Re: pkg/43975

[Rumko <rumko%rumko.net@localhost>]

The same problem comes up with security/heimdal as well, so attached (also 
available at 
http://www.rumko.net/pkgsrc/0001-security-heimdal-make-it-work-with-newer-OpenSSL.patch)
 
a patch to fix up that port as well.
-- 
Regards,
Rumko

From 399805959cdc3950e77ec328aa53099167024b84 Mon Sep 17 00:00:00 2001
From: Rumko <rumcic%gmail.com@localhost>
Date: Mon, 25 Oct 2010 10:08:33 +0200
Subject: [PATCH] security/heimdal: make it work with newer OpenSSL

MD2 has been removed from newer openssl.
---
 security/heimdal/distinfo         |    2 +
 security/heimdal/patches/patch-ab |   16 +++++
 security/heimdal/patches/patch-ae |  122 +++++++++++++++++++++++++++++++++++++
 3 files changed, 140 insertions(+), 0 deletions(-)
 create mode 100644 security/heimdal/patches/patch-ab
 create mode 100644 security/heimdal/patches/patch-ae

diff --git a/security/heimdal/distinfo b/security/heimdal/distinfo
index 034765d..b8730ba 100644
--- a/security/heimdal/distinfo
+++ b/security/heimdal/distinfo
@@ -4,8 +4,10 @@ SHA1 (heimdal-1.1.tar.gz) = 
64ddb2a2c47f732b2d9bbf2621062eaffa32e10f
 RMD160 (heimdal-1.1.tar.gz) = fecda9ca4db5b11c680aa3cccd705d22f98f25b7
 Size (heimdal-1.1.tar.gz) = 3622005 bytes
 SHA1 (patch-aa) = f0c74f3711ce3b6092aa2476323f7715929e367f
+SHA1 (patch-ab) = 99f25fa1fed456b4a890df15b3442cae31685506
 SHA1 (patch-ac) = d5df5fbd77d1750eef9359ceac907547175e11dd
 SHA1 (patch-ad) = 671f68d337029b1dc935d48ce3ae458355376c6b
+SHA1 (patch-ae) = ff9f918d7d45e5ea93edfbdc40fd463e23df78d0
 SHA1 (patch-al) = 2e92de5779abf7455d1bea79999949faa0417945
 SHA1 (patch-ar) = 05564ffaf170c13187c66e45f1f124352bfc092e
 SHA1 (patch-as) = dc314360d65b6acf1c23ffcbef23a4f750c62dab
diff --git a/security/heimdal/patches/patch-ab 
b/security/heimdal/patches/patch-ab
new file mode 100644
index 0000000..8f1b5bb
--- /dev/null
+++ b/security/heimdal/patches/patch-ab
@@ -0,0 +1,16 @@
+$NetBSD$
+
+MD2 has been removed from newer openssl.
+
+--- include/make_crypto.c.orig 2010-10-25 09:27:47 +0200
++++ include/make_crypto.c      2010-10-25 09:27:30 +0200
+@@ -71,7 +71,9 @@
+     fputs("#include <openssl/des.h>\n", f);
+     fputs("#include <openssl/rc4.h>\n", f);
+     fputs("#include <openssl/rc2.h>\n", f);
++    fputs("#ifndef OPENSSL_NO_MD2\n", f);
+     fputs("#include <openssl/md2.h>\n", f);
++    fputs("#endif\n", f);
+     fputs("#include <openssl/md4.h>\n", f);
+     fputs("#include <openssl/md5.h>\n", f);
+     fputs("#include <openssl/sha.h>\n", f);
diff --git a/security/heimdal/patches/patch-ae 
b/security/heimdal/patches/patch-ae
new file mode 100644
index 0000000..fa43137
--- /dev/null
+++ b/security/heimdal/patches/patch-ae
@@ -0,0 +1,122 @@
+$NetBSD$
+
+MD2 has been removed from newer openssl.
+
+--- lib/hx509/crypto.c.orig    2008-01-24 14:13:22 +0100
++++ lib/hx509/crypto.c 2010-10-25 09:40:59 +0200
+@@ -841,6 +841,7 @@
+     return 0;
+ }
+ 
