pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kermit: Rename patch files (NFCI)
Module Name: pkgsrc-wip
Committed By: Greg Troxel <gdt%lexort.com@localhost>
Pushed By: gdt
Date: Mon Oct 5 22:14:56 2020 +0000
Changeset: 223c280e922b5237cc145d93a48e0f051b57472a
Modified Files:
kermit/TODO
kermit/distinfo
Added Files:
kermit/patches/patch-ck_ssl.c
kermit/patches/patch-ckcdeb.h
kermit/patches/patch-ckcfns.c
kermit/patches/patch-ckcmai.c
kermit/patches/patch-ckuath.c
kermit/patches/patch-ckuus5.c
kermit/patches/patch-ckuus6.c
kermit/patches/patch-ckuus7.c
kermit/patches/patch-ckuusr.c
kermit/patches/patch-ckuusx.c
kermit/patches/patch-makefile
Removed Files:
kermit/patches/patch-aa
kermit/patches/patch-ab
kermit/patches/patch-ac
kermit/patches/patch-ad
kermit/patches/patch-af
kermit/patches/patch-ag
kermit/patches/patch-ah
kermit/patches/patch-aj
kermit/patches/patch-ak
kermit/patches/patch-al
kermit/patches/patch-am
Log Message:
kermit: Rename patch files (NFCI)
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=223c280e922b5237cc145d93a48e0f051b57472a
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
kermit/TODO | 4 +-
kermit/distinfo | 22 +-
kermit/patches/patch-aa | 98 --------
kermit/patches/patch-ab | 513 ------------------------------------------
kermit/patches/patch-ac | 12 -
kermit/patches/patch-ad | 12 -
kermit/patches/patch-af | 13 --
kermit/patches/patch-ag | 16 --
kermit/patches/patch-ah | 14 --
kermit/patches/patch-aj | 13 --
kermit/patches/patch-ak | 24 --
kermit/patches/patch-al | 391 --------------------------------
kermit/patches/patch-am | 14 --
kermit/patches/patch-ck_ssl.c | 513 ++++++++++++++++++++++++++++++++++++++++++
kermit/patches/patch-ckcdeb.h | 12 +
kermit/patches/patch-ckcfns.c | 14 ++
kermit/patches/patch-ckcmai.c | 12 +
kermit/patches/patch-ckuath.c | 391 ++++++++++++++++++++++++++++++++
kermit/patches/patch-ckuus5.c | 13 ++
kermit/patches/patch-ckuus6.c | 16 ++
kermit/patches/patch-ckuus7.c | 24 ++
kermit/patches/patch-ckuusr.c | 13 ++
kermit/patches/patch-ckuusx.c | 14 ++
kermit/patches/patch-makefile | 98 ++++++++
24 files changed, 1132 insertions(+), 1134 deletions(-)
diffs:
diff --git a/kermit/TODO b/kermit/TODO
index 63b5c30fb9..291af64b75 100644
--- a/kermit/TODO
+++ b/kermit/TODO
@@ -1,6 +1,4 @@
-- Rebase patches to the alpha
-
-- Rename patch files to modern norms
+- Add comments to patch files
- File patches upstream
diff --git a/kermit/distinfo b/kermit/distinfo
index d781113ff7..696d3ef949 100644
--- a/kermit/distinfo
+++ b/kermit/distinfo
@@ -4,17 +4,17 @@ SHA1 (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 90a3cdc9d5112d752a8637b6a76f6
RMD160 (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 4cd3cc02f6f5367b158f2fabc910e3ab7ffcee6a
SHA512 (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 017c742d53fa847b844554ce46708a32bee76af2efb092c3149b92f9ef50e0aa03ce52ffe99fc46ebfb7eeda1f4660b9f936d92c48625eda92369496070dd3a1
Size (kermit-9.0.305a2/ckucku305-alpha02.tar.gz) = 2545990 bytes
-SHA1 (patch-aa) = 67754adea3116a8bab45870adbb8166d8cbac32f
-SHA1 (patch-ab) = ad074be2191f907ce7d8069e4b128c64c1a3ef1e
-SHA1 (patch-ac) = 62cc9e92f2413a42312d9f6d168ee85664b6aab9
-SHA1 (patch-ad) = 414f61c19185e4a82a8326121c2d9dacfba48077
-SHA1 (patch-af) = 2a09f9f933d3c1e6860983d8138ac61f33306ef7
-SHA1 (patch-ag) = cae37680ea5af85f4d2c774fe230f73a1f0be48c
-SHA1 (patch-ah) = 5b2098dfd57f8bd4d107acafaabe1a2c9b97d037
-SHA1 (patch-aj) = 6468e2139639f601de4609db8dff07b8b3a82d82
-SHA1 (patch-ak) = 983583d79abc4fcee1b7e9bf8ae46f184aa7011d
-SHA1 (patch-al) = 616ad10e65b24a04d24ff2556d6362ef3cc64b78
-SHA1 (patch-am) = 8c5acbfefe7b7d11825cc32c4449582b51f6cad9
+SHA1 (patch-ck_ssl.c) = ad074be2191f907ce7d8069e4b128c64c1a3ef1e
+SHA1 (patch-ckcdeb.h) = 62cc9e92f2413a42312d9f6d168ee85664b6aab9
+SHA1 (patch-ckcfns.c) = 5b2098dfd57f8bd4d107acafaabe1a2c9b97d037
+SHA1 (patch-ckcmai.c) = 414f61c19185e4a82a8326121c2d9dacfba48077
+SHA1 (patch-ckuath.c) = 616ad10e65b24a04d24ff2556d6362ef3cc64b78
SHA1 (patch-ckupty.c) = fd8966627f3642550750ccd42e3add64a36dae09
SHA1 (patch-ckuus3.c) = 557e938b36931f7948783116d1c5c2224d51bcbb
SHA1 (patch-ckuus4.c) = 2204f4c95f8266358b66ac0936ac83ab27bec0c9
+SHA1 (patch-ckuus5.c) = 6468e2139639f601de4609db8dff07b8b3a82d82
+SHA1 (patch-ckuus6.c) = cae37680ea5af85f4d2c774fe230f73a1f0be48c
+SHA1 (patch-ckuus7.c) = 983583d79abc4fcee1b7e9bf8ae46f184aa7011d
+SHA1 (patch-ckuusr.c) = 2a09f9f933d3c1e6860983d8138ac61f33306ef7
+SHA1 (patch-ckuusx.c) = 8c5acbfefe7b7d11825cc32c4449582b51f6cad9
+SHA1 (patch-makefile) = 67754adea3116a8bab45870adbb8166d8cbac32f
diff --git a/kermit/patches/patch-aa b/kermit/patches/patch-aa
deleted file mode 100644
index e09a3e1474..0000000000
--- a/kermit/patches/patch-aa
+++ /dev/null
@@ -1,98 +0,0 @@
-$NetBSD: patch-aa,v 1.10 2011/12/06 01:19:16 sbd Exp $
-
-* Get K5LIB, K5INC, SSLLIB and SSLINC from pkgsrc.
-* s/-lgssapi/-lgssapi_krb5/ on netbsd+krb5*
-* Add $(LIBS) to link command on solaris2xg+openssl+zlib+pam+shadow
-* s@$(K5INC)/krb5@$(K5INC)/kerberosv5/ on solaris9g+krb5+ssl
-* On linux get HAVE_LIBCURSES and HAVE_CURSES from pkgsrc (with the
- curses include and library pathes coming from BUILDLINK_*FLAGS).
-
-
---- makefile.orig 2020-09-19 20:17:04.000000000 +0000
-+++ makefile
-@@ -827,12 +827,12 @@ manroot = $(prefix)
-
- K4LIB=-L/usr/kerberos/lib
- K4INC=-I/usr/kerberos/include
--K5LIB=-L/usr/kerberos/lib
--K5INC=-I/usr/kerberos/include
-+#K5LIB=-L/usr/kerberos/lib
-+#K5INC=-I/usr/kerberos/include
- SRPLIB=-L$(srproot)/lib
- SRPINC=-I$(srproot)/include
--SSLLIB=-L$(sslroot)/ssl/lib
--SSLINC=-I$(sslroot)/ssl/include
-+#SSLLIB=-L$(sslroot)/ssl/lib
-+#SSLINC=-I$(sslroot)/ssl/include
-
- # To override these assignments; for example, if your OpenSSL files are
- # not in /usr/local/ssl, invoke the desired target like this:
-@@ -1878,7 +1878,7 @@ netbsd+krb5:
- -DCK_CAST $$HAVE_DES -DNOFTP_GSSAPI $(K5INC) $(K5INC)/krb5 \
- $(KFLAGS)" \
- "LIBS= $(K5LIB) -L/usr/pkg/lib -R/usr/pkg/lib -lcurses $$DES_LIB \
-- -lcrypto -lgssapi -lkrb5 -lm -lutil $(LIBS)"
-+ -lcrypto -lgssapi_krb5 -lkrb5 -lm -lutil $(LIBS)"
-
- # NetBSD - With Kerberos 5 and SSL and Zlib.
- # OK: 2011/08/21 on 5.1 with MIT Kerberos.
-@@ -1905,7 +1905,7 @@ netbsd+krb5+ssl netbsd+krb5+openssl+zlib
- -DCK_SSL -DCK_PAM -DZLIB -DNO_DCL_INET_ATON $$OPENSSLOPTION \
- $(KFLAGS)" "LNKFLAGS = $(LNKFLAGS)" \
- "LIBS= $(K5LIB) -L/usr/pkg/lib -R/usr/pkg/lib -lssl $$DES_LIB \
-- -lcrypto -lcrypt -lgssapi -lkrb5 -lz -lm -lpam -lutil -lcurses $(LIBS)"
-+ -lcrypto -lcrypt -lgssapi_krb5 -lkrb5 -lz -lm -lpam -lutil -lcurses $(LIBS)"
-
- #Special Security Enhanced NetBSD target with SRP, SSL, and zlib support.
- #To build this, you need to BUILD the pkgsrc srp_client package. After
-@@ -3553,7 +3553,7 @@ solaris2xg+openssl+zlib+pam+shadow:
- -DCK_AUTHENTICATION -DCK_SSL -DCK_PAM -DCK_SHADOW -DZLIB \
- -DBIGBUFOK $(SSLINC) $(KFLAGS)" \
- "LIBS= $(SSLLIB) -ltermlib \
-- -lsocket -lnsl -lm -lresolv -lssl -lcrypto -lpam -lz"
-+ -lsocket -lnsl -lm -lresolv -lssl -lcrypto -lpam -lz $(LIBS)"
-
- #Ditto but with GCC 3.1 in which you have to specify 32-bit with -m32.
- #In Solaris 9 (and maybe 8) you'll also need specifiy the Library path.
