Page MenuHomeFreeBSD
Differential D3585

security/libressl-devel: Add next-stable LibreSSL 2.3 port
ClosedPublic
Actions

Authored by brnrd on Sep 7 2015, 11:19 AM.
Tags
None
Referenced Files
F102537891: D3585.id10785.diff
Wed, Nov 13, 6:38 PM
F102523493: D3585.id11862.diff
Wed, Nov 13, 1:42 PM
Unknown Object (File)
Sat, Nov 9, 11:50 PM
Unknown Object (File)
Fri, Nov 8, 11:47 AM
Unknown Object (File)
Fri, Nov 8, 7:11 AM
Unknown Object (File)
Fri, Nov 8, 6:37 AM
Unknown Object (File)
Fri, Nov 8, 6:21 AM
Unknown Object (File)
Thu, Nov 7, 1:25 PM
View All Files
Subscribers
adamw
mat

Details

Reviewers
vsevolod
koobs
feld
Commits
rP405278: security/libressl-devel: Add next-stable LibreSSL 2.3 port
rP405241: security/libressl-devel: Add next-stable LibreSSL 2.3 port
Summary

Proposed commit message:

security/libressl-devel: Add next-stable LibreSSL 2.3 port

  - Transfer maintainership of security/libressl to brnrd@
  - Add security/libressl-devel for version 2.3.1
  - Including corrections for CVE-2015-3194/3195
  - Add support for multiple versions to bsd.openssl.mk
  - Add option to optionally install API man-pages (201462)
  - Disable silent rules output

Changes:

  - ftp://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.0-relnotes.txt
  - ftp://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt

PR:		201462
Submitted by: 	adamw (201462)
Reviewed_by:	vsevolod (mentor, maintainer), koobs (mentor), feld (mentor)
Approved by:	(mentor)
Differential_Revision:	https://reviews.freebsd.org/D3585
Test Plan
  • Poudriere testport
  • Poudriere Bulk of private repo
  • portlint -AC (clean)
  • make regression-test all tests PASS

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Herald edited edge metadata. · View Herald TranscriptSep 25 2015, 1:51 PM
adamw added inline comments.Sep 25 2015, 10:29 PM
security/libressl/Makefile
42 ↗(On Diff #8930)

Did you want to uncomment the post-install-MAN3-off target?

brnrd marked 5 inline comments as done.Oct 8 2015, 6:31 PM
brnrd added inline comments.
security/libressl/Makefile
24 ↗(On Diff #8930)

There's now a maintainer-approved patch for devel/tcltls see D3695

42 ↗(On Diff #8930)

Yes. This has now been fixed.

brnrd updated this revision to Diff 9254.Oct 8 2015, 6:39 PM
brnrd marked an inline comment as done.
brnrd edited edge metadata.

Update with latest patch-set closing all comments

  • devel/tcltls conflict solved in D3695
  • Include Mk/bsd.openssl.mk patch
  • Include security/Makefile patch
Herald edited edge metadata. · View Herald TranscriptOct 8 2015, 6:39 PM
brnrd retitled this revision from security/libressl: Update to 2.3.0 PRE-RELEASE to security/libressl-devel: Add next-stable LibreSSL 2.3.0 port.Oct 8 2015, 6:43 PM
brnrd updated this object.
brnrd edited edge metadata.
brnrd mentioned this in D3916: security/libressl: Fix memory leak and buffer overflow DoS vulnerability.Oct 16 2015, 7:04 AM
brnrd updated this revision to Diff 9444.Oct 16 2015, 8:35 AM

Update to latest including vulnerability fixes

Herald edited edge metadata. · View Herald TranscriptOct 16 2015, 8:35 AM
koobs accepted this revision.EditedOct 16 2015, 8:43 AM
koobs edited edge metadata.

LGTM, great work.

The commit log is missing spaces where there should be some, and Differential Revision: needs to go on the last line.

brnrd updated this revision to Diff 9448.Oct 16 2015, 11:46 AM
brnrd edited edge metadata.

