diff --git a/security/openssl-devel/Makefile b/security/openssl-devel/Makefile index 233cf8036043..d171fee535dd 100644 --- a/security/openssl-devel/Makefile +++ b/security/openssl-devel/Makefile @@ -1,193 +1,193 @@ # Created by: Dirk Froemberg PORTNAME= openssl -DISTVERSION= 3.0.3 +DISTVERSION= 3.0.4 CATEGORIES= security devel MASTER_SITES= https://www.openssl.org/source/ \ ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/ PKGNAMESUFFIX= -devel MAINTAINER= brnrd@FreeBSD.org COMMENT= TLSv1.3 capable SSL and crypto library LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE.txt CONFLICTS_INSTALL= boringssl libressl libressl-devel openssl openssl-quictls HAS_CONFIGURE= yes CONFIGURE_SCRIPT= config CONFIGURE_ENV= PERL="${PERL}" CONFIGURE_ARGS= --openssldir=${OPENSSLDIR} \ --prefix=${PREFIX} USES= cpe perl5 USE_PERL5= build TEST_TARGET= test LDFLAGS_i386= -Wl,-znotext MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}" MAKE_ENV+= LIBRPATH="${PREFIX}/lib" GREP_OPTIONS= OPTIONS_GROUP= CIPHERS HASHES MODULES OPTIMIZE PROTOCOLS OPTIONS_GROUP_CIPHERS= ARIA DES GOST IDEA SM4 RC2 RC4 RC5 WEAK-SSL-CIPHERS OPTIONS_GROUP_HASHES= MD2 MD4 MDC2 RMD160 SM2 SM3 OPTIONS_GROUP_OPTIMIZE= ASM SSE2 THREADS OPTIONS_GROUP_MODULES= FIPS LEGACY OPTIONS_DEFINE_i386= I386 OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2 OPTIONS_DEFINE= ASYNC CRYPTODEV CT KTLS MAN3 RFC3779 SHARED ZLIB OPTIONS_DEFAULT=ASM ASYNC CT DES EC FIPS GOST KTLS MAN3 MD4 NEXTPROTONEG \ RC2 RC4 RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2 OPTIONS_EXCLUDE=${${OSVERSION} < 1300042:?KTLS:} \ ${${OSVERSION} > 1300000:?CRYPTODEV:} OPTIONS_GROUP_OPTIMIZE_amd64= EC .if ${MACHINE_ARCH} == "amd64" OPTIONS_GROUP_OPTIMIZE+= EC .elif ${MACHINE_ARCH} == "mips64el" OPTIONS_GROUP_OPTIMIZE+= EC .endif OPTIONS_SUB= yes ARIA_DESC= ARIA (South Korean standard) ASM_DESC= Assembler code ASYNC_DESC= Asynchronous mode CIPHERS_DESC= Block Cipher Support CRYPTODEV_DESC= /dev/crypto support CT_DESC= Certificate Transparency Support DES_DESC= (Triple) Data Encryption Standard EC_DESC= Optimize NIST elliptic curves FIPS_DESC= Build FIPS provider (Note: NOT yet FIPS validated) GOST_DESC= GOST (Russian standard) HASHES_DESC= Hash Function Support I386_DESC= i386 (instead of i486+) IDEA_DESC= International Data Encryption Algorithm KTLS_DESC= Use in-kernel TLS (FreeBSD >13) LEGACY_DESC= Older algorithms MAN3_DESC= Install API manpages (section 3, 7) MD2_DESC= MD2 (obsolete) (requires LEGACY) MD4_DESC= MD4 (unsafe) MDC2_DESC= MDC-2 (patented, requires DES) MODULES_DESC= Provider modules NEXTPROTONEG_DESC= Next Protocol Negotiation (SPDY) OPTIMIZE_DESC= Optimizations PROTOCOLS_DESC= Protocol Support RC2_DESC= RC2 (unsafe) RC4_DESC= RC4 (unsafe) RC5_DESC= RC5 (patented) RMD160_DESC= RIPEMD-160 RFC3779_DESC= RFC3779 support (BGP) SCTP_DESC= SCTP (Stream Control Transmission) SHARED_DESC= Build shared libraries SM2_DESC= SM2 Elliptic Curve DH (Chinese standard) SM3_DESC= SM3 256bit (Chinese standard) SM4_DESC= SM4 128bit (Chinese standard) SSE2_DESC= Runtime SSE2 detection SSL3_DESC= SSLv3 (unsafe) TLS1_DESC= TLSv1.0 (requires TLS1_1, TLS1_2) TLS1_1_DESC= TLSv1.1 (requires TLS1_2) TLS1_2_DESC= TLSv1.2 