Attachment #180532 for bug #216790




# $FreeBSD$

PORTNAME=	postfix
DISTVERSION=	3.2.0
PORTREVISION?=	0
PORTEPOCH=	5
CATEGORIES=	mail ipv6

POSTFIX_DYN_AUXLIBS+=	"AUXLIBS_LMDB=-L${LOCALBASE}/lib -llmdb"
.endif

.if ${SSL_DEFAULT:Mlibressl-devel}
EXTRA_PATCHES=	${FILESDIR}/libressl-devel-patch-src_tls_tls__dh.c
.endif

.if ${SSL_DEFAULT:Mlibressl}
EXTRA_PATCHES=	${FILESDIR}/libressl-patch-src_tls_tls__dh.c
.endif

# sed script for files in ${WRKSRC}/README_FILES ${WRKSRC}/conf ${WRKSRC}/man
REINPLACE=	s!^PATH=.*!PATH=/bin:/sbin:/usr/bin:/usr/sbin:${PREFIX}/bin:${PREFIX}/sbin!;\
		s!(_directory = )/usr/!\1${PREFIX}/!g;\

Lines 1-3 Link Here

(-)distinfo (-3 / +3 lines)
1	TIMESTAMP = 1486916580	1	TIMESTAMP = 1488713763
2	SHA256 (postfix/postfix-3.2.0-RC1.tar.gz) = 224b62a5e33095b9bab07d7629b4975736162112666e66ed4a5edee26e73d180	2	SHA256 (postfix/postfix-3.2.0.tar.gz) = 420726e79622620394fd17799e49268dada7041ea067ca3aa1c8bf155b9aa487
3	SIZE (postfix/postfix-3.2.0-RC1.tar.gz) = 4405042	3	SIZE (postfix/postfix-3.2.0.tar.gz) = 4389547




$OpenBSD: patch-src_tls_tls_dh_c,v 1.1 2017/03/04 22:09:43 sthen Exp $

Fix building with LibreSSL

--- src/tls/tls_dh.c.orig	Mon Dec 26 18:47:24 2016
+++ src/tls/tls_dh.c	Sat Feb  4 01:45:39 2017
@@ -314,7 +314,7 @@ void    tls_auto_eecdh_curves(SSL_CTX *ctx)
      * This is a NOP in OpenSSL 1.1.0 and later, where curves are always
      * auto-negotiated.
      */
-#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL || defined(LIBRESSL_VERSION_NUMBER)
     if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0) {
 	msg_warn("failed to enable automatic ECDHE curve selection");
 	tls_print_errors();

Lines 1-6 Link Here

(-)files/patch-makedefs (-2 / +2 lines)
1	--- makedefs.orig 2016-06-26 00:02:58 UTC	1	--- makedefs.orig 2017-02-12 15:32:10 UTC
2	+++ makedefs	2	+++ makedefs
3	@@ -279,6 +279,24 @@ case "$SYSTEM.$RELEASE" in	3	@@ -284,6 +284,24 @@ case "$SYSTEM.$RELEASE" in
4	: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}	4	: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
5	: ${PLUGIN_LD="${CC} -shared"}	5	: ${PLUGIN_LD="${CC} -shared"}
6	;;	6	;;

Lines 1-6 Link Here

(-)files/patch-src__util__sys_defs.h (-2 / +2 lines)
1	--- src/util/sys_defs.h.orig 2016-07-09 20:09:34 UTC	1	--- src/util/sys_defs.h.orig 2017-02-02 01:31:15 UTC
2	+++ src/util/sys_defs.h	2	+++ src/util/sys_defs.h
3	@@ -27,6 +27,7 @@	3	@@ -30,6 +30,7 @@
4	#if defined(FREEBSD2) \|\| defined(FREEBSD3) \|\| defined(FREEBSD4) \	4	#if defined(FREEBSD2) \|\| defined(FREEBSD3) \|\| defined(FREEBSD4) \
5	\|\| defined(FREEBSD5) \|\| defined(FREEBSD6) \|\| defined(FREEBSD7) \	5	\|\| defined(FREEBSD5) \|\| defined(FREEBSD6) \|\| defined(FREEBSD7) \
6	\|\| defined(FREEBSD8) \|\| defined(FREEBSD9) \|\| defined(FREEBSD10) \	6	\|\| defined(FREEBSD8) \|\| defined(FREEBSD9) \|\| defined(FREEBSD10) \

