From 0e06657ad406eb220a356e8f49cb5cccd025225e Mon Sep 17 00:00:00 2001
From: Bernard Spil <brnrd@FreeBSD.org>
Date: Wed, 22 Jun 2022 08:56:18 +0000
Subject: security/openssl: Security update to 1.1.1p

 * Adds bungled commit da7e737639a077e954426e5400c3ce15754f54d
   parts related to security/openssl

Security:	4eeb93bf-f204-11ec-8fbd-d4c9ef517024
(cherry picked from commit f8942926a8cb9a03b0ffab32565479d97fa5be05)
---
 security/openssl/Makefile                          |  2 +-
 security/openssl/distinfo                          |  6 +-
 .../files/patch-Configurations_10-main.conf        | 16 ----
 security/openssl/files/patch-config                | 20 -----
 security/openssl/files/patch-test_v3ext.c          | 96 ++++++++++++++++++++++
 5 files changed, 100 insertions(+), 40 deletions(-)
 delete mode 100644 security/openssl/files/patch-Configurations_10-main.conf
 delete mode 100644 security/openssl/files/patch-config
 create mode 100644 security/openssl/files/patch-test_v3ext.c

diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index fd1885241632..98bb3b2dae26 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -1,7 +1,7 @@
 # Created by: Dirk Froemberg <dirk@FreeBSD.org>
 
