diff --git a/security/cryptlib/Makefile b/security/cryptlib/Makefile index a306eb97b224..42b59ea691f4 100644 --- a/security/cryptlib/Makefile +++ b/security/cryptlib/Makefile @@ -1,50 +1,50 @@ PORTNAME= cryptlib -DISTVERSION= 3.4.6 +DISTVERSION= 3.4.7 CATEGORIES= security MASTER_SITES= https://cryptlib-release.s3-ap-southeast-1.amazonaws.com/ DISTNAME= ${PORTNAME}${PORTVERSION:S/.//g} MAINTAINER= ale@FreeBSD.org COMMENT= Powerful security programming toolkit WWW= http://www.cs.auckland.ac.nz/~pgut001/cryptlib/ LICENSE= SLEEPYCAT LICENSE_NAME= Sleepycat LICENSE_FILE= ${WRKSRC}/COPYING LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept ONLY_FOR_ARCHS= amd64 armv6 armv7 i386 powerpc powerpc64 powerpc64le USES= cpe zip:infozip OPTIONS_DEFINE= DOCS EXTRACT_BEFORE_ARGS= -aq NO_WRKSUBDIR= yes MAKEFILE= makefile ALL_TARGET= default FreeBSD shared testlib USE_LDCONFIG= yes MAKE_JOBS_UNSAFE= yes CFLAGS+= -DUSE_PKCS11 PLIST_FILES= include/cryptlib.h \ lib/libcl.a lib/libcl.so \ lib/libcl.so.3 lib/libcl.so.${PORTVERSION} PORTDOCS= README do-install: ${INSTALL_DATA} ${WRKSRC}/libcl.a ${WRKSRC}/libcl.so.${PORTVERSION} \ ${STAGEDIR}${PREFIX}/lib ${LN} -sf libcl.so.${PORTVERSION} ${STAGEDIR}${PREFIX}/lib/libcl.so.3 ${LN} -sf libcl.so.3 ${STAGEDIR}${PREFIX}/lib/libcl.so ${INSTALL_DATA} ${WRKSRC}/cryptlib.h ${STAGEDIR}${PREFIX}/include post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/README ${STAGEDIR}${DOCSDIR} do-test: @cd ${BUILD_WRKSRC} && ./testlib -a .include diff --git a/security/cryptlib/distinfo b/security/cryptlib/distinfo index 4e31fa1950d6..59a3e7b72af6 100644 --- a/security/cryptlib/distinfo +++ b/security/cryptlib/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1679305871 -SHA256 (cryptlib346.zip) = c72cfd103eb9fa9f205c14c84ce4fbdf3ead1e2447e830b164dc335141f747bd -SIZE (cryptlib346.zip) = 6826568 +TIMESTAMP = 1729514079 +SHA256 (cryptlib347.zip) = e3f617ea55b1c2c6ea1a27ccc7c8dd4972d3428dfbb0c8ba52a3e4a3ea98ada6 +SIZE (cryptlib347.zip) = 7041396 diff --git a/security/cryptlib/files/patch-makefile b/security/cryptlib/files/patch-makefile index 6f255e18d9d2..0ab07a73ea8f 100644 --- a/security/cryptlib/files/patch-makefile +++ b/security/cryptlib/files/patch-makefile @@ -1,11 +1,11 @@ ---- makefile.orig 2021-09-10 22:27:18 UTC +--- makefile.orig 2023-07-04 09:46:00 UTC +++ makefile -@@ -1859,7 +1859,7 @@ BSD/OS: +@@ -1941,7 +1941,7 @@ FreeBSD: $(MAKE) $(DEFINES) CFLAGS="$(CFLAGS) -fomit-frame-pointer -O3" FreeBSD: - $(MAKE) $(DEFINES) CFLAGS="$(CFLAGS) -fomit-frame-pointer -pthread" + $(MAKE) $(DEFINES) CFLAGS="$(CFLAGS) -O2 -pipe -DUSE_PKCS11 -fstack-protector-strong -fno-strict-aliasing " NetBSD: $(MAKE) $(DEFINES) CFLAGS="$(CFLAGS) -fomit-frame-pointer -pthread" diff --git a/security/cryptlib/files/patch-misc_os__spec.h b/security/cryptlib/files/patch-misc_os__spec.h index 66d060b78bd7..4fc1e99d45aa 100644 --- a/security/cryptlib/files/patch-misc_os__spec.h +++ b/security/cryptlib/files/patch-misc_os__spec.h @@ -1,14 +1,14 @@ ---- misc/os_spec.h.orig 2021-09-11 19:27:14 UTC +--- misc/os_spec.h.orig 2023-02-10 20:29:06 UTC +++ misc/os_spec.h -@@ -610,9 +610,8 @@ typedef int BOOLEAN_INT; +@@ -607,9 +607,8 @@ typedef int BOOLEAN_INT; variants, this presumably extends to SH5 as well so we treat va_lists on Super-H as scalars */ -#if