From 4b97ad6a76d6b556bf5ce4cc171848096bc7bbb9 Mon Sep 17 00:00:00 2001 From: Dirk Meyer Date: Tue, 7 Jan 2014 20:40:22 +0000 Subject: - Security update to openssl-1.0.1f - remove broken patches - new fix for perl5.18 - fix option GMP Security: http://www.openssl.org/news/vulnerabilities.html Security: CVE-2013-4353 Security: CVE-2013-6449 Security: CVE-2013-6450 Security: 5aaa257e-772d-11e3-a65a-3c970e169bc2 --- security/openssl/Makefile | 36 ++++++++++++++++++++++++++++-------- security/openssl/distinfo | 14 ++------------ security/openssl/files/patch-config | 2 +- 3 files changed, 31 insertions(+), 21 deletions(-) (limited to 'security') diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 932c15fa888d..f6de6a21d9f3 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -3,22 +3,18 @@ PORTNAME= openssl PORTVERSION= 1.0.1 -DISTVERSIONSUFFIX= e -PORTREVISION= 8 +DISTVERSIONSUFFIX= f +PORTREVISION= 9 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \ ftp://ftp.openssl.org/%SUBDIR%/ \ ftp://ftp.cert.dfn.de/pub/tools/net/openssl/%SUBDIR%/ MASTER_SITE_SUBDIR= source -DIST_SUBDIR= ${DISTNAME}2 +DIST_SUBDIR= ${DISTNAME} MAINTAINER= dinoex@FreeBSD.org COMMENT= SSL and crypto library -PATCH_SITES+= http://www.linuxfromscratch.org/patches/blfs/svn/:pod -PATCHFILES+= openssl-1.0.1e-fix_pod_syntax-1.patch:pod -PATCH_DIST_STRIP= -p1 - .ifdef USE_OPENSSL .error You have `USE_OPENSSL' variable defined either in environment or in make(1) arguments. Please undefine and try again. .endif @@ -60,6 +56,24 @@ SUB_FILES= pkg-message OPENSSLDIR= ${PREFIX}/openssl MANPREFIX= ${PREFIX} +FIX_POD=apps/cms.pod \ + apps/smime.pod \ + ssl/SSL_accept.pod \ + ssl/SSL_clear.pod \ + ssl/SSL_COMP_add_compression_method.pod ssl/SSL_connect.pod \ + ssl/SSL_CTX_add_session.pod ssl/SSL_CTX_load_verify_locations.pod \ + ssl/SSL_CTX_set_client_CA_list.pod \ + ssl/SSL_CTX_set_session_id_context.pod \ + ssl/SSL_CTX_set_ssl_version.pod \ + ssl/SSL_CTX_use_psk_identity_hint.pod \ + ssl/SSL_do_handshake.pod \ + ssl/SSL_read.pod \ + ssl/SSL_session_reused.pod \ + ssl/SSL_set_fd.pod \ + ssl/SSL_set_session.pod \ + ssl/SSL_shutdown.pod \ + ssl/SSL_write.pod + MAN1= CA.pl.1 asn1parse.1 ca.1 ciphers.1 cms.1 crl.1 crl2pkcs7.1 dgst.1 \ dhparam.1 dsa.1 dsaparam.1 ec.1 ecparam.1 enc.1 errstr.1 gendsa.1 \ genpkey.1 genrsa.1 nseq.1 ocsp.1 openssl.1 passwd.1 pkcs12.1 pkcs7.1 \ @@ -1123,6 +1137,8 @@ PLIST_SUB+= WITH_RC5="@comment " .endif .if ${PORT_OPTIONS:MPADLOCK} +BROKEN= does not build with openssl-1.0.1f +PATCH_DIST_STRIP= -p1 PATCH_SITES+= http://git.alpinelinux.org/cgit/aports/plain/main/openssl/:padlock PATCHFILES+= 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch:padlock \ 0002-engines-e_padlock-backport-cvs-head-changes.patch:padlock \ @@ -1131,7 +1147,7 @@ PATCHFILES+= 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch:pad .endif .if ${PORT_OPTIONS:MGMP} -EXTRACONFIGURE+= enable-gmp +EXTRACONFIGURE+= enable-gmp -I${LOCALBASE}/include IGNORE= GMP is LGPLv3 and can not be linked .else EXTRACONFIGURE+= no-gmp @@ -1160,6 +1176,10 @@ pre-everything:: .endif +pre-patch: + ${REINPLACE_CMD} -e 's|^=item \([0-9]\)$$|=item C<\1>|' \ + ${FIX_POD:S,^,${WRKSRC}/doc/,} + post-patch: @${REINPLACE_CMD} -e 's|m4 -B 8192|m4|g' \ ${WRKSRC}/crypto/des/Makefile diff --git a/security/openssl/distinfo b/security/openssl/distinfo index a1b74b701341..0b76988ecc7d 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,12 +1,2 @@ -SHA256 (openssl-1.0.1e2/openssl-1.0.1e.tar.gz) = f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 -SIZE (openssl-1.0.1e2/openssl-1.0.1e.tar.gz) = 4459777 -SHA256 (openssl-1.0.1e2/openssl-1.0.1e-fix_pod_syntax-1.patch) = 748fd906d6d50b0183d4795aec4857c5b1e53de1155aaa8512fc775f2c04dbe9 -SIZE (openssl-1.0.1e2/openssl-1.0.1e-fix_pod_syntax-1.patch) = 11743 -SHA256 (openssl-1.0.1e2/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 18dd81fefb39b3328a444774ed10871ed50348ca171d2da9f826f916127b2dae -SIZE (openssl-1.0.1e2/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 3512 -SHA256 (openssl-1.0.1e2/0002-engines-e_padlock-backport-cvs-head-changes.patch) = 39c31c2e33cded09543a2d1fd2e3238e9d11c672ba71a14d13095baad3ec9696 -SIZE (openssl-1.0.1e2/0002-engines-e_padlock-backport-cvs-head-changes.patch) = 5867 -SHA256 (openssl-1.0.1e2/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b -SIZE (openssl-1.0.1e2/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = 20625 -SHA256 (openssl-1.0.1e2/0004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f -SIZE (openssl-1.0.1e2/0004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 777 +SHA256 (openssl-1.0.1f/openssl-1.0.1f.tar.gz) = 6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a +SIZE (openssl-1.0.1f/openssl-1.0.1f.tar.gz) = 4509212 diff --git a/security/openssl/files/patch-config b/security/openssl/files/patch-config index 1e45c7bc795c..c9d4fa7db0f5 100644 --- a/security/openssl/files/patch-config +++ b/security/openssl/files/patch-config @@ -9,7 +9,7 @@ - libc=/usr/lib/libc.so - else # OpenBSD - # ld searches for highest libc.so.* and so do we -- libc=`(ls /usr/lib/libc.so.* | tail -1) 2>/dev/null` +- libc=`(ls /usr/lib/libc.so.* /lib/libc.so.* | tail -1) 2>/dev/null` - fi - case "`(file -L $libc) 2>/dev/null`" in + *86*-*-*bsd*) -- cgit v1.2.3