net/relayd: Update to 7.3.2023.05.09-p2

This version is in sync with the relayd version present in the OpenBSD
main branch as of 2023.05.09.

While here:

- Switch to a new repository where FreeBSD relayd is now maintained.
  This is where we moved many of the port's patches to clean up the
  files/ directory.
- Take maintainership as agreed via email with the current maintainer.

Sponsored by:	Modirum MDPay
Sponsored by:	Klara, Inc.
Co-authored-by:	Dave Cottlehuber <dch@FreeBSD.org>

net/relayd/Makefile

@@ -1,57 +1,54 @@
 PORTNAME=	relayd
-PORTVERSION=	5.5.20140810
-PORTREVISION=	8
+DISTVERSION=	7.3.2023.05.09-p2
 CATEGORIES=	net
+MASTER_SITES=	https://github.com/KlaraSystems/freebsd-relayd/releases/download/${DISTVERSION}/
 
-MAINTAINER=	koue@chaosophia.net
+MAINTAINER=	0mp@FreeBSD.org
 COMMENT=	OpenBSD relay daemon
-WWW=		https://github.com/mmatuska/relayd
+WWW=		https://github.com/KlaraSystems/freebsd-relayd
 
 LICENSE=	ISCL
 
-BROKEN=		fails to build
-
 USES=		ssl uidfix
-BROKEN_SSL=	openssl30 openssl31
-BROKEN_SSL_REASON=	Fails to build with OpenSSL 3.0.0 and later
-USE_GITHUB=	yes
-GH_ACCOUNT=	mmatuska
-
 USE_RC_SUBR=	relayd
-MAKE_ARGS+=	BINDIR=${PREFIX}/sbin \
-		MANDIR=${PREFIX}/man/man
 
-CFLAGS+=	-Wall
-
-WRKSRC_SUBDIR=	src/usr.sbin
+HAS_CONFIGURE=	yes
 
 USERS=		_relayd
 GROUPS=		_relayd
 
-post-install:
-	${INSTALL_DATA} ${WRKSRC}/../etc/relayd.conf \
-		${STAGEDIR}${PREFIX}/etc/relayd.conf.sample
-
 .include <bsd.port.pre.mk>
 
-.if ! ${SSL_DEFAULT:Mlibressl*}
+.if !${SSL_DEFAULT:Mlibressl*}
+_LIBRESSL_ORIGIN=	security/libressl
 . ifnmake describe
-STAGEDIR_libressl!=	${MAKE} -V STAGEDIR -C ${PORTSDIR}/security/libressl
+STAGEDIR_libressl!=	${MAKE} -V STAGEDIR -C ${PORTSDIR}/${_LIBRESSL_ORIGIN}
 . endif
-BUILD_DEPENDS+=	${NONEXISTENT}:security/libressl:stage
+BUILD_DEPENDS+=		${NONEXISTENT}:${_LIBRESSL_ORIGIN}:stage
 .endif # SSL_DEFAULT
 
-CFLAGS+=	-I${STAGEDIR_libressl}${LOCALBASE}/include
+MAKE_ENV=	LIBCRYPTO=${STAGEDIR_libressl}${LOCALBASE}/lib/libcrypto.a \
+		LIBSSL=${STAGEDIR_libressl}${LOCALBASE}/lib/libssl.a \
+		LIBTLS=${STAGEDIR_libressl}${LOCALBASE}/lib/libtls.a \
+		OPENSSLINCDIR=${STAGEDIR_libressl}${LOCALBASE}/include
 
-post-configure:
+post-patch:
 	${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|g' \
-		${WRKSRC}/relayd/relay.c \
-		${WRKSRC}/relayd/relayd.h \
-		${WRKSRC}/relayd/relayd.conf.5 \
-		${WRKSRC}/relayd/relayd.8
-	${REINPLACE_CMD} 's|-lssl|${STAGEDIR_libressl}${LOCALBASE}/lib/libssl.a|g' \
-		 ${WRKSRC}/relayd/Makefile
-	${REINPLACE_CMD} 's|-lcrypto|${STAGEDIR_libressl}${LOCALBASE}/lib/libcrypto.a|g' \
-		${WRKSRC}/relayd/Makefile
+		${WRKSRC}/usr.sbin/relayd/relayd.conf.5 \
+		${WRKSRC}/usr.sbin/relayd/relayd.8
+
+do-install:
+	${INSTALL_DATA} ${WRKSRC}/etc/examples/relayd.conf \
+		${STAGEDIR}${PREFIX}/etc/relayd.conf.sample
+	${INSTALL_MAN} ${WRKSRC}/usr.sbin/relayctl/relayctl.8 \
+		${STAGEDIR}${MANPREFIX}/man/man8/
+	${INSTALL_MAN} ${WRKSRC}/usr.sbin/relayd/relayd.8 \
+		${STAGEDIR}${MANPREFIX}/man/man8/
+	${INSTALL_MAN} ${WRKSRC}/usr.sbin/relayd/relayd.conf.5 \
+		${STAGEDIR}${MANPREFIX}/man/man5/
+	${INSTALL_PROGRAM} ${WRKSRC}/usr.sbin/relayctl/relayctl \
+		${STAGEDIR}${PREFIX}/sbin/
+	${INSTALL_PROGRAM} ${WRKSRC}/usr.sbin/relayd/relayd \
+		${STAGEDIR}${PREFIX}/sbin/
 
