diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 10a456a04cc9..630a02c963ef 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,172 +1,173 @@ # Created by: Dirk Froemberg PORTNAME= openssl PORTVERSION= 1.1.1l +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security devel MASTER_SITES= https://www.openssl.org/source/ \ ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/ MAINTAINER= brnrd@FreeBSD.org COMMENT= TLSv1.3 capable SSL and crypto library LICENSE= OpenSSL LICENSE_FILE= ${WRKSRC}/LICENSE CONFLICTS_INSTALL= libressl-[0-9]* \ libressl-devel-[0-9]* \ openssl-devel-[0-9]* HAS_CONFIGURE= yes CONFIGURE_SCRIPT= config CONFIGURE_ENV= PERL="${PERL}" CONFIGURE_ARGS= --openssldir=${OPENSSLDIR} \ --prefix=${PREFIX} USES= cpe perl5 USE_PERL5= build TEST_TARGET= test LDFLAGS_i386= -Wl,-znotext MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}" MAKE_ENV+= LIBRPATH="${PREFIX}/lib" GREP_OPTIONS= OPTIONS_GROUP= CIPHERS HASHES OPTIMIZE PROTOCOLS OPTIONS_GROUP_CIPHERS= ARIA DES GOST IDEA SM4 RC2 RC4 RC5 WEAK-SSL-CIPHERS OPTIONS_GROUP_HASHES= MD2 MD4 MDC2 RMD160 SM2 SM3 OPTIONS_GROUP_OPTIMIZE= ASM SSE2 THREADS OPTIONS_DEFINE_i386= I386 OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2 OPTIONS_DEFINE= ASYNC CRYPTODEV CT KTLS MAN3 RFC3779 SHARED ZLIB OPTIONS_DEFAULT=ASM ASYNC CT GOST DES EC KTLS MAN3 MD4 NEXTPROTONEG RC2 \ RC4 RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2 OPTIONS_EXCLUDE=${${OSVERSION} < 1300042:?KTLS:} \ ${${OSVERSION} > 1300000:?CRYPTODEV:} OPTIONS_GROUP_OPTIMIZE_amd64= EC .if ${MACHINE_ARCH} == "amd64" OPTIONS_GROUP_OPTIMIZE+= EC .elif ${MACHINE_ARCH} == "mips64el" OPTIONS_GROUP_OPTIMIZE+= EC .endif OPTIONS_SUB= yes ARIA_DESC= ARIA (South Korean standard) ASM_DESC= Assembler code ASYNC_DESC= Asynchronous mode CIPHERS_DESC= Block Cipher Support CRYPTODEV_DESC= /dev/crypto support CT_DESC= Certificate Transparency Support DES_DESC= (Triple) Data Encryption Standard EC_DESC= Optimize NIST elliptic curves GOST_DESC= GOST (Russian standard) HASHES_DESC= Hash Function Support I386_DESC= i386 (instead of i486+) IDEA_DESC= International Data Encryption Algorithm KTLS_DESC= Kernel TLS offload MAN3_DESC= Install API manpages (section 3, 7) MD2_DESC= MD2 (obsolete) MD4_DESC= MD4 (unsafe) MDC2_DESC= MDC-2 (patented, requires DES) NEXTPROTONEG_DESC= Next Protocol Negotiation (SPDY) OPTIMIZE_DESC= Optimizations PROTOCOLS_DESC= Protocol Support RC2_DESC= RC2 (unsafe) RC4_DESC= RC4 (unsafe) RC5_DESC= RC5 (patented) RMD160_DESC= RIPEMD-160 RFC3779_DESC= RFC3779 support (BGP) SCTP_DESC= SCTP (Stream Control Transmission) SHARED_DESC= Build shared libraries SM2_DESC= SM2 Elliptic Curve DH (Chinese standard) SM3_DESC= SM3 256bit (Chinese standard) SM4_DESC= SM4 128bit (Chinese standard) SSE2_DESC= Runtime SSE2 detection SSL3_DESC= SSLv3 (unsafe) TLS1_DESC= TLSv1.0 (requires TLS1_1, TLS1_2) TLS1_1_DESC= TLSv1.1 (requires TLS1_2) TLS1_2_DESC= TLSv1.2 WEAK-SSL-CIPHERS_DESC= Weak cipher support (unsafe) # Upstream default disabled options .for _option in ktls md2 rc5 sctp ssl3 zlib weak-ssl-ciphers ${_option:tu}_CONFIGURE_ON= enable-${_option} .endfor # Upstream default enabled options .for _option in aria asm async ct des gost idea md4 mdc2 nextprotoneg rc2 rc4 \ rfc3779 rmd160 shared sm2 sm3 sm4 sse2 threads tls1 tls1_1 tls1_2 ${_option:tu}_CONFIGURE_OFF= no-${_option} .endfor MDC2_IMPLIES= DES TLS1_IMPLIES= TLS1_1 TLS1_1_IMPLIES= TLS1_2 EC_CONFIGURE_ON= enable-ec_nistp_64_gcc_128 I386_CONFIGURE_ON= 386 KTLS_EXTRA_PATCHES= ${FILESDIR}/extra-patch-ktls MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-util_process__docs.pl SHARED_MAKE_ENV= SHLIBVER=${OPENSSL_SHLIBVER} SHARED_PLIST_SUB= SHLIBVER=${OPENSSL_SHLIBVER} SHARED_USE= ldconfig=yes SSL3_CONFIGURE_ON+= enable-ssl3-method ZLIB_CONFIGURE_ON= zlib-dynamic .include .if ${PREFIX} == /usr IGNORE= the OpenSSL port can not be installed over the base version .endif .if ${OPSYS} == FreeBSD && ${OSVERSION} < 1300000 && !${PORT_OPTIONS:MCRYPTODEV} CONFIGURE_ARGS+= no-devcryptoeng .endif OPENSSLDIR?