rtyler
/
pkgsrc-wip
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

kermit: Import from pkgrsc, and flip to alpha 

This does not build.  This is just the current pkgsrc with the
distinfo flipped to the current alpha, with a TODO.  I am merely
checkpointing it.
This commit is contained in:
Greg Troxel 2020-10-04 13:55:54 +00:00
parent 2ea8f9e128
commit 92bae9bd68
26 changed files with 1596 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile
View File

@ -1753,6 +1753,7 @@ SUBDIR+= kea
SUBDIR+= kea-git
SUBDIR+= keama-git
SUBDIR+= keditbookmarks
SUBDIR+= kermit
SUBDIR+= kfind
SUBDIR+= kgamma5
SUBDIR+= kget

6
kermit/DESCR Normal file
View File

@ -0,0 +1,6 @@
KERMIT file transfer/terminal emulation utility
------------------------------------------------------
This is a release of C-Kermit file transfer protocol utility.
This version supports transfer of un-escaped control characters for
very fast file transfers with high reliability.

72
kermit/Makefile Normal file
View File

@ -0,0 +1,72 @@
# $NetBSD: Makefile,v 1.93 2020/04/08 15:22:07 rhialto Exp $
DISTNAME= ckucku305-alpha02
PKGNAME= kermit-9.0.305a2
CATEGORIES= comms
#MASTER_SITES= ftp://ftp.kermitproject.org/kermit/archives/
MASTER_SITES= http://www.kermitproject.org/ftp/kermit/test/tar/
MAINTAINER= gdt@NetBSD.org
HOMEPAGE= http://www.kermitproject.org/
COMMENT= Network and serial communication, file transfer, and scripting utility
# UNIX C-Kermit 9.0 has been released with the Revised 3-Clause BSD License.
# http://www.columbia.edu/kermit/licensing.html
LICENSE= modified-bsd
.include "../../mk/bsd.prefs.mk"
WRKSRC= ${WRKDIR}
DIST_SUBDIR= ${PKGNAME_NOREV}
BUILD_DEFS+= KFLAGS LIBS MANINSTALL
MAKE_ENV+= KFLAGS=${KFLAGS:Q} LIBS=${LIBS:Q}
MAKE_FILE= makefile
LIBS+= ${BUILDLINK_LDADD.termcap}
#KFLAGS+= -DNODEBUG -DNOOLDMODEMS
KFLAGS+= ${BUILDLINK_CPPFLAGS}
LIBS+= ${BUILDLINK_LDFLAGS}
.include "options.mk"
INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 share/doc/kermit
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/wermit ${DESTDIR}${PREFIX}/bin/kermit
${INSTALL_DATA} ${WRKSRC}/*.txt ${DESTDIR}${PREFIX}/share/doc/kermit
${INSTALL_MAN} ${WRKSRC}/ckuker.nr \
${DESTDIR}${PREFIX}/${PKGMANDIR}/man1/kermit.1
.include "../../mk/curses.buildlink3.mk"
.include "../../mk/termcap.buildlink3.mk"
.if ${OPSYS} == "Darwin"
. if !empty(OS_VERSION:M??.*)
BUILD_TARGET_OPSYS= macosx10.6
. elif !empty(OS_VERSION:M9.*)
BUILD_TARGET_OPSYS= macosx10.5
. elif !empty(OS_VERSION:M8.*)
BUILD_TARGET_OPSYS= macosx10.4
. elif empty(OS_VERSION:M7.*)
BUILD_TARGET_OPSYS= macosx103.9
. else
BUILD_TARGET_OPSYS= macosx10
. endif
.elif ${OPSYS} == "Linux"
BUILD_TARGET_OPSYS= linux
MAKE_ENV+= HAVE_LIBCURSES=-l${BUILDLINK_LIBNAME.curses}
. if ${CURSES_TYPE} == "ncurses"
MAKE_ENV+= HAVE_CURSES=-DCK_NCURSES
. else
MAKE_ENV+= HAVE_CURSES=-DCK_NCURSES
. endif
.elif ${OPSYS} == "SunOS"
BUILD_TARGET_OPSYS= solaris11g
.else
BUILD_TARGET_OPSYS= netbsd
.endif
BUILD_TARGET= ${BUILD_TARGET_OPSYS}${BUILD_TARGET_OPTIONS:ts}
.include "../../mk/bsd.pkg.mk"

14
kermit/PLIST Normal file
View File

@ -0,0 +1,14 @@
@comment $NetBSD: PLIST,v 1.9 2011/08/25 14:54:06 hans Exp $
bin/kermit
man/man1/kermit.1
share/doc/kermit/ckaaaa.txt
share/doc/kermit/ckc302.txt
share/doc/kermit/ckcbwr.txt
share/doc/kermit/ckccfg.txt
share/doc/kermit/ckcplm.txt
share/doc/kermit/ckermit70.txt
share/doc/kermit/ckermit80.txt
share/doc/kermit/ckermit90.txt
share/doc/kermit/ckubwr.txt
share/doc/kermit/ckuins.txt
share/doc/kermit/ckututor.txt

7
kermit/TODO Normal file
View File

@ -0,0 +1,7 @@
- Rebase patches to the alpha
- Rename patch files to modern norms
- File patches upstream
- Test

23
kermit/distinfo Normal file
View File

@ -0,0 +1,23 @@
$NetBSD: distinfo,v 1.28 2020/07/30 03:03:07 gutteridge Exp $
SHA1 (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 90a3cdc9d5112d752a8637b6a76f6aef7da8a00c
RMD160 (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 4cd3cc02f6f5367b158f2fabc910e3ab7ffcee6a
SHA512 (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 017c742d53fa847b844554ce46708a32bee76af2efb092c3149b92f9ef50e0aa03ce52ffe99fc46ebfb7eeda1f4660b9f936d92c48625eda92369496070dd3a1
Size (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 2545990 bytes
SHA1 (patch-aa) = fd3a613ce3cd3755a2e3b8baf33df33593713024
SHA1 (patch-ab) = 280bfca4d44630bc9ec4a9331b650b81c7f80774
SHA1 (patch-ac) = 62cc9e92f2413a42312d9f6d168ee85664b6aab9
SHA1 (patch-ad) = 414f61c19185e4a82a8326121c2d9dacfba48077
SHA1 (patch-ae) = 3cd335d719933fce95c2f5b05e9959d0d1ca06e0
SHA1 (patch-af) = 2a09f9f933d3c1e6860983d8138ac61f33306ef7
SHA1 (patch-ag) = cae37680ea5af85f4d2c774fe230f73a1f0be48c
SHA1 (patch-ah) = 5b2098dfd57f8bd4d107acafaabe1a2c9b97d037
SHA1 (patch-aj) = 6468e2139639f601de4609db8dff07b8b3a82d82
SHA1 (patch-ak) = 983583d79abc4fcee1b7e9bf8ae46f184aa7011d
SHA1 (patch-al) = 616ad10e65b24a04d24ff2556d6362ef3cc64b78
SHA1 (patch-am) = 8c5acbfefe7b7d11825cc32c4449582b51f6cad9
SHA1 (patch-ckcftp.c) = 1af977dce79f61c43619186c6a5d2032d7a9a6bd
SHA1 (patch-ckcpro.w) = 247c1d0e0bcec632c4095c10067757cc40fb3831
SHA1 (patch-ckupty.c) = fd8966627f3642550750ccd42e3add64a36dae09
SHA1 (patch-ckuus3.c) = 557e938b36931f7948783116d1c5c2224d51bcbb
SHA1 (patch-ckuus4.c) = 2204f4c95f8266358b66ac0936ac83ab27bec0c9

