6 files changed, 61 insertions, 385 deletions

diff --git a/net-im/jabberd/Makefile b/net-im/jabberd/Makefile
index 3bc993b89396..441fb51d0f7f 100644
--- a/net-im/jabberd/Makefile
+++ b/net-im/jabberd/Makefile
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	jabberd
-PORTVERSION=	2.6.1
-PORTREVISION=	7
+PORTVERSION=	2.7.0
 CATEGORIES=	net-im
 MASTER_SITES=	https://github.com/jabberd2/jabberd2/releases/download/${PORTNAME}-${DISTVERSION}/ \
 		LOCAL/matthew/${PORTNAME}
@@ -17,6 +16,7 @@ LIB_DEPENDS=	libexpat.so:textproc/expat2 \
 		libgsasl.so:security/gsasl \
 		libidn.so:dns/libidn \
 		libudns.so:dns/udns
+
 USES=		autoreconf compiler:c11 iconv libtool perl5 pkgconfig \
 		ssl tar:xz
 
diff --git a/net-im/jabberd/distinfo b/net-im/jabberd/distinfo
index e0043c37d847..4edbd1b5ccd3 100644
--- a/net-im/jabberd/distinfo
+++ b/net-im/jabberd/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1501080298
-SHA256 (jabberd-2.6.1.tar.xz) = c22d45bd4105b344351cbbfd6da99755182f64120747d18e91b6267a73775099
-SIZE (jabberd-2.6.1.tar.xz) = 1542156
+TIMESTAMP = 1541116827
+SHA256 (jabberd-2.7.0.tar.xz) = a0273b5db690b18e5b86e2aecbe08fd0561f4ec20c190b390d4ef8c9034382a3
+SIZE (jabberd-2.7.0.tar.xz) = 1560872
diff --git a/net-im/jabberd/files/patch-configure.ac b/net-im/jabberd/files/patch-configure.ac
index 6446a2284968..c250de1d7d1d 100644
--- a/net-im/jabberd/files/patch-configure.ac
+++ b/net-im/jabberd/files/patch-configure.ac
@@ -1,4 +1,4 @@
---- configure.ac.orig	2017-07-01 15:27:52 UTC
+--- configure.ac.orig	2018-11-01 20:35:12 UTC
 +++ configure.ac
 @@ -74,10 +74,6 @@ if test "x-$want_mio_debug" = "x-yes" ; then
      AC_DEFINE(MIO_DEBUG,1,[Define to 1 if you want to enable managed IO debug output.])
@@ -11,15 +11,51 @@
  # Two-step header checking.  First check for headers which don't
  # require any other headers.
  AC_HEADER_DIRENT
-@@ -406,9 +402,9 @@ if test "x-$want_ssl" != "x-no" ; then
-     fi
-     AC_CHECK_HEADERS(openssl/crypto.h)
-     if test "x-$ac_cv_header_openssl_crypto_h" = "x-yes" ; then
--        AC_CHECK_LIB(crypto, CRYPTO_lock)
+@@ -396,15 +392,39 @@ fi
+ #
+ # optional libs
+ 
+-# OpenSSL >= 1.0.2
+-AC_ARG_ENABLE(ssl, AC_HELP_STRING([--enable-ssl], [enable SSL/TLS support (yes)]), want_ssl=$enableval, want_ssl=yes)
+-AS_IF([test "x$want_ssl" = "xyes"], [
+-	PKG_CHECK_MODULES(SSL, openssl >= 1.0.2,
