Hi,
I've brought the port up to the latest version
but I'm not pleased with the test failures
when not using --enable-ssl-fastpath.
I don't see anything about this problem in
the FreeBSD, NetBSD or Debian ports.
Only NetBSD uses --enable-ssl-fastpath.
My best guess is something to do with EAGAIN
handling and BIO_should_read/write() in the BioRead
and BioWrite functions in tlsBIO.c.
This is about as far as my brain can take me.
Additional notes in the patches.
Same results on amd64 and i386.
Stu
diff -u -rNp /usr/ports/security/tcltls/Makefile ./Makefile
--- /usr/ports/security/tcltls/Makefile Fri Mar 11 14:54:07 2022
+++ ./Makefile Mon May 23 16:52:38 2022
@@ -1,16 +1,12 @@
-BROKEN= Needs update to less outdated version and checking of dependent
ports
-
COMMENT= OpenSSL Tcl extension
-VERSION= 1.6
+VERSION= 1.7.22
-DISTNAME= tls${VERSION}-src
-PKGNAME= tcltls-${VERSION}
-REVISION= 4
+DISTNAME= tcltls-${VERSION}
CATEGORIES= security
-HOMEPAGE= http://tls.sourceforge.net/
+HOMEPAGE= http://core.tcl-lang.org/tcltls/
MAINTAINER= Sebastian Reitenbach <[email protected]>
@@ -19,29 +15,54 @@ PERMIT_PACKAGE= Yes
WANTLIB= ssl crypto
-MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=tls/}
+MASTER_SITES= ${HOMEPAGE:=uv/}
MODULES= lang/tcl
RUN_DEPENDS= ${MODTCL_RUN_DEPENDS}
BUILD_DEPENDS= ${RUN_DEPENDS}
-WRKDIST= ${WRKDIR}/tls${VERSION}
+FAKE_FLAGS = PACKAGE_INSTALL_DIR='$$(TCL_PACKAGE_PATH)/tcltls' \
+ INSTALL_PROGRAM='$$(INSTALL_DATA)'
+
+TEST_FLAGS = TESTFLAGS='${TESTFLAGS}'
SEPARATE_BUILD =Yes
CONFIGURE_STYLE=gnu
+
CONFIGURE_ARGS= --libdir=${MODTCL_TCLDIR} \
--with-tcl=${MODTCL_LIBDIR} \
- --with-tclinclude=${MODTCL_INCDIR} \
- --with-ssl-dir=/usr \
- --includedir=${PREFIX}/include/tcltls
+ --includedir=${PREFIX}/include/tcltls \
+ --disable-rpath \
+ --enable-deterministic \
+ --enable-ssl-fastpath
-FAKE_FLAGS = PKG_DIR='$$(PACKAGE_NAME)'
INSTALL_PROGRAM='$$(INSTALL_DATA)'
-INSTALL_TARGET= install-binaries
+
+# Tests will fail without this. Not a good sign.
+# --enable-ssl-fastpath
+
+# Use premade DH primes instead of generating new ones; builds faster.
+# --enable-deterministic
+
+# Print lots of debugging info
+# --enable-debug
+
+
+# Tcltls configure will always choose tclsh8.6 (if installed) over
tclsh8.5.
+# Ensure that the tclsh chosen is the one matching MODTCL_VERSION.
+CONFIGURE_ENV += TCLSH_NATIVE=${MODTCL_BIN}
+
TEST_TARGET= test
-CFLAGS += -DNO_SSL2 -DNO_SSL3
-SUBST_VARS= VER
-VER= ${VERSION:S/.//g}
+# Use TESTFLAGS to control the Tclthread tests
+TESTFLAGS =
+
+
+# These tests fail without --enable-ssl-fastpath.