45
kermit/files/Makefile Normal file
View File

@ -0,0 +1,45 @@
# $NetBSD: Makefile,v 1.1 2014/06/23 22:25:39 christos Exp $
.include <bsd.own.mk>
WARNS=0
CPPFLAGS+= -DBSD44 -DCK_CURSES -DCK_DTRCD -DCK_DTRCTS -DCK_PAM -DFNFLOAT
CPPFLAGS+= -DHAVE_OPENPTY -DHERALD=\"NetBSD\" -DTCPSOCKET -DTPUTSARGTYPE=int
CPPFLAGS+= -DUSE_STRERROR -DZLIB -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
CPPFLAGS+= -DNO_DCL_INET_ATON
.if ${MKCRYPTO} == "yes"
CPPFLAGS+= -DCK_AUTHENTICATION -DCK_CAST -DCK_DES -DCK_ENCRYPTION
CPPFLAGS+= -DCK_KERBEROS -DCK_SSL -DKRB5 -DLIBDES -DOPENSSL_100 -DHEIMDAL
CPPFLAGS+= -DKTARGET='" netbsd+krb5+openssl+zlib"'
CPPFLAGS+= -I/usr/include/krb5
LDADD+= -lcrypt -lcrypto -ldes -lgssapi -lkrb5 -lssl
DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBDES} ${LIBGSSAPI} ${LIBKRB5} ${LIBSSL}
COPTS.ckuath.c= -Wno-error=deprecated-declarations
.else
CPPFLAGS+= -DKTARGET='" netbsd+zlib"'
.endif
LDADD+=-lpam -lutil -lcurses -lz -lm
DPADD+=${LIBPAM} ${LIBUTIL} ${LIBCURSES} ${LIBZ} ${LIBM}
CPPFLAGS+=-std=c89
.PATH: ${.CURDIR}/../dist
PROG= kermit
SRCS+= ck_crp.c ck_ssl.c ckcfn2.c ckcfn3.c ckcfns.c ckcftp.c ckclib.c \
ckcmai.c ckcnet.c ckcpro.c ckctel.c ckcuni.c ckuath.c ckucmd.c \
ckucns.c ckudia.c ckufio.c ckupty.c ckuscr.c ckusig.c ckutio.c \
ckuus2.c ckuus3.c ckuus4.c ckuus5.c ckuus6.c ckuus7.c ckuusr.c \
ckuusx.c ckuusy.c ckuxla.c
CLEANFILES+=kermit.1
.include <bsd.prog.mk>
kermit.1: ${.CURDIR}/../dist/ckuker.nr
@cp ${.ALLSRC} ${.TARGET}

15
kermit/files/dot.kermrc Normal file
View File

@ -0,0 +1,15 @@
# .kermit -- typical ckermit init file
# $NetBSD: dot.kermrc,v 1.2 1998/08/07 10:36:39 agc Exp $
set send packet 9024 # packet size send
set receive packet 9024 # packet size receive
set file type binary # file type
set block 3 # use 16bit CCITT crc's
set window 15 # use 15 sliding window slots
set file name literal # do not translate file names
set file coll overwrite # overwrite if file allready exists
set file dis crt # display in terms of cps and percentage
set flow rts # hardware flow control
set con unprefix all # unpre all control characters
set con prefix 0 3 131 # prefix necessary control characters
set speed 57600 # use 57600bps DTE

49
kermit/options.mk Normal file
View File

@ -0,0 +1,49 @@
# $NetBSD: options.mk,v 1.6 2015/09/30 08:25:37 tnn Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.kermit
PKG_SUPPORTED_OPTIONS= kermit-suid-uucp ssl kerberos
PKG_OPTIONS_OPTIONAL_GROUPS+= socks
PKG_OPTIONS_GROUP.socks= socks4 dante
.include "../../mk/bsd.options.mk"
###
### Install the kermit binary as a setuid-uucp binary.
###
.if !empty(PKG_OPTIONS:Mkermit-suid-uucp)
PKG_GROUPS+= ${UUCP_GROUP}
PKG_USERS+= ${UUCP_USER}:${UUCP_GROUP}
PKG_GROUPS_VARS+= UUCP_GROUP
PKG_USERS_VARS+= UUCP_USER
SPECIAL_PERMS+= bin/kermit ${UUCP_USER} ${UUCP_GROUP} 4555
.endif
###
### SOCKS firewall support.
###
.if !empty(PKG_OPTIONS:Msocks4)
KFLAGS+= -DSOCKS -DCK_SOCKS
LIBS+= -L${BUILDLINK_PREFIX.dante}/lib -lsocks
.include "../../net/dante/buildlink3.mk"
.elif !empty(PKG_OPTIONS:Mdante)
KFLAGS+= -DSOCKS -DCK_SOCKS
LIBS+= -L${BUILDLINK_PREFIX.dante}/lib -lsocks
.include "../../net/dante/buildlink3.mk"
.endif
.if !empty(PKG_OPTIONS:Mkerberos)
BUILD_TARGET_OPTIONS+= +krb5
.include "../../security/mit-krb5/buildlink3.mk"
K5INC= -I${WRKDIR}/.buildlink/include
K5LIB= -L${WRKDIR}/.buildlink/lib ${COMPILER_RPATH_FLAG}${WRKDIR}/.buildlink/lib
MAKE_ENV+= K5INC=${K5INC:Q} K5LIB=${K5LIB:Q}
.endif
.if !empty(PKG_OPTIONS:Mssl)
BUILD_TARGET_OPTIONS+= +ssl
.include "../../security/openssl/buildlink3.mk"
# Set to empty
SSLINC= -I${WRKDIR}/.buildlink/include
SSLLIB= -L${WRKDIR}/.buildlink/lib ${COMPILER_RPATH_FLAG}${WRKDIR}/.buildlink/lib
MAKE_ENV+= SSLINC=${SSLINC:Q} SSLLIB=${SSLLIB:Q}
.endif