Lines 1-6 Link Here

(-)files/patch-src_posttls-finger_posttls-finger.c (-3 / +3 lines)
1	--- src/posttls-finger/posttls-finger.c.orig 2016-08-27 20:27:50 UTC	1	--- src/posttls-finger/posttls-finger.c.orig 2017-02-03 22:43:04 UTC
2	+++ src/posttls-finger/posttls-finger.c	2	+++ src/posttls-finger/posttls-finger.c
3	@@ -1511,7 +1511,8 @@ static int finger(STATE *state)	3	@@ -1513,7 +1513,8 @@ static int finger(STATE *state)
4	return (0);	4	return (0);
5	}	5	}
6		6
Lines 10-16 Link Here
10		10
11	/* ssl_cleanup - free memory allocated in the OpenSSL library */	11	/* ssl_cleanup - free memory allocated in the OpenSSL library */
12		12
13	@@ -1958,7 +1959,8 @@ int main(int argc, char *argv[])	13	@@ -1966,7 +1967,8 @@ int main(int argc, char *argv[])
14	cleanup(&state);	14	cleanup(&state);
15		15
16	/* OpenSSL 1.1.0 and later (de)initialization is implicit */	16	/* OpenSSL 1.1.0 and later (de)initialization is implicit */




# fix build against LibreSSL
# Obtained from: http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/mail/postfix/stable/patches/
# 
--- src/tls/tls.h.orig	2017-01-01 22:22:13 UTC
+++ src/tls/tls.h
@@ -89,7 +89,7 @@ extern const char *str_tls_level(int);
 #endif

 #define OpenSSL_version_num SSLeay
 #define OpenSSL_version SSLeay_version
 #define OPENSSL_VERSION SSLEAY_VERSION
@@ -104,6 +104,9 @@ extern const char *str_tls_level(int);
 #define ASN1_STRING_get0_data ASN1_STRING_data
 #define X509_getm_notBefore X509_get_notBefore
 #define X509_getm_notAfter X509_get_notAfter
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #define TLS_method SSLv23_method
 #define TLS_client_method SSLv23_client_method
 #define TLS_server_method SSLv23_server_method

Lines 1-4 Link Here

(-)files/patch-src_tls_tls__client.c (-2 / +2 lines)
1	--- src/tls/tls_client.c.orig 2016-08-27 20:27:50 UTC	1	--- src/tls/tls_client.c.orig 2017-01-01 22:22:13 UTC
2	+++ src/tls/tls_client.c	2	+++ src/tls/tls_client.c
3	@@ -299,7 +299,7 @@ TLS_APPL_STATE *tls_client_init(const TL	3	@@ -299,7 +299,7 @@ TLS_APPL_STATE *tls_client_init(const TL
4	*/	4	*/
Lines 9-15 Link Here
9		9
10	/*	10	/*
11	* Initialize the OpenSSL library by the book! To start with, we must	11	* Initialize the OpenSSL library by the book! To start with, we must
12	@@ -441,7 +441,7 @@ TLS_APPL_STATE *tls_client_init(const TL	12	@@ -433,7 +433,7 @@ TLS_APPL_STATE *tls_client_init(const TL
13	/*	13	/*
14	* 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev	14	* 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
15	*/	15	*/

Lines 1-6 Link Here

(-)files/patch-src_tls_tls__dane.c (-2 / +2 lines)
1	--- src/tls/tls_dane.c.orig 2016-08-27 20:27:50 UTC	1	--- src/tls/tls_dane.c.orig 2017-02-19 01:58:21 UTC
2	+++ src/tls/tls_dane.c	2	+++ src/tls/tls_dane.c
3	@@ -2163,7 +2163,7 @@ static SSL_CTX ctx_init(const char CAf	3	@@ -2125,7 +2125,7 @@ static SSL_CTX ctx_init(const char CAf
4	tls_param_init();	4	tls_param_init();
5	tls_check_version();	5	tls_check_version();
6		6




PR 216732: Fix build with libressl < 2.5.1
=========================================================
--- src/tls/tls_dh.c.orig	2016-12-26 23:47:24 UTC
+++ src/tls/tls_dh.c
@@ -94,7 +94,7 @@
 #define TLS_INTERNAL
 #include <tls.h>
 #include <openssl/dh.h>
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH)
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) && !defined(LIBRESSL_VERSION_NUMBER)
 #include <openssl/ec.h>
 #endif
 