-@@ -3908,7 +3908,7 @@ solaris9g+krb5+ssl solaris10g+krb5+ssl s
- -DCK_CURSES -DCK_NEWTERM -DDIRENT -DHDBUUCP -DTCPSOCKET -DBIGBUFOK \
- -DCK_AUTHENTICATION -DCK_SSL -DZLIB -DCK_KERBEROS -DKRB5 \
- -DCK_ENCRYPTION -DCK_CAST $$OPENSSLOPTION \
-- $$HAVE_DES $(SSLINC) $(K5INC) $(K5INC)/krb5 $(KFLAGS)" \
-+ $$HAVE_DES $(SSLINC) $(K5INC) $(K5INC)/kerberosv5 $(KFLAGS)" \
- "LIBS= $(SSLLIB) $(K5LIB) -lz -lssl -ltermlib -lsocket -lnsl -lm \
- -lresolv -lcrypto \
- $$GSSAPILIB -lkrb5 -lcom_err -lk5crypto $$DES_LIB $(LIBS)"
-@@ -6207,32 +6207,6 @@ linux-2015:
- if test `grep openpty /usr/include/pty.h | wc -l` -gt 0; \
- then HAVE_OPENPTY='-DHAVE_OPENPTY'; \
- else HAVE_OPENPTY=''; fi ; \
-- HAVE_LIBCURSES=''; \
-- if test -f /lib64/libncurses.so.5 || \
-- test -f /lib64/libncurses.so || \
-- test -f /lib64/libncurses.a; then \
-- HAVE_LIBCURSES='-lncurses'; \
-- else if test -f /usr/lib64/libncurses.so || \
-- test -f /usr/lib/libncurses.a || \
-- test -f /usr/lib64/libncurses.so.5 || \
-- test -f /usr/lib/libncurses.so; then \
-- HAVE_LIBCURSES='-lncurses'; \
-- else if test -f /usr/lib/$(MULTIARCH)/libncurses.so || \
-- test -f /usr/lib/$(MULTIARCH)/libncurses.a || \
-- test -f /usr/lib/$(MULTIARCH)/libncurses.so; then \
-- HAVE_LIBCURSES='-lncurses'; \
-- else if test -f /usr/lib64/libcurses.so || \
-- test -f /usr/lib/libcurses.a || \
-- test -f /usr/lib/libcurses.so; then \
-- HAVE_LIBCURSES='-lcurses'; fi; fi; fi; fi; \
-- HAVE_CURSES=''; \
-- if test -n '$$HAVE_LIBCURSES'; then \
-- if test -f /usr/include/ncurses.h; then \
-- HAVE_CURSES='-DCK_NCURSES -I/usr/include/ncurses'; \
-- else if test -f /usr/include/curses.h; then \
-- HAVE_CURSES='-DCK_CURSES'; \
-- else HAVE_LIBCURSES=''; \
-- fi; fi; fi; \
- if test -f /usr/include/baudboy.h || test -f /usr/include/ttylock.h; \
- then HAVE_LOCKDEV='-DHAVE_LOCKDEV' ; \
- else HAVE_LOCKDEV='' ; fi ; \
diff --git a/kermit/patches/patch-ab b/kermit/patches/patch-ab
deleted file mode 100644
index 3c4d8b8417..0000000000
--- a/kermit/patches/patch-ab
+++ /dev/null
@@ -1,513 +0,0 @@
-$NetBSD: patch-ab,v 1.8 2020/04/08 15:22:07 rhialto Exp $
-
-- Update for openssl 1.1.1e.
-- Kermit tries to keep SSL and TLS contexts (since in old openssl, the
- *v23* methods were not version-flexible enough). Now afer simplification
- there is lots of duplicate code left over that could be simplified more.
-
---- ck_ssl.c.orig 2017-04-26 15:56:23.000000000 +0000
-+++ ck_ssl.c
-@@ -303,7 +303,7 @@ X509_STORE_CTX *ctx;
- break;
- default:
- printf("Error %d while verifying certificate.\r\n",
-- ctx->error);
-+ error);
- break;
- }
- }
-@@ -806,6 +806,17 @@ ssl_client_cert_callback(s, x509, pkey)
- #define MS_CALLBACK
- #endif /* MS_CALLBACK */
-
-+static BIGNUM *get_RSA_F4()
-+{
-+ static BIGNUM *bn;
-+
-+ if (!bn) {
-+ bn = BN_new();
-+ BN_add_word(bn, RSA_F4);
-+ }
-+ return bn;
-+}
-+
- static RSA MS_CALLBACK *
- #ifdef CK_ANSIC
- tmp_rsa_cb(SSL * s, int export, int keylength)
-@@ -824,7 +835,16 @@ int keylength;
- if (ssl_debug_flag)
- printf("Generating temporary (%d bit) RSA key...\r\n",keylength);
-
-- rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
-+ rsa_tmp = RSA_new();
-+ if (rsa_tmp) {
-+ int error = RSA_generate_key_ex(rsa_tmp, keylength, get_RSA_F4(),NULL);
-+ if (error) {
-+ if (ssl_debug_flag)
-+ printf(" error %d", error);
-+ RSA_free(rsa_tmp);
-+ rsa_tmp = NULL;
-+ }
-+ }
-
- if (ssl_debug_flag)
- printf("\r\n");
-@@ -938,10 +958,26 @@ get_dh512()
-
- if ((dh=DH_new()) == NULL)
- return(NULL);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ BIGNUM *p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
-+ BIGNUM *g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
-+ if ((p == NULL) || (g == NULL)) {
-+ BN_free(g);
-+ BN_free(p);
-+ DH_free(dh);
-+ return(NULL);
-+ }
-+ DH_set0_pqg(dh, p, NULL, g);
-+#else
- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
-- if ((dh->p == NULL) || (dh->g == NULL))
-+ if ((dh->p == NULL) || (dh->g == NULL)) {
-+ BN_free(dh->g);
-+ BN_free(dh->p);
-+ DH_free(dh);
- return(NULL);
-+ }
-+#endif
- return(dh);
- }
-
-@@ -952,10 +988,26 @@ get_dh768()
-
- if ((dh=DH_new()) == NULL)
- return(NULL);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ BIGNUM *p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
-+ BIGNUM *g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
-+ if ((p == NULL) || (g == NULL)) {
-+ BN_free(g);
-+ BN_free(p);
-+ DH_free(dh);
-+ return(NULL);
-+ }
-+ DH_set0_pqg(dh, p, NULL, g);
-+#else
- dh->p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
- dh->g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
-- if ((dh->p == NULL) || (dh->g == NULL))
-+ if ((dh->p == NULL) || (dh->g == NULL)) {
-+ BN_free(dh->g);
-+ BN_free(dh->p);
-+ DH_free(dh);
- return(NULL);
-+ }
-+#endif
- return(dh);
- }
-
-@@ -966,10 +1018,26 @@ get_dh1024()
-
- if ((dh=DH_new()) == NULL)
- return(NULL);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ BIGNUM *p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
-+ BIGNUM *g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
-+ if ((p == NULL) || (g == NULL)) {
-+ BN_free(g);
-+ BN_free(p);
-+ DH_free(dh);
-+ return(NULL);
-+ }
-+ DH_set0_pqg(dh, p, NULL, g);
-+#else
- dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
- dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
-- if ((dh->p == NULL) || (dh->g == NULL))
-+ if ((dh->p == NULL) || (dh->g == NULL)) {
-+ BN_free(dh->g);
-+ BN_free(dh->p);
-+ DH_free(dh);
- return(NULL);
-+ }
-+#endif
- return(dh);
- }
-
-@@ -980,10 +1048,26 @@ get_dh1536()
-
- if ((dh=DH_new()) == NULL)
- return(NULL);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ BIGNUM *p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
-+ BIGNUM *g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
-+ if ((p == NULL) || (g == NULL)) {
-+ BN_free(g);
-+ BN_free(p);
-+ DH_free(dh);
-+ return(NULL);
-+ }
-+ DH_set0_pqg(dh, p, NULL, g);
-+#else
- dh->p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
- dh->g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
-- if ((dh->p == NULL) || (dh->g == NULL))
-+ if ((dh->p == NULL) || (dh->g == NULL)) {
-+ BN_free(dh->g);
-+ BN_free(dh->p);
-+ DH_free(dh);
- return(NULL);
-+ }
-+#endif
- return(dh);
- }
-
-@@ -994,10 +1078,26 @@ get_dh2048()
-
- if ((dh=DH_new()) == NULL)
- return(NULL);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ BIGNUM *p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
-+ BIGNUM *g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
-+ if ((p == NULL) || (g == NULL)) {
-+ BN_free(g);
-+ BN_free(p);
-+ DH_free(dh);
-+ return(NULL);
-+ }
-+ DH_set0_pqg(dh, p, NULL, g);
-+#else
- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
-- if ((dh->p == NULL) || (dh->g == NULL))
-+ if ((dh->p == NULL) || (dh->g == NULL)) {
-+ BN_free(dh->g);
-+ BN_free(dh->p);
-+ DH_free(dh);
- return(NULL);
-+ }
-+#endif
- return(dh);
- }
- #endif /* NO_DH */
-@@ -1057,13 +1157,14 @@ ssl_display_comp(SSL * ssl)
- return;
-
- #ifndef OPENSSL_NO_COMP /* ifdefs Bernard Spil 12/2015 */
-- if (ssl->expand == NULL || ssl->expand->meth == NULL)
-+ const COMP_METHOD *method = SSL_get_current_compression(ssl);
-+ if (method == NULL)
- #endif /* OPENSSL_NO_COMP */
- printf("Compression: None\r\n");
-
- #ifndef OPENSSL_NO_COMP /* ifdefs Bernard Spil 12/2015 */
- else {
-- printf("Compression: %s\r\n",ssl->expand->meth->name);
-+ printf("Compression: %s\r\n",SSL_COMP_get_name(method));
- }
- #endif /* OPENSSL_NO_COMP */
- }
-@@ -1079,7 +1180,7 @@ int verbose;
- #endif /* CK_ANSIC */
- {
- X509 *peer;
-- SSL_CIPHER * cipher;
-+ const SSL_CIPHER * cipher;
- const char *cipher_list;
- char buf[512]="";
-
-@@ -1489,13 +1590,23 @@ the build.\r\n\r\n");
-
- #ifdef ZLIB
- cm = COMP_zlib();
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ if (cm != NULL && COMP_get_type(cm) != NID_undef) {
-+#else
- if (cm != NULL && cm->type != NID_undef) {
-+#endif
- SSL_COMP_add_compression_method(0xe0, cm); /* EAY's ZLIB ID */
- }
- #endif /* ZLIB */
-+#ifdef NID_rle_compression
- cm = COMP_rle();
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ if (cm != NULL && COMP_get_type(cm) != NID_undef)
-+#else
- if (cm != NULL && cm->type != NID_undef)
-+#endif
- SSL_COMP_add_compression_method(0xe1, cm); /* EAY's RLE ID */
-+#endif /* NID_rle_compression */
-
- /* Ensure the Random number generator has enough entropy */
- if ( !RAND_status() ) {
-@@ -1613,12 +1724,6 @@ ssl_tn_init(mode) int mode;
- /* This can fail because we do not have RSA available */
- if ( !ssl_ctx ) {
- debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
--#ifndef OPENSSL_NO_SSL3 /* ifdef Bernard Spil 12/2015 */
-- ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
--#endif /* OPENSSL_NO_SSL3 */
-- }
-- if ( !ssl_ctx ) {
-- debug(F110,"ssl_tn_init","SSLv3_client_method failed",0);
- last_ssl_mode = -1;
- return(0);
- }
-@@ -1664,12 +1769,6 @@ ssl_tn_init(mode) int mode;
- /* This can fail because we do not have RSA available */
- if ( !ssl_ctx ) {
- debug(F110,"ssl_tn_init","SSLv23_server_method failed",0);
--#ifndef OPENSSL_NO_SSL3 /* ifdef Bernard Spil 12/2015 */
-- ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_server_method());
--#endif /* OPENSSL_NO_SSL3 */
-- }
-- if ( !ssl_ctx ) {
-- debug(F110,"ssl_tn_init","SSLv3_server_method failed",0);
- last_ssl_mode = -1;
- return(0);
- }
-@@ -1710,7 +1809,6 @@ ssl_tn_init(mode) int mode;
- SSL_CTX_set_info_callback(ssl_ctx,ssl_client_info_callback);
- SSL_CTX_set_info_callback(tls_ctx,ssl_client_info_callback);
-
--#ifndef COMMENT
- /* Set the proper caching mode */
- if ( mode == SSL_SERVER ) {
- SSL_CTX_set_session_cache_mode(ssl_ctx,SSL_SESS_CACHE_SERVER);
-@@ -1721,10 +1819,6 @@ ssl_tn_init(mode) int mode;
- }
- SSL_CTX_set_session_id_context(ssl_ctx,(CHAR *)"1",1);
- SSL_CTX_set_session_id_context(tls_ctx,(CHAR *)"2",1);
--#else /* COMMENT */
-- SSL_CTX_set_session_cache_mode(ssl_ctx,SSL_SESS_CACHE_OFF);
-- SSL_CTX_set_session_cache_mode(tls_ctx,SSL_SESS_CACHE_OFF);
--#endif /* COMMENT */
- }
-
- /* The server uses defaults for the certificate files. */
-@@ -1832,7 +1926,14 @@ ssl_tn_init(mode) int mode;
-
- if ( ssl_debug_flag )
- printf("Generating temp (512 bit) RSA key ...\r\n");
-- rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
-+ rsa = RSA_new();
-+ if (rsa) {
-+ int error = RSA_generate_key_ex(rsa,512,get_RSA_F4(),NULL);
-+ if (error) {
-+ RSA_free(rsa);
-+ rsa = NULL;
-+ }
-+ }
- if ( ssl_debug_flag )
- printf("Generation of temp (512 bit) RSA key done\r\n");
-
-@@ -2230,7 +2331,7 @@ ssl_http_init(hostname) char * hostname;
- * for TLS be sure to prevent use of SSLv2
- */
- SSL_CTX_set_options(tls_http_ctx,
-- SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA);
-+ SSL_OP_NO_SSLv2/*|SSL_OP_NO_SSLv3*/|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA);
-
- SSL_CTX_set_info_callback(tls_http_ctx,ssl_client_info_callback);
-
-@@ -2623,7 +2724,11 @@ ssl_anonymous_cipher(ssl) SSL * ssl;
- int
- ssl_verify_crl(int ok, X509_STORE_CTX *ctx)
- {
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ X509_OBJECT *obj;
-+#else
- X509_OBJECT obj;
-+#endif
- X509_NAME *subject = NULL;
- X509_NAME *issuer = NULL;
- X509 *xs = NULL;
-@@ -2643,6 +2748,14 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
- if (!crl_store)
- return ok;
-
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ obj = X509_OBJECT_new();
-+ if (!obj)
-+ return(ok);
-+#else
-+ memset((char *)&obj, 0, sizeof(obj));
-+#endif
-+
- store_ctx = X509_STORE_CTX_new();
- if ( !store_ctx )
- return(ok);
-@@ -2689,11 +2802,16 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
- * Try to retrieve a CRL corresponding to the _subject_ of
- * the current certificate in order to verify it's integrity.