 .include <bsd.port.post.mk>

net/relayd/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1557969145
-SHA256 (mmatuska-relayd-5.5.20140810_GH0.tar.gz) = 7acde883a8ee35b65dd58ac56d344f374eb15755bfb27310ce2c0bc6ebe87588
-SIZE (mmatuska-relayd-5.5.20140810_GH0.tar.gz) = 179424
+TIMESTAMP = 1686938968
+SHA256 (relayd-7.3.2023.05.09-p2.tar.gz) = c1bcd2cf6bdbbc32b776e8b73832a63923db4c0702c1a1f85868cff9777685f7
+SIZE (relayd-7.3.2023.05.09-p2.tar.gz) = 1308160

net/relayd/files/patch-relayd_Makefile

@@ -1,12 +0,0 @@
---- relayd/Makefile.orig	2014-08-10 20:08:47 UTC
-+++ relayd/Makefile
-@@ -28,8 +28,7 @@ SRCS+=	parse.y \
- 	relay_udp.c \
- 	relayd.c \
- 	shuffle.c \
--	ssl.c \
--	ssl_privsep.c
-+	ssl.c
- 
- .PATH:	${.CURDIR}/../../../libevent
- SRCS+=	buffer.c \

net/relayd/files/patch-relayd_parse.y

@@ -1,11 +0,0 @@
---- relayd/parse.y.orig	2014-08-10 20:08:47 UTC
-+++ relayd/parse.y
-@@ -55,6 +55,8 @@
- 
- #include <openssl/ssl.h>
- 
-+#define IN_MAIN
-+  
- #include "relayd.h"
- #include "http.h"
- // FreeBSD #include "snmp.h"

net/relayd/files/patch-relayd_relay.c

@@ -1,49 +0,0 @@
---- relayd/relay.c.orig	2014-08-10 20:08:47 UTC
-+++ relayd/relay.c
-@@ -2097,7 +2097,7 @@ relay_ssl_ctx_create(struct relay *rlay)
- 	/* Verify the server certificate if we have a CA chain */
- 	if ((rlay->rl_conf.flags & F_SSLCLIENT) &&
- 	    (rlay->rl_ssl_ca != NULL)) {
--		if (!ssl_ctx_load_verify_memory(ctx,
-+		if (!SSL_CTX_load_verify_mem(ctx,
- 		    rlay->rl_ssl_ca, rlay->rl_conf.ssl_ca_len))
- 			goto err;
- 		SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
-@@ -2107,7 +2107,7 @@ relay_ssl_ctx_create(struct relay *rlay)
- 		return (ctx);
- 
- 	log_debug("%s: loading certificate", __func__);
--	if (!ssl_ctx_use_certificate_chain(ctx,
-+	if (!SSL_CTX_use_certificate_chain_mem(ctx,
- 	    rlay->rl_ssl_cert, rlay->rl_conf.ssl_cert_len))
- 		goto err;
- 
-@@ -2716,12 +2716,12 @@ relay_load_certfiles(struct relay *rlay)
- 		return (-1);
- 
- 	if (snprintf(certfile, sizeof(certfile),
--	    "/usr/local/etc/ssl/%s:%u.crt", hbuf, useport) == -1)
-+	    "%%PREFIX%%/etc/ssl/%s:%u.crt", hbuf, useport) == -1)
- 		return (-1);
- 	if ((rlay->rl_ssl_cert = relay_load_file(certfile,
- 	    &rlay->rl_conf.ssl_cert_len)) == NULL) {
- 		if (snprintf(certfile, sizeof(certfile),
--		    "/usr/local/etc/ssl/%s.crt", hbuf) == -1)
-+		    "%%PREFIX%%/etc/ssl/%s.crt", hbuf) == -1)
- 			return (-1);
- 		if ((rlay->rl_ssl_cert = relay_load_file(certfile,
- 		    &rlay->rl_conf.ssl_cert_len)) == NULL)
-@@ -2732,11 +2732,11 @@ relay_load_certfiles(struct relay *rlay)
- 
- 	if (useport) {
- 		if (snprintf(certfile, sizeof(certfile),
--		    "/usr/local/etc/ssl/private/%s:%u.key", hbuf, useport) == -1)
-+		    "%%PREFIX%%/etc/ssl/private/%s:%u.key", hbuf, useport) == -1)
- 			return -1;
- 	} else {
- 		if (snprintf(certfile, sizeof(certfile),
--		    "/usr/local/etc/ssl/private/%s.key", hbuf) == -1)
-+		    "%%PREFIX%%/etc/ssl/private/%s.key", hbuf) == -1)
- 			return -1;
- 	}
- 	if ((rlay->rl_ssl_key = ssl_load_key(env, certfile,

