pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kermit: Import from pkgrsc, and flip to alpha
Module Name: pkgsrc-wip
Committed By: Greg Troxel <gdt%lexort.com@localhost>
Pushed By: gdt
Date: Sun Oct 4 13:55:54 2020 +0000
Changeset: 92bae9bd687d1b446e67af327a71b9000f25a92d
Modified Files:
Makefile
Added Files:
kermit/DESCR
kermit/Makefile
kermit/PLIST
kermit/TODO
kermit/distinfo
kermit/files/Makefile
kermit/files/dot.kermrc
kermit/options.mk
kermit/patches/patch-aa
kermit/patches/patch-ab
kermit/patches/patch-ac
kermit/patches/patch-ad
kermit/patches/patch-ae
kermit/patches/patch-af
kermit/patches/patch-ag
kermit/patches/patch-ah
kermit/patches/patch-aj
kermit/patches/patch-ak
kermit/patches/patch-al
kermit/patches/patch-am
kermit/patches/patch-ckcftp.c
kermit/patches/patch-ckcpro.w
kermit/patches/patch-ckupty.c
kermit/patches/patch-ckuus3.c
kermit/patches/patch-ckuus4.c
Log Message:
kermit: Import from pkgrsc, and flip to alpha
This does not build. This is just the current pkgsrc with the
distinfo flipped to the current alpha, with a TODO. I am merely
checkpointing it.
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=92bae9bd687d1b446e67af327a71b9000f25a92d
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
Makefile | 1 +
kermit/DESCR | 6 +
kermit/Makefile | 72 ++++++
kermit/PLIST | 14 ++
kermit/TODO | 7 +
kermit/distinfo | 23 ++
kermit/files/Makefile | 45 ++++
kermit/files/dot.kermrc | 15 ++
kermit/options.mk | 49 ++++
kermit/patches/patch-aa | 88 +++++++
kermit/patches/patch-ab | 568 ++++++++++++++++++++++++++++++++++++++++++
kermit/patches/patch-ac | 12 +
kermit/patches/patch-ad | 12 +
kermit/patches/patch-ae | 65 +++++
kermit/patches/patch-af | 13 +
kermit/patches/patch-ag | 16 ++
kermit/patches/patch-ah | 14 ++
kermit/patches/patch-aj | 13 +
kermit/patches/patch-ak | 24 ++
kermit/patches/patch-al | 391 +++++++++++++++++++++++++++++
kermit/patches/patch-am | 14 ++
kermit/patches/patch-ckcftp.c | 31 +++
kermit/patches/patch-ckcpro.w | 19 ++
kermit/patches/patch-ckupty.c | 40 +++
kermit/patches/patch-ckuus3.c | 15 ++
kermit/patches/patch-ckuus4.c | 29 +++
26 files changed, 1596 insertions(+)
diffs:
diff --git a/Makefile b/Makefile
index 866e581a73..6be0121cee 100644
--- a/Makefile
+++ b/Makefile
@@ -1753,6 +1753,7 @@ SUBDIR+= kea
SUBDIR+= kea-git
SUBDIR+= keama-git
SUBDIR+= keditbookmarks
+SUBDIR+= kermit
SUBDIR+= kfind
SUBDIR+= kgamma5
SUBDIR+= kget
diff --git a/kermit/DESCR b/kermit/DESCR
new file mode 100644
index 0000000000..038170b0da
--- /dev/null
+++ b/kermit/DESCR
@@ -0,0 +1,6 @@
+KERMIT file transfer/terminal emulation utility
+------------------------------------------------------
+
+This is a release of C-Kermit file transfer protocol utility.
+This version supports transfer of un-escaped control characters for
+very fast file transfers with high reliability.
diff --git a/kermit/Makefile b/kermit/Makefile
new file mode 100644
index 0000000000..aec5ee91b1
--- /dev/null
+++ b/kermit/Makefile
@@ -0,0 +1,72 @@
+# $NetBSD: Makefile,v 1.93 2020/04/08 15:22:07 rhialto Exp $
+
+DISTNAME= ckucku305-alpha02
+PKGNAME= kermit-9.0.305a2
+CATEGORIES= comms
+#MASTER_SITES= ftp://ftp.kermitproject.org/kermit/archives/
+MASTER_SITES= http://www.kermitproject.org/ftp/kermit/test/tar/
+
+MAINTAINER= gdt%NetBSD.org@localhost
+HOMEPAGE= http://www.kermitproject.org/
+COMMENT= Network and serial communication, file transfer, and scripting utility
+
+# UNIX C-Kermit 9.0 has been released with the Revised 3-Clause BSD License.
+# http://www.columbia.edu/kermit/licensing.html
+LICENSE= modified-bsd
+
+.include "../../mk/bsd.prefs.mk"
+
+WRKSRC= ${WRKDIR}
+DIST_SUBDIR= ${PKGNAME_NOREV}
+BUILD_DEFS+= KFLAGS LIBS MANINSTALL
+MAKE_ENV+= KFLAGS=${KFLAGS:Q} LIBS=${LIBS:Q}
+MAKE_FILE= makefile
+
+LIBS+= ${BUILDLINK_LDADD.termcap}
+
+#KFLAGS+= -DNODEBUG -DNOOLDMODEMS
+KFLAGS+= ${BUILDLINK_CPPFLAGS}
+LIBS+= ${BUILDLINK_LDFLAGS}
+
+.include "options.mk"
+
+INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 share/doc/kermit
+
+do-install:
+ ${INSTALL_PROGRAM} ${WRKSRC}/wermit ${DESTDIR}${PREFIX}/bin/kermit
+ ${INSTALL_DATA} ${WRKSRC}/*.txt ${DESTDIR}${PREFIX}/share/doc/kermit
+ ${INSTALL_MAN} ${WRKSRC}/ckuker.nr \
+ ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1/kermit.1
+
+.include "../../mk/curses.buildlink3.mk"
+.include "../../mk/termcap.buildlink3.mk"
+
+.if ${OPSYS} == "Darwin"
+. if !empty(OS_VERSION:M??.*)
+BUILD_TARGET_OPSYS= macosx10.6
+. elif !empty(OS_VERSION:M9.*)
+BUILD_TARGET_OPSYS= macosx10.5
+. elif !empty(OS_VERSION:M8.*)
+BUILD_TARGET_OPSYS= macosx10.4
+. elif empty(OS_VERSION:M7.*)
+BUILD_TARGET_OPSYS= macosx103.9
+. else
+BUILD_TARGET_OPSYS= macosx10
+. endif
+.elif ${OPSYS} == "Linux"
+BUILD_TARGET_OPSYS= linux
+MAKE_ENV+= HAVE_LIBCURSES=-l${BUILDLINK_LIBNAME.curses}
+. if ${CURSES_TYPE} == "ncurses"
+MAKE_ENV+= HAVE_CURSES=-DCK_NCURSES
+. else
+MAKE_ENV+= HAVE_CURSES=-DCK_NCURSES
+. endif
+.elif ${OPSYS} == "SunOS"
+BUILD_TARGET_OPSYS= solaris11g
+.else
+BUILD_TARGET_OPSYS= netbsd
+.endif
+
+BUILD_TARGET= ${BUILD_TARGET_OPSYS}${BUILD_TARGET_OPTIONS:ts}
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/kermit/PLIST b/kermit/PLIST
new file mode 100644
index 0000000000..ed1d6575df
--- /dev/null
+++ b/kermit/PLIST
@@ -0,0 +1,14 @@
+@comment $NetBSD: PLIST,v 1.9 2011/08/25 14:54:06 hans Exp $
+bin/kermit
+man/man1/kermit.1
+share/doc/kermit/ckaaaa.txt
+share/doc/kermit/ckc302.txt
+share/doc/kermit/ckcbwr.txt
+share/doc/kermit/ckccfg.txt
+share/doc/kermit/ckcplm.txt
+share/doc/kermit/ckermit70.txt
+share/doc/kermit/ckermit80.txt
+share/doc/kermit/ckermit90.txt
+share/doc/kermit/ckubwr.txt
+share/doc/kermit/ckuins.txt
+share/doc/kermit/ckututor.txt
diff --git a/kermit/TODO b/kermit/TODO
new file mode 100644
index 0000000000..63b5c30fb9
--- /dev/null
+++ b/kermit/TODO
@@ -0,0 +1,7 @@
+- Rebase patches to the alpha
+
+- Rename patch files to modern norms
+
+- File patches upstream
+
+- Test
diff --git a/kermit/distinfo b/kermit/distinfo
new file mode 100644
index 0000000000..c00b7b4e61
--- /dev/null
+++ b/kermit/distinfo
@@ -0,0 +1,23 @@
+$NetBSD: distinfo,v 1.28 2020/07/30 03:03:07 gutteridge Exp $
+
+SHA1 (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 90a3cdc9d5112d752a8637b6a76f6aef7da8a00c