+-		have_ssl="yes"
++# OpenSSL >= 1.0.1
++AC_ARG_ENABLE(ssl, AC_HELP_STRING([--enable-ssl[=DIR]], [enable SSL/TLS support (yes)]), want_ssl=$enableval, want_ssl=yes)
++if test "x-$want_ssl" != "x-no" ; then
++    if test "x-$want_ssl" != "x-yes" ; then
++        CFLAGS="$CFLAGS -I$enableval/include" 
++        CPPFLAGS="$CPPFLAGS -I$enableval/include" 
++        LDFLAGS="$LDFLAGS -L$enableval/lib"
++    fi
++    AC_CHECK_HEADERS(openssl/crypto.h)
++    if test "x-$ac_cv_header_openssl_crypto_h" = "x-yes" ; then
 +        AC_CHECK_LIB(crypto, HMAC_Update)
-     fi
--    if test "x-$ac_cv_lib_crypto_CRYPTO_lock" = "x-yes" ; then
++    fi
 +    if test "x-$ac_cv_lib_crypto_HMAC_Update" = "x-yes" ; then
-         AC_CHECK_HEADERS(openssl/ssl.h)
-     fi
-     if test "x-$ac_cv_header_openssl_ssl_h" = "x-yes" ; then
++        AC_CHECK_HEADERS(openssl/ssl.h)
++    fi
++    if test "x-$ac_cv_header_openssl_ssl_h" = "x-yes" ; then
++        AC_CHECK_LIB(ssl, SSL_connect)
++    fi
++    if test "x-$ac_cv_lib_ssl_SSL_connect" = "x-yes" ; then
++        AC_MSG_CHECKING(for OpenSSL version >= 1.0.1)
++        AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <openssl/crypto.h>]],
++                                       [[return !(SSLeay() >= 0x010001000L)]])],
++                      [AC_MSG_RESULT(yes)
++                       have_openssl=yes],
++                      AC_MSG_RESULT(no))
++    fi
++    if test "x-$have_openssl" != "x-yes" ; then
++        AC_MSG_ERROR([OpenSSL >= 1.0.1 not found])
++    fi
++
+     AC_DEFINE(HAVE_SSL,1,[Define to 1 if OpenSSL is available.])
+-	)
+-])
+-AM_CONDITIONAL(HAVE_SSL, [test "x$have_ssl" = "xyes"])
++fi
++AM_CONDITIONAL(HAVE_SSL, [test "x-$have_openssl" = "x-yes"])
+ 
+ dnl Check for & handle argument to --with-zlib.
+ _cppflags=$CPPFLAGS
diff --git a/net-im/jabberd/files/patch-storage__authreg_ldapfull.c b/net-im/jabberd/files/patch-storage__authreg_ldapfull.c
index 205455fb5b98..523d0d821bb3 100644
--- a/net-im/jabberd/files/patch-storage__authreg_ldapfull.c
+++ b/net-im/jabberd/files/patch-storage__authreg_ldapfull.c
@@ -1,4 +1,4 @@
---- storage/authreg_ldapfull.c.orig	2016-05-03 18:51:56 UTC
+--- storage/authreg_ldapfull.c.orig	2018-11-01 20:14:26 UTC
 +++ storage/authreg_ldapfull.c
 @@ -29,6 +29,8 @@
   * !!! this blocks for every auth.
