CVS commit: pkgsrc/www/hiawatha

["Hauke Fath" <hauke%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   hauke
Date:           Sun Dec  1 22:30:06 UTC 2024

Modified Files:
        pkgsrc/www/hiawatha: Makefile distinfo
Added Files:
        pkgsrc/www/hiawatha/patches: patch-src_tls.c

Log Message:
TLS v1.3 support is partly broken in mbedtls 3.6, see
<https://github.com/Mbed-TLS/mbedtls/issues/9223>

Since there is no configuration option for limiting the TLS version,
disable 1.3 until upstream updates the enclosed mbedtls.


To generate a diff of this commit:
cvs rdiff -u -r1.41 -r1.42 pkgsrc/www/hiawatha/Makefile
cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/hiawatha/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/www/hiawatha/patches/patch-src_tls.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/hiawatha/Makefile
diff -u pkgsrc/www/hiawatha/Makefile:1.41 pkgsrc/www/hiawatha/Makefile:1.42
--- pkgsrc/www/hiawatha/Makefile:1.41   Thu Nov 14 22:22:04 2024
+++ pkgsrc/www/hiawatha/Makefile        Sun Dec  1 22:30:06 2024
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.41 2024/11/14 22:22:04 wiz Exp $
+# $NetBSD: Makefile,v 1.42 2024/12/01 22:30:06 hauke Exp $
 
 PKGNAME=       hiawatha-${PKGVER}
 DISTNAME=      hiawatha-v${PKGVER}
 PKGVER=                11.6
-PKGREVISION=   4
+PKGREVISION=   5
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_GITLAB:=hsleisink/hiawatha/-/archive/v${PKGVER}/}
 EXTRACT_SUFX=  .tar.gz

Index: pkgsrc/www/hiawatha/distinfo
diff -u pkgsrc/www/hiawatha/distinfo:1.10 pkgsrc/www/hiawatha/distinfo:1.11
--- pkgsrc/www/hiawatha/distinfo:1.10   Thu Aug 22 15:59:21 2024
+++ pkgsrc/www/hiawatha/distinfo        Sun Dec  1 22:30:06 2024
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2024/08/22 15:59:21 hauke Exp $
+$NetBSD: distinfo,v 1.11 2024/12/01 22:30:06 hauke Exp $
 
 BLAKE2s (hiawatha-v11.6.tar.gz) = cb18a61b34c9ae64a1c21bdff6c57562aecddeaa15f6d4da6ab2e278dd81ffa0
 SHA512 (hiawatha-v11.6.tar.gz) = e0b23dd0626ea9850469feefd3f4c69119230e327c63ab4b68442abe695a232c5b4ea4250791cd00fe730c1c6ff3a0a66fafccde38c029d43b4506b1c817dd53
@@ -7,3 +7,4 @@ SHA1 (patch-CMakeLists.txt) = a96e51545a
 SHA1 (patch-config_hiawatha.conf.in) = 8a58402b0201ec6cd661f5d949e127edfe4b693a
 SHA1 (patch-extra_letsencrypt_letsencrypt.conf.in) = 718d44e883f8206fd88480c5503d962198992347
 SHA1 (patch-mbedtls_library_ssl_tls13_generic.c) = 292b21dfdb8b19309da8faa807fa200720b5e580
+SHA1 (patch-src_tls.c) = de1631f6ceff7a903964bcf5171e7ea24e933e71

Added files:

Index: pkgsrc/www/hiawatha/patches/patch-src_tls.c
diff -u /dev/null pkgsrc/www/hiawatha/patches/patch-src_tls.c:1.1
--- /dev/null   Sun Dec  1 22:30:06 2024
+++ pkgsrc/www/hiawatha/patches/patch-src_tls.c Sun Dec  1 22:30:06 2024
@@ -0,0 +1,19 @@
+$NetBSD: patch-src_tls.c,v 1.1 2024/12/01 22:30:06 hauke Exp $
+
+TLS v1.3 support is partly broken in mbedtls 3.6, see
+<https://github.com/Mbed-TLS/mbedtls/issues/9223>
+
+Since there is no configuration option for limiting the TLS version,
+disable until upstream updates the enclosed mbedtls.
+
+--- src/tls.c.orig     2024-12-01 20:57:08.785456125 +0000
++++ src/tls.c
+@@ -242,7 +242,7 @@ int tls_set_config(mbedtls_ssl_config **
+       }
+ 
+       mbedtls_ssl_conf_min_tls_version(*tls_config, MBEDTLS_SSL_VERSION_TLS1_2);
+-      mbedtls_ssl_conf_max_tls_version(*tls_config, MBEDTLS_SSL_VERSION_TLS1_3);
++      mbedtls_ssl_conf_max_tls_version(*tls_config, MBEDTLS_SSL_VERSION_TLS1_2);
+ 
+       mbedtls_ssl_conf_renegotiation(*tls_config, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
+       mbedtls_ssl_conf_rng(*tls_config, tls_random, &ctr_drbg);