This'll set it up:
$ cat uptcltls.sh
d=/path/to/tcltls.diff.gz
mkdir -p /usr/ports/mystuff/security
cd /usr/ports/mystuff/security
rm -Rf tcltls
cp -a /usr/ports/security/tcltls .
cd tcltls
gzcat $d | patch -p0 -E
find . -name '*.orig' -exec rm {} +
Stu
------ Original Message ------
From: [email protected]
To: [email protected]
Cc: [email protected]; [email protected]
Sent: Tuesday, May 24, 2022 8:50 AM
Subject: Re: pkg_add coccinella: Can't find tcltls-1.6p4
Hello Stu,
your patch landed somewhat garbled in my inbox, long lines gained a
line break. I attempted a repair, following patch(1)'s advice, and ran
patch < your.patch in security/tcltls. I ended up with two patch files
in security/tcltls instead of patches/. Moved these into patches/, ran
make but got:
Patching file tlsX509.c using Plan A...
Reversed (or previously applied) patch detected! Assume -R? [y] n
Apply anyway? [n] n
Hunk #1 ignored at 104.
Hunk #2 ignored at 144.
2 out of 2 hunks ignored--saving rejects to tlsX509.c.rej
done
***> patch-tlsX509_c did not apply cleanly
===> Ignoring patchfile patch-tlsX509_c.orig
===> Ignoring patchfile patch-tlsX509_c.rej
===> Failed patches:
patch-tests_ciphers_test
patch-tlsX509_c
I'm at my wits end.
Marcus
[email protected] (Stuart Cassoff), 2022.05.23 (Mon) 23:06 (CEST):
> Hi,
>
> I've brought the port up to the latest version
> but I'm not pleased with the test failures
> when not using --enable-ssl-fastpath.
>
> I don't see anything about this problem in
> the FreeBSD, NetBSD or Debian ports.
> Only NetBSD uses --enable-ssl-fastpath.
>
> My best guess is something to do with EAGAIN
> handling and BIO_should_read/write() in the BioRead
> and BioWrite functions in tlsBIO.c.
>
> This is about as far as my brain can take me.
> Additional notes in the patches.
>
> Same results on amd64 and i386.
>
>
> Stu
>
>
> diff -u -rNp /usr/ports/security/tcltls/Makefile ./Makefile
> --- /usr/ports/security/tcltls/Makefile Fri Mar 11 14:54:07 2022
> +++ ./Makefile Mon May 23 16:52:38 2022
> @@ -1,16 +1,12 @@
> -BROKEN= Needs update to less outdated version and checking of
dependent
> ports
> -
> COMMENT= OpenSSL Tcl extension
>
> -VERSION= 1.6
> +VERSION= 1.7.22
>
> -DISTNAME= tls${VERSION}-src
> -PKGNAME= tcltls-${VERSION}
> -REVISION= 4
> +DISTNAME= tcltls-${VERSION}
>
> CATEGORIES= security
>
> -HOMEPAGE= http://tls.sourceforge.net/
> +HOMEPAGE= http://core.tcl-lang.org/tcltls/
>
> MAINTAINER= Sebastian Reitenbach <[email protected]>
>
> @@ -19,29 +15,54 @@ PERMIT_PACKAGE= Yes
>
> WANTLIB= ssl crypto
>
> -MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=tls/}
> +MASTER_SITES= ${HOMEPAGE:=uv/}
>
> MODULES= lang/tcl
>
> RUN_DEPENDS= ${MODTCL_RUN_DEPENDS}
> BUILD_DEPENDS= ${RUN_DEPENDS}
>
> -WRKDIST= ${WRKDIR}/tls${VERSION}
> +FAKE_FLAGS = PACKAGE_INSTALL_DIR='$$(TCL_PACKAGE_PATH)/tcltls' \
> + INSTALL_PROGRAM='$$(INSTALL_DATA)'
> +
> +TEST_FLAGS = TESTFLAGS='${TESTFLAGS}'
> SEPARATE_BUILD =Yes
> CONFIGURE_STYLE=gnu
> +
> CONFIGURE_ARGS= --libdir=${MODTCL_TCLDIR} \
> --with-tcl=${MODTCL_LIBDIR} \
> - --with-tclinclude=${MODTCL_INCDIR} \
> - --with-ssl-dir=/usr \
> - --includedir=${PREFIX}/include/tcltls
> + --includedir=${PREFIX}/include/tcltls \
> + --disable-rpath \
> + --enable-deterministic \
> + --enable-ssl-fastpath
>
> -FAKE_FLAGS = PKG_DIR='$$(PACKAGE_NAME)'
INSTALL_PROGRAM='$$(INSTALL_DATA)'
> -INSTALL_TARGET= install-binaries > + > +# Tests will fail without this. Not a good sign. > +# --enable-ssl-fastpath > +> +# Use premade DH primes instead of generating new ones; builds faster.