++#ifndef OPENSSL_NO_MD2
+ static int
+ md2_verify_signature(hx509_context context,
+                    const struct signature_alg *sig_alg,
+@@ -870,6 +871,7 @@
+ 
+     return 0;
+ }
++#endif
+ 
+ static const struct signature_alg heim_rsa_pkcs1_x509 = {
+     "rsa-pkcs1-x509",
+@@ -926,6 +928,7 @@
+     rsa_create_signature
+ };
+ 
++#ifndef OPENSSL_NO_MD2
+ static const struct signature_alg rsa_with_md2_alg = {
+     "rsa-with-md2",
+     oid_id_pkcs1_md2WithRSAEncryption,
+@@ -936,6 +939,7 @@
+     rsa_verify_signature,
+     rsa_create_signature
+ };
++#endif
+ 
+ static const struct signature_alg dsa_sha1_alg = {
+     "dsa-with-sha1",
+@@ -980,6 +984,7 @@
+     md5_verify_signature
+ };
+ 
++#ifndef OPENSSL_NO_MD2
+ static const struct signature_alg md2_alg = {
+     "rsa-md2",
+     oid_id_rsa_digest_md2,
+@@ -989,6 +994,7 @@
+     SIG_DIGEST,
+     md2_verify_signature
+ };
++#endif
+ 
+ /* 
+  * Order matter in this structure, "best" first for each "key
+@@ -1000,13 +1006,17 @@
+     &rsa_with_sha1_alg,
+     &pkcs1_rsa_sha1_alg,
+     &rsa_with_md5_alg,
++#ifndef OPENSSL_NO_MD2
+     &rsa_with_md2_alg,
++#endif
+     &heim_rsa_pkcs1_x509,
+     &dsa_sha1_alg,
+     &sha256_alg,
+     &sha1_alg,
+     &md5_alg,
++#ifndef OPENSSL_NO_MD2
+     &md2_alg,
++#endif
+     NULL
+ };
+ 
+@@ -1432,10 +1442,12 @@
+     { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
+ };
+ 
++#ifndef OPENSSL_NO_MD2
+ static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 };
+ const AlgorithmIdentifier _hx509_signature_md2_data = { 
+     { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid)
+ };
++#endif
+ 
+ static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 };
+ const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = { 
+@@ -1462,10 +1474,12 @@
+     { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
+ };
+ 
++#ifndef OPENSSL_NO_MD2
+ static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 };
+ const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = { 
+     { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL
+ };
++#endif
+ 
+ static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
+ const AlgorithmIdentifier _hx509_signature_rsa_data = { 
+@@ -1512,9 +1526,11 @@
+ hx509_signature_md5(void)
+ { return &_hx509_signature_md5_data; }
+ 
++#ifndef OPENSSL_NO_MD2
+ const AlgorithmIdentifier *
+ hx509_signature_md2(void)
+ { return &_hx509_signature_md2_data; }
++#endif
+ 
+ const AlgorithmIdentifier *
+ hx509_signature_rsa_with_sha512(void)
+@@ -1536,9 +1552,11 @@
+ hx509_signature_rsa_with_md5(void)
+ { return &_hx509_signature_rsa_with_md5_data; }
+ 
++#ifndef OPENSSL_NO_MD2
+ const AlgorithmIdentifier *
+ hx509_signature_rsa_with_md2(void)
+ { return &_hx509_signature_rsa_with_md2_data; }
++#endif
+ 
+ const AlgorithmIdentifier *
+ hx509_signature_rsa(void)
-- 
1.7.0.7

Attachment: signature.asc
Description: This is a digitally signed message part.