Jonathon Sisson wrote: > It appears my previous diff was missing a patch that was added, so > make package failed as files were placed incorrectly in fake-amd64. > > New patch revision (using cvs diff) below.
Thanks for the updated diff. It applies now cleanly. Following comments: - patch-src_channel_c is not necessary ch_src and ch_dst are always set when ch_itr is not NULL; otherwise the program exits (via Log_fatal()). - patch-src_client_c has an unnecessary include sys/types.h is not needed. - patch-src_messages_c is not necessary `len` gets initialized in all switch cases besides `default`; in the default case 0 is returned without accessing `len`. - patch-src_server_c has a wrong comment ---8<------------------------------------------- commit d723b45fc42e04b9179ba29c65efc9484ec2924c Author: Patrick Mooney <pmoo...@pfmooney.com> Date: Sun Feb 21 02:11:34 2016 -0600 Fix size of value passed to setsockopt ---8<------------------------------------------- https://github.com/umurmur/umurmur/commit/d723b45fc42e04b9179ba29c65efc9484ec2924c has nothing to do with the patch in the OpenBSD ports tree. - patch-src_ssli_openssl_c should be removed The comment is wrong. Moreover, the patch reverts upstream commit https://github.com/umurmur/umurmur/commit/d23e27088431fbd43de45f03f85b1d516b9dc82a Works fine for me on amd64 with these changes. Anyone willing to OK this update? I'd like to commit it. Best regards, Ingo Index: Makefile =================================================================== RCS file: /cvs/ports/audio/umurmur/Makefile,v retrieving revision 1.25 diff -u -p -r1.25 Makefile --- Makefile 12 Jul 2019 20:43:42 -0000 1.25 +++ Makefile 19 Jul 2019 19:27:44 -0000 @@ -4,8 +4,7 @@ COMMENT = minimalistic Mumble server GH_ACCOUNT = fatbob313 GH_PROJECT = umurmur -GH_TAGNAME = 0.2.16a -REVISION = 6 +GH_TAGNAME = 0.2.17 CATEGORIES = audio HOMEPAGE = https://umurmur.net/ Index: distinfo =================================================================== RCS file: /cvs/ports/audio/umurmur/distinfo,v retrieving revision 1.10 diff -u -p -r1.10 distinfo --- distinfo 10 Jul 2015 17:30:29 -0000 1.10 +++ distinfo 19 Jul 2019 19:27:44 -0000 @@ -1,2 +1,2 @@ -SHA256 (umurmur-0.2.16a.tar.gz) = 1k3493zqpJUdfyrbstzBc4QdHjh+9M0ggsQhUKhDSaU= -SIZE (umurmur-0.2.16a.tar.gz) = 91187 +SHA256 (umurmur-0.2.17.tar.gz) = 53t7ZhZ2j0ocB0Qq/kmncmkvZnsAwjzIWQnU3QziBtI= +SIZE (umurmur-0.2.17.tar.gz) = 93786 Index: patches/patch-CMakeLists_txt =================================================================== RCS file: /cvs/ports/audio/umurmur/patches/patch-CMakeLists_txt,v retrieving revision 1.2 diff -u -p -r1.2 patch-CMakeLists_txt --- patches/patch-CMakeLists_txt 12 Jun 2015 09:50:42 -0000 1.2 +++ patches/patch-CMakeLists_txt 19 Jul 2019 19:27:44 -0000 @@ -1,47 +1,25 @@ -$OpenBSD: patch-CMakeLists_txt,v 1.2 2015/06/12 09:50:42 dcoppa Exp $ ---- CMakeLists.txt.orig Tue Apr 7 12:01:12 2015 -+++ CMakeLists.txt Fri Jun 12 11:32:59 2015 -@@ -57,18 +57,13 @@ elseif("${SSL}" STREQUAL "gnutls") - endif(NETTLE_FOUND) - endif("${SSL}" STREQUAL "openssl") - --check_library_exists(rt clock_gettime "time.h" HAVE_CLOCK_GETTIME_RT) -+check_function_exists(clock_gettime