Here's a polished update. There is a problem somewhere that can be tripped if --enable-ssl-fastpath isn't used, but since it is preferred to have --enable-ssl-fastpath, I think this will be ok for now.
I have left some notes in the Makefile. I'd really like to get this done, keep on top of it, and eventually find and fix the problem. I'll gladly take maintainer. Stu (patch also attached) diff -u -rNp /usr/ports/security/tcltls/Makefile ./Makefile --- /usr/ports/security/tcltls/Makefile Fri Mar 11 14:54:07 2022 +++ ./Makefile Sun Jun 5 09:22:51 2022 @@ -1,16 +1,12 @@-BROKEN= Needs update to less outdated version and checking of dependent ports
-
COMMENT= OpenSSL Tcl extension
-VERSION= 1.6
+VERSION= 1.7.22
-DISTNAME= tls${VERSION}-src
-PKGNAME= tcltls-${VERSION}
-REVISION= 4
+DISTNAME= tcltls-${VERSION}
CATEGORIES= security
-HOMEPAGE= http://tls.sourceforge.net/
+HOMEPAGE= http://core.tcl-lang.org/tcltls/
MAINTAINER= Sebastian Reitenbach <sebas...@openbsd.org>
@@ -19,29 +15,43 @@ PERMIT_PACKAGE= Yes
WANTLIB= ssl crypto
-MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=tls/}
+MASTER_SITES= ${HOMEPAGE:=uv/}
MODULES= lang/tcl
-
+MODTCL_VERSION= 8.6
RUN_DEPENDS= ${MODTCL_RUN_DEPENDS}
BUILD_DEPENDS= ${RUN_DEPENDS}
-WRKDIST= ${WRKDIR}/tls${VERSION}
+FAKE_FLAGS = PACKAGE_INSTALL_DIR='$$(TCL_PACKAGE_PATH)/tcltls' \
+ INSTALL_PROGRAM='$$(INSTALL_DATA)'
+
+TEST_FLAGS = TESTFLAGS='${TESTFLAGS}'
SEPARATE_BUILD =Yes
CONFIGURE_STYLE=gnu
+
CONFIGURE_ARGS= --libdir=${MODTCL_TCLDIR} \
--with-tcl=${MODTCL_LIBDIR} \
- --with-tclinclude=${MODTCL_INCDIR} \
- --with-ssl-dir=/usr \
- --includedir=${PREFIX}/include/tcltls
+ --includedir=${PREFIX}/include/tcltls \
+ --disable-rpath \
+ --enable-deterministic \
+ --enable-ssl-fastpath
-FAKE_FLAGS = PKG_DIR='$$(PACKAGE_NAME)'
INSTALL_PROGRAM='$$(INSTALL_DATA)'
-INSTALL_TARGET= install-binaries+# Tcltls configure will always choose tclsh8.6 (if installed) over tclsh8.5.
+# Ensure that the tclsh chosen matches MODTCL_VERSION.
+CONFIGURE_ENV += TCLSH_NATIVE=${MODTCL_BIN}
+
TEST_TARGET= test
-CFLAGS += -DNO_SSL2 -DNO_SSL3
-SUBST_VARS= VER
-VER= ${VERSION:S/.//g}
+# Use TESTFLAGS to control the Tclthread tests
+TESTFLAGS =
+
+# --enable-ssl-fastpath is the preferred option
+# but these tests will fail without it.
+# tlsIO-9.2 tlsIO-2.11 tlsIO-12.3
+# To be revisited.
+#
+# Use premade DH primes instead of generating new; builds faster.