88
kermit/patches/patch-aa Normal file
View File

@ -0,0 +1,88 @@
$NetBSD: patch-aa,v 1.10 2011/12/06 01:19:16 sbd Exp $
* Get K5LIB, K5INC, SSLLIB and SSLINC from pkgsrc.
* s/-lgssapi/-lgssapi_krb5/ on netbsd+krb5*
* Add $(LIBS) to link command on solaris2xg+openssl+zlib+pam+shadow
* s@$(K5INC)/krb5@$(K5INC)/kerberosv5/ on solaris9g+krb5+ssl
* On linux get HAVE_LIBCURSES and HAVE_CURSES from pkgsrc (with the
curses include and library pathes coming from BUILDLINK_*FLAGS).
--- makefile.orig 2011-08-21 15:12:07.000000000 +0000
+++ makefile
@@ -824,12 +824,12 @@ manroot = $(prefix)
K4LIB=-L/usr/kerberos/lib
K4INC=-I/usr/kerberos/include
-K5LIB=-L/usr/kerberos/lib
-K5INC=-I/usr/kerberos/include
+#K5LIB=-L/usr/kerberos/lib
+#K5INC=-I/usr/kerberos/include
SRPLIB=-L$(srproot)/lib
SRPINC=-I$(srproot)/include
-SSLLIB=-L$(sslroot)/ssl/lib
-SSLINC=-I$(sslroot)/ssl/include
+#SSLLIB=-L$(sslroot)/ssl/lib
+#SSLINC=-I$(sslroot)/ssl/include
# To override these assignments; for example, if your OpenSSL files are
# not in /usr/local/ssl, invoke the desired target like this:
@@ -1869,7 +1869,7 @@ netbsd+krb5:
-DCK_CAST $$HAVE_DES -DNOFTP_GSSAPI $(K5INC) $(K5INC)/krb5 \
$(KFLAGS)" \
"LIBS= $(K5LIB) -L/usr/pkg/lib -R/usr/pkg/lib -lcurses $$DES_LIB \
- -lcrypto -lgssapi -lkrb5 -lm -lutil $(LIBS)"
+ -lcrypto -lgssapi_krb5 -lkrb5 -lm -lutil $(LIBS)"
# NetBSD - With Kerberos 5 and SSL and Zlib.
# OK: 2011/08/21 on 5.1 with MIT Kerberos.
@@ -1896,7 +1896,7 @@ netbsd+krb5+ssl netbsd+krb5+openssl+zlib
-DCK_SSL -DCK_PAM -DZLIB -DNO_DCL_INET_ATON $$OPENSSLOPTION \
$(KFLAGS)" "LNKFLAGS = $(LNKFLAGS)" \
"LIBS= $(K5LIB) -L/usr/pkg/lib -R/usr/pkg/lib -lssl $$DES_LIB \
- -lcrypto -lcrypt -lgssapi -lkrb5 -lz -lm -lpam -lutil -lcurses $(LIBS)"
+ -lcrypto -lcrypt -lgssapi_krb5 -lkrb5 -lz -lm -lpam -lutil -lcurses $(LIBS)"
#Special Security Enhanced NetBSD target with SRP, SSL, and zlib support.
#To build this, you need to BUILD the pkgsrc srp_client package. After
@@ -3544,7 +3544,7 @@ solaris2xg+openssl+zlib+pam+shadow:
-DCK_AUTHENTICATION -DCK_SSL -DCK_PAM -DCK_SHADOW -DZLIB \
-DBIGBUFOK $(SSLINC) $(KFLAGS)" \
"LIBS= $(SSLLIB) -ltermlib \
- -lsocket -lnsl -lm -lresolv -lssl -lcrypto -lpam -lz"
+ -lsocket -lnsl -lm -lresolv -lssl -lcrypto -lpam -lz $(LIBS)"
#Ditto but with GCC 3.1 in which you have to specify 32-bit with -m32.
#In Solaris 9 (and maybe 8) you'll also need specifiy the Library path.
@@ -3899,7 +3899,7 @@ solaris9g+krb5+ssl solaris10g+krb5+ssl s
-DCK_CURSES -DCK_NEWTERM -DDIRENT -DHDBUUCP -DTCPSOCKET -DBIGBUFOK \
-DCK_AUTHENTICATION -DCK_SSL -DZLIB -DCK_KERBEROS -DKRB5 \
-DCK_ENCRYPTION -DCK_CAST $$OPENSSLOPTION \
- $$HAVE_DES $(SSLINC) $(K5INC) $(K5INC)/krb5 $(KFLAGS)" \
+ $$HAVE_DES $(SSLINC) $(K5INC) $(K5INC)/kerberosv5 $(KFLAGS)" \
"LIBS= $(SSLLIB) $(K5LIB) -lz -lssl -ltermlib -lsocket -lnsl -lm \
-lresolv -lcrypto \
$$GSSAPILIB -lkrb5 -lcom_err -lk5crypto $$DES_LIB $(LIBS)"
@@ -6095,22 +6095,6 @@ linux:
if test `grep openpty /usr/include/pty.h | wc -l` -gt 0; \
then HAVE_OPENPTY='-DHAVE_OPENPTY'; \
else HAVE_OPENPTY=''; fi ; \
- HAVE_LIBCURSES=''; \
- if test -f /usr/lib64/libncurses.so || \
- test -f /usr/lib/libncurses.a || \
- test -f /usr/lib/libncurses.so; then \
- HAVE_LIBCURSES='-lncurses'; \
- else if test -f /usr/lib64/libcurses.so || \
- test -f /usr/lib/libcurses.a || \
- test -f /usr/lib/libcurses.so; then \
- HAVE_LIBCURSES='-lcurses'; fi; fi; \
- HAVE_CURSES=''; \
- if test -n '$$HAVE_LIBCURSES'; then \
- if test -f /usr/include/ncurses.h; then \
- HAVE_CURSES='-DCK_NCURSES -I/usr/include/ncurses'; \
- else if test -f /usr/include/curses.h; then \
- HAVE_CURSES='-DCK_CURSES'; \
- fi; fi; fi; \
if test -f /usr/include/baudboy.h || test -f /usr/include/ttylock.h; \
then HAVE_LOCKDEV='-DHAVE_LOCKDEV' ; \
else HAVE_LOCKDEV='' ; fi ; \