- */
-- memset((char *)&obj, 0, sizeof(obj));
- X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
-+ X509_STORE_CTX_cleanup(store_ctx);
-+ crl = X509_OBJECT_get0_X509_CRL(obj);
-+#else
- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, &obj);
- X509_STORE_CTX_cleanup(store_ctx);
- crl = obj.data.crl;
-+#endif
- if (rc > 0 && crl != NULL) {
- /*
- * Verify the signature on this CRL
-@@ -2701,7 +2819,11 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
- if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) {
- fprintf(stderr, "Invalid signature on CRL!\n");
- X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ X509_OBJECT_free(obj);
-+#else
- X509_OBJECT_free_contents(&obj);
-+#endif
- X509_STORE_CTX_free(store_ctx);
- return 0;
- }
-@@ -2709,12 +2831,16 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
- /*
- * Check date of CRL to make sure it's not expired
- */
-- i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
-+ i = X509_cmp_current_time(X509_CRL_get0_nextUpdate(crl));
- if (i == 0) {
- fprintf(stderr, "Found CRL has invalid nextUpdate field.\n");
- X509_STORE_CTX_set_error(ctx,
- X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ X509_OBJECT_free(obj);
-+#else
- X509_OBJECT_free_contents(&obj);
-+#endif
- X509_STORE_CTX_free(store_ctx);
- return 0;
- }
-@@ -2723,22 +2849,38 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
- "Found CRL is expired - revoking all certificates until you get updated CRL.\n"
- );
- X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ X509_OBJECT_free(obj);
-+#else
- X509_OBJECT_free_contents(&obj);
-+#endif
- X509_STORE_CTX_free(store_ctx);
- return 0;
- }
-- X509_OBJECT_free_contents(&obj);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ X509_OBJECT_free(obj);
-+#else
-+ X509_OBJECT_free_contents(&obj);
-+#endif
- }
-
- /*
- * Try to retrieve a CRL corresponding to the _issuer_ of
- * the current certificate in order to check for revocation.
- */
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
- memset((char *)&obj, 0, sizeof(obj));
-+#endif
- X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
-+ X509_STORE_CTX_free(store_ctx); /* calls X509_STORE_CTX_cleanup() */
-+ crl = X509_OBJECT_get0_X509_CRL(obj);
-+#else
- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, &obj);
- X509_STORE_CTX_free(store_ctx); /* calls X509_STORE_CTX_cleanup() */
- crl = obj.data.crl;
-+#endif
- if (rc > 0 && crl != NULL) {
- /*
- * Check if the current certificate is revoked by this CRL
-@@ -2746,19 +2888,34 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
- n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
- for (i = 0; i < n; i++) {
- revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked),
-+ X509_get_serialNumber(xs)) == 0) { // }
-+
-+ serial = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(revoked));
-+#else
- if (ASN1_INTEGER_cmp(revoked->serialNumber,
- X509_get_serialNumber(xs)) == 0) {
-
- serial = ASN1_INTEGER_get(revoked->serialNumber);
-+#endif
- cp = X509_NAME_oneline(issuer, NULL, 0);
- free(cp);
-
- X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ X509_OBJECT_free(obj);
-+#else
- X509_OBJECT_free_contents(&obj);
-+#endif
- return 0;
- }
- }
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ X509_OBJECT_free(obj);
-+#else
- X509_OBJECT_free_contents(&obj);
-+#endif
- }
- return ok;
- }
-@@ -2929,6 +3086,7 @@ show_hostname_warning(char *s1, char *s2
- #ifndef OpenBSD
- #ifndef FREEBSD4
- #ifndef NETBSD15
-+#ifndef __DragonFly__
- #ifndef LINUX
- #ifndef AIX41
- #ifndef UW7
-@@ -2971,6 +3129,7 @@ inet_aton(char * ipaddress, struct in_ad
- #endif /* UW7 */
- #endif /* AIX41 */
- #endif /* LINUX */
-+#endif /* __DragonFly__ */
- #endif /* NETBSD15 */
- #endif /* FREEBSD4 */
- #endif /* OpenBSD */
-@@ -3113,7 +3272,7 @@ int
- tls_is_anon(int x)
- {
- char buf[128];
-- SSL_CIPHER * cipher;
-+ const SSL_CIPHER * cipher;
- SSL * ssl = NULL;
-
- switch ( x ) {
-@@ -3157,7 +3316,7 @@ int
- tls_is_krb5(int x)
- {
- char buf[128];
-- SSL_CIPHER * cipher;
-+ const SSL_CIPHER * cipher;
- SSL * ssl = NULL;
-
- switch ( x ) {
-@@ -4399,7 +4558,14 @@ X509_userok(X509 * peer_cert, const char
- if (!(fp = fopen(buf, "r")))
- return 0;
- while (!r && (file_cert = PEM_read_X509(fp, NULL, NULL, NULL))) {
-+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
-+ const ASN1_BIT_STRING *peer_cert_sig, *file_cert_sig;
-+ X509_get0_signature(&peer_cert_sig, NULL, peer_cert);
-+ X509_get0_signature(&file_cert_sig, NULL, file_cert);
-+ if (!ASN1_STRING_cmp(peer_cert_sig, file_cert_sig))
-+#else
- if (!ASN1_STRING_cmp(peer_cert->signature, file_cert->signature))
-+#endif
- r = 1;
- X509_free(file_cert);
- }
diff --git a/kermit/patches/patch-ac b/kermit/patches/patch-ac
deleted file mode 100644
index 8e15ccee12..0000000000
--- a/kermit/patches/patch-ac
+++ /dev/null
@@ -1,12 +0,0 @@
-$NetBSD: patch-ac,v 1.9 2011/08/25 14:54:06 hans Exp $
-
---- ckcdeb.h.orig 2010-08-23 15:30:56.000000000 +0200
-+++ ckcdeb.h 2011-08-23 10:31:55.103102070 +0200
-@@ -4532,7 +4532,6 @@ extern int errno;
- following is an anachronism and should be the execption rather than the
- rule.
- */
--extern int errno;
- #endif /* __GLIBC__ */
- #endif /* OS2 */
- #endif /* VMS */
diff --git a/kermit/patches/patch-ad b/kermit/patches/patch-ad
deleted file mode 100644
index 2cb7cdc88a..0000000000
--- a/kermit/patches/patch-ad
+++ /dev/null
@@ -1,12 +0,0 @@
-$NetBSD: patch-ad,v 1.10 2012/05/17 20:29:13 christos Exp $
-
---- ckcmai.c.orig 2012-05-17 16:22:58.000000000 -0400
-+++ ckcmai.c 2012-05-17 16:23:53.000000000 -0400
-@@ -540,6 +540,7 @@
-
- #include "ckcker.h" /* Kermit symbols */
- #include "ckcnet.h" /* Network symbols */
-+#include "ckupty.h" /* time.h */
-
- #ifdef CK_SSL
- #include "ck_ssl.h"
diff --git a/kermit/patches/patch-af b/kermit/patches/patch-af
deleted file mode 100644
index 6547c595be..0000000000
--- a/kermit/patches/patch-af
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-af,v 1.1 2005/12/18 23:15:43 joerg Exp $
-
---- ckuusr.c.orig 2005-12-18 23:04:34.000000000 +0000
-+++ ckuusr.c
-@@ -87,6 +87,8 @@ char *userv = "User Interface 8.0.278, 1
- #define MULTINET_OLD_STYLE /* Leave select prototype undefined */
- #endif /* MULTINET */
-
-+#include <errno.h>
-+
- #include "ckcdeb.h"
- #include "ckcasc.h"
- #include "ckcker.h"
diff --git a/kermit/patches/patch-ag b/kermit/patches/patch-ag
deleted file mode 100644
index aa5dad9677..0000000000
--- a/kermit/patches/patch-ag
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-ag,v 1.2 2011/08/25 14:54:06 hans Exp $
-
---- ckuus6.c.orig 2011-06-07 17:27:51.000000000 +0200
-+++ ckuus6.c 2011-08-23 10:34:29.697605882 +0200
-@@ -33,11 +33,7 @@
- #endif /* def VMS [else] */
- #endif /* NOSTAT */
-
--#ifdef VMS
--#ifndef TCPSOCKET
- #include <errno.h>
--#endif /* TCPSOCKET */
--#endif /* VMS */
-
- #ifdef datageneral
- #define fgets(stringbuf,max,fd) dg_fgets(stringbuf,max,fd)
diff --git a/kermit/patches/patch-ah b/kermit/patches/patch-ah
deleted file mode 100644
index 906ee4ab09..0000000000
--- a/kermit/patches/patch-ah
+++ /dev/null
@@ -1,14 +0,0 @@
-$NetBSD: patch-ah,v 1.1 2005/12/18 23:15:43 joerg Exp $
-
---- ckcfns.c.orig 2005-12-18 23:06:48.000000000 +0000
-+++ ckcfns.c
-@@ -93,9 +93,7 @@ _PROTOTYP( long zfsize, (char *) );
- #endif /* OS2ONLY */
- #endif /* OS2 */
-
--#ifdef VMS
- #include <errno.h>
--#endif /* VMS */
-
- /* Externals from ckcmai.c */
-
diff --git a/kermit/patches/patch-aj b/kermit/patches/patch-aj
deleted file mode 100644
index 0ff718fa12..0000000000
--- a/kermit/patches/patch-aj
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-aj,v 1.1 2006/06/28 23:13:18 dbj Exp $
-
---- ckuus5.c.orig 2006-06-27 19:22:53.000000000 -0400
-+++ ckuus5.c 2006-06-27 19:23:30.000000000 -0400
-@@ -28,6 +28,8 @@
- #include "ckcker.h"
- #include "ckuusr.h"
-
-+#include <errno.h>
-+
- #ifdef DCMDBUF
- char *line; /* Character buffer for anything */
- char *tmpbuf;
diff --git a/kermit/patches/patch-ak b/kermit/patches/patch-ak
deleted file mode 100644
index 55430e3f1e..0000000000
--- a/kermit/patches/patch-ak
+++ /dev/null
@@ -1,24 +0,0 @@
-$NetBSD: patch-ak,v 1.2 2020/04/08 15:22:07 rhialto Exp $
-
-- Use version-flexible SSL/TLS method.