+# --enable-deterministic
post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/tcltls/
diff -u -rNp /usr/ports/security/tcltls/distinfo ./distinfo
--- /usr/ports/security/tcltls/distinfo Sat Jan 17 22:15:08 2015
+++ ./distinfo Tue May 24 10:50:30 2022
@@ -1,2 +1,2 @@
-SHA256 (tls1.6-src.tar.gz) =
rexQFDqa1jSmcdJPfHu/JFVIfrXxLSkPQXl8MqmLk/M=
-SIZE (tls1.6-src.tar.gz) = 168043+SHA256 (tcltls-1.7.22.tar.gz) = 6E4reideyCxKqp0bH5eG2+Q1jIFekXU5/+f2Z/9Lw7Q=
+SIZE (tcltls-1.7.22.tar.gz) = 165206diff -u -rNp /usr/ports/security/tcltls/patches/patch-configure ./patches/patch-configure --- /usr/ports/security/tcltls/patches/patch-configure Fri Mar 11 14:54:07 2022
+++ ./patches/patch-configure Wed Dec 31 19:00:00 1969
@@ -1,12 +0,0 @@
-Index: configure
---- configure.orig
-+++ configure
-@@ -8155,7 +8155,7 @@ echo "${ECHO_T}$tcl_cv_ld_elf" >&6
- DL_LIBS=""
- CC_SEARCH_FLAGS='-Wl,-rpath,${LIB_RUNTIME_DIR}'
- LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS}
-- SHARED_LIB_SUFFIX='${TCL_TRIM_DOTS}.so.1.0'
-+ SHARED_LIB_SUFFIX='${TCL_TRIM_DOTS}.so'
- echo "$as_me:$LINENO: checking for ELF" >&5
- echo $ECHO_N "checking for ELF... $ECHO_C" >&6
- if test "${tcl_cv_ld_elf+set}" = set; then
diff -u -rNp /usr/ports/security/tcltls/patches/patch-tests_ciphers_test
./patches/patch-tests_ciphers_test
--- /usr/ports/security/tcltls/patches/patch-tests_ciphers_test Fri Mar
11 14:54:07 2022
+++ ./patches/patch-tests_ciphers_test Wed Dec 31 19:00:00 1969 @@ -1,39 +0,0 @@ -Those tests will fail. - ---- tests/ciphers.test.orig Fri Jun 22 23:03:34 2007 -+++ tests/ciphers.test Sun Dec 5 12:57:05 2010-@@ -105,22 +105,22 @@ test ciphers-1.2 {Tls::ciphers for tls1} {rsabsafe} {
- listcompare $::EXPECTEDCIPHERS(rsabsafe) [tls::ciphers tls1]
- } {}
-
--test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} {
-- # This will fail if you compiled against RSA bsafe or with a
-- # different set of defines than the default.
-- # Change the constraint setting above.
-- listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers ssl3]
--} {}
-+#test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} {
-+# # This will fail if you compiled against RSA bsafe or with a
-+# # different set of defines than the default.
-+# # Change the constraint setting above.
-+# listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers ssl3]
-+#} {}
-
- # This version of the test is correct for OpenSSL only.
- # An equivalent test for the RSA BSAFE SSL-C is earlier in this file.
-
--test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {
-- # This will fail if you compiled against RSA bsafe or with a
-- # different set of defines than the default.
-- # Change the constraint setting in all.tcl
-- listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers tls1]
--} {}
-+#test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {
-+# # This will fail if you compiled against RSA bsafe or with a
-+# # different set of defines than the default.
-+# # Change the constraint setting in all.tcl
-+# listcompare $::EXPECTEDCIPHERS(openssl) [tls::ciphers tls1]
-+#} {}
-
-
- # cleanup
diff -u -rNp /usr/ports/security/tcltls/patches/patch-tlsBIO_c
./patches/patch-tlsBIO_c
--- /usr/ports/security/tcltls/patches/patch-tlsBIO_c Wed Dec 31
19:00:00 1969
+++ ./patches/patch-tlsBIO_c Tue May 24 10:50:30 2022 @@ -0,0 +1,20 @@ +Found in the Debian port: +http://deb.debian.org/debian/pool/main/t/tcltls/tcltls_1.7.22-2.debian.tar.xz + +Index: tlsBIO.c +--- tlsBIO.c.orig ++++ tlsBIO.c+@@ -231,9 +231,12 @@ static long BioCtrl(BIO *bio, int cmd, long num, void
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ dprintf("Got BIO_CTRL_RESET");
+- num = 0;
++ ret = 0;
++ break;
+ case BIO_C_FILE_SEEK:
