Index: head/lang/erlang-runtime17/Makefile =================================================================== --- head/lang/erlang-runtime17/Makefile (revision 456476) +++ head/lang/erlang-runtime17/Makefile (revision 456477) @@ -1,244 +1,244 @@ # Created by: ruslan@shevchenko.kiev.ua # $FreeBSD$ PORTNAME= erlang PORTVERSION= 17.5.6.9 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= lang parallel java MASTER_SITES= http://www.erlang.org/download/:erlangorg \ http://erlang.stacken.kth.se/download/:erlangorg \ http://www.csd.uu.se/ftp/mirror/erlang/download/:erlangorg PKGNAMESUFFIX= -runtime17 DISTNAME= otp_src_${ERL_RELEASE} DISTFILES= ${DISTNAME}${EXTRACT_SUFX}:erlangorg \ ${ERLANG_MAN}:erlangorg DIST_SUBDIR= erlang EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} PATCH_SITES= http://olgeni.olgeni.com/~olgeni/distfiles/ \ LOCAL/olgeni PATCHFILES= patch-otp-17.5.1 patch-otp-17.5.2 patch-otp-17.5.3 \ patch-otp-17.5.4 patch-otp-17.5.5 patch-otp-17.5.6 \ patch-otp-17.5.6.1 patch-otp-17.5.6.2 patch-otp-17.5.6.3 \ patch-otp-17.5.6.4 patch-otp-17.5.6.5 patch-otp-17.5.6.6 \ patch-otp-17.5.6.7 patch-otp-17.5.6.8 patch-otp-17.5.6.9 MAINTAINER= olgeni@FreeBSD.org COMMENT= Functional programming language from Ericsson WRKSRC= ${WRKDIR}/otp_src_${ERL_RELEASE} ERLANG_LIB= ${PORTNAME}${PORTVERSION:C/\..*//} SUB_FILES= pkg-message SUB_LIST= ERLANG_LIB=${ERLANG_LIB} MAKE_JOBS_UNSAFE=yes OPTIONS_DEFINE= DOCS DTRACE GCC GS HIPE JAVA KQUEUE ODBC OPENSSL SCTP SMP THREADS WX DIRTY DIRTY_DESC= Enable Dirty schedulers (experimental) DTRACE_DESC= Enable DTrace support GS_DESC= Enable GS application (deprecated) HIPE_DESC= Build native HiPE compiler KQUEUE_DESC= Enable Kernel Poll (kqueue) support SCTP_DESC= Enable SCTP support SMP_DESC= Enable SMP support WX_DESC= Enable WX application OPTIONS_DEFAULT=KQUEUE OPENSSL SCTP SMP THREADS OPTIONS_EXCLUDE_DragonFly= HIPE SCTP ERL_RELEASE= 17.5 USES= gmake ncurses perl5 USE_PERL5= build GNU_CONFIGURE= yes LDFLAGS+= -L${LOCALBASE}/lib APP_UPGRADE= erts 6.4 6.4.1.6 \ lib/common_test 1.10 1.10.1 \ lib/debugger 4.0.3 4.0.3.1 \ lib/diameter 1.9 1.9.2.4 \ lib/inets 5.10.6 5.10.9 \ lib/kernel 3.2 3.2.0.1 \ lib/runtime_tools 1.8.16 1.8.16.1 \ lib/snmp 5.1.1 5.1.2 \ lib/ssh 3.2 3.2.4 \ lib/ssl 6.0 6.0.1.2 \ lib/test_server 3.8 3.8.1 .include .if ${PORT_OPTIONS:MDOCS} DISTFILES+= ${ERLANG_DOCS}:erlangorg .endif # See http://wiki.freebsd.org/DTrace to learn how to enable DTrace # on your system. You will need to configure STRIP, WITH_CTF and # CFLAGS in your make.conf before building. # If you run Erlang and get a message resembling "WARNING: number of # probes fixed does not match the number of defined probes (54 != 132, # respectively)" you probably misconfigured DTrace in some way. .if ${PORT_OPTIONS:MGCC} USE_GCC?= yes .endif .if ${PORT_OPTIONS:MDTRACE} CONFIGURE_ARGS+=--with-dynamic-trace=dtrace .else CONFIGURE_ARGS+=--without-dynamic-trace .endif .if ${PORT_OPTIONS:MOPENSSL} USES+= ssl CONFIGURE_ARGS+=--with-ssl=${OPENSSLBASE} .else CONFIGURE_ARGS+=--without-ssl .endif .if ${PORT_OPTIONS:MJAVA} USE_JAVA= yes CONFIGURE_ARGS+=--with-javac CONFIGURE_ENV+= ac_cv_prog_JAVAC="${JAVAC}" .else CONFIGURE_ARGS+=--without-javac .endif .if ${PORT_OPTIONS:MHIPE} CONFIGURE_ARGS+=--enable-hipe .else CONFIGURE_ARGS+=--disable-hipe .endif .if ${PORT_OPTIONS:MKQUEUE} CONFIGURE_ARGS+=--enable-kernel-poll .else CONFIGURE_ARGS+=--disable-kernel-poll .endif .if ${PORT_OPTIONS:MGS} USES+= tk:run .endif .if ${PORT_OPTIONS:MWX} USE_WX= 