+#TESTFLAGS='-skip "tlsIO-9.2 tlsIO-2.11 tlsIO-12.3"'
+
+# To run one test only:
+#TESTFLAGS='-match "tlsIO-9.2"'
+
post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/tcltls/
diff -u -rNp /usr/ports/security/tcltls/distinfo ./distinfo
--- /usr/ports/security/tcltls/distinfo Sat Jan 17 22:15:08 2015
+++ ./distinfo Sat May 21 09:18:13 2022
@@ -1,2 +1,2 @@
-SHA256 (tls1.6-src.tar.gz) =
rexQFDqa1jSmcdJPfHu/JFVIfrXxLSkPQXl8MqmLk/M=
-SIZE (tls1.6-src.tar.gz) = 168043
+SHA256 (tcltls-1.7.22.tar.gz) =
6E4reideyCxKqp0bH5eG2+Q1jIFekXU5/+f2Z/9Lw7Q=
+SIZE (tcltls-1.7.22.tar.gz) = 165206
diff -u -rNp /usr/ports/security/tcltls/patches/patch-configure
./patches/patch-configure
--- /usr/ports/security/tcltls/patches/patch-configure Fri Mar 11
14:54:07 2022
+++ ./patches/patch-configure Wed Dec 31 19:00:00 1969
@@ -1,12 +0,0 @@
-Index: configure
---- configure.orig
-+++ configure
-@@ -8155,7 +8155,7 @@ echo "${ECHO_T}$tcl_cv_ld_elf" >&6
- DL_LIBS=""
- CC_SEARCH_FLAGS='-Wl,-rpath,${LIB_RUNTIME_DIR}'
- LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS}
-- SHARED_LIB_SUFFIX='${TCL_TRIM_DOTS}.so.1.0'
-+ SHARED_LIB_SUFFIX='${TCL_TRIM_DOTS}.so'
- echo "$as_me:$LINENO: checking for ELF" >&5
- echo $ECHO_N "checking for ELF... $ECHO_C" >&6
- if test "${tcl_cv_ld_elf+set}" = set; then
diff -u -rNp /usr/ports/security/tcltls/patches/patch-tests_ciphers_test
./patches/patch-tests_ciphers_test
--- /usr/ports/security/tcltls/patches/patch-tests_ciphers_test Fri Mar
11 14:54:07 2022
+++ ./patches/patch-tests_ciphers_test Wed Dec 31 19:00:00 1969
@@ -1,39 +0,0 @@
-Those tests will fail.
-
---- tests/ciphers.test.orig Fri Jun 22 23:03:34 2007
-+++ tests/ciphers.test Sun Dec 5 12:57:05 2010
-@@ -105,22 +105,22 @@ test ciphers-1.2 {Tls::ciphers for tls1}
{rsabsafe} {
- listcompare $::EXPECTEDCIPHERS(rsabsafe) [tls::ciphers tls1]
- } {}
-
--test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} {
-- # This will fail if you compiled against RSA bsafe or with a
-- # different set of defines than the default.
-- # Change the constraint setting above.
-- listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers ssl3]
--} {}
-+#test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} {
-+# # This will fail if you compiled against RSA bsafe or with a
-+# # different set of defines than the default.
-+# # Change the constraint setting above.
-+# listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers ssl3]
-+#} {}
-
- # This version of the test is correct for OpenSSL only.
- # An equivalent test for the RSA BSAFE SSL-C is earlier in this file.
-
--test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {
-- # This will fail if you compiled against RSA bsafe or with a
-- # different set of defines than the default.
-- # Change the constraint setting in all.tcl
-- listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers tls1]
--} {}
-+#test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {
-+# # This will fail if you compiled against RSA bsafe or with a
-+# # different set of defines than the default.
-+# # Change the constraint setting in all.tcl
-+# listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers tls1]
-+#} {}
-
-
- # cleanup
diff -u -rNp /usr/ports/security/tcltls/patches/patch-tlsBIO_c
./patches/patch-tlsBIO_c
--- /usr/ports/security/tcltls/patches/patch-tlsBIO_c Wed Dec 31
19:00:00 1969
+++ ./patches/patch-tlsBIO_c Sun May 22 21:25:55 2022
@@ -0,0 +1,20 @@
+Found in the Debian port:
+http://deb.debian.org/debian/pool/main/t/tcltls/tcltls_1.7.22-2.debian.tar.xz
+
+Index: tlsBIO.c
+--- tlsBIO.c.orig
++++ tlsBIO.c
+@@ -231,9 +231,12 @@ static long BioCtrl(BIO *bio, int cmd, long num,