-
---- ckuus7.c.orig 2011-06-23 16:13:11.000000000 +0000
-+++ ckuus7.c
-@@ -32,6 +32,8 @@
- #include "ckucmd.h"
- #include "ckclib.h"
-
-+#include <errno.h>
-+
- #ifdef VMS
- #ifndef TCPSOCKET
- #include <errno.h>
-@@ -14340,7 +14342,7 @@ sho_auth(cx) int cx; {
- if (ssl_con == NULL) {
- SSL_library_init();
- ssl_ctx = (SSL_CTX *)
-- SSL_CTX_new((SSL_METHOD *)TLSv1_method());
-+ SSL_CTX_new((SSL_METHOD *)SSLv23_method());
- if (ssl_ctx != NULL)
- ssl_con= (SSL *) SSL_new(ssl_ctx);
- }
diff --git a/kermit/patches/patch-al b/kermit/patches/patch-al
deleted file mode 100644
index 6205aca788..0000000000
--- a/kermit/patches/patch-al
+++ /dev/null
@@ -1,391 +0,0 @@
-$NetBSD: patch-al,v 1.3 2014/06/23 22:24:24 christos Exp $
-
---- ckuath.c.orig 2011-06-13 13:26:54.000000000 -0400
-+++ ckuath.c 2014-06-23 18:20:26.000000000 -0400
-@@ -117,19 +117,6 @@
- #include <time.h>
- #include <fcntl.h>
- #include <errno.h>
--#ifndef malloc
--#ifndef VMS
--#ifndef FREEBSD4
--#ifndef OpenBSD
--#ifdef MACOSX
--#include <sys/malloc.h>
--#else /* MACOSX */
--#include <malloc.h>
--#endif /* MACOSX */
--#endif /* OpenBSD */
--#endif /* FREEBSD4 */
--#endif /* VMS */
--#endif /* malloc */
- #ifdef OS2
- #include <io.h>
- #endif /* OS2 */
-@@ -149,7 +136,9 @@
- #endif /* saveprintf */
- #else /* HEIMDAL */
- #include "krb5.h"
-+#ifdef BETATEST
- #include "profile.h"
-+#endif
- #include "com_err.h"
- #ifdef KRB5_GET_INIT_CREDS_OPT_TKT_LIFE
- #define KRB5_HAVE_GET_INIT_CREDS
-@@ -417,7 +406,6 @@
- char des_outpkt[2*RLOG_BUFSIZ+4]; /* needs to be > largest write size */
- #ifdef KRB5
- krb5_data desinbuf,desoutbuf;
--krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */
- static krb5_data encivec_i[2], encivec_o[2];
-
- enum krb5_kcmd_proto {
-@@ -3145,8 +3133,13 @@
- data.data = k4_session_key;
- data.length = 8;
-
-- code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0,
-- &encdata, &data);
-+ code = krb5_c_decrypt(k5_context,
-+#ifdef HEIMDAL
-+ k4_krbkey,
-+#else
-+ &k4_krbkey,
-+#endif
-+ 0, 0, &encdata, &data);
-
- krb5_free_keyblock_contents(k5_context, &random_key);
-
-@@ -3162,8 +3155,13 @@
- data.data = k4_challenge;
- data.length = 8;
-
-- code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0,
-- &encdata, &data);
-+ code = krb5_c_decrypt(k5_context,
-+#ifdef HEIMDAL
-+ k4_krbkey,
-+#else
-+ &k4_krbkey,
-+#endif
-+ 0, 0, &encdata, &data);
- #else /* MIT_CURRENT */
- memset(k4_sched,0,sizeof(Schedule));
- ckhexdump("auth_send",cred.session,8);
-@@ -3295,7 +3293,7 @@
- case AUTHTYPE_KERBEROS_V5:
- debug(F111,"auth_send KRB5","k5_auth.length",k5_auth.length);
- for ( i=0 ; i<k5_auth.length ; i++ ) {
-- if ( (char *)k5_auth.data[i] == IAC )
-+ if ( ((char *)k5_auth.data)[i] == IAC )
- iaccnt++;
- }
- if ( k5_auth.length + iaccnt + 10 < sizeof(buf) ) {
-@@ -4250,8 +4248,13 @@
- kdata.data = k4_challenge;
- kdata.length = 8;
-
-- if (code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0,
-- &encdata, &kdata)) {
-+ if (code = krb5_c_decrypt(k5_context,
-+#ifdef HEIMDAL
-+ k4_krbkey,
-+#else
-+ &k4_krbkey,
-+#endif
-+ 0, 0, &encdata, &kdata)) {
- com_err("k4_auth_is", code, "while decrypting challenge");
- auth_finished(AUTH_REJECT);
- return AUTH_FAILURE;
-@@ -4752,9 +4755,11 @@
- ap_opts |= AP_OPTS_MUTUAL_REQUIRED;
-
- #ifdef HEIMDAL
-+#ifdef notdef
- r = krb5_auth_setkeytype(k5_context, auth_context, KEYTYPE_DES);
- if (r)
- com_err(NULL, r, "while setting auth keytype");
-+#endif
- r = krb5_auth_con_setaddrs_from_fd(k5_context,auth_context, &ttyfd);
- if (r)
- com_err(NULL, r, "while setting auth addrs");
-@@ -4924,7 +4929,6 @@
- skey.data = k5_session_key->contents;
- #endif /* HEIMDAL */
- } else {
--#ifdef HEIMDAL
- switch ( k5_session_key->keytype ) {
- case ETYPE_DES_CBC_CRC:
- case ETYPE_DES_CBC_MD5:
-@@ -4934,24 +4938,17 @@
- break;
- default:
- skey.type = SK_GENERIC;
-+#ifdef HEIMDAL
-+ skey.length = k5_session_key->keyvalue.length;
-+#else /* HEIMDAL */
- skey.length = k5_session_key->length;
-+#endif /* HEIMDAL */
- encrypt_dont_support(ENCTYPE_DES_CFB64);
- encrypt_dont_support(ENCTYPE_DES_OFB64);
- }
-+#ifdef HEIMDAL
- skey.data = k5_session_key->keyvalue.data;
- #else /* HEIMDAL */
-- switch ( k5_session_key->enctype ) {
-- case ENCTYPE_DES_CBC_CRC:
-- case ENCTYPE_DES_CBC_MD5:
-- case ENCTYPE_DES_CBC_MD4:
-- skey.type = SK_DES;
-- skey.length = 8;
-- default:
-- skey.type = SK_GENERIC;
-- skey.length = k5_session_key->length;
-- encrypt_dont_support(ENCTYPE_DES_CFB64);
-- encrypt_dont_support(ENCTYPE_DES_OFB64);
-- }
- skey.data = k5_session_key->contents;
- #endif /* HEIMDAL */
- }
-@@ -5038,7 +5035,6 @@
- skey.data = k5_session_key->contents;
- #endif /* HEIMDAL */
- } else {
--#ifdef HEIMDAL
- switch ( k5_session_key->keytype ) {
- case ETYPE_DES_CBC_CRC:
- case ETYPE_DES_CBC_MD5:
-@@ -5047,21 +5043,15 @@
- skey.length = 8;
- default:
- skey.type = SK_GENERIC;
-+#ifdef HEIMDAL
-+ skey.length = k5_session_key->keyvalue.length;
-+#else /* HEIMDAL */
- skey.length = k5_session_key->length;
-+#endif /* HEIMDAL */
- }
-+#ifdef HEIMDAL
- skey.data = k5_session_key->keyvalue.data;
- #else /* HEIMDAL */
-- switch ( k5_session_key->enctype ) {
-- case ENCTYPE_DES_CBC_CRC:
-- case ENCTYPE_DES_CBC_MD5:
-- case ENCTYPE_DES_CBC_MD4:
-- skey.type = SK_DES;
-- skey.length = 8;
-- break;
-- default:
-- skey.type = SK_GENERIC;
-- skey.length = k5_session_key->length;
-- }
- skey.data = k5_session_key->contents;
- #endif /* HEIMDAL */
- }
-@@ -5138,7 +5128,11 @@
- }
- if ( msg.length == 24 && !memcmp(msg.data,tls_verify,24) )
- krb5_tls_verified = 1;
-+#ifdef HEIMDAL
-+ krb5_data_free(&msg);
-+#else /* HEIMDAL */
- krb5_free_data_contents(k5_context,&msg);
-+#endif /* HEIMDAL */
- if (krb5_tls_verified)
- return(AUTH_SUCCESS);
- }
-@@ -5166,7 +5160,7 @@
- krb5_context context;
- krb5_auth_context auth_context;
- krb5_data *inbuf;
-- krb5_const_principal client;
-+ krb5_principal client;
- {
- krb5_creds ** creds=NULL;
- krb5_error_code retval;
-@@ -5197,7 +5191,7 @@
- if ((retval = krb5_cc_initialize(context, ccache, client)))
- return(retval);
-
-- if ((retval = krb5_rd_cred(context, auth_context, ccache, inbuf)))
-+ if ((retval = krb5_rd_cred2(context, auth_context, ccache, inbuf)))
- return(retval);
- #else /* HEIMDAL */
- if ((retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL)))
-@@ -5472,17 +5466,17 @@
- goto errout;
- }
- SendK5AuthSB(KRB5_TLS_VERIFY, msg.data, msg.length);
-+#ifdef HEIMDAL
-+ krb5_data_free(&msg);
-+#else
- krb5_free_data_contents(k5_context,&msg);
-+#endif
- }
- #endif /* CK_SSL */
- if ((how & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
- /* do ap_rep stuff here */
- if ((r = krb5_mk_rep(k5_context,
--#ifdef HEIMDAL
-- &auth_context,
--#else /* HEIMDAL */
- auth_context,
--#endif /* HEIMDAL */
- &outbuf))) {
- debug(F111,"k5_auth_is","krb5_mk_rep",r);
- (void) ckstrncpy(errbuf, "Make reply failed: ",sizeof(errbuf));
-@@ -5503,7 +5497,7 @@
- {
- szUserNameAuthenticated[0] = '\0';
- } else {
-- ckstrncpy(szUserNameAuthenticated,UIDBUFLEN,name);
-+ ckstrncpy(szUserNameAuthenticated,name,UIDBUFLEN);
- free(name);
- }
- }
-@@ -9687,6 +9681,7 @@
- return(-1);
- }
-
-+int
- #ifdef CK_ANSIC
- ck_krb4_destroy(struct krb_op_data * op)
- #else
-@@ -11228,7 +11223,12 @@
-
- use_ivecs = 1;
-
-- if (status = krb5_c_block_size(k5_context, k5_session_key->enctype,
-+ if (status = krb5_c_block_size(k5_context,
-+#ifdef HEIMDAL
-+ k5_session_key->keytype,
-+#else
-+ k5_session_key->enctype,
-+#endif
- &blocksize)) {
- /* XXX what do I do? */
- printf("fatal kerberos 5 crypto library error\n");
-@@ -11309,8 +11309,7 @@
- krb5_ap_rep_enc_part *rep_ret = NULL;
- krb5_data outbuf;
- int rc;
-- krb5_int32 seqno=0;
-- krb5_int32 server_seqno=0;
-+ int server_seqno=0;
- char ** realmlist=NULL;
- int buflen;
- char tgt[256];
-@@ -11388,7 +11387,11 @@
- }
-
- if (krb5_rlog_ver == KCMD_OLD_PROTOCOL)
-+#ifdef HEIMDAL
-+ get_cred->session.keytype=ETYPE_DES_CBC_CRC;
-+#else
- get_cred->keyblock.enctype=ENCTYPE_DES_CBC_CRC;
-+#endif
-
- /* Get ticket from credentials cache or kdc */
- status = krb5_get_credentials(k5_context,
-@@ -11429,10 +11432,11 @@
- krb5_boolean is_des;
-
- if (status = krb5_c_enctype_compare( k5_context,
-- ENCTYPE_DES_CBC_CRC,
- #ifdef HEIMDAL
-+ ETYPE_DES_CBC_CRC,
- ret_cred->session.keytype,
- #else /* HEIMDAL */
-+ ENCTYPE_DES_CBC_CRC,
- ret_cred->keyblock.enctype,
- #endif /* HEIMDAL */
- &is_des)) {
-@@ -11482,7 +11486,11 @@
- &rep_ret,
- NULL
- );
-+#ifdef HEIMDAL
-+ krb5_data_free(&cksumdat);
-+#else
- krb5_free_data_contents(k5_context,&cksumdat);
-+#endif
-
- if (status) {
- if ( !quiet )
-@@ -11490,12 +11498,17 @@
- error_message(status));
- if (error) {
- if ( !quiet ) {
-- printf("Server returned error code %d (%s)\r\n",
-- error->error,
-- error_message(ERROR_TABLE_BASE_krb5 + error->error));
-- if (error->text.length) {
-- printf("Error text sent from server: %s\r\n",
-- error->text.data);
-+#ifdef HEIMDAL
-+ int xerror = error->error_code;
-+ char *xtext = *error->e_text;
-+#else
-+ int xerror = error->error;
-+ char *xtext = error->text.length ? error->text.data : NULL;
-+#endif
-+ printf("Server returned error code %d (%s)\r\n", xerror,
-+ error_message(ERROR_TABLE_BASE_krb5 + xerror));
-+ if (xtext) {
-+ printf("Error text sent from server: %s\r\n", xtext);
- }
- }
- krb5_free_error(k5_context, error);
-@@ -11505,7 +11518,11 @@
- }
-
- if (rep_ret) {
-+#ifdef HEIMDAL
-+ server_seqno = *rep_ret->seq_number;
-+#else
- server_seqno = rep_ret->seq_number;
-+#endif
- krb5_free_ap_rep_enc_part(k5_context, rep_ret);
- }
-
-@@ -11834,7 +11851,11 @@
- rd_len = (rd_len << 8) | c;
-
- if (status = krb5_c_encrypt_length(k5_context,
-+#ifdef HEIMDAL
-+ k5_session_key->keytype,
-+#else
- k5_session_key->enctype,
-+#endif
- use_ivecs ? rd_len + 4 : rd_len,
- (size_t *)&net_len)) {
- errno = status;
-@@ -11865,9 +11886,15 @@
- plain.length = sizeof(storage);
- plain.data = storage;
-
-- if ( status = krb5_c_decrypt(k5_context, k5_session_key, KCMD_KEYUSAGE,
-+ if ( status = krb5_c_decrypt(k5_context,
-+#ifdef HEIMDAL
-+ *k5_session_key,
-+#else
-+ k5_session_key,
-+#endif
-+ KCMD_KEYUSAGE,
- use_ivecs ? encivec_i + secondary : 0,
-- &cipher,&plain) ) {
-+ &cipher,&plain) ) {
- /* probably out of sync */
- printf("Cannot decrypt data from network: %s\r\n",
- error_message(status));
-@@ -12759,8 +12786,8 @@
-
- static int
- binaryEqual (a, b, len)
--register char *a, *b;
--register int len;
-+char *a, *b;
-+int len;
- {
- while (len--)
- if (*a++ != *b++)
diff --git a/kermit/patches/patch-am b/kermit/patches/patch-am
deleted file mode 100644
index 244ff9dee2..0000000000
--- a/kermit/patches/patch-am
+++ /dev/null
@@ -1,14 +0,0 @@
-$NetBSD: patch-am,v 1.1 2011/05/14 19:27:53 hans Exp $
-
---- ckuusx.c.orig 2004-03-14 18:13:23.000000000 +0100
-+++ ckuusx.c 2009-12-26 23:23:19.652637206 +0100
-@@ -70,6 +70,9 @@ _PROTOTYP(char * os2_gethostname, (void)
- #ifdef BSD44
- #include <errno.h>
- #endif /* BSD44 */
-+#ifdef SOLARIS
-+#include <errno.h>
-+#endif
-
- extern xx_strp xxstring;
-
diff --git a/kermit/patches/patch-ck_ssl.c b/kermit/patches/patch-ck_ssl.c
new file mode 100644
index 0000000000..3c4d8b8417
--- /dev/null
+++ b/kermit/patches/patch-ck_ssl.c
@@ -0,0 +1,513 @@
+$NetBSD: patch-ab,v 1.8 2020/04/08 15:22:07 rhialto Exp $
+
+- Update for openssl 1.1.1e.
