Index: branches/2017Q2/net/openntpd/Makefile =================================================================== --- branches/2017Q2/net/openntpd/Makefile (revision 439796) +++ branches/2017Q2/net/openntpd/Makefile (revision 439797) @@ -1,51 +1,51 @@ # $FreeBSD$ PORTNAME= openntpd PORTVERSION= 6.0p1 -PORTREVISION= 4 +PORTREVISION= 6 PORTEPOCH= 2 CATEGORIES= net MASTER_SITES= OPENBSD/OpenNTPD MAINTAINER= naddy@FreeBSD.org COMMENT= Network Time Protocol (NTP) daemon LICENSE= ISCL RUN_DEPENDS= ca_root_nss>=0:security/ca_root_nss USE_RC_SUBR= openntpd USERS= _ntp GROUPS= _ntp USES= ssl GNU_CONFIGURE= yes CONFIGURE_ARGS= --with-cacert=${LOCALBASE}/etc/ssl/cert.pem pre-build: ${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},g' \ ${WRKSRC}/src/ntpd.conf.5 ${WRKSRC}/src/ntpd.8 post-install: cd ${STAGEDIR}${PREFIX}/etc && ${MV} ntpd.conf ntpd.conf.sample .include # Requires libtls from LibreSSL .if ${SSL_DEFAULT:Mlibressl*} CPPFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} .else # SSL_DEFAULT BUILD_DEPENDS+= ${NONEXISTENT}:security/libressl:stage CPPFLAGS+= -I${WRKDIR}/libressl/include LDFLAGS+= -L${WRKDIR}/libressl/lib # Don't use COPYTREE_SHARE here as it hard links files, and the original files # are owned by root, which creates problems of its own. pre-configure: @cd `${MAKE} -V STAGEDIR -C ${PORTSDIR}/security/libressl`${PREFIX} \ && ${FIND} -E . ! -name *.so\* | ${CPIO} -dump ${WRKDIR}/libressl >/dev/null 2>&1 .endif # SSL_DEFAULT .include Index: branches/2017Q2/security/acme-client/Makefile =================================================================== --- branches/2017Q2/security/acme-client/Makefile (revision 439796) +++ branches/2017Q2/security/acme-client/Makefile (revision 439797) @@ -1,64 +1,65 @@ # Created by: Bernard Spil # $FreeBSD$ PORTNAME= acme-client PORTVERSION= 0.1.16 +PORTREVISION= 1 DISTVERSIONPREFIX= portable- CATEGORIES= security MASTER_SITES= https://kristaps.bsd.lv/${PORTNAME}/snapshots/ \ LOCAL/brnrd MAINTAINER= brnrd@FreeBSD.org COMMENT= Native C client for Let's Encrypt, designed for security LICENSE= ISCL RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss USES= gmake tar:tgz ssl MAKEFILE= GNUmakefile MAKE_ENV= PREFIX=${STAGEDIR}/${PREFIX} WWWDIR= ${PREFIX}/www/acme SAMPLE_FILES= acme-client.sh.sample deploy.sh.sample SUB_FILES= 000.acme-client.sh pkg-message ${SAMPLE_FILES} SUB_LIST= PORTNAME=${PORTNAME} PERIODIC_DIRS= etc/periodic/weekly PERIODIC_FILES= 000.acme-client.sh post-patch: ${REINPLACE_CMD} -e "s|/etc/|${PREFIX}/etc/|g" \ -e "s|/var/www/acme|${WWWDIR}|" \ ${WRKSRC}/main.c ${WRKSRC}/acme-client.1 post-install: ${MKDIR} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS} ${INSTALL_SCRIPT} ${WRKDIR}/${PERIODIC_FILES} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS}/${PERIODIC_FILES} ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/acme-client . for d in etc/ssl/acme etc/ssl/acme/private \ etc/acme www/acme ${MKDIR} ${STAGEDIR}${PREFIX}/${d} . endfor . for d in ${SAMPLE_FILES} ${INSTALL_SCRIPT} ${WRKDIR}/${d} ${STAGEDIR}${PREFIX}/etc/acme/${d} . endfor .include .if ! ${SSL_DEFAULT:Mlibressl*} BUILD_DEPENDS+= ${NONEXISTENT}:security/libressl:stage CPPFLAGS+= -I${WRKDIR}/libressl/include LDFLAGS+= -L${WRKDIR}/libressl/lib . ifnmake describe STAGEDIR_libressl!