568
kermit/patches/patch-ab Normal file
View File

@ -0,0 +1,568 @@
$NetBSD: patch-ab,v 1.8 2020/04/08 15:22:07 rhialto Exp $
- Update for openssl 1.1.1e.
- Kermit tries to keep SSL and TLS contexts (since in old openssl, the
*v23* methods were not version-flexible enough). Now afer simplification
there is lots of duplicate code left over that could be simplified more.
--- ck_ssl.c.orig 2011-07-06 15:03:32.000000000 +0200
+++ ck_ssl.c 2020-04-06 16:43:41.323530837 +0200
@@ -301,7 +301,7 @@
break;
default:
printf("Error %d while verifying certificate.\r\n",
- ctx->error);
+ error);
break;
}
}
@@ -804,6 +804,17 @@
#define MS_CALLBACK
#endif /* MS_CALLBACK */
+static BIGNUM *get_RSA_F4()
+{
+ static BIGNUM *bn;
+
+ if (!bn) {
+ bn = BN_new();
+ BN_add_word(bn, RSA_F4);
+ }
+ return bn;
+}
+
static RSA MS_CALLBACK *
#ifdef CK_ANSIC
tmp_rsa_cb(SSL * s, int export, int keylength)
@@ -822,7 +833,16 @@
if (ssl_debug_flag)
printf("Generating temporary (%d bit) RSA key...\r\n",keylength);
- rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
+ rsa_tmp = RSA_new();
+ if (rsa_tmp) {
+ int error = RSA_generate_key_ex(rsa_tmp, keylength, get_RSA_F4(),NULL);
+ if (error) {
+ if (ssl_debug_flag)
+ printf(" error %d", error);
+ RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
+ }
+ }
if (ssl_debug_flag)
printf("\r\n");
@@ -936,10 +956,26 @@
if ((dh=DH_new()) == NULL)
return(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ BIGNUM *p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+ BIGNUM *g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+ if ((p == NULL) || (g == NULL)) {
+ BN_free(g);
+ BN_free(p);
+ DH_free(dh);
+ return(NULL);
+ }
+ DH_set0_pqg(dh, p, NULL, g);
+#else
dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+ BN_free(dh->g);
+ BN_free(dh->p);
+ DH_free(dh);
return(NULL);
+ }
+#endif
return(dh);
}
@@ -950,10 +986,26 @@
if ((dh=DH_new()) == NULL)
return(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ BIGNUM *p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
+ BIGNUM *g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
+ if ((p == NULL) || (g == NULL)) {
+ BN_free(g);
+ BN_free(p);
+ DH_free(dh);
+ return(NULL);
+ }
+ DH_set0_pqg(dh, p, NULL, g);
+#else
dh->p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
dh->g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+ BN_free(dh->g);
+ BN_free(dh->p);
+ DH_free(dh);
return(NULL);
+ }
+#endif
return(dh);
}
@@ -964,10 +1016,26 @@
if ((dh=DH_new()) == NULL)
return(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ BIGNUM *p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+ BIGNUM *g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+ if ((p == NULL) || (g == NULL)) {
+ BN_free(g);
+ BN_free(p);
+ DH_free(dh);
+ return(NULL);
+ }
+ DH_set0_pqg(dh, p, NULL, g);
+#else
dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+ BN_free(dh->g);
+ BN_free(dh->p);
+ DH_free(dh);
return(NULL);
+ }
+#endif
return(dh);
}
@@ -978,10 +1046,26 @@
if ((dh=DH_new()) == NULL)
return(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ BIGNUM *p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
+ BIGNUM *g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
+ if ((p == NULL) || (g == NULL)) {
+ BN_free(g);
+ BN_free(p);
+ DH_free(dh);
+ return(NULL);
+ }
+ DH_set0_pqg(dh, p, NULL, g);
+#else
dh->p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
dh->g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+ BN_free(dh->g);
+ BN_free(dh->p);
+ DH_free(dh);
return(NULL);
+ }
+#endif
return(dh);
}
@@ -992,10 +1076,26 @@
if ((dh=DH_new()) == NULL)
return(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ BIGNUM *p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+ BIGNUM *g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+ if ((p == NULL) || (g == NULL)) {
+ BN_free(g);
+ BN_free(p);
+ DH_free(dh);
+ return(NULL);
+ }
+ DH_set0_pqg(dh, p, NULL, g);
+#else
dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+ BN_free(dh->g);
+ BN_free(dh->p);
+ DH_free(dh);
return(NULL);
+ }
+#endif
return(dh);
}
#endif /* NO_DH */
@@ -1054,10 +1154,11 @@
if (ssl == NULL)
return;
- if (ssl->expand == NULL || ssl->expand->meth == NULL)
+ const COMP_METHOD *method = SSL_get_current_compression(ssl);
+ if (method == NULL)
printf("Compression: None\r\n");
else {
- printf("Compression: %s\r\n",ssl->expand->meth->name);
+ printf("Compression: %s\r\n",SSL_COMP_get_name(method));
}
}
@@ -1072,7 +1173,7 @@
#endif /* CK_ANSIC */
{
X509 *peer;
- SSL_CIPHER * cipher;
+ const SSL_CIPHER * cipher;
const char *cipher_list;
char buf[512]="";
@@ -1457,13 +1558,23 @@
#ifdef ZLIB
cm = COMP_zlib();
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ if (cm != NULL && COMP_get_type(cm) != NID_undef) {
+#else
if (cm != NULL && cm->type != NID_undef) {
+#endif
SSL_COMP_add_compression_method(0xe0, cm); /* EAY's ZLIB ID */
}
#endif /* ZLIB */
+#ifdef NID_rle_compression
cm = COMP_rle();
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ if (cm != NULL && COMP_get_type(cm) != NID_undef)
+#else
if (cm != NULL && cm->type != NID_undef)
+#endif
SSL_COMP_add_compression_method(0xe1, cm); /* EAY's RLE ID */
+#endif /* NID_rle_compression */
/* Ensure the Random number generator has enough entropy */
if ( !RAND_status() ) {
@@ -1483,8 +1594,12 @@
}
debug(F110,"ssl_rnd_file",ssl_rnd_file,0);
+#ifdef OPENSSL_NO_EGD
+ rc1 = 0;
+#else
rc1 = RAND_egd(ssl_rnd_file);
debug(F111,"ssl_once_init","RAND_egd()",rc1);
+#endif
if ( rc1 <= 0 ) {
rc2 = RAND_load_file(ssl_rnd_file, -1);
debug(F111,"ssl_once_init","RAND_load_file()",rc1);
@@ -1579,25 +1694,13 @@
/* This can fail because we do not have RSA available */
if ( !ssl_ctx ) {
debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
- ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
- }
- if ( !ssl_ctx ) {
- debug(F110,"ssl_tn_init","SSLv3_client_method failed",0);
last_ssl_mode = -1;
return(0);
}
-#ifndef COMMENT
- tls_ctx=(SSL_CTX *)SSL_CTX_new(TLSv1_client_method());
-#else /* COMMENT */
tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv23_client_method());
/* This can fail because we do not have RSA available */
if ( !tls_ctx ) {
debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
- tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
- }
-#endif /* COMMENT */
- if ( !tls_ctx ) {
- debug(F110,"ssl_tn_init","TLSv1_client_method failed",0);
last_ssl_mode = -1;
return(0);
}
@@ -1611,25 +1714,13 @@
/* This can fail because we do not have RSA available */
if ( !ssl_ctx ) {
debug(F110,"ssl_tn_init","SSLv23_server_method failed",0);
- ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_server_method());
- }
- if ( !ssl_ctx ) {
- debug(F110,"ssl_tn_init","SSLv3_server_method failed",0);
last_ssl_mode = -1;
return(0);
}
-#ifdef COMMENT
- tls_ctx=(SSL_CTX *)SSL_CTX_new(TLSv1_server_method());
-#else /* COMMENT */
tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv23_server_method());
/* This can fail because we do not have RSA available */
if ( !tls_ctx ) {
debug(F110,"ssl_tn_init","SSLv23_server_method failed",0);
- tls_ctx=(SSL_CTX *)SSL_CTX_new(TLSv1_server_method());
- }
-#endif /* COMMENT */
- if ( !tls_ctx ) {
- debug(F110,"ssl_tn_init","TLSv1_server_method failed",0);
last_ssl_mode = -1;
return(0);
}
@@ -1655,7 +1746,6 @@
SSL_CTX_set_info_callback(ssl_ctx,ssl_client_info_callback);
SSL_CTX_set_info_callback(tls_ctx,ssl_client_info_callback);
-#ifndef COMMENT
/* Set the proper caching mode */
if ( mode == SSL_SERVER ) {
SSL_CTX_set_session_cache_mode(ssl_ctx,SSL_SESS_CACHE_SERVER);
@@ -1666,10 +1756,6 @@
}
SSL_CTX_set_session_id_context(ssl_ctx,(CHAR *)"1",1);
SSL_CTX_set_session_id_context(tls_ctx,(CHAR *)"2",1);
-#else /* COMMENT */
- SSL_CTX_set_session_cache_mode(ssl_ctx,SSL_SESS_CACHE_OFF);
- SSL_CTX_set_session_cache_mode(tls_ctx,SSL_SESS_CACHE_OFF);
-#endif /* COMMENT */
}
/* The server uses defaults for the certificate files. */
@@ -1777,7 +1863,14 @@
if ( ssl_debug_flag )
printf("Generating temp (512 bit) RSA key ...\r\n");
- rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
+ rsa = RSA_new();
+ if (rsa) {
+ int error = RSA_generate_key_ex(rsa,512,get_RSA_F4(),NULL);
+ if (error) {
+ RSA_free(rsa);
+ rsa = NULL;
+ }
+ }
if ( ssl_debug_flag )
printf("Generation of temp (512 bit) RSA key done\r\n");
@@ -2153,18 +2246,10 @@
printf("SSL_DEBUG_FLAG on\r\n");
if (!tls_http_ctx ) {
-#ifdef COMMENT
- /* too many web servers still do not support TLSv1 */
- tls_http_ctx=(SSL_CTX *)SSL_CTX_new(TLSv1_client_method());
-#else /* COMMENT */
tls_http_ctx=(SSL_CTX *)SSL_CTX_new(SSLv23_client_method());
/* This can fail because we do not have RSA available */
if ( !tls_http_ctx ) {
debug(F110,"ssl_http_init","SSLv23_client_method failed",0);
- tls_http_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
- }
-#endif /* COMMENT */
- if ( !tls_http_ctx ) {
debug(F110,"ssl_http_init","TLSv1_client_method failed",0);
return(0);
}
@@ -2182,7 +2267,7 @@
* for TLS be sure to prevent use of SSLv2
*/
SSL_CTX_set_options(tls_http_ctx,
- SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA);
+ SSL_OP_NO_SSLv2/*|SSL_OP_NO_SSLv3*/|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA);
SSL_CTX_set_info_callback(tls_http_ctx,ssl_client_info_callback);
@@ -2575,7 +2660,11 @@
int
ssl_verify_crl(int ok, X509_STORE_CTX *ctx)
{
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ X509_OBJECT *obj;
+#else
X509_OBJECT obj;
+#endif
X509_NAME *subject = NULL;
X509_NAME *issuer = NULL;
X509 *xs = NULL;
@@ -2595,6 +2684,14 @@
if (!crl_store)
return ok;
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ obj = X509_OBJECT_new();
+ if (!obj)
+ return(ok);
+#else
+ memset((char *)&obj, 0, sizeof(obj));
+#endif
+
store_ctx = X509_STORE_CTX_new();
if ( !store_ctx )
return(ok);
@@ -2641,11 +2738,16 @@
* Try to retrieve a CRL corresponding to the _subject_ of
* the current certificate in order to verify it's integrity.
*/
- memset((char *)&obj, 0, sizeof(obj));
X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
+ X509_STORE_CTX_cleanup(store_ctx);
+ crl = X509_OBJECT_get0_X509_CRL(obj);
+#else
rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, &obj);
X509_STORE_CTX_cleanup(store_ctx);
crl = obj.data.crl;
+#endif
if (rc > 0 && crl != NULL) {
/*
* Verify the signature on this CRL
@@ -2653,7 +2755,11 @@
if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) {
fprintf(stderr, "Invalid signature on CRL!\n");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ X509_OBJECT_free(obj);
+#else
X509_OBJECT_free_contents(&obj);
+#endif
X509_STORE_CTX_free(store_ctx);
return 0;
}
@@ -2661,12 +2767,16 @@
/*
* Check date of CRL to make sure it's not expired
*/
- i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
+ i = X509_cmp_current_time(X509_CRL_get0_nextUpdate(crl));
if (i == 0) {
fprintf(stderr, "Found CRL has invalid nextUpdate field.\n");
X509_STORE_CTX_set_error(ctx,
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ X509_OBJECT_free(obj);
+#else
X509_OBJECT_free_contents(&obj);
+#endif
X509_STORE_CTX_free(store_ctx);
return 0;
}
@@ -2675,22 +2785,38 @@
"Found CRL is expired - revoking all certificates until you get updated CRL.\n"
);
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ X509_OBJECT_free(obj);
+#else
X509_OBJECT_free_contents(&obj);
+#endif
X509_STORE_CTX_free(store_ctx);
return 0;
}
- X509_OBJECT_free_contents(&obj);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ X509_OBJECT_free(obj);
+#else
+ X509_OBJECT_free_contents(&obj);
+#endif
}
/*
* Try to retrieve a CRL corresponding to the _issuer_ of
* the current certificate in order to check for revocation.
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
memset((char *)&obj, 0, sizeof(obj));
+#endif
X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
+ X509_STORE_CTX_free(store_ctx); /* calls X509_STORE_CTX_cleanup() */
+ crl = X509_OBJECT_get0_X509_CRL(obj);
+#else
rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, &obj);
X509_STORE_CTX_free(store_ctx); /* calls X509_STORE_CTX_cleanup() */
crl = obj.data.crl;
+#endif
if (rc > 0 && crl != NULL) {
/*
* Check if the current certificate is revoked by this CRL
@@ -2698,19 +2824,34 @@
n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
for (i = 0; i < n; i++) {
revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked),
+ X509_get_serialNumber(xs)) == 0) { // }
+
+ serial = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(revoked));
+#else
if (ASN1_INTEGER_cmp(revoked->serialNumber,
X509_get_serialNumber(xs)) == 0) {
serial = ASN1_INTEGER_get(revoked->serialNumber);
+#endif
cp = X509_NAME_oneline(issuer, NULL, 0);
free(cp);
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ X509_OBJECT_free(obj);
+#else
X509_OBJECT_free_contents(&obj);
+#endif
return 0;
}
}
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ X509_OBJECT_free(obj);
+#else
X509_OBJECT_free_contents(&obj);
+#endif
}
return ok;
}
@@ -2877,6 +3018,7 @@
#ifndef OpenBSD
#ifndef FREEBSD4
#ifndef NETBSD15
+#ifndef __DragonFly__
#ifndef LINUX
#ifndef AIX41
#ifndef UW7
@@ -2919,6 +3061,7 @@
#endif /* UW7 */
#endif /* AIX41 */
#endif /* LINUX */
+#endif /* __DragonFly__ */
#endif /* NETBSD15 */
#endif /* FREEBSD4 */
#endif /* OpenBSD */
@@ -3057,7 +3200,7 @@
tls_is_anon(int x)
{
char buf[128];
- SSL_CIPHER * cipher;
+ const SSL_CIPHER * cipher;
SSL * ssl = NULL;
switch ( x ) {
@@ -3101,7 +3244,7 @@
tls_is_krb5(int x)
{
char buf[128];
- SSL_CIPHER * cipher;
+ const SSL_CIPHER * cipher;
SSL * ssl = NULL;
switch ( x ) {
@@ -4343,7 +4486,14 @@
if (!(fp = fopen(buf, "r")))
return 0;
while (!r && (file_cert = PEM_read_X509(fp, NULL, NULL, NULL))) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ const ASN1_BIT_STRING *peer_cert_sig, *file_cert_sig;
+ X509_get0_signature(&peer_cert_sig, NULL, peer_cert);
+ X509_get0_signature(&file_cert_sig, NULL, file_cert);
+ if (!ASN1_STRING_cmp(peer_cert_sig, file_cert_sig))
+#else
if (!ASN1_STRING_cmp(peer_cert->signature, file_cert->signature))
+#endif
r = 1;
X509_free(file_cert);
}

