diff options
| author | Bernard Spil <brnrd@FreeBSD.org> | 2017-05-25 18:53:09 +0000 |
|---|---|---|
| committer | Bernard Spil <brnrd@FreeBSD.org> | 2017-05-25 18:53:09 +0000 |
| commit | edbc45bca367704d4a3b3eac83c6d94ca09c82cd (patch) | |
| tree | 29d7c734b45c51e5fecd607a2d1a0feffaf11a9a /security/openssl | |
| parent | Disable LLDB on FreeBSD 10. (diff) | |
security/openssl: Update to 1.0.2l
- Bugfix update to 1.0.2l
- Fix PADLOCK option
- Build failure -Wunused-function
- Properly disable with configure
- Strip patch-version from DIST_SUBDIR, reduce dirs
- Remove unneeded testssl patch, dtls tests are OK
- Add new WITHOUT_SSL3 testssl extra-patch
- Remove md5 patch (inconsistent output)
- Remove openbsd_hw.c patch (not compiled)
- Remove srtp patch (upstream fixed)
- Fix plist
Notes
Notes:
svn path=/head/; revision=441709
Diffstat (limited to 'security/openssl')
| -rw-r--r-- | security/openssl/Makefile | 15 | ||||
| -rw-r--r-- | security/openssl/distinfo | 22 | ||||
| -rw-r--r-- | security/openssl/files/extra-patch-test_testssl | 15 | ||||
| -rw-r--r-- | security/openssl/files/patch-md5.c | 11 | ||||
| -rw-r--r-- | security/openssl/files/patch-openbsd__hw.c | 14 | ||||
| -rw-r--r-- | security/openssl/files/patch-srtp.h | 10 | ||||
| -rw-r--r-- | security/openssl/files/patch-testssl | 39 | ||||
| -rw-r--r-- | security/openssl/pkg-plist | 5 |
8 files changed, 43 insertions, 88 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 552512f33abd..a807a6f1c57c 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -2,13 +2,12 @@ # $FreeBSD$ PORTNAME= openssl -PORTVERSION= 1.0.2k -PORTREVISION= 1 +PORTVERSION= 1.0.2l PORTEPOCH= 1 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/source/ \ ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/ -DIST_SUBDIR= ${DISTNAME} +DIST_SUBDIR= ${DISTNAME:C/[a-z]$//} MAINTAINER= brnrd@FreeBSD.org COMMENT= SSL and crypto library @@ -74,6 +73,8 @@ EC_CONFIGURE_OFF= no-ec_nistp_64_gcc_128 I386_CONFIGURE_ON= 386 MD2_CONFIGURE_ON= enable-md2 MD2_CONFIGURE_OFF= no-md2 +PADLOCK_CFLAGS= -Wno-unused-function +PADLOCK_CONFIGURE_OFF= no-padlock PADLOCK_PATCH_SITES= http://git.alpinelinux.org/cgit/aports/plain/main/openssl/:padlock PADLOCK_PATCHFILES= 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch:padlock \ 1002-backport-changes-from-upstream-padlock-module.patch:padlock \ @@ -95,11 +96,14 @@ SSL2_CONFIGURE_ON= enable-ssl2 SSL2_CONFIGURE_OFF= no-ssl2 SSL3_CONFIGURE_ON= enable-ssl3 SSL3_CONFIGURE_OFF= no-ssl3 no-ssl3-method +SSL3_EXTRA_PATCHES_OFF= ${PATCHDIR}/extra-patch-test_testssl THREADS_CONFIGURE_ON= threads THREADS_CONFIGURE_OFF= no-threads ZLIB_CONFIGURE_ON= zlib zlib-dynamic ZLIB_CONFIGURE_OFF= no-zlib no-zlib-dynamic +CFLAGS+= -Werror -Qunused-arguments + .include <bsd.port.pre.mk> .if ${PREFIX} == /usr @@ -153,8 +157,13 @@ post-configure: post-install-SHARED-on: .for i in libcrypto libssl ${INSTALL_DATA} ${WRKSRC}/$i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/$i.so.${OPENSSL_SHLIBVER} ${LN} -sf $i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib/$i.so .endfor + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl +.for i in 4758cca aep atalla capi chil cswift gmp gost nuron padlock sureware ubsec + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/engines/lib${i}.so +.endfor post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR} diff --git a/security/openssl/distinfo b/security/openssl/distinfo index c07910a0f3d0..e2f314cc429b 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,11 +1,11 @@ -TIMESTAMP = 