+- Kermit tries to keep SSL and TLS contexts (since in old openssl, the
+ *v23* methods were not version-flexible enough). Now afer simplification
+ there is lots of duplicate code left over that could be simplified more.
+
+--- ck_ssl.c.orig 2017-04-26 15:56:23.000000000 +0000
++++ ck_ssl.c
+@@ -303,7 +303,7 @@ X509_STORE_CTX *ctx;
+ break;
+ default:
+ printf("Error %d while verifying certificate.\r\n",
+- ctx->error);
++ error);
+ break;
+ }
+ }
+@@ -806,6 +806,17 @@ ssl_client_cert_callback(s, x509, pkey)
+ #define MS_CALLBACK
+ #endif /* MS_CALLBACK */
+
++static BIGNUM *get_RSA_F4()
++{
++ static BIGNUM *bn;
++
++ if (!bn) {
++ bn = BN_new();
++ BN_add_word(bn, RSA_F4);
++ }
++ return bn;
++}
++
+ static RSA MS_CALLBACK *
+ #ifdef CK_ANSIC
+ tmp_rsa_cb(SSL * s, int export, int keylength)
+@@ -824,7 +835,16 @@ int keylength;
+ if (ssl_debug_flag)
+ printf("Generating temporary (%d bit) RSA key...\r\n",keylength);
+
+- rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
++ rsa_tmp = RSA_new();
++ if (rsa_tmp) {
++ int error = RSA_generate_key_ex(rsa_tmp, keylength, get_RSA_F4(),NULL);
++ if (error) {
++ if (ssl_debug_flag)
++ printf(" error %d", error);
++ RSA_free(rsa_tmp);
++ rsa_tmp = NULL;
++ }
++ }
+
+ if (ssl_debug_flag)
+ printf("\r\n");
+@@ -938,10 +958,26 @@ get_dh512()
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ BIGNUM *p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
++ if ((p == NULL) || (g == NULL)) {
++ BN_free(g);
++ BN_free(p);
++ DH_free(dh);
++ return(NULL);
++ }
++ DH_set0_pqg(dh, p, NULL, g);
++#else
+ dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+ dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ BN_free(dh->g);
++ BN_free(dh->p);
++ DH_free(dh);
+ return(NULL);
++ }
++#endif
+ return(dh);
+ }
+
+@@ -952,10 +988,26 @@ get_dh768()
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ BIGNUM *p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
++ if ((p == NULL) || (g == NULL)) {
++ BN_free(g);
++ BN_free(p);
++ DH_free(dh);
++ return(NULL);
++ }
++ DH_set0_pqg(dh, p, NULL, g);
++#else
+ dh->p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
+ dh->g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ BN_free(dh->g);
++ BN_free(dh->p);
++ DH_free(dh);
+ return(NULL);
++ }
++#endif
+ return(dh);
+ }
+
+@@ -966,10 +1018,26 @@ get_dh1024()
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ BIGNUM *p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
++ if ((p == NULL) || (g == NULL)) {
++ BN_free(g);
++ BN_free(p);
++ DH_free(dh);
++ return(NULL);
++ }
++ DH_set0_pqg(dh, p, NULL, g);
++#else
+ dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+ dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ BN_free(dh->g);
++ BN_free(dh->p);
++ DH_free(dh);
+ return(NULL);
++ }
++#endif
+ return(dh);
+ }
+
+@@ -980,10 +1048,26 @@ get_dh1536()
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ BIGNUM *p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
++ if ((p == NULL) || (g == NULL)) {
++ BN_free(g);
++ BN_free(p);
++ DH_free(dh);
++ return(NULL);
++ }
++ DH_set0_pqg(dh, p, NULL, g);
++#else
+ dh->p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
+ dh->g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ BN_free(dh->g);
++ BN_free(dh->p);
++ DH_free(dh);
+ return(NULL);
++ }
++#endif
+ return(dh);
+ }
+
+@@ -994,10 +1078,26 @@ get_dh2048()
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ BIGNUM *p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
++ if ((p == NULL) || (g == NULL)) {
++ BN_free(g);
++ BN_free(p);
++ DH_free(dh);
++ return(NULL);
++ }
++ DH_set0_pqg(dh, p, NULL, g);
++#else
+ dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+ dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ BN_free(dh->g);
++ BN_free(dh->p);
++ DH_free(dh);
+ return(NULL);
++ }
++#endif
+ return(dh);
+ }
+ #endif /* NO_DH */
+@@ -1057,13 +1157,14 @@ ssl_display_comp(SSL * ssl)
+ return;
+
+ #ifndef OPENSSL_NO_COMP /* ifdefs Bernard Spil 12/2015 */
+- if (ssl->expand == NULL || ssl->expand->meth == NULL)
++ const COMP_METHOD *method = SSL_get_current_compression(ssl);
++ if (method == NULL)
+ #endif /* OPENSSL_NO_COMP */
+ printf("Compression: None\r\n");
+
+ #ifndef OPENSSL_NO_COMP /* ifdefs Bernard Spil 12/2015 */
+ else {
+- printf("Compression: %s\r\n",ssl->expand->meth->name);
++ printf("Compression: %s\r\n",SSL_COMP_get_name(method));
+ }
+ #endif /* OPENSSL_NO_COMP */
+ }
+@@ -1079,7 +1180,7 @@ int verbose;
+ #endif /* CK_ANSIC */
+ {
+ X509 *peer;
+- SSL_CIPHER * cipher;
++ const SSL_CIPHER * cipher;
+ const char *cipher_list;
+ char buf[512]="";
+
+@@ -1489,13 +1590,23 @@ the build.\r\n\r\n");
+
+ #ifdef ZLIB
+ cm = COMP_zlib();
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ if (cm != NULL && COMP_get_type(cm) != NID_undef) {
++#else
+ if (cm != NULL && cm->type != NID_undef) {
++#endif
+ SSL_COMP_add_compression_method(0xe0, cm); /* EAY's ZLIB ID */
+ }
+ #endif /* ZLIB */
++#ifdef NID_rle_compression
+ cm = COMP_rle();
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ if (cm != NULL && COMP_get_type(cm) != NID_undef)
++#else
+ if (cm != NULL && cm->type != NID_undef)
++#endif
+ SSL_COMP_add_compression_method(0xe1, cm); /* EAY's RLE ID */
++#endif /* NID_rle_compression */
+
+ /* Ensure the Random number generator has enough entropy */
+ if ( !RAND_status() ) {
+@@ -1613,12 +1724,6 @@ ssl_tn_init(mode) int mode;
+ /* This can fail because we do not have RSA available */
+ if ( !ssl_ctx ) {
+ debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
+-#ifndef OPENSSL_NO_SSL3 /* ifdef Bernard Spil 12/2015 */
+- ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
+-#endif /* OPENSSL_NO_SSL3 */
+- }
+- if ( !ssl_ctx ) {
+- debug(F110,"ssl_tn_init","SSLv3_client_method failed",0);
+ last_ssl_mode = -1;
+ return(0);
+ }
+@@ -1664,12 +1769,6 @@ ssl_tn_init(mode) int mode;
+ /* This can fail because we do not have RSA available */
+ if ( !ssl_ctx ) {
+ debug(F110,"ssl_tn_init","SSLv23_server_method failed",0);
+-#ifndef OPENSSL_NO_SSL3 /* ifdef Bernard Spil 12/2015 */
+- ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_server_method());
+-#endif /* OPENSSL_NO_SSL3 */
+- }
+- if ( !ssl_ctx ) {
+- debug(F110,"ssl_tn_init","SSLv3_server_method failed",0);
+ last_ssl_mode = -1;
+ return(0);
+ }
+@@ -1710,7 +1809,6 @@ ssl_tn_init(mode) int mode;
+ SSL_CTX_set_info_callback(ssl_ctx,ssl_client_info_callback);
+ SSL_CTX_set_info_callback(tls_ctx,ssl_client_info_callback);
+
+-#ifndef COMMENT
+ /* Set the proper caching mode */
+ if ( mode == SSL_SERVER ) {
+ SSL_CTX_set_session_cache_mode(ssl_ctx,SSL_SESS_CACHE_SERVER);
+@@ -1721,10 +1819,6 @@ ssl_tn_init(mode) int mode;
+ }
+ SSL_CTX_set_session_id_context(ssl_ctx,(CHAR *)"1",1);
+ SSL_CTX_set_session_id_context(tls_ctx,(CHAR *)"2",1);
+-#else /* COMMENT */
+- SSL_CTX_set_session_cache_mode(ssl_ctx,SSL_SESS_CACHE_OFF);
+- SSL_CTX_set_session_cache_mode(tls_ctx,SSL_SESS_CACHE_OFF);
+-#endif /* COMMENT */
+ }
+
+ /* The server uses defaults for the certificate files. */
+@@ -1832,7 +1926,14 @@ ssl_tn_init(mode) int mode;
+
+ if ( ssl_debug_flag )
+ printf("Generating temp (512 bit) RSA key ...\r\n");
+- rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
++ rsa = RSA_new();
++ if (rsa) {
++ int error = RSA_generate_key_ex(rsa,512,get_RSA_F4(),NULL);
++ if (error) {
++ RSA_free(rsa);
++ rsa = NULL;
++ }
++ }
+ if ( ssl_debug_flag )
+ printf("Generation of temp (512 bit) RSA key done\r\n");
+
+@@ -2230,7 +2331,7 @@ ssl_http_init(hostname) char * hostname;
+ * for TLS be sure to prevent use of SSLv2
+ */
+ SSL_CTX_set_options(tls_http_ctx,
+- SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA);
++ SSL_OP_NO_SSLv2/*|SSL_OP_NO_SSLv3*/|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA);
+
+ SSL_CTX_set_info_callback(tls_http_ctx,ssl_client_info_callback);
+
+@@ -2623,7 +2724,11 @@ ssl_anonymous_cipher(ssl) SSL * ssl;
+ int
+ ssl_verify_crl(int ok, X509_STORE_CTX *ctx)
+ {
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ X509_OBJECT *obj;
++#else
+ X509_OBJECT obj;
++#endif
+ X509_NAME *subject = NULL;
+ X509_NAME *issuer = NULL;
+ X509 *xs = NULL;
+@@ -2643,6 +2748,14 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
+ if (!crl_store)
+ return ok;
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ obj = X509_OBJECT_new();
++ if (!obj)
++ return(ok);
++#else
++ memset((char *)&obj, 0, sizeof(obj));
++#endif
++
+ store_ctx = X509_STORE_CTX_new();
+ if ( !store_ctx )
+ return(ok);
+@@ -2689,11 +2802,16 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
+ * Try to retrieve a CRL corresponding to the _subject_ of
+ * the current certificate in order to verify it's integrity.