@@ -9,230 +9,3 @@
  #define _XOPEN_SOURCE 500	// need this to get crypt()
  #include "c2s.h"
  
-@@ -39,6 +41,7 @@
- 
- #ifdef HAVE_SSL
- #include <openssl/rand.h>
-+#include <openssl/evp.h>
- #endif
- 
- #include <lber.h>
-@@ -228,13 +231,18 @@ int _ldapfull_base64_decode( const char *src, const un
-     int rc, tlen = 0;
-     int i;
-     unsigned char *text;
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-     EVP_ENCODE_CTX EVP_ctx;
-+#else
-+    EVP_ENCODE_CTX *EVP_ctx;
-+#endif
- 
-     text = (unsigned char *)malloc(((strlen(src)+3)/4 * 3) + 1);
-     if (text == NULL) {
-         return 0;
-     }
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-     EVP_DecodeInit(&EVP_ctx);
-     rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (const unsigned char *)src, strlen(src));
-     if (rc < 0) {
-@@ -243,40 +251,69 @@ int _ldapfull_base64_decode( const char *src, const un
-     }
-     tlen+=i;
-     EVP_DecodeFinal(&EVP_ctx, (unsigned char*)text, &i);
-+#else
-+    EVP_ctx = EVP_ENCODE_CTX_new();
-+    EVP_DecodeInit(EVP_ctx);
-+    rc = EVP_DecodeUpdate(EVP_ctx, text, &i, (const unsigned char *)src, strlen(src));
-+    if (rc < 0) {
-+        free(text);
-+        EVP_ENCODE_CTX_free(EVP_ctx);
-+        return 0;
-+    }
-+    tlen+=i;
-+    EVP_DecodeFinal(EVP_ctx, (unsigned char*)text, &i);
-+#endif
- 
-     *ret = text;
-     if (rlen != NULL) {
-         *rlen = tlen;
-     }
- 
-+#if !(OPENSSL_VERSION_NUMBER < 0x10100005L)
-+    EVP_ENCODE_CTX_free(EVP_ctx);
-+#endif
-     return 1;
- }
- 
- static int _ldapfull_base64_encode( const unsigned char *src, int srclen, char **ret, int *rlen ) {
-     int tlen = 0;
-     unsigned char *text;
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-     EVP_ENCODE_CTX EVP_ctx;
-+#else
-+    EVP_ENCODE_CTX *EVP_ctx;
-+#endif
- 
-     text = (unsigned char *)malloc((srclen*4/3) + 1 );
-     if (text == NULL) {
-         return 0;
-     }
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-     EVP_EncodeInit(&EVP_ctx);
-     EVP_EncodeUpdate(&EVP_ctx, text, &tlen, src, srclen);
-     EVP_EncodeFinal(&EVP_ctx, text, &tlen);
-+#else
-+    EVP_ctx = EVP_ENCODE_CTX_new();
-+    EVP_EncodeInit(EVP_ctx);
-+    EVP_EncodeUpdate(EVP_ctx, text, &tlen, src, srclen);
-+    EVP_EncodeFinal(EVP_ctx, text, &tlen);
-+#endif
- 
-     *ret = (char*)text;
-     if (rlen != NULL) {
-         *rlen = tlen;
-     }
- 
-+#if !(OPENSSL_VERSION_NUMBER < 0x10100005L)
-+    EVP_ENCODE_CTX_free(EVP_ctx);
-+#endif
-     return 1;
- }
- 
- int _ldapfull_chk_hashed(moddata_t data, const char *scheme, int salted, const char *hash, const char *passwd) {
-     const unsigned char *bhash; // binary hash, will get it from base64
--    EVP_MD_CTX mdctx;
-+    EVP_MD_CTX *mdctx;
-     const EVP_MD *md;
-     unsigned char digest[EVP_MAX_MD_SIZE];
-     int bhlen, rc;
-@@ -289,22 +326,32 @@ int _ldapfull_chk_hashed(moddata_t data, const char *s
-         return 0;
-     }
- 
--    EVP_DigestInit(&mdctx, md);
--    EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-+    mdctx = EVP_MD_CTX_create();
-+#else
-+    mdctx = EVP_MD_CTX_new();
-+#endif
-+    EVP_DigestInit(mdctx, md);
-+    EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
-     if (salted) {
--        EVP_DigestUpdate(&mdctx, &bhash[EVP_MD_size(md)],