> +# --enable-deterministic
> +
> +# Print lots of debugging info
> +# --enable-debug
> +
> +
> +# Tcltls configure will always choose tclsh8.6 (if installed) over
> tclsh8.5.
> +# Ensure that the tclsh chosen is the one matching MODTCL_VERSION.
> +CONFIGURE_ENV += TCLSH_NATIVE=${MODTCL_BIN}
> +
> TEST_TARGET= test
> -CFLAGS += -DNO_SSL2 -DNO_SSL3
> -SUBST_VARS= VER
>
> -VER= ${VERSION:S/.//g}
> +# Use TESTFLAGS to control the Tclthread tests
> +TESTFLAGS =
> +
> +
> +# These tests fail without --enable-ssl-fastpath.
> +#TESTFLAGS='-skip "tlsIO-9.2 tlsIO-2.11 tlsIO-12.3"'
> +
> +# To run one test only:
> +#TESTFLAGS='-match "tlsIO-9.2"'
> +
>
> post-install:
> ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/tcltls/
> diff -u -rNp /usr/ports/security/tcltls/distinfo ./distinfo
> --- /usr/ports/security/tcltls/distinfo Sat Jan 17 22:15:08 2015
> +++ ./distinfo Sat May 21 09:18:13 2022
> @@ -1,2 +1,2 @@
> -SHA256 (tls1.6-src.tar.gz) =
rexQFDqa1jSmcdJPfHu/JFVIfrXxLSkPQXl8MqmLk/M=
> -SIZE (tls1.6-src.tar.gz) = 168043 > +SHA256 (tcltls-1.7.22.tar.gz) = > 6E4reideyCxKqp0bH5eG2+Q1jIFekXU5/+f2Z/9Lw7Q= > +SIZE (tcltls-1.7.22.tar.gz) = 165206 > diff -u -rNp /usr/ports/security/tcltls/patches/patch-configure > ./patches/patch-configure> --- /usr/ports/security/tcltls/patches/patch-configure Fri Mar 11 14:54:07
> 2022
> +++ ./patches/patch-configure Wed Dec 31 19:00:00 1969
> @@ -1,12 +0,0 @@
> -Index: configure
> ---- configure.orig
> -+++ configure
> -@@ -8155,7 +8155,7 @@ echo "${ECHO_T}$tcl_cv_ld_elf" >&6
> - DL_LIBS=""
> - CC_SEARCH_FLAGS='-Wl,-rpath,${LIB_RUNTIME_DIR}'
> - LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS}
> -- SHARED_LIB_SUFFIX='${TCL_TRIM_DOTS}.so.1.0'
> -+ SHARED_LIB_SUFFIX='${TCL_TRIM_DOTS}.so'
> - echo "$as_me:$LINENO: checking for ELF" >&5
> - echo $ECHO_N "checking for ELF... $ECHO_C" >&6
> - if test "${tcl_cv_ld_elf+set}" = set; then
> diff -u -rNp
/usr/ports/security/tcltls/patches/patch-tests_ciphers_test
> ./patches/patch-tests_ciphers_test> --- /usr/ports/security/tcltls/patches/patch-tests_ciphers_test Fri Mar 11
> 14:54:07 2022 > +++ ./patches/patch-tests_ciphers_test Wed Dec 31 19:00:00 1969 > @@ -1,39 +0,0 @@ > -Those tests will fail. > - > ---- tests/ciphers.test.orig Fri Jun 22 23:03:34 2007 > -+++ tests/ciphers.test Sun Dec 5 12:57:05 2010> -@@ -105,22 +105,22 @@ test ciphers-1.2 {Tls::ciphers for tls1} {rsabsafe} {
> - listcompare $::EXPECTEDCIPHERS(rsabsafe) [tls::ciphers tls1]
> - } {}
> -
> --test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} {
> -- # This will fail if you compiled against RSA bsafe or with a
> -- # different set of defines than the default.