Transfer maintainership

Herald edited edge metadata. · View Herald TranscriptOct 16 2015, 11:46 AM
brnrd updated this object.Oct 16 2015, 11:47 AM
brnrd edited edge metadata.
koobs requested changes to this revision.Oct 16 2015, 12:15 PM
koobs edited edge metadata.
koobs added inline comments.
security/libressl-devel/Makefile
6 ↗(On Diff #9448)

PORTREVISION shouldn't be needed for an initial add port?

security/libressl-devel/files/patch-include_openssl_opensslv.h
8 ↗(On Diff #9448)

/* These will never change */

But they changed, please document the need/rationale in the patch header for future selves

This revision now requires changes to proceed.Oct 16 2015, 12:15 PM
brnrd marked 2 inline comments as done.Nov 7 2015, 3:12 PM
brnrd added inline comments.
security/libressl-devel/Makefile
6 ↗(On Diff #9448)

Correct. This was done for PC-BSD that already had 2.3.0 without a security patch in use.
Gone now.

security/libressl-devel/files/patch-include_openssl_opensslv.h
8 ↗(On Diff #9448)

Added comment to patch file

brnrd updated this revision to Diff 10009.Nov 7 2015, 3:23 PM
brnrd edited edge metadata.
brnrd marked 2 inline comments as done.
  • Update security/libressl-devel to 2.3.1
  • Add comment to OPENSSL_VERSION patch
  • Redo optional nc install
Herald edited edge metadata. · View Herald TranscriptNov 7 2015, 3:23 PM
koobs requested changes to this revision.Nov 8 2015, 10:55 AM
koobs edited edge metadata.
koobs added inline comments.
security/libressl-devel/Makefile
34 ↗(On Diff #10009)

Since the new test framework (See TEST_* in Mk/bsd.port.mk), should be able to update this to:

TEST_TARGET=check

This revision now requires changes to proceed.Nov 8 2015, 10:55 AM
brnrd retitled this revision from security/libressl-devel: Add next-stable LibreSSL 2.3.0 port to security/libressl-devel: Add next-stable LibreSSL 2.3.1 port.Nov 11 2015, 6:58 PM
brnrd edited edge metadata.
brnrd updated this revision to Diff 10205.Nov 15 2015, 6:10 PM
brnrd edited edge metadata.

Rework regression-test target to TEST_TARGET

Herald edited edge metadata. · View Herald TranscriptNov 15 2015, 6:10 PM
brnrd updated this revision to Diff 10785.Dec 5 2015, 11:39 AM
brnrd edited edge metadata.

Add patch for CVE-2015-1794

Herald edited edge metadata. · View Herald TranscriptDec 5 2015, 11:39 AM
brnrd updated this revision to Diff 10904.Dec 8 2015, 10:11 AM
brnrd edited edge metadata.

Add fix for CVE-2015-3195 as well

  • Bump portrevision for PC-BSD
Herald edited edge metadata. · View Herald TranscriptDec 8 2015, 10:11 AM
brnrd retitled this revision from security/libressl-devel: Add next-stable LibreSSL 2.3.1 port to security/libressl-devel: Add next-stable LibreSSL 2.3 port.Jan 1 2016, 8:23 PM
brnrd updated this object.
brnrd added a reviewer: feld.
brnrd updated this revision to Diff 11851.Jan 1 2016, 8:27 PM
brnrd marked an inline comment as done.

Update LibreSSL patches

  • Record change of maintainer for security/libressl
Herald edited edge metadata. · View Herald TranscriptJan 1 2016, 8:27 PM
koobs requested changes to this revision.Jan 2 2016, 4:19 PM
koobs edited edge metadata.

@brnrd Can you pull the security/libressl changes out of this review, leaving only the new -devel parts?

They should really be in isolated changes. Apologies for not asking for this sooner

This revision now requires changes to proceed.Jan 2 2016, 4:19 PM
brnrd updated this revision to Diff 11861.Jan 2 2016, 7:13 PM
brnrd edited edge metadata.

Make change atomic, exclude changes to other ports

Herald edited edge metadata. · View Herald TranscriptJan 2 2016, 7:13 PM
brnrd added a comment.Jan 2 2016, 7:14 PM
In D3585#100968, @koobs wrote:

@brnrd Can you pull the security/libressl changes out of this review, leaving only the new -devel parts?

They should really be in isolated changes. Apologies for not asking for this sooner

Corrected!

security/libressl-devel/Makefile
7 ↗(On Diff #10904)

Required for PC-BSD that has been using LibreSSL 2.3 since 2015-10-03 and the security/libressl-devel port since 2015-11-13 for pcbsd-101-RELEASE. This revision includes the CVE-2015-3194 and CVE-2015-3195 corrections

brnrd updated this revision to Diff 11862.Jan 2 2016, 7:29 PM
brnrd edited edge metadata.

