[pkgsrc/pkgsrc-2019Q1]: pkgsrc/net/wget Pullup ticket #5971 - requested by leot

[spz <spz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/d00cff607da0
branches:  pkgsrc-2019Q1
changeset: 334680:d00cff607da0
user:      spz <spz%pkgsrc.org@localhost>
date:      Sun Jun 02 10:39:35 2019 +0000

description:
Pullup ticket #5971 - requested by leot
net/wget: security patch

Revisions pulled up:
- net/wget/Makefile                                             1.147
- net/wget/distinfo                                             1.60
- net/wget/patches/patch-src_openssl.c                          1.1

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By:        leot
   Date:                Sun May 26 18:10:49 UTC 2019

   Modified Files:
        pkgsrc/net/wget: Makefile distinfo
   Added Files:
        pkgsrc/net/wget/patches: patch-src_openssl.c

   Log Message:
   wget: Fix https:// handling with OpenSSL 1.1.1

   Backport upstream commit 14e3712b8c39165219fa227bd11f6feae7b09a33
   to fix https:// handling when openssl.cnf file is not found.

   PKGREVISION++


   To generate a diff of this commit:
   cvs rdiff -u -r1.146 -r1.147 pkgsrc/net/wget/Makefile
   cvs rdiff -u -r1.59 -r1.60 pkgsrc/net/wget/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/net/wget/patches/patch-src_openssl.c

diffstat:

 net/wget/Makefile                    |   3 +-
 net/wget/distinfo                    |   3 +-
 net/wget/patches/patch-src_openssl.c |  47 ++++++++++++++++++++++++++++++++++++
 3 files changed, 51 insertions(+), 2 deletions(-)

diffs (76 lines):

diff -r a8ed08cecd7a -r d00cff607da0 net/wget/Makefile
--- a/net/wget/Makefile Sun Jun 02 10:29:38 2019 +0000
+++ b/net/wget/Makefile Sun Jun 02 10:39:35 2019 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.144.2.1 2019/04/10 09:24:20 bsiegert Exp $
+# $NetBSD: Makefile,v 1.144.2.2 2019/06/02 10:39:35 spz Exp $
 
 DISTNAME=      wget-1.20.3
+PKGREVISION=   1
 CATEGORIES=    net
 MASTER_SITES=  ${MASTER_SITE_GNU:=wget/}
 EXTRACT_SUFX=  .tar.lz
diff -r a8ed08cecd7a -r d00cff607da0 net/wget/distinfo
--- a/net/wget/distinfo Sun Jun 02 10:29:38 2019 +0000
+++ b/net/wget/distinfo Sun Jun 02 10:39:35 2019 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.58.2.1 2019/04/10 09:24:20 bsiegert Exp $
+$NetBSD: distinfo,v 1.58.2.2 2019/06/02 10:39:35 spz Exp $
 
 SHA1 (wget-1.20.3.tar.lz) = 021929778956b7d71cf5c4fd98b4c719b293088d
 RMD160 (wget-1.20.3.tar.lz) = 799ac821c7ffde9d2cb3007a6ce4114a66181ce6
 SHA512 (wget-1.20.3.tar.lz) = 95fb064f0d79b0a3178a83322f58a85a3a036fb300ed759eb67a538f0bbacdd552f6cbeb60d63b4f0113e8467d923a5ce7ac5570b7a4ce1733b3dfd559bb33b2
 Size (wget-1.20.3.tar.lz) = 2135272 bytes
 SHA1 (patch-doc_wget.texi) = 6db25b3500ff4617b5ade34d9013b1f9876104f8
+SHA1 (patch-src_openssl.c) = 70abf425c36c48b07fa67f48562fe77c002cc620
diff -r a8ed08cecd7a -r d00cff607da0 net/wget/patches/patch-src_openssl.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/wget/patches/patch-src_openssl.c      Sun Jun 02 10:39:35 2019 +0000
@@ -0,0 +1,47 @@
+$NetBSD: patch-src_openssl.c,v 1.1.2.2 2019/06/02 10:39:35 spz Exp $
+
+Backport upstream commit 14e3712b8c39165219fa227bd11f6feae7b09a33:
+
+src/openssl.c: fix ssl_init for openssl 1.1.1
+
+ssl_init fails with openssl 1.1.1 when openssl.cnf is not found.
+Redundant calls to intialization functions were removed as
+OPENSSL_config takes care of them for openssl versions < 1.1.0.
+For versions > 1.1.0, OPENSSL_init_ssl is preferred.
+
+--- src/openssl.c.orig 2019-04-05 09:58:33.000000000 +0000
++++ src/openssl.c
+@@ -174,7 +174,9 @@ ssl_init (void)
+ #if OPENSSL_VERSION_NUMBER >= 0x00907000
+   if (ssl_true_initialized == 0)
+     {
+-#if OPENSSL_API_COMPAT < 0x10100000L
++#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
++      OPENSSL_init_ssl (OPENSSL_INIT_LOAD_CONFIG | OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
++#else
+       OPENSSL_config (NULL);
+ #endif
+       ssl_true_initialized = 1;
+@@ -194,21 +196,9 @@ ssl_init (void)
+       goto error;
+     }
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x00907000
+-  OPENSSL_load_builtin_modules();
+-#ifndef OPENSSL_NO_ENGINE
+-  ENGINE_load_builtin_engines();
+-#endif
+-  CONF_modules_load_file(NULL, NULL,
+-      CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE);
+-#endif
+-#if OPENSSL_API_COMPAT >= 0x10100000L
+-  OPENSSL_init_ssl(0, NULL);
+-#else
++#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
+   SSL_library_init ();
+   SSL_load_error_strings ();
+-#endif
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+   SSLeay_add_all_algorithms ();
+   SSLeay_add_ssl_algorithms ();
+ #endif