-+        EVP_DigestUpdate(mdctx, &bhash[EVP_MD_size(md)],
-                 bhlen - EVP_MD_size(md));
-     }
--    EVP_DigestFinal(&mdctx, digest, NULL);
-+    EVP_DigestFinal(mdctx, digest, NULL);
- 
-     rc = memcmp((char *)bhash, (char *)digest, EVP_MD_size(md));
-     free((void*)bhash);
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-+    EVP_MD_CTX_destroy(mdctx);
-+#else
-+    EVP_MD_CTX_free(mdctx);
-+#endif
-     return !rc;
- }
- 
- int _ldapfull_set_hashed(moddata_t data, const char *scheme, const char *prefix, int saltlen, const char *passwd, char *buf, int buflen) {
-     char *hash = 0; // base64 hash
--    EVP_MD_CTX mdctx;
-+    EVP_MD_CTX *mdctx;
-     const EVP_MD *md;
-     unsigned char *digest;
-     unsigned char *salt;
-@@ -316,30 +363,48 @@ int _ldapfull_set_hashed(moddata_t data, const char *s
-     if (!md) {
-         return 0;
-     }
--    EVP_DigestInit(&mdctx, md);
--    EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-+    mdctx = EVP_MD_CTX_create();
-+#else
-+    mdctx = EVP_MD_CTX_new();
-+#endif
-+    EVP_DigestInit(mdctx, md);
-+    EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
-     if (saltlen) {
-         salt = (unsigned char *)malloc(saltlen);
-         if( !salt ) {
--            EVP_MD_CTX_cleanup(&mdctx);
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-+            EVP_MD_CTX_destroy(mdctx);
-+#else
-+            EVP_MD_CTX_free(mdctx);
-+#endif
-             return 0;
-         }
-         if( !RAND_bytes(salt,saltlen) ) {
--            EVP_MD_CTX_cleanup(&mdctx);
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-+            EVP_MD_CTX_destroy(mdctx);
-+#else
-+            EVP_MD_CTX_free(mdctx);
-+#endif
-             free(salt);
-             return 0;
-         }
--        EVP_DigestUpdate(&mdctx, salt, saltlen);
-+        EVP_DigestUpdate(mdctx, salt, saltlen);
-     }
-     digest = (unsigned char *)malloc(EVP_MD_size(md) + saltlen);
-     if( !digest ) {
-         if (saltlen) {
-             free(salt);
-         }
--        EVP_MD_CTX_cleanup(&mdctx);
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-+        EVP_MD_CTX_destroy(mdctx);
-+#else
-+        EVP_MD_CTX_free(mdctx);
-+#endif
-         return 0;
-     }
--    EVP_DigestFinal(&mdctx, digest, &dlen);
-+    EVP_DigestFinal(mdctx, digest, &dlen);
- 
-     memcpy(digest+dlen,salt,saltlen);
-     if (saltlen) {
-@@ -352,6 +417,11 @@ int _ldapfull_set_hashed(moddata_t data, const char *s
-     free(digest);
-     if( !rc ) {
-         free(hash);
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-+        EVP_MD_CTX_destroy(mdctx);
-+#else
-+        EVP_MD_CTX_free(mdctx);
-+#endif
-         return 0;
-     }
- 
-@@ -359,12 +429,22 @@ int _ldapfull_set_hashed(moddata_t data, const char *s
-     if( hlen + plen >= buflen ) {
-         log_write(data->ar->c2s->log,LOG_ERR,"_ldapfull_set_hashed: buffer is too short (%i bytes)",buflen);
-         free(hash);
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-+        EVP_MD_CTX_destroy(mdctx);
-+#else
-+        EVP_MD_CTX_free(mdctx);
-+#endif
-         return 0;
-     }
-     memcpy(buf,prefix,plen);
-     memcpy(buf+plen,hash,hlen);
-     buf[hlen+plen]='\0';
-     free(hash);