HAVE_CLOCK_GETTIME) - --if(NOT HAVE_CLOCK_GETTIME_RT) -- check_function_exists(clock_gettime HAVE_CLOCK_GETTIME) -- if(NOT HAVE_CLOCK_GETTIME) -- check_library_exists(c clock_get_time "mach/time.h" HAVE_CLOCK_GET_TIME) -- if(NOT HAVE_CLOCK_GET_TIME) -- message(FATAL_ERROR "Didn't find clock_gettime() or clock_get_time()!") -- endif() -+if(NOT HAVE_CLOCK_GETTIME) -+ check_library_exists(c clock_get_time "mach/time.h" HAVE_CLOCK_GET_TIME) -+ if(NOT HAVE_CLOCK_GET_TIME) -+ message(FATAL_ERROR "Didn't find clock_gettime() or clock_get_time()!") - endif() --else() -- set(LIBRT rt) - endif() - - if(USE_SHAREDMEMORY_API) -@@ -90,16 +85,15 @@ add_subdirectory(src) - configure_file(src/config.h.in ${CMAKE_SOURCE_DIR}/src/config.h) - - include_directories(${LIBCONFIG_INCLUDE_DIR} ${PROTOBUFC_INCLUDE_DIR} ${SSLIMP_INCLUDE_DIR}) --link_directories(${LIBCONFIG_LIB_DIR} ${PROTOBUFC_LIB_DIR} ${SSLIMP_LIB_DIR}) - - add_executable(${PROJECT_NAME} ${SOURCE}) --install(TARGETS ${PROJECT_NAME} RUNTIME DESTINATION "bin") -+install(TARGETS ${PROJECT_NAME} RUNTIME DESTINATION "sbin") - - find_path(OLD_CONFIG_FILE NAMES "umurmur.conf" PATHS ${CMAKE_INSTALL_PREFIX} PATH_SUFFIXES "etc") - if(NOT OLD_CONFIG_FILE) +$OpenBSD$ + +Index: CMakeLists.txt +--- CMakeLists.txt.orig ++++ CMakeLists.txt +@@ -3,7 +3,7 @@ project(umurmurd C) + + set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/Modules/") + set(CMAKE_INSTALL_RPATH_USE_LINK_PATH true) +-set(UMURMUR_BINARY_DIR "${CMAKE_BINARY_DIR}/bin") ++set(UMURMUR_BINARY_DIR "${CMAKE_BINARY_DIR}/sbin") + set(CMAKE_RUNTIME_OUTPUT_DIRECTORY "${UMURMUR_BINARY_DIR}") + + if(NOT CMAKE_BUILD_TYPE) +@@ -24,9 +24,5 @@ find_package(ProtobufC REQUIRED) + + add_subdirectory(src) + +-find_path(OLD_CONFIG_FILE NAMES "umurmur.conf" PATHS ${CMAKE_INSTALL_PREFIX} PATH_SUFFIXES "etc") +- +-if(NOT OLD_CONFIG_FILE) - install(FILES "umurmur.conf.example" DESTINATION "etc" RENAME "umurmur.conf") -+ install(FILES "umurmur.conf.example" DESTINATION "share/examples/umurmur" RENAME "umurmur.conf") - endif(NOT OLD_CONFIG_FILE) - - add_definitions(${SSLIMP_CFLAGS}) +-endif() ++install(FILES "umurmur.conf.example" DESTINATION "share/examples/umurmur" RENAME "umurmur.conf") --target_link_libraries(${PROJECT_NAME} ${LIBCONFIG_LIBRARIES} ${PROTOBUFC_LIBRARIES} ${SSLIMP_LIBRARIES} ${LIBRT} ${CRYPTO_LIBRARIES}) -+target_link_libraries(${PROJECT_NAME} ${LIBCONFIG_LIBRARIES} ${PROTOBUFC_LIBRARIES} ${SSLIMP_LIBRARIES} ${CRYPTO_LIBRARIES}) Index: patches/patch-src_CMakeLists_txt =================================================================== RCS file: patches/patch-src_CMakeLists_txt diff -N patches/patch-src_CMakeLists_txt --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_CMakeLists_txt 19 Jul 2019 19:27:44 -0000 @@ -0,0 +1,11 @@ +$OpenBSD$ + +Index: src/CMakeLists.txt +--- src/CMakeLists.txt.orig ++++ src/CMakeLists.txt +@@ -50,4 +50,4 @@ target_link_libraries(${PROJECT_NAME} + ${LIBRT} + ${CRYPTO_LIBRARIES}) + +-install(TARGETS ${PROJECT_NAME} RUNTIME DESTINATION "bin") ++install(TARGETS ${PROJECT_NAME} RUNTIME DESTINATION "sbin") Index: patches/patch-src_channel_c =================================================================== RCS file: patches/patch-src_channel_c diff -N patches/patch-src_channel_c --- patches/patch-src_channel_c 10 Jul 2015 17:30:30 -0000 1.5 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,37 +0,0 @@ -$OpenBSD: patch-src_channel_c,v 1.5 2015/07/10 17:30:30 dcoppa Exp $ - -commit c2eec4582ad6f5f759d8b9a3c7f9bf78aa59f656 -Author: Felix Morgner <felix.morg...