diff --git a/archivers/libarchive/Makefile b/archivers/libarchive/Makefile index de51922736a9..2e739bdf12bf 100644 --- a/archivers/libarchive/Makefile +++ b/archivers/libarchive/Makefile @@ -1,115 +1,116 @@ PORTNAME= libarchive DISTVERSION= 3.5.2 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= archivers MASTER_SITES= https://github.com/${PORTNAME}/${PORTNAME}/releases/download/v${DISTVERSION}/ \ https://libarchive.org/downloads/ MAINTAINER= glewis@FreeBSD.org COMMENT= Library to create and read several streaming archive formats LICENSE= BSD2CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING LIB_DEPENDS= libexpat.so:textproc/expat2 OPTIONS_DEFINE= LZ4 LZO ZSTD OPTIONS_DEFAULT=LZ4 ZSTD OPENSSL OPTIONS_RADIO= CRYPTO OPTIONS_RADIO_CRYPTO= OPENSSL MBEDTLS NETTLE CRYPTO_DESC= Crypto and hashing support NETTLE_DESC= Crypto support via Nettle USES= cpe iconv libtool localbase:ldflags pathfix tar:xz GNU_CONFIGURE= yes USE_LDCONFIG= yes INSTALL_TARGET= install-strip TEST_TARGET= check CONFIGURE_ARGS= --disable-static --without-xml2 PLIST_FILES= bin/bsdcat \ bin/bsdcpio \ bin/bsdtar \ include/archive.h \ include/archive_entry.h \ lib/libarchive.so \ lib/libarchive.so.13 \ lib/libarchive.so.1${PORTVERSION} \ libdata/pkgconfig/libarchive.pc \ man/man1/bsdcat.1.gz \ man/man1/bsdcpio.1.gz \ man/man1/bsdtar.1.gz \ man/man3/archive_entry.3.gz \ man/man3/archive_entry_acl.3.gz \ man/man3/archive_entry_linkify.3.gz \ man/man3/archive_entry_misc.3.gz \ man/man3/archive_entry_paths.3.gz \ man/man3/archive_entry_perms.3.gz \ man/man3/archive_entry_stat.3.gz \ man/man3/archive_entry_time.3.gz \ man/man3/archive_read.3.gz \ man/man3/archive_read_add_passphrase.3.gz \ man/man3/archive_read_data.3.gz \ man/man3/archive_read_disk.3.gz \ man/man3/archive_read_extract.3.gz \ man/man3/archive_read_filter.3.gz \ man/man3/archive_read_format.3.gz \ man/man3/archive_read_free.3.gz \ man/man3/archive_read_header.3.gz \ man/man3/archive_read_new.3.gz \ man/man3/archive_read_open.3.gz \ man/man3/archive_read_set_options.3.gz \ man/man3/archive_util.3.gz \ man/man3/archive_write.3.gz \ man/man3/archive_write_blocksize.3.gz \ man/man3/archive_write_data.3.gz \ man/man3/archive_write_disk.3.gz \ man/man3/archive_write_filter.3.gz \ man/man3/archive_write_finish_entry.3.gz \ man/man3/archive_write_format.3.gz \ man/man3/archive_write_free.3.gz \ man/man3/archive_write_header.3.gz \ man/man3/archive_write_new.3.gz \ man/man3/archive_write_open.3.gz \ man/man3/archive_write_set_options.3.gz \ man/man3/archive_write_set_passphrase.3.gz \ man/man3/libarchive.3.gz \ man/man3/libarchive_changes.3.gz \ man/man3/libarchive_internals.3.gz \ man/man5/cpio.5.gz \ man/man5/libarchive-formats.5.gz \ man/man5/mtree.5.gz \ man/man5/tar.5.gz LZO_LIB_DEPENDS= liblzo2.so:archivers/lzo2 LZO_CONFIGURE_WITH= lzo2 LZ4_LIB_DEPENDS= liblz4.so:archivers/liblz4 LZ4_CONFIGURE_WITH= lz4 ZSTD_LIB_DEPENDS= libzstd.so:archivers/zstd ZSTD_CONFIGURE_WITH= zstd NETTLE_LIB_DEPENDS= libnettle.so:security/nettle NETTLE_CONFIGURE_WITH= nettle OPENSSL_USES= ssl OPENSSL_CONFIGURE_WITH= openssl OPENSSL_CONFIGURE_OFF= --without-openssl MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls MBEDTLS_CONFIGURE_WITH= mbedtls .include .if empty(ICONV_LIB) CONFIGURE_ENV+= ac_cv_header_localcharset_h=no \ ac_cv_func_locale_charset=no \ ac_cv_lib_charset_locale_charset=no .endif .include diff --git a/biology/ncbi-vdb/Makefile b/biology/ncbi-vdb/Makefile index a5d0c8811989..46cec897971a 100644 --- a/biology/ncbi-vdb/Makefile +++ b/biology/ncbi-vdb/Makefile @@ -1,65 +1,65 @@ PORTNAME= ncbi-vdb DISTVERSION= 2.11.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= biology MAINTAINER= mzaki@niid.go.jp COMMENT= NCBI's virtualized back-end for accessing Sequence Read Archive LICENSE= PD LICENSE_FILE= ${WRKSRC}/LICENSE ONLY_FOR_ARCHS= amd64 i386 ONLY_FOR_ARCHS_REASON= libs/search/nucstrstr.c requires SSE2 instructions BUILD_DEPENDS= bash:shells/bash \ libepoll-shim>0:devel/libepoll-shim LIB_DEPENDS= libxml2.so:textproc/libxml2 \ libhdf5.so:science/hdf5 \ libmbedtls.so:security/mbedtls USES= compiler:c11 gmake localbase:ldflags perl5 shebangfix USE_PERL5= build USE_LDCONFIG= yes USE_GITHUB= yes GH_ACCOUNT= ncbi GH_TUPLE+= ncbi:ngs:${DISTVERSION}:ngs # ported as biology/ngs-sdk SHEBANG_GLOB= *.sh *.pl GNU_CONFIGURE= yes CONFIGURE_ARGS= --with-xml2-prefix=${LOCALBASE} \ --with-hdf5-prefix=${LOCALBASE} \ --with-mbedtls-prefix=${LOCALBASE} \ CC="${CC}" CXX="${CXX}" TOOLS="${CHOSEN_COMPILER_TYPE}" MAKE_ENV+= CPATH="${LOCALBASE}/include/libepoll-shim" MAKE_ARGS+= CCNAME=${CC} CXXNAME=${CXX} PKGCFLAGS="${CFLAGS}" CFLAGS+= -I${WRKSRC}/lib MAKE_JOBS_UNSAFE= yes post-extract: @${LN} -sf ${WRKSRC_ngs} ${WRKDIR}/ngs @${LN} -sf ${WRKSRC} ${WRKDIR}/${PORTNAME} pre-patch: @${CP} ${FILESDIR}/Makefile.bsd ${WRKSRC}/build/ @for f in ${WRKSRC}/build/ld.linux.*.sh; do ${CP} -p $${f} $${f%linux*}bsd$${f#*linux}; done @${CP} -p ${WRKSRC}/build/ld.linux.gcc.sh ${WRKSRC}/build/ld.bsd.clang.sh @${MKDIR} ${WRKSRC}/interfaces/os/bsd @${CP} -p ${WRKSRC}/interfaces/os/mac/endian.h ${WRKSRC}/interfaces/os/bsd/ post-patch: @${GREP} -q '@@PREFIX@@' ${WRKSRC}/libs/kfg/config.c || (echo "@@PREFIX@@ in file/patch-libs_kfg_config.c is overwritten probably due to using 'make makepatch'"; exit 1) @${REINPLACE_CMD} -e 's#@@PREFIX@@#"${PREFIX}"#' ${WRKSRC}/libs/kfg/config.c post-configure: @${ECHO} ${CHOSEN_COMPILER_TYPE} > ${WRKSRC}/build/COMP # The 'install' target installs broken-looking static libs with symlinks. # This is intentional, see comments https://github.com/ncbi/ncbi-vdb/issues/36#issuecomment-817990790 This may change in future versions. .include diff --git a/dns/kadnode/Makefile b/dns/kadnode/Makefile index fc85aa004638..9b601858f559 100644 --- a/dns/kadnode/Makefile +++ b/dns/kadnode/Makefile @@ -1,74 +1,74 @@ # Created by: Moritz Warning PORTNAME= kadnode DISTVERSIONPREFIX= v DISTVERSION= 2.3.0 -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= dns MAINTAINER= moritzwarning@web.de COMMENT= P2P name resolution daemon LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE USES= cpe gmake CPE_VENDOR= ${PORTNAME}_project USE_GITHUB= yes GH_ACCOUNT= mwarning GH_PROJECT= KadNode USE_RC_SUBR= kadnode MAKE_ENV= FEATURES="${FEATURES}" SUB_FILES= kadnode.conf OPTIONS_DEFINE= AUTH CMD DEBUG DNS LPD NATPMP NSS UPNP OPTIONS_DEFAULT= AUTH CMD LPD NSS OPTIONS_SUB= yes AUTH_DESC= Authorization support based on mbedtls CMD_DESC= Command line control tool kadnode-ctl DEBUG_DESC= Build with debug messages and symbols DNS_DESC= Include local DNS interface LPD_DESC= Local peer discovery NATPMP_DESC= NAT-PMP support (remote port forwarding on the router) NSS_DESC= Name Service Switch support to intercept host queries UPNP_DESC= UPnP support (remote port forwarding on the router) AUTH_LIB_DEPENDS= libmbedtls.so:security/mbedtls AUTH_VARS= FEATURES+="bob tls" CMD_VARS= FEATURES+="cmd" DEBUG_VARS= FEATURES+="debug" DNS_VARS= FEATURES+="dns" LPD_VARS= FEATURES+="lpd" NATPMP_LIB_DEPENDS= libnatpmp.so:net/libnatpmp NATPMP_VARS= FEATURES+="natpmp" NSS_VARS= FEATURES+="nss" UPNP_LIB_DEPENDS= libminiupnpc.so:net/miniupnpc UPNP_VARS= FEATURES+="upnp" do-install: ${INSTALL_PROGRAM} ${WRKSRC}/build/kadnode ${STAGEDIR}${PREFIX}/bin/ ${RLN} ${STAGEDIR}${PREFIX}/bin/kadnode ${STAGEDIR}${PREFIX}/bin/kadnode-ctl ${MKDIR} ${STAGEDIR}${ETCDIR} ${INSTALL_DATA} ${WRKSRC}/misc/peers.txt \ ${STAGEDIR}${ETCDIR}/peers.txt.sample ${INSTALL_DATA} ${WRKDIR}/kadnode.conf \ ${STAGEDIR}${ETCDIR}/kadnode.conf.sample ${INSTALL_MAN} ${WRKSRC}/misc/manpage \ ${STAGEDIR}${MANPREFIX}/man/man1/kadnode.1 do-install-NSS-on: ${INSTALL_LIB} ${WRKSRC}/build/libnss_kadnode-2.0.so \ ${STAGEDIR}${PREFIX}/lib/nss_kadnode.so.1 ${RLN} ${STAGEDIR}${PREFIX}/lib/nss_kadnode.so.1 \ ${STAGEDIR}${PREFIX}/lib/nss_kadnode.so .include diff --git a/editors/imhex/Makefile b/editors/imhex/Makefile index 43980a09ae9f..d85a3f7a7330 100644 --- a/editors/imhex/Makefile +++ b/editors/imhex/Makefile @@ -1,66 +1,67 @@ PORTNAME= imhex PORTVERSION= 1.13.2 DISTVERSIONPREFIX= v +PORTREVISION= 1 CATEGORIES= editors MASTER_SITES= https://git.sr.ht/~danyspin97/xdgpp/blob/f01f810714443d0f10c333d4d1d9c0383be41375/:xdg DISTFILES= xdg.hpp:xdg DIST_SUBDIR= imhex MAINTAINER= nobutaka@FreeBSD.org COMMENT= Hex editor for reverse engineers and programmers LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE NOT_FOR_ARCHS= i386 powerpc NOT_FOR_ARCHS_REASON= __uint128_t and __int128_t are not supported EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} \ btzy-nativefiledialog-extended-${GH_TAG_NATIVEFILEDIALOG}_GH0${EXTRACT_SUFX} \ fmtlib-fmt-${GH_TAG_FMT}_GH0${EXTRACT_SUFX} \ WerWolv-libromfs-${GH_TAG_LIBROMFS}_GH0${EXTRACT_SUFX} BUILD_DEPENDS= glm>0:math/glm \ nlohmann-json>0:devel/nlohmann-json \ ${LOCALBASE}/include/range/v3/range.hpp:devel/range-v3 LIB_DEPENDS= libcapstone.so:devel/capstone4 \ libcurl.so:ftp/curl \ libfreetype.so:print/freetype2 \ libglfw.so:graphics/glfw \ libharfbuzz.so:print/harfbuzz \ libmbedtls.so:security/mbedtls \ libtre.so:textproc/libtre \ libyara.so:security/yara USES= cmake gl gnome pkgconfig python:3.8+ xorg USE_GL= gl USE_GNOME= cairo gdkpixbuf2 gtk30 USE_XORG= x11 xcb xau xdmcp USE_GITHUB= yes GH_ACCOUNT= WerWolv GH_PROJECT= ImHex GH_TUPLE= btzy:nativefiledialog-extended:${GH_TAG_NATIVEFILEDIALOG}:nativefiledialog \ fmtlib:fmt:${GH_TAG_FMT}:fmt \ WerWolv:libromfs:${GH_TAG_LIBROMFS}:libromfs GH_TAG_FMT= d141cdb GH_TAG_NATIVEFILEDIALOG= 322d1bc GH_TAG_LIBROMFS= 0842d22 CMAKE_ARGS= -DUSE_SYSTEM_CAPSTONE=ON -DUSE_SYSTEM_CURL=ON -DUSE_SYSTEM_YARA=ON -DUSE_SYSTEM_NLOHMANN_JSON=ON PORTDOCS= README.md OPTIONS_DEFINE= DOCS NLS NLS_USES= gettext post-extract: ${CP} ${DISTDIR}/${DIST_SUBDIR}/xdg.hpp ${WRKSRC}/external/xdgpp ${CP} -R ${WRKSRC_fmt}/* ${WRKSRC}/external/fmt ${CP} -R ${WRKSRC_libromfs}/* ${WRKSRC}/external/libromfs ${CP} -R ${WRKSRC_nativefiledialog}/* ${WRKSRC}/external/nativefiledialog post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} .include diff --git a/emulators/dolphin-emu/Makefile b/emulators/dolphin-emu/Makefile index 72df3d84958e..bb05f22a4c48 100644 --- a/emulators/dolphin-emu/Makefile +++ b/emulators/dolphin-emu/Makefile @@ -1,88 +1,88 @@ # Created by: Ganael Laplanche PORTNAME= dolphin-emu PORTVERSION= 5.0.12716 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= emulators MAINTAINER= martymac@FreeBSD.org COMMENT= Gamecube and Wii Emulator LICENSE= GPLv2+ LICENSE_FILE= ${WRKSRC}/license.txt # Notes on dependencies: # - alsa support has been disabled (not optimal) # - enet and soundtouch come from Externals/ as Dolphin's versions diverge # (see comments in CMakeLists.txt) # Various problems that may be addressed in the future: # - xxhash comes from Externals/ as it cannot be properly detected yet # - minizip comes from Externals/ as v>=2.0.0 is not available from ports yet # - freesurround comes from Externals/ as it is not available from ports yet # - cubeb comes from Externals/ as it is not available from ports yet # - gtest detection is missing (Externals/ version enforced by CMakeLists.txt) LIB_DEPENDS= libpulse.so:audio/pulseaudio \ libavcodec.so:multimedia/ffmpeg \ libavdevice.so:multimedia/ffmpeg \ libavfilter.so:multimedia/ffmpeg \ libavformat.so:multimedia/ffmpeg \ libavutil.so:multimedia/ffmpeg \ libswresample.so:multimedia/ffmpeg \ libswscale.so:multimedia/ffmpeg \ libpugixml.so:textproc/pugixml \ liblzo2.so:archivers/lzo2 \ libpng.so:graphics/png \ libjack.so:audio/jack \ libsndio.so:audio/sndio \ libsfml-system.so:devel/sfml \ libminiupnpc.so:net/miniupnpc \ libmbedtls.so:security/mbedtls \ libcurl.so:ftp/curl \ libhidapi.so:comms/hidapi \ libzstd.so:archivers/zstd \ libfmt.so:devel/libfmt USES= cmake compiler:c++17-lang desktop-file-utils gl iconv \ pkgconfig qmake qt:5 sdl xorg # See: https://fr.dolphin-emu.org/download/?ref=btn # for latest beta version and associated commit USE_GITHUB= yes GH_PROJECT= dolphin GH_TAGNAME= 3152428 USE_GL= gl glew glu USE_SDL= sdl2 USE_XORG= ice sm x11 xext xi xrandr USE_QT= buildtools_build core gui widgets CMAKE_ARGS+= -DUSE_UPNP:BOOL=ON \ -DENABLE_QT:BOOL=ON \ -DENABLE_ALSA:BOOL=OFF \ -DENABLE_PULSEAUDIO:BOOL=ON \ -DUSE_DISCORD_PRESENCE:BOOL=OFF \ -DCMAKE_REQUIRED_INCLUDES:PATH="${LOCALBASE}/include" \ -DCMAKE_REQUIRED_FLAGS:STRING="-L${LOCALBASE}/lib" MAKE_ENV+= DESTDIR="${STAGEDIR}" # XXX Fix build on archs where 'unsigned long' is 32bit CXXFLAGS+= -DLZO_CFG_PREFER_TYPEOF_ACC_INT32E_T=LZO_TYPEOF_INT # XXX Bypass git check (and set a dummy -unused- revision) CMAKE_ARGS+= -DDOLPHIN_WC_BRANCH:STRING="stable" \ -DDOLPHIN_WC_REVISION:STRING="1" OPTIONS_DEFINE= NLS OPTIONS_SUB= yes NLS_USES= gettext NLS_CMAKE_ON= -DDISABLE_NLS:BOOL=OFF NLS_CMAKE_OFF= -DDISABLE_NLS:BOOL=ON .include # JIT-enabled binaries are amd64 and aarch64 only .if ${ARCH} != "amd64" && ${ARCH} != "aarch64" CMAKE_ARGS+= -DENABLE_GENERIC:BOOL=ON .endif .include diff --git a/irc/inspircd/Makefile b/irc/inspircd/Makefile index ce4b47a023d5..8d4d70cbee96 100644 --- a/irc/inspircd/Makefile +++ b/irc/inspircd/Makefile @@ -1,107 +1,108 @@ # Created by: Craig Edwards PORTNAME= inspircd DISTVERSIONPREFIX= v DISTVERSION= 3.12.0 +PORTREVISION= 1 CATEGORIES= irc MAINTAINER= driesm@FreeBSD.org COMMENT= Modular C++ IRC daemon LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/docs/LICENSE.txt USES= compiler:c++11-lang cpe gmake localbase:ldflags perl5 USE_GITHUB= yes USE_PERL5= build USE_RC_SUBR= ${PORTNAME} HAS_CONFIGURE= yes CONFIGURE_ARGS= --binary-dir=${PREFIX}/bin \ --config-dir=${ETCDIR} \ --data-dir=${_INSPIRCD_DBDIR} \ --disable-auto-extras \ --distribution-label=${OPSYS}-${PORTVERSION} \ --gid=nobody \ --log-dir=${_INSPIRCD_LOGDIR} \ --manual-dir=${MANPREFIX}/man/man1 \ --module-dir=${PREFIX}/libexec/${PORTNAME}/modules \ --prefix=${PREFIX}/libexec/${PORTNAME} \ --runtime-dir=${_INSPIRCD_RUNDIR} \ --uid=nobody MAKEFILE= GNUmakefile SUB_FILES= pkg-message SUB_LIST= INSPIRCD_DBDIR=${_INSPIRCD_DBDIR} \ INSPIRCD_GROUP=${GROUPS} \ INSPIRCD_LOGDIR=${_INSPIRCD_LOGDIR} \ INSPIRCD_RUNDIR=${_INSPIRCD_RUNDIR} \ INSPIRCD_USER=${USERS} \ PORTNAME=${PORTNAME} USERS= ircd GROUPS= ircd PLIST_SUB= INSPIRCD_DBDIR=${_INSPIRCD_DBDIR} \ INSPIRCD_GROUP=${GROUPS} \ INSPIRCD_LOGDIR=${_INSPIRCD_LOGDIR} \ INSPIRCD_RUNDIR=${_INSPIRCD_RUNDIR} \ INSPIRCD_USER=${USERS} OPTIONS_DEFINE= GNUTLS LDAP MBEDTLS MYSQL OPENSSL PCRE PGSQL POSIX \ SQLITE SSLREHASH OPTIONS_DEFAULT= OPENSSL POSIX OPTIONS_SUB= yes GNUTLS_DESC= Build m_ssl_gnutls module LDAP_DESC= Build m_ldap module MBEDTLS_DESC= Build m_ssl_mbedtls module MYSQL_DESC= Build m_mysql module OPENSSL_DESC= Build m_ssl_openssl module PCRE_DESC= Build m_regex_pcre module PGSQL_DESC= Build m_pgsql module POSIX_DESC= Build m_regex_posix module SQLITE_DESC= Build m_sqlite3 module SSLREHASH_DESC= Build m_sslrehashsignal module GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls GNUTLS_USES= pkgconfig GNUTLS_VARS= EXTRAS+=m_ssl_gnutls.cpp LDAP_USE= OPENLDAP=yes LDAP_VARS= EXTRAS+=m_ldap.cpp MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls MBEDTLS_VARS= EXTRAS+=m_ssl_mbedtls.cpp MYSQL_USES= mysql MYSQL_VARS= EXTRAS+=m_mysql.cpp OPENSSL_USES= pkgconfig ssl OPENSSL_VARS= EXTRAS+=m_ssl_openssl.cpp PCRE_LIB_DEPENDS= libpcre.so:devel/pcre PCRE_VARS= EXTRAS+=m_regex_pcre.cpp PGSQL_USES= pgsql PGSQL_VARS= EXTRAS+=m_pgsql.cpp POSIX_VARS= EXTRAS+=m_regex_posix.cpp SQLITE_USES= pkgconfig sqlite SQLITE_VARS= EXTRAS+=m_sqlite3.cpp SSLREHASH_VARS+= EXTRAS+=m_sslrehashsignal.cpp _INSPIRCD_DBDIR?= /var/db/${PORTNAME} _INSPIRCD_LOGDIR?= /var/log/${PORTNAME} _INSPIRCD_RUNDIR?= /var/run/${PORTNAME} post-patch: @${REINPLACE_CMD} -e 's|examples/||g' -e 's|\.example||g' ${WRKSRC}/docs/conf/inspircd.conf.example @${REINPLACE_CMD} -e 's|examples/||g' -e 's|\.example||g' ${WRKSRC}/docs/conf/modules.conf.example pre-configure: @(cd ${WRKSRC}/src/modules && for m in ${EXTRAS}; do ${RLN} extra/$$m $$m; done) post-install: @${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/${PORTNAME}/modules/*.so @${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/${PORTNAME} @${MKDIR} ${STAGEDIR}${_INSPIRCD_DBDIR} @${MKDIR} ${STAGEDIR}${_INSPIRCD_LOGDIR} @${MKDIR} ${STAGEDIR}${_INSPIRCD_RUNDIR} .include diff --git a/lang/gauche/Makefile b/lang/gauche/Makefile index 7dec74e8890e..b582eeae5e44 100644 --- a/lang/gauche/Makefile +++ b/lang/gauche/Makefile @@ -1,108 +1,109 @@ # Created by: Akinori MUSHA aka knu PORTNAME= gauche PORTVERSION= 0.9.10 +PORTREVISION= 1 CATEGORIES= lang scheme MASTER_SITES= https://github.com/shirok/Gauche/releases/download/release0_9_10/ DISTNAME= Gauche-${PORTVERSION} MAINTAINER= lassi+freebsd@lassi.io COMMENT= Scheme script interpreter with multibyte character handling LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING BROKEN_mips= Fails to build: redefinition of GC_register_dynamic_libraries BROKEN_mips64= Fails to build: redefinition of GC_register_dynamic_libraries BROKEN_riscv64= Fails to build: ./include/private/gcconfig.h:709:5: The collector has not been ported to this machine/OS combination USES= compiler:c11 cpe gmake iconv makeinfo tar:tgz GNU_CONFIGURE= yes CONFIGURE_ARGS= --with-local=${LOCALBASE} ${ICONV_CONFIGURE_BASE:S/lib//} USE_LDCONFIG= yes TEST_TARGET= check ABI_VERSION= 0.97 PLIST_SUB= ABI_VERSION="${ABI_VERSION}" \ VERSION="${PORTVERSION}" \ TARGET="${CONFIGURE_TARGET}" # avoids a problem with ccache's pre-processor optimization MAKE_ENV+= CCACHE_CPP2=1 TEST_ENV= # must be empty, otherwise cf-check-lib test fails INFO= gauche-refe gauche-refj OPTIONS_DEFINE= GDBM THREADS SLIB MANPAGES OPTIONS_RADIO= MULTIBYTE TLS OPTIONS_RADIO_MULTIBYTE= EUCJP SJIS UTF8 OPTIONS_RADIO_TLS= AXTLS MBEDTLS OPTIONS_DEFAULT= MBEDTLS THREADS UTF8 MANPAGES OPTIONS_SUB= yes NO_OPTIONS_SORT= yes AXTLS_DESC= Cameron Rich's axTLS implementation (bundled) AXTLS_CONFIGURE_ON= --with-tls=axtls EUCJP_DESC= EUC-JP encoding support EUCJP_CONFIGURE_ON= --enable-multibyte=euc-jp GDBM_LIB_DEPENDS= libgdbm.so:databases/gdbm GDBM_CONFIGURE_ON= --with-dbm=gdbm,ndbm GDBM_CONFIGURE_OFF= --with-dbm=ndbm MBEDTLS_RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls MBEDTLS_CONFIGURE_ON= --with-tls=mbedtls --with-ca-bundle=${LOCALBASE}/share/certs/ca-root-nss.crt SLIB_DESC= Create catalogue for SLIB port # Gauche's slib module to use Aubrey Jaffer's SLIB SLIB_BUILD_DEPENDS= ${LOCALBASE}/share/slib/require.scm:lang/slib SLIB_CONFIGURE_ON= --with-slib=${LOCALBASE}/share/slib SLIB_CONFIGURE_OFF= --with-slib=${WRKDIR} SJIS_DESC= Shift_JIS encoding support SJIS_CONFIGURE_ON= --enable-multibyte=sjis THREADS_CONFIGURE_ON= --enable-threads=pthreads THREADS_CONFIGURE_OFF= --enable-threads=no UTF8_CONFIGURE_ON= --enable-multibyte=utf-8 .include .if !${PORT_OPTIONS:MEUCJP} && !${PORT_OPTIONS:MSJIS} && !${PORT_OPTIONS:MUTF8} CONFIGURE_ARGS+= --enable-multibyte=none .endif .if !${PORT_OPTIONS:MAXTLS} && !${PORT_OPTIONS:MMBEDTLS} CONFIGURE_ARGS+= --with-tls=none .endif post-patch: # required for sparc64, no-op elsewhere @${REINPLACE_CMD} -e \ '/^VPATH = /s,$$,/src,' ${WRKSRC}/gc/Makefile.in # unbreak "make test" by using the same workaround as for OSX (darwin), # apparently because we both use clang (XXX: what about gcc?) @${REINPLACE_CMD} -e \ 's,darwin,&|${OPSYS:tl},' ${WRKSRC}/test/scripts.scm post-install: @${TOUCH} ${STAGEDIR}${PREFIX}/lib/gauche-${ABI_VERSION}/site/${CONFIGURE_TARGET}/.keepme @${MKDIR} ${STAGEDIR}${DATADIR}/${PORTVERSION}/lib/.packages @${TOUCH} ${STAGEDIR}${DATADIR}/${PORTVERSION}/lib/.packages/.keepme @${MKDIR} ${STAGEDIR}${DATADIR}/site/lib/.packages @${TOUCH} ${STAGEDIR}${DATADIR}/site/lib/.packages/.keepme @${MKDIR} ${STAGEDIR}${PREFIX}/share/gauche-${ABI_VERSION}/site/lib/.packages @${TOUCH} ${STAGEDIR}${PREFIX}/share/gauche-${ABI_VERSION}/site/lib/.packages/.keepme @${MKDIR} ${STAGEDIR}${DOCSDIR} @${TOUCH} ${STAGEDIR}${DOCSDIR}/.keepme @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} @${TOUCH} ${STAGEDIR}${EXAMPLESDIR}/.keepme .for i in gauche-config gosh @${CHMOD} u+w ${STAGEDIR}${PREFIX}/bin/${i} @${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/${i} @${CHMOD} u-w ${STAGEDIR}${PREFIX}/bin/${i} .endfor @${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libgauche-${ABI_VERSION}.so.[0-9].* .for i in gauche-config gosh *.so @${CHMOD} u+w ${STAGEDIR}${PREFIX}/lib/gauche-${ABI_VERSION}/${PORTVERSION}/${CONFIGURE_TARGET}/${i} @${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/gauche-${ABI_VERSION}/${PORTVERSION}/${CONFIGURE_TARGET}/${i} @${CHMOD} u-w ${STAGEDIR}${PREFIX}/lib/gauche-${ABI_VERSION}/${PORTVERSION}/${CONFIGURE_TARGET}/${i} .endfor .include diff --git a/lang/neko/Makefile b/lang/neko/Makefile index f73d82ab2561..52c944f96bfd 100644 --- a/lang/neko/Makefile +++ b/lang/neko/Makefile @@ -1,40 +1,40 @@ PORTNAME= neko DISTVERSIONPREFIX= v DISTVERSION= 2-2-0 -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= lang MAINTAINER= penzin.dev@gmail.com COMMENT= Neko programming languages and virtual machine LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= git:devel/git LIB_DEPENDS= libgc-threaded.so:devel/boehm-gc-threaded \ libapr-1.so:devel/apr1 libaprutil-1.so:devel/apr1 \ libpcre.so:devel/pcre libpcreposix.so:devel/pcre \ libmbedtls.so:security/mbedtls libmbedcrypto.so:security/mbedtls libmbedx509.so:security/mbedtls \ libfontconfig.so:x11-fonts/fontconfig libfreetype.so:print/freetype2 USES= cmake mysql pkgconfig sqlite:3 USE_GITHUB= yes GH_ACCOUNT= HaxeFoundation USE_LDCONFIG= ${PREFIX}/lib ${PREFIX}/lib/neko MAKE_JOBS_UNSAFE= yes OPTIONS_DEFINE= APACHE UI OPTIONS_DEFAULT= APACHE OPTIONS_SUB= yes APACHE_DESC= Build Apache modules UI_DESC= UI (GTK) UI_USES= gnome UI_USE= gnome=atk,cairo,gdkpixbuf2,glib20,gtk20,pango UI_CMAKE_BOOL= WITH_UI APACHE_USE= apache=22+ APACHE_CMAKE_BOOL= WITH_APACHE .include diff --git a/multimedia/librist/Makefile b/multimedia/librist/Makefile index 