+RMD160 (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 4cd3cc02f6f5367b158f2fabc910e3ab7ffcee6a
+SHA512 (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 017c742d53fa847b844554ce46708a32bee76af2efb092c3149b92f9ef50e0aa03ce52ffe99fc46ebfb7eeda1f4660b9f936d92c48625eda92369496070dd3a1
+Size (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 2545990 bytes
+SHA1 (patch-aa) = fd3a613ce3cd3755a2e3b8baf33df33593713024
+SHA1 (patch-ab) = 280bfca4d44630bc9ec4a9331b650b81c7f80774
+SHA1 (patch-ac) = 62cc9e92f2413a42312d9f6d168ee85664b6aab9
+SHA1 (patch-ad) = 414f61c19185e4a82a8326121c2d9dacfba48077
+SHA1 (patch-ae) = 3cd335d719933fce95c2f5b05e9959d0d1ca06e0
+SHA1 (patch-af) = 2a09f9f933d3c1e6860983d8138ac61f33306ef7
+SHA1 (patch-ag) = cae37680ea5af85f4d2c774fe230f73a1f0be48c
+SHA1 (patch-ah) = 5b2098dfd57f8bd4d107acafaabe1a2c9b97d037
+SHA1 (patch-aj) = 6468e2139639f601de4609db8dff07b8b3a82d82
+SHA1 (patch-ak) = 983583d79abc4fcee1b7e9bf8ae46f184aa7011d
+SHA1 (patch-al) = 616ad10e65b24a04d24ff2556d6362ef3cc64b78
+SHA1 (patch-am) = 8c5acbfefe7b7d11825cc32c4449582b51f6cad9
+SHA1 (patch-ckcftp.c) = 1af977dce79f61c43619186c6a5d2032d7a9a6bd
+SHA1 (patch-ckcpro.w) = 247c1d0e0bcec632c4095c10067757cc40fb3831
+SHA1 (patch-ckupty.c) = fd8966627f3642550750ccd42e3add64a36dae09
+SHA1 (patch-ckuus3.c) = 557e938b36931f7948783116d1c5c2224d51bcbb
+SHA1 (patch-ckuus4.c) = 2204f4c95f8266358b66ac0936ac83ab27bec0c9
diff --git a/kermit/files/Makefile b/kermit/files/Makefile
new file mode 100644
index 0000000000..4e19cde780
--- /dev/null
+++ b/kermit/files/Makefile
@@ -0,0 +1,45 @@
+# $NetBSD: Makefile,v 1.1 2014/06/23 22:25:39 christos Exp $
+
+.include <bsd.own.mk>
+
+WARNS=0
+
+CPPFLAGS+= -DBSD44 -DCK_CURSES -DCK_DTRCD -DCK_DTRCTS -DCK_PAM -DFNFLOAT
+CPPFLAGS+= -DHAVE_OPENPTY -DHERALD=\"NetBSD\" -DTCPSOCKET -DTPUTSARGTYPE=int
+CPPFLAGS+= -DUSE_STRERROR -DZLIB -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+CPPFLAGS+= -DNO_DCL_INET_ATON
+
+.if ${MKCRYPTO} == "yes"
+CPPFLAGS+= -DCK_AUTHENTICATION -DCK_CAST -DCK_DES -DCK_ENCRYPTION
+CPPFLAGS+= -DCK_KERBEROS -DCK_SSL -DKRB5 -DLIBDES -DOPENSSL_100 -DHEIMDAL
+CPPFLAGS+= -DKTARGET='" netbsd+krb5+openssl+zlib"'
+CPPFLAGS+= -I/usr/include/krb5
+
+LDADD+= -lcrypt -lcrypto -ldes -lgssapi -lkrb5 -lssl
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBDES} ${LIBGSSAPI} ${LIBKRB5} ${LIBSSL}
+
+COPTS.ckuath.c= -Wno-error=deprecated-declarations
+
+.else
+CPPFLAGS+= -DKTARGET='" netbsd+zlib"'
+.endif
+
+LDADD+=-lpam -lutil -lcurses -lz -lm
+DPADD+=${LIBPAM} ${LIBUTIL} ${LIBCURSES} ${LIBZ} ${LIBM}
+CPPFLAGS+=-std=c89
+
+.PATH: ${.CURDIR}/../dist
+
+PROG= kermit
+SRCS+= ck_crp.c ck_ssl.c ckcfn2.c ckcfn3.c ckcfns.c ckcftp.c ckclib.c \
+ ckcmai.c ckcnet.c ckcpro.c ckctel.c ckcuni.c ckuath.c ckucmd.c \
+ ckucns.c ckudia.c ckufio.c ckupty.c ckuscr.c ckusig.c ckutio.c \
+ ckuus2.c ckuus3.c ckuus4.c ckuus5.c ckuus6.c ckuus7.c ckuusr.c \
+ ckuusx.c ckuusy.c ckuxla.c
+
+CLEANFILES+=kermit.1
+
+.include <bsd.prog.mk>
+
+kermit.1: ${.CURDIR}/../dist/ckuker.nr
+ @cp ${.ALLSRC} ${.TARGET}
diff --git a/kermit/files/dot.kermrc b/kermit/files/dot.kermrc
new file mode 100644
index 0000000000..624c93c5fc
--- /dev/null
+++ b/kermit/files/dot.kermrc
@@ -0,0 +1,15 @@
+# .kermit -- typical ckermit init file
+# $NetBSD: dot.kermrc,v 1.2 1998/08/07 10:36:39 agc Exp $
+
+set send packet 9024 # packet size send
+set receive packet 9024 # packet size receive
+set file type binary # file type
+set block 3 # use 16bit CCITT crc's
+set window 15 # use 15 sliding window slots
+set file name literal # do not translate file names
+set file coll overwrite # overwrite if file allready exists
+set file dis crt # display in terms of cps and percentage
+set flow rts # hardware flow control
+set con unprefix all # unpre all control characters
+set con prefix 0 3 131 # prefix necessary control characters
+set speed 57600 # use 57600bps DTE
diff --git a/kermit/options.mk b/kermit/options.mk
new file mode 100644
index 0000000000..f48ee20b0f
--- /dev/null
+++ b/kermit/options.mk
@@ -0,0 +1,49 @@
+# $NetBSD: options.mk,v 1.6 2015/09/30 08:25:37 tnn Exp $
+
+PKG_OPTIONS_VAR= PKG_OPTIONS.kermit
+PKG_SUPPORTED_OPTIONS= kermit-suid-uucp ssl kerberos
+PKG_OPTIONS_OPTIONAL_GROUPS+= socks
+PKG_OPTIONS_GROUP.socks= socks4 dante
+
+.include "../../mk/bsd.options.mk"
+
+###
+### Install the kermit binary as a setuid-uucp binary.
+###
+.if !empty(PKG_OPTIONS:Mkermit-suid-uucp)
+PKG_GROUPS+= ${UUCP_GROUP}
+PKG_USERS+= ${UUCP_USER}:${UUCP_GROUP}
+PKG_GROUPS_VARS+= UUCP_GROUP
+PKG_USERS_VARS+= UUCP_USER
+SPECIAL_PERMS+= bin/kermit ${UUCP_USER} ${UUCP_GROUP} 4555
+.endif
+
+###
+### SOCKS firewall support.
+###
+.if !empty(PKG_OPTIONS:Msocks4)
+KFLAGS+= -DSOCKS -DCK_SOCKS
+LIBS+= -L${BUILDLINK_PREFIX.dante}/lib -lsocks
+.include "../../net/dante/buildlink3.mk"
+.elif !empty(PKG_OPTIONS:Mdante)
+KFLAGS+= -DSOCKS -DCK_SOCKS
+LIBS+= -L${BUILDLINK_PREFIX.dante}/lib -lsocks
+.include "../../net/dante/buildlink3.mk"
+.endif
+
+.if !empty(PKG_OPTIONS:Mkerberos)
+BUILD_TARGET_OPTIONS+= +krb5
+.include "../../security/mit-krb5/buildlink3.mk"
+K5INC= -I${WRKDIR}/.buildlink/include
+K5LIB= -L${WRKDIR}/.buildlink/lib ${COMPILER_RPATH_FLAG}${WRKDIR}/.buildlink/lib
+MAKE_ENV+= K5INC=${K5INC:Q} K5LIB=${K5LIB:Q}
+.endif
+
+.if !empty(PKG_OPTIONS:Mssl)
+BUILD_TARGET_OPTIONS+= +ssl
+.include "../../security/openssl/buildlink3.mk"
+# Set to empty
+SSLINC= -I${WRKDIR}/.buildlink/include
+SSLLIB= -L${WRKDIR}/.buildlink/lib ${COMPILER_RPATH_FLAG}${WRKDIR}/.buildlink/lib
+MAKE_ENV+= SSLINC=${SSLINC:Q} SSLLIB=${SSLLIB:Q}
+.endif
diff --git a/kermit/patches/patch-aa b/kermit/patches/patch-aa
new file mode 100644
index 0000000000..f19baa30d7
--- /dev/null
+++ b/kermit/patches/patch-aa
@@ -0,0 +1,88 @@
+$NetBSD: patch-aa,v 1.10 2011/12/06 01:19:16 sbd Exp $
+
+* Get K5LIB, K5INC, SSLLIB and SSLINC from pkgsrc.
+* s/-lgssapi/-lgssapi_krb5/ on netbsd+krb5*
+* Add $(LIBS) to link command on solaris2xg+openssl+zlib+pam+shadow
+* s@$(K5INC)/krb5@$(K5INC)/kerberosv5/ on solaris9g+krb5+ssl
+* On linux get HAVE_LIBCURSES and HAVE_CURSES from pkgsrc (with the
+ curses include and library pathes coming from BUILDLINK_*FLAGS).