@gmail.com> -Date: Mon Jul 6 11:20:34 2015 +0200 - -Fixed mutiple possible null-pointer derefences - ---- src/channel.c.orig Sat Jun 20 00:58:46 2015 -+++ src/channel.c Fri Jul 10 19:01:06 2015 -@@ -195,7 +195,7 @@ void Chan_init() - - /* Channel links */ - for (i = 0; ; i++) { -- channel_t *ch_src, *ch_dst, *ch_itr = NULL; -+ channel_t *ch_src = NULL, *ch_dst = NULL, *ch_itr = NULL; - channellist_t *chl; - if (Conf_getNextChannelLink(&chlink, i) < 0) { - if (i == 0) -@@ -223,6 +223,8 @@ void Chan_init() - ch_dst = ch_itr; - - chl = malloc(sizeof(channellist_t)); -+ if(!chl) -+ Log_fatal("Out of memory"); - chl->chan = ch_dst; - init_list_entry(&chl->node); - list_add_tail(&chl->node, &ch_src->channel_links); -@@ -381,6 +383,8 @@ void Chan_buildTreeList(channel_t *ch, struct dlist *h - channel_t *sub; - - chl = malloc(sizeof(channellist_t)); -+ if(!chl) -+ Log_fatal("Out of memory"); - chl->chan = ch; - init_list_entry(&chl->node); - list_add_tail(&chl->node, head); Index: patches/patch-src_client_c =================================================================== RCS file: /cvs/ports/audio/umurmur/patches/patch-src_client_c,v retrieving revision 1.7 diff -u -p -r1.7 patch-src_client_c --- patches/patch-src_client_c 12 Jun 2015 09:50:42 -0000 1.7 +++ patches/patch-src_client_c 19 Jul 2019 19:27:44 -0000 @@ -1,15 +1,8 @@ $OpenBSD: patch-src_client_c,v 1.7 2015/06/12 09:50:42 dcoppa Exp $ ---- src/client.c.orig Tue Apr 7 12:01:12 2015 -+++ src/client.c Fri Jun 12 11:05:38 2015 -@@ -28,6 +28,7 @@ - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -+#include <sys/types.h> - #include <sys/poll.h> - #include <sys/socket.h> - #include <fcntl.h> -@@ -203,7 +204,7 @@ void Client_token_free(client_t *client) +Index: src/client.c +--- src/client.c.orig ++++ src/client.c +@@ -200,7 +200,7 @@ void Client_token_free(client_t *client) void recheckCodecVersions(client_t *connectingClient) { client_t *client_itr = NULL; @@ -18,7 +11,7 @@ $OpenBSD: patch-src_client_c,v 1.7 2015/ int users = 0, opus = 0; message_t *sendmsg; struct dlist codec_list, *itr, *save; -@@ -686,7 +687,7 @@ void Client_textmessage(client_t *client, char *text) +@@ -676,7 +676,7 @@ void Client_textmessage(client_t *client, char *text) sendmsg->payload.textMessage->message = message; sendmsg->payload.textMessage->n_tree_id = 1; sendmsg->payload.textMessage->tree_id = tree_id; Index: patches/patch-src_config_h_in =================================================================== RCS file: /cvs/ports/audio/umurmur/patches/patch-src_config_h_in,v retrieving revision 1.2 diff -u -p -r1.2 patch-src_config_h_in --- patches/patch-src_config_h_in 12 Jun 2015 09:50:42 -0000 1.2 +++ patches/patch-src_config_h_in 19 Jul 2019 19:27:44 -0000 @@ -1,7 +1,8 @@ $OpenBSD: patch-src_config_h_in,v 1.2 2015/06/12 09:50:42 dcoppa Exp $ ---- src/config.h.in.orig Tue Apr 7 12:01:12 2015 -+++ src/config.h.in Fri Jun 12 11:11:45 2015 -@@ -8,6 +8,6 @@ +Index: src/config.h.in +--- src/config.h.in.orig ++++ src/config.h.in +@@ -11,6 +11,6 @@ #cmakedefine USE_SHAREDMEMORY_API Index: patches/patch-src_messagehandler_c =================================================================== RCS file: /cvs/ports/audio/umurmur/patches/patch-src_messagehandler_c,v retrieving revision 1.7 diff -u -p -r1.7 patch-src_messagehandler_c --- patches/patch-src_messagehandler_c 10 Jul 2015 17:30:30 -0000 1.7 +++ patches/patch-src_messagehandler_c 19 Jul 2019 19:27:44 -0000 @@ -1,24 +1,9 @@ $OpenBSD: patch-src_messagehandler_c,v 1.7 2015/07/10 17:30:30 dcoppa Exp $ -commit c2eec4582ad6f5f759d8b9a3c7f9bf78aa59f656 -Author: Felix Morgner <felix.morg...@gmail.com> -Date: Mon Jul 6 11:20:34 2015 +0200 - -Fixed mutiple possible null-pointer derefences - ---- src/messagehandler.c.orig Sat Jun 20 00:58:46 2015 -+++ src/messagehandler.c Fri Jul 10 18:47:15 2015 -@@ -285,6 +285,9 @@ void Mh_handle_message(client_t *client, message_t *ms - sendmsg->payload.channelState->n_links = ch_itr->linkcount; - - links = (uint32_t *)malloc(ch_itr->linkcount * sizeof(uint32_t)); -+ if(!links) -+ Log_fatal("Out of memory"); -+ - list_iterate(itr, &ch_itr->channel_links) { /* Iterate links */ - channellist_t *chl; - channel_t *ch; -@@ -507,9 +510,9 @@ void Mh_handle_message(client_t *client, message_t *ms +Index: src/messagehandler.c +--- src/messagehandler.c.orig ++++ src/messagehandler.c +@@ -506,9 +506,9 @@ void Mh_handle_message(client_t *client, message_t *ms sendmsg->payload.textMessage->n_tree_id = 1; sendmsg->payload.textMessage->tree_id = tree_id; if (client->recording) Index: patches/patch-src_messages_c =================================================================== RCS file: patches/patch-src_messages_c diff -N patches/patch-src_messages_c --- patches/patch-src_messages_c 4 Sep 2014 12:33:27 -0000 1.4 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,12 +0,0 @@ -$OpenBSD: patch-src_messages_c,v 1.4 2014/09/04 12:33:27 dcoppa Exp $ ---- src/messages.c.orig Fri Aug 8 08:37:03 2014 -+++ src/messages.c Thu Sep 4 11:16:15 2014 -@@ -68,7 +68,7 @@ static void Msg_getPreamble(uint8_t *buffer, int *type - #define MAX_MSGSIZE (BUFSIZE - PREAMBLE_SIZE) - int Msg_messageToNetwork(message_t *msg, uint8_t *buffer) - { -- int len; -+ int len = 0; - uint8_t *bufptr = buffer + PREAMBLE_SIZE; - - Log_debug("To net: msg type %d", msg->messageType); Index: patches/patch-src_server_c =================================================================== RCS file: /cvs/ports/audio/umurmur/patches/patch-src_server_c,v retrieving revision 1.5 diff -u -p -r1.5 patch-src_server_c --- patches/patch-src_server_c 24 May 2016 09:13:14 -0000 1.5 +++ patches/patch-src_server_c 19 Jul 2019 19:27:44 -0000 @@ -1,40 +1,9 @@ $OpenBSD: patch-src_server_c,v 1.5 2016/05/24 09:13:14 dcoppa Exp $ -commit c2eec4582ad6f5f759d8b9a3c7f9bf78aa59f656 -Author: Felix Morgner <felix.morg...@gmail.com> -Date: Mon Jul 6 11:20:34 2015 +0200 - -Fixed mutiple possible null-pointer derefences - -commit 71893121fbce7762f5cd9e6a98c4ead7e5cd6211 -Author: Omri Mor <omr...