1485440434 -SHA256 (openssl-1.0.2k/openssl-1.0.2k.tar.gz) = 6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 -SIZE (openssl-1.0.2k/openssl-1.0.2k.tar.gz) = 5309236 -SHA256 (openssl-1.0.2k/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 2eddcb7ab342285cb637ce6b6be143cca835f449f35dd9bb8c7b9167ba2117a7 -SIZE (openssl-1.0.2k/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 3717 -SHA256 (openssl-1.0.2k/1002-backport-changes-from-upstream-padlock-module.patch) = aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260 -SIZE (openssl-1.0.2k/1002-backport-changes-from-upstream-padlock-module.patch) = 5770 -SHA256 (openssl-1.0.2k/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea -SIZE (openssl-1.0.2k/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = 20935 -SHA256 (openssl-1.0.2k/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 97eb4411d0fc0890e94bc7c2d682f68b71135da782af769ca73914b37da2b1fd -SIZE (openssl-1.0.2k/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 832 +TIMESTAMP = 1495727915 +SHA256 (openssl-1.0.2l/openssl-1.0.2l.tar.gz) = ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c +SIZE (openssl-1.0.2l/openssl-1.0.2l.tar.gz) = 5365054 +SHA256 (openssl-1.0.2l/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 2eddcb7ab342285cb637ce6b6be143cca835f449f35dd9bb8c7b9167ba2117a7 +SIZE (openssl-1.0.2l/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 3717 +SHA256 (openssl-1.0.2l/1002-backport-changes-from-upstream-padlock-module.patch) = aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260 +SIZE (openssl-1.0.2l/1002-backport-changes-from-upstream-padlock-module.patch) = 5770 +SHA256 (openssl-1.0.2l/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea +SIZE (openssl-1.0.2l/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = 20935 +SHA256 (openssl-1.0.2l/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 97eb4411d0fc0890e94bc7c2d682f68b71135da782af769ca73914b37da2b1fd +SIZE (openssl-1.0.2l/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 832 diff --git a/security/openssl/files/extra-patch-test_testssl b/security/openssl/files/extra-patch-test_testssl new file mode 100644 index 000000000000..3fc5d7945116 --- /dev/null +++ b/security/openssl/files/extra-patch-test_testssl @@ -0,0 +1,15 @@ +Disable SSLv3 test when built without SSL3 option disabled + + - Test for weak DH fails when enabled + +--- test/testssl.orig 2017-04-27 12:23:44 UTC ++++ test/testssl +@@ -160,7 +160,7 @@ test_cipher() { + } + set -x + echo "Testing ciphersuites" +-for protocol in TLSv1.2 SSLv3; do ++for protocol in TLSv1.2; do + echo "Testing ciphersuites for $protocol" + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do + test_cipher $cipher $protocol diff --git a/security/openssl/files/patch-md5.c b/security/openssl/files/patch-md5.c deleted file mode 100644 index 9626aa87b79d..000000000000 --- a/security/openssl/files/patch-md5.c +++ /dev/null @@ -1,11 +0,0 @@ ---- crypto/md5/md5.c.orig 2015-01-22 15:58:32.000000000 +0100 -+++ crypto/md5/md5.c 2015-03-10 07:02:19.000000000 +0100 -@@ -83,7 +83,7 @@ - err++; - continue; - } -- printf("MD5(%s)= ", argv[i]); -+ printf("MD5 (%s) = ", argv[i]); - do_fp(IN); - fclose(IN); - } diff --git a/security/openssl/files/patch-openbsd__hw.c b/security/openssl/files/patch-openbsd__hw.c deleted file mode 100644 index 3c27d43b6f66..000000000000 --- a/security/openssl/files/patch-openbsd__hw.c +++ /dev/null @@ -1,14 +0,0 @@ ---- crypto/evp/openbsd_hw.c.orig 2015-01-22 15:58:32.000000000 +0100 -+++ crypto/evp/openbsd_hw.c 