diff options
author | Rene Ladan <rene@FreeBSD.org> | 2023-06-03 11:11:47 +0000 |
---|---|---|
committer | Rene Ladan <rene@FreeBSD.org> | 2023-06-03 11:11:47 +0000 |
commit | a96b72ed5f03f080e862b739d25c65fb9dc84106 (patch) | |
tree | 097ef55aca013cca0e8e3421a1709297df87b877 | |
parent | c951b352ec8c0542bca1e3ba6840e2e3d358daa0 (diff) |
net-mgmt/send: Remove expired port
2023-06-03 net-mgmt/send: Implementation is based on older obsolete RFC
28 files changed, 1 insertions, 1212 deletions
@@ -7613,3 +7613,4 @@ net-mgmt/nagircbot||2023-06-01|Has expired: Broken for more than a year and fail mail/spamdyke||2023-06-01|Has expired: Broken for more than a year and last upstream release was in 2015 net/haproxy17||2023-06-03|Has expired: Upstream EOL reached on 2021-03-31 net/haproxy18||2023-06-03|Has expired: Upstream EOL reached on 2022-12-31 +net-mgmt/send||2023-06-03|Has expired: Implementation is based on older obsolete RFC diff --git a/net-mgmt/Makefile b/net-mgmt/Makefile index 5a3305c86f0e..051a593f39b3 100644 --- a/net-mgmt/Makefile +++ b/net-mgmt/Makefile @@ -370,7 +370,6 @@ SUBDIR += seafile-gui SUBDIR += seafile-server SUBDIR += semaphore - SUBDIR += send SUBDIR += sendip SUBDIR += sipcalc SUBDIR += sjitter diff --git a/net-mgmt/send/Makefile b/net-mgmt/send/Makefile deleted file mode 100644 index 727bb7909f5d..000000000000 --- a/net-mgmt/send/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -PORTNAME= send -PORTVERSION= 0.3 -DISTVERSIONPREFIX= v -PORTREVISION= 4 -CATEGORIES= net-mgmt - -MAINTAINER= hrs@FreeBSD.org -COMMENT= Secure Neighbor Discovery implementation for IPv6 - -LICENSE= BSD3CLAUSE -LICENSE_FILE= ${WRKSRC}/LICENSE - -DEPRECATED= Implementation is based on older obsolete RFC -EXPIRATION_DATE= 2023-06-03 - -LIB_DEPENDS= libdnet.so:net/libdnet - -USES= gmake ncurses readline ssl -BROKEN_SSL= openssl30 openssl31 -BROKEN_SSL_REASON= error: unknown type name 'IPAddressRange' -USE_GITHUB= yes -GH_ACCOUNT= hrs-allbsd -USE_RC_SUBR= sendd - -SUB_FILES= pkg-message -PORTDOCS= README UserGuide.pdf -MAKE_JOBS_UNSAFE=yes - -OPTIONS_DEFINE= DOCS - -.include <bsd.port.pre.mk> - -.if ${OPSYS} == FreeBSD && ( ${OSVERSION} >= 1400079 || ( ${OSVERSION} >= 1302505 && ${OSVERSION} < 1400000 )) -CFLAGS+= -Wno-error=int-conversion -.endif - -post-extract: - ${INSTALL_DATA} ${WRKSRC}/examples/ipext/ipext_verify.conf \ - ${WRKSRC}/examples/ipext/ca/ipext.conf \ - ${WRKSRC}/examples/ - ${INSTALL_DATA} ${WRKSRC}/docs/UserGuide.pdf \ - ${WRKSRC}/UserGuide.pdf - -post-install: - ${MKDIR} ${STAGEDIR}${PREFIX}/etc/sendd - for F in sendd.conf params.conf ipext.conf ipext_verify.conf; do \ - ${INSTALL_DATA} ${WRKSRC}/examples/$$F \ - ${STAGEDIR}${PREFIX}/etc/sendd/$${F}-dist; \ - done - -post-install-DOCS-on: - ${MKDIR} ${STAGEDIR}${DOCSDIR} - cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR} - -.include <bsd.port.post.mk> diff --git a/net-mgmt/send/distinfo b/net-mgmt/send/distinfo deleted file mode 100644 index efc5713d134c..000000000000 --- a/net-mgmt/send/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1551288169 -SHA256 (hrs-allbsd-send-v0.3_GH0.tar.gz) = 527542b24fa2009e0cc99a85fd423215782ced69c427454727172745c7fbae92 -SIZE (hrs-allbsd-send-v0.3_GH0.tar.gz) = 1313559 diff --git a/net-mgmt/send/files/patch-Makefile.install b/net-mgmt/send/files/patch-Makefile.install deleted file mode 100644 index 741130d3d5ee..000000000000 --- a/net-mgmt/send/files/patch-Makefile.install +++ /dev/null @@ -1,15 +0,0 @@ ---- Makefile.install.orig 2019-02-27 16:25:45 UTC -+++ Makefile.install -@@ -1,9 +1,9 @@ --INSSBIN= $(PREFIXSBIN)/$(PROG) -+INSSBIN= $(DESTDIR)$(PREFIXSBIN)/$(PROG) - - $(INSSBIN): $(PROG) -- install $< $@ -+ $(BSD_INSTALL_PROGRAM) $< $@ - --install: all $(PREFIXSBIN) $(INSSBIN) $(EXTRAINSTALL) -+install: all $(DESTDIR)$(PREFIXSBIN) $(INSSBIN) $(DESTDIR)$(EXTRAINSTALL) - - $(PREFIXSBIN): - mkdir -p $@ diff --git a/net-mgmt/send/files/patch-include-cga_keyutils.h b/net-mgmt/send/files/patch-include-cga_keyutils.h deleted file mode 100644 index d7fa4434759b..000000000000 --- a/net-mgmt/send/files/patch-include-cga_keyutils.h +++ /dev/null @@ -1,12 +0,0 @@ ---- include/cga_keyutils.h.orig 2019-02-27 16:25:45 UTC -+++ include/cga_keyutils.h -@@ -36,6 +36,9 @@ - #include <openssl/x509.h> - #include <openssl/evp.h> - #include <openssl/stack.h> -+#if OPENSSL_VERSION_NUMBER >= 0x0090900fL -+#define STACK _STACK -+#endif - #include <cga.h> - - extern int cga_add_key(cga_ctx_t *, EVP_PKEY *, int, uint16_t); diff --git a/net-mgmt/send/files/patch-include-pkixip_ext.h b/net-mgmt/send/files/patch-include-pkixip_ext.h deleted file mode 100644 index bc32707d1911..000000000000 --- a/net-mgmt/send/files/patch-include-pkixip_ext.h +++ /dev/null @@ -1,33 +0,0 @@ ---- include/pkixip_ext.h.orig 2019-02-27 16:25:45 UTC -+++ include/pkixip_ext.h -@@ -47,14 +47,30 @@ struct pkixip_config { - char *certfile; - }; - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - extern int pkixip_aor_cmp(const char * const *, const char * const *); - extern int pkixip_ipf_cmp(const char * const *, const char * const *); -+#else -+extern int pkixip_aor_cmp(const IPAddressOrRange * const *, -+ const IPAddressOrRange * const *); -+extern int pkixip_ipf_cmp(const IPAddressFamily * const *, -+ const IPAddressFamily * const *); -+#endif - - extern int pkixip_add2stores_cert(X509 *); - extern int pkixip_add2stores_file(const char *); -+ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - extern int pkixip_add_store(int *, int (*cmp)(X509_OBJECT **, X509_OBJECT **)); -+#else -+extern int pkixip_add_store(int *, int (*cmp)(const X509_OBJECT * const *, const X509_OBJECT * const *)); -+#endif - extern void *pkixip_find_cert(void *, int); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - extern STACK *pkixip_get_mychain(void); -+#else -+extern STACK_OF(X509_OBJECT) *pkixip_get_mychain(void); -+#endif - extern X509_STORE_CTX *pkixip_get_store_ctx(void); - extern int pkixip_has_ext(X509 *x); - extern X509 *pkixip_load_cert(const char *); diff --git a/net-mgmt/send/files/patch-include-pkixip_ext_asn.h b/net-mgmt/send/files/patch-include-pkixip_ext_asn.h deleted file mode 100644 index c1f7b7b8be6a..000000000000 --- a/net-mgmt/send/files/patch-include-pkixip_ext_asn.h +++ /dev/null @@ -1,33 +0,0 @@ ---- include/pkixip_ext_asn.h.orig 2019-02-27 16:25:45 UTC -+++ include/pkixip_ext_asn.h -@@ -33,7 +33,12 @@ - #ifndef _PKIXIP_EXT_ASN_H - #define _PKIXIP_EXT_ASN_H - -+#include <openssl/stack.h> -+#if OPENSSL_VERSION_NUMBER >= 0x0090900fL -+#define STACK _STACK -+#endif - #include <openssl/asn1t.h> -+#include <openssl/asn1.h> - #include <openssl/err.h> - #include <openssl/x509v3.h> - -@@ -45,7 +50,7 @@ - #define IANA_SAFI_BOTH 3 - #define IANA_SAFI_MPLS 4 - --/* -+#ifdef LIBRESSL_VERSION_NUMBER - typedef struct IPAddressRange_st { - ASN1_BIT_STRING *min; - ASN1_BIT_STRING *max; -@@ -79,7 +84,7 @@ typedef struct IPAddressFamily_st { - ASN1_OCTET_STRING *addressFamily; - IPAddressChoice *ipAddressChoice; - } IPAddressFamily; --*/ -+#endif - - #define IP_AOR_PREFIX 0 - #define IP_AOR_RANGE 1 diff --git a/net-mgmt/send/files/patch-libs-Makefile.lib.common b/net-mgmt/send/files/patch-libs-Makefile.lib.common deleted file mode 100644 index 02c297955be6..000000000000 --- a/net-mgmt/send/files/patch-libs-Makefile.lib.common +++ /dev/null @@ -1,9 +0,0 @@ ---- libs/Makefile.lib.common.orig 2019-02-27 16:25:45 UTC -+++ libs/Makefile.lib.common -@@ -1,5 +1,5 @@ - --CFLAGS += -Wall -O3 -+CFLAGS?= -Wall -O3 - - ifeq ($(DEBUG_POLICY),DEBUG) - CPPFLAGS += -g # enable for general debugging diff --git a/net-mgmt/send/files/patch-libs-libcga-cga_keyutils.c b/net-mgmt/send/files/patch-libs-libcga-cga_keyutils.c deleted file mode 100644 index 30423a55492d..000000000000 --- a/net-mgmt/send/files/patch-libs-libcga-cga_keyutils.c +++ /dev/null @@ -1,19 +0,0 @@ ---- libs/libcga/cga_keyutils.c.orig 2019-02-27 16:25:45 UTC -+++ libs/libcga/cga_keyutils.c -@@ -45,6 +45,7 @@ - #include <pthread.h> - #include <openssl/err.h> - #include <openssl/pem.h> -+#include <openssl/x509.h> - - #include "config.h" - #include <applog.h> -@@ -80,7 +81,7 @@ cga_load_cert(cga_ctx_t *cga, const char *f) - goto fail; - } - -- k = X509_PUBKEY_get(x->cert_info->key); -+ k = X509_PUBKEY_get(X509_get_X509_PUBKEY(x)); - - if (cga->key && cga->free_key) { - free(cga->key); diff --git a/net-mgmt/send/files/patch-libs-libcga-cga_mt.c b/net-mgmt/send/files/patch-libs-libcga-cga_mt.c deleted file mode 100644 index a70b51c861e4..000000000000 --- a/net-mgmt/send/files/patch-libs-libcga-cga_mt.c +++ /dev/null @@ -1,54 +0,0 @@ ---- libs/libcga/cga_mt.c.orig 2019-02-27 16:25:45 UTC -+++ libs/libcga/cga_mt.c -@@ -77,10 +77,10 @@ SPIN(void) - static int - add_mod(uint8_t *m, uint32_t s) - { -- BIGNUM bn[1], *bnp; -+ BIGNUM *bn, *bnp; - int blen; - -- BN_init(bn); -+ bn = BN_new(); - if ((bnp = BN_bin2bn(m, CGA_MODLEN, bn)) == NULL) { - ssl_err(__FUNCTION__, "BN_bin2bin failed"); - return (-1); -@@ -88,6 +88,7 @@ add_mod(uint8_t *m, uint32_t s) - BN_add_word(bnp, s); - blen = BN_num_bytes(bnp); - BN_bn2bin(bnp, m + (CGA_MODLEN - blen)); -+ BN_free(bn); - - return (0); - } -@@ -177,12 +178,16 @@ done: - static void - opssec(struct timeval *start, uint8_t *startmod) - { -- BIGNUM sm[1], em[1], ops[1], t[1], dv[1]; -+ BIGNUM *sm, *em, *ops, *t, *dv; - BN_CTX *bc; - struct timeval tv[1]; - char *dec; - -- BN_init(sm); BN_init(em); BN_init(ops); BN_init(t); BN_init(dv); -+ sm = BN_new(); -+ em = BN_new(); -+ ops = BN_new(); -+ t = BN_new(); -+ dv = BN_new(); - BN_bin2bn(startmod, CGA_MODLEN, sm); - BN_bin2bn(state->mod, CGA_MODLEN, em); - BN_sub(ops, em, sm); -@@ -210,6 +215,11 @@ opssec(struct timeval *start, uint8_t *startmod) - - OPENSSL_free(dec); - BN_CTX_free(bc); -+ BN_free(sm); -+ BN_free(em); -+ BN_free(ops); -+ BN_free(t); -+ BN_free(dv); - } - - void diff --git a/net-mgmt/send/files/patch-libs-libpkixipext-asn1.c b/net-mgmt/send/files/patch-libs-libpkixipext-asn1.c deleted file mode 100644 index be53eca5e80c..000000000000 --- a/net-mgmt/send/files/patch-libs-libpkixipext-asn1.c +++ /dev/null @@ -1,25 +0,0 @@ ---- libs/libpkixipext/asn1.c.orig 2019-02-27 16:25:45 UTC -+++ libs/libpkixipext/asn1.c -@@ -187,9 +187,8 @@ i2v_IPAddressChoice(X509V3_EXT_METHOD *method, IPAddre - break; - case IPA_CHOICE_AOR: - X509V3_add_value(" Prefix or Range", NULL, &extlist); -- for (i = 0; i < sk_num(ipc->u.addressesOrRanges); i++) { -- aor = (IPAddressOrRange *) -- sk_value(ipc->u.addressesOrRanges, i); -+ for (i = 0; i < sk_IPAddressOrRange_num(ipc->u.addressesOrRanges); i++) { -+ aor = sk_IPAddressOrRange_value(ipc->u.addressesOrRanges, i); - i2v_IPAddressOrRange(method, aor, extlist, af); - } - break; -@@ -265,8 +264,8 @@ i2v_IPAddrBlocks(X509V3_EXT_METHOD *method, IPAddrBloc - return (NULL); - } - -- for (i = 0; i < sk_num(ipb); i++) { -- ipf = (IPAddressFamily *)sk_value(ipb, i); -+ for (i = 0; i < sk_IPAddressFamily_num(ipb); i++) { -+ ipf = sk_IPAddressFamily_value(ipb, i); - i2v_IPAddressFamily(method, ipf, extlist); - } - diff --git a/net-mgmt/send/files/patch-libs-libpkixipext-pkixip_ext_gram.y b/net-mgmt/send/files/patch-libs-libpkixipext-pkixip_ext_gram.y deleted file mode 100644 index ef68ee80da79..000000000000 --- a/net-mgmt/send/files/patch-libs-libpkixipext-pkixip_ext_gram.y +++ /dev/null @@ -1,40 +0,0 @@ ---- libs/libpkixipext/pkixip_ext_gram.y.orig 2019-02-27 16:25:45 UTC -+++ libs/libpkixipext/pkixip_ext_gram.y -@@ -42,7 +42,7 @@ - #include "pkixip_ext.h" - #include "pkixip_local.h" - --int linecnt; -+extern int linecnt; - - extern char *pkixip_text; - extern int pkixip_lex(void); -@@ -350,7 +350,7 @@ new_aor(void) - - if (!ipc->u.addressesOrRanges && - !(ipc->u.addressesOrRanges = -- sk_new(pkixip_aor_cmp))) { -+ sk_IPAddressOrRange_new(pkixip_aor_cmp))) { - applog(LOG_CRIT, "no memory"); - return (-1); - } -@@ -361,7 +361,7 @@ new_aor(void) - applog(LOG_CRIT, "%s: no memory", __FUNCTION__); - return (-1); - } -- if (!sk_push(ipc->u.addressesOrRanges, (char *)aor)) { -+ if (!sk_IPAddressOrRange_push(ipc->u.addressesOrRanges, (char *)aor)) { - applog(LOG_CRIT, "sk_push() failed"); - return (-1); - } -@@ -459,8 +459,8 @@ af_already_exists(void) - int i; - IPAddressFamily *e_ipf; - -- for (i = 0; i < sk_num(parse_ipb); i++) { -- e_ipf = (IPAddressFamily *)sk_value(parse_ipb, i); -+ for (i = 0; i < sk_IPAddressFamily_num(parse_ipb); i++) { -+ e_ipf = sk_IPAddressFamily_value(parse_ipb, i); - if (af_match(ipf, e_ipf)) { - return (1); - } diff --git a/net-mgmt/send/files/patch-libs-libpkixipext-util.c b/net-mgmt/send/files/patch-libs-libpkixipext-util.c deleted file mode 100644 index b22140586ff3..000000000000 --- a/net-mgmt/send/files/patch-libs-libpkixipext-util.c +++ /dev/null @@ -1,30 +0,0 @@ ---- libs/libpkixipext/util.c.orig 2019-02-27 16:25:45 UTC -+++ libs/libpkixipext/util.c -@@ -37,8 +37,13 @@ - #include "config.h" - #include "pkixip_ext_asn.h" - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - int - pkixip_aor_cmp(const char * const *a1, const char * const *a2) -+#else -+int -+pkixip_aor_cmp(const IPAddressOrRange * const *a1, const IPAddressOrRange * const *a2) -+#endif - { - int by1, by2, bi1, bi2, bytes, bits; - uint8_t *d1, *d2, x1, x2, mask; -@@ -119,8 +124,13 @@ pkixip_aor_cmp(const char * const *a1, const char * co - return (0); - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - int - pkixip_ipf_cmp(const char * const *a1, const char * const *a2) -+#else -+int -+pkixip_ipf_cmp(const IPAddressFamily * const *a1, const IPAddressFamily * const *a2) -+#endif - { - IPAddressFamily *ipf1 = (IPAddressFamily *)*a1; - IPAddressFamily *ipf2 = (IPAddressFamily *)*a2; diff --git a/net-mgmt/send/files/patch-libs-libpkixipext-ver.c b/net-mgmt/send/files/patch-libs-libpkixipext-ver.c deleted file mode 100644 index 1b51ece804ca..000000000000 --- a/net-mgmt/send/files/patch-libs-libpkixipext-ver.c +++ /dev/null @@ -1,240 +0,0 @@ ---- libs/libpkixipext/ver.c.orig 2019-02-27 16:25:45 UTC -+++ libs/libpkixipext/ver.c -@@ -101,11 +101,15 @@ static int - in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1, ASN1_BIT_STRING *min2, - ASN1_BIT_STRING *max2, int af) - { -- BIGNUM bpmin[1], bpmax[1], bmin[1], bmax[1]; -- int alen, len, bits; -+ BIGNUM *bpmin, *bpmax, *bmin, *bmax; -+ int alen, len, bits, ret; - uint8_t mask, buf[sizeof (struct in6_addr)]; - -- BN_init(bpmin); BN_init(bpmax); BN_init(bmin); BN_init(bmax); -+ bpmin = BN_new(); -+ bpmax = BN_new(); -+ bmin = BN_new(); -+ bmax = BN_new(); -+ ret = 0; - switch (af) { - case AF_INET: - alen = sizeof (struct in_addr); -@@ -115,14 +119,14 @@ in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1, - break; - default: - DBG(&dbg_ver, "Unsupported AF"); -- return (0); -+ goto end; - } - - len = min1->length < alen ? min1->length : alen; - memset(buf, 0, sizeof (buf)); - memcpy(buf, min1->data, len); - if (!BN_bin2bn(buf, alen, bpmin)) { -- return (0); -+ goto end; - } - - len = max1->length < alen ? max1->length : alen; -@@ -135,14 +139,14 @@ in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1, - buf[len - 1] |= mask; - } - if (!BN_bin2bn(buf, alen, bpmax)) { -- return (0); -+ goto end; - } - - len = min2->length < alen ? min2->length : alen; - memset(buf, 0, sizeof (buf)); - memcpy(buf, min2->data, len); - if (!BN_bin2bn(buf, alen, bmin)) { -- return (0); -+ goto end; - } - - len = max2->length < alen ? max2->length : alen; -@@ -155,18 +159,24 @@ in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1, - buf[len - 1] |= mask; - } - if (!BN_bin2bn(buf, alen, bmax)) { -- return (0); -+ goto end; - } - - /* bmin <= bpmin <= bpmax <= bmax. We already know bpmin <= bpmax */ - if (BN_cmp(bmin, bpmin) == 1) { -- return (0); -+ goto end; - } - if (BN_cmp(bpmax, bmax) == 1) { -- return (0); -+ goto end; - } -+ ret = 1; -+end: -+ BN_free(bpmin); -+ BN_free(bpmax); -+ BN_free(bmin); -+ BN_free(bmax); - -- return (1); -+ return (ret); - } - - static int -@@ -247,16 +257,14 @@ af_cmp(IPAddressFamily *ipf1, IPAddressFamily *ipf2) - } - - DBG(&dbg_ver, "Pre-cmp ipc AOR count: %d", -- sk_num(ipc1->u.addressesOrRanges)); -+ sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges)); - -- for (i = 0; i < sk_num(ipc1->u.addressesOrRanges); i++) { -- aor1 = -- (IPAddressOrRange *)sk_value(ipc1->u.addressesOrRanges, i); -- for (j = 0; j < sk_num(ipc2->u.addressesOrRanges); j++) { -- aor2 = (IPAddressOrRange *) -- sk_value(ipc2->u.addressesOrRanges, j); -+ for (i = 0; i < sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges); i++) { -+ aor1 = sk_IPAddressOrRange_value(ipc1->u.addressesOrRanges, i); -+ for (j = 0; j < sk_IPAddressOrRange_num(ipc2->u.addressesOrRanges); j++) { -+ aor2 = sk_IPAddressOrRange_value(ipc2->u.addressesOrRanges, j); - if (aor_match(aor1, aor2, af) == 0) { -- sk_delete(ipc1->u.addressesOrRanges, i--); -+ sk_IPAddressOrRange_delete(ipc1->u.addressesOrRanges, i--); - IPAddressOrRange_free(aor1); - break; - } -@@ -264,9 +272,9 @@ af_cmp(IPAddressFamily *ipf1, IPAddressFamily *ipf2) - } - - DBG(&dbg_ver, "Post-cmp ipc AOR count: %d", -- sk_num(ipc1->u.addressesOrRanges)); -+ sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges)); - -- if (sk_num(ipc1->u.addressesOrRanges) == 0) { -+ if (sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges) == 0) { - return (0); - } - -@@ -307,7 +315,7 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 * - IPAddressFamily *ipf1, *ipf2; - int i, j, inherit = 0; - -- DBG(&dbg_ver, "vipb stack cnt: %d idx: %d", sk_num(vipb), idx); -+ DBG(&dbg_ver, "vipb stack cnt: %d idx: %d", sk_IPAddressFamily_num(vipb), idx); - - ipb = X509_get_ext_d2i(x, pkix_ip_ext_method.ext_nid, NULL, NULL); - if (!ipb) { -@@ -315,18 +323,18 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 * - return (-1); - } - -- for (i = 0; i < sk_num(vipb); i++) { -- ipf1 = (IPAddressFamily *)sk_value(vipb, i); -+ for (i = 0; i < sk_IPAddressFamily_num(vipb); i++) { -+ ipf1 = sk_IPAddressFamily_value(vipb, i); - - /* Ignore inherits in vipb */ - if (is_inherit(ipf1)) { -- sk_delete(vipb, i--); -+ sk_IPAddressFamily_delete(vipb, i--); - IPAddressFamily_free(ipf1); - continue; - } - -- for (j = 0; j < sk_num(ipb); j++) { -- ipf2 = (IPAddressFamily *)sk_value(ipb, j); -+ for (j = 0; j < sk_IPAddressFamily_num(ipb); j++) { -+ ipf2 = sk_IPAddressFamily_value(ipb, j); - if (af_match(ipf1, ipf2)) { - /* - * Inherits in ipb need to be checked -@@ -338,7 +346,7 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 * - } - - if (af_cmp(ipf1, ipf2) == 0) { -- sk_delete(vipb, i--); -+ sk_IPAddressFamily_delete(vipb, i--); - IPAddressFamily_free(ipf1); - break; - } -@@ -346,18 +354,18 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 * - } - } - -- if (!inherit || (++idx) == sk_num(ctx->chain)) { -+ if (!inherit || (++idx) == sk_num(X509_STORE_CTX_get_chain(ctx))) { - /* end of the line */ - goto done; - } -- x = (X509 *)sk_value(ctx->chain, idx); -+ x = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), idx); - verify_ipext_cert(ctx, idx, x, vipb); - - done: - IPAddrBlocks_free(ipb); - - /* If the vipb stack is now empty all ipf's matched */ -- if (sk_num(vipb) != 0) { -+ if (sk_IPAddressFamily_num(vipb) != 0) { - return (-1); - } - -@@ -376,13 +384,13 @@ verify_ipext(X509_STORE_CTX *ctx, IPAddrBlocks *vipb) - i2v_IPAddrBlocks(NULL, vipb, NULL), 8, 1); - #endif - -- if (sk_num(vipb) == 0) { -+ if (sk_IPAddressFamily_num(vipb) == 0) { - DBG(&dbg_ver, "IPAddrBlock empty; rejecting"); - return (-1); - } - -- for (i = 0; i < sk_num(ctx->chain); i++) { -- x = (X509 *)sk_value(ctx->chain, i); -+ for (i = 0; i < sk_num(X509_STORE_CTX_get_chain(ctx)); i++) { -+ x = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), i); - - DBG(&dbg_ver, "%s", - X509_NAME_oneline(X509_get_subject_name(x), nbuf, -@@ -391,7 +399,7 @@ verify_ipext(X509_STORE_CTX *ctx, IPAddrBlocks *vipb) - if (verify_ipext_cert(ctx, i, x, vipb) < 0) { - return (-1); - } -- if (sk_num(vipb) == 0) { -+ if (sk_IPAddressFamily_num(vipb) == 0) { - break; - } - } -@@ -408,9 +416,9 @@ verify_ipext_chain(X509_STORE_CTX *ctx) - - DBG(&dbg_ver, "Verifying IP Exts in the certificate chain"); - -- for (i = 1; i < sk_num(ctx->chain); i++) { -- vx = (X509 *)sk_value(ctx->chain, i - 1); -- x = (X509 *)sk_value(ctx->chain, i); -+ for (i = 1; i < sk_num(X509_STORE_CTX_get_chain(ctx)); i++) { -+ vx = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), i - 1); -+ x = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), i); - - DBG(&dbg_ver, "%s", - X509_NAME_oneline(X509_get_subject_name(vx), nbuf, -@@ -446,7 +454,7 @@ pkixip_verify_cb(int ok, X509_STORE_CTX *ctx) - X509_NAME_oneline(X509_get_subject_name(x), nbuf, sizeof (nbuf)); - #endif - if (!ok) { -- if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) { -+ if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) { - /* - * OpenSSL doesn't explicitly support PKIX IP Ext, - * so it throws this error when it encounters the -@@ -458,7 +466,7 @@ pkixip_verify_cb(int ok, X509_STORE_CTX *ctx) - } else { - DBG(&dbg_ver, "Not OK at %s", nbuf); - DBG(&dbg_ver, "%s", -- X509_verify_cert_error_string(ctx->error)); -+ X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx))); - } - } else { - DBG(&dbg_ver, "OK at %s", nbuf); diff --git a/net-mgmt/send/files/patch-libs-libpkixipext-x509.c b/net-mgmt/send/files/patch-libs-libpkixipext-x509.c deleted file mode 100644 index 1668b9ba4ddc..000000000000 --- a/net-mgmt/send/files/patch-libs-libpkixipext-x509.c +++ /dev/null @@ -1,310 +0,0 @@ ---- libs/libpkixipext/x509.c.orig 2019-02-27 16:25:45 UTC -+++ libs/libpkixipext/x509.c -@@ -57,34 +57,54 @@ static char nbuf[1024]; - extern int pkixip_verify_cb(int, X509_STORE_CTX *); - - X509V3_EXT_METHOD pkix_ip_ext_method = { -- ext_flags : X509V3_EXT_MULTILINE, -- it : ASN1_ITEM_ref(IPAddrBlocks), -- i2v : (X509V3_EXT_I2V)i2v_IPAddrBlocks, -+ .ext_flags = X509V3_EXT_MULTILINE, -+ .it = ASN1_ITEM_ref(IPAddrBlocks), -+ .i2v = (X509V3_EXT_I2V)i2v_IPAddrBlocks, - }; - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - static STACK *stores[PKIXIP_MAX_STORES]; -+#else -+static STACK_OF(X509_OBJECT) *stores[PKIXIP_MAX_STORES]; -+#endif - static X509_STORE_CTX *ctx_bysubj; - static int next_store = 1; - static void *(*wrap_store_cert)(X509 *x); - static void (*trustanchor_cb)(X509 *x); - pthread_mutex_t stores_lock = PTHREAD_MUTEX_INITIALIZER; - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - static STACK *mychain; -+#else -+static STACK_OF(X509_OBJECT) *mychain; -+#endif - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#define X509_OBJECT_get_type(a) ((a)->type) -+#define X509_OBJECT_get0_X509(a) ((a)->data.x509) -+#define X509_OBJECT_get0_X509_CRL(a) ((a)->data.crl) -+#define X509_STORE_get0_objects(a) ((a)->objs) -+#define X509_STORE_CTX_get0_chain(a) ((a)->chain) -+#endif - /* Lifted from openssl x509_lu.c */ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - static int - x509_object_cmp(X509_OBJECT **a, X509_OBJECT **b) -+#else -+static int -+x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) -+#endif - { - int ret; - -- ret=((*a)->type - (*b)->type); -+ ret=(X509_OBJECT_get_type(*a) - X509_OBJECT_get_type(*b)); - if (ret) return ret; -- switch ((*a)->type) { -+ switch (X509_OBJECT_get_type(*a)) { - case X509_LU_X509: -- ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509); -+ ret=X509_subject_name_cmp(X509_OBJECT_get0_X509(*a),X509_OBJECT_get0_X509(*b)); - break; - case X509_LU_CRL: -- ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl); -+ ret=X509_CRL_cmp(X509_OBJECT_get0_X509_CRL(*a),X509_OBJECT_get0_X509_CRL(*b)); - break; - default: - /* abort(); */ -@@ -243,7 +263,11 @@ pkixip_load_pkey(const char *f) - return (pkey); - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - static STACK * -+#else -+static STACK_OF(X509_OBJECT) * -+#endif - pkixip_get_store(int handle) - { - if (handle >= PKIXIP_MAX_STORES || handle < 0) { -@@ -257,7 +281,11 @@ pkixip_get_store(int handle) - void - pkixip_walk_store(int (*cb)(X509 *, void *), void *cookie, int handle) - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - STACK *objs; -+#else -+ STACK_OF(X509_OBJECT) *objs; -+#endif - int i; - X509_OBJECT *xo; - -@@ -266,12 +294,16 @@ pkixip_walk_store(int (*cb)(X509 *, void *), void *coo - goto done; - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - for (i = 0; i < sk_num(objs); i++) { -+#else -+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { -+#endif - xo = sk_X509_OBJECT_value(objs, i); -- if (xo->type != X509_LU_X509) { -+ if (X509_OBJECT_get_type(xo) != X509_LU_X509) { - continue; - } -- if (!cb(xo->data.x509, cookie)) { -+ if (!cb(X509_OBJECT_get0_X509(xo), cookie)) { - break; - } - } -@@ -282,7 +314,11 @@ done: - void * - pkixip_find_cert(void *k, int handle) - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - STACK *store; -+#else -+ STACK_OF(X509_OBJECT) *store; -+#endif - int i; - void *r = NULL; - -@@ -291,11 +327,19 @@ pkixip_find_cert(void *k, int handle) - goto done; - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - if ((i = sk_find(store, k)) < 0) { -+#else -+ if ((i = sk_X509_OBJECT_find(store, k)) < 0) { -+#endif - goto done; - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - r = sk_value(store, i); -+#else -+ r = sk_X509_OBJECT_value(store, i); -+#endif - - done: - pthread_mutex_unlock(&stores_lock); -@@ -304,8 +348,13 @@ done: - - /* Caller must hold stores_lock */ - static int -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - pkixip_do_add_store(int handle, int (*cmp)(X509_OBJECT **, X509_OBJECT **), - STACK *objs) -+#else -+pkixip_do_add_store(int handle, int (*cmp)(const X509_OBJECT * const *, X509_OBJECT * const *), -+ STACK_OF(X509_OBJECT) *objs) -+#endif - { - if (objs == NULL && (objs = sk_X509_OBJECT_new(cmp)) == NULL) { - applog(LOG_CRIT, "no memory"); -@@ -316,8 +365,13 @@ pkixip_do_add_store(int handle, int (*cmp)(X509_OBJECT - return (0); - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - int - pkixip_add_store(int *handle, int (*cmp)(X509_OBJECT **, X509_OBJECT **)) -+#else -+int -+pkixip_add_store(int *handle, int (*cmp)(const X509_OBJECT * const *, const X509_OBJECT * const *)) -+#endif - { - int r = 0; - -@@ -369,7 +423,7 @@ pkixip_get_store_ctx(void) - } - - pthread_mutex_lock(&stores_lock); -- if (pkixip_do_add_store(PKIXIP_STORE_BYSUBJ, x509_object_cmp, st->objs) -+ if (pkixip_do_add_store(PKIXIP_STORE_BYSUBJ, x509_object_cmp, X509_STORE_get0_objects(st)) - < 0) { - X509_STORE_free(st); - X509_STORE_CTX_free(ctx_bysubj); -@@ -396,17 +450,24 @@ pkixip_store_ctx_light_cleanup(X509_STORE_CTX *ctx) - { - // X509_STORE_CTX_cleanup(ctx); - -- if (ctx->chain != NULL) { -- sk_X509_pop_free(ctx->chain, noop_free); -+ if (X509_STORE_CTX_get0_chain(ctx) != NULL) { -+ sk_X509_pop_free(X509_STORE_CTX_get0_chain(ctx), noop_free); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - ctx->chain=NULL; -+#endif - } -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, - &(ctx->ex_data)); - memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); -+#else -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, -+ X509_STORE_CTX_get_app_data(ctx)); -+#endif - - #if 0 -- while (sk_num(ctx->chain) > 0) { -- sk_pop(ctx->chain); -+ while (sk_num(X509_STORE_CTX_get0_chain(ctx)) > 0) { -+ sk_pop(X509_STORE_CTX_get0_chain(ctx)); - } - #endif - } -@@ -445,10 +506,19 @@ pkixip_add2stores_cert(X509 *x) - int i, r = 0; - X509_STORE_CTX *ctx; - void *wrapper; -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - X509_OBJECT o[1]; -+#else -+ X509_OBJECT *o; - -- if ((ctx = pkixip_get_store_ctx()) == NULL) { -+ o = X509_OBJECT_new(); -+ if (o == NULL) - return (-1); -+#endif -+ -+ if ((ctx = pkixip_get_store_ctx()) == NULL) { -+ r = -1; -+ goto done2; - } - - pthread_mutex_lock(&stores_lock); -@@ -459,7 +529,11 @@ pkixip_add2stores_cert(X509 *x) - goto done; - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (X509_STORE_add_cert(ctx->ctx, x) != 1) { -+#else -+ if (X509_STORE_add_cert(X509_STORE_CTX_get0_store(ctx), x) != 1) { -+#endif - pkixip_ssl_err(__FUNCTION__, "X509_STORE_add_cert() failed"); - r = -1; - goto done; -@@ -467,7 +541,8 @@ pkixip_add2stores_cert(X509 *x) - - if (wrap_store_cert) { - if ((wrapper = wrap_store_cert(x)) == NULL) { -- return (-1); -+ r = -1; -+ goto done2; - } - } else { - wrapper = x; -@@ -475,7 +550,11 @@ pkixip_add2stores_cert(X509 *x) - - for (i = 1; i < PKIXIP_MAX_STORES; i++) { - if (stores[i]) { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - sk_push(stores[i], wrapper); -+#else -+ sk_X509_OBJECT_push(stores[i], wrapper); -+#endif - } - } - -@@ -484,6 +563,10 @@ pkixip_add2stores_cert(X509 *x) - - done: - pthread_mutex_unlock(&stores_lock); -+done2: -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ free(o); -+#endif - return (r); - } - -@@ -523,14 +606,26 @@ pkixip_my_chain_init(X509 *mycert) - } - - if (mychain != NULL) { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - sk_free(mychain); -+#else -+ sk_X509_OBJECT_free(mychain); -+#endif - } -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - if ((mychain = sk_dup(ctx->chain)) == NULL) { -+#else -+ if ((mychain = sk_X509_OBJECT_dup(X509_STORE_CTX_get0_chain(ctx))) == NULL) { -+#endif - APPLOG_NOMEM(); - r = -1; - goto done; - } -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - sk_set_cmp_func(mychain, x509_bysubj_cmp); -+#else -+ sk_X509_OBJECT_set_cmp_func(mychain, x509_bysubj_cmp); -+#endif - DBG(&dbg_x509, "mychain verified and set"); - - done: -@@ -538,7 +633,11 @@ done: - return (r); - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - STACK * -+#else -+STACK_OF(X509_OBJECT) * -+#endif - pkixip_get_mychain(void) - { - return (mychain); diff --git a/net-mgmt/send/files/patch-sendd-Makefile b/net-mgmt/send/files/patch-sendd-Makefile deleted file mode 100644 index d83c656ad1d1..000000000000 --- a/net-mgmt/send/files/patch-sendd-Makefile +++ /dev/null @@ -1,13 +0,0 @@ ---- sendd/Makefile.orig 2019-02-27 16:25:45 UTC -+++ sendd/Makefile -@@ -6,8 +6,8 @@ OBJS= addr.o cert.o cga.o config.o cpa.o cps.o ctl.o n - sendd.o sigmeth.o sig_rfc3971.o - INC= sendd_local.h snd_proto.h snd_config.h - --CFLAGS= -Wall -O3 --CPPFLAGS= -I../include -I../../src/sys -+CFLAGS?