@gmail.com> -Date: Sun Jul 12 12:34:18 2015 +0300 - -Null pointer references - -commit d723b45fc42e04b9179ba29c65efc9484ec2924c -Author: Patrick Mooney <pmoo...@pfmooney.com> -Date: Sun Feb 21 02:11:34 2016 -0600 - -Fix size of value passed to setsockopt - ---- src/server.c.orig Sat Jun 20 00:58:46 2015 -+++ src/server.c Tue May 24 10:20:55 2016 -@@ -95,15 +95,22 @@ void checkIPversions() - struct sockaddr_storage** Server_setupAddressesAndPorts() - { - struct sockaddr_storage** addresses = calloc(2, sizeof(void*)); -+ if(!addresses) -+ Log_fatal("Not enough memory to allocate addresses"); - - struct sockaddr_storage* v4address = calloc(1, sizeof(struct sockaddr_storage)); -+ if(!v4address) -+ Log_fatal("Not enough memory to allocate IPv4 address"); - v4address->ss_family = AF_INET; -+ - struct sockaddr_storage* v6address = calloc(1, sizeof(struct sockaddr_storage)); -+ if(!v6address) -+ Log_fatal("Not enough memory to allocate IPv6 address"); +Index: src/server.c +--- src/server.c.orig ++++ src/server.c +@@ -103,8 +103,8 @@ struct sockaddr_storage** Server_setupAddressesAndPort v6address->ss_family = AF_INET6; #if defined(__NetBSD__) || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__APPLE__) @@ -45,12 +14,3 @@ Fix size of value passed to setsockopt #endif int error = 0; -@@ -208,7 +215,7 @@ void Server_runLoop(struct pollfd* pollfds) - - void Server_setupTCPSockets(struct sockaddr_storage* addresses[2], struct pollfd* pollfds) - { -- uint8_t yes = 1; -+ int yes = 1; - int sockets[2]; - - if (hasv4) { Index: patches/patch-src_ssli_openssl_c =================================================================== RCS file: patches/patch-src_ssli_openssl_c diff -N patches/patch-src_ssli_openssl_c --- patches/patch-src_ssli_openssl_c 24 May 2016 09:13:14 -0000 1.3 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,203 +0,0 @@ -$OpenBSD: patch-src_ssli_openssl_c,v 1.3 2016/05/24 09:13:14 dcoppa Exp $ - -commit 82e80f8f18cbb6fed903621751ba9751dc2b80a2 -Author: Felix Morgner <felix.morg...@gmail.com> -Date: Sun Jul 12 15:01:07 2015 +0200 - -Use different API for reading TLS cert (fixes #64) - -The OpenSSL TLS backend now reads the certificate file using -SSL_CTX_use_certificate_chain_file(...) so that concatenated -certificate files containing a verification chain are read correctly. - -commit c72ebd29f239793218f2248c3f8b48a7b3e0a541 -Author: Felix Morgner <felix.morg...@gmail.com> -Date: Sun Mar 6 23:40:45 2016 +0100 - -Upgrade TLS suites for GnuTLS, mbedTLS and OpenSSL - -I could not figure out whether or not PolarSSL, which is technically -now mbedTLS, does support ECDHE suites. I currently have no access to -PolarSSL myself. It would be great if somebody could figure that one -out. Relates to #82, fixes #84 and #77. - ---- src/ssli_openssl.c.orig Sat Jun 20 00:58:46 2015 -+++ src/ssli_openssl.c Tue May 24 10:19:22 2016 -@@ -48,6 +48,8 @@ static RSA *rsa; - static SSL_CTX *context; - static EVP_PKEY *pkey; - -+static char const * ciphers = "EECDH+AESGCM:AES256-SHA:AES128-SHA"; -+ - static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx); - - static int SSL_add_ext(X509 * crt, int nid, char *value) { -@@ -154,106 +156,86 @@ static void SSL_writekey(char *keyfile, RSA *rsa) - - static void SSL_initializeCert() { - -- char *crt, *key, *pass; -+ char *crt = (char *)getStrConf(CERTIFICATE); -+ char *key = (char *)getStrConf(KEY); - -- crt = (char *)getStrConf(CERTIFICATE); -- key = (char *)getStrConf(KEY); -- pass = (char *)getStrConf(PASSPHRASE); -+ if (context) { -+ bool_t did_load_cert = SSL_CTX_use_certificate_chain_file(context, crt); -+ rsa = SSL_readprivatekey(key); - -- x509 = SSL_readcert(crt); -- rsa = SSL_readprivatekey(key); -- if (rsa != NULL) { -- pkey = EVP_PKEY_new(); -- EVP_PKEY_assign_RSA(pkey, rsa); -- } -+ if (!rsa || !did_load_cert) { -+ Log_info("Generating new server certificate."); - - --#if 0 -- /* Later ... */ -- if (key && !x509) { -- qscCert = QSslCertificate(key); -- if (! qscCert.isNull()) { -- logthis("Using certificate from key."); -- } -- } -+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - -- if (! qscCert.isNull()) { -- QSsl::KeyAlgorithm alg = qscCert.publicKey().algorithm(); -- /* Fetch algorith from cert */ -- if (! key.isEmpty()) { -- /* get key */ -- qskKey = QSslKey(key, alg, QSsl::Pem, QSsl::PrivateKey, pass); -- if (qskKey.isNull()) { -- logthis("Failed to parse key."); -- } -- } -+ x509 = X509_new(); -+ pkey = EVP_PKEY_new(); -+ rsa = RSA_generate_key(4096,RSA_F4,NULL,NULL); -+ EVP_PKEY_assign_RSA(pkey, rsa); - -- if (! crt.isEmpty() && qskKey.isNull()) { -- /* get key from certificate */ -- qskKey = QSslKey(crt, alg, QSsl::Pem, QSsl::PrivateKey, pass); -- if (! qskKey.isNull()) { -- logthis("Using key from certificate."); -- } -- } -+ X509_set_version(x509, 2); -+ ASN1_INTEGER_set(X509_get_serialNumber(x509),1); -+ X509_gmtime_adj(X509_get_notBefore(x509),0); -+ X509_gmtime_adj(X509_get_notAfter(x509),60*60*24*365); -+ X509_set_pubkey(x509, pkey); - -- } --#endif -+ X509_NAME *name=X509_get_subject_name(x509); - -- if (!rsa || !x509) { -- Log_info("Generating new server certificate."); -+ X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (const uint8_t *)"Murmur Autogenerated Certificate v2", -1, -1, 0); -+ X509_set_issuer_name(x509, name); -+ SSL_add_ext(x509, NID_basic_constraints, "critical,CA:FALSE"); -+ SSL_add_ext(x509, NID_ext_key_usage, "serverAuth,clientAuth"); -+ SSL_add_ext(x509, NID_subject_key_identifier, "hash"); -+ SSL_add_ext(x509, NID_netscape_comment, "Generated from umurmur"); - -+ X509_sign(x509, pkey, EVP_md5()); - -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); -+ SSL_writecert(crt, x509); -+ SSL_writekey(key, rsa); - -- x509 = X509_new(); -- pkey = EVP_PKEY_new(); -- rsa = RSA_generate_key(1024,RSA_F4,NULL,NULL); -- EVP_PKEY_assign_RSA(pkey, rsa); -+ SSL_CTX_use_certificate(context, x509); -+ } else { -+ pkey = EVP_PKEY_new(); -+ EVP_PKEY_assign_RSA(pkey, rsa); -+ } - -- X509_set_version(x509, 2); -- ASN1_INTEGER_set(X509_get_serialNumber(x509),1); -- X509_gmtime_adj(X509_get_notBefore(x509),0); -- X509_gmtime_adj(X509_get_notAfter(x509),60*60*24*365); -- X509_set_pubkey(x509, pkey); -+ SSL_CTX_use_PrivateKey(context, pkey); - -- X509_NAME *name=X509_get_subject_name(x509); -- -- X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (const uint8_t *)"Murmur