svn commit: r441709 - in head/security/openssl: . files
Bernard Spil
brnrd at FreeBSD.org
Thu May 25 18:53:11 UTC 2017
Author: brnrd
Date: Thu May 25 18:53:09 2017
New Revision: 441709
URL: https://svnweb.freebsd.org/changeset/ports/441709
Log:
security/openssl: Update to 1.0.2l
- Bugfix update to 1.0.2l
- Fix PADLOCK option
- Build failure -Wunused-function
- Properly disable with configure
- Strip patch-version from DIST_SUBDIR, reduce dirs
- Remove unneeded testssl patch, dtls tests are OK
- Add new WITHOUT_SSL3 testssl extra-patch
- Remove md5 patch (inconsistent output)
- Remove openbsd_hw.c patch (not compiled)
- Remove srtp patch (upstream fixed)
- Fix plist
Added:
head/security/openssl/files/extra-patch-test_testssl
- copied, changed from r441708, head/security/openssl/files/patch-testssl
Deleted:
head/security/openssl/files/patch-md5.c
head/security/openssl/files/patch-openbsd__hw.c
head/security/openssl/files/patch-srtp.h
head/security/openssl/files/patch-testssl
Modified:
head/security/openssl/Makefile
head/security/openssl/distinfo
head/security/openssl/pkg-plist
Modified: head/security/openssl/Makefile
==============================================================================
--- head/security/openssl/Makefile Thu May 25 18:33:54 2017 (r441708)
+++ head/security/openssl/Makefile Thu May 25 18:53:09 2017 (r441709)
@@ -2,13 +2,12 @@
# $FreeBSD$
PORTNAME= openssl
-PORTVERSION= 1.0.2k
-PORTREVISION= 1
+PORTVERSION= 1.0.2l
PORTEPOCH= 1
CATEGORIES= security devel
MASTER_SITES= http://www.openssl.org/source/ \
ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/
-DIST_SUBDIR= ${DISTNAME}
+DIST_SUBDIR= ${DISTNAME:C/[a-z]$//}
MAINTAINER= brnrd at FreeBSD.org
COMMENT= SSL and crypto library
@@ -74,6 +73,8 @@ EC_CONFIGURE_OFF= no-ec_nistp_64_gcc_128
I386_CONFIGURE_ON= 386
MD2_CONFIGURE_ON= enable-md2
MD2_CONFIGURE_OFF= no-md2
+PADLOCK_CFLAGS= -Wno-unused-function
+PADLOCK_CONFIGURE_OFF= no-padlock
PADLOCK_PATCH_SITES= http://git.alpinelinux.org/cgit/aports/plain/main/openssl/:padlock
PADLOCK_PATCHFILES= 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch:padlock \
1002-backport-changes-from-upstream-padlock-module.patch:padlock \
@@ -95,11 +96,14 @@ SSL2_CONFIGURE_ON= enable-ssl2
SSL2_CONFIGURE_OFF= no-ssl2
SSL3_CONFIGURE_ON= enable-ssl3
SSL3_CONFIGURE_OFF= no-ssl3 no-ssl3-method
+SSL3_EXTRA_PATCHES_OFF= ${PATCHDIR}/extra-patch-test_testssl
THREADS_CONFIGURE_ON= threads
THREADS_CONFIGURE_OFF= no-threads
ZLIB_CONFIGURE_ON= zlib zlib-dynamic
ZLIB_CONFIGURE_OFF= no-zlib no-zlib-dynamic
+CFLAGS+= -Werror -Qunused-arguments
+
.include <bsd.port.pre.mk>
.if ${PREFIX} == /usr
@@ -153,8 +157,13 @@ post-configure:
post-install-SHARED-on:
.for i in libcrypto libssl
${INSTALL_DATA} ${WRKSRC}/$i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib
+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/$i.so.${OPENSSL_SHLIBVER}
${LN} -sf $i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib/$i.so
.endfor
+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl
+.for i in 4758cca aep atalla capi chil cswift gmp gost nuron padlock sureware ubsec
+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/engines/lib${i}.so
+.endfor
post-install-DOCS-on:
${MKDIR} ${STAGEDIR}${DOCSDIR}
Modified: head/security/openssl/distinfo
==============================================================================
--- head/security/openssl/distinfo Thu May 25 18:33:54 2017 (r441708)
+++ head/security/openssl/distinfo Thu May 25 18:53:09 2017 (r441709)
@@ -1,11 +1,11 @@
-TIMESTAMP = 1485440434
-SHA256 (openssl-1.0.2k/openssl-1.0.2k.tar.gz) = 6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0
-SIZE (openssl-1.0.2k/openssl-1.0.2k.tar.gz) = 5309236
-SHA256 (openssl-1.0.2k/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 2eddcb7ab342285cb637ce6b6be143cca835f449f35dd9bb8c7b9167ba2117a7
-SIZE (openssl-1.0.2k/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 3717
-SHA256 (openssl-1.0.2k/1002-backport-changes-from-upstream-padlock-module.patch) = aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260
-SIZE (openssl-1.0.2k/1002-backport-changes-from-upstream-padlock-module.patch) = 5770
-SHA256 (openssl-1.0.2k/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea
-SIZE (openssl-1.0.2k/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = 20935
-SHA256 (openssl-1.0.2k/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 97eb4411d0fc0890e94bc7c2d682f68b71135da782af769ca73914b37da2b1fd
-SIZE (openssl-1.0.2k/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 832