Fix imminent make index failure

Herald edited edge metadata. · View Herald TranscriptJan 2 2016, 7:29 PM
feld requested changes to this revision.Jan 3 2016, 8:31 PM
feld edited edge metadata.

what happened to the man page situation? It still looks like we're installing 1400 man pages :-)

This revision now requires changes to proceed.Jan 3 2016, 8:31 PM
adamw added a comment.Jan 3 2016, 8:39 PM
In D3585#101156, @feld wrote:

what happened to the man page situation? It still looks like we're installing 1400 man pages :-)

Is the MAN3 option not working for you?

They're removed before packaging in post-install-MAN3-off. It's simple that way, and less trivial to patch up libressl not to install them to STAGEDIR in the first place (but still to install the man1 page

In this case, they're processed/installed with install(1) and ln(1), so it doesn't add much to build time. In openssl, by contrast, it has its own installation script (because openssl has to roll their own everything), and processing the manpages adds considerable build time.

feld added a comment.Jan 3 2016, 8:49 PM

I didn't build it yet to confirm -- the pkg-plist visualization in phabric that makes it appear that it will be using a 1562 line pkg-plist with 1400+ man pages.

adamw added a comment.Jan 3 2016, 8:51 PM
In D3585#101174, @feld wrote:

I didn't build it yet to confirm -- the pkg-plist visualization in phabric that makes it appear that it will be using a 1562 line pkg-plist with 1400+ man pages.

Gotcha. It deletes those lines from the plist as the last step. The manpages are all installed by default.

feld accepted this revision.Jan 3 2016, 9:11 PM
feld edited edge metadata.
In D3585#101175, @adamw wrote:
In D3585#101174, @feld wrote:

I didn't build it yet to confirm -- the pkg-plist visualization in phabric that makes it appear that it will be using a 1562 line pkg-plist with 1400+ man pages.

Gotcha. It deletes those lines from the plist as the last step. The manpages are all installed by default.

Aha! I'm not used to seeing the plist handled like that. :) I've tested build and this looks sane to me.

koobs accepted this revision.Jan 4 2016, 9:24 AM
koobs edited edge metadata.
brnrd marked 2 inline comments as done.Jan 4 2016, 9:41 AM
brnrd added inline comments.
UPDATING
18 ↗(On Diff #8752)

After refactoring to keep the current security/libressl and creating a new security/libressl-devel this addition to UPDATING has been removed

security/libressl-devel/Makefile
42 ↗(On Diff #11862)
In D3585#101156, @feld wrote:

what happened to the man page situation? It still looks like we're installing 1400 man pages :-)

This not working for you?

koobs removed a reviewer: portmgr.Jan 4 2016, 11:32 AM
This revision is now accepted and ready to land.Jan 4 2016, 11:32 AM
koobs added a comment.Jan 4 2016, 11:33 AM

@dinoex doesn't have a phabricator account to review/approval.

@mat approved the removal of portmgr from this review given they do not maintain openssl.mk

This commit is free to land @brnrd

Closed by commit rP405241: security/libressl-devel: Add next-stable LibreSSL 2.3 port (authored by brnrd). · Explain WhyJan 4 2016, 1:55 PM
This revision was automatically updated to reflect the committed changes.
brnrd marked an inline comment as done.

Revision Contents
Changeset List

PathSizePackages
head/
Mk/
6 linesO5: Ports Framework
security/
libressl-devel/
44 lines
2 lines
files/
49 lines
35 lines
16 lines
11 lines
24 lines
1562 lines

Diff 11910

View Options

head/Mk/bsd.openssl.mk

Loading...
View Options

head/security/libressl-devel/Makefile

Loading...
View Options

head/security/libressl-devel/distinfo

Loading...
View Options

head/security/libressl-devel/files/patch-crypto_asn1_tasn__dec.c

Loading...
View Options

head/security/libressl-devel/files/patch-crypto_rsa_rsa__ameth.c

Loading...
View Options

head/security/libressl-devel/files/patch-include_openssl_opensslv.h

Loading...
View Options

head/security/libressl-devel/pkg-descr

Loading...
View Options

head/security/libressl-devel/pkg-message

Loading...
View Options

head/security/libressl-devel/pkg-plist

Loading...