head 1.11; access; symbols pkgsrc-2023Q3:1.10.0.26 pkgsrc-2023Q3-base:1.10 pkgsrc-2023Q2:1.10.0.24 pkgsrc-2023Q2-base:1.10 pkgsrc-2023Q1:1.10.0.22 pkgsrc-2023Q1-base:1.10 pkgsrc-2022Q4:1.10.0.20 pkgsrc-2022Q4-base:1.10 pkgsrc-2022Q3:1.10.0.18 pkgsrc-2022Q3-base:1.10 pkgsrc-2022Q2:1.10.0.16 pkgsrc-2022Q2-base:1.10 pkgsrc-2022Q1:1.10.0.14 pkgsrc-2022Q1-base:1.10 pkgsrc-2021Q4:1.10.0.12 pkgsrc-2021Q4-base:1.10 pkgsrc-2021Q3:1.10.0.10 pkgsrc-2021Q3-base:1.10 pkgsrc-2021Q2:1.10.0.8 pkgsrc-2021Q2-base:1.10 pkgsrc-2021Q1:1.10.0.6 pkgsrc-2021Q1-base:1.10 pkgsrc-2020Q4:1.10.0.4 pkgsrc-2020Q4-base:1.10 pkgsrc-2020Q3:1.10.0.2 pkgsrc-2020Q3-base:1.10 pkgsrc-2019Q4:1.8.0.30 pkgsrc-2019Q4-base:1.8 pkgsrc-2019Q3:1.8.0.26 pkgsrc-2019Q3-base:1.8 pkgsrc-2019Q2:1.8.0.24 pkgsrc-2019Q2-base:1.8 pkgsrc-2019Q1:1.8.0.22 pkgsrc-2019Q1-base:1.8 pkgsrc-2018Q4:1.8.0.20 pkgsrc-2018Q4-base:1.8 pkgsrc-2018Q3:1.8.0.18 pkgsrc-2018Q3-base:1.8 pkgsrc-2018Q2:1.8.0.16 pkgsrc-2018Q2-base:1.8 pkgsrc-2018Q1:1.8.0.14 pkgsrc-2018Q1-base:1.8 pkgsrc-2017Q4:1.8.0.12 pkgsrc-2017Q4-base:1.8 pkgsrc-2017Q3:1.8.0.10 pkgsrc-2017Q3-base:1.8 pkgsrc-2017Q2:1.8.0.6 pkgsrc-2017Q2-base:1.8 pkgsrc-2017Q1:1.8.0.4 pkgsrc-2017Q1-base:1.8 pkgsrc-2016Q4:1.8.0.2 pkgsrc-2016Q4-base:1.8 pkgsrc-2016Q3:1.7.0.6 pkgsrc-2016Q3-base:1.7 pkgsrc-2016Q2:1.7.0.4 pkgsrc-2016Q2-base:1.7 pkgsrc-2016Q1:1.7.0.2 pkgsrc-2016Q1-base:1.7 pkgsrc-2015Q4:1.6.0.2 pkgsrc-2015Q4-base:1.6 pkgsrc-2015Q3:1.5.0.4 pkgsrc-2015Q3-base:1.5 pkgsrc-2015Q2:1.5.0.2 pkgsrc-2015Q2-base:1.5 pkgsrc-2015Q1:1.4.0.2 pkgsrc-2015Q1-base:1.4 pkgsrc-2014Q4:1.2.0.6 pkgsrc-2014Q4-base:1.2 pkgsrc-2014Q3:1.2.0.4 pkgsrc-2014Q3-base:1.2 pkgsrc-2014Q2:1.2.0.2 pkgsrc-2014Q2-base:1.2 pkgsrc-2014Q1:1.1.0.2; locks; strict; comment @# @; 1.11 date 2023.10.24.21.30.35; author wiz; state dead; branches; next 1.10; commitid x6C4LzduVWvXnVJE; 1.10 date 2020.07.10.10.04.54; author hauke; state Exp; branches; next 1.9; commitid IoZcTchaUa0CbwfC; 1.9 date 2020.01.16.13.30.29; author jperkin; state dead; branches; next 1.8; commitid zq0ZOUbUvYRrVUSB; 1.8 date 2016.11.02.13.10.31; author maya; state Exp; branches; next 1.7; commitid DuoxgUx2bY8cuysz; 1.7 date 2016.01.28.16.30.43; author jperkin; state Exp; branches; next 1.6; commitid dTNjVbQoAJnUyISy; 1.6 date 2015.12.08.16.53.32; author jperkin; state Exp; branches; next 1.5; commitid C3nJe2zFfvyKkaMy; 1.5 date 2015.06.12.17.02.24; author tron; state Exp; branches; next 1.4; commitid UTOJJIKsRcTA8apy; 1.4 date 2015.03.19.22.11.22; author tron; state Exp; branches 1.4.2.1; next 1.3; commitid 0xoMoLurmf6Zzgey; 1.3 date 2015.02.12.13.08.53; author adam; state Exp; branches; next 1.2; commitid J4pwycEpkeKzHI9y; 1.2 date 2014.05.13.02.23.11; author rodent; state Exp; branches; next 1.1; commitid QFZ8cokjTyXXXjAx; 1.1 date 2014.04.02.12.11.35; author he; state Exp; branches 1.1.2.1; next ; commitid g3YIpigZLUt5x6vx; 1.4.2.1 date 2015.06.13.07.03.28; author spz; state Exp; branches; next ; commitid BpB3ebqVw5n7Nepy; 1.1.2.1 date 2014.04.02.12.11.35; author tron; state dead; branches; next 1.1.2.2; commitid znq8PwHLRSRRFRvx; 1.1.2.2 date 2014.04.08.10.09.26; author tron; state Exp; branches; next 1.1.2.3; commitid znq8PwHLRSRRFRvx; 1.1.2.3 date 2014.06.05.13.20.18; author tron; state Exp; branches; next ; commitid rYQdXVHE8mUKRkDx; desc @@ 1.11 log @openssl: update to 3.1.4 This is the latest version of the currently newest supported branch. The 1.1.x branch was de-supported in September. Based on wip/openssl3 by gdt, tnn, and myself. @ text @$NetBSD: patch-Configure,v 1.10 2020/07/10 10:04:54 hauke Exp $ OpenSSL mandates that you need to re-create dependencies for unorthodox combinations of build options. These days, the compiler will create dependency information. On older platforms (e.g. pre-v9 Darwin) Configure will fall back to makedepend(8), which hasn't kept up well with compilers' options. Instead of failing the build on makedepend(8) malfunction, have make(1) ignore its return value - which used to be the default for previous OpenSSL versions. --- Configure.orig 2020-04-21 12:22:39.000000000 +0000 +++ Configure @@@@ -1419,7 +1419,7 @@@@ if (!