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-+    EVP_MD_CTX_destroy(mdctx);
-+#else
-+    EVP_MD_CTX_free(mdctx);
-+#endif
- 
-     return 1;
- }
diff --git a/net-im/jabberd/files/patch-storage__authreg_mysql.c b/net-im/jabberd/files/patch-storage__authreg_mysql.c
index 1edf61bf7cf6..804b657ae5ac 100644
--- a/net-im/jabberd/files/patch-storage__authreg_mysql.c
+++ b/net-im/jabberd/files/patch-storage__authreg_mysql.c
@@ -1,29 +1,11 @@
---- storage/authreg_mysql.c.orig	2016-05-22 15:52:07 UTC
+--- storage/authreg_mysql.c.orig	2018-11-02 00:09:16 UTC
 +++ storage/authreg_mysql.c
-@@ -487,6 +487,8 @@ DLLEXPORT int ar_init(authreg_t ar) {
-     MYSQL *conn;
-     mysqlcontext_t mysqlcontext;
-     int fail = 0;
-+    /* enable reconnect */
-+    my_bool reconnect= 1;
+@@ -20,6 +20,8 @@
  
-     /* configure the database context with field names and SQL statements */
-     mysqlcontext = (mysqlcontext_t) malloc( sizeof( struct mysqlcontext_st ) );
-@@ -618,6 +620,7 @@ DLLEXPORT int ar_init(authreg_t ar) {
+ /* this module talks to a MySQL server via libmysqlclient */
  
-     mysql_options(conn, MYSQL_READ_DEFAULT_GROUP, "jabberd");
-     mysql_options(conn, MYSQL_SET_CHARSET_NAME, "utf8");
-+    mysql_options(conn, MYSQL_OPT_RECONNECT, (void *)&reconnect);
- 
-     /* connect with CLIENT_INTERACTIVE to get a (possibly) higher timeout value than default */
-     if(mysql_real_connect(conn, host, user, pass, dbname, atoi(port), NULL, CLIENT_INTERACTIVE) == NULL) {
-@@ -626,9 +629,6 @@ DLLEXPORT int ar_init(authreg_t ar) {
-     }
- 
-     mysql_query(conn, "SET NAMES 'utf8'");
--
--    /* Set reconnect flag to 1 (set to 0 by default from mysql 5 on) */
--    conn->reconnect = 1;
- 
-     ar->user_exists = _ar_mysql_user_exists;
-     if (MPC_PLAIN == mysqlcontext->password_type) {
++#include <stdio.h>
++
+ #define _XOPEN_SOURCE 500
+ #include "c2s.h"
+ #include <mysql.h>
diff --git a/net-im/jabberd/files/patch-sx__ssl.c b/net-im/jabberd/files/patch-sx__ssl.c
deleted file mode 100644
index cd733c4ed89c..000000000000
--- a/net-im/jabberd/files/patch-sx__ssl.c
+++ /dev/null
@@ -1,115 +0,0 @@
---- sx/ssl.c.orig	2016-05-22 16:19:36 UTC
-+++ sx/ssl.c
-@@ -70,7 +70,7 @@ static int _sx_ssl_verify_callback(int preverify_ok, X
-      */
-     if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
-     {
--      X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
-+      X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256);
-       _sx_debug(ZONE, "issuer= %s\n", buf);
-     }
- 
-@@ -115,12 +115,27 @@ static DH *sx_ssl_make_dh_params(BIGNUM *(*const get_p
-     if (!dh)
-         return NULL;
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-     dh->p = get_prime(NULL);
-     BN_dec2bn(&dh->g, gen);
-     if (!dh->p || !dh->g) {
-         DH_free(dh);
-         return NULL;
-     }
-+#else
-+    {
-+        BIGNUM *p, *g = NULL;
-+        p = get_prime(NULL);
-+        BN_dec2bn(&g, gen);
-+
-+        if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) {
-+            DH_free(dh);
-+            BN_free(p);
-+            BN_free(g);
-+            return NULL;
-+        }
-+    }
-+#endif
-     return dh;
- }
- 
-@@ -134,7 +149,7 @@ static void sx_ssl_free_dh_params(void) {
- 
- static DH *_sx_ssl_tmp_dh_callback(SSL *ssl, int export, int keylen) {