WEAK-SSL-CIPHERS_DESC= Weak cipher support (unsafe) # Upstream default disabled options .for _option in fips md2 ktls rc5 sctp ssl3 weak-ssl-ciphers zlib ${_option:tu}_CONFIGURE_ON= enable-${_option} .endfor # Upstream default enabled options .for _option in aria asm async ct des gost idea md4 mdc2 legacy \ nextprotoneg rc2 rc4 rfc3779 rmd160 shared sm2 sm3 sm4 sse2 \ threads tls1 tls1_1 tls1_2 ${_option:tu}_CONFIGURE_OFF= no-${_option} .endfor MD2_IMPLIES= LEGACY MDC2_IMPLIES= DES TLS1_IMPLIES= TLS1_1 TLS1_1_IMPLIES= TLS1_2 EC_CONFIGURE_ON= enable-ec_nistp_64_gcc_128 FIPS_VARS= shlibs+=lib/ossl-modules/fips.so I386_CONFIGURE_ON= 386 LEGACY_VARS= shlibs+=lib/ossl-modules/legacy.so MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-util_find-doc-nits SHARED_MAKE_ENV= SHLIBVER=${OPENSSL_SHLIBVER} SHARED_PLIST_SUB= SHLIBVER=${OPENSSL_SHLIBVER} SHARED_USE= ldconfig=yes SHARED_VARS= shlibs+="lib/libcrypto.so.${OPENSSL_SHLIBVER} \ lib/libssl.so.${OPENSSL_SHLIBVER} \ lib/engines-${OPENSSL_SHLIBVER}/capi.so \ lib/engines-${OPENSSL_SHLIBVER}/devcrypto.so \ lib/engines-${OPENSSL_SHLIBVER}/padlock.so" SSL3_CONFIGURE_ON+= enable-ssl3-method ZLIB_CONFIGURE_ON= zlib-dynamic SHLIBS= lib/engines-${OPENSSL_SHLIBVER}/loader_attic.so .include .if ${ARCH} == powerpc64 CONFIGURE_ARGS+= BSD-ppc64 .elif ${ARCH} == powerpc64le CONFIGURE_ARGS+= BSD-ppc64le .elif ${ARCH} == riscv64 CONFIGURE_ARGS+= BSD-riscv64 .endif .include .if ${PREFIX} == /usr IGNORE= the OpenSSL port can not be installed over the base version .endif .if ${OPSYS} == FreeBSD && ${OSVERSION} < 1300000 && !${PORT_OPTIONS:MCRYPTODEV} CONFIGURE_ARGS+= no-devcryptoeng .endif OPENSSLDIR?= ${PREFIX}/openssl PLIST_SUB+= OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==} .include "version.mk" .if ${PORT_OPTIONS:MASM} BROKEN_sparc64= option ASM generates illegal instructions .endif post-patch: ${REINPLACE_CMD} -Ee 's|^MANDIR=.*$$|MANDIR=$$(INSTALLTOP)/man|' \ -e 's|^(build\|install)_docs: .*|\1_docs: \1_man_docs|' \ ${WRKSRC}/Configurations/unix-Makefile.tmpl ${REINPLACE_CMD} 's|SHLIB_VERSION=3|SHLIB_VERSION=${OPENSSL_SHLIBVER}|' \ ${WRKSRC}/VERSION.dat post-configure: ( cd ${WRKSRC} ; ${PERL} configdata.pm --dump ) post-configure-MAN3-off: ${REINPLACE_CMD} \ -e 's|^build_man_docs:.*|build_man_docs: $$(MANDOCS1) $$(MANDOCS5)|' \ -e 's|dummy $$(MANDOCS[37]); do |dummy; do |' \ ${WRKSRC}/Makefile post-install-SHARED-on: .for i in ${SHLIBS} -@${STRIP_CMD} ${STAGEDIR}${PREFIX}/$i .endfor post-install-SHARED-off: ${RMDIR} ${STAGEDIR}${PREFIX}/lib/engines-12 post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl post-install-MAN3-on: ( cd ${STAGEDIR}/${PREFIX} ; find man/man3 -not -type d ; \ find man/man7 -not -type d ) | sed 's/$$/.gz/' >> ${TMPPLIST} .include diff --git a/security/openssl-devel/distinfo b/security/openssl-devel/distinfo index 346955ebaffe..0baa0e70bffe 100644 --- a/security/openssl-devel/distinfo +++ b/security/openssl-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1651647836 -SHA256 (openssl-3.0.3.tar.gz) = ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b -SIZE (openssl-3.0.3.tar.gz) = 15058905 +TIMESTAMP = 1655888572 +SHA256 (openssl-3.0.4.tar.gz) = 