$disabled{makedepend}) { } else { # In all other cases, we look for 'makedepend', and disable the # capability if not found. - $config{makedepprog} = which('makedepend'); + $config{makedepprog} = '-' . which('makedepend'); disable('unavailable', 'makedepend') unless $config{makedepprog}; } } @ 1.10 log @Unbreak security/openssl build on pre-v9 Darwin. (1) There is no {get,make,set}context support before Darwin 9 (2) Instead of failing the build on makedepend(8) malfunction, have make(1) ignore its return value - which used to be the default for previous OpenSSL versions. @ text @d1 1 a1 1 $NetBSD$ @ 1.9 log @openssl: Update to 1.1.1d. This is a major upgrade to the current LTS release. 1.0.2 and 1.1.0 are now out of support and should not be used. pkgsrc changes include a large cleanup of patches and targets, many of which were clearly bogus, for example a CONFLICTS entry against a package that has never existed, and one that was removed in 1999. Tested on SmartOS, macOS, and NetBSD. Used for the SmartOS pkgsrc-2019Q4 LTS release. There are far too many individual changes to list, so the following text is instead taken from the 1.1.1 blog announcement: -------------------------------------------------------------------------- After two years of work we are excited to be releasing our latest version today - OpenSSL 1.1.1. This is also our new Long Term Support (LTS) version and so we are committing to support it for at least five years. OpenSSL 1.1.1 has been a huge team effort with nearly 5000 commits having been made from over 200 individual contributors since the release of OpenSSL 1.1.0. These statistics just illustrate the amazing vitality and diversity of the OpenSSL community. The contributions didn't just come in the form of commits though. There has been a great deal of interest in this new version so thanks needs to be extended to the large number of users who have downloaded the beta releases to test them out and report bugs. The headline new feature is TLSv1.3. This new version of the Transport Layer Security (formerly known as SSL) protocol was published by the IETF just one month ago as RFC8446. This is a major rewrite of the standard and introduces significant changes, features and improvements which have been reflected in the new OpenSSL version. What's more is that OpenSSL 1.1.1 is API and ABI compliant with OpenSSL 1.1.0 so most applications that work with 1.1.0 can gain many of the benefits of TLSv1.3 simply by dropping in the new OpenSSL version. Since TLSv1.3 works very differently to TLSv1.2 though there are a few caveats that may impact a minority of applications. See the TLSv1.3 page on the OpenSSL wiki for more details. Some of the benefits of TLSv1.3 include: * Improved connection times due to a reduction in the number of round trips required between the client and server * The ability, in certain circumstances, for clients to start sending encrypted data to the server straight away without any round trips with the server required (a feature known as 0-RTT or “early data”). * Improved security due to the removal of various obsolete and insecure cryptographic algorithms and encryption of more of the connection handshake Other features in the 1.1.1 release include: * Complete rewrite of the OpenSSL random number generator to introduce the following capabilities: * The default RAND method now utilizes an AES-CTR DRBG according to NIST standard SP 800-90Ar1. * Support for multiple DRBG instances with seed chaining. * There is a public and private DRBG instance. * The DRBG instances are fork-safe. * Keep all global DRBG instances on the secure heap if it is enabled. * The public and private DRBG instance are per thread for lock free operation * Support for various new cryptographic algorithms including: * SHA3 * SHA512/224 