- update to 3.4.5
- adopt libressl patches from OpenBSD
This commit is contained in:
@@ -2,7 +2,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME= postfix
|
||||
DISTVERSION= 3.3.4
|
||||
DISTVERSION= 3.4.5
|
||||
PORTREVISION?= 0
|
||||
PORTEPOCH= 1
|
||||
CATEGORIES= mail ipv6
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
TIMESTAMP = 1553957353
|
||||
SHA256 (postfix/postfix-3.3.4.tar.gz) = 847818bb82d0d7e83303a30206330b5d6bd035bbbb0086782cd87dcb8ac99bd3
|
||||
SIZE (postfix/postfix-3.3.4.tar.gz) = 4429964
|
||||
TIMESTAMP = 1553956821
|
||||
SHA256 (postfix/postfix-3.4.5.tar.gz) = 8b2ba54f9d2a049582a0ed3ee2dbe96ba57e278feea9cb4f80e1a61844e6319f
|
||||
SIZE (postfix/postfix-3.4.5.tar.gz) = 4581301
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
--- makedefs.orig 2018-02-03 17:20:46 UTC
|
||||
--- makedefs.orig 2019-03-10 23:42:59 UTC
|
||||
+++ makedefs
|
||||
@@ -287,6 +287,33 @@ case "$SYSTEM.$RELEASE" in
|
||||
@@ -298,6 +298,33 @@ case "$SYSTEM.$RELEASE" in
|
||||
: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
|
||||
: ${PLUGIN_LD="${CC} -shared"}
|
||||
;;
|
||||
|
||||
@@ -1,54 +0,0 @@
|
||||
# PR: 220224 fix build against mysql 8.x
|
||||
#
|
||||
# from https://dev.mysql.com/doc/refman/5.7/en/mysql-options.html
|
||||
# o MYSQL_OPT_SSL_VERIFY_SERVER_CERT (argument type: my_bool *)
|
||||
# This option is deprecated as of MySQL 5.7.11 and is removed in MySQL 8.0.
|
||||
# Instead, use MYSQL_OPT_SSL_MODE with a value of SSL_MODE_VERIFY_IDENTITY.
|
||||
#
|
||||
--- src/global/dict_mysql.c.orig 2017-02-19 01:58:20 UTC
|
||||
+++ src/global/dict_mysql.c
|
||||
@@ -198,6 +198,14 @@
|
||||
|
||||
#include "dict_mysql.h"
|
||||
|
||||
+/* MySQL 8.x API change */
|
||||
+
|
||||
+#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 50023
|
||||
+#define DICT_MYSQL_SSL_VERIFY_SERVER_CERT MYSQL_OPT_SSL_VERIFY_SERVER_CERT
|
||||
+#elif MYSQL_VERSION_ID >= 80000
|
||||
+#define DICT_MYSQL_SSL_VERIFY_SERVER_CERT MYSQL_OPT_SSL_MODE
|
||||
+#endif
|
||||
+
|
||||
/* need some structs to help organize things */
|
||||
typedef struct {
|
||||
MYSQL *db;
|
||||
@@ -237,7 +245,7 @@ typedef struct {
|
||||
char *tls_CAfile;
|
||||
char *tls_CApath;
|
||||
char *tls_ciphers;
|
||||
-#if MYSQL_VERSION_ID >= 50023
|
||||
+#if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT)
|
||||
int tls_verify_cert;
|
||||
#endif
|
||||
#endif
|
||||
@@ -656,9 +664,9 @@ static void plmysql_connect_single(DICT_
|
||||
dict_mysql->tls_key_file, dict_mysql->tls_cert_file,
|
||||
dict_mysql->tls_CAfile, dict_mysql->tls_CApath,
|
||||
dict_mysql->tls_ciphers);
|
||||
-#if MYSQL_VERSION_ID >= 50023
|
||||
+#if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT)
|
||||
if (dict_mysql->tls_verify_cert != -1)
|
||||
- mysql_options(host->db, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
|
||||
+ mysql_options(host->db, DICT_MYSQL_SSL_VERIFY_SERVER_CERT,
|
||||
&dict_mysql->tls_verify_cert);
|
||||
#endif
|
||||
#endif
|
||||
@@ -723,7 +731,7 @@ static void mysql_parse_config(DICT_MYSQ