-     EVP_PKEY *pkey = SSL_get_privatekey(ssl);
--    int type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
-+    int type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
-     unsigned i;
- 
-     if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA)
-@@ -351,7 +366,11 @@ static void _sx_ssl_get_external_id(sx_t s, _sx_ssl_co
-             } else if (altname->type == GEN_DNS) {
-                 len = ASN1_STRING_length(altname->d.dNSName);
-                 sc->external_id[id] = (char *) malloc(sizeof(char) *  (len + 1));
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-                 memcpy(sc->external_id[id], ASN1_STRING_data(altname->d.dNSName), len);
-+#else
-+                memcpy(sc->external_id[id], ASN1_STRING_get0_data(altname->d.dNSName), len);
-+#endif
-                 sc->external_id[id][len] = '\0'; // just to make sure
-                 _sx_debug(ZONE, "external_id: Found(%d) subjectAltName/dNSName: '%s'", id, sc->external_id[id]);
-                 id++;
-@@ -728,11 +747,15 @@ static void _sx_ssl_client(sx_t s, sx_plugin_t p) {
-     SSL_set_bio(sc->ssl, sc->rbio, sc->wbio);
-     SSL_set_connect_state(sc->ssl);
-     SSL_set_options(sc->ssl, SSL_OP_NO_TICKET);
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
- #ifdef ENABLE_EXPERIMENTAL
-     SSL_set_ssl_method(sc->ssl, TLSv1_2_client_method());
- #else
-     SSL_set_ssl_method(sc->ssl, TLSv1_client_method());
- #endif
-+#else
-+    SSL_set_ssl_method(sc->ssl, TLS_client_method());
-+#endif
- 
-     /* empty external_id */
-     for (i = 0; i < SX_CONN_EXTERNAL_ID_MAX_COUNT; i++)
-@@ -761,8 +784,8 @@ static void _sx_ssl_client(sx_t s, sx_plugin_t p) {
-         }
- 
-         /* set callback giving a password for pemfile */
--        SSL_CTX_set_default_passwd_cb_userdata(sc->ssl->ctx, (void *)pemfile_password);
--        SSL_CTX_set_default_passwd_cb(sc->ssl->ctx, &_sx_pem_passwd_callback);
-+        SSL_CTX_set_default_passwd_cb_userdata(ctx, (void *)pemfile_password);
-+        SSL_CTX_set_default_passwd_cb(ctx, &_sx_pem_passwd_callback);
- 
-         /* load the private key */
-         ret = SSL_use_PrivateKey_file(sc->ssl, pemfile, SSL_FILETYPE_PEM);
-@@ -977,11 +1000,15 @@ int sx_ssl_server_addcert(sx_plugin_t p, const char *n
-     ERR_clear_error();
- 
-     /* create the context */
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
- #ifdef ENABLE_EXPERIMENTAL
-     ctx = SSL_CTX_new(TLSv1_2_method());
- #else
-     ctx = SSL_CTX_new(SSLv23_method());
- #endif
-+#else
-+    ctx = SSL_CTX_new(TLS_method());
-+#endif
-     if(ctx == NULL) {
-         _sx_debug(ZONE, "ssl context creation failed; %s", ERR_error_string(ERR_get_error(), NULL));
-         return 1;
-@@ -1063,7 +1090,11 @@ int sx_ssl_server_addcert(sx_plugin_t p, const char *n
-     /* try to read DH params from pem file */
-     if((dhparams = sx_ssl_get_DHparams(pemfile))) {
-         SSL_CTX_set_tmp_dh(ctx, dhparams);
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-         _sx_debug(ZONE, "custom DH parameters loaded from certificate", BN_num_bits(dhparams->p));
-+#else
-+        _sx_debug(ZONE, "custom DH parameters loaded from certificate", DH_bits(dhparams));
-+#endif
-     }
- 
-     /* try to read ECDH params from pem file */