2831843e9a668a0ab478e7020ad63d2d65e51f72977472dc73efcefbafc0c00f +SIZE (openssl-3.0.4.tar.gz) = 15069605 diff --git a/security/openssl-devel/files/patch-test_v3ext.c b/security/openssl-devel/files/patch-test_v3ext.c new file mode 100644 index 000000000000..b5bfce28e410 --- /dev/null +++ b/security/openssl-devel/files/patch-test_v3ext.c @@ -0,0 +1,93 @@ +--- test/v3ext.c.orig 2022-06-21 13:30:58 UTC ++++ test/v3ext.c +@@ -37,83 +37,6 @@ end: + return ret; + } + +-static int test_asid(void) +-{ +- ASN1_INTEGER *val1 = NULL, *val2 = NULL; +- ASIdentifiers *asid1 = ASIdentifiers_new(), *asid2 = ASIdentifiers_new(), +- *asid3 = ASIdentifiers_new(), *asid4 = ASIdentifiers_new(); +- int testresult = 0; +- +- if (!TEST_ptr(asid1) +- || !TEST_ptr(asid2) +- || !TEST_ptr(asid3)) +- goto err; +- +- if (!TEST_ptr(val1 = ASN1_INTEGER_new()) +- || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496))) +- goto err; +- +- if (!TEST_true(X509v3_asid_add_id_or_range(asid1, V3_ASID_ASNUM, val1, NULL))) +- goto err; +- +- val1 = NULL; +- if (!TEST_ptr(val2 = ASN1_INTEGER_new()) +- || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497))) +- goto err; +- +- if (!TEST_true(X509v3_asid_add_id_or_range(asid2, V3_ASID_ASNUM, val2, NULL))) +- goto err; +- +- val2 = NULL; +- if (!TEST_ptr(val1 = ASN1_INTEGER_new()) +- || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496)) +- || !TEST_ptr(val2 = ASN1_INTEGER_new()) +- || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497))) +- goto err; +- +- /* +- * Just tests V3_ASID_ASNUM for now. Could be extended at some point to also +- * test V3_ASID_RDI if we think it is worth it. +- */ +- if (!TEST_true(X509v3_asid_add_id_or_range(asid3, V3_ASID_ASNUM, val1, val2))) +- goto err; +- val1 = val2 = NULL; +- +- /* Actual subsets */ +- if (!TEST_true(X509v3_asid_subset(NULL, NULL)) +- || !TEST_true(X509v3_asid_subset(NULL, asid1)) +- || !TEST_true(X509v3_asid_subset(asid1, asid1)) +- || !TEST_true(X509v3_asid_subset(asid2, asid2)) +- || !TEST_true(X509v3_asid_subset(asid1, asid3)) +- || !TEST_true(X509v3_asid_subset(asid2, asid3)) +- || !TEST_true(X509v3_asid_subset(asid3, asid3)) +- || !TEST_true(X509v3_asid_subset(asid4, asid1)) +- || !TEST_true(X509v3_asid_subset(asid4, asid2)) +- || !TEST_true(X509v3_asid_subset(asid4, asid3))) +- goto err; +- +- /* Not subsets */ +- if (!TEST_false(X509v3_asid_subset(asid1, NULL)) +- || !TEST_false(X509v3_asid_subset(asid1, asid2)) +- || !TEST_false(X509v3_asid_subset(asid2, asid1)) +- || !TEST_false(X509v3_asid_subset(asid3, asid1)) +- || !TEST_false(X509v3_asid_subset(asid3, asid2)) +- || !TEST_false(X509v3_asid_subset(asid1, asid4)) +- || !TEST_false(X509v3_asid_subset(asid2, asid4)) +- || !TEST_false(X509v3_asid_subset(asid3, asid4))) +- goto err; +- +- testresult = 1; +- err: +- ASN1_INTEGER_free(val1); +- ASN1_INTEGER_free(val2); +- ASIdentifiers_free(asid1); +- ASIdentifiers_free(asid2); +- ASIdentifiers_free(asid3); +- ASIdentifiers_free(asid4); +- return testresult; +-} +- + OPT_TEST_DECLARE_USAGE("cert.pem\n") + + int setup_tests(void) +@@ -127,6 +50,5 @@ int setup_tests(void) + return 0; + + ADD_TEST(test_pathlen); +- ADD_TEST(test_asid); + return 1; + }