> -- # Change the constraint setting above.
> -- listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers ssl3]
> --} {}
> -+#test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} {
> -+# # This will fail if you compiled against RSA bsafe or with a
> -+# # different set of defines than the default.
> -+# # Change the constraint setting above.
> -+# listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers ssl3]
> -+#} {}
> -
> - # This version of the test is correct for OpenSSL only.
> - # An equivalent test for the RSA BSAFE SSL-C is earlier in this
file.
> -
> --test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {
> -- # This will fail if you compiled against RSA bsafe or with a
> -- # different set of defines than the default.
> -- # Change the constraint setting in all.tcl
> -- listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers tls1]
> --} {}
> -+#test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {
> -+# # This will fail if you compiled against RSA bsafe or with a
> -+# # different set of defines than the default.
> -+# # Change the constraint setting in all.tcl
> -+# listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers tls1]
> -+#} {}
> -
> -
> - # cleanup
> diff -u -rNp /usr/ports/security/tcltls/patches/patch-tlsBIO_c
> ./patches/patch-tlsBIO_c
> --- /usr/ports/security/tcltls/patches/patch-tlsBIO_c Wed Dec 31
19:00:00
> 1969 > +++ ./patches/patch-tlsBIO_c Sun May 22 21:25:55 2022 > @@ -0,0 +1,20 @@ > +Found in the Debian port:> +http://deb.debian.org/debian/pool/main/t/tcltls/tcltls_1.7.22-2.debian.tar.xz
> + > +Index: tlsBIO.c > +--- tlsBIO.c.orig > ++++ tlsBIO.c> +@@ -231,9 +231,12 @@ static long BioCtrl(BIO *bio, int cmd, long num, void
> + switch (cmd) {
> + case BIO_CTRL_RESET:
> + dprintf("Got BIO_CTRL_RESET");
> +- num = 0;
> ++ ret = 0;
> ++ break;
> + case BIO_C_FILE_SEEK:
> + dprintf("Got BIO_C_FILE_SEEK");
> ++ ret = 0;
> ++ break;
> + case BIO_C_FILE_TELL:
> + dprintf("Got BIO_C_FILE_TELL");
> + ret = 0;
> diff -u -rNp /usr/ports/security/tcltls/patches/patch-tlsInt_h
> ./patches/patch-tlsInt_h
> --- /usr/ports/security/tcltls/patches/patch-tlsInt_h Wed Dec 31
19:00:00
> 1969 > +++ ./patches/patch-tlsInt_h Sun May 22 10:10:19 2022 > @@ -0,0 +1,12 @@ > +Index: tlsInt.h > +--- tlsInt.h.orig > ++++ tlsInt.h > +@@ -54,7 +54,7 @@ > + * Determine if we should use the pre-OpenSSL 1.1.0 API > + */ > + #undef TCLTLS_OPENSSL_PRE_1_1 > +-#if (defined(LIBRESSL_VERSION_NUMBER)) || OPENSSL_VERSION_NUMBER < > 0x10100000L > ++#if OPENSSL_VERSION_NUMBER < 0x10100000L > + # define TCLTLS_OPENSSL_PRE_1_1_API 1 > + #endif > + > diff -u -rNp /usr/ports/security/tcltls/patches/patch-tlsX509_c > ./patches/patch-tlsX509_c> --- /usr/ports/security/tcltls/patches/patch-tlsX509_c Fri Mar 11 14:54:07
> 2022
> +++ ./patches/patch-tlsX509_c Wed Dec 31 19:00:00 1969