= ${PREFIX}/openssl PLIST_SUB+= OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==} .include "version.mk" .if ${PORT_OPTIONS:MASM} BROKEN_sparc64= option ASM generates illegal instructions .endif post-patch: ${REINPLACE_CMD} \ -e 's|^MANDIR=.*$$|MANDIR=$$(INSTALLTOP)/man|' \ -e 's| install_html_docs$$||' \ -e 's|$$(LIBDIR)/pkgconfig|libdata/pkgconfig|g' \ ${WRKSRC}/Configurations/unix-Makefile.tmpl ${REINPLACE_CMD} -e 's|\^GNU ld|GNU|' ${WRKSRC}/Configurations/shared-info.pl post-configure: ${REINPLACE_CMD} \ -e 's|SHLIB_VERSION_NUMBER=1.1|SHLIB_VERSION_NUMBER=${OPENSSL_SHLIBVER}|' \ ${WRKSRC}/Makefile ${REINPLACE_CMD} \ -e 's|SHLIB_VERSION_NUMBER "1.1"|SHLIB_VERSION_NUMBER "${OPENSSL_SHLIBVER}"|' \ ${WRKSRC}/include/openssl/opensslv.h post-install-SHARED-on: .for i in libcrypto libssl ${INSTALL_LIB} ${WRKSRC}/$i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib ${LN} -sf $i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib/$i.so .endfor .for i in capi padlock ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/engines-1.1/${i}.so .endfor post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl post-install-MAN3-on: ( cd ${STAGEDIR}/${PREFIX} ; ${FIND} man/man3 man/man7 -not -type d ) | \ ${SED} 's/$$/.gz/' >>${TMPPLIST} .include diff --git a/security/openssl/files/patch-D33061 b/security/openssl/files/patch-D33061 new file mode 100644 index 000000000000..2a917ab079c9 --- /dev/null +++ b/security/openssl/files/patch-D33061 @@ -0,0 +1,53 @@ +Upstream: + * https://github.com/openssl/openssl/pull/17079 + * https://github.com/openssl/openssl/pull/17084 + + +--- Configurations/10-main.conf.orig 2021-08-24 13:38:47.000000000 +0000 ++++ Configurations/10-main.conf 2021-11-18 21:12:30.060493000 +0000 +@@ -988,6 +988,13 @@ + perlasm_scheme => "elf", + }, + ++ "BSD-aarch64" => { ++ inherit_from => [ "BSD-generic64", asm("aarch64_asm") ], ++ lib_cppflags => add("-DL_ENDIAN"), ++ bn_ops => "SIXTY_FOUR_BIT_LONG", ++ perlasm_scheme => "linux64", ++ }, ++ + "bsdi-elf-gcc" => { + inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], + CC => "gcc", +--- crypto/armcap.c.orig 2021-08-24 13:38:47 UTC ++++ crypto/armcap.c +@@ -106,20 +106,23 @@ static unsigned long getauxval(unsigned long key) + * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas + * AArch64 used AT_HWCAP. + */ ++# ifndef AT_HWCAP ++# define AT_HWCAP 16 ++# endif ++# ifndef AT_HWCAP2 ++# define AT_HWCAP2 26 ++# endif + # if defined(__arm__) || defined (__arm) +-# define HWCAP 16 +- /* AT_HWCAP */ ++# define HWCAP AT_HWCAP + # define HWCAP_NEON (1 << 12) + +-# define HWCAP_CE 26 +- /* AT_HWCAP2 */ ++# define HWCAP_CE AT_HWCAP2 + # define HWCAP_CE_AES (1 << 0) + # define HWCAP_CE_PMULL (1 << 1) + # define HWCAP_CE_SHA1 (1 << 2) + # define HWCAP_CE_SHA256 (1 << 3) + # elif defined(__aarch64__) +-# define HWCAP 16 +- /* AT_HWCAP */ ++# define HWCAP AT_HWCAP + # define HWCAP_NEON (1 << 1) + + # define HWCAP_CE HWCAP diff --git a/security/openssl/files/patch-config b/security/openssl/files/patch-config index 753e22c6d62d..d83edae81ff7 100644 --- a/security/openssl/files/patch-config +++ b/security/openssl/files/patch-config @@ -1,19 +1,20 @@ ---- config.orig 2018-01-13 13:57:15 UTC +--- config.orig 2021-08-24 13:38:47 UTC +++ config -@@ -694,14 +694,8 @@ case "$GUESSOS" in +@@ -708,14 +708,9 @@ case "$GUESSOS" in ia64-*-*bsd*) OUT="BSD-ia64" ;; x86_64-*-dragonfly*) OUT="BSD-x86_64" ;; amd64-*-*bsd*) OUT="BSD-x86_64" ;; - *86*-*-*bsd*) # mimic ld behaviour when it's looking for libc... - if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD - libc=/usr/lib/libc.so - else # OpenBSD - # ld searches for highest libc.so.* and so do we - libc=`(ls /usr/lib/libc.so.* /lib/libc.so.* | tail -1) 2>/dev/null` - fi - case "`(file -L $libc) 2>/dev/null`" in ++ arm64-*-*bsd*) OUT="BSD-aarch64" ;; + *86*-*-*bsd*) + case "`(file -L /bin/sh) 2>/dev/null`" in *ELF*) OUT="BSD-x86-elf" ;; *) OUT="BSD-x86"; options="$options no-sse2" ;; esac ;;