and SHA512/256 * EdDSA (including Ed25519 and Ed448) * X448 (adding to the existing X25519 support in 1.1.0) * Multi-prime RSA * SM2 * SM3 * SM4 * SipHash * ARIA (including TLS support) * Signficant Side-Channel attack security improvements * Maximum Fragment Length TLS extension support * A new STORE module, which implements a uniform and URI based reader of stores that can contain keys, certificates, CRLs and numerous other objects. Since 1.1.1 is our new LTS release we are strongly advising all users to upgrade as soon as possible. For most applications this should be straight forward if they are written to work with OpenSSL 1.1.0. Since OpenSSL 1.1.0 is not an LTS release it will start receiving security fixes only with immediate affect as per our previous announcement and as published in our release strategy. It will cease receiving all support in one years time. Our previous LTS release (OpenSSL 1.0.2) will continue to receive full support until the end of this year. After that it will receive security fixes only. It will stop receiving all support at the end of 2019. Users of that release are strongly advised to upgrade to OpenSSL 1.1.1. @ text @d1 1 a1 1 $NetBSD: patch-Configure,v 1.8 2016/11/02 13:10:31 maya Exp $ d3 5 a7 4 * Avoid -fast on Solaris, creates non-portable packages which depend on host-specific CPU features. * Add GNU/kFreeBSD support. * Don't guess abi on linux mips (use compiler default). d9 5 a13 1 --- Configure.orig 2016-10-31 05:04:44.900731025 +0000 d15 9 a23 72 @@@@ -365,6 +365,7 @@@@ my %table=( # "osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", +"tru64-alpha-gcc", "gcc:-O3::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-Wl,-msym:.so", "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", #### @@@@ -408,9 +409,9 @@@@ my %table=( # if no -march was specified at command line. mips32 and mips64 below # refer to contemporary MIPS Architecture specifications, MIPS32 and # MIPS64, rather than to kernel bitness. -"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-mips32", "gcc:-O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-mips64", "gcc:-O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"linux64-mips64", "gcc:-O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### IA-32 targets... "linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@@@ -489,8 +490,31 @@@@ my %table=( "BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-x86_64", "cc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD","gcc:-DTERMIOS -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-alpha", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-arm", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-arm32", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-m68000", "gcc:-DTERMIOS -DB_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-m68k", "gcc:-DTERMIOS -DB_ENDIAN -O2 -m68020-40 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-mipseb", "gcc:-DTERMIOS -DB_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-mipsel", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-ns32k", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-powerpc", "gcc:-DTERMIOS -DB_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-sparc", "gcc:-DTERMIOS -DB_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::(unknown):ULTRASPARC::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-vax", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-x86-aout", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-x86-elf", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -DMD32_REG_T=int -O2::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"Interix","gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared::-Wl,--image-base,0x5e000000:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"DragonFly-i386", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"DragonFly-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"GNU/kFreeBSD-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIOS -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"GNU/kFreeBSD-i386", "gcc:-DL_ENDIAN -DTERMIOS -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + + "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", "nextstep3.3", "cc:-O3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", @@@@ -942,7 +966,7 @@@@ PROCESS_ARGS: # The check for the option is there so scripts aren't # broken } - elsif (/^[-+]/) + elsif (/^[-+\/]/) { if (/^--prefix=(.