 PORTNAME=	openssl
-PORTVERSION=	1.1.1o
+PORTVERSION=	1.1.1p
 PORTEPOCH=	1
 CATEGORIES=	security devel
 MASTER_SITES=	https://www.openssl.org/source/ \
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index 2ea1c2918bbd..6bb4a692578e 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1651649441
-SHA256 (openssl-1.1.1o.tar.gz) = 9384a2b0570dd80358841464677115df785edb941c71211f75076d72fe6b438f
-SIZE (openssl-1.1.1o.tar.gz) = 9856386
+TIMESTAMP = 1655885637
+SHA256 (openssl-1.1.1p.tar.gz) = bf61b62aaa66c7c7639942a94de4c9ae8280c08f17d4eac2e44644d9fc8ace6f
+SIZE (openssl-1.1.1p.tar.gz) = 9860217
diff --git a/security/openssl/files/patch-Configurations_10-main.conf b/security/openssl/files/patch-Configurations_10-main.conf
deleted file mode 100644
index 03be5801b885..000000000000
--- a/security/openssl/files/patch-Configurations_10-main.conf
+++ /dev/null
@@ -1,16 +0,0 @@
---- Configurations/10-main.conf.orig	2021-12-14 15:45:01 UTC
-+++ Configurations/10-main.conf
-@@ -988,6 +988,13 @@ my %targets = (
-         perlasm_scheme   => "elf",
-     },
- 
-+    "BSD-aarch64" => {
-+        inherit_from     => [ "BSD-generic64", asm("aarch64_asm") ],
-+        lib_cppflags     => add("-DL_ENDIAN"),
-+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
-+        perlasm_scheme   => "linux64",
-+    },
-+
-     "bsdi-elf-gcc" => {
-         inherit_from     => [ "BASE_unix", asm("x86_elf_asm") ],
-         CC               => "gcc",
diff --git a/security/openssl/files/patch-config b/security/openssl/files/patch-config
deleted file mode 100644
index d83edae81ff7..000000000000
--- a/security/openssl/files/patch-config
+++ /dev/null
@@ -1,20 +0,0 @@
---- config.orig	2021-08-24 13:38:47 UTC
-+++ config
-@@ -708,14 +708,9 @@ case "$GUESSOS" in
-   ia64-*-*bsd*)		OUT="BSD-ia64" ;;
-   x86_64-*-dragonfly*)  OUT="BSD-x86_64" ;;
-   amd64-*-*bsd*)	OUT="BSD-x86_64" ;;
--  *86*-*-*bsd*)		# mimic ld behaviour when it's looking for libc...
--			if [ -L /usr/lib/libc.so ]; then	# [Free|Net]BSD
--			    libc=/usr/lib/libc.so
--			else					# OpenBSD
--			    # ld searches for highest libc.so.* and so do we
--			    libc=`(ls /usr/lib/libc.so.* /lib/libc.so.* | tail -1) 2>/dev/null`
--			fi
--			case "`(file -L $libc) 2>/dev/null`" in
-+  arm64-*-*bsd*)	OUT="BSD-aarch64" ;;
-+  *86*-*-*bsd*)	
-+			case "`(file -L /bin/sh) 2>/dev/null`" in
- 			*ELF*)	OUT="BSD-x86-elf" ;;
- 			*)	OUT="BSD-x86"; options="$options no-sse2" ;;
- 			esac ;;
diff --git a/security/openssl/files/patch-test_v3ext.c b/security/openssl/files/patch-test_v3ext.c
new file mode 100644
index 000000000000..75769d96ad49
--- /dev/null
+++ b/security/openssl/files/patch-test_v3ext.c
@@ -0,0 +1,96 @@
+Fixes https://github.com/openssl/openssl/issues/18619
+
+Revert the test of 01fc9b6bce82f0534d6673659a0e59a71f57ee82
+
+--- test/v3ext.c.orig	2022-06-21 13:39:39 UTC
++++ test/v3ext.c
+@@ -37,89 +37,11 @@ end:
+     return ret;
+ }
+ 
+-static int test_asid(void)
+-{
+-    ASN1_INTEGER *val1 = NULL, *val2 = NULL;
+-    ASIdentifiers *asid1 = ASIdentifiers_new(), *asid2 = ASIdentifiers_new(),
+-                  *asid3 = ASIdentifiers_new(), *asid4 = ASIdentifiers_new();
+-    int testresult = 0;
+-
+-    if (!TEST_ptr(asid1)
+-            || !TEST_ptr(asid2)
+-            || !TEST_ptr(asid3))
+-        goto err;
+-
+-    if (!TEST_ptr(val1 = ASN1_INTEGER_new())
+-            || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496)))
+-        goto err;
+-
+-    if (!TEST_true(X509v3_asid_add_id_or_range(asid1, V3_ASID_ASNUM, val1, NULL)))
+-        goto err;
+-
+-    val1 = NULL;
+-    if (!TEST_ptr(val2 = ASN1_INTEGER_new())
+-            || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497)))
+-        goto err;
+-
+-    if (!TEST_true(X509v3_asid_add_id_or_range(asid2, V3_ASID_ASNUM, val2, NULL)))
+-        goto err;
+-
+-    val2 = NULL;
+-    if (!TEST_ptr(val1 = ASN1_INTEGER_new())
+-            || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496))
+-            || !TEST_ptr(val2 = ASN1_INTEGER_new())
+-            || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497)))
+-        goto err;
+-
+-    /*
+-     * Just tests V3_ASID_ASNUM for now. Could be extended at some point to also
+-     * test V3_ASID_RDI if we think it is worth it.
+-     */
+-    if (!TEST_true(X509v3_asid_add_id_or_range(asid3, V3_ASID_ASNUM, val1, val2)))
+-        goto err;
+-    val1 = val2 = NULL;
+-
+-    /* Actual subsets */
+-    if (!TEST_true(X509v3_asid_subset(NULL, NULL))
+-            || !TEST_true(X509v3_asid_subset(NULL, asid1))
+-            || !TEST_true(X509v3_asid_subset(asid1, asid1))
+-            || !TEST_true(X509v3_asid_subset(asid2, asid2))
+-            || !TEST_true(X509v3_asid_subset(asid1, asid3))
+-            || !TEST_true(X509v3_asid_subset(asid2, asid3))
+-            || !TEST_true(X509v3_asid_subset(asid3, asid3))
+-            || !TEST_true(X509v3_asid_subset(asid4, asid1))
+-            || !TEST_true(X509v3_asid_subset(asid4, asid2))
+-            || !TEST_true(X509v3_asid_subset(asid4, asid3)))
+-        goto err;
+-
+-    /* Not subsets */
+-    if (!TEST_false(X509v3_asid_subset(asid1, NULL))
+-            || !TEST_false(X509v3_asid_subset(asid1, asid2))
+-            || !TEST_false(X509v3_asid_subset(asid2, asid1))
+-            || !TEST_false(X509v3_asid_subset(asid3, asid1))
+-            || !TEST_false(X509v3_asid_subset(asid3, asid2))
+-            || !TEST_false(X509v3_asid_subset(asid1, asid4))
+-            || !TEST_false(X509v3_asid_subset(asid2, asid4))
+-            || !TEST_false(X509v3_asid_subset(asid3, asid4)))
+-        goto err;
+-
+-    testresult = 1;
+- err:
+-    ASN1_INTEGER_free(val1);
+-    ASN1_INTEGER_free(val2);
+-    ASIdentifiers_free(asid1);
+-    ASIdentifiers_free(asid2);
+-    ASIdentifiers_free(asid3);
+-    ASIdentifiers_free(asid4);
+-    return testresult;
+-}
+-
+ int setup_tests(void)
+ {
+     if (!TEST_ptr(infile = test_get_argument(0)))
+         return 0;
+ 
+     ADD_TEST(test_pathlen);
+-    ADD_TEST(test_asid);
+     return 1;
+ }
-- 
cgit v1.2.3