+
+
+--- makefile.orig 2011-08-21 15:12:07.000000000 +0000
++++ makefile
+@@ -824,12 +824,12 @@ manroot = $(prefix)
+
+ K4LIB=-L/usr/kerberos/lib
+ K4INC=-I/usr/kerberos/include
+-K5LIB=-L/usr/kerberos/lib
+-K5INC=-I/usr/kerberos/include
++#K5LIB=-L/usr/kerberos/lib
++#K5INC=-I/usr/kerberos/include
+ SRPLIB=-L$(srproot)/lib
+ SRPINC=-I$(srproot)/include
+-SSLLIB=-L$(sslroot)/ssl/lib
+-SSLINC=-I$(sslroot)/ssl/include
++#SSLLIB=-L$(sslroot)/ssl/lib
++#SSLINC=-I$(sslroot)/ssl/include
+
+ # To override these assignments; for example, if your OpenSSL files are
+ # not in /usr/local/ssl, invoke the desired target like this:
+@@ -1869,7 +1869,7 @@ netbsd+krb5:
+ -DCK_CAST $$HAVE_DES -DNOFTP_GSSAPI $(K5INC) $(K5INC)/krb5 \
+ $(KFLAGS)" \
+ "LIBS= $(K5LIB) -L/usr/pkg/lib -R/usr/pkg/lib -lcurses $$DES_LIB \
+- -lcrypto -lgssapi -lkrb5 -lm -lutil $(LIBS)"
++ -lcrypto -lgssapi_krb5 -lkrb5 -lm -lutil $(LIBS)"
+
+ # NetBSD - With Kerberos 5 and SSL and Zlib.
+ # OK: 2011/08/21 on 5.1 with MIT Kerberos.
+@@ -1896,7 +1896,7 @@ netbsd+krb5+ssl netbsd+krb5+openssl+zlib
+ -DCK_SSL -DCK_PAM -DZLIB -DNO_DCL_INET_ATON $$OPENSSLOPTION \
+ $(KFLAGS)" "LNKFLAGS = $(LNKFLAGS)" \
+ "LIBS= $(K5LIB) -L/usr/pkg/lib -R/usr/pkg/lib -lssl $$DES_LIB \
+- -lcrypto -lcrypt -lgssapi -lkrb5 -lz -lm -lpam -lutil -lcurses $(LIBS)"
++ -lcrypto -lcrypt -lgssapi_krb5 -lkrb5 -lz -lm -lpam -lutil -lcurses $(LIBS)"
+
+ #Special Security Enhanced NetBSD target with SRP, SSL, and zlib support.
+ #To build this, you need to BUILD the pkgsrc srp_client package. After
+@@ -3544,7 +3544,7 @@ solaris2xg+openssl+zlib+pam+shadow:
+ -DCK_AUTHENTICATION -DCK_SSL -DCK_PAM -DCK_SHADOW -DZLIB \
+ -DBIGBUFOK $(SSLINC) $(KFLAGS)" \
+ "LIBS= $(SSLLIB) -ltermlib \
+- -lsocket -lnsl -lm -lresolv -lssl -lcrypto -lpam -lz"
++ -lsocket -lnsl -lm -lresolv -lssl -lcrypto -lpam -lz $(LIBS)"
+
+ #Ditto but with GCC 3.1 in which you have to specify 32-bit with -m32.
+ #In Solaris 9 (and maybe 8) you'll also need specifiy the Library path.
+@@ -3899,7 +3899,7 @@ solaris9g+krb5+ssl solaris10g+krb5+ssl s
+ -DCK_CURSES -DCK_NEWTERM -DDIRENT -DHDBUUCP -DTCPSOCKET -DBIGBUFOK \
+ -DCK_AUTHENTICATION -DCK_SSL -DZLIB -DCK_KERBEROS -DKRB5 \
+ -DCK_ENCRYPTION -DCK_CAST $$OPENSSLOPTION \
+- $$HAVE_DES $(SSLINC) $(K5INC) $(K5INC)/krb5 $(KFLAGS)" \
++ $$HAVE_DES $(SSLINC) $(K5INC) $(K5INC)/kerberosv5 $(KFLAGS)" \
+ "LIBS= $(SSLLIB) $(K5LIB) -lz -lssl -ltermlib -lsocket -lnsl -lm \
+ -lresolv -lcrypto \
+ $$GSSAPILIB -lkrb5 -lcom_err -lk5crypto $$DES_LIB $(LIBS)"
+@@ -6095,22 +6095,6 @@ linux:
+ if test `grep openpty /usr/include/pty.h | wc -l` -gt 0; \
+ then HAVE_OPENPTY='-DHAVE_OPENPTY'; \
+ else HAVE_OPENPTY=''; fi ; \
+- HAVE_LIBCURSES=''; \
+- if test -f /usr/lib64/libncurses.so || \
+- test -f /usr/lib/libncurses.a || \
+- test -f /usr/lib/libncurses.so; then \
+- HAVE_LIBCURSES='-lncurses'; \
+- else if test -f /usr/lib64/libcurses.so || \
+- test -f /usr/lib/libcurses.a || \
+- test -f /usr/lib/libcurses.so; then \
+- HAVE_LIBCURSES='-lcurses'; fi; fi; \
+- HAVE_CURSES=''; \
+- if test -n '$$HAVE_LIBCURSES'; then \
+- if test -f /usr/include/ncurses.h; then \
+- HAVE_CURSES='-DCK_NCURSES -I/usr/include/ncurses'; \
+- else if test -f /usr/include/curses.h; then \
+- HAVE_CURSES='-DCK_CURSES'; \
+- fi; fi; fi; \
+ if test -f /usr/include/baudboy.h || test -f /usr/include/ttylock.h; \
+ then HAVE_LOCKDEV='-DHAVE_LOCKDEV' ; \
+ else HAVE_LOCKDEV='' ; fi ; \
diff --git a/kermit/patches/patch-ab b/kermit/patches/patch-ab
new file mode 100644
index 0000000000..46f328f76c
--- /dev/null
+++ b/kermit/patches/patch-ab
@@ -0,0 +1,568 @@
+$NetBSD: patch-ab,v 1.8 2020/04/08 15:22:07 rhialto Exp $
+
+- Update for openssl 1.1.1e.
+- Kermit tries to keep SSL and TLS contexts (since in old openssl, the
+ *v23* methods were not version-flexible enough). Now afer simplification
+ there is lots of duplicate code left over that could be simplified more.
+
+--- ck_ssl.c.orig 2011-07-06 15:03:32.000000000 +0200
++++ ck_ssl.c 2020-04-06 16:43:41.323530837 +0200
+@@ -301,7 +301,7 @@
+ break;
+ default:
+ printf("Error %d while verifying certificate.\r\n",
+- ctx->error);
++ error);
+ break;
+ }
+ }
+@@ -804,6 +804,17 @@
+ #define MS_CALLBACK
+ #endif /* MS_CALLBACK */
+
++static BIGNUM *get_RSA_F4()
++{
++ static BIGNUM *bn;
++
++ if (!bn) {
++ bn = BN_new();
++ BN_add_word(bn, RSA_F4);
++ }
++ return bn;
++}
++
+ static RSA MS_CALLBACK *
+ #ifdef CK_ANSIC
+ tmp_rsa_cb(SSL * s, int export, int keylength)
+@@ -822,7 +833,16 @@
+ if (ssl_debug_flag)
+ printf("Generating temporary (%d bit) RSA key...\r\n",keylength);
+
+- rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
++ rsa_tmp = RSA_new();
++ if (rsa_tmp) {
++ int error = RSA_generate_key_ex(rsa_tmp, keylength, get_RSA_F4(),NULL);
++ if (error) {
++ if (ssl_debug_flag)
++ printf(" error %d", error);
++ RSA_free(rsa_tmp);
++ rsa_tmp = NULL;
++ }
++ }
+
+ if (ssl_debug_flag)
+ printf("\r\n");
+@@ -936,10 +956,26 @@
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ BIGNUM *p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
++ if ((p == NULL) || (g == NULL)) {
++ BN_free(g);
++ BN_free(p);
++ DH_free(dh);
++ return(NULL);
++ }
++ DH_set0_pqg(dh, p, NULL, g);
++#else
+ dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+ dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ BN_free(dh->g);
++ BN_free(dh->p);
++ DH_free(dh);
+ return(NULL);
++ }
++#endif
+ return(dh);
+ }
+
+@@ -950,10 +986,26 @@
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ BIGNUM *p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
++ if ((p == NULL) || (g == NULL)) {
++ BN_free(g);
++ BN_free(p);
++ DH_free(dh);
++ return(NULL);
++ }
++ DH_set0_pqg(dh, p, NULL, g);
++#else
+ dh->p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
+ dh->g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ BN_free(dh->g);
++ BN_free(dh->p);
++ DH_free(dh);
+ return(NULL);
++ }
++#endif
+ return(dh);
+ }
+
+@@ -964,10 +1016,26 @@
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ BIGNUM *p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
++ if ((p == NULL) || (g == NULL)) {
++ BN_free(g);
++ BN_free(p);
++ DH_free(dh);
++ return(NULL);
++ }
++ DH_set0_pqg(dh, p, NULL, g);
++#else
+ dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+ dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ BN_free(dh->g);
++ BN_free(dh->p);
++ DH_free(dh);
+ return(NULL);
++ }
++#endif
+ return(dh);
+ }
+
+@@ -978,10 +1046,26 @@
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ BIGNUM *p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
++ if ((p == NULL) || (g == NULL)) {
++ BN_free(g);
++ BN_free(p);
++ DH_free(dh);
++ return(NULL);
++ }
++ DH_set0_pqg(dh, p, NULL, g);
++#else
+ dh->p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