12
kermit/patches/patch-ac Normal file
View File

@ -0,0 +1,12 @@
$NetBSD: patch-ac,v 1.9 2011/08/25 14:54:06 hans Exp $
--- ckcdeb.h.orig 2010-08-23 15:30:56.000000000 +0200
+++ ckcdeb.h 2011-08-23 10:31:55.103102070 +0200
@@ -4532,7 +4532,6 @@ extern int errno;
following is an anachronism and should be the execption rather than the
rule.
*/
-extern int errno;
#endif /* __GLIBC__ */
#endif /* OS2 */
#endif /* VMS */

12
kermit/patches/patch-ad Normal file
View File

@ -0,0 +1,12 @@
$NetBSD: patch-ad,v 1.10 2012/05/17 20:29:13 christos Exp $
--- ckcmai.c.orig 2012-05-17 16:22:58.000000000 -0400
+++ ckcmai.c 2012-05-17 16:23:53.000000000 -0400
@@ -540,6 +540,7 @@
#include "ckcker.h" /* Kermit symbols */
#include "ckcnet.h" /* Network symbols */
+#include "ckupty.h" /* time.h */
#ifdef CK_SSL
#include "ck_ssl.h"

65
kermit/patches/patch-ae Normal file
View File

@ -0,0 +1,65 @@
$NetBSD: patch-ae,v 1.8 2020/07/30 03:03:07 gutteridge Exp $
Portability fixes for DragonFly, SunOS, and Linux.
The Linux fix is taken from upstream's 9.0.305 Alpha.01 release, and is
noted to be a temporary workaround, so it may change in form in a
pending release.
--- ckucmd.c.orig 2011-07-14 12:14:37.000000000 +0000
+++ ckucmd.c
@@ -7370,7 +7370,11 @@ cmdconchk() {
/* Here we must look inside the stdin buffer - highly platform dependent */
-#ifdef _IO_file_flags /* Linux */
+#ifdef __FILE_defined /* glibc 2.28 1 Aug 2018 */
+ x = (int) ((stdin->_IO_read_end) - (stdin->_IO_read_ptr));
+ debug(F101,"cmdconchk __FILE_defined","",x);
+#else /* __FILE_defined */
+#ifdef _IO_file_flags /* Linux (glibc 2.28 removed this symbol */
x = (int) ((stdin->_IO_read_end) - (stdin->_IO_read_ptr));
debug(F101,"cmdconchk _IO_file_flags","",x);
#else /* _IO_file_flags */
@@ -7382,8 +7386,19 @@ cmdconchk() {
#ifdef NOARROWKEYS
debug(F101,"cmdconchk NOARROWKEYS x","",0);
#else
+#if defined(__sun) && (defined(__amd64) || defined(__sparcv9))
+ struct sun_64_FILE {
+ unsigned char *_ptr; /* next character from/to here in buffer */
+ unsigned char *_base; /* the buffer */
+ unsigned char *_end; /* the end of the buffer */
+ ssize_t _cnt; /* number of available characters in buffer */
+ } *sun_64_stdin = (struct sun_64_FILE *)stdin;
+ debug(F101,"cmdconchk sun_64_stdin->_cnt","",sun_64_stdin->_cnt);
+ x = sun_64_stdin->_cnt;
+#else
debug(F101,"cmdconchk stdin->_cnt","",stdin->_cnt);
x = stdin->_cnt;
+#endif
#endif /* NOARROWKEYS */
#endif /* VMS */
if (x == 0) x = conchk();
@@ -7395,7 +7410,12 @@ cmdconchk() {
if (x == 0) x = conchk();
if (x < 0) x = 0;
#else /* USE_FILE_CNT */
-#ifdef USE_FILE_R /* FreeBSD, OpenBSD, etc */
+#if defined(__DragonFly__) && defined(feof_unlocked)
+ debug(F101,"cmdconchk stdin->_r","",((struct __FILE_public *)stdin)->_r);
+ x = ((struct __FILE_public *)stdin)->_r;
+ if (x == 0) x = conchk();
+ if (x < 0) x = 0;
+#elif defined(USE_FILE_R) /* FreeBSD, OpenBSD, etc */
debug(F101,"cmdconchk stdin->_r","",stdin->_r);
x = stdin->_r;
if (x == 0) x = conchk();
@@ -7407,6 +7427,7 @@ cmdconchk() {
#endif /* USE_FILE__CNT */
#endif /* USE_FILE_CNT */
#endif /* _IO_file_flags */
+#endif /* __FILE_defined */
#endif /* CMD_CONINC */
#endif /* OS2 */
return(x + y);

