Date: Mon, 3 Apr 2017 17:33:49 +0000 (UTC) From: Jung-uk Kim <jkim@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r437668 - in head: Mk/Uses net/pipsecd net/pipsecd/files security/netpgp security/py-pow Message-ID: <201704031733.v33HXnZO099007@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jkim Date: Mon Apr 3 17:33:48 2017 New Revision: 437668 URL: https://svnweb.freebsd.org/changeset/ports/437668 Log: Remove obsolete OpenSSL hacks for IDEA crypto. We have some hacks in the ports tree to detect or to unconditionally disable IDEA crypto support. These hacks existed because OpenSSL in FreeBSD 9.3 and earlier was shipped without IDEA support by default but we were allowed to enable it via WITH_IDEA src.conf(5) option. https://www.freebsd.org/cgi/man.cgi?query=src.conf&manpath=FreeBSD+9.3-RELEASE Therefore, we had to implement some hacks to support three different cases, i.e., a) 9.3 and earlier without IDEA crypto (default), b) 9.3 and earlier with IDEA crypto (via WITH_IDEA src.conf option), and c) 10.0 and later with unconditional IDEA support. Now we can safely remove them because 9.3 and earlier is no longer supported. PR: 218233 Exp-Run by: antoine Approved by: antoine (portmgr) Modified: head/Mk/Uses/ssl.mk head/net/pipsecd/Makefile head/net/pipsecd/files/patch-tunip.c head/security/netpgp/Makefile head/security/py-pow/Makefile Modified: head/Mk/Uses/ssl.mk ============================================================================== --- head/Mk/Uses/ssl.mk Mon Apr 3 17:20:32 2017 (r437667) +++ head/Mk/Uses/ssl.mk Mon Apr 3 17:33:48 2017 (r437668) @@ -64,24 +64,6 @@ check-depends:: @${FALSE} . endif -# OpenSSL in the base system may not include IDEA for patent licensing reasons. -. if defined(MAKE_IDEA) && !defined(OPENSSL_IDEA) -OPENSSL_IDEA= ${MAKE_IDEA} -. else -OPENSSL_IDEA?= NO -. endif - -. if ${OPENSSL_IDEA} == "NO" -# XXX This is a hack to work around the fact that /etc/make.conf clobbers -# our CFLAGS. It might not be enough for all future ports. -. if defined(HAS_CONFIGURE) -CFLAGS+= -DNO_IDEA -. else -OPENSSL_CFLAGS+= -DNO_IDEA -. endif -MAKE_ARGS+= OPENSSL_CFLAGS="${OPENSSL_CFLAGS}" -. endif - .else # ${SSL_DEFAULT} != base OPENSSLBASE= ${LOCALBASE} Modified: head/net/pipsecd/Makefile ============================================================================== --- head/net/pipsecd/Makefile Mon Apr 3 17:20:32 2017 (r437667) +++ head/net/pipsecd/Makefile Mon Apr 3 17:33:48 2017 (r437668) @@ -3,7 +3,7 @@ PORTNAME= pipsecd PORTVERSION= 19991014 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= net security MASTER_SITES= http://perso.telecom-paristech.fr/~beyssac/pipsec/ \ http://www.komquats.com/distfiles/ Modified: head/net/pipsecd/files/patch-tunip.c ============================================================================== --- head/net/pipsecd/files/patch-tunip.c Mon Apr 3 17:20:32 2017 (r437667) +++ head/net/pipsecd/files/patch-tunip.c Mon Apr 3 17:33:48 2017 (r437668) @@ -9,13 +9,7 @@ #include <netinet/in_systm.h> #include <netinet/in.h> #include <netinet/ip.h> -@@ -54,12 +56,14 @@ - #include <blowfish.h> - #include <cast.h> - #include <des.h> -+#ifndef NO_IDEA - #include <idea.h> -+#endif +@@ -58,8 +60,8 @@ #include "defs.h" @@ -26,7 +20,7 @@ #define _PATH_DEV_RANDOM "/dev/random" #ifdef USE_ETHERTAP -@@ -100,6 +104,7 @@ struct ethtap_header ethtap; +@@ -100,6 +102,7 @@ struct ethtap_header ethtap; #endif unsigned char buf[MAX_HEADER+MAX_PACKET]; @@ -34,7 +28,7 @@ typedef union { MD5_CTX md5; -@@ -124,14 +129,16 @@ typedef struct hash_method { +@@ -124,11 +127,11 @@ typedef struct hash_method { typedef union { BF_KEY bf; @@ -49,49 +43,8 @@ + DES_key_schedule k3; } des3; CAST_KEY cast; -+#ifndef NO_IDEA IDEA_KEY_SCHEDULE idea; -+#endif - } crypt_key; - - typedef struct crypt_method { -@@ -304,12 +311,14 @@ void cast_cbc_encrypt(unsigned char *iv, - void cast_cbc_decrypt(unsigned char *iv, crypt_key *dk, - unsigned char *ct, unsigned int len); - int cast_setkey(unsigned char *b, unsigned int len, crypt_key *k); -+#ifndef NO_IDEA - void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek, - unsigned char *t, unsigned int len); - void my_idea_cbc_decrypt(unsigned char *iv, crypt_key *dk, - unsigned char *ct, unsigned int len); - int my_idea_set_encrypt_key(unsigned char *b, unsigned int len, crypt_key *k); - int my_idea_set_decrypt_key(unsigned char *b, unsigned int len, crypt_key *k); -+#endif - void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek, - unsigned char *t, unsigned int len); - void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk, -@@ -379,14 +388,20 @@ hash_method_t hash_ripemd160 = { - - hash_method_t *hash_list = &hash_ripemd160; - -+#ifndef NO_IDEA - crypt_method_t crypt_idea = { - NULL, - "idea_cbc", 8, 8, - my_idea_cbc_encrypt, my_idea_cbc_decrypt, - my_idea_set_encrypt_key, my_idea_set_decrypt_key - }; -+#endif - crypt_method_t crypt_cast = { -+#ifndef NO_IDEA - &crypt_idea, -+#else -+ NULL, -+#endif - "cast_cbc", 8, 8, - cast_cbc_encrypt, cast_cbc_decrypt, - cast_setkey, cast_setkey -@@ -704,13 +719,22 @@ void tun_new(struct tun_method *this, +@@ -704,13 +707,22 @@ void tun_new(struct tun_method *this, */ int tun_send_ip(struct tun_method *this, struct encap_method *encap, int fd) { @@ -115,7 +68,7 @@ sent = write(fd, encap->buf, encap->buflen); if (sent != encap->buflen) syslog(LOG_ERR, "truncated in: %d -> %d\n", encap->buflen, sent); -@@ -1120,6 +1144,7 @@ void config_read(FILE *cf) +@@ -1120,6 +1132,7 @@ void config_read(FILE *cf) } } else if (strcmp(arg, "if") == 0) { int fd; @@ -123,7 +76,7 @@ struct sa_desc *local_sa, *remote_sa; struct peer_desc *peer; -@@ -1128,6 +1153,7 @@ void config_read(FILE *cf) +@@ -1128,6 +1141,7 @@ void config_read(FILE *cf) perror(arg); continue; } @@ -131,20 +84,7 @@ local_sa = NULL; remote_sa = NULL; -@@ -1974,6 +2000,7 @@ int cast_setkey(unsigned char *b, unsign - return 0; - } - -+#ifndef NO_IDEA - void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek, - unsigned char *t, unsigned int len) - { -@@ -2002,11 +2029,12 @@ int my_idea_set_decrypt_key(unsigned cha - idea_set_decrypt_key(&k->idea, &k->idea); - return 0; - } -+#endif - +@@ -2006,7 +2020,7 @@ int my_idea_set_decrypt_key(unsigned cha void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek, unsigned char *t, unsigned int len) { @@ -153,7 +93,7 @@ } void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk, -@@ -2018,7 +2046,7 @@ void my_des_cbc_decrypt(unsigned char *i +@@ -2018,7 +2032,7 @@ void my_des_cbc_decrypt(unsigned char *i for (i = 0; i < len; i++) printf(" %02x", ct[i]); printf("\n"); #endif @@ -162,7 +102,7 @@ #if 0 printf("%d bytes after decrypt\n", len); for (i = 0; i < len; i++) printf(" %02x", ct[i]); -@@ -2029,23 +2057,23 @@ void my_des_cbc_decrypt(unsigned char *i +@@ -2029,23 +2043,23 @@ void my_des_cbc_decrypt(unsigned char *i int my_des_setkey(unsigned char *b, unsigned int len, crypt_key *k) { if (len == 8) @@ -191,7 +131,7 @@ iv, DES_DECRYPT); } -@@ -2054,11 +2082,11 @@ int my_des3_setkey(unsigned char *b, uns +@@ -2054,11 +2068,11 @@ int my_des3_setkey(unsigned char *b, uns if (len != 24) return -1; @@ -206,7 +146,7 @@ return -1; return 0; -@@ -2081,6 +2109,11 @@ int null_setkey(unsigned char *b, unsign +@@ -2081,6 +2095,11 @@ int null_setkey(unsigned char *b, unsign return 0; } @@ -218,7 +158,7 @@ int main(int argc, char **argv) { time_t t; -@@ -2088,9 +2121,14 @@ int main(int argc, char **argv) +@@ -2088,9 +2107,14 @@ int main(int argc, char **argv) int pack, i; struct sockaddr_in from; struct stat sb; @@ -233,7 +173,7 @@ openlog ("pipsecd", LOG_PID, LOG_DAEMON); syslog (LOG_NOTICE, "pipsecd starting"); -@@ -2113,7 +2151,21 @@ int main(int argc, char **argv) +@@ -2113,7 +2137,21 @@ int main(int argc, char **argv) if (encap_icmp_new(&encap_meth[ENCAP_ICMP], IPPROTO_ICMP) == -1) exit(1); @@ -256,7 +196,7 @@ if (f == NULL) { perror("configuration file"); exit(1); -@@ -2123,8 +2175,8 @@ int main(int argc, char **argv) +@@ -2123,8 +2161,8 @@ int main(int argc, char **argv) fclose(f); /* Execute startup script, if any */ Modified: head/security/netpgp/Makefile ============================================================================== --- head/security/netpgp/Makefile Mon Apr 3 17:20:32 2017 (r437667) +++ head/security/netpgp/Makefile Mon Apr 3 17:33:48 2017 (r437668) @@ -18,8 +18,5 @@ INSTALL_TARGET= install-strip CPPFLAGS+= -I${OPENSSLINC} CFLAGS+= -I${OPENSSLINC} -Wno-error LDFLAGS+= -L${OPENSSLLIB} -.if !exists(${OPENSSLINC}/openssl/idea.h) -CFLAGS+= -DOPENSSL_NO_IDEA -.endif .include <bsd.port.post.mk> Modified: head/security/py-pow/Makefile ============================================================================== --- head/security/py-pow/Makefile Mon Apr 3 17:20:32 2017 (r437667) +++ head/security/py-pow/Makefile Mon Apr 3 17:33:48 2017 (r437668) @@ -3,7 +3,7 @@ PORTNAME= pow PORTVERSION= 0.7 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security python MASTER_SITES= SF/${PORTNAME}/POW/POW-${PORTVERSION} PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -26,7 +26,7 @@ post-patch: @${REINPLACE_CMD} -e 's|licence|license|' ${WRKSRC}/setup.py do-build: - cd ${WRKSRC} && ${PYTHON_CMD} ${PYSETUP} build_ext -D NO_IDEA -D NO_RC5_32_12_16 ${PYDISTUTILS_BUILD_TARGET} + cd ${WRKSRC} && ${PYTHON_CMD} ${PYSETUP} build_ext -D NO_RC5_32_12_16 ${PYDISTUTILS_BUILD_TARGET} post-install: @${STRIP_CMD} ${STAGEDIR}${PYTHONPREFIX_SITELIBDIR}/POW/_POW.so
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704031733.v33HXnZO099007>