64be045b8a5c..eac947a2656c 100644 --- a/multimedia/librist/Makefile +++ b/multimedia/librist/Makefile @@ -1,31 +1,32 @@ PORTNAME= librist DISTVERSION= 0.2.6 +PORTREVISION= 1 CATEGORIES= multimedia MAINTAINER= yuri@FreeBSD.org COMMENT= Library for Reliable Internet Stream Transport (RIST) protocol LICENSE= BSD2CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING LIB_DEPENDS= libcjson.so:devel/libcjson \ libmbedcrypto.so:security/mbedtls USES= localbase:ldflags meson pkgconfig USE_GITLAB= yes USE_LDCONFIG= yes GL_SITE= https://code.videolan.org GL_ACCOUNT= rist GL_COMMIT= 5c1f4a06ab46e16e6bba42fe7381d8353020a1fd MESON_ARGS= -Dtest=false do-test: @cd ${WRKSRC} && \ ${RM} -r _build && \ ${SETENV} ${CONFIGURE_ENV} ${CONFIGURE_CMD} ${CONFIGURE_ARGS} -Dtest=true && \ cd ${BUILD_WRKSRC} && \ ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${MAKE_ARGS} ${ALL_TARGET} test .include diff --git a/multimedia/obs-studio/Makefile b/multimedia/obs-studio/Makefile index 2c9436cab492..9044021eb9a4 100644 --- a/multimedia/obs-studio/Makefile +++ b/multimedia/obs-studio/Makefile @@ -1,109 +1,110 @@ PORTNAME= obs-studio DISTVERSION= 27.1.3 +PORTREVISION= 1 CATEGORIES= multimedia MAINTAINER= yuri@FreeBSD.org COMMENT= Open source streaming/recording software LICENSE= GPLv2+ LICENSE_FILE= ${WRKSRC}/COPYING BROKEN_i386= https://github.com/obsproject/obs-browser/issues/241 BUILD_DEPENDS= v4l_compat>=0:multimedia/v4l_compat \ swig:devel/swig LIB_DEPENDS= libavcodec.so:multimedia/ffmpeg \ libcurl.so:ftp/curl \ libdbus-1.so:devel/dbus \ libfdk-aac.so:audio/fdk-aac \ libfontconfig.so:x11-fonts/fontconfig \ libfreetype.so:print/freetype2 \ libjansson.so:devel/jansson \ libmbedtls.so:security/mbedtls \ libspeexdsp.so:audio/speexdsp \ libsysinfo.so:devel/libsysinfo \ libudev.so:devel/libudev-devd \ libv4l2.so:multimedia/libv4l \ libvlc.so:multimedia/vlc \ libwayland-client.so:graphics/wayland \ libx264.so:multimedia/libx264 \ libxcb-ewmh.so:x11/xcb-util-wm \ libxcb-image.so:x11/xcb-util-image \ libxcb-keysyms.so:x11/xcb-util-keysyms \ libxcb-render-util.so:x11/xcb-util-renderutil \ libxcb-util.so:x11/xcb-util \ ${LIB_DEPENDS_${ARCH}} LIB_DEPENDS_amd64= libluajit-5.1.so:lang/luajit LIB_DEPENDS_armv7= libluajit-5.1.so:lang/luajit LIB_DEPENDS_i386= libluajit-5.1.so:lang/luajit LIB_DEPENDS_powerpc= libluajit-5.1.so:lang/luajit LIB_DEPENDS_powerpc64= libluajit-5.1.so:lang/luajit-openresty LIB_DEPENDS_powerpc64le= libluajit-5.1.so:lang/luajit-openresty USES= cmake compiler:c++17-lang gl gnome lua pkgconfig python:3.4+ \ qt:5 xorg USE_QT= core gui network svg widgets x11extras xml buildtools_build imageformats_run qmake_build USE_GNOME= glib20 USE_GL= gl USE_XORG= ice sm x11 xcb xcomposite xext xfixes xinerama xrandr USE_LDCONFIG= yes USE_GITHUB= yes GH_ACCOUNT= obsproject GH_TUPLE= obsproject:obs-browser:f1a61c5:obs_browser/plugins/obs-browser \ obsproject:obs-vst:aaa7b7f:obs_vst/plugins/obs-vst CMAKE_ON= UNIX_STRUCTURE CMAKE_OFF= ENABLE_PIPEWIRE # beginning with 27.0.1 (PR#4287) the linux-capture plugin optionally requires the piperware library and in this case expects the linux/dma-buf.h header CMAKE_ARGS= -DOBS_VERSION_OVERRIDE:STRING="${PORTVERSION}" LDFLAGS+= -fPIC # pending https://github.com/obsproject/obs-studio/issues/3436 OPTIONS_DEFINE= BROWSER VST OPTIONS_DEFAULT= VST OPTIONS_MULTI= AUDIO OPTIONS_MULTI_AUDIO= JACK PULSEAUDIO SNDIO OPTIONS_DEFAULT+= JACK PULSEAUDIO SNDIO OPTIONS_SUB= yes AUDIO_DESC= Audio backends BROWSER_DESC= Build OSB browser BROWSER_CMAKE_BOOL= BUILD_BROWSER BROWSER_BROKEN= Needs CEF (Chromium Embedded Framework) which isn't yet ported JACK_LIB_DEPENDS= libjack.so:audio/jack JACK_CMAKE_ON= -DENABLE_JACK=TRUE JACK_CMAKE_OFF= -DDISABLE_JACK=TRUE PULSEAUDIO_LIB_DEPENDS= libpulse.so:audio/pulseaudio PULSEAUDIO_CMAKE_ON= -DENABLE_PULSEAUDIO=TRUE PULSEAUDIO_CMAKE_OFF= -DDISABLE_PULSEAUDIO=TRUE PULSEAUDIO_BROKEN_OFF= https://github.com/obsproject/obs-studio/issues/4025 SNDIO_LIB_DEPENDS= libsndio.so:audio/sndio SNDIO_CMAKE_ON= -DENABLE_SNDIO=TRUE SNDIO_CMAKE_OFF= -DDISABLE_SNDIO=TRUE VST_DESC= Build VST submodule VST_CMAKE_BOOL= BUILD_VST .include .if ${ARCH} != amd64 && ${ARCH} != armv7 && ${ARCH} != i386 && ${ARCH} != powerpc && ${ARCH} != powerpc64 && ${ARCH} != powerpc64le PLIST_SUB+= LUAJIT="@comment " .else PLIST_SUB+= LUAJIT="" .endif post-patch: @${REINPLACE_CMD} -e 's| 3.4)| ${PYTHON_VER})|' \ ${WRKSRC}/cmake/Modules/FindPythonDeps.cmake post-install: # https://github.com/obsproject/obs-studio/issues/2625 ${INSTALL_DATA} ${WRKSRC}/UI/obs-frontend-api/obs-frontend-api.h ${STAGEDIR}${PREFIX}/include/obs # https://github.com/obsproject/obs-studio/issues/2647 (only for multimedia/obs-audio-spectralizer, should be removed later) ${INSTALL_DATA} ${WRKSRC}/cmake/Modules/ObsHelpers.cmake ${STAGEDIR}${PREFIX}/lib/cmake ${INSTALL_DATA} ${WRKSRC}/cmake/external/ObsPluginHelpers.cmake ${STAGEDIR}${PREFIX}/lib/cmake .include diff --git a/net-im/sayaka/Makefile b/net-im/sayaka/Makefile index 84a7f9d1bf3e..b11dd3f9e280 100644 --- a/net-im/sayaka/Makefile +++ b/net-im/sayaka/Makefile @@ -1,30 +1,31 @@ PORTNAME= sayaka PORTVERSION= 3.5.1 +PORTREVISION= 1 CATEGORIES= net-im MAINTAINER= sue@iwmt.org COMMENT= Twitter client for sixel-capable terminals LICENSE= BSD2CLAUSE LIB_DEPENDS= libpng.so:graphics/png \ libmbedtls.so:security/mbedtls USES= compiler:c++17-lang iconv jpeg pkgconfig GNU_CONFIGURE= yes USE_GITHUB= yes GH_ACCOUNT= isaki68k PLIST_FILES= bin/sayaka PORTDOCS= README.md OPTIONS_DEFINE= DOCS do-install: ${INSTALL_PROGRAM} ${WRKSRC}/src/sayaka ${STAGEDIR}${PREFIX}/bin do-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} .include diff --git a/net-p2p/btcheck/Makefile b/net-p2p/btcheck/Makefile index b2e8ed367a0d..e3f024ef8395 100644 --- a/net-p2p/btcheck/Makefile +++ b/net-p2p/btcheck/Makefile @@ -1,64 +1,65 @@ # Created by: Alexey Dokuchaev PORTNAME= btcheck PORTVERSION= 2.1 +PORTREVISION= 1 CATEGORIES= net-p2p MASTER_SITES= SF/${PORTNAME} MAINTAINER= danfe@FreeBSD.org COMMENT= BitTorrent data checker and torrent file content viewer LICENSE= GPLv3 GNU_CONFIGURE= yes CONFLICTS_INSTALL= libbt # bin/btcheck PLIST_FILES= bin/btcheck man/man1/btcheck.1.gz PORTDOCS= AUTHORS ChangeLog NEWS README OPTIONS_DEFINE= DOCS OPTIONS_RADIO= SHA1 SHA1_DESC= Optimized SHA-1 calculation OPTIONS_RADIO_SHA1= BEECRYPT GCRYPT GNUTLS MBEDTLS NETTLE OPENSSL TOMCRYPT OPTIONS_DEFAULT= OPENSSL BEECRYPT_DESC= Use SHA-1 implementation from BeeCrypt BEECRYPT_LIB_DEPENDS= libbeecrypt.so:security/beecrypt BEECRYPT_USES= localbase BEECRYPT_CONFIGURE_ON= --with-beecrypt GCRYPT_DESC= Use SHA-1 implementation from GNU crypt GCRYPT_LIB_DEPENDS= libgcrypt.so:security/libgcrypt GCRYPT_USES= localbase GCRYPT_CONFIGURE_ON= --with-gcrypt GNUTLS_DESC= Use SHA-1 implementation from GnuTLS GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls GNUTLS_USES= localbase GNUTLS_CONFIGURE_ON= --with-gnutls MBEDTLS_DESC= Use SHA-1 implementation from mbedTLS/PolarSSL MBEDTLS_LIB_DEPENDS= libmbedcrypto.so:security/mbedtls MBEDTLS_USES= localbase MBEDTLS_CONFIGURE_ON= --with-polarssl NETTLE_DESC= Use SHA-1 implementation from Nettle NETTLE_LIB_DEPENDS= libnettle.so:security/nettle NETTLE_USES= localbase NETTLE_CONFIGURE_ON= --with-nettle OPENSSL_DESC= Use SHA-1 implementation from OpenSSL OPENSSL_USES= ssl OPENSSL_CONFIGURE_ON= --with-openssl TOMCRYPT_DESC= Use SHA-1 implementation from LibTomCrypt TOMCRYPT_LIB_DEPENDS= libtomcrypt.so:security/libtomcrypt TOMCRYPT_USES= localbase TOMCRYPT_CONFIGURE_ON= --with-tomcrypt post-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR} .include diff --git a/net/bctoolbox/Makefile b/net/bctoolbox/Makefile index 5a44f4ea6a17..801937e3cd57 100644 --- a/net/bctoolbox/Makefile +++ b/net/bctoolbox/Makefile @@ -1,26 +1,26 @@ PORTNAME= bctoolbox PORTVERSION= 0.6.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= net MASTER_SITES= https://www.linphone.org/releases/sources/bctoolbox/ MAINTAINER= ports@FreeBSD.org COMMENT= Belledonne Communications utility library LICENSE= GPLv2+ LICENSE_FILE= ${WRKSRC}/COPYING BUILD_DEPENDS= mbedtls>=2.3.0_2:security/mbedtls LIB_DEPENDS= libmbedtls.so:security/mbedtls USES= cmake compiler:c++11-lib USE_LDCONFIG= yes CFLAGS+= -DHAVE_ARC4RANDOM CMAKE_ARGS= -DENABLE_STATIC=NO -DENABLE_STRICT=NO \ -DENABLE_TESTS_COMPONENT=NO post-patch: @${REINPLACE_CMD} '/clock_gettime/d' ${WRKSRC}/CMakeLists.txt .include diff --git a/net/libwebsockets/Makefile b/net/libwebsockets/Makefile index 57b8662eeafb..3e1e92044fc9 100644 --- a/net/libwebsockets/Makefile +++ b/net/libwebsockets/Makefile @@ -1,89 +1,90 @@ # Created by: Iblis Lin PORTNAME= libwebsockets DISTVERSIONPREFIX= v DISTVERSION= 4.2.2 +PORTREVISION= 1 CATEGORIES= net devel MASTER_SITES= https://libwebsockets.org/git/libwebsockets/snapshot/ MAINTAINER= ports@FreeBSD.org COMMENT= C library for lightweight websocket clients and servers LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE USES= cmake localbase pkgconfig tar:xz USE_LDCONFIG= yes CMAKE_ARGS= -DLWS_BUILD_HASH:STRING="${BUILDINFO}" CMAKE_ON= CMAKE_DISABLE_FIND_PACKAGE_Git \ LWS_IPV6 LWS_WITH_SSL LWS_WITH_ZLIB \ LWS_WITHOUT_TESTAPPS LWS_WITHOUT_TEST_SERVER \ LWS_WITHOUT_TEST_SERVER_EXTPOLL \ LWS_WITHOUT_TEST_PING LWS_WITHOUT_TEST_CLIENT OPTIONS_DEFINE= HTTP_PROXY HTTP2 MQTT PEERLIMITS PLUGINS \ SECURE_STREAMS SOCKS SQLITE WEBSERVER OPTIONS_DEFAULT= HTTP2 MQTT OPENSSL LIBUV OPTIONS_SUB= yes OPTIONS_SINGLE= SSL OPTIONS_SINGLE_SSL= MBEDTLS OPENSSL OPTIONS_GROUP= EVLOOP OPTIONS_GROUP_EVLOOP= GLIB LIBEV LIBEVENT LIBUV HTTP_PROXY_DESC= HTTP proxy support MQTT_DESC= MQTT client support PEERLIMITS_DESC= Tracking and limiting of resources of peer(s) PLUGINS_DESC= Plugins support SECURE_STREAMS_DESC= Secure streams protocol API support SOCKS_DESC= Allow use of SOCKS5 proxy on client connections EVLOOP_DESC= Event loop support GLIB_DESC= Events support via Glib LIBEVENT_DESC= Asynchronous event notification via libevent LIBUV_DESC= Asynchronous I/O support via libuv HTTP_PROXY_CMAKE_BOOL= LWS_WITH_HTTP_PROXY HTTP2_CMAKE_BOOL= LWS_WITH_HTTP2 MQTT_CMAKE_BOOL= LWS_ROLE_MQTT PEERLIMITS_CMAKE_BOOL= LWS_WITH_PEER_LIMITS PLUGINS_CMAKE_BOOL= LWS_WITH_PLUGINS \ LWS_WITH_PLUGINS_API SECURE_STREAMS_CMAKE_BOOL= LWS_WITH_SECURE_STREAMS \ LWS_WITH_SECURE_STREAMS_PROXY_API SOCKS_CMAKE_BOOL= LWS_WITH_SOCKS5 SQLITE_LIB_DEPENDS= libsqlite3.so:databases/sqlite3 SQLITE_CMAKE_BOOL= LWS_WITH_SQLITE3 WEBSERVER_CMAKE_BOOL= LWS_WITH_LWSWS WEBSERVER_IMPLIES= PEERLIMITS PLUGINS LIBUV MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls MBEDTLS_CMAKE_BOOL= LWS_WITH_MBEDTLS OPENSSL_USES= ssl OPENSSL_CMAKE_BOOL= LWS_WITHOUT_BUILTIN_SHA1 # WolfSSL needs to be compiled with --enable-libwebsockets to work # WOLFSSL_LIB_DEPENDS= libwolfssl.so:security/wolfssl # WOLFSSL_CMAKE_BOOL= LWS_WITH_SSL LWS_WITH_WOLFSSL # WOLFSSL_CMAKE_ON= -DLWS_WOLFSSL_INCLUDE_DIRS=${LOCALBASE}/include \ # -DLWS_WOLFSSL_LIBRARIES=${LOCALBASE}/lib/libwolfssl.so GLIB_USES= gnome