6 (if installed) over tclsh8.5.
+# Ensure that the tclsh chosen matches MODTCL_VERSION.
+CONFIGURE_ENV += TCLSH_NATIVE=${MODTCL_BIN}
 
-FAKE_FLAGS =	PKG_DIR='$$(PACKAGE_NAME)' INSTALL_PROGRAM='$$(INSTALL_DATA)'
-INSTALL_TARGET=	install-binaries
 TEST_TARGET=	test
-CFLAGS +=	-DNO_SSL2 -DNO_SSL3
-SUBST_VARS=	VER
 
-VER=		${VERSION:S/.//g}
+# Use TESTFLAGS to control the Tcltls tests
+TESTFLAGS =
+
+# --enable-ssl-fastpath is the preferred option
+# but these tests will fail without it.
+# tlsIO-9.2 tlsIO-2.11 tlsIO-12.3
+# To be revisited.
+# 
+# Use premade DH primes instead of generating new; builds faster.
+# --enable-deterministic
 
 post-install:
 	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/tcltls/
diff --git a/security/tcltls/distinfo b/security/tcltls/distinfo
index e8a9f8aa494..be54a1a6a80 100644
--- a/security/tcltls/distinfo
+++ b/security/tcltls/distinfo
@@ -1,2 +1,2 @@
-SHA256 (tls1.6-src.tar.gz) = rexQFDqa1jSmcdJPfHu/JFVIfrXxLSkPQXl8MqmLk/M=
-SIZE (tls1.6-src.tar.gz) = 168043
+SHA256 (tcltls-1.7.22.tar.gz) = 6E4reideyCxKqp0bH5eG2+Q1jIFekXU5/+f2Z/9Lw7Q=
+SIZE (tcltls-1.7.22.tar.gz) = 165206
diff --git a/security/tcltls/patches/patch-configure b/security/tcltls/patches/patch-configure
deleted file mode 100644
index 1ebc82ec1f8..00000000000
--- a/security/tcltls/patches/patch-configure
+++ /dev/null
@@ -1,12 +0,0 @@
-Index: configure
---- configure.orig
-+++ configure
-@@ -8155,7 +8155,7 @@ echo "${ECHO_T}$tcl_cv_ld_elf" >&6
- 	    DL_LIBS=""
- 	    CC_SEARCH_FLAGS='-Wl,-rpath,${LIB_RUNTIME_DIR}'
- 	    LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS}
--	    SHARED_LIB_SUFFIX='${TCL_TRIM_DOTS}.so.1.0'
-+	    SHARED_LIB_SUFFIX='${TCL_TRIM_DOTS}.so'
- 	    echo "$as_me:$LINENO: checking for ELF" >&5
- echo $ECHO_N "checking for ELF... $ECHO_C" >&6
- if test "${tcl_cv_ld_elf+set}" = set; then
diff --git a/security/tcltls/patches/patch-tests_ciphers_test b/security/tcltls/patches/patch-tests_ciphers_test
deleted file mode 100644
index 6214c33d538..00000000000
--- a/security/tcltls/patches/patch-tests_ciphers_test
+++ /dev/null
@@ -1,39 +0,0 @@
-Those tests will fail.
-
---- tests/ciphers.test.orig	Fri Jun 22 23:03:34 2007
-+++ tests/ciphers.test	Sun Dec  5 12:57:05 2010
-@@ -105,22 +105,22 @@ test ciphers-1.2 {Tls::ciphers for tls1} {rsabsafe} {
-     listcompare $::EXPECTEDCIPHERS(rsabsafe) [tls::ciphers tls1]
- } {}
- 
--test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} {
--    # This will fail if you compiled against RSA bsafe or with a
--    # different set of defines than the default.
--    # Change the constraint setting above.
--    listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers ssl3]
--} {}
-+#test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} {
-+#    # This will fail if you compiled against RSA bsafe or with a
-+#    # different set of defines than the default.
-+#    # Change the constraint setting above.
-+#    listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers ssl3]
-+#} {}
- 
- # This version of the test is correct for OpenSSL only.
- # An equivalent test for the RSA BSAFE SSL-C is earlier in this file.
- 
--test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {
--    # This will fail if you compiled against RSA bsafe or with a
--    # different set of defines than the default.
--    # Change the constraint setting in all.tcl
--    listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers tls1]
--} {}
-+#test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {
-+#    # This will fail if you compiled against RSA bsafe or with a
