diff --git a/security/openssl-devel/Makefile b/security/openssl-devel/Makefile index 5e01045f9d53..63d6cc97ccdf 100644 --- a/security/openssl-devel/Makefile +++ b/security/openssl-devel/Makefile @@ -1,197 +1,196 @@ # Created by: Dirk Froemberg PORTNAME= openssl -DISTVERSION= 3.0.0 -PORTREVISION= 3 +DISTVERSION= 3.0.1 CATEGORIES= security devel MASTER_SITES= https://www.openssl.org/source/ \ ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/ PKGNAMESUFFIX= -devel PATCH_SITES= https://github.com/openssl/openssl/commit/ PATCHFILES= f5485b97b6c9977c0d39c7669b9f97a879312447.patch:-p1 MAINTAINER= brnrd@FreeBSD.org COMMENT= TLSv1.3 capable SSL and crypto library LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE.txt CONFLICTS_INSTALL= libressl libressl-devel openssl HAS_CONFIGURE= yes CONFIGURE_SCRIPT= config CONFIGURE_ENV= PERL="${PERL}" CONFIGURE_ARGS= --openssldir=${OPENSSLDIR} \ --prefix=${PREFIX} USES= cpe perl5 USE_PERL5= build TEST_TARGET= test LDFLAGS_i386= -Wl,-znotext MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}" MAKE_ENV+= LIBRPATH="${PREFIX}/lib" GREP_OPTIONS= OPTIONS_GROUP= CIPHERS HASHES MODULES OPTIMIZE PROTOCOLS OPTIONS_GROUP_CIPHERS= ARIA DES GOST IDEA SM4 RC2 RC4 RC5 WEAK-SSL-CIPHERS OPTIONS_GROUP_HASHES= MD2 MD4 MDC2 RMD160 SM2 SM3 OPTIONS_GROUP_OPTIMIZE= ASM SSE2 THREADS OPTIONS_GROUP_MODULES= FIPS LEGACY OPTIONS_DEFINE_i386= I386 OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2 OPTIONS_DEFINE= ASYNC CRYPTODEV CT KTLS MAN3 RFC3779 SHARED ZLIB OPTIONS_DEFAULT=ASM ASYNC CT DES EC FIPS GOST KTLS MAN3 MD4 NEXTPROTONEG \ RC2 RC4 RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2 OPTIONS_EXCLUDE=${${OSVERSION} < 1300042:?KTLS:} \ ${${OSVERSION} > 1300000:?CRYPTODEV:} OPTIONS_GROUP_OPTIMIZE_amd64= EC .if ${MACHINE_ARCH} == "amd64" OPTIONS_GROUP_OPTIMIZE+= EC .elif ${MACHINE_ARCH} == "mips64el" OPTIONS_GROUP_OPTIMIZE+= EC .endif OPTIONS_SUB= yes ARIA_DESC= ARIA (South Korean standard) ASM_DESC= Assembler code ASYNC_DESC= Asynchronous mode CIPHERS_DESC= Block Cipher Support CRYPTODEV_DESC= /dev/crypto support CT_DESC= Certificate Transparency Support DES_DESC= (Triple) Data Encryption Standard EC_DESC= Optimize NIST elliptic curves FIPS_DESC= Build FIPS provider (Note: NOT yet FIPS validated) GOST_DESC= GOST (Russian standard) HASHES_DESC= Hash Function Support I386_DESC= i386 (instead of i486+) IDEA_DESC= International Data Encryption Algorithm KTLS_DESC= Use in-kernel TLS (FreeBSD >13) LEGACY_DESC= Older algorithms MAN3_DESC= Install API manpages (section 3, 7) MD2_DESC= MD2 (obsolete) (requires LEGACY) MD4_DESC= MD4 (unsafe) MDC2_DESC= MDC-2 (patented, requires DES) MODULES_DESC= Provider modules NEXTPROTONEG_DESC= Next Protocol Negotiation (SPDY) OPTIMIZE_DESC= Optimizations PROTOCOLS_DESC= Protocol Support RC2_DESC= RC2 (unsafe) RC4_DESC= RC4 (unsafe) RC5_DESC= RC5 (patented) RMD160_DESC= RIPEMD-160 RFC3779_DESC= RFC3779 support (BGP) SCTP_DESC= SCTP (Stream Control