+TIMESTAMP = 1495727915
+SHA256 (openssl-1.0.2l/openssl-1.0.2l.tar.gz) = ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c
+SIZE (openssl-1.0.2l/openssl-1.0.2l.tar.gz) = 5365054
+SHA256 (openssl-1.0.2l/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 2eddcb7ab342285cb637ce6b6be143cca835f449f35dd9bb8c7b9167ba2117a7
+SIZE (openssl-1.0.2l/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 3717
+SHA256 (openssl-1.0.2l/1002-backport-changes-from-upstream-padlock-module.patch) = aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260
+SIZE (openssl-1.0.2l/1002-backport-changes-from-upstream-padlock-module.patch) = 5770
+SHA256 (openssl-1.0.2l/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea
+SIZE (openssl-1.0.2l/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = 20935
+SHA256 (openssl-1.0.2l/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 97eb4411d0fc0890e94bc7c2d682f68b71135da782af769ca73914b37da2b1fd
+SIZE (openssl-1.0.2l/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 832
Copied and modified: head/security/openssl/files/extra-patch-test_testssl (from r441708, head/security/openssl/files/patch-testssl)
==============================================================================
--- head/security/openssl/files/patch-testssl Thu May 25 18:33:54 2017 (r441708, copy source)
+++ head/security/openssl/files/extra-patch-test_testssl Thu May 25 18:53:09 2017 (r441709)
@@ -1,39 +1,15 @@
---- test/testssl.orig 2015-06-11 15:50:11.000000000 +0200
-+++ test/testssl 2015-06-12 13:43:32.000000000 +0200
-@@ -102,28 +102,28 @@
- $ssltest $extra || exit 1
-
- echo test dtlsv1
--$ssltest -dtls1 $extra || exit 1
-+#$ssltest -dtls1 $extra || exit 1
-
- echo test dtlsv1 with server authentication
--$ssltest -dtls1 -server_auth $CA $extra || exit 1
-+#$ssltest -dtls1 -server_auth $CA $extra || exit 1
-
- echo test dtlsv1 with client authentication
--$ssltest -dtls1 -client_auth $CA $extra || exit 1
-+#$ssltest -dtls1 -client_auth $CA $extra || exit 1
-
- echo test dtlsv1 with both client and server authentication
--$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
-+#$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
-
- echo test dtlsv1.2
--$ssltest -dtls12 $extra || exit 1
-+#$ssltest -dtls12 $extra || exit 1
-
- echo test dtlsv1.2 with server authentication
--$ssltest -dtls12 -server_auth $CA $extra || exit 1
-+#$ssltest -dtls12 -server_auth $CA $extra || exit 1
-
- echo test dtlsv1.2 with client authentication
--$ssltest -dtls12 -client_auth $CA $extra || exit 1
-+#$ssltest -dtls12 -client_auth $CA $extra || exit 1
-
- echo test dtlsv1.2 with both client and server authentication
--$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
-+#$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
-
- if [ $dsa_cert = NO ]; then
- echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
+Disable SSLv3 test when built without SSL3 option disabled
+
+ - Test for weak DH fails when enabled
+
+--- test/testssl.orig 2017-04-27 12:23:44 UTC
++++ test/testssl
+@@ -160,7 +160,7 @@ test_cipher() {
+ }
+ set -x
+ echo "Testing ciphersuites"
+-for protocol in TLSv1.2 SSLv3; do
++for protocol in TLSv1.2; do
+ echo "Testing ciphersuites for $protocol"
+ for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
+ test_cipher $cipher $protocol
Modified: head/security/openssl/pkg-plist
==============================================================================
--- head/security/openssl/pkg-plist Thu May 25 18:33:54 2017 (r441708)
+++ head/security/openssl/pkg-plist Thu May 25 18:53:09 2017 (r441709)
@@ -868,10 +868,14 @@ man/man1/x509.1.gz
%%MAN3%%man/man3/EVP_VerifyFinal.3.gz
%%MAN3%%man/man3/EVP_VerifyInit.3.gz
%%MAN3%%man/man3/EVP_VerifyUpdate.3.gz
+%%MAN3%%man/man3/EVP_aes_128_cbc_hmac_sha1.3.gz
+%%MAN3%%man/man3/EVP_aes_128_cbc_hmac_sha256.3.gz
%%MAN3%%man/man3/EVP_aes_128_ccm.3.gz
%%MAN3%%man/man3/EVP_aes_128_gcm.3.gz
%%MAN3%%man/man3/EVP_aes_192_ccm.3.gz
%%MAN3%%man/man3/EVP_aes_192_gcm.3.gz
+%%MAN3%%man/man3/EVP_aes_256_cbc_hmac_sha1.3.gz
+%%MAN3%%man/man3/EVP_aes_256_cbc_hmac_sha256.3.gz
%%MAN3%%man/man3/EVP_aes_256_ccm.3.gz
%%MAN3%%man/man3/EVP_aes_256_gcm.3.gz
%%MAN3%%man/man3/EVP_bf_cbc.3.gz
@@ -921,6 +925,7 @@ man/man1/x509.1.gz
%%MAN3%%man/man3/EVP_rc2_ofb.3.gz
%%MAN3%%man/man3/EVP_rc4.3.gz
%%MAN3%%man/man3/EVP_rc4_40.3.gz
+%%MAN3%%man/man3/EVP_rc4_hmac_md5.3.gz
%%MAN3%%man/man3/EVP_rc5_32_12_16_cbc.3.gz
%%MAN3%%man/man3/EVP_rc5_32_12_16_cfb.3.gz
%%MAN3%%man/man3/EVP_rc5_32_12_16_ecb.3.gz
More information about the svn-ports-all
mailing list