From owner-svn-ports-head@freebsd.org  Tue Mar  8 20:19:09 2016
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 03954AC7F50;
 Tue,  8 Mar 2016 20:19:09 +0000 (UTC)
 (envelope-from naddy@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B65E865A;
 Tue,  8 Mar 2016 20:19:08 +0000 (UTC)
 (envelope-from naddy@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u28KJ7d1007902;
 Tue, 8 Mar 2016 20:19:07 GMT (envelope-from naddy@FreeBSD.org)
Received: (from naddy@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u28KJ7c5007900;
 Tue, 8 Mar 2016 20:19:07 GMT (envelope-from naddy@FreeBSD.org)
Message-Id: <201603082019.u28KJ7c5007900@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: naddy set sender to
 naddy@FreeBSD.org using -f
From: Christian Weisgerber <naddy@FreeBSD.org>
Date: Tue, 8 Mar 2016 20:19:07 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r410654 - in head/net/openntpd: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 20:19:09 -0000

Author: naddy
Date: Tue Mar  8 20:19:07 2016
New Revision: 410654
URL: https://svnweb.freebsd.org/changeset/ports/410654

Log:
  * Reenable certificate validation through libressl
    (libressl 2.2.6 seems to be happy enough with the ca_root_nss 3.22.2
    upgrade)
  * Avoid strptime %Z which is nonstandard and can give surprising
    results on different operating systems. (Same fix as upstream.)
  
  PR:		207685
  Submitted by:	mandree

Added:
  head/net/openntpd/files/patch-src_constraint.c   (contents, props changed)
Modified:
  head/net/openntpd/Makefile

Modified: head/net/openntpd/Makefile
==============================================================================
--- head/net/openntpd/Makefile	Tue Mar  8 20:11:27 2016	(r410653)
+++ head/net/openntpd/Makefile	Tue Mar  8 20:19:07 2016	(r410654)
@@ -2,7 +2,7 @@
 
 PORTNAME=	openntpd
 PORTVERSION=	5.7p4
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	2
 CATEGORIES=	net
 MASTER_SITES=	OPENBSD/OpenNTPD
@@ -20,25 +20,26 @@ USE_RC_SUBR=	openntpd
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--disable-silent-rules
 
-# XXX:
-# * LibreSSL fails with the certificiate bundle from ca_root_nss.
+# * LibreSSL fails with the certificiate bundle from ca_root_nss;
+#   3.22.2 appears to work just fine (unlike 3.22).
 # * USE_OPENSSL does not handle LibreSSL yet.
-#
-#OPTIONS_DEFINE=		RESSL
-#RESSL_DESC=		SSL/TLS support via LibreSSL
-#
-#OPTIONS_DEFAULT=	RESSL
-#
-#RESSL_LIB_DEPENDS=	libtls.so:${PORTSDIR}/security/libressl
-#RESSL_CONFIGURE_WITH=	cacert=${LOCALBASE}/etc/ssl/cert.pem
-#RESSL_CPPFLAGS=		-I${LOCALBASE}/include
-#RESSL_LDFLAGS=		-L${LOCALBASE}/lib
+
+OPTIONS_DEFINE=		RESSL
+RESSL_DESC=		SSL/TLS support via LibreSSL
+
+OPTIONS_DEFAULT=	RESSL
+
+RESSL_LIB_DEPENDS=	libtls.so:${PORTSDIR}/security/libressl
+RESSL_CONFIGURE_WITH=	cacert=${LOCALBASE}/etc/ssl/cert.pem
+RESSL_CPPFLAGS=		-I${LOCALBASE}/include
+RESSL_LDFLAGS=		-L${LOCALBASE}/lib
+RESSL_RUN_DEPENDS=	ca_root_nss>=3.22.2:${PORTSDIR}/security/ca_root_nss
 
 pre-build:
 	${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},g' \
 	    ${WRKSRC}/src/ntpd.conf.5 ${WRKSRC}/src/ntpd.8
 
 post-install:
-	cd ${STAGEDIR}${PREFIX}/etc; ${MV} ntpd.conf ntpd.conf.sample
+	cd ${STAGEDIR}${PREFIX}/etc && ${MV} ntpd.conf ntpd.conf.sample
 
 .include <bsd.port.mk>

Added: head/net/openntpd/files/patch-src_constraint.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/openntpd/files/patch-src_constraint.c	Tue Mar  8 20:19:07 2016	(r410654)
@@ -0,0 +1,11 @@
+--- src/constraint.c.orig	2015-03-14 21:24:11 UTC
++++ src/constraint.c
+@@ -665,7 +665,7 @@ httpsdate_request(struct httpsdate *http
+ 		 * or ANSI C's asctime() - the latter doesn't include
+ 		 * the timezone which is required here.
+ 		 */
+-		if (strptime(p, "%a, %d %h %Y %T %Z",
++		if (strptime(p, "%a, %d %h %Y %T GMT",
+ 		    &httpsdate->tls_tm) == NULL) {
+ 			log_warnx("unsupported date format");
+ 			free(line);