Transmission) SHARED_DESC= Build shared libraries SM2_DESC= SM2 Elliptic Curve DH (Chinese standard) SM3_DESC= SM3 256bit (Chinese standard) SM4_DESC= SM4 128bit (Chinese standard) SSE2_DESC= Runtime SSE2 detection SSL3_DESC= SSLv3 (unsafe) TLS1_DESC= TLSv1.0 (requires TLS1_1, TLS1_2) TLS1_1_DESC= TLSv1.1 (requires TLS1_2) TLS1_2_DESC= TLSv1.2 WEAK-SSL-CIPHERS_DESC= Weak cipher support (unsafe) # Upstream default disabled options .for _option in fips md2 ktls rc5 sctp ssl3 weak-ssl-ciphers zlib ${_option:tu}_CONFIGURE_ON= enable-${_option} .endfor # Upstream default enabled options .for _option in aria asm async ct des gost idea md4 mdc2 legacy \ nextprotoneg rc2 rc4 rfc3779 rmd160 shared sm2 sm3 sm4 sse2 \ threads tls1 tls1_1 tls1_2 ${_option:tu}_CONFIGURE_OFF= no-${_option} .endfor MD2_IMPLIES= LEGACY MDC2_IMPLIES= DES TLS1_IMPLIES= TLS1_1 TLS1_1_IMPLIES= TLS1_2 EC_CONFIGURE_ON= enable-ec_nistp_64_gcc_128 FIPS_VARS= shlibs+=lib/ossl-modules/fips.so I386_CONFIGURE_ON= 386 LEGACY_VARS= shlibs+=lib/ossl-modules/legacy.so MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-util_find-doc-nits SHARED_MAKE_ENV= SHLIBVER=${OPENSSL_SHLIBVER} SHARED_PLIST_SUB= SHLIBVER=${OPENSSL_SHLIBVER} SHARED_USE= ldconfig=yes SHARED_VARS= shlibs+="lib/libcrypto.so.${OPENSSL_SHLIBVER} \ lib/libssl.so.${OPENSSL_SHLIBVER} \ lib/engines-${OPENSSL_SHLIBVER}/capi.so \ lib/engines-${OPENSSL_SHLIBVER}/devcrypto.so \ lib/engines-${OPENSSL_SHLIBVER}/padlock.so" SSL3_CONFIGURE_ON+= enable-ssl3-method ZLIB_CONFIGURE_ON= zlib-dynamic SHLIBS= lib/engines-${OPENSSL_SHLIBVER}/loader_attic.so .include .if ${ARCH} == powerpc CONFIGURE_ARGS+= BSD-ppc .elif ${ARCH} == powerpc64 CONFIGURE_ARGS+= BSD-ppc64 .elif ${ARCH} == powerpc64le CONFIGURE_ARGS+= BSD-ppc64le .endif .include .if ${PREFIX} == /usr IGNORE= the OpenSSL port can not be installed over the base version .endif .if ${OPSYS} == FreeBSD && ${OSVERSION} < 1300000 && !${PORT_OPTIONS:MCRYPTODEV} CONFIGURE_ARGS+= no-devcryptoeng .endif OPENSSLDIR?= ${PREFIX}/openssl PLIST_SUB+= OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==} .include "version.mk" .if ${PORT_OPTIONS:MASM} BROKEN_sparc64= option ASM generates illegal instructions .endif post-patch: ${REINPLACE_CMD} -Ee 's|^MANDIR=.*$$|MANDIR=$$(INSTALLTOP)/man|' \ -e 's|^(build\|install)_docs: .*|\1_docs: \1_man_docs|' \ ${WRKSRC}/Configurations/unix-Makefile.tmpl ${REINPLACE_CMD} 's|SHLIB_VERSION=3|SHLIB_VERSION=${OPENSSL_SHLIBVER}|' \ ${WRKSRC}/VERSION.dat post-configure: ( cd ${WRKSRC} ; ${PERL} configdata.pm --dump ) post-configure-MAN3-off: ${REINPLACE_CMD} \ -e 's|^build_man_docs:.