pkgsrc-WIP-changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kermit: Import from pkgrsc, and flip to alpha



Module Name:	pkgsrc-wip
Committed By:	Greg Troxel <gdt%lexort.com@localhost>
Pushed By:	gdt
Date:		Sun Oct 4 13:55:54 2020 +0000
Changeset:	92bae9bd687d1b446e67af327a71b9000f25a92d

Modified Files:
	Makefile
Added Files:
	kermit/DESCR
	kermit/Makefile
	kermit/PLIST
	kermit/TODO
	kermit/distinfo
	kermit/files/Makefile
	kermit/files/dot.kermrc
	kermit/options.mk
	kermit/patches/patch-aa
	kermit/patches/patch-ab
	kermit/patches/patch-ac
	kermit/patches/patch-ad
	kermit/patches/patch-ae
	kermit/patches/patch-af
	kermit/patches/patch-ag
	kermit/patches/patch-ah
	kermit/patches/patch-aj
	kermit/patches/patch-ak
	kermit/patches/patch-al
	kermit/patches/patch-am
	kermit/patches/patch-ckcftp.c
	kermit/patches/patch-ckcpro.w
	kermit/patches/patch-ckupty.c
	kermit/patches/patch-ckuus3.c
	kermit/patches/patch-ckuus4.c

Log Message:
kermit: Import from pkgrsc, and flip to alpha

This does not build.  This is just the current pkgsrc with the
distinfo flipped to the current alpha, with a TODO.  I am merely
checkpointing it.

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=92bae9bd687d1b446e67af327a71b9000f25a92d

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 Makefile                      |   1 +
 kermit/DESCR                  |   6 +
 kermit/Makefile               |  72 ++++++
 kermit/PLIST                  |  14 ++
 kermit/TODO                   |   7 +
 kermit/distinfo               |  23 ++
 kermit/files/Makefile         |  45 ++++
 kermit/files/dot.kermrc       |  15 ++
 kermit/options.mk             |  49 ++++
 kermit/patches/patch-aa       |  88 +++++++
 kermit/patches/patch-ab       | 568 ++++++++++++++++++++++++++++++++++++++++++
 kermit/patches/patch-ac       |  12 +
 kermit/patches/patch-ad       |  12 +
 kermit/patches/patch-ae       |  65 +++++
 kermit/patches/patch-af       |  13 +
 kermit/patches/patch-ag       |  16 ++
 kermit/patches/patch-ah       |  14 ++
 kermit/patches/patch-aj       |  13 +
 kermit/patches/patch-ak       |  24 ++
 kermit/patches/patch-al       | 391 +++++++++++++++++++++++++++++
 kermit/patches/patch-am       |  14 ++
 kermit/patches/patch-ckcftp.c |  31 +++
 kermit/patches/patch-ckcpro.w |  19 ++
 kermit/patches/patch-ckupty.c |  40 +++
 kermit/patches/patch-ckuus3.c |  15 ++
 kermit/patches/patch-ckuus4.c |  29 +++
 26 files changed, 1596 insertions(+)

diffs:
diff --git a/Makefile b/Makefile
index 866e581a73..6be0121cee 100644
--- a/Makefile
+++ b/Makefile
@@ -1753,6 +1753,7 @@ SUBDIR+=	kea
 SUBDIR+=	kea-git
 SUBDIR+=	keama-git
 SUBDIR+=	keditbookmarks
+SUBDIR+=	kermit
 SUBDIR+=	kfind
 SUBDIR+=	kgamma5
 SUBDIR+=	kget
diff --git a/kermit/DESCR b/kermit/DESCR
new file mode 100644
index 0000000000..038170b0da
--- /dev/null
+++ b/kermit/DESCR
@@ -0,0 +1,6 @@
+KERMIT file transfer/terminal emulation utility
+------------------------------------------------------
+
+This is a release of C-Kermit file transfer protocol utility.
+This version supports transfer of un-escaped control characters for
+very fast file transfers with high reliability.
diff --git a/kermit/Makefile b/kermit/Makefile
new file mode 100644
index 0000000000..aec5ee91b1
--- /dev/null
+++ b/kermit/Makefile
@@ -0,0 +1,72 @@
+# $NetBSD: Makefile,v 1.93 2020/04/08 15:22:07 rhialto Exp $
+
+DISTNAME=	ckucku305-alpha02
+PKGNAME=	kermit-9.0.305a2
+CATEGORIES=	comms
+#MASTER_SITES=	ftp://ftp.kermitproject.org/kermit/archives/
+MASTER_SITES=	http://www.kermitproject.org/ftp/kermit/test/tar/
+
+MAINTAINER=	gdt%NetBSD.org@localhost
+HOMEPAGE=	http://www.kermitproject.org/
+COMMENT=	Network and serial communication, file transfer, and scripting utility
+
+# UNIX C-Kermit 9.0 has been released with the Revised 3-Clause BSD License.
+# http://www.columbia.edu/kermit/licensing.html
+LICENSE=	modified-bsd
+
+.include "../../mk/bsd.prefs.mk"
+
+WRKSRC=		${WRKDIR}
+DIST_SUBDIR=	${PKGNAME_NOREV}
+BUILD_DEFS+=	KFLAGS LIBS MANINSTALL
+MAKE_ENV+=	KFLAGS=${KFLAGS:Q} LIBS=${LIBS:Q}
+MAKE_FILE=	makefile
+
+LIBS+=		${BUILDLINK_LDADD.termcap}
+
+#KFLAGS+=	-DNODEBUG -DNOOLDMODEMS
+KFLAGS+=	${BUILDLINK_CPPFLAGS}
+LIBS+=		${BUILDLINK_LDFLAGS}
+
+.include "options.mk"
+
+INSTALLATION_DIRS=	bin ${PKGMANDIR}/man1 share/doc/kermit
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/wermit ${DESTDIR}${PREFIX}/bin/kermit
+	${INSTALL_DATA} ${WRKSRC}/*.txt ${DESTDIR}${PREFIX}/share/doc/kermit
+	${INSTALL_MAN} ${WRKSRC}/ckuker.nr \
+		${DESTDIR}${PREFIX}/${PKGMANDIR}/man1/kermit.1
+
+.include "../../mk/curses.buildlink3.mk"
+.include "../../mk/termcap.buildlink3.mk"
+
+.if ${OPSYS} == "Darwin"
+.  if !empty(OS_VERSION:M??.*)
+BUILD_TARGET_OPSYS=	macosx10.6
+.  elif !empty(OS_VERSION:M9.*)
+BUILD_TARGET_OPSYS=	macosx10.5
+.  elif !empty(OS_VERSION:M8.*)
+BUILD_TARGET_OPSYS=	macosx10.4
+.  elif empty(OS_VERSION:M7.*)
+BUILD_TARGET_OPSYS=	macosx103.9
+.  else
+BUILD_TARGET_OPSYS=	macosx10
+.  endif
+.elif ${OPSYS} == "Linux"
+BUILD_TARGET_OPSYS=	linux
+MAKE_ENV+=		HAVE_LIBCURSES=-l${BUILDLINK_LIBNAME.curses}
+.  if ${CURSES_TYPE} == "ncurses"
+MAKE_ENV+=		HAVE_CURSES=-DCK_NCURSES
+.  else
+MAKE_ENV+=		HAVE_CURSES=-DCK_NCURSES
+.  endif
+.elif ${OPSYS} == "SunOS"
+BUILD_TARGET_OPSYS=	solaris11g
+.else
+BUILD_TARGET_OPSYS=	netbsd
+.endif
+
+BUILD_TARGET=	${BUILD_TARGET_OPSYS}${BUILD_TARGET_OPTIONS:ts}
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/kermit/PLIST b/kermit/PLIST
new file mode 100644
index 0000000000..ed1d6575df
--- /dev/null
+++ b/kermit/PLIST
@@ -0,0 +1,14 @@
+@comment $NetBSD: PLIST,v 1.9 2011/08/25 14:54:06 hans Exp $
+bin/kermit
+man/man1/kermit.1
+share/doc/kermit/ckaaaa.txt
+share/doc/kermit/ckc302.txt
+share/doc/kermit/ckcbwr.txt
+share/doc/kermit/ckccfg.txt
+share/doc/kermit/ckcplm.txt
+share/doc/kermit/ckermit70.txt
+share/doc/kermit/ckermit80.txt
+share/doc/kermit/ckermit90.txt
+share/doc/kermit/ckubwr.txt
+share/doc/kermit/ckuins.txt
+share/doc/kermit/ckututor.txt
diff --git a/kermit/TODO b/kermit/TODO
new file mode 100644
index 0000000000..63b5c30fb9
--- /dev/null
+++ b/kermit/TODO
@@ -0,0 +1,7 @@
+- Rebase patches to the alpha
+
+- Rename patch files to modern norms
+
+- File patches upstream
+
+- Test
diff --git a/kermit/distinfo b/kermit/distinfo
new file mode 100644
index 0000000000..c00b7b4e61
--- /dev/null
+++ b/kermit/distinfo
@@ -0,0 +1,23 @@
