Import of pkgsrc-2015Q1

2015-04-22 14:34:26 +02:00
parent 9a8c06dafb
commit 4af1cdf7a9
25114 changed files with 870550 additions and 795435 deletions
--- a/security/stud/Makefile
+++ b/security/stud/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.2 2014/02/12 23:18:37 tron Exp $
+# $NetBSD: Makefile,v 1.6 2015/03/04 12:04:30 jperkin Exp $
 #

 PKGNAME=	stud-0.3p53
-PKGREVISION=	1
+PKGREVISION=	5
 CATEGORIES=	security
 MAINTAINER=	jym@NetBSD.org
 HOMEPAGE=	http://github.com/bumptech/stud
@@ -13,10 +13,12 @@ MASTER_SITES=	http://rohara.fedorapeople.org/stud/
 DISTNAME=	bumptech-stud-0.3-51-g0b88039
 WRKSRC=		${WRKDIR}/bumptech-stud-0b88039

-USE_TOOLS+=		gmake pax:run
+USE_TOOLS+=		gmake nroff pax:run

 BUILD_DEFS+=		STUD_USER STUD_GROUP VARBASE

+.include "../../mk/bsd.prefs.mk"
+
 STUD_USER?=		stud
 STUD_GROUP?=		stud
 # Default file that should contain the X509 certificates PEM file
@@ -32,7 +34,7 @@ RCD_SCRIPTS=		stud

 EGDIR=			${PREFIX}/share/examples/stud
 OWN_DIRS=		${STUD_HOME}
-INSTALLATION_DIRS+=	bin ${EGDIR}
+INSTALLATION_DIRS+=	bin ${EGDIR} ${PKGMANDIR}/cat8

 FILES_SUBST+=		STUD_HOME=${STUD_HOME:Q}

@@ -55,8 +57,20 @@ CONF_FILES+=		${EGDIR}/stud.conf ${PKG_SYSCONFDIR}/stud.conf
 post-extract:
 	${CP} ${FILESDIR}/stud.conf ${WRKSRC}/stud.conf

+post-build:
+.if !empty(MANINSTALL:Mcatinstall)
+	cd ${WRKSRC} && nroff -mdoc stud.8 > stud.cat8
+.endif
+
 post-install:
 	${INSTALL_DATA} ${WRKSRC}/stud.conf ${DESTDIR}${EGDIR}/stud.conf
+.if !empty(MANINSTALL:Mcatinstall)
+.  if defined(CATMAN_SECTION_SUFFIX) && !empty(CATMAN_SECTION_SUFFIX:M[Yy][Ee][Ss])
+	${INSTALL_MAN} ${WRKSRC}/stud.cat8 ${DESTDIR}${PREFIX}/${PKGMANDIR}/cat8/stud.8
+.  else
+	${INSTALL_MAN} ${WRKSRC}/stud.cat8 ${DESTDIR}${PREFIX}/${PKGMANDIR}/cat8/stud.0
+.  endif
+.endif

 .include "../../devel/libev/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
--- a/security/stud/PLIST
+++ b/security/stud/PLIST
@@ -1,4 +1,5 @@
-@comment $NetBSD: PLIST,v 1.2 2014/03/11 14:05:14 jperkin Exp $
+@comment $NetBSD: PLIST,v 1.3 2014/09/23 14:26:35 fhajny Exp $
 bin/stud
+man/cat8/stud.0
 man/man8/stud.8
 share/examples/stud/stud.conf
--- a/security/stud/distinfo
+++ b/security/stud/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.1 2013/03/16 19:41:35 jym Exp $
+$NetBSD: distinfo,v 1.4 2015/03/04 12:04:30 jperkin Exp $

 SHA1 (bumptech-stud-0.3-51-g0b88039.tar.gz) = fad22d9cf008b7db8f30d8d7ca0a6fcc177714de
 RMD160 (bumptech-stud-0.3-51-g0b88039.tar.gz) = 66a186e1095fd127945802ab681f5948ee1d4011
@@ -6,4 +6,4 @@ Size (bumptech-stud-0.3-51-g0b88039.tar.gz) = 41000 bytes
 SHA1 (patch-Makefile) = c0794c6ebb3bdc3d55b473acec674a9f98b03ffb
 SHA1 (patch-configuration.c) = 886226a104f84bac6902bb8a8593d37a25653563
 SHA1 (patch-stud.8) = a6b36ab6ac8c65cbc70172a9c230b22965cbdc3d
-SHA1 (patch-stud.c) = 9b11693619291925376f35f1443bbec83a1d798b
+SHA1 (patch-stud.c) = d9a6ce93c43ef949011f0e6784b6f017f3e3b6fc
--- a/security/stud/files/smf/manifest.xml
+++ b/security/stud/files/smf/manifest.xml
@@ -0,0 +1,29 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<service_bundle type='manifest' name='@SMF_NAME@'>
+  <service name='@SMF_PREFIX@/@SMF_NAME@' type='service' version='1'>
+    <create_default_instance enabled='false' />
+    <single_instance />
+    <dependency name='network' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/milestone/network:default' />
+    </dependency>
+    <dependency name='filesystem' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/system/filesystem/local' />
+    </dependency>
+    <exec_method type='method' name='start' exec='@PREFIX@/bin/stud --config=%{config_file}' timeout_seconds='60' />
+    <exec_method type='method' name='stop' exec=':kill' timeout_seconds='60' />
+    <property_group name='startd' type='framework'>
+      <propval name='duration' type='astring' value='contract' />
+      <propval name='ignore_error' type='astring' value='core,signal' />
+    </property_group>
+    <property_group name='application' type='application'>
+      <propval name='config_file' type='astring' value='@PKG_SYSCONFDIR@/stud.conf' />
+    </property_group>
+    <stability value='Evolving' />
+    <template>
+      <common_name>
+        <loctext xml:lang='C'>Scalable TLS Unwrapping Daemon</loctext>
+      </common_name>
+    </template>
+  </service>
+</service_bundle>
--- a/security/stud/patches/patch-stud.c
+++ b/security/stud/patches/patch-stud.c
@@ -1,7 +1,10 @@
-$NetBSD: patch-stud.c,v 1.1 2013/03/16 19:41:36 jym Exp $
+$NetBSD: patch-stud.c,v 1.4 2015/03/04 12:04:30 jperkin Exp $