net/relayd/files/patch-relayd_relayd.8

@@ -1,20 +0,0 @@
---- relayd/relayd.8.orig	2014-08-10 20:08:47 UTC
-+++ relayd/relayd.8
-@@ -114,7 +114,7 @@ will run in the foreground and log to
- .It Fl f Ar file
- Specify an alternative configuration file.
- The default is
--.Pa /usr/local/etc/relayd.conf .
-+.Pa %%PREFIX%%/etc/relayd.conf .
- .It Fl n
- Configtest mode.
- Only check the configuration file for validity.
-@@ -123,7 +123,7 @@ Produce more verbose output.
- .El
- .Sh FILES
- .Bl -tag -width "/var/run/relayd.sockXX" -compact
--.It /usr/local/etc/relayd.conf
-+.It %%PREFIX%%/etc/relayd.conf
- Default configuration file.
- .It /var/run/relayd.sock
- .Ux Ns -domain

net/relayd/files/patch-relayd_relayd.c

@@ -1,12 +0,0 @@
---- relayd/relayd.c.orig	2014-08-10 20:08:47 UTC
-+++ relayd/relayd.c
-@@ -241,8 +241,7 @@ main(int argc, char *argv[])
- 		log_info("startup");
- 
- #ifdef __FreeBSD__
--#if __FreeBSD_version > 800040
--	arc4random_stir();
-+#if __FreeBSD_version > 1000002
- 	arc4random_buf(rnd, sizeof(rnd));
- 	RAND_seed(rnd, sizeof(rnd));
- #else