+$NetBSD: distinfo,v 1.28 2020/07/30 03:03:07 gutteridge Exp $
+
+SHA1 (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 90a3cdc9d5112d752a8637b6a76f6aef7da8a00c
+RMD160 (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 4cd3cc02f6f5367b158f2fabc910e3ab7ffcee6a
+SHA512 (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 017c742d53fa847b844554ce46708a32bee76af2efb092c3149b92f9ef50e0aa03ce52ffe99fc46ebfb7eeda1f4660b9f936d92c48625eda92369496070dd3a1
+Size (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 2545990 bytes
+SHA1 (patch-aa) = fd3a613ce3cd3755a2e3b8baf33df33593713024
+SHA1 (patch-ab) = 280bfca4d44630bc9ec4a9331b650b81c7f80774
+SHA1 (patch-ac) = 62cc9e92f2413a42312d9f6d168ee85664b6aab9
+SHA1 (patch-ad) = 414f61c19185e4a82a8326121c2d9dacfba48077
+SHA1 (patch-ae) = 3cd335d719933fce95c2f5b05e9959d0d1ca06e0
+SHA1 (patch-af) = 2a09f9f933d3c1e6860983d8138ac61f33306ef7
+SHA1 (patch-ag) = cae37680ea5af85f4d2c774fe230f73a1f0be48c
+SHA1 (patch-ah) = 5b2098dfd57f8bd4d107acafaabe1a2c9b97d037
+SHA1 (patch-aj) = 6468e2139639f601de4609db8dff07b8b3a82d82
+SHA1 (patch-ak) = 983583d79abc4fcee1b7e9bf8ae46f184aa7011d
+SHA1 (patch-al) = 616ad10e65b24a04d24ff2556d6362ef3cc64b78
+SHA1 (patch-am) = 8c5acbfefe7b7d11825cc32c4449582b51f6cad9
+SHA1 (patch-ckcftp.c) = 1af977dce79f61c43619186c6a5d2032d7a9a6bd
+SHA1 (patch-ckcpro.w) = 247c1d0e0bcec632c4095c10067757cc40fb3831
+SHA1 (patch-ckupty.c) = fd8966627f3642550750ccd42e3add64a36dae09
+SHA1 (patch-ckuus3.c) = 557e938b36931f7948783116d1c5c2224d51bcbb
+SHA1 (patch-ckuus4.c) = 2204f4c95f8266358b66ac0936ac83ab27bec0c9
diff --git a/kermit/files/Makefile b/kermit/files/Makefile
new file mode 100644
index 0000000000..4e19cde780
--- /dev/null
+++ b/kermit/files/Makefile
@@ -0,0 +1,45 @@
+# $NetBSD: Makefile,v 1.1 2014/06/23 22:25:39 christos Exp $
+
+.include <bsd.own.mk>
+
+WARNS=0
+
+CPPFLAGS+= -DBSD44 -DCK_CURSES -DCK_DTRCD -DCK_DTRCTS -DCK_PAM -DFNFLOAT
+CPPFLAGS+= -DHAVE_OPENPTY -DHERALD=\"NetBSD\" -DTCPSOCKET -DTPUTSARGTYPE=int
+CPPFLAGS+= -DUSE_STRERROR -DZLIB -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+CPPFLAGS+= -DNO_DCL_INET_ATON
+
+.if ${MKCRYPTO} == "yes"
+CPPFLAGS+= -DCK_AUTHENTICATION -DCK_CAST -DCK_DES -DCK_ENCRYPTION
+CPPFLAGS+= -DCK_KERBEROS -DCK_SSL -DKRB5 -DLIBDES -DOPENSSL_100 -DHEIMDAL
+CPPFLAGS+= -DKTARGET='" netbsd+krb5+openssl+zlib"'
+CPPFLAGS+= -I/usr/include/krb5
+
+LDADD+= -lcrypt -lcrypto -ldes -lgssapi -lkrb5 -lssl
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBDES} ${LIBGSSAPI} ${LIBKRB5} ${LIBSSL}
+
+COPTS.ckuath.c= -Wno-error=deprecated-declarations
+
+.else
+CPPFLAGS+= -DKTARGET='" netbsd+zlib"'
+.endif
+
+LDADD+=-lpam -lutil -lcurses -lz -lm
+DPADD+=${LIBPAM} ${LIBUTIL} ${LIBCURSES} ${LIBZ} ${LIBM}
+CPPFLAGS+=-std=c89
+
+.PATH: ${.CURDIR}/../dist
+
+PROG=	kermit
+SRCS+=	ck_crp.c ck_ssl.c ckcfn2.c ckcfn3.c ckcfns.c ckcftp.c ckclib.c \
+	ckcmai.c ckcnet.c ckcpro.c ckctel.c ckcuni.c ckuath.c ckucmd.c \
+	ckucns.c ckudia.c ckufio.c ckupty.c ckuscr.c ckusig.c ckutio.c \
+	ckuus2.c ckuus3.c ckuus4.c ckuus5.c ckuus6.c ckuus7.c ckuusr.c \
+	ckuusx.c ckuusy.c ckuxla.c
+
+CLEANFILES+=kermit.1
+
+.include <bsd.prog.mk>
+
+kermit.1: ${.CURDIR}/../dist/ckuker.nr
+	@cp ${.ALLSRC} ${.TARGET}
diff --git a/kermit/files/dot.kermrc b/kermit/files/dot.kermrc
new file mode 100644
index 0000000000..624c93c5fc
--- /dev/null
+++ b/kermit/files/dot.kermrc
@@ -0,0 +1,15 @@
+# .kermit -- typical ckermit init file
+# $NetBSD: dot.kermrc,v 1.2 1998/08/07 10:36:39 agc Exp $
+
+set send packet 9024		# packet size send 
+set receive packet 9024		# packet size receive
+set file type binary		# file type
+set block 3			# use 16bit CCITT crc's
+set window 15 			# use 15 sliding window slots
+set file name literal		# do not translate file names
+set file coll overwrite		# overwrite if file allready exists
+set file dis crt		# display in terms of cps and percentage
+set flow rts			# hardware flow control
+set con unprefix all		# unpre all control characters
+set con prefix 0 3 131		# prefix necessary control characters
+set speed 57600			# use 57600bps DTE
diff --git a/kermit/options.mk b/kermit/options.mk
new file mode 100644
index 0000000000..f48ee20b0f
--- /dev/null
+++ b/kermit/options.mk
@@ -0,0 +1,49 @@
+# $NetBSD: options.mk,v 1.6 2015/09/30 08:25:37 tnn Exp $
+
+PKG_OPTIONS_VAR=		PKG_OPTIONS.kermit
+PKG_SUPPORTED_OPTIONS=		kermit-suid-uucp ssl kerberos
+PKG_OPTIONS_OPTIONAL_GROUPS+=	socks
+PKG_OPTIONS_GROUP.socks=	socks4 dante
+
+.include "../../mk/bsd.options.mk"
+
+###
+### Install the kermit binary as a setuid-uucp binary.
+###
+.if !empty(PKG_OPTIONS:Mkermit-suid-uucp)
+PKG_GROUPS+=		${UUCP_GROUP}
+PKG_USERS+=		${UUCP_USER}:${UUCP_GROUP}
+PKG_GROUPS_VARS+=	UUCP_GROUP
+PKG_USERS_VARS+=	UUCP_USER
+SPECIAL_PERMS+=		bin/kermit ${UUCP_USER} ${UUCP_GROUP} 4555
+.endif
+
+###
+### SOCKS firewall support.
+###
+.if !empty(PKG_OPTIONS:Msocks4)
+KFLAGS+=	-DSOCKS -DCK_SOCKS
+LIBS+=		-L${BUILDLINK_PREFIX.dante}/lib -lsocks
+.include "../../net/dante/buildlink3.mk"
+.elif !empty(PKG_OPTIONS:Mdante)
+KFLAGS+=	-DSOCKS -DCK_SOCKS
+LIBS+=		-L${BUILDLINK_PREFIX.dante}/lib -lsocks
+.include "../../net/dante/buildlink3.mk"
+.endif
+
+.if !empty(PKG_OPTIONS:Mkerberos)
+BUILD_TARGET_OPTIONS+=	+krb5
+.include "../../security/mit-krb5/buildlink3.mk"
+K5INC=		-I${WRKDIR}/.buildlink/include
+K5LIB=		-L${WRKDIR}/.buildlink/lib ${COMPILER_RPATH_FLAG}${WRKDIR}/.buildlink/lib
+MAKE_ENV+=	K5INC=${K5INC:Q} K5LIB=${K5LIB:Q}
+.endif
+
+.if !empty(PKG_OPTIONS:Mssl)
+BUILD_TARGET_OPTIONS+=	+ssl
+.include "../../security/openssl/buildlink3.mk"
+# Set to empty
+SSLINC=		-I${WRKDIR}/.buildlink/include
+SSLLIB=		-L${WRKDIR}/.buildlink/lib ${COMPILER_RPATH_FLAG}${WRKDIR}/.buildlink/lib
+MAKE_ENV+=	SSLINC=${SSLINC:Q} SSLLIB=${SSLLIB:Q}
+.endif
diff --git a/kermit/patches/patch-aa b/kermit/patches/patch-aa
new file mode 100644
index 0000000000..f19baa30d7
--- /dev/null
+++ b/kermit/patches/patch-aa
@@ -0,0 +1,88 @@
+$NetBSD: patch-aa,v 1.10 2011/12/06 01:19:16 sbd Exp $
+
+* Get K5LIB, K5INC, SSLLIB and SSLINC from pkgsrc.
+* s/-lgssapi/-lgssapi_krb5/ on netbsd+krb5* 
+* Add $(LIBS) to link command on solaris2xg+openssl+zlib+pam+shadow
+* s@$(K5INC)/krb5@$(K5INC)/kerberosv5/ on solaris9g+krb5+ssl
+* On linux get HAVE_LIBCURSES and HAVE_CURSES from pkgsrc (with the 
+  curses include and library pathes coming from BUILDLINK_*FLAGS).