@@ -244,7 +244,7 @@ DH     *tls_tmp_dh_cb(SSL *unused_ssl, i
 
 void    tls_auto_eecdh_curves(SSL_CTX *ctx)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH)
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) && !defined(LIBRESSL_VERSION_NUMBER)
     SSL_CTX *tmpctx;
     int    *nids;
     int     space = 5;
@@ -337,14 +337,14 @@ void    tls_set_eecdh_curve(SSL_CTX *ser
 #define TLS_EECDH_NONE		1
 #define TLS_EECDH_STRONG	2
 #define TLS_EECDH_ULTRA		3
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(LIBRESSL_VERSION_NUMBER)
 #define TLS_EECDH_AUTO		4
 #endif
     static NAME_CODE eecdh_table[] = {
 	"none", TLS_EECDH_NONE,
 	"strong", TLS_EECDH_STRONG,
 	"ultra", TLS_EECDH_ULTRA,
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(LIBRESSL_VERSION_NUMBER)
 	"auto", TLS_EECDH_AUTO,
 #endif
 	0, TLS_EECDH_INVALID,
@@ -364,7 +364,7 @@ void    tls_set_eecdh_curve(SSL_CTX *ser
     case TLS_EECDH_ULTRA:
 	curve = var_tls_eecdh_ultra;
 	break;
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(LIBRESSL_VERSION_NUMBER)
     case TLS_EECDH_AUTO:
 	tls_auto_eecdh_curves(server_ctx);
 	return;

Lines 1-4 Link Here

(-)files/patch-src_tls_tls__server.c (-2 / +2 lines)
1	--- src/tls/tls_server.c.orig 2016-08-27 20:27:50 UTC	1	--- src/tls/tls_server.c.orig 2017-01-01 22:22:13 UTC
2	+++ src/tls/tls_server.c	2	+++ src/tls/tls_server.c
3	@@ -174,7 +174,7 @@ static const char server_session_id_cont	3	@@ -174,7 +174,7 @@ static const char server_session_id_cont
4	#endif /* OPENSSL_VERSION_NUMBER */	4	#endif /* OPENSSL_VERSION_NUMBER */
Lines 18-24 Link Here
18		18
19	/*	19	/*
20	* Initialize the OpenSSL library by the book! To start with, we must	20	* Initialize the OpenSSL library by the book! To start with, we must
21	@@ -588,7 +588,7 @@ TLS_APPL_STATE *tls_server_init(const TL	21	@@ -580,7 +580,7 @@ TLS_APPL_STATE *tls_server_init(const TL
22	/*	22	/*
23	* 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev	23	* 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
24	*/	24	*/

Return to bug 216790

Lines 2-8 Link Here

(-)Makefile (-1 / +9 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= postfix	4	PORTNAME= postfix
5	DISTVERSION= 3.2.0-RC1	5	DISTVERSION= 3.2.0
6	PORTREVISION?= 0	6	PORTREVISION?= 0
7	PORTEPOCH= 5	7	PORTEPOCH= 5
8	CATEGORIES= mail ipv6	8	CATEGORIES= mail ipv6
Lines 250-255 Link Here
250	POSTFIX_DYN_AUXLIBS+= "AUXLIBS_LMDB=-L${LOCALBASE}/lib -llmdb"	250	POSTFIX_DYN_AUXLIBS+= "AUXLIBS_LMDB=-L${LOCALBASE}/lib -llmdb"
251	.endif	251	.endif
252		252
		253	.if ${SSL_DEFAULT:Mlibressl-devel}
		254	EXTRA_PATCHES= ${FILESDIR}/libressl-devel-patch-src_tls_tls__dh.c
		255	.endif
		256
		257	.if ${SSL_DEFAULT:Mlibressl}
		258	EXTRA_PATCHES= ${FILESDIR}/libressl-patch-src_tls_tls__dh.c
		259	.endif
		260
253	# sed script for files in ${WRKSRC}/README_FILES ${WRKSRC}/conf ${WRKSRC}/man	261	# sed script for files in ${WRKSRC}/README_FILES ${WRKSRC}/conf ${WRKSRC}/man
254	REINPLACE= s!^PATH=.*!PATH=/bin:/sbin:/usr/bin:/usr/sbin:${PREFIX}/bin:${PREFIX}/sbin!;\	262	REINPLACE= s!^PATH=.*!PATH=/bin:/sbin:/usr/bin:/usr/sbin:${PREFIX}/bin:${PREFIX}/sbin!;\
255	s!(_directory = )/usr/!\1${PREFIX}/!g;\	263	s!(_directory = )/usr/!\1${PREFIX}/!g;\