defined( __GNUC__ ) - #if( defined( __ARM_EABI__ ) && \ - ( __GNUC__ == 4 && __GNUC_MINOR__ >= 4 ) || ( __GNUC__ > 4 ) ) +#if 1 + #if defined( __ARM_EABI__ ) /* In theory we could check __ap but in practice it's too risky to rely on the type and state of hidden internal fields, and in any case it's only a sanity check, not a hard requirement, so we just no-op the diff --git a/security/cryptlib/files/patch-test_certs.c b/security/cryptlib/files/patch-test_certs.c index 8d9b05f4093c..30ea0fea6744 100644 --- a/security/cryptlib/files/patch-test_certs.c +++ b/security/cryptlib/files/patch-test_certs.c @@ -1,11 +1,11 @@ ---- test/certs.c.orig 2023-03-20 10:42:36 UTC +--- test/certs.c.orig 2023-01-31 00:46:48 UTC +++ test/certs.c @@ -52,7 +52,7 @@ #if defined( __MWERKS__ ) || defined( SYMANTEC_C ) || defined( __MRC__ ) - #define CERTTIME_DATETEST ( ( ( 2021 - 1970 ) * ONE_YEAR_TIME ) + 2082844800L ) + #define CERTTIME_DATETEST ( ( ( 2022 - 1970 ) * ONE_YEAR_TIME ) + 2082844800L ) #else -- #define CERTTIME_DATETEST ( ( 2021 - 1970 ) * ONE_YEAR_TIME ) -+ #define CERTTIME_DATETEST ( ( 2023 - 1970 ) * ONE_YEAR_TIME ) +- #define CERTTIME_DATETEST ( ( 2022 - 1970 ) * ONE_YEAR_TIME ) ++ #define CERTTIME_DATETEST ( ( 2024 - 1970 ) * ONE_YEAR_TIME ) #endif /* Macintosh-specific weird epoch */ #if ( ULONG_MAX > 0xFFFFFFFFUL ) || defined( _M_X64 ) #define SYSTEM_64BIT diff --git a/security/cryptlib/files/patch-tools_ccopts.sh b/security/cryptlib/files/patch-tools_ccopts.sh index 040bf62ddbf0..ad81eac26a3d 100644 --- a/security/cryptlib/files/patch-tools_ccopts.sh +++ b/security/cryptlib/files/patch-tools_ccopts.sh @@ -1,43 +1,11 @@ ---- tools/ccopts.sh.orig 2021-10-21 02:27:26 UTC +--- tools/ccopts.sh.orig 2023-07-11 00:09:58 UTC +++ tools/ccopts.sh -@@ -675,7 +675,7 @@ hasSafeStackLibs() +@@ -603,7 +603,7 @@ if [ $ISCLANG -gt 0 ] && [ $ISSPECIAL -eq 0 ] ; then if [ $ISCLANG -gt 0 ] && [ $ISSPECIAL -eq 0 ] ; then if [ $COMPILER_VER -ge 47 ] ; then - if [ "$OSNAME" = "Darwin" ] || [ "$OSNAME" = "OpenBSD" ] ; then + if [ "$OSNAME" = "Darwin" ] || [ "$OSNAME" = "OpenBSD" ] || [ "$OSNAME" = "FreeBSD" -a "$ARCH" = "arm" ] || [ "$OSNAME" = "FreeBSD" -a "$ARCH" = "powerpc" ]; then # The versions of clang shipped with OS X or OpenBSD don't # support -fsanitize=safe-stack even as late as clang 12, so # there's not much that we can do. -@@ -892,31 +892,6 @@ fi - # a big deal. As a convenient side-effect, this also enables the use of - # ASLR where it's supported. - --if [ "$ARCH" = "i586" ] || [ "$ARCH" = "i686" ] || [ "$ARCH" = "x86_64" ] ; then -- if [ "$COMPILER_VER" -ge 45 ] ; then -- if [ $GENERICBUILD -gt 0 ] ; then -- echo " (Enabling lowest-common-denominator build options for cross-platform library)." >&2 ; -- else -- CCARGS="$CCARGS -march=native -mtune=generic" ; -- fi -- if [ "$ARCH" = "x86_64" ] ; then -- CCARGS="$CCARGS -fPIC" ; -- fi ; -- elif [ "$COMPILER_VER" -ge 30 ] ; then -- case $ARCH in -- 'x86_64') -- CCARGS="$CCARGS -march=opteron -fPIC" ;; -- -- 'i686') -- CCARGS="$CCARGS -march=pentiumpro" ;; -- -- *) -- CCARGS="$CCARGS -march=pentium" ;; -- esac ; -- else -- CCARGS="$CCARGS -mcpu=pentium" ; -- fi ; --fi - - # gcc 4.x for 64-bit architectures has an optimiser bug that removes an - # empty-list check in cryptlib's list-management code (this has been