+
+
+--- makefile.orig	2011-08-21 15:12:07.000000000 +0000
++++ makefile
+@@ -824,12 +824,12 @@ manroot = $(prefix)
+ 
+ K4LIB=-L/usr/kerberos/lib
+ K4INC=-I/usr/kerberos/include
+-K5LIB=-L/usr/kerberos/lib
+-K5INC=-I/usr/kerberos/include
++#K5LIB=-L/usr/kerberos/lib
++#K5INC=-I/usr/kerberos/include
+ SRPLIB=-L$(srproot)/lib
+ SRPINC=-I$(srproot)/include
+-SSLLIB=-L$(sslroot)/ssl/lib
+-SSLINC=-I$(sslroot)/ssl/include
++#SSLLIB=-L$(sslroot)/ssl/lib
++#SSLINC=-I$(sslroot)/ssl/include
+ 
+ # To override these assignments; for example, if your OpenSSL files are
+ # not in /usr/local/ssl, invoke the desired target like this:
+@@ -1869,7 +1869,7 @@ netbsd+krb5:
+ 	-DCK_CAST $$HAVE_DES -DNOFTP_GSSAPI $(K5INC) $(K5INC)/krb5 \
+ 	$(KFLAGS)" \
+ 	"LIBS= $(K5LIB) -L/usr/pkg/lib -R/usr/pkg/lib -lcurses $$DES_LIB \
+-	-lcrypto -lgssapi -lkrb5 -lm -lutil $(LIBS)"
++	-lcrypto -lgssapi_krb5 -lkrb5 -lm -lutil $(LIBS)"
+ 
+ # NetBSD - With Kerberos 5 and SSL and Zlib.
+ # OK: 2011/08/21 on 5.1 with MIT Kerberos.
+@@ -1896,7 +1896,7 @@ netbsd+krb5+ssl netbsd+krb5+openssl+zlib
+ 	-DCK_SSL -DCK_PAM -DZLIB -DNO_DCL_INET_ATON $$OPENSSLOPTION \
+ 	$(KFLAGS)" "LNKFLAGS = $(LNKFLAGS)" \
+ 	"LIBS= $(K5LIB) -L/usr/pkg/lib -R/usr/pkg/lib -lssl $$DES_LIB \
+-	-lcrypto -lcrypt -lgssapi -lkrb5 -lz -lm -lpam -lutil -lcurses $(LIBS)"
++	-lcrypto -lcrypt -lgssapi_krb5 -lkrb5 -lz -lm -lpam -lutil -lcurses $(LIBS)"
+ 
+ #Special Security Enhanced NetBSD target with SRP, SSL, and zlib support.
+ #To build this, you need to BUILD the pkgsrc srp_client package.  After
+@@ -3544,7 +3544,7 @@ solaris2xg+openssl+zlib+pam+shadow:
+ 	-DCK_AUTHENTICATION -DCK_SSL -DCK_PAM -DCK_SHADOW  -DZLIB \
+ 	-DBIGBUFOK $(SSLINC) $(KFLAGS)" \
+ 	"LIBS= $(SSLLIB) -ltermlib \
+-	-lsocket -lnsl -lm -lresolv -lssl -lcrypto -lpam -lz"
++	-lsocket -lnsl -lm -lresolv -lssl -lcrypto -lpam -lz $(LIBS)"
+ 
+ #Ditto but with GCC 3.1 in which you have to specify 32-bit with -m32.
+ #In Solaris 9 (and maybe 8) you'll also need specifiy the Library path.
+@@ -3899,7 +3899,7 @@ solaris9g+krb5+ssl solaris10g+krb5+ssl s
+ 	-DCK_CURSES -DCK_NEWTERM -DDIRENT -DHDBUUCP -DTCPSOCKET  -DBIGBUFOK \
+ 	-DCK_AUTHENTICATION -DCK_SSL -DZLIB -DCK_KERBEROS -DKRB5 \
+ 	-DCK_ENCRYPTION -DCK_CAST $$OPENSSLOPTION \
+-	$$HAVE_DES $(SSLINC) $(K5INC) $(K5INC)/krb5 $(KFLAGS)" \
++	$$HAVE_DES $(SSLINC) $(K5INC) $(K5INC)/kerberosv5 $(KFLAGS)" \
+ 	"LIBS= $(SSLLIB) $(K5LIB) -lz -lssl -ltermlib -lsocket -lnsl -lm \
+ 	-lresolv -lcrypto \
+ 	$$GSSAPILIB -lkrb5 -lcom_err -lk5crypto $$DES_LIB $(LIBS)"
+@@ -6095,22 +6095,6 @@ linux:
+ 	if test `grep openpty /usr/include/pty.h | wc -l` -gt 0; \
+ 	then HAVE_OPENPTY='-DHAVE_OPENPTY'; \
+ 	else HAVE_OPENPTY=''; fi ; \
+-	HAVE_LIBCURSES=''; \
+-	if test -f /usr/lib64/libncurses.so || \
+-	   test -f /usr/lib/libncurses.a  || \
+-	   test -f /usr/lib/libncurses.so; then \
+-	  HAVE_LIBCURSES='-lncurses'; \
+-	else if test -f /usr/lib64/libcurses.so || \
+-	   test -f /usr/lib/libcurses.a || \
+-	   test -f /usr/lib/libcurses.so; then \
+-	     HAVE_LIBCURSES='-lcurses'; fi; fi; \
+-	HAVE_CURSES=''; \
+-	if test -n '$$HAVE_LIBCURSES'; then \
+-	  if test -f /usr/include/ncurses.h; then \
+-	    HAVE_CURSES='-DCK_NCURSES  -I/usr/include/ncurses'; \
+-	  else if test -f /usr/include/curses.h; then \
+-	    HAVE_CURSES='-DCK_CURSES'; \
+-	fi; fi; fi; \
+ 	if test -f /usr/include/baudboy.h || test -f /usr/include/ttylock.h; \
+ 	then HAVE_LOCKDEV='-DHAVE_LOCKDEV' ; \
+ 	else HAVE_LOCKDEV='' ; fi ; \
diff --git a/kermit/patches/patch-ab b/kermit/patches/patch-ab
new file mode 100644
index 0000000000..46f328f76c
--- /dev/null
+++ b/kermit/patches/patch-ab
@@ -0,0 +1,568 @@
+$NetBSD: patch-ab,v 1.8 2020/04/08 15:22:07 rhialto Exp $
+
+- Update for openssl 1.1.1e.
+- Kermit tries to keep SSL and TLS contexts (since in old openssl, the
+  *v23* methods were not version-flexible enough). Now afer simplification
+  there is lots of duplicate code left over that could be simplified more.
+
+--- ck_ssl.c.orig	2011-07-06 15:03:32.000000000 +0200
++++ ck_ssl.c	2020-04-06 16:43:41.323530837 +0200
+@@ -301,7 +301,7 @@
+                 break;
+             default:
+                 printf("Error %d while verifying certificate.\r\n",
+-                       ctx->error);
++                       error);
+                 break;
+             }
+         }
+@@ -804,6 +804,17 @@
+ #define MS_CALLBACK
+ #endif /* MS_CALLBACK */
+ 
++static BIGNUM *get_RSA_F4()
++{
++    static BIGNUM *bn;
++
++    if (!bn) {
++	bn = BN_new();
++        BN_add_word(bn, RSA_F4);
++    }
++    return bn;
++}
++
+ static RSA MS_CALLBACK *
+ #ifdef CK_ANSIC
+ tmp_rsa_cb(SSL * s, int export, int keylength)
+@@ -822,7 +833,16 @@
+         if (ssl_debug_flag)
+             printf("Generating temporary (%d bit) RSA key...\r\n",keylength);
+ 
+-        rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
++        rsa_tmp = RSA_new();
++	if (rsa_tmp) {
++	    int error = RSA_generate_key_ex(rsa_tmp, keylength, get_RSA_F4(),NULL);
++	    if (error) {
++		if (ssl_debug_flag)
++		    printf(" error %d", error);
++		RSA_free(rsa_tmp);
++		rsa_tmp = NULL;
++	    }
++	}
+ 
+         if (ssl_debug_flag)
+             printf("\r\n");
+@@ -936,10 +956,26 @@
+ 
+     if ((dh=DH_new()) == NULL)
+         return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L    
++    BIGNUM *p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
++    BIGNUM *g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
++    if ((p == NULL) || (g == NULL)) {
++	BN_free(g);
++	BN_free(p);
++	DH_free(dh);
++        return(NULL);
++    }
++    DH_set0_pqg(dh, p, NULL, g);
++#else
+     dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+     dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+-    if ((dh->p == NULL) || (dh->g == NULL))
++    if ((dh->p == NULL) || (dh->g == NULL)) {
++        BN_free(dh->g);
++        BN_free(dh->p);
++        DH_free(dh);
+         return(NULL);
++   }
++#endif
+     return(dh);
+ }
+ 
+@@ -950,10 +986,26 @@
+ 
+     if ((dh=DH_new()) == NULL)
+         return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L    
++    BIGNUM *p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
++    BIGNUM *g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
++    if ((p == NULL) || (g == NULL)) {
++	BN_free(g);
++	BN_free(p);
++	DH_free(dh);
++        return(NULL);
++    }
++    DH_set0_pqg(dh, p, NULL, g);
++#else
+     dh->p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
+     dh->g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
+-    if ((dh->p == NULL) || (dh->g == NULL))
++    if ((dh->p == NULL) || (dh->g == NULL)) {
++        BN_free(dh->g);
++        BN_free(dh->p);
++        DH_free(dh);
+         return(NULL);
++   }
++#endif
+     return(dh);
+ }
+ 
+@@ -964,10 +1016,26 @@
+ 
+     if ((dh=DH_new()) == NULL)
+         return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L    
++    BIGNUM *p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
++    BIGNUM *g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
++    if ((p == NULL) || (g == NULL)) {
++	BN_free(g);
++	BN_free(p);
++	DH_free(dh);
++        return(NULL);
++    }
++    DH_set0_pqg(dh, p, NULL, g);
++#else
+     dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+     dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+-    if ((dh->p == NULL) || (dh->g == NULL))
++    if ((dh->p == NULL) || (dh->g == NULL)) {
++        BN_free(dh->g);
++        BN_free(dh->p);
++        DH_free(dh);
+         return(NULL);
++   }
++#endif
+     return(dh);
+ }
+ 
+@@ -978,10 +1046,26 @@
+ 
+     if ((dh=DH_new()) == NULL)
+         return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L    
++    BIGNUM *p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
++    BIGNUM *g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
++    if ((p == NULL) || (g == NULL)) {
++	BN_free(g);
++	BN_free(p);
++	DH_free(dh);
++        return(NULL);
++    }
++    DH_set0_pqg(dh, p, NULL, g);
++#else
+     dh->p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
+     dh->g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
+-    if ((dh->p == NULL) || (dh->g == NULL))
++    if ((dh->p == NULL) || (dh->g == NULL)) {
++        BN_free(dh->g);