= -Wall -O3 -+CPPFLAGS+= -I../include -I../../src/sys - YFLAGS= -d -p params_ - LFLAGS= -Pparams_ - diff --git a/net-mgmt/send/files/patch-sendd-cert.c b/net-mgmt/send/files/patch-sendd-cert.c deleted file mode 100644 index 030a5df0247d..000000000000 --- a/net-mgmt/send/files/patch-sendd-cert.c +++ /dev/null @@ -1,14 +0,0 @@ ---- sendd/cert.c.orig 2019-02-27 16:25:45 UTC -+++ sendd/cert.c -@@ -73,7 +73,11 @@ get_pubkeyhash(X509 *x, uint8_t *buf) - EVP_PKEY *k; - int dlen; - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - k = X509_PUBKEY_get(x->cert_info->key); -+#else -+ k = X509_get_pubkey(x); -+#endif - if ((der = cga_key2der(k, &dlen)) == NULL) { - return (-1); - } diff --git a/net-mgmt/send/files/patch-sendd-cpa.c b/net-mgmt/send/files/patch-sendd-cpa.c deleted file mode 100644 index 9a91f114974c..000000000000 --- a/net-mgmt/send/files/patch-sendd-cpa.c +++ /dev/null @@ -1,63 +0,0 @@ ---- sendd/cpa.c.orig 2019-02-27 16:25:45 UTC -+++ sendd/cpa.c -@@ -183,22 +183,23 @@ next: - } - - static int --can_handle_cps(uint8_t *ops, int len, STACK *chain, X509 **x) -+can_handle_cps(uint8_t *ops, int len, STACK_OF(X509_OBJECT) *chain, X509 **x) - { - int i, j, r = 0; - X509_NAME *dn; -- X509 x509_s; -- X509_CINF cinf_s; -- STACK *dchain; -+ X509 *x509_s; -+ STACK_OF(X509_OBJECT) *dchain; - STACK_OF(X509_NAME) *dns; - - *x = NULL; -- -+ x509_s = X509_new(); -+ if (x509_s == NULL) -+ return (1); - if ((dns = snd_get_trustanchors_from_opts(ops, len)) == NULL) { - return (1); - } -- if (sk_num(dns) == 0) { -- sk_free(dns); -+ if (sk_X509_NAME_num(dns) == 0) { -+ sk_X509_NAME_free(dns); - return (1); - } - -@@ -209,24 +210,22 @@ can_handle_cps(uint8_t *ops, int len, STACK *chain, X5 - * sorting (triggered by sk_find), and we need to chain order - * preserved so we can send out the certs in correct order. - */ -- if ((dchain = sk_dup(chain)) == NULL) { -+ if ((dchain = sk_X509_OBJECT_dup(chain)) == NULL) { - applog(LOG_CRIT, "%s: no memory", __FUNCTION__); - goto done; - } -- x509_s.cert_info= &cinf_s; -- -- for (i = 0; i < sk_num(dns); i++) { -+ for (i = 0; i < sk_X509_num(dns); i++) { - dn = sk_X509_NAME_value(dns, i); -- cinf_s.subject=dn; -+ X509_set_subject_name(x509_s, dn); - -- if ((j = sk_X509_find(dchain, &x509_s)) >= 0) { -+ if ((j = sk_X509_NAME_find(dchain, x509_s)) >= 0) { - r = 1; - *x = sk_X509_value(dchain, j); - DBG(dbg, "found"); - break; - } - } -- sk_free(dchain); -+ sk_X509_OBJECT_free(dchain); - - done: - sk_X509_NAME_pop_free(dns, X509_NAME_free); diff --git a/net-mgmt/send/files/patch-sendd-openssl.c b/net-mgmt/send/files/patch-sendd-openssl.c deleted file mode 100644 index 191b0f62c8ef..000000000000 --- a/net-mgmt/send/files/patch-sendd-openssl.c +++ /dev/null @@ -1,42 +0,0 @@ ---- sendd/openssl.c.orig 2019-02-27 16:25:45 UTC -+++ sendd/openssl.c -@@ -57,6 +57,11 @@ struct dlog_desc dbg_cryptox = { - }; - #endif - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#define X509_OBJECT_new(a) calloc(1, sizeof(X509_OBJECT)) -+#define X509_OBJECT_get0_X509(a) ((a)->data.x509) -+#endif -+ - static char nbuf[1024]; /* for displaying X509_NAMEs */ - - static pthread_mutex_t *lock_cs; -@@ -216,12 +221,17 @@ snd_have_chain(void *a) - X509_STORE_CTX *ctx = pkixip_get_store_ctx(); - X509 *tx = a; - X509_NAME *subj, *iss; -- X509_OBJECT obj[1]; -+ X509_OBJECT *obj; - - if (ctx == NULL) { - DBG(&dbg_snd, "pkixip_get_store() failed"); - return (0); - } -+ obj = X509_OBJECT_new(); -+ if (obj == NULL) { -+ DBG(&dbg_snd, "pkixip_get_store() X509_OBJECT() failed"); -+ return (0); -+ } - - for (;;) { - subj = X509_get_subject_name(tx); -@@ -234,7 +244,7 @@ snd_have_chain(void *a) - X509_NAME_oneline(iss, nbuf, sizeof (nbuf))); - return (0); - } -- tx = obj->data.x509; -+ tx = X509_OBJECT_get0_X509(obj); - } - - return (1); diff --git a/net-mgmt/send/files/patch-sendd-os-Makefile b/net-mgmt/send/files/patch-sendd-os-Makefile deleted file mode 100644 index 6b35aab7c4f8..000000000000 --- a/net-mgmt/send/files/patch-sendd-os-Makefile +++ /dev/null @@ -1,18 +0,0 @@ ---- sendd/os/Makefile.orig 2019-02-27 16:25:45 UTC -+++ sendd/os/Makefile -@@ -1,13 +1,5 @@ - - OBJS += os/addr.o os/snd_freebsd.o os-linux/rand.o --CPPFLAGS += -I/usr/local/include -+CPPFLAGS += -I${LOCALBASE}/include - --OSLIBS= -L/usr/local/lib -l$(DNET) -- --OSEXTRA= os/sendd --EXTRAINSTALL= /usr/local/etc/rc.d/sendd --EXTRAUNINSTALL=$(EXTRAINSTALL) -- --/usr/local/etc/rc.d/%: os/% -- install $< $@ -- -+OSLIBS= -L${LOCALBASE}/lib -l$(DNET) diff --git a/net-mgmt/send/files/patch-sendd-sig_rfc3971.c b/net-mgmt/send/files/patch-sendd-sig_rfc3971.c deleted file mode 100644 index 47e3be8cc5f3..000000000000 --- a/net-mgmt/send/files/patch-sendd-sig_rfc3971.c +++ /dev/null @@ -1,112 +0,0 @@ ---- sendd/sig_rfc3971.c.orig 2019-02-27 16:25:45 UTC -+++ sendd/sig_rfc3971.c -@@ -49,6 +49,11 @@ - extern struct dlog_desc dbg_cryptox; - #endif - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#define EVP_MD_CTX_new(x) calloc(1, sizeof(EVP_MD_CTX)) -+#define EVP_MD_CTX_free(x) free(x) -+#endif -+ - static void * - load_privkey(const char *f) - { -@@ -84,7 +89,7 @@ free_privkey(void *k) - static uint8_t * - sign(struct iovec *iov, int iovlen, int *slen, void *priv /* EVP_PKEY */) - { -- EVP_MD_CTX ctx[1]; -+ EVP_MD_CTX *ctx; - uint8_t *sig = NULL; - DEFINE_TIMESTAMP_VARS(); - int i; -@@ -93,9 +98,15 @@ sign(struct iovec *iov, int iovlen, int *slen, void *p - DBG(&dbg_snd, "private key not set"); - return (NULL); - } -+ ctx = EVP_MD_CTX_new(); -+ if (ctx == NULL) { -+ DBG(&dbg_snd, "EVP_MD_CTX_new() failed"); -+ return (NULL); -+ } - - if ((*slen = EVP_PKEY_size(priv)) == 0) { - DBG(&dbg_snd, "EVP_PKEY_size() returned 0"); -+ EVP_MD_CTX_free(ctx); - return (NULL); - } - -@@ -104,6 +115,7 @@ sign(struct iovec *iov, int iovlen, int *slen, void *p - EVP_MD_CTX_init(ctx); - if (EVP_SignInit(ctx, EVP_sha1()) != 