GLIB_USE= GNOME=glib20 GLIB_CMAKE_BOOL= LWS_WITH_GLIB LIBEV_LIB_DEPENDS= libev.so:devel/libev LIBEV_CMAKE_BOOL= LWS_WITH_LIBEV LIBEVENT_LIB_DEPENDS= libevent.so:devel/libevent LIBEVENT_CMAKE_BOOL= LWS_WITH_LIBEVENT LIBUV_LIB_DEPENDS= libuv.so:devel/libuv LIBUV_CMAKE_BOOL= LWS_WITH_LIBUV BUILDINFO= ${HOSTARCH}-portbld-${OPSYS:tl}-${OSREL:R} .include # Allow usage of LibreSSL via OPENSSL option .if ${PORT_OPTIONS:MOPENSSL} && ${SSL_DEFAULT} == libressl CMAKE_ARGS+= -DLWS_OPENSSL_LIBRARIES='${OPENSSLLIB}/libtls.so;${OPENSSLLIB}/libssl.so;${OPENSSLLIB}/libcrypto.so' -DLWS_OPENSSL_INCLUDE_DIRS=${OPENSSLINC}/ssl .endif .include diff --git a/net/pichi/Makefile b/net/pichi/Makefile index a02d8770313e..1a7e5fbb9565 100644 --- a/net/pichi/Makefile +++ b/net/pichi/Makefile @@ -1,68 +1,69 @@ PORTNAME= pichi DISTVERSION= 1.4.0 +PORTREVISION= 1 CATEGORIES= net MAINTAINER= pichi@elude.in COMMENT= Flexible rule-based proxy LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= rapidjson>=1.1.0:devel/rapidjson USES= cmake compiler:c++17-lang cpe CPE_VENDOR= ${PORTNAME}_project USE_GITHUB= yes GH_ACCOUNT= pichi-router USE_RC_SUBR= pichi PLIST_SUB= DISTVERSION=${DISTVERSION} CMAKE_BUILD_TYPE= MinSizeRel CMAKE_ARGS= -DVERSION=${DISTVERSION} CMAKE_ON= BUILD_SERVER BUILD_TEST INSTALL_TARGET= install/strip TEST_TARGET= test OPTIONS_DEFINE= DEVEL STATIC OPTIONS_SUB= yes STATIC_DESC= Static linking STATIC_CMAKE_BOOL= STATIC_LINK STATIC_BUILD_DEPENDS= boost-libs>=1.67.0:devel/boost-libs \ libmaxminddb>=1.3.0:net/libmaxminddb \ libsodium>=1.0.12:security/libsodium \ mbedtls>=2.7.0:security/mbedtls STATIC_LIB_DEPENDS_OFF= libboost_context.so:devel/boost-libs \ libboost_filesystem.so:devel/boost-libs \ libboost_program_options.so:devel/boost-libs \ libboost_system.so:devel/boost-libs \ libmaxminddb.so:net/libmaxminddb \ libmbedcrypto.so:security/mbedtls \ libmbedtls.so:security/mbedtls \ libmbedx509.so:security/mbedtls \ libsodium.so:security/libsodium STATIC_USE_OFF= LDCONFIG=yes DEVEL_DESC= Install development files DEVEL_CMAKE_BOOL= INSTALL_DEVEL .include .if ${PORT_OPTIONS:MSTATIC} USES+= ssl:build .else USES+= ssl .endif post-install: ${MKDIR} ${STAGEDIR}${ETCDIR} ${INSTALL_DATA} ${WRKSRC}/test/geo.mmdb ${STAGEDIR}${ETCDIR}/geo.mmdb ${INSTALL_DATA} ${WRKSRC}/server/pichi.json.default ${STAGEDIR}${ETCDIR}/pichi.json.sample post-install-DEVEL-on: ${MKDIR} ${STAGEDIR}${PREFIX}/include ${INSTALL_DATA} ${WRKSRC}/include/pichi.h ${STAGEDIR}${PREFIX}/include/pichi.h .include diff --git a/net/shadowsocks-libev/Makefile b/net/shadowsocks-libev/Makefile index 088b0b34ef16..512b5f05f726 100644 --- a/net/shadowsocks-libev/Makefile +++ b/net/shadowsocks-libev/Makefile @@ -1,57 +1,57 @@ # Created by: Xiaoding Liu PORTNAME= shadowsocks-libev DISTVERSIONPREFIX= v DISTVERSION= 3.3.5 -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= net MAINTAINER= xiaoding+freebsd@xiaoding.org COMMENT= Lightweight tunnel proxy which can help you get through firewalls LICENSE= GPLv3 LICENSE_FILE= ${WRKSRC}/LICENSE LIB_DEPENDS= libev.so:devel/libev \ libmbedcrypto.so:security/mbedtls \ libpcre.so:devel/pcre \ libsodium.so:security/libsodium \ libcares.so:dns/c-ares USES= autoreconf compiler:c11 gmake libtool:keepla pathfix GNU_CONFIGURE= yes CONFIGURE_ARGS= --enable-shared USE_GITHUB= yes GH_ACCOUNT= shadowsocks GH_TUPLE= shadowsocks:libbloom:437e1ad:libbloom/libbloom \ shadowsocks:libcork:074e074:libcork/libcork \ shadowsocks:ipset:3ea7fe3:libipset/libipset INSTALL_TARGET= install-strip USE_LDCONFIG= yes OPTIONS_DEFINE= BASH DOCS ZSH OPTIONS_SUB= yes DOCS_BUILD_DEPENDS= asciidoc:textproc/asciidoc \ xmlto:textproc/xmlto DOCS_CONFIGURE_OFF= --disable-documentation USE_RC_SUBR= shadowsocks_libev post-install: @${MKDIR} ${STAGEDIR}${ETCDIR} ${INSTALL_DATA} ${WRKSRC}/debian/config.json ${STAGEDIR}${ETCDIR}/config.json.sample post-install-BASH-on: @${MKDIR} ${STAGEDIR}${PREFIX}/share/bash-completion/completions .for c in ss-local ss-manager ss-redir ss-server ss-tunnel ${INSTALL_DATA} ${WRKSRC}/completions/bash/${c} ${STAGEDIR}${PREFIX}/share/bash-completion/completions/${c} .endfor post-install-ZSH-on: @${MKDIR} ${STAGEDIR}${PREFIX}/share/zsh/site-functions .for c in _ss-local _ss-manager _ss-redir _ss-server _ss-tunnel ${INSTALL_DATA} ${WRKSRC}/completions/zsh/${c} ${STAGEDIR}${PREFIX}/share/zsh/site-functions/${c} .endfor .include diff --git a/security/mbedtls/Makefile b/security/mbedtls/Makefile index 0b0710bfd1e7..706fc9d672c3 100644 --- a/security/mbedtls/Makefile +++ b/security/mbedtls/Makefile @@ -1,38 +1,36 @@ PORTNAME= mbedtls -PORTVERSION= 2.16.12 +PORTVERSION= 2.28.0 DISTVERSIONPREFIX=${PORTNAME}- CATEGORIES= security devel MAINTAINER= tijl@FreeBSD.org COMMENT= SSL/TLS and cryptography library -LICENSE= APACHE20 GPLv2+ -LICENSE_COMB= dual -LICENSE_FILE_APACHE20= ${WRKSRC}/apache-2.0.txt -LICENSE_FILE_GPLv2+ = ${WRKSRC}/gpl-2.0.txt +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +USES= gmake python:test shebangfix +SHEBANG_FILES= scripts/*.py tests/scripts/*.py USE_GITHUB= yes GH_ACCOUNT= ARMmbed ALL_TARGET= no_test TEST_TARGET= test -MAKE_ENV= SHARED=1 -USES= gmake tar:tgz +MAKE_ENV= PYTHON=${PYTHON_CMD} SHARED=1 USE_LDCONFIG= yes -CONFLICTS_INSTALL= polarssl13 - post-patch: @${RM} ${WRKSRC}/include/mbedtls/*.orig @${REINPLACE_CMD} \ -e 's/PREFIX/NAMEPREFIX/' \ -e 's/$$(DESTDIR)/&$$(PREFIX)/' \ ${WRKSRC}/Makefile @${REINPLACE_CMD} 's/-fpic//' ${WRKSRC}/library/Makefile post-install: - ${FIND} ${STAGEDIR}${PREFIX}/bin -type f -not -name \ - mbedtls_udp_proxy_wrapper.sh -exec ${STRIP_CMD} {} + + ${FIND} ${STAGEDIR}${PREFIX}/bin -type f -not -name \*.sh \ + -exec ${STRIP_CMD} {} + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/*.so .include diff --git a/security/mbedtls/distinfo b/security/mbedtls/distinfo index 3dc6ce661998..5fe1b991a8cf 100644 --- a/security/mbedtls/distinfo +++ b/security/mbedtls/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1640884497 -SHA256 (ARMmbed-mbedtls-mbedtls-2.16.12_GH0.tar.gz) = 0afb4a4ce5b771f2fb86daee786362fbe48285f05b73cd205f46a224ec031783 -SIZE (ARMmbed-mbedtls-mbedtls-2.16.12_GH0.tar.gz) = 2702190 +TIMESTAMP = 1643369982 +SHA256 (ARMmbed-mbedtls-mbedtls-2.28.0_GH0.tar.gz) = f644248f23cf04315cf9bb58d88c4c9471c16ca0533ecf33f86fb7749a3e5fa6 +SIZE (ARMmbed-mbedtls-mbedtls-2.28.0_GH0.tar.gz) = 3712239 diff --git a/security/mbedtls/files/patch-config.h b/security/mbedtls/files/patch-config.h deleted file mode 100644 index ef5f7f4e7e03..000000000000 --- a/security/mbedtls/files/patch-config.h +++ /dev/null @@ -1,20 +0,0 @@ ---- include/mbedtls/config.h.orig 2017-03-08 15:33:04 UTC -+++ include/mbedtls/config.h -@@ -1285,7 +1285,7 @@ - * - * Uncomment this to enable pthread mutexes. - */ --//#define MBEDTLS_THREADING_PTHREAD -+#define MBEDTLS_THREADING_PTHREAD - - /** - * \def MBEDTLS_VERSION_FEATURES -@@ -2322,7 +2322,7 @@ - * - * Enable this layer to allow use of mutexes within mbed TLS - */ --//#define MBEDTLS_THREADING_C -+#define MBEDTLS_THREADING_C - - /** - * \def MBEDTLS_TIMING_C diff --git a/security/mbedtls/files/patch-dtls-srtp b/security/mbedtls/files/patch-dtls-srtp deleted file mode 100644 index dac835d23b17..000000000000 --- a/security/mbedtls/files/patch-dtls-srtp +++ /dev/null @@ -1,659 +0,0 @@ -Add DTLS-SRTP (RFC 5764) support. - -Obtained from: git://git.linphone.org/linphone-desktop.git - -diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h -index d1db0d8..72e2d04 100644 ---- include/mbedtls/config.h -+++ include/mbedtls/config.h -@@ -1154,6 +1154,17 @@ - #define MBEDTLS_SSL_DTLS_HELLO_VERIFY - - /** -+ * \def MBEDTLS_SSL_DTLS_SRTP -+ * -+ * Enable support for DTLS-SRTP, RFC5764 -+ * -+ * Requires: MBEDTLS_SSL_PROTO_DTLS -+ * -+ * Comment this to disable support for DTLS-SRTP. -+ */ -+#define MBEDTLS_SSL_DTLS_SRTP -+ -+/** - * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - * - * Enable server-side support for clients that reconnect from the same port. -diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h -index 00e1c6c..729e95f 100644 ---- include/mbedtls/ssl.h -+++ include/mbedtls/ssl.h -@@ -326,6 +326,8 @@ - - #define MBEDTLS_TLS_EXT_SIG_ALG 13 - -+#define MBEDTLS_TLS_EXT_USE_SRTP 14 -+ - #define MBEDTLS_TLS_EXT_ALPN 16 - - #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */ -@@ -338,6 +340,14 @@ - #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 - - /* -+ * use_srtp extension protection profiles values as defined in http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml -+ */ -+#define MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE 0x0001 -+#define MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE 0x0002 -+#define MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE 0x0005 -+#define MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE 0x0006 -+ -+/* - * Size defines - */ - #if !defined(MBEDTLS_PSK_MAX_LEN) -@@ -426,6 +436,19 @@ typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert; - typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; - #endif - -+#if defined(MBEDTLS_SSL_DTLS_SRTP) -+/* -+ * List of SRTP profiles for DTLS-SRTP -+ */ -+enum mbedtls_DTLS_SRTP_protection_profiles { -+ MBEDTLS_SRTP_UNSET_PROFILE, -+ MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, -+ MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, -+ MBEDTLS_SRTP_NULL_HMAC_SHA1_80, -+ MBEDTLS_SRTP_NULL_HMAC_SHA1_32, -+}; -+#endif /* MBEDTLS_SSL_DTLS_SRTP */ -+ - /* - * This structure is used for storing current session data. - */ -@@ -566,6 +589,14 @@ struct mbedtls_ssl_config - const char **alpn_list; /*!< ordered list of protocols */ - #endif - -+#if defined(MBEDTLS_SSL_DTLS_SRTP) -+ /* -+ * use_srtp extension -+ */ -+ enum mbedtls_DTLS_SRTP_protection_profiles *dtls_srtp_profiles_list; /*!< ordered list of supported srtp profile */ -+ size_t dtls_srtp_profiles_list_len; /*!< number of supported profiles */ -+#endif /* MBEDTLS_SSL_DTLS_SRTP */ -+ - /* - * Numerical settings (int then char) - */ -@@ -765,6 +796,15 @@ struct mbedtls_ssl_context - const char *alpn_chosen; /*!< negotiated protocol */ - #endif - -+#if defined(MBEDTLS_SSL_DTLS_SRTP) -+ /* -+ * use_srtp extension -+ */ -+ enum mbedtls_DTLS_SRTP_protection_profiles chosen_dtls_srtp_profile; /*!