++        BN_free(dh->p);
++        DH_free(dh);
+         return(NULL);
++   }
++#endif
+     return(dh);
+ }
+ 
+@@ -992,10 +1076,26 @@
+ 
+     if ((dh=DH_new()) == NULL)
+         return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L    
++    BIGNUM *p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
++    BIGNUM *g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
++    if ((p == NULL) || (g == NULL)) {
++	BN_free(g);
++	BN_free(p);
++	DH_free(dh);
++        return(NULL);
++    }
++    DH_set0_pqg(dh, p, NULL, g);
++#else
+     dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+     dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+-    if ((dh->p == NULL) || (dh->g == NULL))
++    if ((dh->p == NULL) || (dh->g == NULL)) {
++        BN_free(dh->g);
++        BN_free(dh->p);
++        DH_free(dh);
+         return(NULL);
++   }
++#endif
+     return(dh);
+ }
+ #endif /* NO_DH */
+@@ -1054,10 +1154,11 @@
+     if (ssl == NULL)
+         return;
+ 
+-    if (ssl->expand == NULL || ssl->expand->meth == NULL)
++    const COMP_METHOD *method = SSL_get_current_compression(ssl);
++    if (method == NULL)
+         printf("Compression: None\r\n");
+     else {
+-        printf("Compression: %s\r\n",ssl->expand->meth->name);
++        printf("Compression: %s\r\n",SSL_COMP_get_name(method));
+     }
+ }
+ 
+@@ -1072,7 +1173,7 @@
+ #endif /* CK_ANSIC */
+ {
+     X509 *peer;
+-    SSL_CIPHER * cipher;
++    const SSL_CIPHER * cipher;
+     const char *cipher_list;
+     char buf[512]="";
+ 
+@@ -1457,13 +1558,23 @@
+ 
+ #ifdef ZLIB
+     cm = COMP_zlib();
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++    if (cm != NULL && COMP_get_type(cm) != NID_undef) {
++#else
+     if (cm != NULL && cm->type != NID_undef) {
++#endif
+         SSL_COMP_add_compression_method(0xe0, cm); /* EAY's ZLIB ID */
+     }
+ #endif /* ZLIB */
++#ifdef NID_rle_compression
+     cm = COMP_rle();
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++    if (cm != NULL && COMP_get_type(cm) != NID_undef)
++#else
+     if (cm != NULL && cm->type != NID_undef)
++#endif
+         SSL_COMP_add_compression_method(0xe1, cm); /* EAY's RLE ID */
++#endif /* NID_rle_compression */
+ 
+     /* Ensure the Random number generator has enough entropy */
+     if ( !RAND_status() ) {
+@@ -1483,8 +1594,12 @@
+         }
+         debug(F110,"ssl_rnd_file",ssl_rnd_file,0);
+ 
++#ifdef OPENSSL_NO_EGD
++	rc1 = 0;
++#else
+         rc1 = RAND_egd(ssl_rnd_file);
+         debug(F111,"ssl_once_init","RAND_egd()",rc1);
++#endif
+         if ( rc1 <= 0 ) {
+             rc2 = RAND_load_file(ssl_rnd_file, -1);
+             debug(F111,"ssl_once_init","RAND_load_file()",rc1);
+@@ -1579,25 +1694,13 @@
+             /* This can fail because we do not have RSA available */
+             if ( !ssl_ctx ) {
+                 debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
+-                ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
+-            }
+-            if ( !ssl_ctx ) {
+-                debug(F110,"ssl_tn_init","SSLv3_client_method failed",0);
+                 last_ssl_mode = -1;
+                 return(0);
+             }
+-#ifndef COMMENT
+-            tls_ctx=(SSL_CTX *)SSL_CTX_new(TLSv1_client_method());
+-#else /* COMMENT */
+             tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv23_client_method());
+             /* This can fail because we do not have RSA available */
+             if ( !tls_ctx ) {
+                 debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
+-                tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
+-            }
+-#endif /* COMMENT */
+-            if ( !tls_ctx ) {
+-                debug(F110,"ssl_tn_init","TLSv1_client_method failed",0);
+                 last_ssl_mode = -1;
+                 return(0);
+             }
+@@ -1611,25 +1714,13 @@
+             /* This can fail because we do not have RSA available */
+             if ( !ssl_ctx ) {
+                 debug(F110,"ssl_tn_init","SSLv23_server_method failed",0);
+-                ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_server_method());
+-            }
+-            if ( !ssl_ctx ) {
+-                debug(F110,"ssl_tn_init","SSLv3_server_method failed",0);
+                 last_ssl_mode = -1;
+                 return(0);
+             }
+-#ifdef COMMENT
+-            tls_ctx=(SSL_CTX *)SSL_CTX_new(TLSv1_server_method());
+-#else /* COMMENT */
+             tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv23_server_method());
+             /* This can fail because we do not have RSA available */
+             if ( !tls_ctx ) {
+                 debug(F110,"ssl_tn_init","SSLv23_server_method failed",0);
+-                tls_ctx=(SSL_CTX *)SSL_CTX_new(TLSv1_server_method());
+-            }
+-#endif /* COMMENT */
+-            if ( !tls_ctx ) {
+-                debug(F110,"ssl_tn_init","TLSv1_server_method failed",0);
+                 last_ssl_mode = -1;
+                 return(0);
+             }
+@@ -1655,7 +1746,6 @@
+         SSL_CTX_set_info_callback(ssl_ctx,ssl_client_info_callback);
+         SSL_CTX_set_info_callback(tls_ctx,ssl_client_info_callback);
+ 
+-#ifndef COMMENT
+         /* Set the proper caching mode */
+         if ( mode == SSL_SERVER ) {
+             SSL_CTX_set_session_cache_mode(ssl_ctx,SSL_SESS_CACHE_SERVER);
+@@ -1666,10 +1756,6 @@
+         }
+         SSL_CTX_set_session_id_context(ssl_ctx,(CHAR *)"1",1);
+         SSL_CTX_set_session_id_context(tls_ctx,(CHAR *)"2",1);
+-#else /* COMMENT */
+-        SSL_CTX_set_session_cache_mode(ssl_ctx,SSL_SESS_CACHE_OFF);
+-        SSL_CTX_set_session_cache_mode(tls_ctx,SSL_SESS_CACHE_OFF);
+-#endif /* COMMENT */
+     }
+ 
+     /* The server uses defaults for the certificate files. */
+@@ -1777,7 +1863,14 @@
+ 
+                 if ( ssl_debug_flag )
+                     printf("Generating temp (512 bit) RSA key ...\r\n");
+-                rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
++		rsa = RSA_new();
++		if (rsa) {
++		    int error = RSA_generate_key_ex(rsa,512,get_RSA_F4(),NULL);
++		    if (error) {
++		    	RSA_free(rsa);
++			rsa = NULL;
++		    }
++		}
+                 if ( ssl_debug_flag )
+                     printf("Generation of temp (512 bit) RSA key done\r\n");
+ 
+@@ -2153,18 +2246,10 @@
+         printf("SSL_DEBUG_FLAG on\r\n");
+ 
+     if (!tls_http_ctx ) {
+-#ifdef COMMENT
+-        /* too many web servers still do not support TLSv1 */
+-        tls_http_ctx=(SSL_CTX *)SSL_CTX_new(TLSv1_client_method());
+-#else /* COMMENT */
+         tls_http_ctx=(SSL_CTX *)SSL_CTX_new(SSLv23_client_method());
+         /* This can fail because we do not have RSA available */
+         if ( !tls_http_ctx ) {
+             debug(F110,"ssl_http_init","SSLv23_client_method failed",0);
+-            tls_http_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
+-        }
+-#endif /* COMMENT */
+-        if ( !tls_http_ctx ) {
+             debug(F110,"ssl_http_init","TLSv1_client_method failed",0);
+             return(0);
+         }
+@@ -2182,7 +2267,7 @@
+      * for TLS be sure to prevent use of SSLv2
+      */
+     SSL_CTX_set_options(tls_http_ctx,
+-            SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA);
++            SSL_OP_NO_SSLv2/*|SSL_OP_NO_SSLv3*/|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA);
+ 
+     SSL_CTX_set_info_callback(tls_http_ctx,ssl_client_info_callback);
+ 
+@@ -2575,7 +2660,11 @@
+ int
+ ssl_verify_crl(int ok, X509_STORE_CTX *ctx)
+ {
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++    X509_OBJECT *obj;
++#else
+     X509_OBJECT obj;
++#endif
+     X509_NAME *subject = NULL;
+     X509_NAME *issuer = NULL;
+     X509 *xs = NULL;
+@@ -2595,6 +2684,14 @@
+     if (!crl_store)
+         return ok;
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++    obj = X509_OBJECT_new();
++    if (!obj)
++        return(ok);
++#else
++    memset((char *)&obj, 0, sizeof(obj));
++#endif
++
+     store_ctx = X509_STORE_CTX_new();
+     if ( !store_ctx )
+         return(ok);
+@@ -2641,11 +2738,16 @@
+      * Try to retrieve a CRL corresponding to the _subject_ of
+      * the current certificate in order to verify it's integrity.