1) { - snd_ssl_err(__FUNCTION__, "EVP_SignInit: "); -+ EVP_MD_CTX_free(ctx); - return (NULL); - } - -@@ -136,7 +148,10 @@ sign(struct iovec *iov, int iovlen, int *slen, void *p - DBG_HEXDUMP(&dbg_cryptox, "sig:", sig, *slen); - - done: -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_MD_CTX_cleanup(ctx); -+#endif -+ EVP_MD_CTX_free(ctx); - return (sig); - } - -@@ -144,7 +159,7 @@ static int - ver(struct iovec *iov, int iovlen, uint8_t *key, int klen, uint8_t *sig, - int slen) - { -- EVP_MD_CTX ctx[1]; -+ EVP_MD_CTX *ctx; - EVP_PKEY *pub; - int rv = -1; - int i, real_slen, min_bits; -@@ -157,11 +172,17 @@ ver(struct iovec *iov, int iovlen, uint8_t *key, int k - DBG(&dbg_snd, "could not d2i key"); - return (-1); - } -+ ctx = EVP_MD_CTX_new(); -+ if (ctx == NULL) { -+ DBG(&dbg_snd, "EVP_MD_CTX_new() failed"); -+ return (NULL); -+ } - - min_bits = snd_conf_get_int(snd_min_key_bits); - if (EVP_PKEY_bits(pub) < min_bits) { - DBG(&dbg_snd, "Peer key too weak: %d bits (configured " - "minimum: %d)", EVP_PKEY_bits(pub), min_bits); -+ EVP_MD_CTX_free(ctx); - return (-1); - } - -@@ -171,6 +192,7 @@ ver(struct iovec *iov, int iovlen, uint8_t *key, int k - } else if (real_slen > slen) { - DBG(&dbg_snd, "real sig len (%d) > given sig len (%d)", - real_slen, slen); -+ EVP_MD_CTX_free(ctx); - return (-1); - } - TIMESTAMP_START(); -@@ -178,6 +200,7 @@ ver(struct iovec *iov, int iovlen, uint8_t *key, int k - EVP_MD_CTX_init(ctx); - if (EVP_VerifyInit(ctx, EVP_sha1()) != 1) { - snd_ssl_err(__FUNCTION__, "EVP_VerifyInit: "); -+ EVP_MD_CTX_free(ctx); - return (-1); - } - -@@ -204,7 +227,10 @@ ver(struct iovec *iov, int iovlen, uint8_t *key, int k - TIMESTAMP_END("rfc3971"); - - done: -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_MD_CTX_cleanup(ctx); -+#endif -+ EVP_MD_CTX_free(ctx); - return (rv); - } - diff --git a/net-mgmt/send/files/patch-sendd-snd_proto.h b/net-mgmt/send/files/patch-sendd-snd_proto.h deleted file mode 100644 index 81952ee068bf..000000000000 --- a/net-mgmt/send/files/patch-sendd-snd_proto.h +++ /dev/null @@ -1,18 +0,0 @@ ---- sendd/snd_proto.h.orig 2019-02-27 16:25:45 UTC -+++ sendd/snd_proto.h -@@ -41,11 +41,15 @@ - #define ND_OPT_CGA 11 - #define ND_OPT_SIG 12 - #define ND_OPT_TIMESTAMP 13 -+#ifndef ND_OPT_NONCE - #define ND_OPT_NONCE 14 -+#endif - #define ND_OPT_TRUST_ANCHOR 15 - #define ND_OPT_CERTIFICATE 16 - -+#ifndef ND_OPT_MAX - #define ND_OPT_MAX ND_OPT_CERTIFICATE -+#endif - - #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) - diff --git a/net-mgmt/send/files/patch-sendd_params__gram.y b/net-mgmt/send/files/patch-sendd_params__gram.y deleted file mode 100644 index 21547a0d94b1..000000000000 --- a/net-mgmt/send/files/patch-sendd_params__gram.y +++ /dev/null @@ -1,11 +0,0 @@ ---- sendd/params_gram.y.orig 2023-04-11 00:49:19 UTC -+++ sendd/params_gram.y -@@ -77,7 +77,7 @@ static void yyerror(char *); - extern char *params_text; - extern int params_lex(void); - --int params_linecnt; -+extern int params_linecnt; - - static const char *derfile; - static const char *keyfile; diff --git a/net-mgmt/send/files/pkg-message.in b/net-mgmt/send/files/pkg-message.in deleted file mode 100644 index dc3801965d26..000000000000 --- a/net-mgmt/send/files/pkg-message.in +++ /dev/null @@ -1,9 +0,0 @@ -[ -{ type: install - message: <<EOM -To run sendd from startup, add sendd_enable="YES" -in your /etc/rc.conf. -Configiration options can be found in %%PREFIX%%/etc/sendd -EOM -} -] diff --git a/net-mgmt/send/files/sendd.in b/net-mgmt/send/files/sendd.in deleted file mode 100644 index 6cdbbb2079dd..000000000000 --- a/net-mgmt/send/files/sendd.in +++ /dev/null @@ -1,12 +0,0 @@ -# PROVIDE sendd -# REQUIRE NETWORKING - -. /etc/rc.subr - -name=sendd -rcvar="${name}_enable" -command="%%PREFIX%%/sbin/$name" -required_files="%%PREFIX%%/etc/${name}/${name}.conf" - -load_rc_config $name -run_rc_command "$1" diff --git a/net-mgmt/send/pkg-descr b/net-mgmt/send/pkg-descr deleted file mode 100644 index c0ea7d33747a..000000000000 --- a/net-mgmt/send/pkg-descr +++ /dev/null @@ -1,14 +0,0 @@ -SEND is the implementation of RFC3971 Secure Neighbor Discovery -(SEND). SEND cryptographically secures the IPv6 neighbor discovery -protocol, countering the threats discussed in RFC3756 (IPv6 Neighbor -Discovery (ND) Trust Models and Threats). - -The implementation is a new version of DoCoMo's SEND (send_0.2) that -was implemented completely in user space. Novelty in send_0.3 is the -native SEND API that avoids the need for the use of netgraph and BPF, -which makes send_0.3 portable over different BSD platforms and -significantlly more efficient. - -Also included in the distribution are implementations of RFC3972 -Cryptographically Generated Addresses (CGAs) and RFC3779 X.509 -Extensions for IP Addresses and AS Identifiers. diff --git a/net-mgmt/send/pkg-plist b/net-mgmt/send/pkg-plist deleted file mode 100644 index 0cbc82930494..000000000000 --- a/net-mgmt/send/pkg-plist +++ /dev/null @@ -1,7 +0,0 @@ -sbin/cgatool -sbin/ipexttool -sbin/sendd -etc/sendd/sendd.conf-dist -etc/sendd/params.conf-dist -etc/sendd/ipext.conf-dist -etc/sendd/ipext_verify.conf-dist |