13
kermit/patches/patch-af Normal file
View File

@ -0,0 +1,13 @@
$NetBSD: patch-af,v 1.1 2005/12/18 23:15:43 joerg Exp $
--- ckuusr.c.orig 2005-12-18 23:04:34.000000000 +0000
+++ ckuusr.c
@@ -87,6 +87,8 @@ char *userv = "User Interface 8.0.278, 1
#define MULTINET_OLD_STYLE /* Leave select prototype undefined */
#endif /* MULTINET */
+#include <errno.h>
+
#include "ckcdeb.h"
#include "ckcasc.h"
#include "ckcker.h"

16
kermit/patches/patch-ag Normal file
View File

@ -0,0 +1,16 @@
$NetBSD: patch-ag,v 1.2 2011/08/25 14:54:06 hans Exp $
--- ckuus6.c.orig 2011-06-07 17:27:51.000000000 +0200
+++ ckuus6.c 2011-08-23 10:34:29.697605882 +0200
@@ -33,11 +33,7 @@
#endif /* def VMS [else] */
#endif /* NOSTAT */
-#ifdef VMS
-#ifndef TCPSOCKET
#include <errno.h>
-#endif /* TCPSOCKET */
-#endif /* VMS */
#ifdef datageneral
#define fgets(stringbuf,max,fd) dg_fgets(stringbuf,max,fd)

14
kermit/patches/patch-ah Normal file
View File

@ -0,0 +1,14 @@
$NetBSD: patch-ah,v 1.1 2005/12/18 23:15:43 joerg Exp $
--- ckcfns.c.orig 2005-12-18 23:06:48.000000000 +0000
+++ ckcfns.c
@@ -93,9 +93,7 @@ _PROTOTYP( long zfsize, (char *) );
#endif /* OS2ONLY */
#endif /* OS2 */
-#ifdef VMS
#include <errno.h>
-#endif /* VMS */
/* Externals from ckcmai.c */

13
kermit/patches/patch-aj Normal file
View File

@ -0,0 +1,13 @@
$NetBSD: patch-aj,v 1.1 2006/06/28 23:13:18 dbj Exp $
--- ckuus5.c.orig 2006-06-27 19:22:53.000000000 -0400
+++ ckuus5.c 2006-06-27 19:23:30.000000000 -0400
@@ -28,6 +28,8 @@
#include "ckcker.h"
#include "ckuusr.h"
+#include <errno.h>
+
#ifdef DCMDBUF
char *line; /* Character buffer for anything */
char *tmpbuf;

24
kermit/patches/patch-ak Normal file
View File

@ -0,0 +1,24 @@
$NetBSD: patch-ak,v 1.2 2020/04/08 15:22:07 rhialto Exp $
- Use version-flexible SSL/TLS method.
--- ckuus7.c.orig 2011-06-23 16:13:11.000000000 +0000
+++ ckuus7.c
@@ -32,6 +32,8 @@
#include "ckucmd.h"
#include "ckclib.h"
+#include <errno.h>
+
#ifdef VMS
#ifndef TCPSOCKET
#include <errno.h>
@@ -14340,7 +14342,7 @@ sho_auth(cx) int cx; {
if (ssl_con == NULL) {
SSL_library_init();
ssl_ctx = (SSL_CTX *)
- SSL_CTX_new((SSL_METHOD *)TLSv1_method());
+ SSL_CTX_new((SSL_METHOD *)SSLv23_method());
if (ssl_ctx != NULL)
ssl_con= (SSL *) SSL_new(ssl_ctx);
}

