Here's a polished update.
There is a problem somewhere that can be tripped
if --enable-ssl-fastpath isn't used,
but since it is preferred to have --enable-ssl-fastpath,
I think this will be ok for now.
I have left some notes in the Makefile.
I'd really like to get this done, keep on top of it,
and eventually find and fix the problem.
I'll gladly take maintainer.
Stu
(patch also attached)
diff -u -rNp /usr/ports/security/tcltls/Makefile ./Makefile
--- /usr/ports/security/tcltls/Makefile Fri Mar 11 14:54:07 2022
+++ ./Makefile Sun Jun 5 09:22:51 2022
@@ -1,16 +1,12 @@
-BROKEN= Needs update to less outdated version and checking of dependent
ports
-
COMMENT= OpenSSL Tcl extension
-VERSION= 1.6
+VERSION= 1.7.22
-DISTNAME= tls${VERSION}-src
-PKGNAME= tcltls-${VERSION}
-REVISION= 4
+DISTNAME= tcltls-${VERSION}
CATEGORIES= security
-HOMEPAGE= http://tls.sourceforge.net/
+HOMEPAGE= http://core.tcl-lang.org/tcltls/
MAINTAINER= Sebastian Reitenbach <sebastia@openbsd.org>
@@ -19,29 +15,43 @@ PERMIT_PACKAGE= Yes
WANTLIB= ssl crypto
-MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=tls/}
+MASTER_SITES= ${HOMEPAGE:=uv/}
MODULES= lang/tcl
-
+MODTCL_VERSION= 8.6
RUN_DEPENDS= ${MODTCL_RUN_DEPENDS}
BUILD_DEPENDS= ${RUN_DEPENDS}
-WRKDIST= ${WRKDIR}/tls${VERSION}
+FAKE_FLAGS = PACKAGE_INSTALL_DIR='$$(TCL_PACKAGE_PATH)/tcltls' \
+ INSTALL_PROGRAM='$$(INSTALL_DATA)'
+
+TEST_FLAGS = TESTFLAGS='${TESTFLAGS}'
SEPARATE_BUILD =Yes
CONFIGURE_STYLE=gnu
+
CONFIGURE_ARGS= --libdir=${MODTCL_TCLDIR} \
--with-tcl=${MODTCL_LIBDIR} \
- --with-tclinclude=${MODTCL_INCDIR} \
- --with-ssl-dir=/usr \
- --includedir=${PREFIX}/include/tcltls
+ --includedir=${PREFIX}/include/tcltls \
+ --disable-rpath \
+ --enable-deterministic \
+ --enable-ssl-fastpath
-FAKE_FLAGS = PKG_DIR='$$(PACKAGE_NAME)'
INSTALL_PROGRAM='$$(INSTALL_DATA)'
-INSTALL_TARGET= install-binaries
+# Tcltls configure will always choose tclsh8.6 (if installed) over
tclsh8.5.
+# Ensure that the tclsh chosen matches MODTCL_VERSION.
+CONFIGURE_ENV += TCLSH_NATIVE=${MODTCL_BIN}
+
TEST_TARGET= test
-CFLAGS += -DNO_SSL2 -DNO_SSL3
-SUBST_VARS= VER
-VER= ${VERSION:S/.//g}
+# Use TESTFLAGS to control the Tclthread tests
+TESTFLAGS =
+
+# --enable-ssl-fastpath is the preferred option
+# but these tests will fail without it.
+# tlsIO-9.2 tlsIO-2.11 tlsIO-12.3
+# To be revisited.
+#
+# Use premade DH primes instead of generating new; builds faster.
