From 350e537839ea1d3700901cbcc38623b8e16714f6 Mon Sep 17 00:00:00 2001 From: christos Date: Mon, 23 Jun 2014 22:24:24 +0000 Subject: Add patches to fix the crypto build (we still don't build with crypto but now we could). --- comms/kermit/Makefile | 4 +- comms/kermit/distinfo | 6 +- comms/kermit/patches/patch-ab | 37 ++++- comms/kermit/patches/patch-al | 375 +++++++++++++++++++++++++++++++++++++++++- 4 files changed, 408 insertions(+), 14 deletions(-) (limited to 'comms/kermit') diff --git a/comms/kermit/Makefile b/comms/kermit/Makefile index cf731cf49b5..a319b1702a0 100644 --- a/comms/kermit/Makefile +++ b/comms/kermit/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.84 2014/02/12 23:17:38 tron Exp $ +# $NetBSD: Makefile,v 1.85 2014/06/23 22:24:24 christos Exp $ DISTNAME= cku302 PKGNAME= kermit-9.0.302 -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= comms MASTER_SITES= ftp://ftp.kermitproject.org/kermit/archives/ diff --git a/comms/kermit/distinfo b/comms/kermit/distinfo index 7d182bc2542..6605762ed7d 100644 --- a/comms/kermit/distinfo +++ b/comms/kermit/distinfo @@ -1,10 +1,10 @@ -$NetBSD: distinfo,v 1.21 2012/05/17 20:29:13 christos Exp $ +$NetBSD: distinfo,v 1.22 2014/06/23 22:24:24 christos Exp $ SHA1 (kermit-9.0.302/cku302.tar.gz) = d04c8b5600bc0bb0f163d294881f7a5a0d4395b5 RMD160 (kermit-9.0.302/cku302.tar.gz) = ef3a71b5a42868c80408ac09662d00b71da0b0c8 Size (kermit-9.0.302/cku302.tar.gz) = 3122219 bytes SHA1 (patch-aa) = fd3a613ce3cd3755a2e3b8baf33df33593713024 -SHA1 (patch-ab) = d27c998f44a1d2b53cb2e893d9ef9e8c14292d3f +SHA1 (patch-ab) = 2dd97608d57d7b46630bcff7ec234449e8abe472 SHA1 (patch-ac) = 62cc9e92f2413a42312d9f6d168ee85664b6aab9 SHA1 (patch-ad) = 414f61c19185e4a82a8326121c2d9dacfba48077 SHA1 (patch-ae) = 53384e9cbfe13559d69ab95215a4575f726dc325 @@ -14,5 +14,5 @@ SHA1 (patch-ah) = 5b2098dfd57f8bd4d107acafaabe1a2c9b97d037 SHA1 (patch-ai) = 975a18c41b7fc031515bda5c4a9c284e80c9d1a4 SHA1 (patch-aj) = 6468e2139639f601de4609db8dff07b8b3a82d82 SHA1 (patch-ak) = 9ded2d7cc3a83158edfbbe87851f892ccb09df0b -SHA1 (patch-al) = 48438352380a74e19951fe669cb176d3c62d537d +SHA1 (patch-al) = 616ad10e65b24a04d24ff2556d6362ef3cc64b78 SHA1 (patch-am) = 8c5acbfefe7b7d11825cc32c4449582b51f6cad9 diff --git a/comms/kermit/patches/patch-ab b/comms/kermit/patches/patch-ab index b28fc03b91f..e94299e379c 100644 --- a/comms/kermit/patches/patch-ab +++ b/comms/kermit/patches/patch-ab @@ -1,8 +1,17 @@ -$NetBSD: patch-ab,v 1.6 2011/08/25 14:54:06 hans Exp $ +$NetBSD: patch-ab,v 1.7 2014/06/23 22:24:24 christos Exp $ ---- ck_ssl.c.orig 2011-07-06 15:03:32.000000000 +0200 -+++ ck_ssl.c 2011-08-23 10:29:50.031163553 +0200 -@@ -2877,6 +2877,7 @@ show_hostname_warning(char *s1, char *s2 +--- ck_ssl.c.orig 2011-07-06 09:03:32.000000000 -0400 ++++ ck_ssl.c 2014-06-23 18:21:25.000000000 -0400 +@@ -1072,7 +1072,7 @@ + #endif /* CK_ANSIC */ + { + X509 *peer; +- SSL_CIPHER * cipher; ++ const SSL_CIPHER * cipher; + const char *cipher_list; + char buf[512]=""; + +@@ -2877,6 +2877,7 @@ #ifndef OpenBSD #ifndef FREEBSD4 #ifndef NETBSD15 @@ -10,7 +19,7 @@ $NetBSD: patch-ab,v 1.6 2011/08/25 14:54:06 hans Exp $ #ifndef LINUX #ifndef AIX41 #ifndef UW7 -@@ -2919,6 +2920,7 @@ inet_aton(char * ipaddress, struct in_ad +@@ -2919,6 +2920,7 @@ #endif /* UW7 */ #endif /* AIX41 */ #endif /* LINUX */ @@ -18,3 +27,21 @@ $NetBSD: patch-ab,v 1.6 2011/08/25 14:54:06 hans Exp $ #endif /* NETBSD15 */ #endif /* FREEBSD4 */ #endif /* OpenBSD */ +@@ -3057,7 +3059,7 @@ + tls_is_anon(int x) + { + char buf[128]; +- SSL_CIPHER * cipher; ++ const SSL_CIPHER * cipher; + SSL * ssl = NULL; + + switch ( x ) { +@@ -3101,7 +3103,7 @@ + tls_is_krb5(int x) + { + char buf[128]; +- SSL_CIPHER * cipher; ++ const SSL_CIPHER * cipher; + SSL * ssl = NULL; + + switch ( x ) { diff --git a/comms/kermit/patches/patch-al b/comms/kermit/patches/patch-al index 1386fd54e7d..6205aca7885 100644 --- a/comms/kermit/patches/patch-al +++ b/comms/kermit/patches/patch-al @@ -1,8 +1,8 @@ -$NetBSD: patch-al,v 1.2 2011/08/25 14:54:06 hans Exp $ +$NetBSD: patch-al,v 1.3 2014/06/23 22:24:24 christos Exp $ ---- ckuath.c.orig 2011-06-13 19:26:54.000000000 +0200 -+++ ckuath.c 2011-08-23 10:36:18.019522988 +0200 -@@ -117,19 +117,6 @@ int accept_complete = 0; +--- ckuath.c.orig 2011-06-13 13:26:54.000000000 -0400 ++++ ckuath.c 2014-06-23 18:20:26.000000000 -0400 +@@ -117,19 +117,6 @@ #include #include #include @@ -22,3 +22,370 @@ $NetBSD: patch-al,v 1.2 2011/08/25 14:54:06 hans Exp $ #ifdef OS2 #include #endif /* OS2 */ +@@ -149,7 +136,9 @@ + #endif /* saveprintf */ + #else /* HEIMDAL */ + #include "krb5.h" ++#ifdef BETATEST + #include "profile.h" ++#endif + #include "com_err.h" + #ifdef KRB5_GET_INIT_CREDS_OPT_TKT_LIFE + #define KRB5_HAVE_GET_INIT_CREDS +@@ -417,7 +406,6 @@ + char des_outpkt[2*RLOG_BUFSIZ+4]; /* needs to be > largest write size */ + #ifdef KRB5 + krb5_data desinbuf,desoutbuf; +-krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */ + static krb5_data encivec_i[2], encivec_o[2]; + + enum krb5_kcmd_proto { +@@ -3145,8 +3133,13 @@ + data.data = k4_session_key; + data.length = 8; + +- code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0, +- &encdata, &data); ++ code = krb5_c_decrypt(k5_context, ++#ifdef HEIMDAL ++ k4_krbkey, ++#else ++ &k4_krbkey, ++#endif ++ 0, 0, &encdata, &data); + + krb5_free_keyblock_contents(k5_context, &random_key); + +@@ -3162,8 +3155,13 @@ + data.data = k4_challenge; + data.length = 8; + +- code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0, +- &encdata, &data); ++ code = krb5_c_decrypt(k5_context, ++#ifdef HEIMDAL ++ k4_krbkey, ++#else ++ &k4_krbkey, ++#endif ++ 0, 0, &encdata, &data); + #else /* MIT_CURRENT */ + memset(k4_sched,0,sizeof(Schedule)); + ckhexdump("auth_send",cred.session,8); +@@ -3295,7 +3293,7 @@ + case AUTHTYPE_KERBEROS_V5: + debug(F111,"auth_send KRB5","k5_auth.length",k5_auth.length); + for ( i=0 ; icontents; + #endif /* HEIMDAL */ + } else { +-#ifdef HEIMDAL + switch ( k5_session_key->keytype ) { + case ETYPE_DES_CBC_CRC: + case ETYPE_DES_CBC_MD5: +@@ -4934,24 +4938,17 @@ + break; + default: + skey.type = SK_GENERIC; ++#ifdef HEIMDAL ++ skey.length = k5_session_key->keyvalue.length; ++#else /* HEIMDAL */ + skey.length = k5_session_key->length; ++#endif /* HEIMDAL */ + encrypt_dont_support(ENCTYPE_DES_CFB64); + encrypt_dont_support(ENCTYPE_DES_OFB64); + } ++#ifdef HEIMDAL + skey.data = k5_session_key->keyvalue.data; + #else /* HEIMDAL */ +- switch ( k5_session_key->enctype ) { +- case ENCTYPE_DES_CBC_CRC: +- case ENCTYPE_DES_CBC_MD5: +- case ENCTYPE_DES_CBC_MD4: +- skey.type = SK_DES; +- skey.length = 8; +- default: +- skey.type = SK_GENERIC; +- skey.length = k5_session_key->length; +- encrypt_dont_support(ENCTYPE_DES_CFB64); +- encrypt_dont_support(ENCTYPE_DES_OFB64); +- } + skey.data = k5_session_key->contents; + #endif /* HEIMDAL */ + } +@@ -5038,7 +5035,6 @@ + skey.data = k5_session_key->contents; + #endif /* HEIMDAL */ + } else { +-#ifdef HEIMDAL + switch ( k5_session_key->keytype ) { + case ETYPE_DES_CBC_CRC: + case ETYPE_DES_CBC_MD5: +@@ -5047,21 +5043,15 @@ + skey.length = 8; + default: + skey.type = SK_GENERIC; ++#ifdef HEIMDAL ++ skey.length = k5_session_key->keyvalue.length; ++#else /* HEIMDAL */ + skey.length = k5_session_key->length; ++#endif /* HEIMDAL */ + } ++#ifdef HEIMDAL + skey.data = k5_session_key->keyvalue.data; + #else /* HEIMDAL */ +- switch ( k5_session_key->enctype ) { +- case ENCTYPE_DES_CBC_CRC: +- case ENCTYPE_DES_CBC_MD5: +- case ENCTYPE_DES_CBC_MD4: +- skey.type = SK_DES; +- skey.length = 8; +- break; +- default: +- skey.type = SK_GENERIC; +- skey.length = k5_session_key->length; +- } + skey.data = k5_session_key->contents; + #endif /* HEIMDAL */ + } +@@ -5138,7 +5128,11 @@ + } + if ( msg.length == 24 && !memcmp(msg.data,tls_verify,24) ) + krb5_tls_verified = 1; ++#ifdef HEIMDAL ++ krb5_data_free(&msg); ++#else /* HEIMDAL */ + krb5_free_data_contents(k5_context,&msg); ++#endif /* HEIMDAL */ + if (krb5_tls_verified) + return(AUTH_SUCCESS); + } +@@ -5166,7 +5160,7 @@ + krb5_context context; + krb5_auth_context auth_context; + krb5_data *inbuf; +- krb5_const_principal client; ++ krb5_principal client; + { + krb5_creds ** creds=NULL; + krb5_error_code retval; +@@ -5197,7 +5191,7 @@ + if ((retval = krb5_cc_initialize(context, ccache, client))) + return(retval); + +- if ((retval = krb5_rd_cred(context, auth_context, ccache, inbuf))) ++ if ((retval = krb5_rd_cred2(context, auth_context, ccache, inbuf))) + return(retval); + #else /* HEIMDAL */ + if ((retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL))) +@@ -5472,17 +5466,17 @@ + goto errout; + } + SendK5AuthSB(KRB5_TLS_VERIFY, msg.data, msg.length); ++#ifdef HEIMDAL ++ krb5_data_free(&msg); ++#else + krb5_free_data_contents(k5_context,&msg); ++#endif + } + #endif /* CK_SSL */ + if ((how & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { + /* do ap_rep stuff here */ + if ((r = krb5_mk_rep(k5_context, +-#ifdef HEIMDAL +- &auth_context, +-#else /* HEIMDAL */ + auth_context, +-#endif /* HEIMDAL */ + &outbuf))) { + debug(F111,"k5_auth_is","krb5_mk_rep",r); + (void) ckstrncpy(errbuf, "Make reply failed: ",sizeof(errbuf)); +@@ -5503,7 +5497,7 @@ + { + szUserNameAuthenticated[0] = '\0'; + } else { +- ckstrncpy(szUserNameAuthenticated,UIDBUFLEN,name); ++ ckstrncpy(szUserNameAuthenticated,name,UIDBUFLEN); + free(name); + } + } +@@ -9687,6 +9681,7 @@ + return(-1); + } + ++int + #ifdef CK_ANSIC + ck_krb4_destroy(struct krb_op_data * op) + #else +@@ -11228,7 +11223,12 @@ + + use_ivecs = 1; + +- if (status = krb5_c_block_size(k5_context, k5_session_key->enctype, ++ if (status = krb5_c_block_size(k5_context, ++#ifdef HEIMDAL ++ k5_session_key->keytype, ++#else ++ k5_session_key->enctype, ++#endif + &blocksize)) { + /* XXX what do I do? */ + printf("fatal kerberos 5 crypto library error\n"); +@@ -11309,8 +11309,7 @@ + krb5_ap_rep_enc_part *rep_ret = NULL; + krb5_data outbuf; + int rc; +- krb5_int32 seqno=0; +- krb5_int32 server_seqno=0; ++ int server_seqno=0; + char ** realmlist=NULL; + int buflen; + char tgt[256]; +@@ -11388,7 +11387,11 @@ + } + + if (krb5_rlog_ver == KCMD_OLD_PROTOCOL) ++#ifdef HEIMDAL ++ get_cred->session.keytype=ETYPE_DES_CBC_CRC; ++#else + get_cred->keyblock.enctype=ENCTYPE_DES_CBC_CRC; ++#endif + + /* Get ticket from credentials cache or kdc */ + status = krb5_get_credentials(k5_context, +@@ -11429,10 +11432,11 @@ + krb5_boolean is_des; + + if (status = krb5_c_enctype_compare( k5_context, +- ENCTYPE_DES_CBC_CRC, + #ifdef HEIMDAL ++ ETYPE_DES_CBC_CRC, + ret_cred->session.keytype, + #else /* HEIMDAL */ ++ ENCTYPE_DES_CBC_CRC, + ret_cred->keyblock.enctype, + #endif /* HEIMDAL */ + &is_des)) { +@@ -11482,7 +11486,11 @@ + &rep_ret, + NULL + ); ++#ifdef HEIMDAL ++ krb5_data_free(&cksumdat); ++#else + krb5_free_data_contents(k5_context,&cksumdat); ++#endif + + if (status) { + if ( !quiet ) +@@ -11490,12 +11498,17 @@ + error_message(status)); + if (error) { + if ( !quiet ) { +- printf("Server returned error code %d (%s)\r\n", +- error->error, +- error_message(ERROR_TABLE_BASE_krb5 + error->error)); +- if (error->text.length) { +- printf("Error text sent from server: %s\r\n", +- error->text.data); ++#ifdef HEIMDAL ++ int xerror = error->error_code; ++ char *xtext = *error->e_text; ++#else ++ int xerror = error->error; ++ char *xtext = error->text.length ? error->text.data : NULL; ++#endif ++ printf("Server returned error code %d (%s)\r\n", xerror, ++ error_message(ERROR_TABLE_BASE_krb5 + xerror)); ++ if (xtext) { ++ printf("Error text sent from server: %s\r\n", xtext); + } + } + krb5_free_error(k5_context, error); +@@ -11505,7 +11518,11 @@ + } + + if (rep_ret) { ++#ifdef HEIMDAL ++ server_seqno = *rep_ret->seq_number; ++#else + server_seqno = rep_ret->seq_number; ++#endif + krb5_free_ap_rep_enc_part(k5_context, rep_ret); + } + +@@ -11834,7 +11851,11 @@ + rd_len = (rd_len << 8) | c; + + if (status = krb5_c_encrypt_length(k5_context, ++#ifdef HEIMDAL ++ k5_session_key->keytype, ++#else + k5_session_key->enctype, ++#endif + use_ivecs ? rd_len + 4 : rd_len, + (size_t *)&net_len)) { + errno = status; +@@ -11865,9 +11886,15 @@ + plain.length = sizeof(storage); + plain.data = storage; + +- if ( status = krb5_c_decrypt(k5_context, k5_session_key, KCMD_KEYUSAGE, ++ if ( status = krb5_c_decrypt(k5_context, ++#ifdef HEIMDAL ++ *k5_session_key, ++#else ++ k5_session_key, ++#endif ++ KCMD_KEYUSAGE, + use_ivecs ? encivec_i + secondary : 0, +- &cipher,&plain) ) { ++ &cipher,&plain) ) { + /* probably out of sync */ + printf("Cannot decrypt data from network: %s\r\n", + error_message(status)); +@@ -12759,8 +12786,8 @@ + + static int + binaryEqual (a, b, len) +-register char *a, *b; +-register int len; ++char *a, *b; ++int len; + { + while (len--) + if (*a++ != *b++) -- cgit v1.2.3