391
kermit/patches/patch-al Normal file
View File

@ -0,0 +1,391 @@
$NetBSD: patch-al,v 1.3 2014/06/23 22:24:24 christos Exp $
--- ckuath.c.orig 2011-06-13 13:26:54.000000000 -0400
+++ ckuath.c 2014-06-23 18:20:26.000000000 -0400
@@ -117,19 +117,6 @@
#include <time.h>
#include <fcntl.h>
#include <errno.h>
-#ifndef malloc
-#ifndef VMS
-#ifndef FREEBSD4
-#ifndef OpenBSD
-#ifdef MACOSX
-#include <sys/malloc.h>
-#else /* MACOSX */
-#include <malloc.h>
-#endif /* MACOSX */
-#endif /* OpenBSD */
-#endif /* FREEBSD4 */
-#endif /* VMS */
-#endif /* malloc */
#ifdef OS2
#include <io.h>
#endif /* OS2 */
@@ -149,7 +136,9 @@
#endif /* saveprintf */
#else /* HEIMDAL */
#include "krb5.h"
+#ifdef BETATEST
#include "profile.h"
+#endif
#include "com_err.h"
#ifdef KRB5_GET_INIT_CREDS_OPT_TKT_LIFE
#define KRB5_HAVE_GET_INIT_CREDS
@@ -417,7 +406,6 @@
char des_outpkt[2*RLOG_BUFSIZ+4]; /* needs to be > largest write size */
#ifdef KRB5
krb5_data desinbuf,desoutbuf;
-krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */
static krb5_data encivec_i[2], encivec_o[2];
enum krb5_kcmd_proto {
@@ -3145,8 +3133,13 @@
data.data = k4_session_key;
data.length = 8;
- code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0,
- &encdata, &data);
+ code = krb5_c_decrypt(k5_context,
+#ifdef HEIMDAL
+ k4_krbkey,
+#else
+ &k4_krbkey,
+#endif
+ 0, 0, &encdata, &data);
krb5_free_keyblock_contents(k5_context, &random_key);
@@ -3162,8 +3155,13 @@
data.data = k4_challenge;
data.length = 8;
- code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0,
- &encdata, &data);
+ code = krb5_c_decrypt(k5_context,
+#ifdef HEIMDAL
+ k4_krbkey,
+#else
+ &k4_krbkey,
+#endif
+ 0, 0, &encdata, &data);
#else /* MIT_CURRENT */
memset(k4_sched,0,sizeof(Schedule));
ckhexdump("auth_send",cred.session,8);
@@ -3295,7 +3293,7 @@
case AUTHTYPE_KERBEROS_V5:
debug(F111,"auth_send KRB5","k5_auth.length",k5_auth.length);
for ( i=0 ; i<k5_auth.length ; i++ ) {
- if ( (char *)k5_auth.data[i] == IAC )
+ if ( ((char *)k5_auth.data)[i] == IAC )
iaccnt++;
}
if ( k5_auth.length + iaccnt + 10 < sizeof(buf) ) {
@@ -4250,8 +4248,13 @@
kdata.data = k4_challenge;
kdata.length = 8;
- if (code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0,
- &encdata, &kdata)) {
+ if (code = krb5_c_decrypt(k5_context,
+#ifdef HEIMDAL
+ k4_krbkey,
+#else
+ &k4_krbkey,
+#endif
+ 0, 0, &encdata, &kdata)) {
com_err("k4_auth_is", code, "while decrypting challenge");
auth_finished(AUTH_REJECT);
return AUTH_FAILURE;
@@ -4752,9 +4755,11 @@
ap_opts |= AP_OPTS_MUTUAL_REQUIRED;
#ifdef HEIMDAL
+#ifdef notdef
r = krb5_auth_setkeytype(k5_context, auth_context, KEYTYPE_DES);
if (r)
com_err(NULL, r, "while setting auth keytype");
+#endif
r = krb5_auth_con_setaddrs_from_fd(k5_context,auth_context, &ttyfd);
if (r)
com_err(NULL, r, "while setting auth addrs");
@@ -4924,7 +4929,6 @@
skey.data = k5_session_key->contents;
#endif /* HEIMDAL */
} else {
-#ifdef HEIMDAL
switch ( k5_session_key->keytype ) {
case ETYPE_DES_CBC_CRC:
case ETYPE_DES_CBC_MD5:
@@ -4934,24 +4938,17 @@
break;
default:
skey.type = SK_GENERIC;
+#ifdef HEIMDAL
+ skey.length = k5_session_key->keyvalue.length;
+#else /* HEIMDAL */
skey.length = k5_session_key->length;
+#endif /* HEIMDAL */
encrypt_dont_support(ENCTYPE_DES_CFB64);
encrypt_dont_support(ENCTYPE_DES_OFB64);
}
+#ifdef HEIMDAL
skey.data = k5_session_key->keyvalue.data;
#else /* HEIMDAL */
- switch ( k5_session_key->enctype ) {
- case ENCTYPE_DES_CBC_CRC:
- case ENCTYPE_DES_CBC_MD5:
- case ENCTYPE_DES_CBC_MD4:
- skey.type = SK_DES;
- skey.length = 8;
- default:
- skey.type = SK_GENERIC;
- skey.length = k5_session_key->length;
- encrypt_dont_support(ENCTYPE_DES_CFB64);
- encrypt_dont_support(ENCTYPE_DES_OFB64);
- }
skey.data = k5_session_key->contents;
#endif /* HEIMDAL */
}
@@ -5038,7 +5035,6 @@
skey.data = k5_session_key->contents;
#endif /* HEIMDAL */
} else {
-#ifdef HEIMDAL
switch ( k5_session_key->keytype ) {
case ETYPE_DES_CBC_CRC:
case ETYPE_DES_CBC_MD5:
@@ -5047,21 +5043,15 @@
skey.length = 8;
default:
skey.type = SK_GENERIC;
+#ifdef HEIMDAL
+ skey.length = k5_session_key->keyvalue.length;
+#else /* HEIMDAL */
skey.length = k5_session_key->length;
+#endif /* HEIMDAL */
}
+#ifdef HEIMDAL
skey.data = k5_session_key->keyvalue.data;
#else /* HEIMDAL */
- switch ( k5_session_key->enctype ) {
- case ENCTYPE_DES_CBC_CRC:
- case ENCTYPE_DES_CBC_MD5:
- case ENCTYPE_DES_CBC_MD4:
- skey.type = SK_DES;
- skey.length = 8;
- break;
- default:
- skey.type = SK_GENERIC;
- skey.length = k5_session_key->length;
- }
skey.data = k5_session_key->contents;
#endif /* HEIMDAL */
}
@@ -5138,7 +5128,11 @@
}
if ( msg.length == 24 && !memcmp(msg.data,tls_verify,24) )
krb5_tls_verified = 1;
+#ifdef HEIMDAL
+ krb5_data_free(&msg);
+#else /* HEIMDAL */
krb5_free_data_contents(k5_context,&msg);
+#endif /* HEIMDAL */
if (krb5_tls_verified)
return(AUTH_SUCCESS);
}
@@ -5166,7 +5160,7 @@
krb5_context context;
krb5_auth_context auth_context;
krb5_data *inbuf;
- krb5_const_principal client;
+ krb5_principal client;
{
krb5_creds ** creds=NULL;
krb5_error_code retval;
@@ -5197,7 +5191,7 @@
if ((retval = krb5_cc_initialize(context, ccache, client)))
return(retval);
- if ((retval = krb5_rd_cred(context, auth_context, ccache, inbuf)))
+ if ((retval = krb5_rd_cred2(context, auth_context, ccache, inbuf)))
return(retval);
#else /* HEIMDAL */
if ((retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL)))
@@ -5472,17 +5466,17 @@
goto errout;
}
SendK5AuthSB(KRB5_TLS_VERIFY, msg.data, msg.length);
+#ifdef HEIMDAL
+ krb5_data_free(&msg);
+#else
krb5_free_data_contents(k5_context,&msg);
+#endif
}
#endif /* CK_SSL */
if ((how & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
/* do ap_rep stuff here */
if ((r = krb5_mk_rep(k5_context,
-#ifdef HEIMDAL
- &auth_context,
-#else /* HEIMDAL */
auth_context,
-#endif /* HEIMDAL */
&outbuf))) {
debug(F111,"k5_auth_is","krb5_mk_rep",r);
(void) ckstrncpy(errbuf, "Make reply failed: ",sizeof(errbuf));
@@ -5503,7 +5497,7 @@
{
szUserNameAuthenticated[0] = '\0';
} else {
- ckstrncpy(szUserNameAuthenticated,UIDBUFLEN,name);
+ ckstrncpy(szUserNameAuthenticated,name,UIDBUFLEN);
free(name);
}
}
@@ -9687,6 +9681,7 @@
return(-1);
}
+int
#ifdef CK_ANSIC
ck_krb4_destroy(struct krb_op_data * op)
#else
@@ -11228,7 +11223,12 @@
use_ivecs = 1;
- if (status = krb5_c_block_size(k5_context, k5_session_key->enctype,
+ if (status = krb5_c_block_size(k5_context,
+#ifdef HEIMDAL
+ k5_session_key->keytype,
+#else
+ k5_session_key->enctype,
+#endif
&blocksize)) {
/* XXX what do I do? */
printf("fatal kerberos 5 crypto library error\n");
@@ -11309,8 +11309,7 @@
krb5_ap_rep_enc_part *rep_ret = NULL;
krb5_data outbuf;
int rc;
- krb5_int32 seqno=0;
- krb5_int32 server_seqno=0;
+ int server_seqno=0;
char ** realmlist=NULL;
int buflen;
char tgt[256];
@@ -11388,7 +11387,11 @@
}
if (krb5_rlog_ver == KCMD_OLD_PROTOCOL)
+#ifdef HEIMDAL
+ get_cred->session.keytype=ETYPE_DES_CBC_CRC;
+#else
get_cred->keyblock.enctype=ENCTYPE_DES_CBC_CRC;
+#endif
/* Get ticket from credentials cache or kdc */
status = krb5_get_credentials(k5_context,
@@ -11429,10 +11432,11 @@
krb5_boolean is_des;
if (status = krb5_c_enctype_compare( k5_context,
- ENCTYPE_DES_CBC_CRC,
#ifdef HEIMDAL
+ ETYPE_DES_CBC_CRC,
ret_cred->session.keytype,
#else /* HEIMDAL */
+ ENCTYPE_DES_CBC_CRC,
ret_cred->keyblock.enctype,
#endif /* HEIMDAL */
&is_des)) {
@@ -11482,7 +11486,11 @@
&rep_ret,
NULL
);
+#ifdef HEIMDAL
+ krb5_data_free(&cksumdat);
+#else
krb5_free_data_contents(k5_context,&cksumdat);
+#endif
if (status) {
if ( !quiet )
@@ -11490,12 +11498,17 @@
error_message(status));
if (error) {
if ( !quiet ) {
- printf("Server returned error code %d (%s)\r\n",
- error->error,
- error_message(ERROR_TABLE_BASE_krb5 + error->error));
- if (error->text.length) {
- printf("Error text sent from server: %s\r\n",
- error->text.data);
+#ifdef HEIMDAL
+ int xerror = error->error_code;
+ char *xtext = *error->e_text;
+#else
+ int xerror = error->error;
+ char *xtext = error->text.length ? error->text.data : NULL;
+#endif
+ printf("Server returned error code %d (%s)\r\n", xerror,
+ error_message(ERROR_TABLE_BASE_krb5 + xerror));
+ if (xtext) {
+ printf("Error text sent from server: %s\r\n", xtext);
}
}
krb5_free_error(k5_context, error);
@@ -11505,7 +11518,11 @@
}
if (rep_ret) {
+#ifdef HEIMDAL
+ server_seqno = *rep_ret->seq_number;
+#else
server_seqno = rep_ret->seq_number;
+#endif
krb5_free_ap_rep_enc_part(k5_context, rep_ret);
}
@@ -11834,7 +11851,11 @@
rd_len = (rd_len << 8) | c;
if (status = krb5_c_encrypt_length(k5_context,
+#ifdef HEIMDAL
+ k5_session_key->keytype,
+#else
k5_session_key->enctype,
+#endif
use_ivecs ? rd_len + 4 : rd_len,
(size_t *)&net_len)) {
errno = status;
@@ -11865,9 +11886,15 @@
plain.length = sizeof(storage);
plain.data = storage;
- if ( status = krb5_c_decrypt(k5_context, k5_session_key, KCMD_KEYUSAGE,
+ if ( status = krb5_c_decrypt(k5_context,
+#ifdef HEIMDAL
+ *k5_session_key,
+#else
+ k5_session_key,
+#endif
+ KCMD_KEYUSAGE,
use_ivecs ? encivec_i + secondary : 0,
- &cipher,&plain) ) {
+ &cipher,&plain) ) {
/* probably out of sync */
printf("Cannot decrypt data from network: %s\r\n",
error_message(status));
@@ -12759,8 +12786,8 @@
static int
binaryEqual (a, b, len)
-register char *a, *b;
-register int len;
+char *a, *b;
+int len;
{
while (len--)
if (*a++ != *b++)