2015-03-10 07:08:45.000000000 +0100 -@@ -108,7 +108,10 @@ - dev_failed = 1; - return 0; - } -- close(cryptodev_fd); -+ if (fd == -1) -+ fd = cryptodev_fd; -+ else -+ close(cryptodev_fd); - } - assert(ses); - memset(ses, '\0', sizeof *ses); diff --git a/security/openssl/files/patch-srtp.h b/security/openssl/files/patch-srtp.h deleted file mode 100644 index cdfd02672b21..000000000000 --- a/security/openssl/files/patch-srtp.h +++ /dev/null @@ -1,10 +0,0 @@ ---- ssl/srtp.h.orig 2015-03-19 14:30:36.000000000 +0100 -+++ ssl/srtp.h 2015-03-19 21:12:51.000000000 +0100 -@@ -136,7 +136,6 @@ - int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); - - STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); --SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); - - # endif - diff --git a/security/openssl/files/patch-testssl b/security/openssl/files/patch-testssl deleted file mode 100644 index 11340ffb9091..000000000000 --- a/security/openssl/files/patch-testssl +++ /dev/null @@ -1,39 +0,0 @@ ---- test/testssl.orig 2015-06-11 15:50:11.000000000 +0200 -+++ test/testssl 2015-06-12 13:43:32.000000000 +0200 -@@ -102,28 +102,28 @@ - $ssltest $extra || exit 1 - - echo test dtlsv1 --$ssltest -dtls1 $extra || exit 1 -+#$ssltest -dtls1 $extra || exit 1 - - echo test dtlsv1 with server authentication --$ssltest -dtls1 -server_auth $CA $extra || exit 1 -+#$ssltest -dtls1 -server_auth $CA $extra || exit 1 - - echo test dtlsv1 with client authentication --$ssltest -dtls1 -client_auth $CA $extra || exit 1 -+#$ssltest -dtls1 -client_auth $CA $extra || exit 1 - - echo test dtlsv1 with both client and server authentication --$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1 -+#$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1 - - echo test dtlsv1.2 --$ssltest -dtls12 $extra || exit 1 -+#$ssltest -dtls12 $extra || exit 1 - - echo test dtlsv1.2 with server authentication --$ssltest -dtls12 -server_auth $CA $extra || exit 1 -+#$ssltest -dtls12 -server_auth $CA $extra || exit 1 - - echo test dtlsv1.2 with client authentication --$ssltest -dtls12 -client_auth $CA $extra || exit 1 -+#$ssltest -dtls12 -client_auth $CA $extra || exit 1 - - echo test dtlsv1.2 with both client and server authentication --$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1 -+#$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1 - - if [ $dsa_cert = NO ]; then - echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair' diff --git a/security/openssl/pkg-plist b/security/openssl/pkg-plist index fd0e14cbff79..d72e3875bd4a 100644 --- a/security/openssl/pkg-plist +++ b/security/openssl/pkg-plist @@ -868,10 +868,14 @@ man/man1/x509.1.gz %%MAN3%%man/man3/EVP_VerifyFinal.3.gz %%MAN3%%man/man3/EVP_VerifyInit.3.gz %%MAN3%%man/man3/EVP_VerifyUpdate.3.gz +%%MAN3%%man/man3/EVP_aes_128_cbc_hmac_sha1.3.gz +%%MAN3%%man/man3/EVP_aes_128_cbc_hmac_sha256.3.gz %%MAN3%%man/man3/EVP_aes_128_ccm.3.gz %%MAN3%%man/man3/EVP_aes_128_gcm.3.gz %%MAN3%%man/man3/EVP_aes_192_ccm.3.gz %%MAN3%%man/man3/EVP_aes_192_gcm.3.gz +%%MAN3%%man/man3/EVP_aes_256_cbc_hmac_sha1.3.gz +%%MAN3%%man/man3/EVP_aes_256_cbc_hmac_sha256.3.gz %%MAN3%%man/man3/EVP_aes_256_ccm.3.gz %%MAN3%%man/man3/EVP_aes_256_gcm.3.gz %%MAN3%%man/man3/EVP_bf_cbc.3.gz @@ -921,6 +925,7 @@ man/man1/x509.1.gz %%MAN3%%man/man3/EVP_rc2_ofb.3.gz %%MAN3%%man/man3/EVP_rc4.3.gz %%MAN3%%man/man3/EVP_rc4_40.3.gz +%%MAN3%%man/man3/EVP_rc4_hmac_md5.3.gz %%MAN3%%man/man3/EVP_rc5_32_12_16_cbc.3.gz %%MAN3%%man/man3/EVP_rc5_32_12_16_cfb.3.gz %%MAN3%%man/man3/EVP_rc5_32_12_16_ecb.3.gz |