-+#    # different set of defines than the default.
-+#    # Change the constraint setting in all.tcl
-+#    listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers tls1]
-+#} {}
- 
- 
- # cleanup
diff --git a/security/tcltls/patches/patch-tlsBIO_c b/security/tcltls/patches/patch-tlsBIO_c
new file mode 100644
index 00000000000..adc3f198664
--- /dev/null
+++ b/security/tcltls/patches/patch-tlsBIO_c
@@ -0,0 +1,20 @@
+Found in the Debian port:
+http://deb.debian.org/debian/pool/main/t/tcltls/tcltls_1.7.22-2.debian.tar.xz
+
+Index: tlsBIO.c
+--- tlsBIO.c.orig
++++ tlsBIO.c
+@@ -231,9 +231,12 @@ static long BioCtrl(BIO *bio, int cmd, long num, void 
+ 	switch (cmd) {
+ 		case BIO_CTRL_RESET:
+ 			dprintf("Got BIO_CTRL_RESET");
+-			num = 0;
++			ret = 0;
++			break;
+ 		case BIO_C_FILE_SEEK:
+ 			dprintf("Got BIO_C_FILE_SEEK");
++			ret = 0;
++			break;
+ 		case BIO_C_FILE_TELL:
+ 			dprintf("Got BIO_C_FILE_TELL");
+ 			ret = 0;
diff --git a/security/tcltls/patches/patch-tlsInt_h b/security/tcltls/patches/patch-tlsInt_h
new file mode 100644
index 00000000000..692d7adcaf0
--- /dev/null
+++ b/security/tcltls/patches/patch-tlsInt_h
@@ -0,0 +1,12 @@
+Index: tlsInt.h
+--- tlsInt.h.orig
++++ tlsInt.h
+@@ -54,7 +54,7 @@
+  * Determine if we should use the pre-OpenSSL 1.1.0 API
+  */
+ #undef TCLTLS_OPENSSL_PRE_1_1
+-#if (defined(LIBRESSL_VERSION_NUMBER)) || OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #  define TCLTLS_OPENSSL_PRE_1_1_API 1
+ #endif
+ 
diff --git a/security/tcltls/patches/patch-tlsX509_c b/security/tcltls/patches/patch-tlsX509_c
deleted file mode 100644
index c567a6efbad..00000000000
--- a/security/tcltls/patches/patch-tlsX509_c
+++ /dev/null
@@ -1,36 +0,0 @@
-Index: tlsX509.c
---- tlsX509.c.orig
-+++ tlsX509.c
-@@ -102,8 +102,11 @@ Tls_NewX509Obj( interp, cert)
-     char notAfter[BUFSIZ];
- #ifndef NO_SSL_SHA
-     int shai;
--    char sha_hash[SHA_DIGEST_LENGTH*2];
-+    char sha_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
-+    unsigned char sha_hash_binary[SHA_DIGEST_LENGTH];
-     const char *shachars="0123456789ABCDEF";
-+
-+    sha_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
- #endif
- 
-     if ((bio = BIO_new(BIO_s_mem())) == NULL) {
-@@ -139,15 +142,16 @@ Tls_NewX509Obj( interp, cert)
-     strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));
- 
- #ifndef NO_SSL_SHA
-+    X509_digest(cert, EVP_sha1(), sha_hash_binary, NULL);
-     for (shai=0;shai<SHA_DIGEST_LENGTH;shai++)
-     {
--        sha_hash[shai * 2]=shachars[(cert->sha1_hash[shai] & 0xF0) >> 4];
--        sha_hash[shai * 2 + 1]=shachars[(cert->sha1_hash[shai] & 0x0F)];
-+        sha_hash_ascii[shai * 2]=shachars[(sha_hash_binary[shai] & 0xF0) >> 4];
-+        sha_hash_ascii[shai * 2 + 1]=shachars[(sha_hash_binary[shai] & 0x0F)];
-     }
-     Tcl_ListObjAppendElement( interp, certPtr,
- 	    Tcl_NewStringObj( "sha1_hash", -1) );
-     Tcl_ListObjAppendElement( interp, certPtr,
--	    Tcl_NewStringObj( sha_hash, SHA_DIGEST_LENGTH*2) );
-+	    Tcl_NewStringObj( sha_hash_ascii, SHA_DIGEST_LENGTH*2) );
- 
- #endif
-     Tcl_ListObjAppendElement( interp, certPtr,
diff --git a/security/tcltls/pkg/PLIST b/security/tcltls/pkg/PLIST
index cc5d1d704f6..a9539ad8628 100644
--- a/security/tcltls/pkg/PLIST
+++ b/security/tcltls/pkg/PLIST
@@ -1,6 +1,5 @@
-lib/tcl/tls/
-lib/tcl/tls/libtls${VER}.so
-lib/tcl/tls/pkgIndex.tcl
-lib/tcl/tls/tls.tcl
+lib/tcl/tcltls/
+lib/tcl/tcltls/pkgIndex.tcl
+@so lib/tcl/tcltls/tcltls.so
 share/doc/tcltls/
 share/doc/tcltls/tls.htm