net/relayd/files/patch-relayd_relayd.conf.5

@@ -1,88 +0,0 @@
---- relayd/relayd.conf.5.orig	2014-08-10 20:08:47 UTC
-+++ relayd/relayd.conf.5
-@@ -90,7 +90,7 @@ Additional configuration files can be included with th
- .Ic include
- keyword, for example:
- .Bd -literal -offset indent
--include "/usr/local/etc/relayd.conf.local"
-+include "%%PREFIX%%/etc/relayd.conf.local"
- .Ed
- .Sh MACROS
- Macros can be defined that will later be expanded in context.
-@@ -304,7 +304,7 @@ Execute an external program to check the host state.
- The program will be executed for each host by specifying the hostname
- on the command line:
- .Bd -literal -offset indent
--/usr/local/bin/checkload.pl front-www1.private.example.com
-+%%PREFIX%%/bin/checkload.pl front-www1.private.example.com
- .Ed
- .Pp
- .Xr relayd 8
-@@ -624,18 +624,18 @@ If the
- keyword is present, the relay will accept connections using the
- encrypted SSL protocol.
- The relay will attempt to look up a private key in
--.Pa /usr/local/etc/ssl/private/address:port.key
-+.Pa %%PREFIX%%/etc/ssl/private/address:port.key
- and a public certificate in
--.Pa /usr/local/etc/ssl/address:port.crt ,
-+.Pa %%PREFIX%%/etc/ssl/address:port.crt ,
- where
- .Ar address
- is the specified IP address and
- .Ar port
- is the specified port that the relay listens on.
- If these files are not present, the relay will continue to look in
--.Pa /usr/local/etc/ssl/private/address.key
-+.Pa %%PREFIX%%/etc/ssl/private/address.key
- and
--.Pa /usr/local/etc/ssl/address.crt .
-+.Pa %%PREFIX%%/etc/ssl/address.crt .
- See
- .Xr ssl 8
- for details about SSL server certificates.
-@@ -1256,18 +1256,18 @@ as detailed for the
- directive above.
- .El
- .Sh FILES
--.Bl -tag -width "/usr/local/etc/ssl/private/address.keyXX" -compact
--.It Pa /usr/local/etc/relayd.conf
-+.Bl -tag -width "%%PREFIX%%/etc/ssl/private/address.keyXX" -compact
-+.It Pa %%PREFIX%%/etc/relayd.conf
- .Xr relayd 8
- configuration file.
- .Pp
- .It Pa /etc/services
- Service name database.
- .Pp
--.It Pa /usr/local/etc/ssl/address.crt
--.It Pa /usr/local/etc/ssl/address:port.crt
--.It Pa /usr/local/etc/ssl/private/address.key
--.It Pa /usr/local/etc/ssl/private/address:port.key
-+.It Pa %%PREFIX%%/etc/ssl/address.crt
-+.It Pa %%PREFIX%%/etc/ssl/address:port.crt
-+.It Pa %%PREFIX%%/etc/ssl/private/address.key
-+.It Pa %%PREFIX%%/etc/ssl/private/address:port.key
- Location of the relay SSL server certificates, where
- .Ar address
- is the configured IP address
-@@ -1275,7 +1275,7 @@ and
- .Ar port
- is the configured port number of the relay.
- .Pp
--.It Pa /usr/local/etc/ssl/cert.pem
-+.It Pa %%PREFIX%%/etc/ssl/cert.pem
- Default location of the CA bundle that can be used with
- .Xr relayd 8 .
- .El
-@@ -1383,8 +1383,8 @@ section.
- To start, first generate a new local CA key and certificate:
- .Bd -literal -offset indent
- # openssl req -x509 -days 365 -newkey rsa:2048 \e
--	-keyout /usr/local/etc/ssl/private/ca.key \e
--	-out /usr/local/etc/etc/ssl/ca.crt
-+	-keyout %%PREFIX%%/etc/ssl/private/ca.key \e
-+	-out %%PREFIX%%/etc/etc/ssl/ca.crt
- .Ed
- .Pp
- An SSL server key and self-signed cert for 127.0.0.1 are also required;

net/relayd/files/patch-relayd_relayd.h

@@ -1,62 +0,0 @@
---- relayd/relayd.h.orig	2014-08-10 20:08:47 UTC
-+++ relayd/relayd.h
-@@ -21,6 +21,12 @@
- #ifndef _RELAYD_H
- #define _RELAYD_H
- 
-+#ifdef IN_MAIN
-+#define EXTERN
-+#else
-+#define EXTERN extern
-+#endif
-+
- #include <sys/tree.h>
- 
- #include <sys/param.h>		/* MAXHOSTNAMELEN */
-@@ -34,7 +40,7 @@
- #include <imsg.h>
- 
- #ifdef __FreeBSD__
--#define	CONF_FILE		"/usr/local/etc/relayd.conf"
-+#define	CONF_FILE		"%%PREFIX%%/etc/relayd.conf"
- #else
- #define CONF_FILE		"/etc/relayd.conf"
- #endif
-@@ -867,11 +873,13 @@ struct control_sock {
- };
- TAILQ_HEAD(control_socks, control_sock);
- 
--struct {
-+struct control_state {
- 	struct event	 ev;
- 	int		 fd;
--} control_state;
-+};
- 
-+EXTERN struct control_state control_state;
-+
- enum blockmodes {
- 	BM_NORMAL,
- 	BM_NONBLOCK
-@@ -978,7 +986,9 @@ enum privsep_procid {
- 	PROC_PFE,
- 	PROC_CA,
- 	PROC_MAX
--} privsep_process;
-+};
-+
-+EXTERN enum privsep_procid privsep_process;
- 
- /* Attach the control socket to the following process */
- #define PROC_CONTROL	PROC_PFE
-@@ -1242,10 +1252,6 @@ int	 ssl_load_pkey(const void *, size_t, char *, off_t
- 	    X509 **, EVP_PKEY **);
- int	 ssl_ctx_fake_private_key(SSL_CTX *, const void *, size_t,
- 	    char *, off_t, X509 **, EVP_PKEY **);
--
--/* ssl_privsep.c */
--int	 ssl_ctx_use_certificate_chain(SSL_CTX *, char *, off_t);
--int	 ssl_ctx_load_verify_memory(SSL_CTX *, char *, off_t);
- 
- /* ca.c */
- pid_t	 ca(struct privsep *, struct privsep_proc *);