= ${MAKE} -V STAGEDIR -C ${PORTSDIR}/security/libressl . endif pre-configure: @(cd ${STAGEDIR_libressl}${LOCALBASE} && ${COPYTREE_SHARE} \ . ${WRKDIR}/libressl "! -name *.so*") .endif # SSL_DEFAULT .include Index: branches/2017Q2/security/libressl/Makefile =================================================================== --- branches/2017Q2/security/libressl/Makefile (revision 439796) +++ branches/2017Q2/security/libressl/Makefile (revision 439797) @@ -1,50 +1,51 @@ # Created by: Vsevolod Stakhov # $FreeBSD$ PORTNAME= libressl PORTVERSION= 2.4.5 +PORTREVISION= 1 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL MAINTAINER= brnrd@FreeBSD.org COMMENT= Free version of the SSL/TLS protocol forked from OpenSSL LICENSE= BSD4CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING CPE_VENDOR= openbsd OPTIONS_DEFINE= MAN3 NC OPTIONS_DEFAULT= MAN3 NC MAN3_DESC= Install API manpages (section 3) NC_DESC= Install TLS-enabled netcat CONFLICTS_INSTALL= libressl-devel-[0-9]* \ openssl-[0-9]* \ openssl-devel-[0-9]* MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-MAN3 GNU_CONFIGURE= yes USES= cpe libtool pathfix pkgconfig USE_LDCONFIG= yes OPTIONS_SUB= yes CFLAGS+= -fpic -DPIC INSTALL_TARGET= install-strip TEST_TARGET= check .include #.if ${OSVERSION} > 1100037 #CONFIGURE_ENV= HAVE_EXPLICIT_BZERO=yes #.endif post-install: ${RM} -r ${STAGEDIR}/${PREFIX}/etc/ssl/cert.pem post-install-NC-on: ${INSTALL_PROGRAM} ${WRKSRC}/apps/nc/.libs/nc ${STAGEDIR}/${PREFIX}/bin/nc ${INSTALL_MAN} ${WRKSRC}/apps/nc/nc.1 ${STAGEDIR}/${PREFIX}/man/man1/nc.1 .include Index: branches/2017Q2/security/libressl/files/patch-CVE-2017-8301 =================================================================== --- branches/2017Q2/security/libressl/files/patch-CVE-2017-8301 (nonexistent) +++ branches/2017Q2/security/libressl/files/patch-CVE-2017-8301 (revision 439797) @@ -0,0 +1,32 @@ +https://marc.info/?l=openbsd-cvs&m=149342064612660 + +=================================================================== +RCS file: /cvs/src/lib/libcrypto/x509/x509_vfy.c,v +retrieving revision 1.61 +retrieving revision 1.61.4.1 +diff -u -r1.61 -r1.61.4.1 +--- crypto/x509/x509_vfy.c 2017/02/05 02:33:21 1.61 ++++ crypto/x509/x509_vfy.c 2017/04/28 23:12:04 1.61.4.1 +@@ -1,4 +1,4 @@ +-/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */ ++/* $OpenBSD: x509_vfy.c,v 1.61.4.1 2017/04/28 23:12:04 beck Exp $ */ + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * +@@ -541,15 +541,7 @@ + /* Safety net, error returns must set ctx->error */ + if (ok <= 0 && ctx->error == X509_V_OK) + ctx->error = X509_V_ERR_UNSPECIFIED; +- +- /* +- * Safety net, if user provided verify callback indicates sucess +- * make sure they have set error to X509_V_OK +- */ +- if (ctx->verify_cb != null_callback && ok == 1) +- ctx->error = X509_V_OK; +- +- return(ctx->error == X509_V_OK); ++ return ok; + } + + /* Given a STACK_OF(X509) find the issuer of cert (if any) Property changes on: branches/2017Q2/security/libressl/files/patch-CVE-2017-8301 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q2/security/libressl-devel/Makefile =================================================================== --- branches/2017Q2/security/libressl-devel/Makefile (revision 439796) +++ branches/2017Q2/security/libressl-devel/Makefile (revision 439797) @@ -1,49 +1,50 @@ # Created by: Bernard Spil # $FreeBSD$ PORTNAME= libressl PORTVERSION= 2.5.2 +PORTREVISION= 1 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL PKGNAMESUFFIX= -devel MAINTAINER= brnrd@FreeBSD.org COMMENT= Free version of the SSL/TLS protocol forked from OpenSSL LICENSE= BSD4CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING CPE_VENDOR= openbsd OPTIONS_DEFINE= MAN3 NC OPTIONS_DEFAULT= MAN3 NC MAN3_DESC= Install API manpages (section 3) NC_DESC= Install TLS-enabled netcat CONFLICTS_INSTALL= libressl-[0-9]* \ openssl-[0-9]* \ openssl-devel-[0-9]* MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-MAN3 GNU_CONFIGURE= yes USES= cpe libtool pathfix pkgconfig USE_LDCONFIG= yes OPTIONS_SUB= yes CFLAGS+= -fpic -DPIC -Wl,-rpath,${PREFIX}/lib -Wl,--as-needed INSTALL_TARGET= install-strip TEST_TARGET= check post-install: ${RM} -r ${STAGEDIR}/${PREFIX}/etc/ssl/cert.pem post-install-NC-on: ${INSTALL_PROGRAM} ${WRKSRC}/apps/nc/.libs/nc ${STAGEDIR}/${PREFIX}/bin/nc ${INSTALL_MAN} ${WRKSRC}/apps/nc/nc.1 ${STAGEDIR}/${PREFIX}/man/man1/nc.1 post-install-MAN3-off: ${RM} -r ${STAGEDIR}/${PREFIX}/man/man3 ${REINPLACE_CMD} -e '/^man\/man3/d' ${TMPPLIST} .include Index: branches/2017Q2/security/libressl-devel/files/patch-CVE-2017-8301 =================================================================== --- branches/2017Q2/security/libressl-devel/files/patch-CVE-2017-8301 (nonexistent) +++ branches/2017Q2/security/libressl-devel/files/patch-CVE-2017-8301 (revision 439797) @@ -0,0 +1,32 @@ +https://marc.info/?l=openbsd-cvs&m=149342064612660 + +=================================================================== +RCS file: /cvs/src/lib/libcrypto/x509/x509_vfy.c,v +retrieving revision 1.61 +retrieving revision 1.61.4.1 +diff -u -r1.61 -r1.61.4.1 +--- crypto/x509/x509_vfy.c 2017/02/05 02:33:21 1.61 ++++ crypto/x509/x509_vfy.c 2017/04/28 23:12:04 1.61.4.1 +@@ -1,4 +1,4 @@ +-/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */ ++/* $OpenBSD: x509_vfy.c,v 1.61.4.1 2017/04/28 23:12:04 beck Exp $ */ + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * +@@ -541,15 +541,7 @@ + /* Safety net, error returns must set ctx->error */ + if (ok <= 0 && ctx->error == X509_V_OK) + ctx->error = X509_V_ERR_UNSPECIFIED; +- +- /* +- * Safety net, if user provided verify callback indicates sucess +- * make sure they have set error to X509_V_OK +- */ +- if (ctx->verify_cb != null_callback && ok == 1) +- ctx->error = X509_V_OK; +- +- return(ctx->error == X509_V_OK); ++ return ok; + } + + /* Given a STACK_OF(X509) find the issuer of cert (if any) Property changes on: branches/2017Q2/security/libressl-devel/files/patch-CVE-2017-8301 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q2 =================================================================== --- branches/2017Q2 (revision 439796) +++ branches/2017Q2 (revision 439797) Property changes on: branches/2017Q2 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r438889,439762,439764,439772