*)$/) { @@@@ -1781,7 +1805,7 @@@@ while () elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) { my $sotmp = $1; - s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/; } elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) { @ 1.8 log @openssl: do not assume MIPS ABI on linux Helps build on debian mipseb (which uses o32 abi and not n32), but build still doesn't complete. @ text @d1 1 a1 1 $NetBSD: patch-Configure,v 1.7 2016/01/28 16:30:43 jperkin Exp $ @ 1.7 log @Update security/openssl to version 1.0.2f. Changes between 1.0.2e and 1.0.2f [28 Jan 2016] *) DH small subgroups Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite. OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in TLS. It is not on by default. If the option is not set then the server reuses the same private DH exponent for the life of the server process and would be vulnerable to this attack. It is believed that many popular applications do set this option and would therefore not be at risk. The fix for this issue adds an additional check where a "q" parameter is available (as is the case in X9.42 based parameters). This detects the only known attack, and is the only possible defense for static DH ciphersuites. This could have some performance impact. Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by default and cannot be disabled. This could have some performance impact. This issue was reported to OpenSSL by Antonio Sanso (Adobe). (CVE-2016-0701) [Matt Caswell] *) SSLv2 doesn't block disabled ciphers A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram and Sebastian Schinzel. (CVE-2015-3197) [Viktor Dukhovni] *) Reject DH handshakes with parameters shorter than 1024 bits. [Kurt Roeckx] @ text @d1 1 a1 1 $NetBSD: patch-Configure,v 1.6 2015/12/08 16:53:32 jperkin Exp $ d6 1 d8 1 a8 1 --- Configure.orig 2016-01-28 13:56:08.000000000 +0000 d10 1 a10 1 @@@@ -361,6 +361,7 @@@@ my %table=( d18 14 a31 1 @@@@ -485,8 +486,31 @@@@ my %table=( d64 1 a64 1 @@@@ -936,7 +960,7 @@@@ PROCESS_ARGS: d73 1 a73 1 @@@@ -1770,7 +1794,7 @@@@ while () @ 1.6 log @Regenerate patches. @ text @d1 1 a1 1 $NetBSD: patch-Configure,v 1.5 2015/06/12 17:02:24 tron Exp $ d7 1 a7 1 --- Configure.orig 2015-12-03 14:04:23.000000000 +0000 d9 1 a9 1 @@@@ -358,6 +358,7 @@@@ my %table=( d17 1 a17 1 @@@@ -482,8 +483,31 @@@@ my %table=( d50 1 a50 1 @@@@ -933,7 +957,7 @@@@ PROCESS_ARGS: d59 1 a59 1 @@@@ -1767,7 +1791,7 @@@@ while () @ 1.5 log @Update "openssl" package to version 1.0.2b. Changes since version 1.0.2a: - Malformed ECParameters causes infinite loop When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled. This issue was reported to OpenSSL by Joseph Barr-Pixton. (CVE-2015-1788) [Andy Polyakov] - Exploitable out-of-bounds read in X509_cmp_time X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string. An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. This issue was reported to OpenSSL by Robert Swiecki (Google), and independently by Hanno Bck. (CVE-2015-1789) [Emilia Ksper] - PKCS7 crash with missing EnvelopedContent The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-1790) [Emilia Ksper] - CMS verify infinite loop with unknown hash function When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. This can be used to perform denial of service against any system which verifies signedData messages using the CMS code. This issue was reported to OpenSSL by Johannes Bauer. (CVE-2015-1792) [Stephen Henson] - Race condition handling NewSessionTicket