2.8+ WX_COMPS= wx contrib CONFIGURE_ARGS+=--with-wx-config=${WX_CONFIG} .endif .if ${PORT_OPTIONS:MODBC} CONFIGURE_ARGS+=--with-odbc LIB_DEPENDS+= libodbc.so:databases/unixODBC .else CONFIGURE_ARGS+=--without-odbc .endif ERLANG_MAN= otp_doc_man_${ERL_RELEASE}.tar.gz ERLANG_DOCS= otp_doc_html_${ERL_RELEASE}.tar.gz .if ${PORT_OPTIONS:MTHREADS} CONFIGURE_ARGS+=--enable-threads .else CONFIGURE_ARGS+=--disable-threads .endif .if ${PORT_OPTIONS:MSCTP} CONFIGURE_ARGS+=--enable-sctp .else CONFIGURE_ARGS+=--disable-sctp .endif # enabling --enable-smp-support crashes the OS when # net_kernel:start([node_name, shortnames]) invoked repeatedly # TODO verify if it still applies .if ${PORT_OPTIONS:MSMP} CONFIGURE_ARGS+=--enable-smp-support .else CONFIGURE_ARGS+=--disable-smp-support .endif .if ${PORT_OPTIONS:MDIRTY} CONFIGURE_ARGS+=--enable-dirty-schedulers .endif .if ${ARCH} == i386 MAKE_ARGS+= ARCH=x86 .endif .if ${ARCH} == armv6 || ${ARCH} == armv7 MAKE_ARGS+= ARCH=arm .endif # The man-pages are put (in spite of FreeBSD's port convention) in a private # subdir. This is to avoid cluttering up the man page name space. Also the # Erlang man pages are more of internal documentation using the man format than # actual system man pages. (erl.1 and epmd.1 perhaps being the exception). # Install documentation. (HTML docs need to be in same dir as the # rest, not in share/doc/erlang as it should, because of relative # links in the documentation. pre-configure: .if ${PORT_OPTIONS:MDTRACE} @if ! /sbin/kldstat | ${GREP} dtraceall >/dev/null 2>&1; then \ ${ECHO_CMD}; \ ${ECHO_CMD} "DTRACE option requires kernel module \"dtraceall\" to be loaded."; \ ${ECHO_CMD}; \ exit 1; \ fi .endif .if ! ${PORT_OPTIONS:MWX} echo "disabled by port options" > ${WRKSRC}/lib/wx/SKIP .endif post-configure: .if ${PORT_OPTIONS:MODBC} ${RM} ${WRKSRC}/lib/odbc/SKIP .endif post-install: for SECTION in 1 3 4 6 7; do \ ${TAR} --unlink -xzpf ${DISTDIR}/${DIST_SUBDIR}/${ERLANG_MAN} \ -C ${STAGEDIR}${PREFIX}/lib/${ERLANG_LIB} \ "man/man$${SECTION}/*.$${SECTION}" || ${TRUE}; \ done ${RM} -r ${STAGEDIR}${PREFIX}/lib/${ERLANG_LIB}/man/cat? .if ${PORT_OPTIONS:MDOCS} ${TAR} --unlink -xzpf ${DISTDIR}/${DIST_SUBDIR}/${ERLANG_DOCS} \ -C ${STAGEDIR}${PREFIX}/lib/${ERLANG_LIB} .for app v1 v2 in ${APP_UPGRADE} ${MV} ${STAGEDIR}${PREFIX}/lib/${ERLANG_LIB}/${app}-${v1}/* \ ${STAGEDIR}${PREFIX}/lib/${ERLANG_LIB}/${app}-${v2} ${RMDIR} ${STAGEDIR}${PREFIX}/lib/${ERLANG_LIB}/${app}-${v1} .endfor ${INSTALL_DATA} ${WRKSRC}/lib/dialyzer/doc/*.txt \ ${STAGEDIR}${PREFIX}/lib/${ERLANG_LIB}/lib/dialyzer-*/doc/ .endif .if ! ${PORT_OPTIONS:MGS} ${RM} -r ${STAGEDIR}${PREFIX}/lib/erlang/lib/gs-* .endif .if ! ${PORT_OPTIONS:MJAVA} ${RM} -r ${STAGEDIR}${PREFIX}/lib/erlang/lib/jinterface-* .endif .if ! ${PORT_OPTIONS:MODBC} ${RM} -r ${STAGEDIR}${PREFIX}/lib/erlang/lib/odbc-* .endif .if ! ${PORT_OPTIONS:MOPENSSL} ${RM} -r ${STAGEDIR}${PREFIX}/lib/erlang/lib/crypto-* ${RM} -r ${STAGEDIR}${PREFIX}/lib/erlang/lib/ssh-* ${RM} -r ${STAGEDIR}${PREFIX}/lib/erlang/lib/ssl-* .endif .if ! ${PORT_OPTIONS:MWX} ${RM} -r ${STAGEDIR}${PREFIX}/lib/erlang/lib/wx-* .endif ${FIND} ${STAGEDIR}${PREFIX}/lib/${ERLANG_LIB}/* -type d -empty -delete @cd ${STAGEDIR}${PREFIX}; ${FIND} lib/${ERLANG_LIB}/* -type f -o -type l \ | ${SORT} \ >> ${TMPPLIST} .include Index: head/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.erl =================================================================== --- head/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.erl (nonexistent) +++ head/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.erl (revision 456477) @@ -0,0 +1,30 @@ +--- lib/ssl/src/ssl_connection.erl.orig 2015-03-31 12:32:52.000000000 +0000 ++++ lib/ssl/src/ssl_connection.erl 2017-12-14 13:13:46.570861000 +0000 +@@ -1135,8 +1135,25 @@ + request_client_cert(State2, Connection). + + certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS}, +- #state{private_key = Key} = State, Connection) -> +- PremasterSecret = ssl_handshake:premaster_secret(EncPMS, Key), ++ #state{private_key = Key, client_hello_version = {Major, Minor} = Version } = State, Connection) -> ++ ++ %% Countermeasure for Bleichenbacher attack always provide some kind of premaster secret ++ %% and fail handshake later.RFC 5246 section 7.4.7.1. ++ PremasterSecret = ++ try ssl_handshake:premaster_secret(EncPMS, Key) of ++ Secret when erlang:byte_size(Secret) == ?NUM_OF_PREMASTERSECRET_BYTES -> ++ case Secret of ++ <> -> %% Correct ++ Secret; ++ <> -> %% Version mismatch ++ <> ++ end; ++ _ -> %% erlang:byte_size(Secret) =/= ?NUM_OF_PREMASTERSECRET_BYTES ++ make_premaster_secret(Version, rsa) ++ catch ++ #alert{description = ?DECRYPT_ERROR} -> ++ make_premaster_secret(Version, rsa) ++ end, + calculate_master_secret(PremasterSecret, State, Connection, certify, cipher); + + certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPublicDhKey}, Property changes on: head/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.erl ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.hrl =================================================================== --- head/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.hrl (nonexistent) +++ head/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.hrl (revision 456477) @@ -0,0 +1,12 @@ +--- lib/ssl/src/ssl_connection.hrl.orig 2015-03-31 12:32:52.000000000 +0000 ++++ lib/ssl/src/ssl_connection.hrl 2017-12-14 13:18:02.736638000 +0000 +@@ -53,7 +53,8 @@ + session :: #session{} | secret_printout(), + session_cache :: db_handle(), + session_cache_cb :: atom(), +- negotiated_version :: ssl_record:ssl_version(), ++ negotiated_version :: ssl_record:ssl_version() | 'undefined', ++ client_hello_version :: ssl_record:ssl_version() | 'undefined', + client_certificate_requested = false :: boolean(), + key_algorithm :: ssl_cipher:key_algo(), + hashsign_algorithm = {undefined, undefined}, Property changes on: head/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.hrl ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/lang/erlang-runtime17/files/patch-lib_ssl_src_tls__connection.erl =================================================================== --- head/lang/erlang-runtime17/files/patch-lib_ssl_src_tls__connection.erl (nonexistent) +++ head/lang/erlang-runtime17/files/patch-lib_ssl_src_tls__connection.erl (revision 456477) @@ -0,0 +1,10 @@ +--- lib/ssl/src/tls_connection.erl.orig 2015-03-31 12:32:52.000000000 +0000 ++++ lib/ssl/src/tls_connection.erl 2017-12-14 13:22:41.792681000 +0000 +@@ -197,6 +197,7 @@ + ssl_connection:hello({common_client_hello, Type, ServerHelloExt, HashSign}, + State#state{connection_states = ConnectionStates, + negotiated_version = Version, ++ client_hello_version = ClientVersion, + session = Session, + client_ecc = {EllipticCurves, EcPointFormats}}, ?MODULE); + #alert{} = Alert -> Property changes on: head/lang/erlang-runtime17/files/patch-lib_ssl_src_tls__connection.erl ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property