+ */
+- memset((char *)&obj, 0, sizeof(obj));
+ X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
++ X509_STORE_CTX_cleanup(store_ctx);
++ crl = X509_OBJECT_get0_X509_CRL(obj);
++#else
+ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, &obj);
+ X509_STORE_CTX_cleanup(store_ctx);
+ crl = obj.data.crl;
++#endif
+ if (rc > 0 && crl != NULL) {
+ /*
+ * Verify the signature on this CRL
+@@ -2701,7 +2819,11 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
+ if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) {
+ fprintf(stderr, "Invalid signature on CRL!\n");
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ X509_OBJECT_free(obj);
++#else
+ X509_OBJECT_free_contents(&obj);
++#endif
+ X509_STORE_CTX_free(store_ctx);
+ return 0;
+ }
+@@ -2709,12 +2831,16 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
+ /*
+ * Check date of CRL to make sure it's not expired
+ */
+- i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
++ i = X509_cmp_current_time(X509_CRL_get0_nextUpdate(crl));
+ if (i == 0) {
+ fprintf(stderr, "Found CRL has invalid nextUpdate field.\n");
+ X509_STORE_CTX_set_error(ctx,
+ X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ X509_OBJECT_free(obj);
++#else
+ X509_OBJECT_free_contents(&obj);
++#endif
+ X509_STORE_CTX_free(store_ctx);
+ return 0;
+ }
+@@ -2723,22 +2849,38 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
+ "Found CRL is expired - revoking all certificates until you get updated CRL.\n"
+ );
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ X509_OBJECT_free(obj);
++#else
+ X509_OBJECT_free_contents(&obj);
++#endif
+ X509_STORE_CTX_free(store_ctx);
+ return 0;
+ }
+- X509_OBJECT_free_contents(&obj);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ X509_OBJECT_free(obj);
++#else
++ X509_OBJECT_free_contents(&obj);
++#endif
+ }
+
+ /*
+ * Try to retrieve a CRL corresponding to the _issuer_ of
+ * the current certificate in order to check for revocation.
+ */
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ memset((char *)&obj, 0, sizeof(obj));
++#endif
+ X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
++ X509_STORE_CTX_free(store_ctx); /* calls X509_STORE_CTX_cleanup() */
++ crl = X509_OBJECT_get0_X509_CRL(obj);
++#else
+ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, &obj);
+ X509_STORE_CTX_free(store_ctx); /* calls X509_STORE_CTX_cleanup() */
+ crl = obj.data.crl;
++#endif
+ if (rc > 0 && crl != NULL) {
+ /*
+ * Check if the current certificate is revoked by this CRL
+@@ -2746,19 +2888,34 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
+ n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
+ for (i = 0; i < n; i++) {
+ revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked),
++ X509_get_serialNumber(xs)) == 0) { // }
++
++ serial = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(revoked));
++#else
+ if (ASN1_INTEGER_cmp(revoked->serialNumber,
+ X509_get_serialNumber(xs)) == 0) {
+
+ serial = ASN1_INTEGER_get(revoked->serialNumber);
++#endif
+ cp = X509_NAME_oneline(issuer, NULL, 0);
+ free(cp);
+
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ X509_OBJECT_free(obj);
++#else
+ X509_OBJECT_free_contents(&obj);
++#endif
+ return 0;
+ }
+ }
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ X509_OBJECT_free(obj);
++#else
+ X509_OBJECT_free_contents(&obj);
++#endif
+ }
+ return ok;
+ }
+@@ -2929,6 +3086,7 @@ show_hostname_warning(char *s1, char *s2
+ #ifndef OpenBSD
+ #ifndef FREEBSD4
+ #ifndef NETBSD15
++#ifndef __DragonFly__
+ #ifndef LINUX
+ #ifndef AIX41
+ #ifndef UW7
+@@ -2971,6 +3129,7 @@ inet_aton(char * ipaddress, struct in_ad
+ #endif /* UW7 */
+ #endif /* AIX41 */
+ #endif /* LINUX */
++#endif /* __DragonFly__ */
+ #endif /* NETBSD15 */
+ #endif /* FREEBSD4 */
+ #endif /* OpenBSD */
+@@ -3113,7 +3272,7 @@ int
+ tls_is_anon(int x)
+ {
+ char buf[128];
+- SSL_CIPHER * cipher;
++ const SSL_CIPHER * cipher;
+ SSL * ssl = NULL;
+
+ switch ( x ) {
+@@ -3157,7 +3316,7 @@ int
+ tls_is_krb5(int x)
+ {
+ char buf[128];
+- SSL_CIPHER * cipher;
++ const SSL_CIPHER * cipher;
+ SSL * ssl = NULL;
+
+ switch ( x ) {
+@@ -4399,7 +4558,14 @@ X509_userok(X509 * peer_cert, const char
+ if (!(fp = fopen(buf, "r")))
+ return 0;
+ while (!r && (file_cert = PEM_read_X509(fp, NULL, NULL, NULL))) {
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ const ASN1_BIT_STRING *peer_cert_sig, *file_cert_sig;
++ X509_get0_signature(&peer_cert_sig, NULL, peer_cert);
++ X509_get0_signature(&file_cert_sig, NULL, file_cert);
++ if (!ASN1_STRING_cmp(peer_cert_sig, file_cert_sig))
++#else
+ if (!ASN1_STRING_cmp(peer_cert->signature, file_cert->signature))
++#endif
+ r = 1;
+ X509_free(file_cert);
+ }
diff --git a/kermit/patches/patch-ckcdeb.h b/kermit/patches/patch-ckcdeb.h
new file mode 100644
index 0000000000..8e15ccee12
--- /dev/null
+++ b/kermit/patches/patch-ckcdeb.h
@@ -0,0 +1,12 @@
+$NetBSD: patch-ac,v 1.9 2011/08/25 14:54:06 hans Exp $
+
+--- ckcdeb.h.orig 2010-08-23 15:30:56.000000000 +0200
++++ ckcdeb.h 2011-08-23 10:31:55.103102070 +0200
+@@ -4532,7 +4532,6 @@ extern int errno;
+ following is an anachronism and should be the execption rather than the
+ rule.
+ */
+-extern int errno;
+ #endif /* __GLIBC__ */
+ #endif /* OS2 */
+ #endif /* VMS */
diff --git a/kermit/patches/patch-ckcfns.c b/kermit/patches/patch-ckcfns.c
new file mode 100644
index 0000000000..906ee4ab09
--- /dev/null
+++ b/kermit/patches/patch-ckcfns.c
@@ -0,0 +1,14 @@
+$NetBSD: patch-ah,v 1.1 2005/12/18 23:15:43 joerg Exp $
+
+--- ckcfns.c.orig 2005-12-18 23:06:48.000000000 +0000
++++ ckcfns.c
+@@ -93,9 +93,7 @@ _PROTOTYP( long zfsize, (char *) );
+ #endif /* OS2ONLY */
+ #endif /* OS2 */
+
+-#ifdef VMS
+ #include <errno.h>
+-#endif /* VMS */
+
+ /* Externals from ckcmai.c */
+
diff --git a/kermit/patches/patch-ckcmai.c b/kermit/patches/patch-ckcmai.c
new file mode 100644
index 0000000000..2cb7cdc88a
--- /dev/null
+++ b/kermit/patches/patch-ckcmai.c
@@ -0,0 +1,12 @@
+$NetBSD: patch-ad,v 1.10 2012/05/17 20:29:13 christos Exp $
+
+--- ckcmai.c.orig 2012-05-17 16:22:58.000000000 -0400
++++ ckcmai.c 2012-05-17 16:23:53.000000000 -0400
+@@ -540,6 +540,7 @@
+
+ #include "ckcker.h" /* Kermit symbols */
+ #include "ckcnet.h" /* Network symbols */
++#include "ckupty.h" /* time.h */
+
+ #ifdef CK_SSL
+ #include "ck_ssl.h"
diff --git a/kermit/patches/patch-ckuath.c b/kermit/patches/patch-ckuath.c
new file mode 100644
index 0000000000..6205aca788
--- /dev/null
+++ b/kermit/patches/patch-ckuath.c
@@ -0,0 +1,391 @@
+$NetBSD: patch-al,v 1.3 2014/06/23 22:24:24 christos Exp $
+
+--- ckuath.c.orig 2011-06-13 13:26:54.000000000 -0400
++++ ckuath.c 2014-06-23 18:20:26.000000000 -0400
+@@ -117,19 +117,6 @@
+ #include <time.h>
+ #include <fcntl.h>
+ #include <errno.h>
+-#ifndef malloc
+-#ifndef VMS
+-#ifndef FREEBSD4
+-#ifndef OpenBSD
+-#ifdef MACOSX
+-#include <sys/malloc.h>
+-#else /* MACOSX */
+-#include <malloc.h>
+-#endif /* MACOSX */
+-#endif /* OpenBSD */
+-#endif /* FREEBSD4 */
+-#endif /* VMS */
+-#endif /* malloc */
+ #ifdef OS2
+ #include <io.h>
+ #endif /* OS2 */
+@@ -149,7 +136,9 @@
+ #endif /* saveprintf */
+ #else /* HEIMDAL */
+ #include "krb5.h"
++#ifdef BETATEST
+ #include "profile.h"
++#endif
+ #include "com_err.h"
+ #ifdef KRB5_GET_INIT_CREDS_OPT_TKT_LIFE
+ #define KRB5_HAVE_GET_INIT_CREDS
+@@ -417,7 +406,6 @@
+ char des_outpkt[2*RLOG_BUFSIZ+4]; /* needs to be > largest write size */
+ #ifdef KRB5
+ krb5_data desinbuf,desoutbuf;
+-krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */
+ static krb5_data encivec_i[2], encivec_o[2];
+
+ enum krb5_kcmd_proto {
+@@ -3145,8 +3133,13 @@
+ data.data = k4_session_key;
+ data.length = 8;
+
+- code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0,
+- &encdata, &data);
++ code = krb5_c_decrypt(k5_context,
++#ifdef HEIMDAL
++ k4_krbkey,
++#else
++ &k4_krbkey,
++#endif
++ 0, 0, &encdata, &data);
+
+ krb5_free_keyblock_contents(k5_context, &random_key);
+
+@@ -3162,8 +3155,13 @@
+ data.data = k4_challenge;
+ data.length = 8;
+
+- code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0,
+- &encdata, &data);
++ code = krb5_c_decrypt(k5_context,
++#ifdef HEIMDAL
++ k4_krbkey,
++#else
++ &k4_krbkey,
++#endif
++ 0, 0, &encdata, &data);
+ #else /* MIT_CURRENT */
+ memset(k4_sched,0,sizeof(Schedule));
+ ckhexdump("auth_send",cred.session,8);
+@@ -3295,7 +3293,7 @@
+ case AUTHTYPE_KERBEROS_V5:
+ debug(F111,"auth_send KRB5","k5_auth.length",k5_auth.length);
+ for ( i=0 ; i<k5_auth.length ; i++ ) {
+- if ( (char *)k5_auth.data[i] == IAC )
++ if ( ((char *)k5_auth.data)[i] == IAC )
+ iaccnt++;
+ }
+ if ( k5_auth.length + iaccnt + 10 < sizeof(buf) ) {
+@@ -4250,8 +4248,13 @@
+ kdata.data = k4_challenge;
+ kdata.length = 8;
+
+- if (code = krb5_c_decrypt(k5_context, &k4_krbkey, 0, 0,
+- &encdata, &kdata)) {
++ if (code = krb5_c_decrypt(k5_context,
++#ifdef HEIMDAL
++ k4_krbkey,
++#else
++ &k4_krbkey,