+ dprintf("Got BIO_C_FILE_SEEK");
++ ret = 0;
++ break;
+ case BIO_C_FILE_TELL:
+ dprintf("Got BIO_C_FILE_TELL");
+ ret = 0;
diff -u -rNp /usr/ports/security/tcltls/patches/patch-tlsInt_h
./patches/patch-tlsInt_h
--- /usr/ports/security/tcltls/patches/patch-tlsInt_h Wed Dec 31
19:00:00 1969
+++ ./patches/patch-tlsInt_h Tue May 24 10:50:30 2022 @@ -0,0 +1,12 @@ +Index: tlsInt.h +--- tlsInt.h.orig ++++ tlsInt.h +@@ -54,7 +54,7 @@ + * Determine if we should use the pre-OpenSSL 1.1.0 API + */ + #undef TCLTLS_OPENSSL_PRE_1_1+-#if (defined(LIBRESSL_VERSION_NUMBER)) || OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L + # define TCLTLS_OPENSSL_PRE_1_1_API 1 + #endif +diff -u -rNp /usr/ports/security/tcltls/patches/patch-tlsX509_c ./patches/patch-tlsX509_c --- /usr/ports/security/tcltls/patches/patch-tlsX509_c Fri Mar 11 14:54:07 2022
+++ ./patches/patch-tlsX509_c Wed Dec 31 19:00:00 1969
@@ -1,36 +0,0 @@
-Index: tlsX509.c
---- tlsX509.c.orig
-+++ tlsX509.c
-@@ -102,8 +102,11 @@ Tls_NewX509Obj( interp, cert)
- char notAfter[BUFSIZ];
- #ifndef NO_SSL_SHA
- int shai;
-- char sha_hash[SHA_DIGEST_LENGTH*2];
-+ char sha_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
-+ unsigned char sha_hash_binary[SHA_DIGEST_LENGTH];
- const char *shachars="0123456789ABCDEF;
-+
-+ sha_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
- #endif
-
- if ((bio = BIO_new(BIO_s_mem())) == NULL) {
-@@ -139,15 +142,16 @@ Tls_NewX509Obj( interp, cert)
- strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));
-
- #ifndef NO_SSL_SHA
-+ X509_digest(cert, EVP_sha1(), sha_hash_binary, NULL);
- for (shai=0;shai<SHA_DIGEST_LENGTH;shai++)
- {
-- sha_hash[shai * 2]=shachars[(cert->sha1_hash[shai] & 0xF0) >>
4];
-- sha_hash[shai * 2 + 1]=shachars[(cert->sha1_hash[shai] &
0x0F)];
-+ sha_hash_ascii[shai * 2]=shachars[(sha_hash_binary[shai] &
0xF0) >> 4];
-+ sha_hash_ascii[shai * 2 + 1]=shachars[(sha_hash_binary[shai] &
0x0F)];
- }
- Tcl_ListObjAppendElement( interp, certPtr,
- Tcl_NewStringObj( "sha1_hash", -1) );
- Tcl_ListObjAppendElement( interp, certPtr,
-- Tcl_NewStringObj( sha_hash, SHA_DIGEST_LENGTH*2) );
-+ Tcl_NewStringObj( sha_hash_ascii, SHA_DIGEST_LENGTH*2) );
-
- #endif
- Tcl_ListObjAppendElement( interp, certPtr,
diff -u -rNp /usr/ports/security/tcltls/pkg/PLIST ./pkg/PLIST
--- /usr/ports/security/tcltls/pkg/PLIST Fri Mar 11 14:54:07 2022
+++ ./pkg/PLIST Tue May 24 10:50:30 2022
@@ -1,6 +1,5 @@
-lib/tcl/tls/
-lib/tcl/tls/libtls${VER}.so
-lib/tcl/tls/pkgIndex.tcl
-lib/tcl/tls/tls.tcl
+lib/tcl/tcltls/
+lib/tcl/tcltls/pkgIndex.tcl
+@so lib/tcl/tcltls/tcltls.so
share/doc/tcltls/
share/doc/tcltls/tls.htm
------ Original Message ------
From: 3...@bell.net
To: sebas...@l00-bugdead-prods.de
Cc: ports@openbsd.org
Sent: Saturday, May 28, 2022 11:53 AM
Subject: Re: pkg_add coccinella: Can't find tcltls-1.6p4
I can take maintainer for this port.
Stu
------ Original Message ------
From: mcmer-open...@tor.at
To: sebas...@l00-bugdead-prods.de
Cc: ports@openbsd.org
Sent: Saturday, May 28, 2022 9:02 AM
Subject: Re: pkg_add coccinella: Can't find tcltls-1.6p4
Hello,
(stu@ removed from CC:)
sebas...@l00-bugdead-prods.de (Sebastian Reitenbach), 2022.04.27
19:15 (CEST):
> On Tuesday, April 26, 2022 16:25 CEST, Stuart Cassoff
<3...@bell.net> wrote:
> > Sorry about that. I'm looking into it. > I don't use net/coccinella anymore, it's old, and since long > unmaintained upstream.I do not use it either, just wanted to check it out. Thanks for the info!
> In case it's in the way of updating tcltls, it probably should just be
> removed.tcltls was updated by stu@ and with his help successfully installed here.
Marcus
tcltls.diff.gz
Description: application/gzip