|
||||
dict_mysql->tls_CAfile = cfg_get_str(p, "tls_CAfile", NULL, 0, 0);
|
||||
dict_mysql->tls_CApath = cfg_get_str(p, "tls_CApath", NULL, 0, 0);
|
||||
dict_mysql->tls_ciphers = cfg_get_str(p, "tls_ciphers", NULL, 0, 0);
|
||||
-#if MYSQL_VERSION_ID >= 50023
|
||||
+#if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT)
|
||||
dict_mysql->tls_verify_cert = cfg_get_bool(p, "tls_verify_cert", -1);
|
||||
#endif
|
||||
#endif
|
||||
@@ -1,6 +1,6 @@
|
||||
--- src/posttls-finger/posttls-finger.c.orig 2016-08-27 20:27:50 UTC
|
||||
--- src/posttls-finger/posttls-finger.c.orig 2019-02-12 13:17:45 UTC
|
||||
+++ src/posttls-finger/posttls-finger.c
|
||||
@@ -1511,7 +1511,8 @@ static int finger(STATE *state)
|
||||
@@ -1673,7 +1673,8 @@ static int finger(STATE *state)
|
||||
return (0);
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
/* ssl_cleanup - free memory allocated in the OpenSSL library */
|
||||
|
||||
@@ -1958,7 +1959,8 @@ int main(int argc, char *argv[])
|
||||
@@ -2156,7 +2157,8 @@ int main(int argc, char *argv[])
|
||||
cleanup(&state);
|
||||
|
||||
/* OpenSSL 1.1.0 and later (de)initialization is implicit */
|
||||
|
||||
@@ -1,25 +0,0 @@
|
||||
$OpenBSD: patch-src_tls_tls_h,v 1.2 2017/03/04 22:09:43 sthen Exp $
|
||||
|
||||
Fix building with LibreSSL
|
||||
|
||||
--- src/tls/tls.h.orig 2017-01-01 22:22:13 UTC
|
||||
+++ src/tls/tls.h
|
||||
@@ -89,7 +89,7 @@ extern const char *str_tls_level(int);
|
||||
#endif
|
||||
|
||||
/* Backwards compatibility with OpenSSL < 1.1.0 */
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
#define OpenSSL_version_num SSLeay
|
||||
#define OpenSSL_version SSLeay_version
|
||||
#define OPENSSL_VERSION SSLEAY_VERSION
|
||||
@@ -104,6 +104,9 @@ extern const char *str_tls_level(int);
|
||||
#define ASN1_STRING_get0_data ASN1_STRING_data
|
||||
#define X509_getm_notBefore X509_get_notBefore
|
||||
#define X509_getm_notAfter X509_get_notAfter
|
||||
+#endif
|
||||
+
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
#define TLS_method SSLv23_method
|
||||
#define TLS_client_method SSLv23_client_method
|
||||
#define TLS_server_method SSLv23_server_method
|
||||
11
mail/postfix/files/patch-src_tls_tls__certkey.c
Normal file
11
mail/postfix/files/patch-src_tls_tls__certkey.c
Normal file
@@ -0,0 +1,11 @@
|
||||
--- src/tls/tls_certkey.c.orig 2019-03-07 23:57:10 UTC
|
||||
+++ src/tls/tls_certkey.c
|
||||
@@ -144,7 +144,7 @@ static void init_pem_load_state(pem_load
|
||||
|
||||
/* use_chain - load cert, key and chain into ctx or ssl */
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fUL
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fUL && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
static int use_chain(pem_load_state_t *st)
|
||||
{
|
||||
int ret;
|
||||
@@ -1,11 +0,0 @@
|
||||
--- src/tls/tls_client.c.orig 2016-08-27 20:27:50 UTC
|
||||
+++ src/tls/tls_client.c
|
||||
@@ -299,7 +299,7 @@ TLS_APPL_STATE *tls_client_init(const TL
|
||||
*/
|
||||
tls_check_version();