-SunOS fixes as per https://github.com/bumptech/stud/pull/71.
--- stud.c.orig	2012-08-15 10:33:39.000000000 +0000
+SunOS fixes as per https://github.com/bumptech/stud/pull/71
+SSL fixes as per https://github.com/bumptech/stud/pull/130
+TLS fixes as per https://github.com/bumptech/stud/pull/138
+
+--- stud.c.orig	2012-08-10 23:40:19.000000000 +0000
 +++ stud.c
@@ -189,9 +189,17 @@ typedef struct proxystate {
 
@@ -35,7 +38,68 @@ SunOS fixes as per https://github.com/bumptech/stud/pull/71.
     if(setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &optval, optlen) < 0) {
         ERR("Error setting TCP_KEEPIDLE on client socket: %s", strerror(errno));
     }
-@@ -1751,24 +1759,16 @@ void daemonize () {
+@@ -598,16 +606,14 @@ SSL_CTX *make_ctx(const char *pemfile) {
+ #endif
+ 
+     if (CONFIG->ETYPE == ENC_TLS) {
+-        ctx = SSL_CTX_new((CONFIG->PMODE == SSL_CLIENT) ?
+-                TLSv1_client_method() : TLSv1_server_method());
+-    } else if (CONFIG->ETYPE == ENC_SSL) {
+-        ctx = SSL_CTX_new((CONFIG->PMODE == SSL_CLIENT) ?
+-                SSLv23_client_method() : SSLv23_server_method());
+-    } else {
+        ssloptions |= SSL_OP_NO_SSLv3;
+    } else if (CONFIG->ETYPE != ENC_SSL) {
+         assert(CONFIG->ETYPE == ENC_TLS || CONFIG->ETYPE == ENC_SSL);
+         return NULL; // Won't happen, but gcc was complaining
+     }
+ 
+    ctx = SSL_CTX_new((CONFIG->PMODE == SSL_CLIENT) ?
+            SSLv23_client_method() : SSLv23_server_method());
+     SSL_CTX_set_options(ctx, ssloptions);
+     SSL_CTX_set_info_callback(ctx, info_callback);
+ 
+@@ -889,6 +895,13 @@ static void shutdown_proxy(proxystate *p
+         close(ps->fd_up);
+         close(ps->fd_down);
+ 
+        // Clear the SSL error queue - it might contain details
+        // of errors that we haven't consumed for whatever reason.
+        // If we don't, future calls to SSL_get_error will lead to 
+        // weird/confusing results that can throw off the handling
+        // of normal conditions like SSL_ERROR_WANT_READ.
+        ERR_clear_error();
+
+         SSL_set_shutdown(ps->ssl, SSL_SENT_SHUTDOWN);
+         SSL_free(ps->ssl);
+ 
+@@ -1197,7 +1210,15 @@ static void client_handshake(struct ev_l
+             shutdown_proxy(ps, SHUTDOWN_SSL);
+         }
+         else {
+-            LOG("{%s} Unexpected SSL error (in handshake): %d\n", w->fd == ps->fd_up ? "client" : "backend", err);
+
+            // Try and get more detail on the error from the SSL
+            // error queue. ERR_error_string requires a char buffer
+            // of 120 bytes.
+            unsigned long err_detail = ERR_get_error();
+            char err_msg[120];
+            ERR_error_string(err_detail, err_msg);
+
+            LOG("{client} Unexpected SSL error (in handshake): %d, %s\n", err, err_msg);
+             shutdown_proxy(ps, SHUTDOWN_SSL);
+         }
+     }
+@@ -1312,7 +1333,7 @@ static void handle_accept(struct ev_loop
+             break;
+ 
+         default:
+-            assert(errno == EINTR || errno == EWOULDBLOCK || errno == EAGAIN);
+            assert(errno == EINTR || errno == EWOULDBLOCK || errno == EAGAIN || errno == ECONNABORTED);
+             break;
+         }
+         return;
+@@ -1751,24 +1772,16 @@ void daemonize () {
         exit(0);
     }