+      */
+-    memset((char *)&obj, 0, sizeof(obj));
+     X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++    rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
++    X509_STORE_CTX_cleanup(store_ctx);
++    crl = X509_OBJECT_get0_X509_CRL(obj);
++#else
+     rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, &obj);
+     X509_STORE_CTX_cleanup(store_ctx);
+     crl = obj.data.crl;
++#endif
+     if (rc > 0 && crl != NULL) {
+         /*
+          * Verify the signature on this CRL
+@@ -2653,7 +2755,11 @@
+         if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) {
+             fprintf(stderr, "Invalid signature on CRL!\n");
+             X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++            X509_OBJECT_free(obj);
++#else
+             X509_OBJECT_free_contents(&obj);
++#endif
+             X509_STORE_CTX_free(store_ctx);
+             return 0;
+         }
+@@ -2661,12 +2767,16 @@
+         /*
+          * Check date of CRL to make sure it's not expired
+          */
+-        i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
++        i = X509_cmp_current_time(X509_CRL_get0_nextUpdate(crl));
+         if (i == 0) {
+             fprintf(stderr, "Found CRL has invalid nextUpdate field.\n");
+             X509_STORE_CTX_set_error(ctx,
+                                     X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++            X509_OBJECT_free(obj);
++#else
+             X509_OBJECT_free_contents(&obj);
++#endif
+             X509_STORE_CTX_free(store_ctx);
+             return 0;
+         }
+@@ -2675,22 +2785,38 @@
+ "Found CRL is expired - revoking all certificates until you get updated CRL.\n"
+                     );
+             X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++            X509_OBJECT_free(obj);
++#else
+             X509_OBJECT_free_contents(&obj);
++#endif
+             X509_STORE_CTX_free(store_ctx);
+             return 0;
+         }
+-        X509_OBJECT_free_contents(&obj);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++	X509_OBJECT_free(obj);
++#else
++	X509_OBJECT_free_contents(&obj);
++#endif
+     }
+ 
+     /*
+      * Try to retrieve a CRL corresponding to the _issuer_ of
+      * the current certificate in order to check for revocation.
+      */
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+     memset((char *)&obj, 0, sizeof(obj));
++#endif
+     X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++    rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
++    X509_STORE_CTX_free(store_ctx);            /* calls X509_STORE_CTX_cleanup() */
++    crl = X509_OBJECT_get0_X509_CRL(obj);
++#else
+     rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, &obj);
+     X509_STORE_CTX_free(store_ctx);		/* calls X509_STORE_CTX_cleanup() */
+     crl = obj.data.crl;
++#endif
+     if (rc > 0 && crl != NULL) {
+         /*
+          * Check if the current certificate is revoked by this CRL
+@@ -2698,19 +2824,34 @@
+         n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
+         for (i = 0; i < n; i++) {
+             revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++            if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked),
++                                 X509_get_serialNumber(xs)) == 0) { // }
++
++                serial = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(revoked));
++#else
+             if (ASN1_INTEGER_cmp(revoked->serialNumber,
+                                  X509_get_serialNumber(xs)) == 0) {
+ 
+                 serial = ASN1_INTEGER_get(revoked->serialNumber);
++#endif
+                 cp = X509_NAME_oneline(issuer, NULL, 0);
+                 free(cp);
+ 
+                 X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++                X509_OBJECT_free(obj);
++#else
+                 X509_OBJECT_free_contents(&obj);
++#endif
+                 return 0;
+             }
+         }
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++	X509_OBJECT_free(obj);
++#else
+         X509_OBJECT_free_contents(&obj);
++#endif
+     }
+     return ok;
+ }
+@@ -2877,6 +3018,7 @@
+ #ifndef OpenBSD
+ #ifndef FREEBSD4
+ #ifndef NETBSD15
++#ifndef __DragonFly__
+ #ifndef LINUX
+ #ifndef AIX41
+ #ifndef UW7
+@@ -2919,6 +3061,7 @@
+ #endif /* UW7 */
+ #endif /* AIX41 */
+ #endif /* LINUX */
++#endif /* __DragonFly__ */
+ #endif /* NETBSD15 */
+ #endif /* FREEBSD4 */
+ #endif /* OpenBSD */
+@@ -3057,7 +3200,7 @@
+ tls_is_anon(int x)
+ {
+     char buf[128];
+-    SSL_CIPHER * cipher;
++    const SSL_CIPHER * cipher;
+     SSL * ssl = NULL;
+ 
+     switch ( x ) {
+@@ -3101,7 +3244,7 @@
+ tls_is_krb5(int x)
+ {
+     char buf[128];
+-    SSL_CIPHER * cipher;
++    const SSL_CIPHER * cipher;
+     SSL * ssl = NULL;
+ 
+     switch ( x ) {
+@@ -4343,7 +4486,14 @@
+     if (!(fp = fopen(buf, "r")))
+         return 0;
+     while (!r && (file_cert = PEM_read_X509(fp, NULL, NULL, NULL))) {
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++        const ASN1_BIT_STRING *peer_cert_sig, *file_cert_sig;
++        X509_get0_signature(&peer_cert_sig, NULL, peer_cert);
++        X509_get0_signature(&file_cert_sig, NULL, file_cert);
++        if (!ASN1_STRING_cmp(peer_cert_sig, file_cert_sig))
++#else
+         if (!ASN1_STRING_cmp(peer_cert->signature, file_cert->signature))
++#endif
+             r = 1;
+         X509_free(file_cert);
+     }
diff --git a/kermit/patches/patch-ac b/kermit/patches/patch-ac
new file mode 100644
index 0000000000..8e15ccee12
--- /dev/null
+++ b/kermit/patches/patch-ac
@@ -0,0 +1,12 @@
+$NetBSD: patch-ac,v 1.9 2011/08/25 14:54:06 hans Exp $
+
+--- ckcdeb.h.orig	2010-08-23 15:30:56.000000000 +0200
++++ ckcdeb.h	2011-08-23 10:31:55.103102070 +0200
+@@ -4532,7 +4532,6 @@ extern int errno;
+   following is an anachronism and should be the execption rather than the
+   rule.
+ */
+-extern int errno;
+ #endif /* __GLIBC__ */
+ #endif /* OS2 */
+ #endif /* VMS */
diff --git a/kermit/patches/patch-ad b/kermit/patches/patch-ad
new file mode 100644
index 0000000000..2cb7cdc88a
--- /dev/null
+++ b/kermit/patches/patch-ad
@@ -0,0 +1,12 @@
+$NetBSD: patch-ad,v 1.10 2012/05/17 20:29:13 christos Exp $
+
+--- ckcmai.c.orig	2012-05-17 16:22:58.000000000 -0400
++++ ckcmai.c	2012-05-17 16:23:53.000000000 -0400
+@@ -540,6 +540,7 @@
+ 
+ #include "ckcker.h"                     /* Kermit symbols */
+ #include "ckcnet.h"                     /* Network symbols */
++#include "ckupty.h"			/* time.h */
+ 
+ #ifdef CK_SSL
+ #include "ck_ssl.h"
diff --git a/kermit/patches/patch-ae b/kermit/patches/patch-ae
new file mode 100644
index 0000000000..db3302538d
--- /dev/null
+++ b/kermit/patches/patch-ae
@@ -0,0 +1,65 @@
+$NetBSD: patch-ae,v 1.8 2020/07/30 03:03:07 gutteridge Exp $
+
+Portability fixes for DragonFly, SunOS, and Linux.
+
+The Linux fix is taken from upstream's 9.0.305 Alpha.01 release, and is
+noted to be a temporary workaround, so it may change in form in a
+pending release.