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
|
||||
/*
|
||||
* Initialize the OpenSSL library by the book! To start with, we must
|
||||
@@ -1,11 +0,0 @@
|
||||
--- src/tls/tls_dane.c.orig 2016-08-27 20:27:50 UTC
|
||||
+++ src/tls/tls_dane.c
|
||||
@@ -2163,7 +2163,7 @@ static SSL_CTX *ctx_init(const char *CAf
|
||||
tls_param_init();
|
||||
tls_check_version();
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
SSL_load_error_strings();
|
||||
SSL_library_init();
|
||||
#endif
|
||||
@@ -1,15 +0,0 @@
|
||||
$OpenBSD: patch-src_tls_tls_dh_c,v 1.1 2017/03/04 22:09:43 sthen Exp $
|
||||
|
||||
Fix building with LibreSSL
|
||||
|
||||
--- src/tls/tls_dh.c.orig 2016-12-26 23:47:24 UTC
|
||||
+++ src/tls/tls_dh.c
|
||||
@@ -314,7 +314,7 @@ void tls_auto_eecdh_curves(SSL_CTX *c
|
||||
* This is a NOP in OpenSSL 1.1.0 and later, where curves are always
|
||||
* auto-negotiated.
|
||||
*/
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000UL
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL || defined(LIBRESSL_VERSION_NUMBER)
|
||||
if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0) {
|
||||
msg_warn("failed to enable automatic ECDHE curve selection");
|
||||
tls_print_errors();
|
||||
@@ -1,6 +1,6 @@
|
||||
--- src/tls/tls_server.c.orig 2018-11-17 22:33:15 UTC
|
||||
--- src/tls/tls_server.c.orig 2019-02-18 23:03:54 UTC
|
||||
+++ src/tls/tls_server.c
|
||||
@@ -517,7 +517,9 @@ TLS_APPL_STATE *tls_server_init(const TL
|
||||
@@ -518,7 +518,9 @@ TLS_APPL_STATE *tls_server_init(const TL
|
||||
* ticket decryption callback already (since 2.11) asks OpenSSL to
|
||||
* avoid issuing new tickets when the presented ticket is re-usable.
|
||||
*/
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
--- src/util/sys_defs.h.orig 2017-06-18 19:30:20 UTC
|
||||
--- src/util/sys_defs.h.orig 2019-03-10 16:58:04 UTC
|
||||
+++ src/util/sys_defs.h
|
||||
@@ -30,6 +30,7 @@
|
||||
@@ -30,7 +30,7 @@
|
||||
#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
|
||||
|| defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \
|
||||
|| defined(FREEBSD8) || defined(FREEBSD9) || defined(FREEBSD10) \
|
||||
- || defined(FREEBSD11) \
|
||||
+ || defined(FREEBSD11) || defined(FREEBSD12) || defined(FREEBSD13) \
|
||||
|| defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
|
||||
|| defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \
|
||||
|
||||
@@ -61,6 +61,7 @@ libexec/postfix/postfix-files
|
||||
libexec/postfix/postfix-script
|
||||
libexec/postfix/postfix-tls-script
|
||||
libexec/postfix/postfix-wrapper
|
||||
libexec/postfix/postlogd
|
||||
libexec/postfix/postmulti-script
|
||||
libexec/postfix/postscreen
|
||||
libexec/postfix/proxymap
|
||||
@@ -137,6 +138,7 @@ libexec/postfix/virtual
|
||||
%%BMAN%%man/man8/oqmgr.8.gz
|
||||
%%BMAN%%man/man8/pickup.8.gz
|
||||
%%BMAN%%man/man8/pipe.8.gz
|
||||
%%BMAN%%man/man8/postlogd.8.gz
|
||||
%%BMAN%%man/man8/postscreen.8.gz
|
||||
%%BMAN%%man/man8/proxymap.8.gz
|
||||
%%BMAN%%man/man8/qmgr.8.gz
|
||||
|
||||
Reference in New Issue
Block a user