< negotiated SRTP profile */ -+ unsigned char *dtls_srtp_keys; /*conf->dtls_srtp_profiles_list == NULL) || (ssl->conf->dtls_srtp_profiles_list_len == 0) ) -+ { -+ return; -+ } -+ -+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding use_srtp extension" ) ); -+ -+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); -+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); -+ -+ /* RFC5764 section 4.1.1 -+ * uint8 SRTPProtectionProfile[2]; -+ * -+ * struct { -+ * SRTPProtectionProfiles SRTPProtectionProfiles; -+ * opaque srtp_mki<0..255>; -+ * } UseSRTPData; -+ -+ * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; -+ * -+ * Note: srtp_mki is not supported -+ */ -+ -+ /* Extension length = 2bytes for profiles lenght, ssl->conf->dtls_srtp_profiles_list_len*2 (each profile is 2 bytes length ) + 1 byte for the non implemented srtp_mki vector length (always 0) */ -+ *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profiles_list_len) + 1 ) >> 8 ) & 0xFF ); -+ *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profiles_list_len) + 1 ) ) & 0xFF ); -+ -+ -+ /* protection profile length: 2*(ssl->conf->dtls_srtp_profiles_list_len) */ -+ *p++ = (unsigned char)( ( ( 2*(ssl->conf->dtls_srtp_profiles_list_len) ) >> 8 ) & 0xFF ); -+ *p++ = (unsigned char)( ( 2*(ssl->conf->dtls_srtp_profiles_list_len) ) & 0xFF ); -+ -+ for( protection_profiles_index=0; protection_profiles_index < ssl->conf->dtls_srtp_profiles_list_len; protection_profiles_index++ ) -+ { -+ switch (ssl->conf->dtls_srtp_profiles_list[protection_profiles_index]) { -+ case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: -+ *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF); -+ *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) & 0xFF); -+ break; -+ case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: -+ *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF); -+ *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) & 0xFF); -+ break; -+ case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: -+ *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF); -+ *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF); -+ break; -+ case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: -+ *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF); -+ *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF); -+ break; -+ default: -+ /* Note: we shall never arrive here as protection profiles is checked by ssl_set_dtls_srtp_protection_profiles function */ -+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", ssl->conf->dtls_srtp_profiles_list[protection_profiles_index]) ); -+ break; -+ } -+ } -+ -+ *p++ = 0x00; /* non implemented srtp_mki vector length is always 0 */ -+ /* total extension length: extension type (2 bytes) + extension length (2 bytes) + protection profile length (2 bytes) + 2*nb protection profiles + srtp_mki vector length(1 byte)*/ -+ *olen = 2 + 2 + 2 + 2*(ssl->conf->dtls_srtp_profiles_list_len) + 1; -+} -+#endif /* MBEDTLS_SSL_DTLS_SRTP */ -+ - /* - * Generate random bytes for ClientHello - */ -@@ -1006,6 +1079,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) - ext_len += olen; - #endif - -+#if defined(MBEDTLS_SSL_DTLS_SRTP) -+ ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen ); -+ ext_len += olen; -+#endif -+ - #if defined(MBEDTLS_SSL_SESSION_TICKETS) - ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; -@@ -1308,6 +1386,81 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, - } - #endif /* MBEDTLS_SSL_ALPN */ - -+#if defined(MBEDTLS_SSL_DTLS_SRTP) -+static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, -+ const unsigned char *buf, size_t len ) -+{ -+ enum mbedtls_DTLS_SRTP_protection_profiles server_protection = MBEDTLS_SRTP_UNSET_PROFILE; -+ size_t i; -+ uint16_t server_protection_profile_value = 0; -+ -+ /* If use_srtp is not configured, just ignore the extension */ -+ if( ( ssl->conf->dtls_srtp_profiles_list == NULL ) || ( ssl->conf->dtls_srtp_profiles_list_len == 0 ) ) -+ return( 0 ); -+ -+ /* RFC5764 section 4.1.1 -+ * uint8 SRTPProtectionProfile[2]; -+ * -+ * struct { -+ * SRTPProtectionProfiles SRTPProtectionProfiles; -+ * opaque srtp_mki<0..255>; -+ * } UseSRTPData; -+ -+ * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; -+ * -+ * Note: srtp_mki is not supported -+ */ -+ -+ /* Length is 5 : one protection profile(2 bytes) + length(2 bytes) and potential srtp_mki which won't be parsed */ -+ if( len < 5 ) -+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); -+ -+ /* -+ * get the server protection profile -+ */ -+ if (((uint16_t)(buf[0]<<8 | buf[1])) != 0x0002) { /* protection profile length must be 0x0002 as we must have only one protection profile in server Hello */ -+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); -+ } else { -+ server_protection_profile_value = buf[2]<<8 | buf[3]; -+ } -+ -+ /* -+ * Check we have the server profile in our list -+ */ -+ for( i=0; i < ssl->conf->dtls_srtp_profiles_list_len; i++) -+ { -+ switch ( server_protection_profile_value ) { -+ case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE: -+ server_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80; -+ break; -+ case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE: -+ server_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32; -+ break; -+ case MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE: -+ server_protection = MBEDTLS_SRTP_NULL_HMAC_SHA1_80; -+ break; -+ case MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE: -+ server_protection = MBEDTLS_SRTP_NULL_HMAC_SHA1_32; -+ break; -+ default: -+ server_protection = MBEDTLS_SRTP_UNSET_PROFILE; -+ break; -+ } -+ -+ if (server_protection == ssl->conf->dtls_srtp_profiles_list[i]) { -+ ssl->chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profiles_list[i]; -+ return 0; -+ } -+ } -+ -+ /* If we get there, no match was found : server problem, it shall never answer with incompatible profile */ -+ ssl->chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; -+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, -+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); -+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); -+} -+#endif /* MBEDTLS_SSL_DTLS_SRTP */ -+ - /* - * Parse HelloVerifyRequest. Only called after verifying the HS type. - */ -@@ -1786,6 +1939,16 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) - break; - #endif /* MBEDTLS_SSL_ALPN */ - -+#if defined(MBEDTLS_SSL_DTLS_SRTP) -+ case MBEDTLS_TLS_EXT_USE_SRTP: -+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); -+ -+ if( ( ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ) ) != 0 ) -+ return( ret ); -+ -+ break; -+#endif /* MBEDTLS_SSL_DTLS_SRTP */ -+ - default: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", - ext_id ) ); -diff --git a/library/ssl_srv.c b/library/ssl_srv.c -index 6b5b461..72b50ab 100644 ---- library/ssl_srv.c -+++ library/ssl_srv.c -@@ -573,6 +573,78 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, - } - #endif /* MBEDTLS_SSL_ALPN */ - -+#if defined(MBEDTLS_SSL_DTLS_SRTP) -+static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, -+ const unsigned char *buf, size_t len ) -+{ -+ enum mbedtls_DTLS_SRTP_protection_profiles client_protection = MBEDTLS_SRTP_UNSET_PROFILE; -+ size_t i,j; -+ uint16_t profile_length; -+ -+ /* If use_srtp is not configured, just ignore the extension */ -+ if( ( ssl->conf->dtls_srtp_profiles_list == NULL ) || ( ssl->conf->dtls_srtp_profiles_list_len == 0 ) ) -+ return( 0 ); -+ -+ /* RFC5764 section 4.1.1 -+ * uint8 SRTPProtectionProfile[2]; -+ * -+ * struct { -+ * SRTPProtectionProfiles SRTPProtectionProfiles; -+ * opaque srtp_mki<0..255>; -+ * } UseSRTPData; -+ -+ * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; -+ * -+ * Note: srtp_mki is not supported -+ */ -+ -+ /* Min length is 5 : at least one protection profile(2 bytes) and length(2 bytes) + srtp_mki length(1 byte) */ -+ if( len < 5 ) -+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); -+ -+ /* -+ * Use our order of preference -+ */ -+ profile_length = buf[0]<<8|buf[1]; /* first 2 bytes are protection profile length(in bytes) */ -+ for( i=0; i < ssl->conf->dtls_srtp_profiles_list_len; i++) -+ { -+ /* parse the extension list values are defined in http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */ -+ for (j=0; jconf->dtls_srtp_profiles_list[i]) { -+ ssl->chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profiles_list[i]; -+ return 0; -+ } -+ } -+ } -+ -+ /* If we get there, no match was found */ -+ ssl->chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; -+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, -+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); -+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); -+} -+#endif /* MBEDTLS_SSL_DTLS_SRTP */ -+ - /* - * Auxiliary functions for ServerHello parsing and related actions - */ -@@ -1675,7 +1747,16 @@ read_record_header: - if( ret != 0 ) - return( ret ); - break; --#endif /* MBEDTLS_SSL_SESSION_TICKETS */ -+#endif /* MBEDTLS_SSL_ALPN */ -+ -+#if defined(MBEDTLS_SSL_DTLS_SRTP) -+ case MBEDTLS_TLS_EXT_USE_SRTP: -+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); -+ ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ); -+ if ( ret != 0) -+ return( ret ); -+ break; -+#endif /* MBEDTLS_SSL_DTLS_SRTP */ - - default: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", -@@ -2144,6 +2225,57 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, - } - #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ - -+#if defined(MBEDTLS_SSL_DTLS_SRTP ) -+static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, -+ unsigned char *buf, size_t *olen ) -+{ -+ if( ssl->chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE ) -+ { -+ *olen = 0; -+ return; -+ } -+ -+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding use_srtp extension" ) ); -+ -+ /* extension */ -+ buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); -+ buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); -+ /* total length (5: only one profile(2 bytes) and length(2bytes) and srtp_mki not supported so zero length(1byte) ) */ -+ buf[2] = 0x00; -+ buf[3] = 0x05; -+ -+ /* protection profile length: 2 */ -+ buf[4] = 0x00; -+ buf[5] = 0x02; -+ switch (ssl->chosen_dtls_srtp_profile) { -+ case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: -+ buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE >> 8) & 0xFF ); -+ buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) & 0xFF ); -+ break; -+ case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: -+ buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE >> 8) & 0xFF ); -+ buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) & 0xFF ); -+ break; -+ case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: -+ buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE >> 8) & 0xFF ); -+ buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF ); -+ break; -+ case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: -+ buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE >> 8) & 0xFF ); -+ buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF ); -+ break; -+ default: -+ *olen = 0; -+ return; -+ break; -+ } -+ -+ buf[8] = 0x00; /* unsupported srtp_mki variable length vector set to 0 */ -+ -+ *olen = 9; -+} -+#endif /* MBEDTLS_SSL_DTLS_SRTP */ -+ - #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) - static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) - { -@@ -2408,6 +2540,11 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) - ext_len += olen; - #endif - -+#if defined(MBEDTLS_SSL_DTLS_SRTP) -+ ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen); -+ ext_len += olen; -+#endif -+ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) ); - - if( ext_len > 0 ) -diff --git a/library/ssl_tls.c b/library/ssl_tls.c -index 4424f56..940f8aa 100644 ---- library/ssl_tls.c -+++ library/ssl_tls.c -@@ -373,7 +373,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, - { - size_t nb; - size_t i, j, k, md_len; -- unsigned char tmp[128]; -+ unsigned char tmp[144]; - unsigned char h_i[MBEDTLS_MD_MAX_SIZE]; - const mbedtls_md_info_t *md_info; - mbedtls_md_context_t md_ctx; -@@ -636,6 +636,30 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) - else - MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); - -+#if defined(MBEDTLS_SSL_DTLS_SRTP) -+ /* check if we have a chosen srtp protection profile */ -+ if (ssl->chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE) { -+ /* derive key material for srtp session RFC5764 section 4.2 */ -+ /* master key and master salt are respectively 128 bits and 112 bits for all currently available modes : -+ * SRTP_AES128_CM_HMAC_SHA1_80, SRTP_AES128_CM_HMAC_SHA1_32 -+ * SRTP_NULL_HMAC_SHA1_80, SRTP_NULL_HMAC_SHA1_32 -+ * So we must export 2*(128 + 112) = 480 bits -+ */ -+ ssl->dtls_srtp_keys_len = 60; -+ -+ ssl->dtls_srtp_keys = (unsigned char *)mbedtls_calloc(1, ssl->dtls_srtp_keys_len); -+ -+ ret = handshake->tls_prf( session->master, 48, "EXTRACTOR-dtls_srtp", -+ handshake->randbytes, 64, ssl->dtls_srtp_keys, ssl->dtls_srtp_keys_len ); -+ -+ if( ret != 0 ) -+ { -+ MBEDTLS_SSL_DEBUG_RET( 1, "dtls srtp prf", ret ); -+ return( ret ); -+ } -+ } -+#endif /* MBEDTLS_SSL_DTLS_SRTP */ -+ - /* - * Swap the client and server random values. - */ -@@ -5408,6 +5432,12 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, - ssl->in_msg = ssl->in_buf + 13; - } - -+#if defined(MBEDTLS_SSL_DTLS_SRTP) -+ ssl->chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; -+ ssl->dtls_srtp_keys = NULL; -+ ssl->dtls_srtp_keys_len = 0; -+#endif -+ - if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) - return( ret ); - -@@ -5997,6 +6027,61 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) - } - #endif /* MBEDTLS_SSL_ALPN */ - -+#if defined(MBEDTLS_SSL_DTLS_SRTP) -+int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const enum mbedtls_DTLS_SRTP_protection_profiles *profiles, size_t profiles_number) -+{ -+ size_t i; -+ /* check in put validity : must be a list of profiles from enumeration */ -+ /* maximum length is 4 as only 4 protection profiles are defined */ -+ if (profiles_number>4) { -+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; -+ } -+ -+ mbedtls_free(conf->dtls_srtp_profiles_list); -+ conf->dtls_srtp_profiles_list = (enum mbedtls_DTLS_SRTP_protection_profiles *)mbedtls_calloc(1, profiles_number*sizeof(enum mbedtls_DTLS_SRTP_protection_profiles)); -+ -+ for (i=0; idtls_srtp_profiles_list[i] = profiles[i]; -+ break; -+ default: -+ mbedtls_free(conf->dtls_srtp_profiles_list); -+ conf->dtls_srtp_profiles_list = NULL; -+ conf->dtls_srtp_profiles_list_len = 0; -+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; -+ } -+ } -+ -+ /* assign array length */ -+ conf->dtls_srtp_profiles_list_len = profiles_number; -+ -+ return( 0 ); -+} -+ -+enum mbedtls_DTLS_SRTP_protection_profiles mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl) -+{ -+ return( ssl->chosen_dtls_srtp_profile); -+} -+ -+int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, const size_t key_buffer_len, size_t *key_len ) { -+ *key_len = 0; -+ -+ /* check output buffer size */ -+ if ( key_buffer_len < ssl->dtls_srtp_keys_len) { -+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; -+ } -+ -+ memcpy( key, ssl->dtls_srtp_keys, ssl->dtls_srtp_keys_len); -+ *key_len = ssl->dtls_srtp_keys_len; -+ -+ return 0; -+} -+#endif /* MBEDTLS_SSL_DTLS_SRTP */ -+ - void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) - { - conf->max_major_ver = major; -@@ -7083,6 +7169,11 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) - mbedtls_free( ssl->cli_id ); - #endif - -+#if defined (MBEDTLS_SSL_DTLS_SRTP) -+ mbedtls_platform_zeroize( ssl->dtls_srtp_keys, ssl->dtls_srtp_keys_len ); -+ mbedtls_free( ssl->dtls_srtp_keys ); -+#endif /* MBEDTLS_SSL_DTLS_SRTP */ -+ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); - - /* Actually clear after last debug message */ -@@ -7311,6 +7402,10 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) - ssl_key_cert_free( conf->key_cert ); - #endif - -+#if defined (MBEDTLS_SSL_DTLS_SRTP) -+ mbedtls_free( conf->dtls_srtp_profiles_list ); -+#endif -+ - mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) ); - } - diff --git a/security/mbedtls/files/patch-include_mbedtls_config.h b/security/mbedtls/files/patch-include_mbedtls_config.h new file mode 100644 index 000000000000..fa23d72d7946 --- /dev/null +++ b/security/mbedtls/files/patch-include_mbedtls_config.h @@ -0,0 +1,29 @@ +--- include/mbedtls/config.h.orig 2021-12-15 13:47:54 UTC ++++ include/mbedtls/config.h +@@ -1946,7 +1946,7 @@ + * + * Uncomment this to enable support for use_srtp extension. + */ +-//#define MBEDTLS_SSL_DTLS_SRTP ++#define MBEDTLS_SSL_DTLS_SRTP + + /** + * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +@@ -2129,7 +2129,7 @@ + * + * Uncomment this to enable pthread mutexes. + */ +-//#define MBEDTLS_THREADING_PTHREAD ++#define MBEDTLS_THREADING_PTHREAD + + /** + * \def MBEDTLS_USE_PSA_CRYPTO +@@ -3452,7 +3452,7 @@ + * + * Enable this layer to allow use of mutexes within mbed TLS + */ +-//#define MBEDTLS_THREADING_C ++#define MBEDTLS_THREADING_C + + /** + * \def MBEDTLS_TIMING_C diff --git a/security/mbedtls/pkg-descr b/security/mbedtls/pkg-descr index 8901bb50743e..41b01c0c3c83 100644 --- a/security/mbedtls/pkg-descr +++ b/security/mbedtls/pkg-descr @@ -1,4 +1,4 @@ mbed TLS is a lightweight, portable, fully featured and standards compliant SSL/TLS and cryptography library. -WWW: https://tls.mbed.org/ +WWW: https://www.trustedfirmware.org/projects/mbed-tls/ diff --git a/security/mbedtls/pkg-plist b/security/mbedtls/pkg-plist index fd4aa001cfa7..f98edaf834e3 100644 --- a/security/mbedtls/pkg-plist +++ b/security/mbedtls/pkg-plist @@ -1,136 +1,171 @@ bin/mbedtls_benchmark bin/mbedtls_cert_app bin/mbedtls_cert_req bin/mbedtls_cert_write bin/mbedtls_crl_app bin/mbedtls_crypt_and_hash +bin/mbedtls_crypto_examples bin/mbedtls_dh_client bin/mbedtls_dh_genprime bin/mbedtls_dh_server +bin/mbedtls_dlopen +bin/mbedtls_dlopen_demo.sh bin/mbedtls_dtls_client bin/mbedtls_dtls_server bin/mbedtls_ecdh_curve25519 bin/mbedtls_ecdsa +bin/mbedtls_fuzz_client +bin/mbedtls_fuzz_dtlsclient +bin/mbedtls_fuzz_dtlsserver +bin/mbedtls_fuzz_privkey +bin/mbedtls_fuzz_pubkey +bin/mbedtls_fuzz_server +bin/mbedtls_fuzz_x509crl +bin/mbedtls_fuzz_x509crt +bin/mbedtls_fuzz_x509csr bin/mbedtls_gen_entropy bin/mbedtls_gen_key bin/mbedtls_gen_random_ctr_drbg bin/mbedtls_gen_random_havege +bin/mbedtls_generate_cpp_dummy_build.sh bin/mbedtls_generic_sum bin/mbedtls_hello bin/mbedtls_key_app bin/mbedtls_key_app_writer +bin/mbedtls_key_ladder_demo +bin/mbedtls_key_ladder_demo.sh bin/mbedtls_load_roots bin/mbedtls_mini_client bin/mbedtls_mpi_demo bin/mbedtls_pem2der bin/mbedtls_pk_decrypt bin/mbedtls_pk_encrypt bin/mbedtls_pk_sign bin/mbedtls_pk_verify +bin/mbedtls_psa_constant_names bin/mbedtls_query_compile_time_config bin/mbedtls_req_app bin/mbedtls_rsa_decrypt bin/mbedtls_rsa_encrypt bin/mbedtls_rsa_genkey bin/mbedtls_rsa_sign bin/mbedtls_rsa_sign_pss bin/mbedtls_rsa_verify bin/mbedtls_rsa_verify_pss bin/mbedtls_selftest bin/mbedtls_ssl_client1 bin/mbedtls_ssl_client2 +bin/mbedtls_ssl_context_info bin/mbedtls_ssl_fork_server bin/mbedtls_ssl_mail_client bin/mbedtls_ssl_server bin/mbedtls_ssl_server2 bin/mbedtls_strerror bin/mbedtls_udp_proxy bin/mbedtls_udp_proxy_wrapper.sh bin/mbedtls_zeroize include/mbedtls/aes.h include/mbedtls/aesni.h include/mbedtls/arc4.h include/mbedtls/aria.h include/mbedtls/asn1.h include/mbedtls/asn1write.h include/mbedtls/base64.h include/mbedtls/bignum.h include/mbedtls/blowfish.h include/mbedtls/bn_mul.h include/mbedtls/camellia.h include/mbedtls/ccm.h include/mbedtls/certs.h include/mbedtls/chacha20.h include/mbedtls/chachapoly.h include/mbedtls/check_config.h include/mbedtls/cipher.h include/mbedtls/cipher_internal.h include/mbedtls/cmac.h include/mbedtls/compat-1.3.h include/mbedtls/config.h +include/mbedtls/config_psa.h +include/mbedtls/constant_time.h include/mbedtls/ctr_drbg.h include/mbedtls/debug.h include/mbedtls/des.h include/mbedtls/dhm.h include/mbedtls/ecdh.h include/mbedtls/ecdsa.h include/mbedtls/ecjpake.h include/mbedtls/ecp.h include/mbedtls/ecp_internal.h include/mbedtls/entropy.h include/mbedtls/entropy_poll.h include/mbedtls/error.h include/mbedtls/gcm.h include/mbedtls/havege.h include/mbedtls/hkdf.h include/mbedtls/hmac_drbg.h include/mbedtls/md.h include/mbedtls/md2.h include/mbedtls/md4.h include/mbedtls/md5.h include/mbedtls/md_internal.h include/mbedtls/memory_buffer_alloc.h include/mbedtls/net.h include/mbedtls/net_sockets.h include/mbedtls/nist_kw.h include/mbedtls/oid.h include/mbedtls/padlock.h include/mbedtls/pem.h include/mbedtls/pk.h include/mbedtls/pk_internal.h include/mbedtls/pkcs11.h include/mbedtls/pkcs12.h include/mbedtls/pkcs5.h include/mbedtls/platform.h include/mbedtls/platform_time.h include/mbedtls/platform_util.h include/mbedtls/poly1305.h +include/mbedtls/psa_util.h include/mbedtls/ripemd160.h include/mbedtls/rsa.h include/mbedtls/rsa_internal.h include/mbedtls/sha1.h include/mbedtls/sha256.h include/mbedtls/sha512.h include/mbedtls/ssl.h include/mbedtls/ssl_cache.h include/mbedtls/ssl_ciphersuites.h include/mbedtls/ssl_cookie.h include/mbedtls/ssl_internal.h include/mbedtls/ssl_ticket.h include/mbedtls/threading.h include/mbedtls/timing.h include/mbedtls/version.h include/mbedtls/x509.h include/mbedtls/x509_crl.h include/mbedtls/x509_crt.h include/mbedtls/x509_csr.h include/mbedtls/xtea.h +include/psa/crypto.h +include/psa/crypto_builtin_composites.h +include/psa/crypto_builtin_primitives.h +include/psa/crypto_compat.h +include/psa/crypto_config.h +include/psa/crypto_driver_common.h +include/psa/crypto_driver_contexts_composites.h +include/psa/crypto_driver_contexts_primitives.h +include/psa/crypto_extra.h +include/psa/crypto_platform.h +include/psa/crypto_se_driver.h +include/psa/crypto_sizes.h +include/psa/crypto_struct.h +include/psa/crypto_types.h +include/psa/crypto_values.h lib/libmbedcrypto.a lib/libmbedcrypto.so -lib/libmbedcrypto.so.3 +lib/libmbedcrypto.so.7 lib/libmbedtls.a lib/libmbedtls.so -lib/libmbedtls.so.12 +lib/libmbedtls.so.14 lib/libmbedx509.a lib/libmbedx509.so -lib/libmbedx509.so.0 +lib/libmbedx509.so.1 diff --git a/security/openvpn-devel/Makefile b/security/openvpn-devel/Makefile index a118648f9e33..3aaccdd308e0 100644 --- a/security/openvpn-devel/Makefile +++ b/security/openvpn-devel/Makefile @@ -1,152 +1,153 @@ # Created by: Matthias Andree PORTNAME= openvpn DISTVERSION= g20210603 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security net net-vpn PKGNAMESUFFIX= -devel MAINTAINER= gert@greenie.muc.de # let's use ?