+ dh->g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ BN_free(dh->g);
++ BN_free(dh->p);
++ DH_free(dh);
+ return(NULL);
++ }
++#endif
+ return(dh);
+ }
+
+@@ -992,10 +1076,26 @@
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ BIGNUM *p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
++ if ((p == NULL) || (g == NULL)) {
++ BN_free(g);
++ BN_free(p);
++ DH_free(dh);
++ return(NULL);
++ }
++ DH_set0_pqg(dh, p, NULL, g);
++#else
+ dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+ dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ BN_free(dh->g);
++ BN_free(dh->p);
++ DH_free(dh);
+ return(NULL);
++ }
++#endif
+ return(dh);
+ }
+ #endif /* NO_DH */
+@@ -1054,10 +1154,11 @@
+ if (ssl == NULL)
+ return;
+
+- if (ssl->expand == NULL || ssl->expand->meth == NULL)
++ const COMP_METHOD *method = SSL_get_current_compression(ssl);
++ if (method == NULL)
+ printf("Compression: None\r\n");
+ else {
+- printf("Compression: %s\r\n",ssl->expand->meth->name);
++ printf("Compression: %s\r\n",SSL_COMP_get_name(method));
+ }
+ }
+
+@@ -1072,7 +1173,7 @@
+ #endif /* CK_ANSIC */
+ {
+ X509 *peer;
+- SSL_CIPHER * cipher;
++ const SSL_CIPHER * cipher;
+ const char *cipher_list;
+ char buf[512]="";
+
+@@ -1457,13 +1558,23 @@
+
+ #ifdef ZLIB
+ cm = COMP_zlib();
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ if (cm != NULL && COMP_get_type(cm) != NID_undef) {
++#else
+ if (cm != NULL && cm->type != NID_undef) {
++#endif
+ SSL_COMP_add_compression_method(0xe0, cm); /* EAY's ZLIB ID */
+ }
+ #endif /* ZLIB */
++#ifdef NID_rle_compression
+ cm = COMP_rle();
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ if (cm != NULL && COMP_get_type(cm) != NID_undef)
++#else
+ if (cm != NULL && cm->type != NID_undef)
++#endif
+ SSL_COMP_add_compression_method(0xe1, cm); /* EAY's RLE ID */
++#endif /* NID_rle_compression */
+
+ /* Ensure the Random number generator has enough entropy */
+ if ( !RAND_status() ) {
+@@ -1483,8 +1594,12 @@
+ }
+ debug(F110,"ssl_rnd_file",ssl_rnd_file,0);
+
++#ifdef OPENSSL_NO_EGD
++ rc1 = 0;
++#else
+ rc1 = RAND_egd(ssl_rnd_file);
+ debug(F111,"ssl_once_init","RAND_egd()",rc1);
++#endif
+ if ( rc1 <= 0 ) {
+ rc2 = RAND_load_file(ssl_rnd_file, -1);
+ debug(F111,"ssl_once_init","RAND_load_file()",rc1);
+@@ -1579,25 +1694,13 @@
+ /* This can fail because we do not have RSA available */
+ if ( !ssl_ctx ) {
+ debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
+- ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
+- }
+- if ( !ssl_ctx ) {
+- debug(F110,"ssl_tn_init","SSLv3_client_method failed",0);
+ last_ssl_mode = -1;
+ return(0);
+ }
+-#ifndef COMMENT
+- tls_ctx=(SSL_CTX *)SSL_CTX_new(TLSv1_client_method());
+-#else /* COMMENT */
+ tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv23_client_method());
+ /* This can fail because we do not have RSA available */
+ if ( !tls_ctx ) {
+ debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
+- tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
+- }
+-#endif /* COMMENT */
+- if ( !tls_ctx ) {
+- debug(F110,"ssl_tn_init","TLSv1_client_method failed",0);
+ last_ssl_mode = -1;
+ return(0);
+ }
+@@ -1611,25 +1714,13 @@
+ /* This can fail because we do not have RSA available */
+ if ( !ssl_ctx ) {
+ debug(F110,"ssl_tn_init","SSLv23_server_method failed",0);
+- ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_server_method());
+- }
+- if ( !ssl_ctx ) {
+- debug(F110,"ssl_tn_init","SSLv3_server_method failed",0);
+ last_ssl_mode = -1;
+ return(0);
+ }
+-#ifdef COMMENT
+- tls_ctx=(SSL_CTX *)SSL_CTX_new(TLSv1_server_method());
+-#else /* COMMENT */
+ tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv23_server_method());
+ /* This can fail because we do not have RSA available */
+ if ( !tls_ctx ) {
+ debug(F110,"ssl_tn_init","SSLv23_server_method failed",0);
+- tls_ctx=(SSL_CTX *)SSL_CTX_new(TLSv1_server_method());
+- }
+-#endif /* COMMENT */
+- if ( !tls_ctx ) {
+- debug(F110,"ssl_tn_init","TLSv1_server_method failed",0);
+ last_ssl_mode = -1;
+ return(0);
+ }
+@@ -1655,7 +1746,6 @@
+ SSL_CTX_set_info_callback(ssl_ctx,ssl_client_info_callback);
+ SSL_CTX_set_info_callback(tls_ctx,ssl_client_info_callback);
+
+-#ifndef COMMENT
+ /* Set the proper caching mode */
+ if ( mode == SSL_SERVER ) {
+ SSL_CTX_set_session_cache_mode(ssl_ctx,SSL_SESS_CACHE_SERVER);
+@@ -1666,10 +1756,6 @@
+ }
+ SSL_CTX_set_session_id_context(ssl_ctx,(CHAR *)"1",1);
+ SSL_CTX_set_session_id_context(tls_ctx,(CHAR *)"2",1);
+-#else /* COMMENT */
+- SSL_CTX_set_session_cache_mode(ssl_ctx,SSL_SESS_CACHE_OFF);
+- SSL_CTX_set_session_cache_mode(tls_ctx,SSL_SESS_CACHE_OFF);
+-#endif /* COMMENT */
+ }
+
+ /* The server uses defaults for the certificate files. */
+@@ -1777,7 +1863,14 @@
+
+ if ( ssl_debug_flag )
+ printf("Generating temp (512 bit) RSA key ...\r\n");
+- rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
++ rsa = RSA_new();
++ if (rsa) {
++ int error = RSA_generate_key_ex(rsa,512,get_RSA_F4(),NULL);
++ if (error) {
++ RSA_free(rsa);
++ rsa = NULL;
++ }
++ }
+ if ( ssl_debug_flag )
+ printf("Generation of temp (512 bit) RSA key done\r\n");
+
+@@ -2153,18 +2246,10 @@
+ printf("SSL_DEBUG_FLAG on\r\n");
+
+ if (!tls_http_ctx ) {
+-#ifdef COMMENT
+- /* too many web servers still do not support TLSv1 */
+- tls_http_ctx=(SSL_CTX *)SSL_CTX_new(TLSv1_client_method());
+-#else /* COMMENT */
+ tls_http_ctx=(SSL_CTX *)SSL_CTX_new(SSLv23_client_method());
+ /* This can fail because we do not have RSA available */
+ if ( !tls_http_ctx ) {
+ debug(F110,"ssl_http_init","SSLv23_client_method failed",0);
+- tls_http_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
+- }
+-#endif /* COMMENT */
+- if ( !tls_http_ctx ) {
+ debug(F110,"ssl_http_init","TLSv1_client_method failed",0);
+ return(0);
+ }
+@@ -2182,7 +2267,7 @@
+ * for TLS be sure to prevent use of SSLv2
+ */
+ SSL_CTX_set_options(tls_http_ctx,
+- SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA);
++ SSL_OP_NO_SSLv2/*|SSL_OP_NO_SSLv3*/|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA);
+
+ SSL_CTX_set_info_callback(tls_http_ctx,ssl_client_info_callback);
+
+@@ -2575,7 +2660,11 @@
+ int
+ ssl_verify_crl(int ok, X509_STORE_CTX *ctx)
+ {
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ X509_OBJECT *obj;
++#else
+ X509_OBJECT obj;
++#endif
+ X509_NAME *subject = NULL;
+ X509_NAME *issuer = NULL;
+ X509 *xs = NULL;
+@@ -2595,6 +2684,14 @@
+ if (!crl_store)
+ return ok;
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ obj = X509_OBJECT_new();
++ if (!obj)
++ return(ok);
++#else
++ memset((char *)&obj, 0, sizeof(obj));
++#endif
++
+ store_ctx = X509_STORE_CTX_new();
+ if ( !store_ctx )
+ return(ok);
+@@ -2641,11 +2738,16 @@
+ * Try to retrieve a CRL corresponding to the _subject_ of
+ * the current certificate in order to verify it's integrity.