+
+--- ckucmd.c.orig	2011-07-14 12:14:37.000000000 +0000
++++ ckucmd.c
+@@ -7370,7 +7370,11 @@ cmdconchk() {
+ 
+ /* Here we must look inside the stdin buffer - highly platform dependent */
+ 
+-#ifdef _IO_file_flags			/* Linux */
++#ifdef __FILE_defined                   /* glibc 2.28 1 Aug 2018 */
++    x = (int) ((stdin->_IO_read_end) - (stdin->_IO_read_ptr));
++    debug(F101,"cmdconchk __FILE_defined","",x);
++#else /* __FILE_defined */ 
++#ifdef _IO_file_flags              /* Linux (glibc 2.28 removed this symbol */
+     x = (int) ((stdin->_IO_read_end) - (stdin->_IO_read_ptr));
+     debug(F101,"cmdconchk _IO_file_flags","",x);
+ #else  /* _IO_file_flags */
+@@ -7382,8 +7386,19 @@ cmdconchk() {
+ #ifdef NOARROWKEYS
+     debug(F101,"cmdconchk NOARROWKEYS x","",0);
+ #else
++#if defined(__sun) && (defined(__amd64) || defined(__sparcv9))
++    struct sun_64_FILE {
++	unsigned char	*_ptr;  /* next character from/to here in buffer */
++	unsigned char	*_base; /* the buffer */
++	unsigned char	*_end;  /* the end of the buffer */
++	ssize_t		_cnt;   /* number of available characters in buffer */
++    } *sun_64_stdin = (struct sun_64_FILE *)stdin;
++    debug(F101,"cmdconchk sun_64_stdin->_cnt","",sun_64_stdin->_cnt);
++    x = sun_64_stdin->_cnt;
++#else
+     debug(F101,"cmdconchk stdin->_cnt","",stdin->_cnt);
+     x = stdin->_cnt;
++#endif
+ #endif /* NOARROWKEYS */
+ #endif /* VMS */
+     if (x == 0) x = conchk();
+@@ -7395,7 +7410,12 @@ cmdconchk() {
+     if (x == 0) x = conchk();
+     if (x < 0) x = 0;
+ #else  /* USE_FILE_CNT */
+-#ifdef USE_FILE_R			/* FreeBSD, OpenBSD, etc */
++#if defined(__DragonFly__) && defined(feof_unlocked)
++    debug(F101,"cmdconchk stdin->_r","",((struct __FILE_public *)stdin)->_r);
++    x = ((struct __FILE_public *)stdin)->_r;
++    if (x == 0) x = conchk();
++    if (x < 0) x = 0;
++#elif defined(USE_FILE_R)			/* FreeBSD, OpenBSD, etc */
+     debug(F101,"cmdconchk stdin->_r","",stdin->_r);
+     x = stdin->_r;
+     if (x == 0) x = conchk();
+@@ -7407,6 +7427,7 @@ cmdconchk() {
+ #endif /* USE_FILE__CNT */
+ #endif /* USE_FILE_CNT */
+ #endif /* _IO_file_flags */
++#endif /* __FILE_defined */
+ #endif /* CMD_CONINC */
+ #endif /* OS2 */
+     return(x + y);
diff --git a/kermit/patches/patch-af b/kermit/patches/patch-af
new file mode 100644
index 0000000000..6547c595be
--- /dev/null
+++ b/kermit/patches/patch-af
@@ -0,0 +1,13 @@
+$NetBSD: patch-af,v 1.1 2005/12/18 23:15:43 joerg Exp $
+
+--- ckuusr.c.orig	2005-12-18 23:04:34.000000000 +0000
++++ ckuusr.c
+@@ -87,6 +87,8 @@ char *userv = "User Interface 8.0.278, 1
+ #define MULTINET_OLD_STYLE		/* Leave select prototype undefined */
+ #endif /* MULTINET */
+ 
++#include <errno.h>
++
+ #include "ckcdeb.h"
+ #include "ckcasc.h"
+ #include "ckcker.h"
diff --git a/kermit/patches/patch-ag b/kermit/patches/patch-ag
new file mode 100644
index 0000000000..aa5dad9677
--- /dev/null
+++ b/kermit/patches/patch-ag
@@ -0,0 +1,16 @@
+$NetBSD: patch-ag,v 1.2 2011/08/25 14:54:06 hans Exp $
+
+--- ckuus6.c.orig	2011-06-07 17:27:51.000000000 +0200
++++ ckuus6.c	2011-08-23 10:34:29.697605882 +0200
+@@ -33,11 +33,7 @@
+ #endif /* def VMS [else] */
+ #endif /* NOSTAT */
+ 
+-#ifdef VMS
+-#ifndef TCPSOCKET
+ #include <errno.h>
+-#endif /* TCPSOCKET */
+-#endif /* VMS */
+ 
+ #ifdef datageneral
+ #define fgets(stringbuf,max,fd) dg_fgets(stringbuf,max,fd)
diff --git a/kermit/patches/patch-ah b/kermit/patches/patch-ah
new file mode 100644
index 0000000000..906ee4ab09
--- /dev/null
+++ b/kermit/patches/patch-ah
@@ -0,0 +1,14 @@
+$NetBSD: patch-ah,v 1.1 2005/12/18 23:15:43 joerg Exp $
+
+--- ckcfns.c.orig	2005-12-18 23:06:48.000000000 +0000
++++ ckcfns.c
+@@ -93,9 +93,7 @@ _PROTOTYP( long zfsize, (char *) );
+ #endif /* OS2ONLY */
+ #endif /* OS2 */
+ 
+-#ifdef VMS
+ #include <errno.h>
+-#endif /* VMS */
+ 
+ /* Externals from ckcmai.c */
+ 
diff --git a/kermit/patches/patch-aj b/kermit/patches/patch-aj
new file mode 100644
index 0000000000..0ff718fa12
--- /dev/null
+++ b/kermit/patches/patch-aj
@@ -0,0 +1,13 @@
+$NetBSD: patch-aj,v 1.1 2006/06/28 23:13:18 dbj Exp $
+
+--- ckuus5.c.orig	2006-06-27 19:22:53.000000000 -0400
++++ ckuus5.c	2006-06-27 19:23:30.000000000 -0400
+@@ -28,6 +28,8 @@
+ #include "ckcker.h"
+ #include "ckuusr.h"
+ 
++#include <errno.h>
++
+ #ifdef DCMDBUF
+ char *line;                             /* Character buffer for anything */
+ char *tmpbuf;
diff --git a/kermit/patches/patch-ak b/kermit/patches/patch-ak
new file mode 100644
index 0000000000..55430e3f1e
--- /dev/null
+++ b/kermit/patches/patch-ak
@@ -0,0 +1,24 @@
+$NetBSD: patch-ak,v 1.2 2020/04/08 15:22:07 rhialto Exp $
+
+- Use version-flexible SSL/TLS method.
+
+--- ckuus7.c.orig	2011-06-23 16:13:11.000000000 +0000
++++ ckuus7.c
+@@ -32,6 +32,8 @@
+ #include "ckucmd.h"
+ #include "ckclib.h"
+ 
++#include <errno.h>
++
+ #ifdef VMS
+ #ifndef TCPSOCKET
+ #include <errno.h>
+@@ -14340,7 +14342,7 @@ sho_auth(cx) int cx; {
+             if (ssl_con == NULL) {
+                 SSL_library_init();
+                 ssl_ctx = (SSL_CTX *)
+-                  SSL_CTX_new((SSL_METHOD *)TLSv1_method());
++                  SSL_CTX_new((SSL_METHOD *)SSLv23_method());
+                 if (ssl_ctx != NULL)
+                   ssl_con= (SSL *) SSL_new(ssl_ctx);
+             }
diff --git a/kermit/patches/patch-al b/kermit/patches/patch-al
new file mode 100644
index 0000000000..6205aca788
--- /dev/null
+++ b/kermit/patches/patch-al
@@ -0,0 +1,391 @@
+$NetBSD: patch-al,v 1.3 2014/06/23 22:24:24 christos Exp $
+
+--- ckuath.c.orig	2011-06-13 13:26:54.000000000 -0400
++++ ckuath.c	2014-06-23 18:20:26.000000000 -0400
+@@ -117,19 +117,6 @@
+ #include <time.h>
+ #include <fcntl.h>
+ #include <errno.h>
+-#ifndef malloc
+-#ifndef VMS
+-#ifndef FREEBSD4
+-#ifndef OpenBSD
+-#ifdef MACOSX
+-#include <sys/malloc.h>
+-#else /* MACOSX */
+-#include <malloc.h>
+-#endif /* MACOSX */
+-#endif /* OpenBSD */
+-#endif /* FREEBSD4 */
+-#endif /* VMS */
+-#endif /* malloc */
+ #ifdef OS2
+ #include <io.h>
+ #endif /* OS2 */
+@@ -149,7 +136,9 @@
+ #endif /* saveprintf */
+ #else /* HEIMDAL */
+ #include "krb5.h"
++#ifdef BETATEST
+ #include "profile.h"
++#endif
+ #include "com_err.h"
+ #ifdef KRB5_GET_INIT_CREDS_OPT_TKT_LIFE
+ #define KRB5_HAVE_GET_INIT_CREDS
+@@ -417,7 +406,6 @@
+ char des_outpkt[2*RLOG_BUFSIZ+4];    /* needs to be > largest write size */
+ #ifdef KRB5
+ krb5_data desinbuf,desoutbuf;
+-krb5_encrypt_block eblock;             /* eblock for encrypt/decrypt */
+ static krb5_data encivec_i[2], encivec_o[2];
+ 
+ enum krb5_kcmd_proto {
+@@ -3145,8 +3133,13 @@
+             data.data = k4_session_key;
+             data.length = 8;
+ 
+-            code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0,
+-                                   &encdata, &data);
++            code = krb5_c_decrypt(k5_context,
++#ifdef HEIMDAL
++				  k4_krbkey,
++#else
++				  &k4_krbkey,
++#endif
++				  0, 0, &encdata, &data);
+ 
+             krb5_free_keyblock_contents(k5_context, &random_key);
+ 
+@@ -3162,8 +3155,13 @@
+             data.data = k4_challenge;
+             data.length = 8;
+ 
+-            code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0,
+-                                   &encdata, &data);
++            code = krb5_c_decrypt(k5_context,
++#ifdef HEIMDAL
++				  k4_krbkey,
++#else
++				  &k4_krbkey,
++#endif
++				  0, 0, &encdata, &data);
+ #else /* MIT_CURRENT */
+             memset(k4_sched,0,sizeof(Schedule));
+             ckhexdump("auth_send",cred.session,8);
+@@ -3295,7 +3293,7 @@
+     case AUTHTYPE_KERBEROS_V5:
+         debug(F111,"auth_send KRB5","k5_auth.length",k5_auth.length);
+         for ( i=0 ; i<k5_auth.length ; i++ ) {
+-            if ( (char *)k5_auth.data[i] == IAC )
++            if ( ((char *)k5_auth.data)[i] == IAC )
+                 iaccnt++;
+         }
+         if ( k5_auth.length + iaccnt + 10 < sizeof(buf) ) {
+@@ -4250,8 +4248,13 @@
+         kdata.data = k4_challenge;
+         kdata.length = 8;
+ 
+-        if (code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0,
+-                                   &encdata, &kdata)) {
++        if (code = krb5_c_decrypt(k5_context,
++#ifdef HEIMDAL
++				  k4_krbkey,
++#else
++				  &k4_krbkey,
++#endif
++				  0, 0, &encdata, &kdata)) {
+             com_err("k4_auth_is", code, "while decrypting challenge");
+             auth_finished(AUTH_REJECT);
+             return AUTH_FAILURE;
+@@ -4752,9 +4755,11 @@
+         ap_opts |= AP_OPTS_MUTUAL_REQUIRED;
+ 
+ #ifdef HEIMDAL
++#ifdef notdef
+     r = krb5_auth_setkeytype(k5_context, auth_context, KEYTYPE_DES);
+     if (r)
+         com_err(NULL, r, "while setting auth keytype");
++#endif
+     r = krb5_auth_con_setaddrs_from_fd(k5_context,auth_context, &ttyfd);
+     if (r)
+         com_err(NULL, r, "while setting auth addrs");
+@@ -4924,7 +4929,6 @@
+                     skey.data = k5_session_key->contents;
+ #endif /* HEIMDAL */
+                 } else {
+-#ifdef HEIMDAL
+                     switch ( k5_session_key->keytype ) {
+                     case ETYPE_DES_CBC_CRC:
+                     case ETYPE_DES_CBC_MD5:
+@@ -4934,24 +4938,17 @@
+                         break;
+                     default:
+                         skey.type = SK_GENERIC;
++#ifdef HEIMDAL
++                        skey.length = k5_session_key->keyvalue.length;
++#else /* HEIMDAL */
+                         skey.length = k5_session_key->length;
++#endif /* HEIMDAL */
+                         encrypt_dont_support(ENCTYPE_DES_CFB64);
+                         encrypt_dont_support(ENCTYPE_DES_OFB64);
+                     }
++#ifdef HEIMDAL
+                     skey.data = k5_session_key->keyvalue.data;
+ #else /* HEIMDAL */