= in spite of portlint WARNings because this might become # security/openvpn one day which would then have a slave port: COMMENT?= Secure IP/Ethernet tunnel daemon LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/COPYRIGHT.GPL BUILD_DEPENDS+= cmocka>=0:sysutils/cmocka \ rst2man:textproc/py-docutils LIB_DEPENDS+= liblzo2.so:archivers/lzo2 USES= autoreconf cpe libtool pkgconfig shebangfix tar:xz IGNORE_SSL= libressl libressl-devel USE_GITLAB= yes GL_COMMIT= 0033811e0215af76f469d78912c95a2f59813454 USE_RC_SUBR= openvpn SHEBANG_FILES= sample/sample-scripts/auth-pam.pl sample/sample-scripts/ucn.pl \ sample/sample-scripts/verify-cn GNU_CONFIGURE= yes CONFIGURE_ARGS+= --enable-strict # set PLUGIN_LIBDIR so that unqualified plugin paths are found: CONFIGURE_ENV+= PLUGINDIR="${PREFIX}/lib/openvpn/plugins" # let OpenVPN's configure script pick up the requisite libraries, # but do not break the plugin build if an older version is installed .ifdef (LOG_OPENVPN) CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN} .endif CPPFLAGS+= -I${WRKSRC}/include -I${LOCALBASE}/include -DCONFIGURE_GIT_REVISION='\"${GL_COMMIT}\"' -DCONFIGURE_GIT_FLAGS= LDFLAGS+= -L${LOCALBASE}/lib CONFLICTS_INSTALL?= openvpn-2.[!4].* openvpn-[!2].* openvpn-beta \ openvpn-devel openvpn-mbedtls SUB_FILES= openvpn-client pkg-message PORTDOCS= * PORTEXAMPLES= * OPTIONS_DEFINE= DOCS EASYRSA EXAMPLES LZ4 PKCS11 SMALL TEST TUNNELBLICK \ X509ALTUSERNAME OPTIONS_DEFAULT= EASYRSA LZ4 OPENSSL TEST OPTIONS_SINGLE= SSL OPTIONS_SINGLE_SSL= MBEDTLS OPENSSL # option descriptions and interdependencies EASYRSA_DESC= Install security/easy-rsa RSA helper package MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3) PKCS11_DESC= Use security/pkcs11-helper PKCS11_PREVENTS= MBEDTLS PKCS11_PREVENTS_MSG= OpenVPN cannot use pkcs11-helper with mbedTLS. \ Disable PKCS11, or use OpenSSL instead SMALL_DESC= Build a smaller executable with fewer features TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!) X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only) X509ALTUSERNAME_PREVENTS= MBEDTLS X509ALTUSERNAME_PREVENTS_MSG= OpenVPN ${DISTVERSION} cannot use \ --x509-username-field with mbedTLS. Disable \ X509ALTUSERNAME, or use OpenSSL instead # option implementations EASYRSA_RUN_DEPENDS= easy-rsa>=0:security/easy-rsa LZ4_LIB_DEPENDS+= liblz4.so:archivers/liblz4 LZ4_CONFIGURE_OFF= --disable-lz4 MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls MBEDTLS_CONFIGURE_ON= --with-crypto-library=mbedtls OPENSSL_USES= ssl OPENSSL_CONFIGURE_ON= --with-crypto-library=openssl PKCS11_LIB_DEPENDS= libpkcs11-helper.so:security/pkcs11-helper PKCS11_CONFIGURE_ENABLE= pkcs11 SMALL_CONFIGURE_ON= --enable-small TEST_ALL_TARGET= check TEST_TEST_TARGET_OFF= check TUNNELBLICK_EXTRA_PATCHES= ${FILESDIR}/extra-tunnelblick-openvpn_xorpatch X509ALTUSERNAME_CONFIGURE_ENABLE= x509-alt-username pre-configure: .ifdef (LOG_OPENVPN) @${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}" .else @${ECHO} "" @${ECHO} "You may use the following build options:" @${ECHO} "" @${ECHO} " LOG_OPENVPN={Valid syslog facility, default LOG_DAEMON}" @${ECHO} " EXAMPLE: make LOG_OPENVPN=LOG_LOCAL6" @${ECHO} "" .endif post-configure: ${REINPLACE_CMD} '/^CFLAGS =/s/$$/ -fPIC/' \ ${WRKSRC}/src/plugins/auth-pam/Makefile \ ${WRKSRC}/src/plugins/down-root/Makefile .include .if ${PORT_OPTIONS:MMBEDTLS} _tlslibs= libmbedtls libmbedx509 libmbedcrypto .else # OpenSSL _tlslibs= libssl libcrypto .endif # sanity check that we don't inherit incompatible SSL libs through, # for instance, pkcs11-helper: post-build: @a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \ | ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\ if test "$$*" != "1" ; then ${ECHO_CMD} >&2 "${.CURDIR} FAILED: either of ${_tlslibs} libraries linked multiple times" ; ${PRINTF} '%s\n' "$$a"; ${RM} ${BUILD_COOKIE} ; exit 1 ; fi post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-auth-pam.so ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-down-root.so ${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.up ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up ${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.down ${STAGEDIR}${PREFIX}/libexec/openvpn-client.down @${REINPLACE_CMD} 's|resolvconf -p -a|resolvconf -a|' ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up ${INSTALL_SCRIPT} ${WRKDIR}/openvpn-client ${STAGEDIR}${PREFIX}/sbin/openvpn-client ${MKDIR} ${STAGEDIR}${PREFIX}/include post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR}/ .for i in AUTHORS ChangeLog PORTS ${INSTALL_DATA} ${WRKSRC}/${i} ${STAGEDIR}${DOCSDIR}/ .endfor post-install-EXAMPLES-on: (cd ${WRKSRC}/sample && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}/) ${CHMOD} ${BINMODE} ${STAGEDIR}${EXAMPLESDIR}/sample-scripts/* ${RM} ${STAGEDIR}${EXAMPLESDIR}/sample-config-files/*.orig .include diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile index c2a7d0ea7321..57675596700a 100644 --- a/security/openvpn/Makefile +++ b/security/openvpn/Makefile @@ -1,187 +1,187 @@ # Created by: Matthias Andree PORTNAME= openvpn DISTVERSION= 2.5.5 -PORTREVISION?= 0 +PORTREVISION?= 1 CATEGORIES= security net net-vpn MASTER_SITES= https://swupdate.openvpn.org/community/releases/ \ https://build.openvpn.net/downloads/releases/ \ LOCAL/mandree MAINTAINER= mandree@FreeBSD.org COMMENT?= Secure IP/Ethernet tunnel daemon LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/COPYRIGHT.GPL USES= cpe libtool localbase:ldflags pkgconfig shebangfix tar:xz USE_RC_SUBR= openvpn SHEBANG_FILES= sample/sample-scripts/verify-cn \ sample/sample-scripts/auth-pam.pl \ sample/sample-scripts/ucn.pl GNU_CONFIGURE= yes CONFIGURE_ARGS+= --enable-strict # set PLUGIN_LIBDIR so that unqualified plugin paths are found: CONFIGURE_ENV+= PLUGINDIR="${PREFIX}/lib/openvpn/plugins" CONFLICTS_INSTALL?= openvpn-2.[!5].* openvpn-devel openvpn-mbedtls SUB_FILES= pkg-message openvpn-client USERS= openvpn GROUPS= openvpn PORTDOCS= * PORTEXAMPLES= * OPTIONS_DEFINE= ASYNC_PUSH DOCS EASYRSA EXAMPLES LZ4 LZO PKCS11 SMALL \ TEST TUNNELBLICK UNITTESTS X509ALTUSERNAME OPTIONS_DEFAULT= EASYRSA LZ4 LZO OPENSSL PKCS11 TEST OPTIONS_SINGLE= SSL OPTIONS_SINGLE_SSL= OPENSSL MBEDTLS ASYNC_PUSH_DESC= Enable async-push support EASYRSA_DESC= Install security/easy-rsa RSA helper package LZO_DESC= LZO compression (incompatible with LibreSSL) MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3) PKCS11_DESC= Use security/pkcs11-helper (OpenSSL only) SMALL_DESC= Build a smaller executable with fewer features TUNNELBLICK_DESC= XOR scrambling patch - DEPRECATED! UNITTESTS_DESC= Enable unit tests X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only) ASYNC_PUSH_LIB_DEPENDS= libinotify.so:devel/libinotify ASYNC_PUSH_CONFIGURE_ENABLE= async-push EASYRSA_RUN_DEPENDS= easy-rsa>=0:security/easy-rsa LZ4_LIB_DEPENDS+= liblz4.so:archivers/liblz4 LZ4_CONFIGURE_ENABLE= lz4 LZO_LIB_DEPENDS+= liblzo2.so:archivers/lzo2 LZO_CONFIGURE_ENABLE= lzo MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls MBEDTLS_CONFIGURE_ON= --with-crypto-library=mbedtls OPENSSL_USES= ssl OPENSSL_CONFIGURE_ON= --with-crypto-library=openssl PKCS11_PREVENTS= MBEDTLS PKCS11_PREVENTS_MSG= OpenVPN cannot use pkcs11-helper with mbedTLS. Disable PKCS11, or use OpenSSL instead PKCS11_LIB_DEPENDS= libpkcs11-helper.so:security/pkcs11-helper PKCS11_CONFIGURE_ENABLE= pkcs11 SMALL_CONFIGURE_ENABLE= small TEST_ALL_TARGET= check TEST_TEST_TARGET_OFF= check TUNNELBLICK_EXTRA_PATCHES= ${FILESDIR}/extra-tunnelblick-openvpn_xorpatch:-p1 UNITTESTS_BUILD_DEPENDS= cmocka>=0:sysutils/cmocka UNITTESTS_CONFIGURE_ENABLE= unit-tests X509ALTUSERNAME_PREVENTS= MBEDTLS X509ALTUSERNAME_PREVENTS_MSG= OpenVPN ${DISTVERSION} cannot use --x509-username-field with mbedTLS. Disable X509ALTUSERNAME, or use OpenSSL instead X509ALTUSERNAME_CONFIGURE_ENABLE= x509-alt-username .ifdef (LOG_OPENVPN) CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN} .endif .include .if ${PORT_OPTIONS:MMBEDTLS} BROKEN_FreeBSD_14= OpenVPN-mbedTLS fails on FreeBSD 14 _tlslibs=libmbedtls libmbedx509 libmbedcrypto .else # OpenSSL _tlslibs=libssl libcrypto .endif .if ${PORT_OPTIONS:MLZO} IGNORE_SSL=libressl libressl-devel IGNORE_SSL_REASON=OpenVPN does not have permission to include LZO with LibreSSL. Compile against OpenSSL, or if your setups support it, disable LZO support .endif .if ! ${PORT_OPTIONS:MLZ4} && ! ${PORT_OPTIONS:MLZO} CONFIGURE_ARGS+= --enable-comp-stub .endif .include .if !empty(PORT_OPTIONS:MLZO) && !empty(SSL_DEFAULT:Nbase:Nopenssl*) # in-depth security net if Mk/Uses/ssl.mk changes pre-everything:: @${ECHO_CMD} >&2 "ERROR: OpenVPN is not licensed to combine LZO with other OpenSSL-licensed libraries than OpenSSL. Compile against OpenSSL, or if your setups support it, disable LZO support." @${SHELL} -c 'exit 1' .endif .if !empty(PORT_OPTIONS:MMBEDTLS) || !empty(PORT_OPTIONS:MTUNNELBLICK) pre-everything:: @${ECHO_CMD} >&2 "======================================================================" @${ECHO_CMD} >&2 "Note that the mbedTLS and Tunnelblick options will go away 2022-03-31." @${ECHO_CMD} >&2 "======================================================================" .endif post-patch: ${REINPLACE_CMD} -E -i '' -e 's/(user|group) nobody/\1 openvpn/' \ -e 's/"nobody"( after init)/"openvpn" \1/' \ ${WRKSRC}/sample/sample-config-files/*.conf \ ${WRKSRC}/sample/sample-config-files/xinetd-*-config \ ${WRKSRC}/doc/man-sections/generic-options.rst pre-configure: .ifdef (LOG_OPENVPN) @${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}" .else @${ECHO} "" @${ECHO} "You may use the following build options:" @${ECHO} "" @${ECHO} " LOG_OPENVPN={Valid syslog facility, default LOG_DAEMON}" @${ECHO} " EXAMPLE: make LOG_OPENVPN=LOG_LOCAL6" @${ECHO} "" .endif .if !empty(SSL_DEFAULT:Mlibressl*) @${ECHO} "### --------------------------------------------------------- ###" @${ECHO} "### NOTE that libressl is not primarily supported by OpenVPN ###" @${ECHO} "### Do not report bugs without fixes/patches unless the issue ###" @${ECHO} "### can be reproduced with a released OpenSSL version. ###" @${ECHO} "### --------------------------------------------------------- ###" .endif post-configure: ${REINPLACE_CMD} '/^CFLAGS =/s/$$/ -fPIC/' \ ${WRKSRC}/src/plugins/auth-pam/Makefile \ ${WRKSRC}/src/plugins/down-root/Makefile # sanity check that we don't inherit incompatible SSL libs through, # for instance, pkcs11-helper: post-build: @a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \ | ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\ if test "$$*" != "1" ; then ${ECHO_CMD} >&2 "${.CURDIR} FAILED: either of ${_tlslibs} libraries linked multiple times" ; ${PRINTF} '%s\n' "$$a"; ${RM} ${BUILD_COOKIE} ; ( set -x ; ldd -a ${WRKSRC}/src/openvpn/openvpn ) ; exit 1 ; fi post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-auth-pam.so ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-down-root.so ${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.up ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up ${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.down ${STAGEDIR}${PREFIX}/libexec/openvpn-client.down @${REINPLACE_CMD} 's|resolvconf -p -a|resolvconf -a|' ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up ${INSTALL_SCRIPT} ${WRKDIR}/openvpn-client ${STAGEDIR}${PREFIX}/sbin/openvpn-client ${MKDIR} ${STAGEDIR}${PREFIX}/include post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR}/ .for i in AUTHORS ChangeLog PORTS ${INSTALL_MAN} ${WRKSRC}/${i} ${STAGEDIR}${DOCSDIR}/ .endfor post-install-EXAMPLES-on: (cd ${WRKSRC}/sample && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}/) ${CHMOD} ${BINMODE} ${STAGEDIR}${EXAMPLESDIR}/sample-scripts/* ${RM} ${STAGEDIR}${EXAMPLESDIR}/sample-config-files/*.orig .include diff --git a/security/uacme/Makefile b/security/uacme/Makefile index 0958aa6df956..a37044335de0 100644 --- a/security/uacme/Makefile +++ b/security/uacme/Makefile @@ -1,49 +1,50 @@ PORTNAME= uacme DISTVERSIONPREFIX= upstream/ DISTVERSION= 1.7.1 +PORTREVISION= 1 CATEGORIES= security www MAINTAINER= tobik@FreeBSD.org COMMENT= Lightweight C ACMEv2 client which uses external authenticators LICENSE= GPLv3+ LICENSE_FILE= ${WRKSRC}/COPYING LIB_DEPENDS= libcurl.so:ftp/curl USES= gmake pkgconfig USE_GITHUB= yes GH_ACCOUNT= ndilieto GNU_CONFIGURE= yes CONFIGURE_ARGS= --datadir=${EXAMPLESDIR:H} \ --disable-maintainer-mode \ --sysconfdir=${PREFIX}/etc OPTIONS_DEFINE= DOCS EXAMPLES MANPAGES UALPN _OPENSSL_SAFE= ${${SSL_DEFAULT} == libressl || ${SSL_DEFAULT} == libressl-devel:?no:yes} OPTIONS_DEFAULT= ${${_OPENSSL_SAFE} == no:?GNUTLS:OPENSSL} MANPAGES \ UALPN OPTIONS_SINGLE= CRYPTO OPTIONS_SINGLE_CRYPTO= GNUTLS MBEDTLS OPENSSL OPTIONS_EXCLUDE= ${${_OPENSSL_SAFE} == no:?OPENSSL:} OPTIONS_SUB= yes CRYPTO_DESC= Crypto library UALPN_DESC= Install the proxying ACMEv2 tls-alpn-01 responder ualpn(1) GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls GNUTLS_CONFIGURE_WITH= gnutls MANPAGES_BUILD_DEPENDS= asciidoc:textproc/asciidoc MANPAGES_CONFIGURE_ENABLE= docs MBEDTLS_BROKEN= needs mbedtls >= 2.25, 2.16.x lacks mbedtls_x509_crt_parse_der_with_ext_cb support MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls MBEDTLS_CONFIGURE_WITH= mbedtls=${LOCALBASE} OPENSSL_USES= ssl OPENSSL_CONFIGURE_WITH= openssl=${OPENSSLBASE} UALPN_CONFIGURE_WITH= ualpn post-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_MAN} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} .include diff --git a/www/hiawatha/Makefile b/www/hiawatha/Makefile index 82bca118cf97..4b006272f1ba 100644 --- a/www/hiawatha/Makefile +++ b/www/hiawatha/Makefile @@ -1,71 +1,72 @@ # Created by: Hugo Leisink PORTNAME= hiawatha PORTVERSION= 10.12 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= https://www.hiawatha-webserver.org/files/ MAINTAINER= christopher.petrik@usm.edu COMMENT= Advanced and secure webserver for Unix LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE LIB_DEPENDS= libmbedtls.so:security/mbedtls USES= cmake:insource compiler:c11 cpe localbase:ldflags shebangfix CPE_VENDOR= ${PORTNAME}-webserver USE_RC_SUBR= hiawatha SHEBANG_FILES= extra/letsencrypt/lefh.in CMAKE_ARGS= -DCMAKE_INSTALL_LOCALSTATEDIR=/var \ -DWEBROOT_DIR=${WWWDIR} \ -DWORK_DIR=/var/db/${PORTNAME} CMAKE_ON= USE_SYSTEM_MBEDTLS OPTIONS_DEFINE= CACHE CGIWRAPPER LEFH LOADCHECK MONITOR RPROXY TOMAHAWK \ TOOLKIT XSLT OPTIONS_DEFAULT= CACHE CGIWRAPPER RPROXY TOOLKIT XSLT OPTIONS_SUB= yes CACHE_DESC= Caching support CGIWRAPPER_DESC= Install cgi-wrapper(1) (needs setuid bit) LEFH_DESC= Install Let's Encrypt For Hiawatha script LOADCHECK_DESC= Load check support (experimental) MONITOR_DESC= Hiawatha Monitor support RPROXY_DESC= Reverse proxy support TOMAHAWK_DESC= Tomahawk command shell support TOOLKIT_DESC= URL toolkit support XSLT_DESC= XSLT support CACHE_CMAKE_BOOL= ENABLE_CACHE LEFH_USES= php:cli LOADCHECK_CMAKE_BOOL= ENABLE_LOADCHECK MONITOR_CMAKE_BOOL= ENABLE_MONITOR RPROXY_CMAKE_BOOL= ENABLE_RPROXY TOMAHAWK_CMAKE_BOOL= ENABLE_TOMAHAWK TOOLKIT_CMAKE_BOOL= ENABLE_TOOLKIT XSLT_USES= gnome XSLT_USE= GNOME=libxslt XSLT_CMAKE_BOOL= ENABLE_XSLT post-patch: @${REINPLACE_CMD} -e 's|/usr/bin/ssi-cgi|${PREFIX}/bin/ssi-cgi|g' \ -e 's|/usr/bin|${LOCALBASE}/bin|g' \ ${WRKSRC}/config/cgi-wrapper.conf \ ${WRKSRC}/config/hiawatha.conf.in @${REINPLACE_CMD} -e 's|/usr/sbin|${PREFIX}/sbin|g' \ -e 's|/etc/hiawatha|${ETCDIR}|g' \ ${WRKSRC}/man/hiawatha.1.in post-install: .for f in hiawatha.conf mimetype.conf cgi-wrapper.conf toolkit.conf \ error.xslt index.xslt ${INSTALL_DATA} ${WRKSRC}/config/${f} \ ${STAGEDIR}${PREFIX}/etc/hiawatha/${f}.sample .endfor @${MKDIR} ${STAGEDIR}${WWWDIR} ${INSTALL_DATA} ${WRKSRC}/extra/index.html \ ${STAGEDIR}${WWWDIR}/index.html.sample .include diff --git a/www/lighttpd/Makefile b/www/lighttpd/Makefile index 7396825a3dd1..8c2f58b1a120 100644 --- a/www/lighttpd/Makefile +++ b/www/lighttpd/Makefile @@ -1,189 +1,190 @@ # Created by: k@123.org PORTNAME?= lighttpd PORTVERSION= 1.4.64 +PORTREVISION= 1 CATEGORIES?= www MASTER_SITES?= https://download.lighttpd.net/lighttpd/releases-1.4.x/ MAINTAINER= pkubaj@FreeBSD.org COMMENT?= Secure, fast, compliant, and flexible Web Server .if !defined(_BUILDING_LIGHTTPD_MODULE) LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING .endif LIB_DEPENDS+= libpcre2-8.so:devel/pcre2 USES= autoreconf compiler:c11 gmake libtool localbase pkgconfig tar:xz USE_CSTD= gnu99 .if !defined(_BUILDING_LIGHTTPD_MODULE) USES+= cpe .endif GNU_CONFIGURE= yes CONFIGURE_ARGS+= --libdir=${PREFIX}/lib/lighttpd INSTALL_TARGET= install-strip .if !defined(_BUILDING_LIGHTTPD_MODULE) TEST_TARGET= check PORTDOCS= AUTHORS COPYING INSTALL NEWS README USE_RC_SUBR= lighttpd REQUIRE= LOGIN OPTIONS_DEFINE= ATTR DBI DOCS IPV6 KRB5 LUA MAXMINDDB NETTLE LDAP SPAWNFCGI \ VALGRIND WEBDAV ZSTD OPTIONS_GROUP= SSL OPTIONS_GROUP_SSL= OPENSSL GNUTLS MBEDTLS NSS WOLFSSL OPTIONS_DEFAULT= NETTLE LUA OPENSSL OPTIONS_SUB= yes ATTR_DESC= extended attributes support DBI_DESC= DBI authentication (mod_authn_dbi) KRB5_DESC= Kerberos authentication (mod_authn_gssapi) LDAP_DESC= LDAP authentication (mod_authn_ldap) LUA_DESC= lua support (mod_magnet) MAXMINDDB_DESC= IP-based geolocation lookup (mod_maxminddb) NETTLE_DESC= Crypto support from Nettle SPAWNFCGI_DESC= Depend on spawn-fcgi utility VALGRIND_DESC= valgrind support WEBDAV_DESC= WebDAV support ZSTD_DESC= mod_deflate support for zstd (Zstandard) ATTR_CONFIGURE_WITH= attr DBI_CONFIGURE_WITH= dbi=${LOCALBASE} DBI_LIB_DEPENDS= libdbi.so:databases/libdbi GNUTLS_CONFIGURE_WITH= gnutls=${LOCALBASE} GNUTLS_LIBS= -lgnutls GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls IPV6_CONFIGURE_OFF= --disable-ipv6 KRB5_CONFIGURE_WITH= krb5 KRB5_CPPFLAGS= ${GSSAPICPPFLAGS} KRB5_LDFLAGS= ${GSSAPILDFLAGS} KRB5_LIBS= ${GSSAPILIBS} KRB5_USES= gssapi:mit LDAP_CONFIGURE_WITH= ldap LDAP_USE= openldap=yes LDAP_VARS= REQUIRE+=slapd LUA_USES= lua LUA_CONFIGURE_WITH= lua LUA_CONFIGURE_ENV= LUA_CFLAGS="-I${LUA_INCDIR}" LUA_LIBS="-L${LUA_LIBDIR} -llua-${LUA_VER}" MAXMINDDB_CONFIGURE_WITH= maxminddb=${LOCALBASE} MAXMINDDB_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb MBEDTLS_CONFIGURE_WITH= mbedtls=${LOCALBASE} MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls NETTLE_CONFIGURE_WITH= nettle=${LOCALBASE} NETTLE_LIB_DEPENDS= libnettle.so:security/nettle NSS_CONFIGURE_WITH= nss=${LOCALBASE} NSS_CPPFLAGS= -I${LOCALBASE}/include/nspr NSS_LIB_DEPENDS= libnss3.so:security/nss OPENSSL_USES= ssl OPENSSL_CONFIGURE_WITH= openssl OPENSSL_CONFIGURE_ON= --with-openssl-includes=${OPENSSLINC} --with-openssl-libs=${OPENSSLLIB} SPAWNFCGI_RUN_DEPENDS= spawn-fcgi:www/spawn-fcgi VALGRIND_BUILD_DEPENDS= valgrind:devel/valgrind VALGRIND_RUN_DEPENDS= valgrind:devel/valgrind VALGRIND_CONFIGURE_WITH=valgrind WEBDAV_USES= gnome WEBDAV_USE= GNOME=libxml2 WEBDAV_LIB_DEPENDS= libuuid.so:misc/e2fsprogs-libuuid \ libsqlite3.so:databases/sqlite3 WEBDAV_CONFIGURE_WITH= webdav-props webdav-locks WOLFSSL_CONFIGURE_WITH= wolfssl=${LOCALBASE} WOLFSSL_LIB_DEPENDS= libwolfssl.so:security/wolfssl ZSTD_CONFIGURE_WITH= zstd ZSTD_LIB_DEPENDS= libzstd.so:archivers/zstd LIGHTTPD_CONF_FILES= lighttpd.conf modules.conf LIGHTTPD_CONF_D_FILES= access_log.conf \ auth.conf \ cgi.conf \ debug.conf \ dirlisting.conf \ evhost.conf \ expire.conf \ fastcgi.conf \ magnet.conf \ mime.conf \ proxy.conf \ rrdtool.conf \ scgi.conf \ secdownload.conf \ simple_vhost.conf \ ssi.conf \ status.conf \ userdir.conf \ webdav.conf USERS= ${WWWOWN} GROUPS= ${WWWGRP} CACHEDIR= /var/cache/${PORTNAME} LOGDIR= /var/log/${PORTNAME} HOMEDIR= /var/run/${PORTNAME} RUNDIR= /var/run PLIST_SUB+= WWWOWN="${WWWOWN}" WWWGRP="${WWWGRP}" PLIST_SUB+= CACHEDIR="${CACHEDIR}" HOMEDIR="${HOMEDIR}" LOGDIR="${LOGDIR}" .endif # !defined(_BUILDING_LIGHTTPD_MODULE) .include .if !defined(_BUILDING_LIGHTTPD_MODULE) SUB_LIST= REQUIRE="${REQUIRE}" post-patch: @${REINPLACE_CMD} -E -e \ 's|^(server.document-root.*=).*|\1 "${PREFIX}/www" + "/data"|' \ -e "s|/etc/lighttpd|${ETCDIR}|g" \ -e 's|^(server.event-handler.*=).*|\1 "freebsd-kqueue"|' \ -e 's|^(server.network-backend.*=).*|\1 "writev"|' \ -e "s|^(server.username.*=).*|\1 \"${WWWOWN}\"|" \ -e "s|^(server.groupname.*=).*|\1 \"${WWWGRP}\"|" \ -e "s|^(var.log_root.*=).*|\1 \"${LOGDIR}\"|" \ -e "s|^(var.server_root.*=).*|\1 \"${WWWDIR}\"|" \ -e "s|^(var.home_dir.*=).*|\1 \"${HOMEDIR}\"|" \ -e "s|^(var.state_dir.*=).*|\1 \"${RUNDIR}\"|" \ -e "s|^(var.cache_dir.*=).*|\1 \"${CACHEDIR}\"|" \ ${WRKSRC}/doc/config/lighttpd.conf @${REINPLACE_CMD} -e "s|/etc/lighttpd|${ETCDIR}|g" \ ${WRKSRC}/doc/config/conf.d/auth.conf @${REINPLACE_CMD} -e "s|/usr/bin/python|${LOCALBASE}/bin/python|" \ ${WRKSRC}/doc/config/conf.d/cgi.conf \ ${WRKSRC}/tests/*.conf @${ECHO} >> ${WRKSRC}/doc/config/lighttpd.conf @${ECHO} "# IPv4 listening socket" >> \ ${WRKSRC}/doc/config/lighttpd.conf @${ECHO} "\$$SERVER[\"socket\"] == \"0.0.0.0:80\" { }" >> \ ${WRKSRC}/doc/config/lighttpd.conf post-install: @${MKDIR} ${STAGEDIR}${ETCDIR}/conf.d ${STAGEDIR}${ETCDIR}/vhosts.d .for FILE in ${LIGHTTPD_CONF_FILES} ${INSTALL_DATA} ${WRKSRC}/doc/config/${FILE} \ ${STAGEDIR}${ETCDIR}/${FILE}.sample .endfor .for FILE in ${LIGHTTPD_CONF_D_FILES} ${INSTALL_DATA} ${WRKSRC}/doc/config/conf.d/${FILE} \ ${STAGEDIR}${ETCDIR}/conf.d/${FILE}.sample .endfor ${INSTALL_DATA} ${WRKSRC}/doc/config/vhosts.d/vhosts.template \ ${STAGEDIR}${ETCDIR}/vhosts.d/vhosts.template @${MKDIR} ${STAGEDIR}${WWWDIR} @${MKDIR} -m 0700 ${STAGEDIR}${CACHEDIR} @${MKDIR} -m 0700 ${STAGEDIR}${HOMEDIR}/sockets @${MKDIR} -m 0700 ${STAGEDIR}${LOGDIR} post-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} (cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}) .endif # !defined(_BUILDING_LIGHTTPD_MODULE) .include