+ */
+- memset((char *)&obj, 0, sizeof(obj));
+ X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
++ X509_STORE_CTX_cleanup(store_ctx);
++ crl = X509_OBJECT_get0_X509_CRL(obj);
++#else
+ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, &obj);
+ X509_STORE_CTX_cleanup(store_ctx);
+ crl = obj.data.crl;
++#endif
+ if (rc > 0 && crl != NULL) {
+ /*
+ * Verify the signature on this CRL
+@@ -2653,7 +2755,11 @@
+ if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) {
+ fprintf(stderr, "Invalid signature on CRL!\n");
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ X509_OBJECT_free(obj);
++#else
+ X509_OBJECT_free_contents(&obj);
++#endif
+ X509_STORE_CTX_free(store_ctx);
+ return 0;
+ }
+@@ -2661,12 +2767,16 @@
+ /*
+ * Check date of CRL to make sure it's not expired
+ */
+- i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
++ i = X509_cmp_current_time(X509_CRL_get0_nextUpdate(crl));
+ if (i == 0) {
+ fprintf(stderr, "Found CRL has invalid nextUpdate field.\n");
+ X509_STORE_CTX_set_error(ctx,
+ X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ X509_OBJECT_free(obj);
++#else
+ X509_OBJECT_free_contents(&obj);
++#endif
+ X509_STORE_CTX_free(store_ctx);
+ return 0;
+ }
+@@ -2675,22 +2785,38 @@
+ "Found CRL is expired - revoking all certificates until you get updated CRL.\n"
+ );
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ X509_OBJECT_free(obj);
++#else
+ X509_OBJECT_free_contents(&obj);
++#endif
+ X509_STORE_CTX_free(store_ctx);
+ return 0;
+ }
+- X509_OBJECT_free_contents(&obj);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ X509_OBJECT_free(obj);
++#else
++ X509_OBJECT_free_contents(&obj);
++#endif
+ }
+
+ /*
+ * Try to retrieve a CRL corresponding to the _issuer_ of
+ * the current certificate in order to check for revocation.
+ */
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ memset((char *)&obj, 0, sizeof(obj));
++#endif
+ X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
++ X509_STORE_CTX_free(store_ctx); /* calls X509_STORE_CTX_cleanup() */
++ crl = X509_OBJECT_get0_X509_CRL(obj);
++#else
+ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, &obj);
+ X509_STORE_CTX_free(store_ctx); /* calls X509_STORE_CTX_cleanup() */
+ crl = obj.data.crl;
++#endif
+ if (rc > 0 && crl != NULL) {
+ /*
+ * Check if the current certificate is revoked by this CRL
+@@ -2698,19 +2824,34 @@
+ n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
+ for (i = 0; i < n; i++) {
+ revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked),
++ X509_get_serialNumber(xs)) == 0) { // }
++
++ serial = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(revoked));
++#else
+ if (ASN1_INTEGER_cmp(revoked->serialNumber,
+ X509_get_serialNumber(xs)) == 0) {
+
+ serial = ASN1_INTEGER_get(revoked->serialNumber);
++#endif
+ cp = X509_NAME_oneline(issuer, NULL, 0);
+ free(cp);
+
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ X509_OBJECT_free(obj);
++#else
+ X509_OBJECT_free_contents(&obj);
++#endif
+ return 0;
+ }
+ }
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ X509_OBJECT_free(obj);
++#else
+ X509_OBJECT_free_contents(&obj);
++#endif
+ }
+ return ok;
+ }
+@@ -2877,6 +3018,7 @@
+ #ifndef OpenBSD
+ #ifndef FREEBSD4
+ #ifndef NETBSD15
++#ifndef __DragonFly__
+ #ifndef LINUX
+ #ifndef AIX41
+ #ifndef UW7
+@@ -2919,6 +3061,7 @@
+ #endif /* UW7 */
+ #endif /* AIX41 */
+ #endif /* LINUX */
++#endif /* __DragonFly__ */
+ #endif /* NETBSD15 */
+ #endif /* FREEBSD4 */
+ #endif /* OpenBSD */
+@@ -3057,7 +3200,7 @@
+ tls_is_anon(int x)
+ {
+ char buf[128];
+- SSL_CIPHER * cipher;
++ const SSL_CIPHER * cipher;
+ SSL * ssl = NULL;
+
+ switch ( x ) {
+@@ -3101,7 +3244,7 @@
+ tls_is_krb5(int x)
+ {
+ char buf[128];
+- SSL_CIPHER * cipher;
++ const SSL_CIPHER * cipher;
+ SSL * ssl = NULL;
+
+ switch ( x ) {
+@@ -4343,7 +4486,14 @@
+ if (!(fp = fopen(buf, "r")))
+ return 0;
+ while (!r && (file_cert = PEM_read_X509(fp, NULL, NULL, NULL))) {
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ const ASN1_BIT_STRING *peer_cert_sig, *file_cert_sig;
++ X509_get0_signature(&peer_cert_sig, NULL, peer_cert);
++ X509_get0_signature(&file_cert_sig, NULL, file_cert);
++ if (!ASN1_STRING_cmp(peer_cert_sig, file_cert_sig))
++#else
+ if (!ASN1_STRING_cmp(peer_cert->signature, file_cert->signature))
++#endif
+ r = 1;
+ X509_free(file_cert);
+ }
diff --git a/kermit/patches/patch-ac b/kermit/patches/patch-ac
new file mode 100644
index 0000000000..8e15ccee12
--- /dev/null
+++ b/kermit/patches/patch-ac
@@ -0,0 +1,12 @@
+$NetBSD: patch-ac,v 1.9 2011/08/25 14:54:06 hans Exp $
+
+--- ckcdeb.h.orig 2010-08-23 15:30:56.000000000 +0200
++++ ckcdeb.h 2011-08-23 10:31:55.103102070 +0200
+@@ -4532,7 +4532,6 @@ extern int errno;
+ following is an anachronism and should be the execption rather than the
+ rule.
+ */
+-extern int errno;
+ #endif /* __GLIBC__ */
+ #endif /* OS2 */
+ #endif /* VMS */
diff --git a/kermit/patches/patch-ad b/kermit/patches/patch-ad
new file mode 100644
index 0000000000..2cb7cdc88a
--- /dev/null
+++ b/kermit/patches/patch-ad
@@ -0,0 +1,12 @@
+$NetBSD: patch-ad,v 1.10 2012/05/17 20:29:13 christos Exp $
+
+--- ckcmai.c.orig 2012-05-17 16:22:58.000000000 -0400
++++ ckcmai.c 2012-05-17 16:23:53.000000000 -0400
+@@ -540,6 +540,7 @@
+
+ #include "ckcker.h" /* Kermit symbols */
+ #include "ckcnet.h" /* Network symbols */
++#include "ckupty.h" /* time.h */
+
+ #ifdef CK_SSL
+ #include "ck_ssl.h"
diff --git a/kermit/patches/patch-ae b/kermit/patches/patch-ae
new file mode 100644
index 0000000000..db3302538d
--- /dev/null
+++ b/kermit/patches/patch-ae
@@ -0,0 +1,65 @@
+$NetBSD: patch-ae,v 1.8 2020/07/30 03:03:07 gutteridge Exp $
+
+Portability fixes for DragonFly, SunOS, and Linux.
+
+The Linux fix is taken from upstream's 9.0.305 Alpha.01 release, and is
+noted to be a temporary workaround, so it may change in form in a
+pending release.