++#endif
++ 0, 0, &encdata, &kdata)) {
+ com_err("k4_auth_is", code, "while decrypting challenge");
+ auth_finished(AUTH_REJECT);
+ return AUTH_FAILURE;
+@@ -4752,9 +4755,11 @@
+ ap_opts |= AP_OPTS_MUTUAL_REQUIRED;
+
+ #ifdef HEIMDAL
++#ifdef notdef
+ r = krb5_auth_setkeytype(k5_context, auth_context, KEYTYPE_DES);
+ if (r)
+ com_err(NULL, r, "while setting auth keytype");
++#endif
+ r = krb5_auth_con_setaddrs_from_fd(k5_context,auth_context, &ttyfd);
+ if (r)
+ com_err(NULL, r, "while setting auth addrs");
+@@ -4924,7 +4929,6 @@
+ skey.data = k5_session_key->contents;
+ #endif /* HEIMDAL */
+ } else {
+-#ifdef HEIMDAL
+ switch ( k5_session_key->keytype ) {
+ case ETYPE_DES_CBC_CRC:
+ case ETYPE_DES_CBC_MD5:
+@@ -4934,24 +4938,17 @@
+ break;
+ default:
+ skey.type = SK_GENERIC;
++#ifdef HEIMDAL
++ skey.length = k5_session_key->keyvalue.length;
++#else /* HEIMDAL */
+ skey.length = k5_session_key->length;
++#endif /* HEIMDAL */
+ encrypt_dont_support(ENCTYPE_DES_CFB64);
+ encrypt_dont_support(ENCTYPE_DES_OFB64);
+ }
++#ifdef HEIMDAL
+ skey.data = k5_session_key->keyvalue.data;
+ #else /* HEIMDAL */
+- switch ( k5_session_key->enctype ) {
+- case ENCTYPE_DES_CBC_CRC:
+- case ENCTYPE_DES_CBC_MD5:
+- case ENCTYPE_DES_CBC_MD4:
+- skey.type = SK_DES;
+- skey.length = 8;
+- default:
+- skey.type = SK_GENERIC;
+- skey.length = k5_session_key->length;
+- encrypt_dont_support(ENCTYPE_DES_CFB64);
+- encrypt_dont_support(ENCTYPE_DES_OFB64);
+- }
+ skey.data = k5_session_key->contents;
+ #endif /* HEIMDAL */
+ }
+@@ -5038,7 +5035,6 @@
+ skey.data = k5_session_key->contents;
+ #endif /* HEIMDAL */
+ } else {
+-#ifdef HEIMDAL
+ switch ( k5_session_key->keytype ) {
+ case ETYPE_DES_CBC_CRC:
+ case ETYPE_DES_CBC_MD5:
+@@ -5047,21 +5043,15 @@
+ skey.length = 8;
+ default:
+ skey.type = SK_GENERIC;
++#ifdef HEIMDAL
++ skey.length = k5_session_key->keyvalue.length;
++#else /* HEIMDAL */
+ skey.length = k5_session_key->length;
++#endif /* HEIMDAL */
+ }
++#ifdef HEIMDAL
+ skey.data = k5_session_key->keyvalue.data;
+ #else /* HEIMDAL */
+- switch ( k5_session_key->enctype ) {
+- case ENCTYPE_DES_CBC_CRC:
+- case ENCTYPE_DES_CBC_MD5:
+- case ENCTYPE_DES_CBC_MD4:
+- skey.type = SK_DES;
+- skey.length = 8;
+- break;
+- default:
+- skey.type = SK_GENERIC;
+- skey.length = k5_session_key->length;
+- }
+ skey.data = k5_session_key->contents;
+ #endif /* HEIMDAL */
+ }
+@@ -5138,7 +5128,11 @@
+ }
+ if ( msg.length == 24 && !memcmp(msg.data,tls_verify,24) )
+ krb5_tls_verified = 1;
++#ifdef HEIMDAL
++ krb5_data_free(&msg);
++#else /* HEIMDAL */
+ krb5_free_data_contents(k5_context,&msg);
++#endif /* HEIMDAL */
+ if (krb5_tls_verified)
+ return(AUTH_SUCCESS);
+ }
+@@ -5166,7 +5160,7 @@
+ krb5_context context;
+ krb5_auth_context auth_context;
+ krb5_data *inbuf;
+- krb5_const_principal client;
++ krb5_principal client;
+ {
+ krb5_creds ** creds=NULL;
+ krb5_error_code retval;
+@@ -5197,7 +5191,7 @@
+ if ((retval = krb5_cc_initialize(context, ccache, client)))
+ return(retval);
+
+- if ((retval = krb5_rd_cred(context, auth_context, ccache, inbuf)))
++ if ((retval = krb5_rd_cred2(context, auth_context, ccache, inbuf)))
+ return(retval);
+ #else /* HEIMDAL */
+ if ((retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL)))
+@@ -5472,17 +5466,17 @@
+ goto errout;
+ }
+ SendK5AuthSB(KRB5_TLS_VERIFY, msg.data, msg.length);
++#ifdef HEIMDAL
++ krb5_data_free(&msg);
++#else
+ krb5_free_data_contents(k5_context,&msg);
++#endif
+ }
+ #endif /* CK_SSL */
+ if ((how & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+ /* do ap_rep stuff here */
+ if ((r = krb5_mk_rep(k5_context,
+-#ifdef HEIMDAL
+- &auth_context,
+-#else /* HEIMDAL */
+ auth_context,
+-#endif /* HEIMDAL */
+ &outbuf))) {
+ debug(F111,"k5_auth_is","krb5_mk_rep",r);
+ (void) ckstrncpy(errbuf, "Make reply failed: ",sizeof(errbuf));
+@@ -5503,7 +5497,7 @@
+ {
+ szUserNameAuthenticated[0] = '\0';
+ } else {
+- ckstrncpy(szUserNameAuthenticated,UIDBUFLEN,name);
++ ckstrncpy(szUserNameAuthenticated,name,UIDBUFLEN);
+ free(name);
+ }
+ }
+@@ -9687,6 +9681,7 @@
+ return(-1);
+ }
+
++int
+ #ifdef CK_ANSIC
+ ck_krb4_destroy(struct krb_op_data * op)
+ #else
+@@ -11228,7 +11223,12 @@
+
+ use_ivecs = 1;
+
+- if (status = krb5_c_block_size(k5_context, k5_session_key->enctype,
++ if (status = krb5_c_block_size(k5_context,
++#ifdef HEIMDAL
++ k5_session_key->keytype,
++#else
++ k5_session_key->enctype,
++#endif
+ &blocksize)) {
+ /* XXX what do I do? */
+ printf("fatal kerberos 5 crypto library error\n");
+@@ -11309,8 +11309,7 @@
+ krb5_ap_rep_enc_part *rep_ret = NULL;
+ krb5_data outbuf;
+ int rc;
+- krb5_int32 seqno=0;
+- krb5_int32 server_seqno=0;
++ int server_seqno=0;
+ char ** realmlist=NULL;
+ int buflen;
+ char tgt[256];
+@@ -11388,7 +11387,11 @@
+ }
+
+ if (krb5_rlog_ver == KCMD_OLD_PROTOCOL)
++#ifdef HEIMDAL
++ get_cred->session.keytype=ETYPE_DES_CBC_CRC;
++#else
+ get_cred->keyblock.enctype=ENCTYPE_DES_CBC_CRC;
++#endif
+
+ /* Get ticket from credentials cache or kdc */
+ status = krb5_get_credentials(k5_context,
+@@ -11429,10 +11432,11 @@
+ krb5_boolean is_des;
+
+ if (status = krb5_c_enctype_compare( k5_context,
+- ENCTYPE_DES_CBC_CRC,
+ #ifdef HEIMDAL
++ ETYPE_DES_CBC_CRC,
+ ret_cred->session.keytype,
+ #else /* HEIMDAL */
++ ENCTYPE_DES_CBC_CRC,
+ ret_cred->keyblock.enctype,
+ #endif /* HEIMDAL */
+ &is_des)) {
+@@ -11482,7 +11486,11 @@
+ &rep_ret,
+ NULL
+ );
++#ifdef HEIMDAL
++ krb5_data_free(&cksumdat);
++#else
+ krb5_free_data_contents(k5_context,&cksumdat);
++#endif
+
+ if (status) {
+ if ( !quiet )
+@@ -11490,12 +11498,17 @@
+ error_message(status));
+ if (error) {
+ if ( !quiet ) {
+- printf("Server returned error code %d (%s)\r\n",
+- error->error,
+- error_message(ERROR_TABLE_BASE_krb5 + error->error));
+- if (error->text.length) {
+- printf("Error text sent from server: %s\r\n",
+- error->text.data);
++#ifdef HEIMDAL
++ int xerror = error->error_code;
++ char *xtext = *error->e_text;
++#else
++ int xerror = error->error;
++ char *xtext = error->text.length ? error->text.data : NULL;
++#endif
++ printf("Server returned error code %d (%s)\r\n", xerror,
++ error_message(ERROR_TABLE_BASE_krb5 + xerror));
++ if (xtext) {
++ printf("Error text sent from server: %s\r\n", xtext);
+ }
+ }
+ krb5_free_error(k5_context, error);
+@@ -11505,7 +11518,11 @@
+ }
+
+ if (rep_ret) {
++#ifdef HEIMDAL
++ server_seqno = *rep_ret->seq_number;
++#else
+ server_seqno = rep_ret->seq_number;
++#endif
+ krb5_free_ap_rep_enc_part(k5_context, rep_ret);
+ }
+
+@@ -11834,7 +11851,11 @@
+ rd_len = (rd_len << 8) | c;
+
+ if (status = krb5_c_encrypt_length(k5_context,
++#ifdef HEIMDAL
++ k5_session_key->keytype,
++#else
+ k5_session_key->enctype,
++#endif
+ use_ivecs ? rd_len + 4 : rd_len,
+ (size_t *)&net_len)) {
+ errno = status;
+@@ -11865,9 +11886,15 @@
+ plain.length = sizeof(storage);
+ plain.data = storage;
+
+- if ( status = krb5_c_decrypt(k5_context, k5_session_key, KCMD_KEYUSAGE,
++ if ( status = krb5_c_decrypt(k5_context,
++#ifdef HEIMDAL
++ *k5_session_key,
++#else
++ k5_session_key,
++#endif
++ KCMD_KEYUSAGE,
+ use_ivecs ? encivec_i + secondary : 0,
+- &cipher,&plain) ) {
++ &cipher,&plain) ) {
+ /* probably out of sync */
+ printf("Cannot decrypt data from network: %s\r\n",
+ error_message(status));
+@@ -12759,8 +12786,8 @@
+
+ static int
+ binaryEqual (a, b, len)
+-register char *a, *b;
+-register int len;
++char *a, *b;
++int len;
+ {
+ while (len--)
+ if (*a++ != *b++)
diff --git a/kermit/patches/patch-ckuus5.c b/kermit/patches/patch-ckuus5.c
new file mode 100644
index 0000000000..0ff718fa12
--- /dev/null
+++ b/kermit/patches/patch-ckuus5.c
@@ -0,0 +1,13 @@
+$NetBSD: patch-aj,v 1.1 2006/06/28 23:13:18 dbj Exp $
+
+--- ckuus5.c.orig 2006-06-27 19:22:53.000000000 -0400
++++ ckuus5.c 2006-06-27 19:23:30.000000000 -0400
+@@ -28,6 +28,8 @@
+ #include "ckcker.h"
+ #include "ckuusr.h"
+
++#include <errno.h>
++
+ #ifdef DCMDBUF
+ char *line; /* Character buffer for anything */
+ char *tmpbuf;
diff --git a/kermit/patches/patch-ckuus6.c b/kermit/patches/patch-ckuus6.c
new file mode 100644
index 0000000000..aa5dad9677
--- /dev/null
+++ b/kermit/patches/patch-ckuus6.c
@@ -0,0 +1,16 @@
+$NetBSD: patch-ag,v 1.2 2011/08/25 14:54:06 hans Exp $
+
+--- ckuus6.c.orig 2011-06-07 17:27:51.000000000 +0200
++++ ckuus6.c 2011-08-23 10:34:29.697605882 +0200
+@@ -33,11 +33,7 @@
+ #endif /* def VMS [else] */
+ #endif /* NOSTAT */
+
+-#ifdef VMS
+-#ifndef TCPSOCKET
+ #include <errno.h>
+-#endif /* TCPSOCKET */
+-#endif /* VMS */
+
+ #ifdef datageneral
+ #define fgets(stringbuf,max,fd) dg_fgets(stringbuf,max,fd)
diff --git a/kermit/patches/patch-ckuus7.c b/kermit/patches/patch-ckuus7.c
new file mode 100644
index 0000000000..55430e3f1e
--- /dev/null
+++ b/kermit/patches/patch-ckuus7.c
@@ -0,0 +1,24 @@
+$NetBSD: patch-ak,v 1.2 2020/04/08 15:22:07 rhialto Exp $
+
+- Use version-flexible SSL/TLS method.