> @@ -1,36 +0,0 @@
> -Index: tlsX509.c
> ---- tlsX509.c.orig
> -+++ tlsX509.c
> -@@ -102,8 +102,11 @@ Tls_NewX509Obj( interp, cert)
> - char notAfter[BUFSIZ];
> - #ifndef NO_SSL_SHA
> - int shai;
> -- char sha_hash[SHA_DIGEST_LENGTH*2];
> -+ char sha_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
> -+ unsigned char sha_hash_binary[SHA_DIGEST_LENGTH];
> - const char *shachars="0123456789ABCDEF;
> -+
> -+ sha_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
> - #endif
> -
> - if ((bio = BIO_new(BIO_s_mem())) == NULL) {
> -@@ -139,15 +142,16 @@ Tls_NewX509Obj( interp, cert)
> - strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert)
));
> -
> - #ifndef NO_SSL_SHA
> -+ X509_digest(cert, EVP_sha1(), sha_hash_binary, NULL);
> - for (shai=0;shai<SHA_DIGEST_LENGTH;shai++)
> - {
> -- sha_hash[shai * 2]=shachars[(cert->sha1_hash[shai] & 0xF0)
> -- sha_hash[shai * 2 + 1]=shachars[(cert->sha1_hash[shai] & 0x0F)]; > -+ sha_hash_ascii[shai * 2]=shachars[(sha_hash_binary[shai] & 0xF0)4];
> >> 4];> -+ sha_hash_ascii[shai * 2 + 1]=shachars[(sha_hash_binary[shai] &
> 0x0F)];
> - }
> - Tcl_ListObjAppendElement( interp, certPtr,
> - Tcl_NewStringObj( "sha1_hash", -1) );
> - Tcl_ListObjAppendElement( interp, certPtr,
> -- Tcl_NewStringObj( sha_hash, SHA_DIGEST_LENGTH*2) );
> -+ Tcl_NewStringObj( sha_hash_ascii, SHA_DIGEST_LENGTH*2) );
> -
> - #endif
> - Tcl_ListObjAppendElement( interp, certPtr,
> diff -u -rNp /usr/ports/security/tcltls/pkg/PLIST ./pkg/PLIST
> --- /usr/ports/security/tcltls/pkg/PLIST Fri Mar 11 14:54:07 2022
> +++ ./pkg/PLIST Sun May 22 19:31:39 2022
> @@ -1,6 +1,5 @@
> -lib/tcl/tls/
> -lib/tcl/tls/libtls${VER}.so
> -lib/tcl/tls/pkgIndex.tcl
> -lib/tcl/tls/tls.tcl
> +lib/tcl/tcltls/
> +lib/tcl/tcltls/pkgIndex.tcl
> +@so lib/tcl/tcltls/tcltls.so
> share/doc/tcltls/
> share/doc/tcltls/tls.htm
>
>
>
> ------ Original Message ------
> From: [email protected]
> To: [email protected]; [email protected]
> Cc: [email protected]
> Sent: Tuesday, April 26, 2022 10:25 AM
> Subject: Re: pkg_add coccinella: Can't find tcltls-1.6p4
>
> Sorry about that. I'm looking into it.
>
> Stu
>
>
> ------ Original Message ------
> From: [email protected]
> To: [email protected]
> Cc: [email protected]
> Sent: Monday, April 25, 2022 7:46 AM
> Subject: pkg_add coccinella: Can't find tcltls-1.6p4
>
> Hello!
>
> As the subject says: "pkg_add coccinella" tells me it "Can't find
> tcltls-1.6p4".
>
> The Makefile of tcltls says:
> BROKEN= Needs update to less outdated version and checking
\
> of dependent ports > > The Makefile of coccinella says: > RUN_DEPENDS = security/tcltls [and many more] > > Doesn't this mean coccinella is broken, too? > > This is on -current as of yesterday but happens for quite a while > already. > > Marcus > > > > > > > > >
tcltls.diff.gz
Description: application/gzip