+
+--- ckucmd.c.orig 2011-07-14 12:14:37.000000000 +0000
++++ ckucmd.c
+@@ -7370,7 +7370,11 @@ cmdconchk() {
+
+ /* Here we must look inside the stdin buffer - highly platform dependent */
+
+-#ifdef _IO_file_flags /* Linux */
++#ifdef __FILE_defined /* glibc 2.28 1 Aug 2018 */
++ x = (int) ((stdin->_IO_read_end) - (stdin->_IO_read_ptr));
++ debug(F101,"cmdconchk __FILE_defined","",x);
++#else /* __FILE_defined */
++#ifdef _IO_file_flags /* Linux (glibc 2.28 removed this symbol */
+ x = (int) ((stdin->_IO_read_end) - (stdin->_IO_read_ptr));
+ debug(F101,"cmdconchk _IO_file_flags","",x);
+ #else /* _IO_file_flags */
+@@ -7382,8 +7386,19 @@ cmdconchk() {
+ #ifdef NOARROWKEYS
+ debug(F101,"cmdconchk NOARROWKEYS x","",0);
+ #else
++#if defined(__sun) && (defined(__amd64) || defined(__sparcv9))
++ struct sun_64_FILE {
++ unsigned char *_ptr; /* next character from/to here in buffer */
++ unsigned char *_base; /* the buffer */
++ unsigned char *_end; /* the end of the buffer */
++ ssize_t _cnt; /* number of available characters in buffer */
++ } *sun_64_stdin = (struct sun_64_FILE *)stdin;
++ debug(F101,"cmdconchk sun_64_stdin->_cnt","",sun_64_stdin->_cnt);
++ x = sun_64_stdin->_cnt;
++#else
+ debug(F101,"cmdconchk stdin->_cnt","",stdin->_cnt);
+ x = stdin->_cnt;
++#endif
+ #endif /* NOARROWKEYS */
+ #endif /* VMS */
+ if (x == 0) x = conchk();
+@@ -7395,7 +7410,12 @@ cmdconchk() {
+ if (x == 0) x = conchk();
+ if (x < 0) x = 0;
+ #else /* USE_FILE_CNT */
+-#ifdef USE_FILE_R /* FreeBSD, OpenBSD, etc */
++#if defined(__DragonFly__) && defined(feof_unlocked)
++ debug(F101,"cmdconchk stdin->_r","",((struct __FILE_public *)stdin)->_r);
++ x = ((struct __FILE_public *)stdin)->_r;
++ if (x == 0) x = conchk();
++ if (x < 0) x = 0;
++#elif defined(USE_FILE_R) /* FreeBSD, OpenBSD, etc */
+ debug(F101,"cmdconchk stdin->_r","",stdin->_r);
+ x = stdin->_r;
+ if (x == 0) x = conchk();
+@@ -7407,6 +7427,7 @@ cmdconchk() {
+ #endif /* USE_FILE__CNT */
+ #endif /* USE_FILE_CNT */
+ #endif /* _IO_file_flags */
++#endif /* __FILE_defined */
+ #endif /* CMD_CONINC */
+ #endif /* OS2 */
+ return(x + y);
diff --git a/kermit/patches/patch-af b/kermit/patches/patch-af
new file mode 100644
index 0000000000..6547c595be
--- /dev/null
+++ b/kermit/patches/patch-af
@@ -0,0 +1,13 @@
+$NetBSD: patch-af,v 1.1 2005/12/18 23:15:43 joerg Exp $
+
+--- ckuusr.c.orig 2005-12-18 23:04:34.000000000 +0000
++++ ckuusr.c
+@@ -87,6 +87,8 @@ char *userv = "User Interface 8.0.278, 1
+ #define MULTINET_OLD_STYLE /* Leave select prototype undefined */
+ #endif /* MULTINET */
+
++#include <errno.h>
++
+ #include "ckcdeb.h"
+ #include "ckcasc.h"
+ #include "ckcker.h"
diff --git a/kermit/patches/patch-ag b/kermit/patches/patch-ag
new file mode 100644
index 0000000000..aa5dad9677
--- /dev/null
+++ b/kermit/patches/patch-ag
@@ -0,0 +1,16 @@
+$NetBSD: patch-ag,v 1.2 2011/08/25 14:54:06 hans Exp $
+
+--- ckuus6.c.orig 2011-06-07 17:27:51.000000000 +0200
++++ ckuus6.c 2011-08-23 10:34:29.697605882 +0200
+@@ -33,11 +33,7 @@
+ #endif /* def VMS [else] */
+ #endif /* NOSTAT */
+
+-#ifdef VMS
+-#ifndef TCPSOCKET
+ #include <errno.h>
+-#endif /* TCPSOCKET */
+-#endif /* VMS */
+
+ #ifdef datageneral
+ #define fgets(stringbuf,max,fd) dg_fgets(stringbuf,max,fd)
diff --git a/kermit/patches/patch-ah b/kermit/patches/patch-ah
new file mode 100644
index 0000000000..906ee4ab09
--- /dev/null
+++ b/kermit/patches/patch-ah
@@ -0,0 +1,14 @@
+$NetBSD: patch-ah,v 1.1 2005/12/18 23:15:43 joerg Exp $
+
+--- ckcfns.c.orig 2005-12-18 23:06:48.000000000 +0000
++++ ckcfns.c
+@@ -93,9 +93,7 @@ _PROTOTYP( long zfsize, (char *) );
+ #endif /* OS2ONLY */
+ #endif /* OS2 */
+
+-#ifdef VMS
+ #include <errno.h>
+-#endif /* VMS */
+
+ /* Externals from ckcmai.c */
+
diff --git a/kermit/patches/patch-aj b/kermit/patches/patch-aj
new file mode 100644
index 0000000000..0ff718fa12
--- /dev/null
+++ b/kermit/patches/patch-aj
@@ -0,0 +1,13 @@
+$NetBSD: patch-aj,v 1.1 2006/06/28 23:13:18 dbj Exp $
+
+--- ckuus5.c.orig 2006-06-27 19:22:53.000000000 -0400
++++ ckuus5.c 2006-06-27 19:23:30.000000000 -0400
+@@ -28,6 +28,8 @@
+ #include "ckcker.h"
+ #include "ckuusr.h"
+
++#include <errno.h>
++
+ #ifdef DCMDBUF
+ char *line; /* Character buffer for anything */
+ char *tmpbuf;
diff --git a/kermit/patches/patch-ak b/kermit/patches/patch-ak
new file mode 100644
index 0000000000..55430e3f1e
--- /dev/null
+++ b/kermit/patches/patch-ak
@@ -0,0 +1,24 @@
+$NetBSD: patch-ak,v 1.2 2020/04/08 15:22:07 rhialto Exp $
+
+- Use version-flexible SSL/TLS method.
+
+--- ckuus7.c.orig 2011-06-23 16:13:11.000000000 +0000
++++ ckuus7.c
+@@ -32,6 +32,8 @@
+ #include "ckucmd.h"
+ #include "ckclib.h"
+
++#include <errno.h>
++
+ #ifdef VMS
+ #ifndef TCPSOCKET
+ #include <errno.h>
+@@ -14340,7 +14342,7 @@ sho_auth(cx) int cx; {
+ if (ssl_con == NULL) {
+ SSL_library_init();
+ ssl_ctx = (SSL_CTX *)
+- SSL_CTX_new((SSL_METHOD *)TLSv1_method());
++ SSL_CTX_new((SSL_METHOD *)SSLv23_method());
+ if (ssl_ctx != NULL)
+ ssl_con= (SSL *) SSL_new(ssl_ctx);
+ }
diff --git a/kermit/patches/patch-al b/kermit/patches/patch-al
new file mode 100644
index 0000000000..6205aca788
--- /dev/null
+++ b/kermit/patches/patch-al
@@ -0,0 +1,391 @@
+$NetBSD: patch-al,v 1.3 2014/06/23 22:24:24 christos Exp $
+
+--- ckuath.c.orig 2011-06-13 13:26:54.000000000 -0400
++++ ckuath.c 2014-06-23 18:20:26.000000000 -0400
+@@ -117,19 +117,6 @@
+ #include <time.h>
+ #include <fcntl.h>
+ #include <errno.h>
+-#ifndef malloc
+-#ifndef VMS
+-#ifndef FREEBSD4
+-#ifndef OpenBSD
+-#ifdef MACOSX
+-#include <sys/malloc.h>
+-#else /* MACOSX */
+-#include <malloc.h>
+-#endif /* MACOSX */
+-#endif /* OpenBSD */
+-#endif /* FREEBSD4 */
+-#endif /* VMS */
+-#endif /* malloc */
+ #ifdef OS2
+ #include <io.h>
+ #endif /* OS2 */
+@@ -149,7 +136,9 @@
+ #endif /* saveprintf */
+ #else /* HEIMDAL */
+ #include "krb5.h"
++#ifdef BETATEST
+ #include "profile.h"
++#endif
+ #include "com_err.h"
+ #ifdef KRB5_GET_INIT_CREDS_OPT_TKT_LIFE
+ #define KRB5_HAVE_GET_INIT_CREDS
+@@ -417,7 +406,6 @@
+ char des_outpkt[2*RLOG_BUFSIZ+4]; /* needs to be > largest write size */
+ #ifdef KRB5
+ krb5_data desinbuf,desoutbuf;
+-krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */
+ static krb5_data encivec_i[2], encivec_o[2];
+
+ enum krb5_kcmd_proto {
+@@ -3145,8 +3133,13 @@
+ data.data = k4_session_key;
+ data.length = 8;
+
+- code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0,
+- &encdata, &data);
++ code = krb5_c_decrypt(k5_context,
++#ifdef HEIMDAL
++ k4_krbkey,
++#else
++ &k4_krbkey,
++#endif
++ 0, 0, &encdata, &data);
+
+ krb5_free_keyblock_contents(k5_context, &random_key);
+
+@@ -3162,8 +3155,13 @@
+ data.data = k4_challenge;
+ data.length = 8;
+
+- code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0,
+- &encdata, &data);
++ code = krb5_c_decrypt(k5_context,
++#ifdef HEIMDAL
++ k4_krbkey,
++#else
++ &k4_krbkey,
++#endif
++ 0, 0, &encdata, &data);
+ #else /* MIT_CURRENT */
+ memset(k4_sched,0,sizeof(Schedule));
+ ckhexdump("auth_send",cred.session,8);
+@@ -3295,7 +3293,7 @@
+ case AUTHTYPE_KERBEROS_V5:
+ debug(F111,"auth_send KRB5","k5_auth.length",k5_auth.length);
+ for ( i=0 ; i<k5_auth.length ; i++ ) {
+- if ( (char *)k5_auth.data[i] == IAC )
++ if ( ((char *)k5_auth.data)[i] == IAC )
+ iaccnt++;
+ }
+ if ( k5_auth.length + iaccnt + 10 < sizeof(buf) ) {
+@@ -4250,8 +4248,13 @@
+ kdata.data = k4_challenge;
+ kdata.length = 8;
+
+- if (code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0,
+- &encdata, &kdata)) {
++ if (code = krb5_c_decrypt(k5_context,
++#ifdef HEIMDAL
++ k4_krbkey,
++#else
++ &k4_krbkey,
++#endif
++ 0, 0, &encdata, &kdata)) {
+ com_err("k4_auth_is", code, "while decrypting challenge");
+ auth_finished(AUTH_REJECT);
+ return AUTH_FAILURE;
+@@ -4752,9 +4755,11 @@
+ ap_opts |= AP_OPTS_MUTUAL_REQUIRED;
+
+ #ifdef HEIMDAL
++#ifdef notdef
+ r = krb5_auth_setkeytype(k5_context, auth_context, KEYTYPE_DES);
+ if (r)
+ com_err(NULL, r, "while setting auth keytype");