+# --enable-deterministic
post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/tcltls/
diff -u -rNp /usr/ports/security/tcltls/distinfo ./distinfo
--- /usr/ports/security/tcltls/distinfo Sat Jan 17 22:15:08 2015
+++ ./distinfo Tue May 24 10:50:30 2022
@@ -1,2 +1,2 @@
-SHA256 (tls1.6-src.tar.gz) =
rexQFDqa1jSmcdJPfHu/JFVIfrXxLSkPQXl8MqmLk/M=
-SIZE (tls1.6-src.tar.gz) = 168043
+SHA256 (tcltls-1.7.22.tar.gz) =
6E4reideyCxKqp0bH5eG2+Q1jIFekXU5/+f2Z/9Lw7Q=
+SIZE (tcltls-1.7.22.tar.gz) = 165206
diff -u -rNp /usr/ports/security/tcltls/patches/patch-configure
./patches/patch-configure
--- /usr/ports/security/tcltls/patches/patch-configure Fri Mar 11
14:54:07 2022
+++ ./patches/patch-configure Wed Dec 31 19:00:00 1969
@@ -1,12 +0,0 @@
-Index: configure
---- configure.orig
-+++ configure
-@@ -8155,7 +8155,7 @@ echo "${ECHO_T}$tcl_cv_ld_elf" >&6
- DL_LIBS=""
- CC_SEARCH_FLAGS='-Wl,-rpath,${LIB_RUNTIME_DIR}'
- LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS}
-- SHARED_LIB_SUFFIX='${TCL_TRIM_DOTS}.so.1.0'
-+ SHARED_LIB_SUFFIX='${TCL_TRIM_DOTS}.so'
- echo "$as_me:$LINENO: checking for ELF" >&5
- echo $ECHO_N "checking for ELF... $ECHO_C" >&6
- if test "${tcl_cv_ld_elf+set}" = set; then
diff -u -rNp /usr/ports/security/tcltls/patches/patch-tests_ciphers_test
./patches/patch-tests_ciphers_test
--- /usr/ports/security/tcltls/patches/patch-tests_ciphers_test Fri Mar
11 14:54:07 2022
+++ ./patches/patch-tests_ciphers_test Wed Dec 31 19:00:00 1969
@@ -1,39 +0,0 @@
-Those tests will fail.
-
---- tests/ciphers.test.orig Fri Jun 22 23:03:34 2007
-+++ tests/ciphers.test Sun Dec 5 12:57:05 2010
-@@ -105,22 +105,22 @@ test ciphers-1.2 {Tls::ciphers for tls1}
{rsabsafe} {
- listcompare $::EXPECTEDCIPHERS(rsabsafe) [tls::ciphers tls1]
- } {}
-
--test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} {
-- # This will fail if you compiled against RSA bsafe or with a
-- # different set of defines than the default.
-- # Change the constraint setting above.
-- listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers ssl3]
--} {}
-+#test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} {
-+# # This will fail if you compiled against RSA bsafe or with a
-+# # different set of defines than the default.
-+# # Change the constraint setting above.
-+# listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers ssl3]
-+#} {}
-
- # This version of the test is correct for OpenSSL only.
- # An equivalent test for the RSA BSAFE SSL-C is earlier in this file.
-
--test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {
-- # This will fail if you compiled against RSA bsafe or with a
-- # different set of defines than the default.
-- # Change the constraint setting in all.tcl
-- listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers tls1]
--} {}
-+#test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {
-+# # This will fail if you compiled against RSA bsafe or with a
-+# # different set of defines than the default.
-+# # Change the constraint setting in all.tcl
-+# listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers tls1]
-+#} {}
-
-
- # cleanup
diff -u -rNp /usr/ports/security/tcltls/patches/patch-tlsBIO_c
./patches/patch-tlsBIO_c
--- /usr/ports/security/tcltls/patches/patch-tlsBIO_c Wed Dec 31
19:00:00 1969
+++ ./patches/patch-tlsBIO_c Tue May 24 10:50:30 2022
@@ -0,0 +1,20 @@
+Found in the Debian port:
+http://deb.debian.org/debian/pool/main/t/tcltls/tcltls_1.7.22-2.debian.tar.xz
+
+Index: tlsBIO.c
+--- tlsBIO.c.orig
++++ tlsBIO.c
+@@ -231,9 +231,12 @@ static long BioCtrl(BIO *bio, int cmd, long num,
void
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ dprintf("Got BIO_CTRL_RESET");
+- num = 0;
++ ret = 0;
++ break;
+ case BIO_C_FILE_SEEK:
+ dprintf("Got BIO_C_FILE_SEEK");
++ ret = 0;
++ break;
+ case BIO_C_FILE_TELL:
+ dprintf("Got BIO_C_FILE_TELL");
+ ret = 0;
diff -u -rNp /usr/ports/security/tcltls/patches/patch-tlsInt_h
./patches/patch-tlsInt_h
--- /usr/ports/security/tcltls/patches/patch-tlsInt_h Wed Dec 31
19:00:00 1969
+++ ./patches/patch-tlsInt_h Tue May 24 10:50:30 2022
@@ -0,0 +1,12 @@
+Index: tlsInt.h
+--- tlsInt.h.orig
++++ tlsInt.h
+@@ -54,7 +54,7 @@
+ * Determine if we should use the pre-OpenSSL 1.1.0 API
+ */
+ #undef TCLTLS_OPENSSL_PRE_1_1
+-#if (defined(LIBRESSL_VERSION_NUMBER)) || OPENSSL_VERSION_NUMBER <
0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ # define TCLTLS_OPENSSL_PRE_1_1_API 1
+
No comments:
Post a Comment