<pre style='margin:0'>
Frank Schima (mf2k) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/c0359f03247a4c95712e64d2329dc8328962244b">https://github.com/macports/macports-ports/commit/c0359f03247a4c95712e64d2329dc8328962244b</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new c0359f0 cclient: Patch to work with OpenSSL v1.1
</span>c0359f0 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit c0359f03247a4c95712e64d2329dc8328962244b
</span>Author: Chris Minett <chris@minett.me.uk>
AuthorDate: Tue Sep 24 07:19:02 2019 +0100
<span style='display:block; white-space:pre;color:#404040;'> cclient: Patch to work with OpenSSL v1.1
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> Apply FreeBSD patch from https://bugs.freebsd.org/bugzilla/attachment.cgi?id=198493&action=edit
</span><span style='display:block; white-space:pre;color:#404040;'> Closes https://trac.macports.org/ticket/58973
</span>---
mail/cclient/Portfile | 2 ++
mail/cclient/files/patch-03-openssl_1_1 | 59 +++++++++++++++++++++++++++++++++
2 files changed, 61 insertions(+)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/mail/cclient/Portfile b/mail/cclient/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 017e981..bc7f6de 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/mail/cclient/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/mail/cclient/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -70,6 +70,8 @@ variant ssl_plaintext description {Allow plaintext passwords over SSL} {
</span> build.args-append SSLTYPE=unix
}
<span style='display:block; white-space:pre;background:#e0ffe0;'>+patchfiles-append patch-03-openssl_1_1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> variant universal {
build.args-append EXTRACFLAGS="${configure.universal_cflags}" EXTRALDFLAGS="${configure.universal_ldflags}"
}
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/mail/cclient/files/patch-03-openssl_1_1 b/mail/cclient/files/patch-03-openssl_1_1
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..60024d3
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/mail/cclient/files/patch-03-openssl_1_1
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,59 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Description: Support OpenSSL 1.1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ When building with OpenSSL 1.1 and newer, use the new built-in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ hostname verification instead of code that doesn't compile due to
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ structs having been made opaque.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Patch derived from https://bugs.freebsd.org/bugzilla/attachment.cgi?id=198493&action=edit
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+which itself was obtained from: https://sources.debian.org/data/main/u/uw-imap/8:2007f~dfsg-5/debian/patches/1006_openssl1.1_autoverify.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- src/osdep/unix/ssl_unix.c.orig
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ src/osdep/unix/ssl_unix.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /* disable certificate validation? */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (flags & NET_NOVALIDATECERT)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ else {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#if OPENSSL_VERSION_NUMBER >= 0x10100000
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ X509_VERIFY_PARAM_set1_host(param, host, 0);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /* set default paths to CAs... */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ SSL_CTX_set_default_verify_paths (stream->context);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /* ...unless a non-standard path desired */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (SSL_write (stream->con,"",0) < 0)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /* need to validate host names? */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#if OPENSSL_VERSION_NUMBER < 0x10100000
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (!(flags & NET_NOVALIDATECERT) &&
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ host))) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return ssl_last_error = cpystr (tmp);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return NIL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * Returns: NIL if validated, else string of error message
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#if OPENSSL_VERSION_NUMBER < 0x10100000
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ static char *ssl_validate_cert (X509 *cert,char *host)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ int i,n;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ else ret = "Unable to locate common name in certificate";
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return ret;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /* Case-independent wildcard pattern match
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * Accepts: base string
</span></pre><pre style='margin:0'>
</pre>