++#endif
+ r = krb5_auth_con_setaddrs_from_fd(k5_context,auth_context, &ttyfd);
+ if (r)
+ com_err(NULL, r, "while setting auth addrs");
+@@ -4924,7 +4929,6 @@
+ skey.data = k5_session_key->contents;
+ #endif /* HEIMDAL */
+ } else {
+-#ifdef HEIMDAL
+ switch ( k5_session_key->keytype ) {
+ case ETYPE_DES_CBC_CRC:
+ case ETYPE_DES_CBC_MD5:
+@@ -4934,24 +4938,17 @@
+ break;
+ default:
+ skey.type = SK_GENERIC;
++#ifdef HEIMDAL
++ skey.length = k5_session_key->keyvalue.length;
++#else /* HEIMDAL */
+ skey.length = k5_session_key->length;
++#endif /* HEIMDAL */
+ encrypt_dont_support(ENCTYPE_DES_CFB64);
+ encrypt_dont_support(ENCTYPE_DES_OFB64);
+ }
++#ifdef HEIMDAL
+ skey.data = k5_session_key->keyvalue.data;
+ #else /* HEIMDAL */
+- switch ( k5_session_key->enctype ) {
+- case ENCTYPE_DES_CBC_CRC:
+- case ENCTYPE_DES_CBC_MD5:
+- case ENCTYPE_DES_CBC_MD4:
+- skey.type = SK_DES;
+- skey.length = 8;
+- default:
+- skey.type = SK_GENERIC;
+- skey.length = k5_session_key->length;
+- encrypt_dont_support(ENCTYPE_DES_CFB64);
+- encrypt_dont_support(ENCTYPE_DES_OFB64);
+- }
+ skey.data = k5_session_key->contents;
+ #endif /* HEIMDAL */
+ }
+@@ -5038,7 +5035,6 @@
+ skey.data = k5_session_key->contents;
+ #endif /* HEIMDAL */
+ } else {
+-#ifdef HEIMDAL
+ switch ( k5_session_key->keytype ) {
+ case ETYPE_DES_CBC_CRC:
+ case ETYPE_DES_CBC_MD5:
+@@ -5047,21 +5043,15 @@
+ skey.length = 8;
+ default:
+ skey.type = SK_GENERIC;
++#ifdef HEIMDAL
++ skey.length = k5_session_key->keyvalue.length;
++#else /* HEIMDAL */
+ skey.length = k5_session_key->length;
++#endif /* HEIMDAL */
+ }
++#ifdef HEIMDAL
+ skey.data = k5_session_key->keyvalue.data;
+ #else /* HEIMDAL */
+- switch ( k5_session_key->enctype ) {
+- case ENCTYPE_DES_CBC_CRC:
+- case ENCTYPE_DES_CBC_MD5:
+- case ENCTYPE_DES_CBC_MD4:
+- skey.type = SK_DES;
+- skey.length = 8;
+- break;
+- default:
+- skey.type = SK_GENERIC;
+- skey.length = k5_session_key->length;
+- }
+ skey.data = k5_session_key->contents;
+ #endif /* HEIMDAL */
+ }
+@@ -5138,7 +5128,11 @@
+ }
+ if ( msg.length == 24 && !memcmp(msg.data,tls_verify,24) )
+ krb5_tls_verified = 1;
++#ifdef HEIMDAL
++ krb5_data_free(&msg);
++#else /* HEIMDAL */
+ krb5_free_data_contents(k5_context,&msg);
++#endif /* HEIMDAL */
+ if (krb5_tls_verified)
+ return(AUTH_SUCCESS);
+ }
+@@ -5166,7 +5160,7 @@
+ krb5_context context;
+ krb5_auth_context auth_context;
+ krb5_data *inbuf;
+- krb5_const_principal client;
++ krb5_principal client;
+ {
+ krb5_creds ** creds=NULL;
+ krb5_error_code retval;
+@@ -5197,7 +5191,7 @@
+ if ((retval = krb5_cc_initialize(context, ccache, client)))
+ return(retval);
+
+- if ((retval = krb5_rd_cred(context, auth_context, ccache, inbuf)))
++ if ((retval = krb5_rd_cred2(context, auth_context, ccache, inbuf)))
+ return(retval);
+ #else /* HEIMDAL */
+ if ((retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL)))
+@@ -5472,17 +5466,17 @@
+ goto errout;
+ }
+ SendK5AuthSB(KRB5_TLS_VERIFY, msg.data, msg.length);
++#ifdef HEIMDAL
++ krb5_data_free(&msg);
++#else
+ krb5_free_data_contents(k5_context,&msg);
++#endif
+ }
+ #endif /* CK_SSL */
+ if ((how & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+ /* do ap_rep stuff here */
+ if ((r = krb5_mk_rep(k5_context,
+-#ifdef HEIMDAL
+- &auth_context,
+-#else /* HEIMDAL */
+ auth_context,
+-#endif /* HEIMDAL */
+ &outbuf))) {
+ debug(F111,"k5_auth_is","krb5_mk_rep",r);
+ (void) ckstrncpy(errbuf, "Make reply failed: ",sizeof(errbuf));
+@@ -5503,7 +5497,7 @@
+ {
+ szUserNameAuthenticated[0] = '\0';
+ } else {
+- ckstrncpy(szUserNameAuthenticated,UIDBUFLEN,name);
++ ckstrncpy(szUserNameAuthenticated,name,UIDBUFLEN);
+ free(name);
+ }
+ }
+@@ -9687,6 +9681,7 @@
+ return(-1);
+ }
+
++int
+ #ifdef CK_ANSIC
+ ck_krb4_destroy(struct krb_op_data * op)
+ #else
+@@ -11228,7 +11223,12 @@
+
+ use_ivecs = 1;
+
+- if (status = krb5_c_block_size(k5_context, k5_session_key->enctype,
++ if (status = krb5_c_block_size(k5_context,
++#ifdef HEIMDAL
++ k5_session_key->keytype,
++#else
++ k5_session_key->enctype,
++#endif
+ &blocksize)) {
+ /* XXX what do I do? */
+ printf("fatal kerberos 5 crypto library error\n");
+@@ -11309,8 +11309,7 @@
+ krb5_ap_rep_enc_part *rep_ret = NULL;
+ krb5_data outbuf;
+ int rc;
+- krb5_int32 seqno=0;
+- krb5_int32 server_seqno=0;
++ int server_seqno=0;
+ char ** realmlist=NULL;
+ int buflen;
+ char tgt[256];
+@@ -11388,7 +11387,11 @@
+ }
+
+ if (krb5_rlog_ver == KCMD_OLD_PROTOCOL)
++#ifdef HEIMDAL
++ get_cred->session.keytype=ETYPE_DES_CBC_CRC;
++#else
+ get_cred->keyblock.enctype=ENCTYPE_DES_CBC_CRC;
++#endif
+
+ /* Get ticket from credentials cache or kdc */
+ status = krb5_get_credentials(k5_context,
+@@ -11429,10 +11432,11 @@
+ krb5_boolean is_des;
+
+ if (status = krb5_c_enctype_compare( k5_context,
+- ENCTYPE_DES_CBC_CRC,
+ #ifdef HEIMDAL
++ ETYPE_DES_CBC_CRC,
+ ret_cred->session.keytype,
+ #else /* HEIMDAL */
++ ENCTYPE_DES_CBC_CRC,
+ ret_cred->keyblock.enctype,
+ #endif /* HEIMDAL */
+ &is_des)) {
+@@ -11482,7 +11486,11 @@
+ &rep_ret,
+ NULL
+ );
++#ifdef HEIMDAL
++ krb5_data_free(&cksumdat);
++#else
+ krb5_free_data_contents(k5_context,&cksumdat);
++#endif
+
+ if (status) {
+ if ( !quiet )
+@@ -11490,12 +11498,17 @@
+ error_message(status));
+ if (error) {
+ if ( !quiet ) {
+- printf("Server returned error code %d (%s)\r\n",
+- error->error,
+- error_message(ERROR_TABLE_BASE_krb5 + error->error));
+- if (error->text.length) {
+- printf("Error text sent from server: %s\r\n",
+- error->text.data);
++#ifdef HEIMDAL
++ int xerror = error->error_code;
++ char *xtext = *error->e_text;
++#else
++ int xerror = error->error;
++ char *xtext = error->text.length ? error->text.data : NULL;
++#endif
++ printf("Server returned error code %d (%s)\r\n", xerror,
++ error_message(ERROR_TABLE_BASE_krb5 + xerror));
++ if (xtext) {
++ printf("Error text sent from server: %s\r\n", xtext);
+ }
+ }
+ krb5_free_error(k5_context, error);
+@@ -11505,7 +11518,11 @@
+ }
+
+ if (rep_ret) {
++#ifdef HEIMDAL
++ server_seqno = *rep_ret->seq_number;
++#else
+ server_seqno = rep_ret->seq_number;
++#endif
+ krb5_free_ap_rep_enc_part(k5_context, rep_ret);
+ }
+
+@@ -11834,7 +11851,11 @@
+ rd_len = (rd_len << 8) | c;
+
+ if (status = krb5_c_encrypt_length(k5_context,
++#ifdef HEIMDAL
++ k5_session_key->keytype,
++#else
+ k5_session_key->enctype,
++#endif
+ use_ivecs ? rd_len + 4 : rd_len,
+ (size_t *)&net_len)) {
+ errno = status;
+@@ -11865,9 +11886,15 @@
+ plain.length = sizeof(storage);
+ plain.data = storage;
+
+- if ( status = krb5_c_decrypt(k5_context, k5_session_key, KCMD_KEYUSAGE,
++ if ( status = krb5_c_decrypt(k5_context,
++#ifdef HEIMDAL
++ *k5_session_key,
++#else
++ k5_session_key,
++#endif
++ KCMD_KEYUSAGE,
+ use_ivecs ? encivec_i + secondary : 0,
+- &cipher,&plain) ) {
++ &cipher,&plain) ) {
+ /* probably out of sync */
+ printf("Cannot decrypt data from network: %s\r\n",
+ error_message(status));
+@@ -12759,8 +12786,8 @@
+
+ static int
+ binaryEqual (a, b, len)
+-register char *a, *b;
+-register int len;
++char *a, *b;
++int len;
+ {
+ while (len--)
+ if (*a++ != *b++)
diff --git a/kermit/patches/patch-am b/kermit/patches/patch-am
new file mode 100644
index 0000000000..244ff9dee2
--- /dev/null
+++ b/kermit/patches/patch-am
@@ -0,0 +1,14 @@
+$NetBSD: patch-am,v 1.1 2011/05/14 19:27:53 hans Exp $
+
+--- ckuusx.c.orig 2004-03-14 18:13:23.000000000 +0100
++++ ckuusx.c 2009-12-26 23:23:19.652637206 +0100
+@@ -70,6 +70,9 @@ _PROTOTYP(char * os2_gethostname, (void)
+ #ifdef BSD44
+ #include <errno.h>
+ #endif /* BSD44 */
++#ifdef SOLARIS
++#include <errno.h>
++#endif
+
+ extern xx_strp xxstring;
+
diff --git a/kermit/patches/patch-ckcftp.c b/kermit/patches/patch-ckcftp.c
new file mode 100644
index 0000000000..adaabc1eaf
--- /dev/null
+++ b/kermit/patches/patch-ckcftp.c
@@ -0,0 +1,31 @@
+$NetBSD: patch-ckcftp.c,v 1.1 2020/04/08 16:22:00 rhialto Exp $
+
+Use SSLv23_client_method() because it is version-flexible.