14
kermit/patches/patch-am Normal file
View File

@ -0,0 +1,14 @@
$NetBSD: patch-am,v 1.1 2011/05/14 19:27:53 hans Exp $
--- ckuusx.c.orig 2004-03-14 18:13:23.000000000 +0100
+++ ckuusx.c 2009-12-26 23:23:19.652637206 +0100
@@ -70,6 +70,9 @@ _PROTOTYP(char * os2_gethostname, (void)
#ifdef BSD44
#include <errno.h>
#endif /* BSD44 */
+#ifdef SOLARIS
+#include <errno.h>
+#endif
extern xx_strp xxstring;

31
kermit/patches/patch-ckcftp.c Normal file
View File

@ -0,0 +1,31 @@
$NetBSD: patch-ckcftp.c,v 1.1 2020/04/08 16:22:00 rhialto Exp $
Use SSLv23_client_method() because it is version-flexible.
The difference that Kermit makes between SSL and TLS is gone.
--- ckcftp.c.orig 2011-07-14 18:17:30.000000000 +0200
+++ ckcftp.c 2020-04-06 17:01:35.943676852 +0200
@@ -10196,19 +10196,19 @@
#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0L
#endif
if (auth_type && !strcmp(auth_type,"TLS")) {
- ssl_ftp_ctx=SSL_CTX_new(SSLv3_client_method());
+ ssl_ftp_ctx=SSL_CTX_new(SSLv23_client_method());
if (!ssl_ftp_ctx)
return(0);
SSL_CTX_set_options(ssl_ftp_ctx,
SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
);
} else {
- ssl_ftp_ctx = SSL_CTX_new(ftp_bug_use_ssl_v2 ? SSLv23_client_method() :
- SSLv3_client_method());
+ ssl_ftp_ctx = SSL_CTX_new(SSLv23_client_method());
if (!ssl_ftp_ctx)
return(0);
SSL_CTX_set_options(ssl_ftp_ctx,
- (ftp_bug_use_ssl_v2 ? 0 : SSL_OP_NO_SSLv2)|
+
+ (ftp_bug_use_ssl_v2 ? 0 : SSL_OP_NO_SSLv2/*|SSL_OP_NO_SSLv3*/)|
SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
);
}

19
kermit/patches/patch-ckcpro.w Normal file
View File

@ -0,0 +1,19 @@
$NetBSD: patch-ckcpro.w,v 1.1 2019/04/11 02:21:09 mrg Exp $
dest is an int.
ffc and calibrate are CK_OFF_Ts.
--- ckcpro.w.orig 2011-06-07 11:39:21.000000000 -0700
+++ ckcpro.w 2019-04-10 19:15:37.736900735 -0700
@@ -151,8 +151,9 @@
extern int quiet, tsecs, parity, backgrd, nakstate, atcapu, wslotn, winlo;
extern int wslots, success, xitsta, rprintf, discard, cdtimo, keep, fdispla;
extern int timef, stdinf, rscapu, sendmode, epktflg, epktrcvd, epktsent;
- extern int binary, fncnv;
- extern long speed, ffc, crc16, calibrate, dest;
+ extern int binary, fncnv, dest;
+ extern CK_OFF_T ffc, calibrate;
+ extern long speed, crc16;
#ifdef COMMENT
extern char *TYPCMD, *DIRCMD, *DIRCM2;
#endif /* COMMENT */

40
kermit/patches/patch-ckupty.c Normal file
View File

@ -0,0 +1,40 @@
$NetBSD: patch-ckupty.c,v 1.1 2015/11/07 23:20:59 dholland Exp $
Always use termios, never sgtty.h.
--- ckupty.c~ 2011-06-13 15:34:13.000000000 +0000
+++ ckupty.c
@@ -79,33 +79,7 @@ char * ptyver = "PTY support 8.0.016, 22
#endif /* SUNOS41 */
#ifndef USE_TERMIO
-#ifdef LINUX
-#define USE_TERMIO
-#else
-#ifdef ATTSV
-#define USE_TERMIO
-#else
-#ifdef HPUX
-#define USE_TERMIO
-#else
-#ifdef AIX
-#define USE_TERMIO
-#else
-#ifdef BSD44ORPOSIX
#define USE_TERMIO
-#else
-#ifdef IRIX60
-#define USE_TERMIO
-#else
-#ifdef QNX
-#define USE_TERMIO
-#endif /* QNX */
-#endif /* IRIX60 */
-#endif /* BSD44ORPOSIX */
-#endif /* AIX */
-#endif /* HPUX */
-#endif /* ATTSV */
-#endif /* LINUX */
#endif /* USE_TERMIO */
#ifdef QNX

15
kermit/patches/patch-ckuus3.c Normal file
View File

@ -0,0 +1,15 @@
$NetBSD: patch-ckuus3.c,v 1.1 2020/04/08 15:22:07 rhialto Exp $
Use version-flexible method.
--- ckuus3.c.orig 2011-06-26 18:20:07.000000000 +0000
+++ ckuus3.c
@@ -13048,7 +13048,7 @@ case XYDEBU:
if (ssl_con == NULL) {
SSL_library_init();
ssl_ctx = (SSL_CTX *)
- SSL_CTX_new((SSL_METHOD *)TLSv1_method());
+ SSL_CTX_new((SSL_METHOD *)SSLv23_method());
if (ssl_ctx != NULL)
ssl_con= (SSL *) SSL_new(ssl_ctx);
}

29
kermit/patches/patch-ckuus4.c Normal file
View File

@ -0,0 +1,29 @@
$NetBSD: patch-ckuus4.c,v 1.1 2019/04/11 02:21:09 mrg Exp $
Always include errno.h.
crc16 is a long.
--- ckuus4.c.orig 2011-06-24 11:58:10.000000000 -0700
+++ ckuus4.c 2019-04-10 18:25:09.650654615 -0700
@@ -34,8 +34,9 @@
#include "ck_ssl.h"
#endif /* CK_SSL */
+#include <errno.h>
+
#ifdef VMS
-#include <errno.h> /* For \v(errno) */
extern char * ckvmserrstr(unsigned long);
#ifndef OLD_VMS
#include <lib$routines.h> /* Not for VAX C 2.4 */
@@ -409,7 +410,9 @@
npad, pkttim, bigrbsiz, bigsbsiz, keep, atcapr, autopar, bctr, bctu,
crunched, ckdelay, ebq, ebqflg, pktlog, retrans, rpackets, rptflg, rptq,
rtimo, spackets, spsiz, spsizf, spsizr, timeouts, fncact, fncnv, urpsiz,
- wmax, wslotn, wslotr, fdispla, spmax, fnrpath, fnspath, crc16;
+ wmax, wslotn, wslotr, fdispla, spmax, fnrpath, fnspath;
+extern long
+ crc16;
#endif /* NOXFER */
#ifdef OS2