Autogenerated Certificate v2", -1, -1, 0); -- X509_set_issuer_name(x509, name); -- SSL_add_ext(x509, NID_basic_constraints, "critical,CA:FALSE"); -- SSL_add_ext(x509, NID_ext_key_usage, "serverAuth,clientAuth"); -- SSL_add_ext(x509, NID_subject_key_identifier, "hash"); -- SSL_add_ext(x509, NID_netscape_comment, "Generated from umurmur"); -- -- X509_sign(x509, pkey, EVP_md5()); -- -- SSL_writecert(crt, x509); -- SSL_writekey(key, rsa); -+ } else { -+ Log_fatal("Failed to initialize TLS context."); - } - - } - - void SSLi_init(void) - { -- SSL_METHOD *method; - SSL *ssl; - int i, offset = 0, cipherstringlen = 0; - STACK_OF(SSL_CIPHER) *cipherlist = NULL, *cipherlist_new = NULL; - SSL_CIPHER *cipher; -- char *cipherstring, tempstring[128]; -+ char *cipherstring; - - SSL_library_init(); -- OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */ -- SSL_load_error_strings(); /* load all error messages */ -- ERR_load_crypto_strings(); /* load all error messages */ -- method = SSLv23_server_method(); /* create new server-method instance */ -- context = SSL_CTX_new(method); /* create new context from method */ -+ OpenSSL_add_all_algorithms(); -+ SSL_load_error_strings(); -+ ERR_load_crypto_strings(); -+ -+ context = SSL_CTX_new(SSLv23_server_method()); -+ SSL_CTX_set_options(context, SSL_OP_NO_SSLv2); -+ SSL_CTX_set_options(context, SSL_OP_NO_SSLv3); - if (context == NULL) - { - ERR_print_errors_fp(stderr); - abort(); - } - -+ SSL_CTX_set_cipher_list(context, ciphers); -+ -+ EC_KEY *ecdhkey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); -+ SSL_CTX_set_tmp_ecdh(context, ecdhkey); -+ EC_KEY_free(ecdhkey); -+ - char const * sslCAPath = getStrConf(CAPATH); - if(sslCAPath != NULL) - { -@@ -261,12 +243,6 @@ void SSLi_init(void) - } - - SSL_initializeCert(); -- if (SSL_CTX_use_certificate(context, x509) <= 0) -- Log_fatal("Failed to initialize cert"); -- if (SSL_CTX_use_PrivateKey(context, pkey) <= 0) { -- ERR_print_errors_fp(stderr); -- Log_fatal("Failed to initialize private key"); -- } - - /* Set cipher list */ - ssl = SSL_new(context); Index: patches/patch-umurmur_conf_example =================================================================== RCS file: /cvs/ports/audio/umurmur/patches/patch-umurmur_conf_example,v retrieving revision 1.4 diff -u -p -r1.4 patch-umurmur_conf_example --- patches/patch-umurmur_conf_example 4 Oct 2013 08:25:09 -0000 1.4 +++ patches/patch-umurmur_conf_example 19 Jul 2019 19:27:44 -0000 @@ -1,6 +1,7 @@ $OpenBSD: patch-umurmur_conf_example,v 1.4 2013/10/04 08:25:09 dcoppa Exp $ ---- umurmur.conf.example.orig Sun Jun 9 20:56:17 2013 -+++ umurmur.conf.example Tue Oct 1 14:15:41 2013 +Index: umurmur.conf.example +--- umurmur.conf.example.orig ++++ umurmur.conf.example @@ -1,7 +1,7 @@ max_bandwidth = 48000; welcometext = "Welcome to uMurmur!"; @@ -11,7 +12,7 @@ $OpenBSD: patch-umurmur_conf_example,v 1 password = ""; # admin_password = "test"; # Set to enable admin functionality. # ban_length = 0; # Length in seconds for a ban. Default is 0. 0 = forever. -@@ -17,9 +17,9 @@ max_users = 10; +@@ -18,9 +18,9 @@ max_users = 10; # username and groupname for privilege dropping. # Will attempt to switch user if set.