+The difference that Kermit makes between SSL and TLS is gone.
+
+--- ckcftp.c.orig 2011-07-14 18:17:30.000000000 +0200
++++ ckcftp.c 2020-04-06 17:01:35.943676852 +0200
+@@ -10196,19 +10196,19 @@
+ #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0L
+ #endif
+ if (auth_type && !strcmp(auth_type,"TLS")) {
+- ssl_ftp_ctx=SSL_CTX_new(SSLv3_client_method());
++ ssl_ftp_ctx=SSL_CTX_new(SSLv23_client_method());
+ if (!ssl_ftp_ctx)
+ return(0);
+ SSL_CTX_set_options(ssl_ftp_ctx,
+ SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
+ );
+ } else {
+- ssl_ftp_ctx = SSL_CTX_new(ftp_bug_use_ssl_v2 ? SSLv23_client_method() :
+- SSLv3_client_method());
++ ssl_ftp_ctx = SSL_CTX_new(SSLv23_client_method());
+ if (!ssl_ftp_ctx)
+ return(0);
+ SSL_CTX_set_options(ssl_ftp_ctx,
+- (ftp_bug_use_ssl_v2 ? 0 : SSL_OP_NO_SSLv2)|
++
++ (ftp_bug_use_ssl_v2 ? 0 : SSL_OP_NO_SSLv2/*|SSL_OP_NO_SSLv3*/)|
+ SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
+ );
+ }
diff --git a/kermit/patches/patch-ckcpro.w b/kermit/patches/patch-ckcpro.w
new file mode 100644
index 0000000000..0b801fdb5b
--- /dev/null
+++ b/kermit/patches/patch-ckcpro.w
@@ -0,0 +1,19 @@
+$NetBSD: patch-ckcpro.w,v 1.1 2019/04/11 02:21:09 mrg Exp $
+
+dest is an int.
+ffc and calibrate are CK_OFF_Ts.
+
+--- ckcpro.w.orig 2011-06-07 11:39:21.000000000 -0700
++++ ckcpro.w 2019-04-10 19:15:37.736900735 -0700
+@@ -151,8 +151,9 @@
+ extern int quiet, tsecs, parity, backgrd, nakstate, atcapu, wslotn, winlo;
+ extern int wslots, success, xitsta, rprintf, discard, cdtimo, keep, fdispla;
+ extern int timef, stdinf, rscapu, sendmode, epktflg, epktrcvd, epktsent;
+- extern int binary, fncnv;
+- extern long speed, ffc, crc16, calibrate, dest;
++ extern int binary, fncnv, dest;
++ extern CK_OFF_T ffc, calibrate;
++ extern long speed, crc16;
+ #ifdef COMMENT
+ extern char *TYPCMD, *DIRCMD, *DIRCM2;
+ #endif /* COMMENT */
diff --git a/kermit/patches/patch-ckupty.c b/kermit/patches/patch-ckupty.c
new file mode 100644
index 0000000000..bffc5c4f77
--- /dev/null
+++ b/kermit/patches/patch-ckupty.c
@@ -0,0 +1,40 @@
+$NetBSD: patch-ckupty.c,v 1.1 2015/11/07 23:20:59 dholland Exp $
+
+Always use termios, never sgtty.h.
+
+--- ckupty.c~ 2011-06-13 15:34:13.000000000 +0000
++++ ckupty.c
+@@ -79,33 +79,7 @@ char * ptyver = "PTY support 8.0.016, 22
+ #endif /* SUNOS41 */
+
+ #ifndef USE_TERMIO
+-#ifdef LINUX
+-#define USE_TERMIO
+-#else
+-#ifdef ATTSV
+-#define USE_TERMIO
+-#else
+-#ifdef HPUX
+-#define USE_TERMIO
+-#else
+-#ifdef AIX
+-#define USE_TERMIO
+-#else
+-#ifdef BSD44ORPOSIX
+ #define USE_TERMIO
+-#else
+-#ifdef IRIX60
+-#define USE_TERMIO
+-#else
+-#ifdef QNX
+-#define USE_TERMIO
+-#endif /* QNX */
+-#endif /* IRIX60 */
+-#endif /* BSD44ORPOSIX */
+-#endif /* AIX */
+-#endif /* HPUX */
+-#endif /* ATTSV */
+-#endif /* LINUX */
+ #endif /* USE_TERMIO */
+
+ #ifdef QNX
diff --git a/kermit/patches/patch-ckuus3.c b/kermit/patches/patch-ckuus3.c
new file mode 100644
index 0000000000..0ae8106030
--- /dev/null
+++ b/kermit/patches/patch-ckuus3.c
@@ -0,0 +1,15 @@
+$NetBSD: patch-ckuus3.c,v 1.1 2020/04/08 15:22:07 rhialto Exp $
+
+Use version-flexible method.
+
+--- ckuus3.c.orig 2011-06-26 18:20:07.000000000 +0000
++++ ckuus3.c
+@@ -13048,7 +13048,7 @@ case XYDEBU:
+ if (ssl_con == NULL) {
+ SSL_library_init();
+ ssl_ctx = (SSL_CTX *)
+- SSL_CTX_new((SSL_METHOD *)TLSv1_method());
++ SSL_CTX_new((SSL_METHOD *)SSLv23_method());
+ if (ssl_ctx != NULL)
+ ssl_con= (SSL *) SSL_new(ssl_ctx);
+ }
diff --git a/kermit/patches/patch-ckuus4.c b/kermit/patches/patch-ckuus4.c
new file mode 100644
index 0000000000..1dd7c8eb57
--- /dev/null
+++ b/kermit/patches/patch-ckuus4.c
@@ -0,0 +1,29 @@
+$NetBSD: patch-ckuus4.c,v 1.1 2019/04/11 02:21:09 mrg Exp $
+
+Always include errno.h.
+crc16 is a long.
+
+--- ckuus4.c.orig 2011-06-24 11:58:10.000000000 -0700
++++ ckuus4.c 2019-04-10 18:25:09.650654615 -0700
+@@ -34,8 +34,9 @@
+ #include "ck_ssl.h"
+ #endif /* CK_SSL */
+
++#include <errno.h>
++
+ #ifdef VMS
+-#include <errno.h> /* For \v(errno) */
+ extern char * ckvmserrstr(unsigned long);
+ #ifndef OLD_VMS
+ #include <lib$routines.h> /* Not for VAX C 2.4 */
+@@ -409,7 +410,9 @@
+ npad, pkttim, bigrbsiz, bigsbsiz, keep, atcapr, autopar, bctr, bctu,
+ crunched, ckdelay, ebq, ebqflg, pktlog, retrans, rpackets, rptflg, rptq,
+ rtimo, spackets, spsiz, spsizf, spsizr, timeouts, fncact, fncnv, urpsiz,
+- wmax, wslotn, wslotr, fdispla, spmax, fnrpath, fnspath, crc16;
++ wmax, wslotn, wslotr, fdispla, spmax, fnrpath, fnspath;
++extern long
++ crc16;
+ #endif /* NOXFER */
+
+ #ifdef OS2
Home |
Main Index |
Thread Index |
Old Index