Hi all, update libstrophe to the latest stable version. See changelog:
- OpenSSL tls module verifies certificate by default. Set flag XMPP_CONN_FLAG_TRUST_TLS to ignore result of the verification - Certificate hostname verification is forced for openssl-1.0.2 and newer - OpenSSL tls module disables insecure SSLv2 SSLv3 and TLSv1 - Support of handlers with the same callback function, but different userdata - System handlers are deleted on xmpp_conn_t reconnection. Old system handlers could cause problems - Default timeout for xmpp_run() is increased from 1 millisecond to 1 second in order to reduce CPU consumption - Reduced memory usage in expat module - New functions: xmpp_ctx_set_timeout(), xmpp_sha1_digest() Tested with the only consumer net/profanity on amd64. All test passed. Ok? Comments? Rafael Sadowsi Index: Makefile =================================================================== RCS file: /cvs/ports/net/libstrophe/Makefile,v retrieving revision 1.2 diff -u -p -u -p -r1.2 Makefile --- Makefile 29 Nov 2016 22:24:40 -0000 1.2 +++ Makefile 15 Mar 2018 13:50:19 -0000 @@ -2,32 +2,32 @@ COMMENT = simple, lightweight XMPP C library -GH_ACCOUNT = strophe -GH_PROJECT = libstrophe -GH_TAGNAME = 0.9.1 +V = 0.9.2 +DISTNAME = libstrophe-${V} -SHARED_LIBS = strophe 1.0 # 1.0 +SHARED_LIBS = strophe 2.0 # 1.0 CATEGORIES = net devel HOMEPAGE = http://strophe.im/libstrophe/ -MAINTAINER = Rafael Sadowski <raf...@sizeofvoid.org> +MAINTAINER = Rafael Sadowski <rsadow...@openbsd.org> # Dual licensed: MIT and GPLv3 PERMIT_PACKAGE_CDROM = Yes WANTLIB += crypto expat ssl -BUILD_DEPENDS = ${MODGNU_AUTOCONF_DEPENDS} \ - ${MODGNU_AUTOMAKE_DEPENDS} \ - devel/libtool +MASTER_SITES = https://github.com/strophe/libstrophe/releases/download/${V}/ + +BUILD_DEPENDS = devel/libtool # Only needed for tests, but cannot be a TEST_DEPENDS. # Check must be present at build time for tests to work. BUILD_DEPENDS += devel/check USE_GMAKE = Yes + CONFIGURE_STYLE = gnu MAKE_FLAGS = CC="${CC}" CFLAGS="${CFLAGS}" @@ -35,14 +35,5 @@ MAKE_FLAGS = CC="${CC}" CFLAGS="${CFLAG CONFIGURE_ENV += CPPFLAGS="-I${LOCALBASE}/include" \ LDFLAGS="-L${LOCALBASE}/lib" -AUTOCONF_VERSION = 2.69 -AUTOMAKE_VERSION = 1.11 - -post-patch: - @mkdir -p ${WRKSRC}/m4 # need for autoreconf - -pre-configure: - cd ${WRKSRC} && ${SETENV} AUTOMAKE_VERSION=${AUTOMAKE_VERSION} \ - AUTOCONF_VERSION=${AUTOCONF_VERSION} autoreconf --install .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /cvs/ports/net/libstrophe/distinfo,v retrieving revision 1.2 diff -u -p -u -p -r1.2 distinfo --- distinfo 29 Nov 2016 22:24:40 -0000 1.2 +++ distinfo 15 Mar 2018 13:50:19 -0000 @@ -1,2 +1,2 @@ -SHA256 (libstrophe-0.9.1.tar.gz) = yQST+YblvUBxMsWj4XQ3jALLgPpOruKYdeBrS7pq/MM= -SIZE (libstrophe-0.9.1.tar.gz) = 153142 +SHA256 (libstrophe-0.9.2.tar.gz) = eH5qO5K5i2HMToo+cWWTyYZOL+KlWl9JyecOzRfEdNc= +SIZE (libstrophe-0.9.2.tar.gz) = 500459 Index: patches/patch-src_tls_openssl_c =================================================================== RCS file: patches/patch-src_tls_openssl_c diff -N patches/patch-src_tls_openssl_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_tls_openssl_c 15 Mar 2018 13:50:19 -0000 @@ -0,0 +1,41 @@ +$OpenBSD$ + +Index: src/tls_openssl.c +--- src/tls_openssl.c.orig ++++ src/tls_openssl.c +@@ -51,7 +51,7 @@ static void _tls_log_error(xmpp_ctx_t *ctx); + + void tls_initialize(void) + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + SSL_library_init(); + SSL_load_error_strings(); + #else +@@ -66,14 +66,14 @@ void tls_shutdown(void) + * openssl after libstrophe finalization. Maybe better leak some fixed + * memory rather than cause random crashes of the main program. + */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ERR_free_strings(); + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + SSL_COMP_free_compression_methods(); + #endif +-#if OPENSSL_VERSION_NUMBER < 0x10000000L ++#if OPENSSL_VERSION_NUMBER < 0x10000000L || defined(LIBRESSL_VERSION_NUMBER) + ERR_remove_state(0); + #else + ERR_remove_thread_state(NULL); +@@ -120,7 +120,7 @@ tls_t *tls_new(xmpp_conn_t *conn) + /* Trust server's certificate when user sets the flag explicitly. */ + mode = conn->tls_trust ? SSL_VERIFY_NONE : SSL_VERIFY_PEER; + SSL_set_verify(tls->ssl, mode, 0); +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L || !defined(LIBRESSL_VERSION_NUMBER) + /* Hostname verification is supported in OpenSSL 1.0.2 and newer. */ + X509_VERIFY_PARAM *param = SSL_get0_param(tls->ssl); +