+
+--- ckuus7.c.orig 2011-06-23 16:13:11.000000000 +0000
++++ ckuus7.c
+@@ -32,6 +32,8 @@
+ #include "ckucmd.h"
+ #include "ckclib.h"
+
++#include <errno.h>
++
+ #ifdef VMS
+ #ifndef TCPSOCKET
+ #include <errno.h>
+@@ -14340,7 +14342,7 @@ sho_auth(cx) int cx; {
+ if (ssl_con == NULL) {
+ SSL_library_init();
+ ssl_ctx = (SSL_CTX *)
+- SSL_CTX_new((SSL_METHOD *)TLSv1_method());
++ SSL_CTX_new((SSL_METHOD *)SSLv23_method());
+ if (ssl_ctx != NULL)
+ ssl_con= (SSL *) SSL_new(ssl_ctx);
+ }
diff --git a/kermit/patches/patch-ckuusr.c b/kermit/patches/patch-ckuusr.c
new file mode 100644
index 0000000000..6547c595be
--- /dev/null
+++ b/kermit/patches/patch-ckuusr.c
@@ -0,0 +1,13 @@
+$NetBSD: patch-af,v 1.1 2005/12/18 23:15:43 joerg Exp $
+
+--- ckuusr.c.orig 2005-12-18 23:04:34.000000000 +0000
++++ ckuusr.c
+@@ -87,6 +87,8 @@ char *userv = "User Interface 8.0.278, 1
+ #define MULTINET_OLD_STYLE /* Leave select prototype undefined */
+ #endif /* MULTINET */
+
++#include <errno.h>
++
+ #include "ckcdeb.h"
+ #include "ckcasc.h"
+ #include "ckcker.h"
diff --git a/kermit/patches/patch-ckuusx.c b/kermit/patches/patch-ckuusx.c
new file mode 100644
index 0000000000..244ff9dee2
--- /dev/null
+++ b/kermit/patches/patch-ckuusx.c
@@ -0,0 +1,14 @@
+$NetBSD: patch-am,v 1.1 2011/05/14 19:27:53 hans Exp $
+
+--- ckuusx.c.orig 2004-03-14 18:13:23.000000000 +0100
++++ ckuusx.c 2009-12-26 23:23:19.652637206 +0100
+@@ -70,6 +70,9 @@ _PROTOTYP(char * os2_gethostname, (void)
+ #ifdef BSD44
+ #include <errno.h>
+ #endif /* BSD44 */
++#ifdef SOLARIS
++#include <errno.h>
++#endif
+
+ extern xx_strp xxstring;
+
diff --git a/kermit/patches/patch-makefile b/kermit/patches/patch-makefile
new file mode 100644
index 0000000000..e09a3e1474
--- /dev/null
+++ b/kermit/patches/patch-makefile
@@ -0,0 +1,98 @@
+$NetBSD: patch-aa,v 1.10 2011/12/06 01:19:16 sbd Exp $
+
+* Get K5LIB, K5INC, SSLLIB and SSLINC from pkgsrc.
+* s/-lgssapi/-lgssapi_krb5/ on netbsd+krb5*
+* Add $(LIBS) to link command on solaris2xg+openssl+zlib+pam+shadow
+* s@$(K5INC)/krb5@$(K5INC)/kerberosv5/ on solaris9g+krb5+ssl
+* On linux get HAVE_LIBCURSES and HAVE_CURSES from pkgsrc (with the
+ curses include and library pathes coming from BUILDLINK_*FLAGS).
+
+
+--- makefile.orig 2020-09-19 20:17:04.000000000 +0000
++++ makefile
+@@ -827,12 +827,12 @@ manroot = $(prefix)
+
+ K4LIB=-L/usr/kerberos/lib
+ K4INC=-I/usr/kerberos/include
+-K5LIB=-L/usr/kerberos/lib
+-K5INC=-I/usr/kerberos/include
++#K5LIB=-L/usr/kerberos/lib
++#K5INC=-I/usr/kerberos/include
+ SRPLIB=-L$(srproot)/lib
+ SRPINC=-I$(srproot)/include
+-SSLLIB=-L$(sslroot)/ssl/lib
+-SSLINC=-I$(sslroot)/ssl/include
++#SSLLIB=-L$(sslroot)/ssl/lib
++#SSLINC=-I$(sslroot)/ssl/include
+
+ # To override these assignments; for example, if your OpenSSL files are
+ # not in /usr/local/ssl, invoke the desired target like this:
+@@ -1878,7 +1878,7 @@ netbsd+krb5:
+ -DCK_CAST $$HAVE_DES -DNOFTP_GSSAPI $(K5INC) $(K5INC)/krb5 \
+ $(KFLAGS)" \
+ "LIBS= $(K5LIB) -L/usr/pkg/lib -R/usr/pkg/lib -lcurses $$DES_LIB \
+- -lcrypto -lgssapi -lkrb5 -lm -lutil $(LIBS)"
++ -lcrypto -lgssapi_krb5 -lkrb5 -lm -lutil $(LIBS)"
+
+ # NetBSD - With Kerberos 5 and SSL and Zlib.
+ # OK: 2011/08/21 on 5.1 with MIT Kerberos.
+@@ -1905,7 +1905,7 @@ netbsd+krb5+ssl netbsd+krb5+openssl+zlib
+ -DCK_SSL -DCK_PAM -DZLIB -DNO_DCL_INET_ATON $$OPENSSLOPTION \
+ $(KFLAGS)" "LNKFLAGS = $(LNKFLAGS)" \
+ "LIBS= $(K5LIB) -L/usr/pkg/lib -R/usr/pkg/lib -lssl $$DES_LIB \
+- -lcrypto -lcrypt -lgssapi -lkrb5 -lz -lm -lpam -lutil -lcurses $(LIBS)"
++ -lcrypto -lcrypt -lgssapi_krb5 -lkrb5 -lz -lm -lpam -lutil -lcurses $(LIBS)"
+
+ #Special Security Enhanced NetBSD target with SRP, SSL, and zlib support.
+ #To build this, you need to BUILD the pkgsrc srp_client package. After
+@@ -3553,7 +3553,7 @@ solaris2xg+openssl+zlib+pam+shadow:
+ -DCK_AUTHENTICATION -DCK_SSL -DCK_PAM -DCK_SHADOW -DZLIB \
+ -DBIGBUFOK $(SSLINC) $(KFLAGS)" \
+ "LIBS= $(SSLLIB) -ltermlib \
+- -lsocket -lnsl -lm -lresolv -lssl -lcrypto -lpam -lz"
++ -lsocket -lnsl -lm -lresolv -lssl -lcrypto -lpam -lz $(LIBS)"
+
+ #Ditto but with GCC 3.1 in which you have to specify 32-bit with -m32.
+ #In Solaris 9 (and maybe 8) you'll also need specifiy the Library path.
+@@ -3908,7 +3908,7 @@ solaris9g+krb5+ssl solaris10g+krb5+ssl s
+ -DCK_CURSES -DCK_NEWTERM -DDIRENT -DHDBUUCP -DTCPSOCKET -DBIGBUFOK \
+ -DCK_AUTHENTICATION -DCK_SSL -DZLIB -DCK_KERBEROS -DKRB5 \
+ -DCK_ENCRYPTION -DCK_CAST $$OPENSSLOPTION \
+- $$HAVE_DES $(SSLINC) $(K5INC) $(K5INC)/krb5 $(KFLAGS)" \
++ $$HAVE_DES $(SSLINC) $(K5INC) $(K5INC)/kerberosv5 $(KFLAGS)" \
+ "LIBS= $(SSLLIB) $(K5LIB) -lz -lssl -ltermlib -lsocket -lnsl -lm \
+ -lresolv -lcrypto \
+ $$GSSAPILIB -lkrb5 -lcom_err -lk5crypto $$DES_LIB $(LIBS)"
+@@ -6207,32 +6207,6 @@ linux-2015:
+ if test `grep openpty /usr/include/pty.h | wc -l` -gt 0; \
+ then HAVE_OPENPTY='-DHAVE_OPENPTY'; \
+ else HAVE_OPENPTY=''; fi ; \
+- HAVE_LIBCURSES=''; \
+- if test -f /lib64/libncurses.so.5 || \
+- test -f /lib64/libncurses.so || \
+- test -f /lib64/libncurses.a; then \
+- HAVE_LIBCURSES='-lncurses'; \
+- else if test -f /usr/lib64/libncurses.so || \
+- test -f /usr/lib/libncurses.a || \
+- test -f /usr/lib64/libncurses.so.5 || \
+- test -f /usr/lib/libncurses.so; then \
+- HAVE_LIBCURSES='-lncurses'; \
+- else if test -f /usr/lib/$(MULTIARCH)/libncurses.so || \
+- test -f /usr/lib/$(MULTIARCH)/libncurses.a || \
+- test -f /usr/lib/$(MULTIARCH)/libncurses.so; then \
+- HAVE_LIBCURSES='-lncurses'; \
+- else if test -f /usr/lib64/libcurses.so || \
+- test -f /usr/lib/libcurses.a || \
+- test -f /usr/lib/libcurses.so; then \
+- HAVE_LIBCURSES='-lcurses'; fi; fi; fi; fi; \
+- HAVE_CURSES=''; \
+- if test -n '$$HAVE_LIBCURSES'; then \
+- if test -f /usr/include/ncurses.h; then \
+- HAVE_CURSES='-DCK_NCURSES -I/usr/include/ncurses'; \
+- else if test -f /usr/include/curses.h; then \
+- HAVE_CURSES='-DCK_CURSES'; \
+- else HAVE_LIBCURSES=''; \
+- fi; fi; fi; \
+ if test -f /usr/include/baudboy.h || test -f /usr/include/ttylock.h; \
+ then HAVE_LOCKDEV='-DHAVE_LOCKDEV' ; \
+ else HAVE_LOCKDEV='' ; fi ; \
Home |
Main Index |
Thread Index |
Old Index