*|build_man_docs: $$(MANDOCS1) $$(MANDOCS5)|' \ -e 's|dummy $$(MANDOCS[37]); do |dummy; do |' \ ${WRKSRC}/Makefile post-install-SHARED-on: .for i in ${SHLIBS} -@${STRIP_CMD} ${STAGEDIR}${PREFIX}/$i .endfor post-install-SHARED-off: ${RMDIR} ${STAGEDIR}${PREFIX}/lib/engines-12 post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl post-install-MAN3-on: ( cd ${STAGEDIR}/${PREFIX} ; find man/man3 -not -type d ; \ find man/man7 -not -type d ) | sed 's/$$/.gz/' >> ${TMPPLIST} .include diff --git a/security/openssl-devel/distinfo b/security/openssl-devel/distinfo index aab30a994f2e..3ef9840c5e92 100644 --- a/security/openssl-devel/distinfo +++ b/security/openssl-devel/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1639193665 -SHA256 (openssl-3.0.0.tar.gz) = 59eedfcb46c25214c9bd37ed6078297b4df01d012267fe9e9eee31f61bc70536 -SIZE (openssl-3.0.0.tar.gz) = 14978663 +TIMESTAMP = 1639508597 +SHA256 (openssl-3.0.1.tar.gz) = c311ad853353bce796edad01a862c50a8a587f62e7e2100ef465ab53ec9b06d1 +SIZE (openssl-3.0.1.tar.gz) = 15011207 SHA256 (f5485b97b6c9977c0d39c7669b9f97a879312447.patch) = 6d5b13e052924664dbdcafa71e5c2d46510813846339df4646a9291441d69ca3 SIZE (f5485b97b6c9977c0d39c7669b9f97a879312447.patch) = 4521 diff --git a/security/openssl-devel/files/patch-D33062 b/security/openssl-devel/files/patch-D33062 deleted file mode 100644 index 58dab2b86fef..000000000000 --- a/security/openssl-devel/files/patch-D33062 +++ /dev/null @@ -1,65 +0,0 @@ -Fix detection of ARM CPU features - -See also: - * https://github.com/openssl/openssl/pull/17082 - * https://github.com/openssl/openssl/pull/17084 - ---- Configurations/10-main.conf.orig 2021-11-19 18:20:18 UTC -+++ Configurations/10-main.conf -@@ -1061,6 +1061,14 @@ my %targets = ( - perlasm_scheme => "elf", - }, - -+ "BSD-aarch64" => { -+ inherit_from => [ "BSD-generic64" ], -+ lib_cppflags => add("-DL_ENDIAN"), -+ bn_ops => "SIXTY_FOUR_BIT_LONG", -+ asm_arch => 'aarch64', -+ perlasm_scheme => "linux64", -+ }, -+ - "bsdi-elf-gcc" => { - inherit_from => [ "BASE_unix" ], - CC => "gcc", ---- util/perl/OpenSSL/config.pm.orig 2021-11-19 18:21:33 UTC -+++ util/perl/OpenSSL/config.pm -@@ -745,6 +745,7 @@ EOF - [ 'ia64-.*-.*bsd.*', { target => "BSD-ia64" } ], - [ 'x86_64-.*-dragonfly.*', { target => "BSD-x86_64" } ], - [ 'amd64-.*-.*bsd.*', { target => "BSD-x86_64" } ], -+ [ 'arm64-.*-.*bsd.*', { target => "BSD-aarch64" } ], - [ '.*86.*-.*-.*bsd.*', - sub { - # mimic ld behaviour when it's looking for libc... ---- crypto/armcap.c.orig 2021-09-07 11:46:32 UTC -+++ crypto/armcap.c -@@ -112,20 +112,23 @@ static unsigned long getauxval(unsigned long key) - * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas - * AArch64 used AT_HWCAP. - */ -+# ifndef AT_HWCAP -+# define AT_HWCAP 16 -+# endif -+# ifndef AT_HWCAP2 -+# define AT_HWCAP2 26 -+# endif - # if defined(__arm__) || defined (__arm) --# define HWCAP 16 -- /* AT_HWCAP */ -+# define HWCAP AT_HWCAP - # define HWCAP_NEON (1 << 12) - --# define HWCAP_CE 26 -- /* AT_HWCAP2 */ -+# define HWCAP_CE AT_HWCAP2 - # define HWCAP_CE_AES (1 << 0) - # define HWCAP_CE_PMULL (1 << 1) - # define HWCAP_CE_SHA1 (1 << 2) - # define HWCAP_CE_SHA256 (1 << 3) - # elif defined(__aarch64__) --# define HWCAP 16 -- /* AT_HWCAP */ -+# define HWCAP AT_HWCAP - # define HWCAP_NEON (1 << 1) - - # define HWCAP_CE HWCAP