void
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ dprintf("Got BIO_CTRL_RESET");
+- num = 0;
++ ret = 0;
++ break;
+ case BIO_C_FILE_SEEK:
+ dprintf("Got BIO_C_FILE_SEEK");
++ ret = 0;
++ break;
+ case BIO_C_FILE_TELL:
+ dprintf("Got BIO_C_FILE_TELL");
+ ret = 0;
diff -u -rNp /usr/ports/security/tcltls/patches/patch-tlsInt_h
./patches/patch-tlsInt_h
--- /usr/ports/security/tcltls/patches/patch-tlsInt_h Wed Dec 31
19:00:00 1969
+++ ./patches/patch-tlsInt_h Sun May 22 10:10:19 2022
@@ -0,0 +1,12 @@
+Index: tlsInt.h
+--- tlsInt.h.orig
++++ tlsInt.h
+@@ -54,7 +54,7 @@
+ * Determine if we should use the pre-OpenSSL 1.1.0 API
+ */
+ #undef TCLTLS_OPENSSL_PRE_1_1
+-#if (defined(LIBRESSL_VERSION_NUMBER)) || OPENSSL_VERSION_NUMBER <
0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ # define TCLTLS_OPENSSL_PRE_1_1_API 1
+ #endif
+
diff -u -rNp /usr/ports/security/tcltls/patches/patch-tlsX509_c
./patches/patch-tlsX509_c
--- /usr/ports/security/tcltls/patches/patch-tlsX509_c Fri Mar 11
14:54:07 2022
+++ ./patches/patch-tlsX509_c Wed Dec 31 19:00:00 1969
@@ -1,36 +0,0 @@
-Index: tlsX509.c
---- tlsX509.c.orig
-+++ tlsX509.c
-@@ -102,8 +102,11 @@ Tls_NewX509Obj( interp, cert)
- char notAfter[BUFSIZ];
- #ifndef NO_SSL_SHA
- int shai;
-- char sha_hash[SHA_DIGEST_LENGTH*2];
-+ char sha_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
-+ unsigned char sha_hash_binary[SHA_DIGEST_LENGTH];
- const char *shachars="0123456789ABCDEF;
-+
-+ sha_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
- #endif
-
- if ((bio = BIO_new(BIO_s_mem())) == NULL) {
-@@ -139,15 +142,16 @@ Tls_NewX509Obj( interp, cert)
- strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));
-
- #ifndef NO_SSL_SHA
-+ X509_digest(cert, EVP_sha1(), sha_hash_binary, NULL);
- for (shai=0;shai<SHA_DIGEST_LENGTH;shai++)
- {
-- sha_hash[shai * 2]=shachars[(cert->sha1_hash[shai] & 0xF0) >>
4];
-- sha_hash[shai * 2 + 1]=shachars[(cert->sha1_hash[shai] &
0x0F)];
-+ sha_hash_ascii[shai * 2]=shachars[(sha_hash_binary[shai] &
0xF0) >> 4];
-+ sha_hash_ascii[shai * 2 + 1]=shachars[(sha_hash_binary[shai] &
0x0F)];
- }
- Tcl_ListObjAppendElement( interp, certPtr,
- Tcl_NewStringObj( "sha1_hash", -1) );
- Tcl_ListObjAppendElement( interp, certPtr,
-- Tcl_NewStringObj( sha_hash, SHA_DIGEST_LENGTH*2) );
-+ Tcl_NewStringObj( sha_hash_ascii, SHA_DIGEST_LENGTH*2) );
-
- #endif
- Tcl_ListObjAppendElement( interp, certPtr,
diff -u -rNp /usr/ports/security/tcltls/pkg/PLIST ./pkg/PLIST
--- /usr/ports/security/tcltls/pkg/PLIST Fri Mar 11 14:54:07 2022
+++ ./pkg/PLIST Sun May 22 19:31:39 2022
@@ -1,6 +1,5 @@
-lib/tcl/tls/
-lib/tcl/tls/libtls${VER}.so
-lib/tcl/tls/pkgIndex.tcl
-lib/tcl/tls/tls.tcl
+lib/tcl/tcltls/
+lib/tcl/tcltls/pkgIndex.tcl
+@so lib/tcl/tcltls/tcltls.so
share/doc/tcltls/
share/doc/tcltls/tls.htm
------ Original Message ------
From: [email protected]
To: [email protected]; [email protected]
Cc: [email protected]
Sent: Tuesday, April 26, 2022 10:25 AM
Subject: Re: pkg_add coccinella: Can't find tcltls-1.6p4
Sorry about that. I'm looking into it.
Stu
------ Original Message ------
From: [email protected]
To: [email protected]
Cc: [email protected]
Sent: Monday, April 25, 2022 7:46 AM
Subject: pkg_add coccinella: Can't find tcltls-1.6p4
Hello!
As the subject says: "pkg_add coccinella" tells me it "Can't find
tcltls-1.6p4".
The Makefile of tcltls says:
BROKEN= Needs update to less outdated version and checking \
of dependent ports
The Makefile of coccinella says:
RUN_DEPENDS = security/tcltls [and many more]
Doesn't this mean coccinella is broken, too?
This is on -current as of yesterday but happens for quite a while
already.
Marcus