Line 0 Link Here

(-)files/libressl-devel-patch-src_tls_tls__dh.c (+15 lines)
	1	$OpenBSD: patch-src_tls_tls_dh_c,v 1.1 2017/03/04 22:09:43 sthen Exp $
	2
	3	Fix building with LibreSSL
	4
	5	--- src/tls/tls_dh.c.orig Mon Dec 26 18:47:24 2016
	6	+++ src/tls/tls_dh.c Sat Feb 4 01:45:39 2017
	7	@@ -314,7 +314,7 @@ void tls_auto_eecdh_curves(SSL_CTX *ctx)
	8	* This is a NOP in OpenSSL 1.1.0 and later, where curves are always
	9	* auto-negotiated.
	10	*/
	11	-#if OPENSSL_VERSION_NUMBER < 0x10100000UL
	12	+#if OPENSSL_VERSION_NUMBER < 0x10100000UL \|\| defined(LIBRESSL_VERSION_NUMBER)
	13	if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0) {
	14	msg_warn("failed to enable automatic ECDHE curve selection");
	15	tls_print_errors();

Lines 1-7 Link Here

(-)files/patch-src_tls_tls.h (-1 / +11 lines)
1	# fix build against LibreSSL	1	# fix build against LibreSSL
2	# Obtained from: http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/mail/postfix/stable/patches/	2	# Obtained from: http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/mail/postfix/stable/patches/
3	#	3	#
4	--- src/tls/tls.h.orig 2016-02-06 20:09:41 UTC	4	--- src/tls/tls.h.orig 2017-01-01 22:22:13 UTC
5	+++ src/tls/tls.h	5	+++ src/tls/tls.h
6	@@ -89,7 +89,7 @@ extern const char *str_tls_level(int);	6	@@ -89,7 +89,7 @@ extern const char *str_tls_level(int);
7	#endif	7	#endif
Lines 12-14 Link Here
12	#define OpenSSL_version_num SSLeay	12	#define OpenSSL_version_num SSLeay
13	#define OpenSSL_version SSLeay_version	13	#define OpenSSL_version SSLeay_version
14	#define OPENSSL_VERSION SSLEAY_VERSION	14	#define OPENSSL_VERSION SSLEAY_VERSION
		15	@@ -104,6 +104,9 @@ extern const char *str_tls_level(int);
		16	#define ASN1_STRING_get0_data ASN1_STRING_data
		17	#define X509_getm_notBefore X509_get_notBefore
		18	#define X509_getm_notAfter X509_get_notAfter
		19	+#endif
		20	+
		21	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		22	#define TLS_method SSLv23_method
		23	#define TLS_client_method SSLv23_client_method
		24	#define TLS_server_method SSLv23_server_method

Lines 1-48 Link Here

(-)files/patch-src_tls_tls__dh.c (-48 lines)
1	PR 216732: Fix build with libressl < 2.5.1
2	=========================================================
3	--- src/tls/tls_dh.c.orig 2016-12-26 23:47:24 UTC
4	+++ src/tls/tls_dh.c
5	@@ -94,7 +94,7 @@
6	#define TLS_INTERNAL
7	#include <tls.h>
8	#include <openssl/dh.h>
9	-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH)
10	+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) && !defined(LIBRESSL_VERSION_NUMBER)
11	#include <openssl/ec.h>
12	#endif
13
14	@@ -244,7 +244,7 @@ DH tls_tmp_dh_cb(SSL unused_ssl, i
15
16	void tls_auto_eecdh_curves(SSL_CTX *ctx)
17	{
18	-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH)
19	+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) && !defined(LIBRESSL_VERSION_NUMBER)
20	SSL_CTX *tmpctx;
21	int *nids;
22	int space = 5;
23	@@ -337,14 +337,14 @@ void tls_set_eecdh_curve(SSL_CTX *ser
24	#define TLS_EECDH_NONE 1
25	#define TLS_EECDH_STRONG 2
26	#define TLS_EECDH_ULTRA 3
27	-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL
28	+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(LIBRESSL_VERSION_NUMBER)
29	#define TLS_EECDH_AUTO 4
30	#endif
31	static NAME_CODE eecdh_table[] = {
32	"none", TLS_EECDH_NONE,
33	"strong", TLS_EECDH_STRONG,
34	"ultra", TLS_EECDH_ULTRA,
35	-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL
36	+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(LIBRESSL_VERSION_NUMBER)
37	"auto", TLS_EECDH_AUTO,
38	#endif
39	0, TLS_EECDH_INVALID,
40	@@ -364,7 +364,7 @@ void tls_set_eecdh_curve(SSL_CTX *ser
41	case TLS_EECDH_ULTRA:
42	curve = var_tls_eecdh_ultra;
43	break;
44	-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL
45	+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(LIBRESSL_VERSION_NUMBER)
46	case TLS_EECDH_AUTO:
47	tls_auto_eecdh_curves(server_ctx);
48	return;