+-                    switch ( k5_session_key->enctype ) {
+-                    case ENCTYPE_DES_CBC_CRC:
+-                    case ENCTYPE_DES_CBC_MD5:
+-                    case ENCTYPE_DES_CBC_MD4:
+-                        skey.type = SK_DES;
+-                        skey.length = 8;
+-                    default:
+-                        skey.type = SK_GENERIC;
+-                        skey.length = k5_session_key->length;
+-                        encrypt_dont_support(ENCTYPE_DES_CFB64);
+-                        encrypt_dont_support(ENCTYPE_DES_OFB64);
+-                    }
+                     skey.data = k5_session_key->contents;
+ #endif /* HEIMDAL */
+                 }
+@@ -5038,7 +5035,6 @@
+                     skey.data = k5_session_key->contents;
+ #endif /* HEIMDAL */
+                 } else {
+-#ifdef HEIMDAL
+                     switch ( k5_session_key->keytype ) {
+                     case ETYPE_DES_CBC_CRC:
+                     case ETYPE_DES_CBC_MD5:
+@@ -5047,21 +5043,15 @@
+                         skey.length = 8;
+                     default:
+                         skey.type = SK_GENERIC;
++#ifdef HEIMDAL
++                        skey.length = k5_session_key->keyvalue.length;
++#else /* HEIMDAL */
+                         skey.length = k5_session_key->length;
++#endif /* HEIMDAL */
+                     }
++#ifdef HEIMDAL
+                     skey.data = k5_session_key->keyvalue.data;
+ #else /* HEIMDAL */
+-                    switch ( k5_session_key->enctype ) {
+-                    case ENCTYPE_DES_CBC_CRC:
+-                    case ENCTYPE_DES_CBC_MD5:
+-                    case ENCTYPE_DES_CBC_MD4:
+-                        skey.type = SK_DES;
+-                        skey.length = 8;
+-                        break;
+-                    default:
+-                        skey.type = SK_GENERIC;
+-                        skey.length = k5_session_key->length;
+-                    }
+                     skey.data = k5_session_key->contents;
+ #endif /* HEIMDAL */
+                 }
+@@ -5138,7 +5128,11 @@
+             }
+             if ( msg.length == 24 && !memcmp(msg.data,tls_verify,24) )
+                  krb5_tls_verified = 1;
++#ifdef HEIMDAL
++            krb5_data_free(&msg);
++#else /* HEIMDAL */
+             krb5_free_data_contents(k5_context,&msg);
++#endif /* HEIMDAL */
+             if (krb5_tls_verified)
+                 return(AUTH_SUCCESS);
+         }
+@@ -5166,7 +5160,7 @@
+     krb5_context context;
+     krb5_auth_context auth_context;
+     krb5_data *inbuf;
+-    krb5_const_principal client;
++    krb5_principal client;
+ {
+     krb5_creds ** creds=NULL;
+     krb5_error_code retval;
+@@ -5197,7 +5191,7 @@
+     if ((retval = krb5_cc_initialize(context, ccache, client)))
+         return(retval);
+ 
+-    if ((retval = krb5_rd_cred(context, auth_context, ccache, inbuf)))
++    if ((retval = krb5_rd_cred2(context, auth_context, ccache, inbuf)))
+         return(retval);
+ #else /* HEIMDAL */
+     if ((retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL)))
+@@ -5472,17 +5466,17 @@
+                 goto errout;
+             }
+             SendK5AuthSB(KRB5_TLS_VERIFY, msg.data, msg.length);
++#ifdef HEIMDAL
++            krb5_data_free(&msg);
++#else
+             krb5_free_data_contents(k5_context,&msg);
++#endif
+         }
+ #endif /* CK_SSL */
+         if ((how & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+             /* do ap_rep stuff here */
+             if ((r = krb5_mk_rep(k5_context,
+-#ifdef HEIMDAL
+-                                  &auth_context,
+-#else /* HEIMDAL */
+                                   auth_context,
+-#endif /* HEIMDAL */
+                                   &outbuf))) {
+                 debug(F111,"k5_auth_is","krb5_mk_rep",r);
+                 (void) ckstrncpy(errbuf, "Make reply failed: ",sizeof(errbuf));
+@@ -5503,7 +5497,7 @@
+             {
+                 szUserNameAuthenticated[0] = '\0';
+             } else {
+-                ckstrncpy(szUserNameAuthenticated,UIDBUFLEN,name);
++                ckstrncpy(szUserNameAuthenticated,name,UIDBUFLEN);
+                 free(name);
+             }
+         }
+@@ -9687,6 +9681,7 @@
+     return(-1);
+ }
+ 
++int
+ #ifdef CK_ANSIC
+ ck_krb4_destroy(struct krb_op_data * op)
+ #else
+@@ -11228,7 +11223,12 @@
+ 
+     use_ivecs = 1;
+ 
+-    if (status = krb5_c_block_size(k5_context, k5_session_key->enctype,
++    if (status = krb5_c_block_size(k5_context,
++#ifdef HEIMDAL
++    k5_session_key->keytype,
++#else
++    k5_session_key->enctype,
++#endif
+                                    &blocksize)) {
+         /* XXX what do I do? */
+         printf("fatal kerberos 5 crypto library error\n");
+@@ -11309,8 +11309,7 @@
+         krb5_ap_rep_enc_part *rep_ret = NULL;
+         krb5_data outbuf;
+         int rc;
+-        krb5_int32 seqno=0;
+-        krb5_int32 server_seqno=0;
++        int server_seqno=0;
+         char ** realmlist=NULL;
+         int buflen;
+         char tgt[256];
+@@ -11388,7 +11387,11 @@
+         }
+ 
+         if (krb5_rlog_ver == KCMD_OLD_PROTOCOL)
++#ifdef HEIMDAL
++            get_cred->session.keytype=ETYPE_DES_CBC_CRC;
++#else
+             get_cred->keyblock.enctype=ENCTYPE_DES_CBC_CRC;
++#endif
+ 
+         /* Get ticket from credentials cache or kdc */
+         status = krb5_get_credentials(k5_context,
+@@ -11429,10 +11432,11 @@
+             krb5_boolean is_des;
+ 
+             if (status = krb5_c_enctype_compare( k5_context,
+-                                                 ENCTYPE_DES_CBC_CRC,
+ #ifdef HEIMDAL
++						 ETYPE_DES_CBC_CRC,
+                                                  ret_cred->session.keytype,
+ #else /* HEIMDAL */
++                                                 ENCTYPE_DES_CBC_CRC,
+                                                  ret_cred->keyblock.enctype,
+ #endif /* HEIMDAL */
+                                                  &is_des)) {
+@@ -11482,7 +11486,11 @@
+                                &rep_ret,
+                                NULL
+                                );
++#ifdef HEIMDAL
++        krb5_data_free(&cksumdat);
++#else
+         krb5_free_data_contents(k5_context,&cksumdat);
++#endif
+ 
+         if (status) {
+             if ( !quiet )
+@@ -11490,12 +11498,17 @@
+                         error_message(status));
+             if (error) {
+                 if ( !quiet ) {
+-                    printf("Server returned error code %d (%s)\r\n",
+-                        error->error,
+-                        error_message(ERROR_TABLE_BASE_krb5 + error->error));
+-                    if (error->text.length) {
+-                        printf("Error text sent from server: %s\r\n",
+-                                error->text.data);
++#ifdef HEIMDAL
++		    int xerror = error->error_code;
++		    char *xtext = *error->e_text;
++#else
++		    int xerror = error->error;
++		    char *xtext = error->text.length ? error->text.data : NULL;
++#endif
++                    printf("Server returned error code %d (%s)\r\n", xerror,
++                        error_message(ERROR_TABLE_BASE_krb5 + xerror));
++                    if (xtext) {
++                        printf("Error text sent from server: %s\r\n", xtext);
+                     }
+                 }
+                 krb5_free_error(k5_context, error);
+@@ -11505,7 +11518,11 @@
+         }
+ 
+         if (rep_ret) {
++#ifdef HEIMDAL
++            server_seqno = *rep_ret->seq_number;
++#else
+             server_seqno = rep_ret->seq_number;
++#endif
+             krb5_free_ap_rep_enc_part(k5_context, rep_ret);
+         }
+ 
+@@ -11834,7 +11851,11 @@
+     rd_len = (rd_len << 8) | c;
+ 
+     if (status = krb5_c_encrypt_length(k5_context, 
++#ifdef HEIMDAL
++                                    k5_session_key->keytype,
++#else
+                                     k5_session_key->enctype,
++#endif
+                                     use_ivecs ? rd_len + 4 : rd_len,
+ 				    (size_t *)&net_len)) {
+         errno = status;
+@@ -11865,9 +11886,15 @@
+     plain.length = sizeof(storage);
+     plain.data = storage;
+ 
+-    if ( status = krb5_c_decrypt(k5_context, k5_session_key, KCMD_KEYUSAGE,
++    if ( status = krb5_c_decrypt(k5_context,
++#ifdef HEIMDAL
++				 *k5_session_key,
++#else
++				 k5_session_key,
++#endif
++				 KCMD_KEYUSAGE,
+                                  use_ivecs ? encivec_i + secondary : 0,
+-                                  &cipher,&plain) ) {
++                                 &cipher,&plain) ) {
+         /* probably out of sync */
+         printf("Cannot decrypt data from network: %s\r\n",
+                  error_message(status));
+@@ -12759,8 +12786,8 @@
+ 
+ static int
+ binaryEqual (a, b, len)
+-register char   *a, *b;
+-register int    len;
++char   *a, *b;
++int    len;
+ {
+     while (len--)
+         if (*a++ != *b++)
diff --git a/kermit/patches/patch-am b/kermit/patches/patch-am
new file mode 100644
index 0000000000..244ff9dee2
--- /dev/null
+++ b/kermit/patches/patch-am
@@ -0,0 +1,14 @@
+$NetBSD: patch-am,v 1.1 2011/05/14 19:27:53 hans Exp $
+
+--- ckuusx.c.orig	2004-03-14 18:13:23.000000000 +0100
++++ ckuusx.c	2009-12-26 23:23:19.652637206 +0100
+@@ -70,6 +70,9 @@ _PROTOTYP(char * os2_gethostname, (void)
+ #ifdef BSD44
+ #include <errno.h>
+ #endif /* BSD44 */
++#ifdef SOLARIS
++#include <errno.h>
++#endif
+ 
+ extern xx_strp xxstring;
+ 
diff --git a/kermit/patches/patch-ckcftp.c b/kermit/patches/patch-ckcftp.c
new file mode 100644
index 0000000000..adaabc1eaf
--- /dev/null
+++ b/kermit/patches/patch-ckcftp.c
@@ -0,0 +1,31 @@
+$NetBSD: patch-ckcftp.c,v 1.1 2020/04/08 16:22:00 rhialto Exp $
+
+Use SSLv23_client_method() because it is version-flexible.
+The difference that Kermit makes between SSL and TLS is gone.
+
+--- ckcftp.c.orig	2011-07-14 18:17:30.000000000 +0200
++++ ckcftp.c	2020-04-06 17:01:35.943676852 +0200
+@@ -10196,19 +10196,19 @@
+ #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0L
+ #endif
+     if (auth_type && !strcmp(auth_type,"TLS")) {
+-        ssl_ftp_ctx=SSL_CTX_new(SSLv3_client_method());
++        ssl_ftp_ctx=SSL_CTX_new(SSLv23_client_method());
+         if (!ssl_ftp_ctx)
+           return(0);
+         SSL_CTX_set_options(ssl_ftp_ctx,
+                             SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
+                             );
+     } else {
+-        ssl_ftp_ctx = SSL_CTX_new(ftp_bug_use_ssl_v2 ? SSLv23_client_method() : 
+-                                  SSLv3_client_method());
++        ssl_ftp_ctx = SSL_CTX_new(SSLv23_client_method());
+         if (!ssl_ftp_ctx)
+           return(0);
+         SSL_CTX_set_options(ssl_ftp_ctx,
+-                            (ftp_bug_use_ssl_v2 ? 0 : SSL_OP_NO_SSLv2)|
++                            
++                            (ftp_bug_use_ssl_v2 ? 0 : SSL_OP_NO_SSLv2/*|SSL_OP_NO_SSLv3*/)|
+                             SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
+                             );
+     }
diff --git a/kermit/patches/patch-ckcpro.w b/kermit/patches/patch-ckcpro.w
new file mode 100644
index 0000000000..0b801fdb5b
--- /dev/null
+++ b/kermit/patches/patch-ckcpro.w
@@ -0,0 +1,19 @@
+$NetBSD: patch-ckcpro.w,v 1.1 2019/04/11 02:21:09 mrg Exp $
+
+dest is an int.
+ffc and calibrate are CK_OFF_Ts.
+
+--- ckcpro.w.orig	2011-06-07 11:39:21.000000000 -0700
++++ ckcpro.w	2019-04-10 19:15:37.736900735 -0700
+@@ -151,8 +151,9 @@
+   extern int quiet, tsecs, parity, backgrd, nakstate, atcapu, wslotn, winlo;
+   extern int wslots, success, xitsta, rprintf, discard, cdtimo, keep, fdispla;
+   extern int timef, stdinf, rscapu, sendmode, epktflg, epktrcvd, epktsent;
+-  extern int binary, fncnv;
+-  extern long speed, ffc, crc16, calibrate, dest;
++  extern int binary, fncnv, dest;
++  extern CK_OFF_T ffc, calibrate;
++  extern long speed, crc16;
+ #ifdef COMMENT
+   extern char *TYPCMD, *DIRCMD, *DIRCM2;
+ #endif /* COMMENT */
diff --git a/kermit/patches/patch-ckupty.c b/kermit/patches/patch-ckupty.c
new file mode 100644
index 0000000000..bffc5c4f77
--- /dev/null
+++ b/kermit/patches/patch-ckupty.c
@@ -0,0 +1,40 @@
+$NetBSD: patch-ckupty.c,v 1.1 2015/11/07 23:20:59 dholland Exp $
+
+Always use termios, never sgtty.h.
+
+--- ckupty.c~	2011-06-13 15:34:13.000000000 +0000
++++ ckupty.c
+@@ -79,33 +79,7 @@ char * ptyver = "PTY support 8.0.016, 22
+ #endif	/* SUNOS41 */
+ 
+ #ifndef USE_TERMIO
+-#ifdef LINUX
+-#define USE_TERMIO
+-#else
+-#ifdef ATTSV
+-#define USE_TERMIO
+-#else
+-#ifdef HPUX
+-#define USE_TERMIO
+-#else
+-#ifdef AIX
+-#define USE_TERMIO
+-#else
+-#ifdef BSD44ORPOSIX
+ #define USE_TERMIO
+-#else
+-#ifdef IRIX60
+-#define USE_TERMIO
+-#else
+-#ifdef QNX
+-#define USE_TERMIO
+-#endif /* QNX */
+-#endif /* IRIX60 */
+-#endif /* BSD44ORPOSIX */
+-#endif /* AIX */
+-#endif /* HPUX */
+-#endif /* ATTSV */
+-#endif /* LINUX */
+ #endif /* USE_TERMIO */
+ 
+ #ifdef QNX
diff --git a/kermit/patches/patch-ckuus3.c b/kermit/patches/patch-ckuus3.c
new file mode 100644
index 0000000000..0ae8106030
--- /dev/null
+++ b/kermit/patches/patch-ckuus3.c
@@ -0,0 +1,15 @@
+$NetBSD: patch-ckuus3.c,v 1.1 2020/04/08 15:22:07 rhialto Exp $
+
+Use version-flexible method.
+
+--- ckuus3.c.orig	2011-06-26 18:20:07.000000000 +0000
++++ ckuus3.c
+@@ -13048,7 +13048,7 @@ case XYDEBU:                            
+                       if (ssl_con == NULL) {
+                           SSL_library_init();
+                           ssl_ctx = (SSL_CTX *)
+-                            SSL_CTX_new((SSL_METHOD *)TLSv1_method());
++                            SSL_CTX_new((SSL_METHOD *)SSLv23_method());
+                           if (ssl_ctx != NULL)
+                             ssl_con= (SSL *) SSL_new(ssl_ctx);
+                       }
diff --git a/kermit/patches/patch-ckuus4.c b/kermit/patches/patch-ckuus4.c
new file mode 100644
index 0000000000..1dd7c8eb57
--- /dev/null
+++ b/kermit/patches/patch-ckuus4.c
@@ -0,0 +1,29 @@
+$NetBSD: patch-ckuus4.c,v 1.1 2019/04/11 02:21:09 mrg Exp $
+
+Always include errno.h.
+crc16 is a long.
+
+--- ckuus4.c.orig	2011-06-24 11:58:10.000000000 -0700
++++ ckuus4.c	2019-04-10 18:25:09.650654615 -0700
+@@ -34,8 +34,9 @@
+ #include "ck_ssl.h"
+ #endif /* CK_SSL */
+ 
++#include <errno.h>
++
+ #ifdef VMS
+-#include <errno.h>                      /* For \v(errno) */
+ extern char * ckvmserrstr(unsigned long);
+ #ifndef OLD_VMS
+ #include <lib$routines.h>               /* Not for VAX C 2.4 */
+@@ -409,7 +410,9 @@
+   npad, pkttim, bigrbsiz, bigsbsiz, keep, atcapr, autopar, bctr, bctu,
+   crunched, ckdelay, ebq, ebqflg, pktlog, retrans, rpackets, rptflg, rptq,
+   rtimo, spackets, spsiz, spsizf, spsizr, timeouts, fncact, fncnv, urpsiz,
+-  wmax, wslotn, wslotr, fdispla, spmax, fnrpath, fnspath, crc16;
++  wmax, wslotn, wslotr, fdispla, spmax, fnrpath, fnspath;
++extern long
++  crc16;
+ #endif /* NOXFER */
+ 
+ #ifdef OS2


Home | Main Index | Thread Index | Old Index