If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. (CVE-2015-1791) [Matt Caswell] - Removed support for the two export grade static DH ciphersuites EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites were newly added (along with a number of other static DH ciphersuites) to 1.0.2. However the two export ones have *never* worked since they were introduced. It seems strange in any case to be adding new export ciphersuites, and given "logjam" it also does not seem correct to fix them. [Matt Caswell] - Only support 256-bit or stronger elliptic curves with the 'ecdh_auto' setting (server) or by default (client). Of supported curves, prefer P-256 (both). [Emilia Kasper] - Reject DH handshakes with parameters shorter than 768 bits. [Kurt Roeckx and Emilia Kasper] @ text @d1 1 a1 1 $NetBSD: patch-Configure,v 1.4 2015/03/19 22:11:22 tron Exp $ d7 3 a9 3 --- Configure.orig 2015-06-11 14:50:11.000000000 +0100 +++ Configure 2015-06-12 12:07:54.000000000 +0100 @@@@ -358,6 +358,7 @@@@ d17 1 a17 1 @@@@ -481,8 +482,31 @@@@ d50 1 a50 1 @@@@ -932,7 +956,7 @@@@ d59 1 a59 1 @@@@ -1764,7 +1788,7 @@@@ @ 1.4 log @Update "openssl" package to version 1.0.2. Changes since version 1.0.2a: - ClientHello sigalgs DoS fix If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server. This issue was was reported to OpenSSL by David Ramos of Stanford University. (CVE-2015-0291) [Stephen Henson and Matt Caswell] - Multiblock corrupted pointer fix OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack. This issue was reported to OpenSSL by Daniel Danner and Rainer Mueller. (CVE-2015-0290) [Matt Caswell] - Segmentation fault in DTLSv1_listen fix The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invocation to the next that can lead to a segmentation fault. Errors processing the initial ClientHello can trigger this scenario. An example of such an error could be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only server. This issue was reported to OpenSSL by Per Allansson. (CVE-2015-0207) [Matt Caswell] - Segmentation fault in ASN1_TYPE_cmp fix The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (CVE-2015-0286) [Stephen Henson] - Segmentation fault for invalid PSS parameters fix The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and invalid parameters. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. This issue was was reported to OpenSSL by Brian Carpenter. (CVE-2015-0208) [Stephen Henson] - ASN.1 structure reuse memory corruption fix Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare. Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected. (CVE-2015-0287) [Stephen Henson] - PKCS7 NULL pointer dereferences fix The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-0289) [Emilia Ksper] - DoS via reachable assert in SSLv2 servers fix A malicious client can trigger an OPENSSL_assert (i.e., an abort) in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. This issue was discovered by Sean Burford (Google) and Emilia Ksper (OpenSSL development team). (CVE-2015-0293) [Emilia Ksper] - Empty CKE with client auth and DHE fix If client auth is used then a server can seg fault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. (CVE-2015-1787) [Matt Caswell] - Handshake with unseeded PRNG fix Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. The conditions are: - The client is on a platform where the PRNG has not been seeded automatically, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA). If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable. For example using the following command with an unseeded openssl will succeed on an unpatched platform: openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA (CVE-2015-0285) [Matt Caswell] - Use After Free following d2i_ECPrivatekey error fix A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare. This issue was discovered by the BoringSSL project and fixed in their commit 517073cd4b. (CVE-2015-0209) [Matt Caswell] - X509_to_X509_REQ NULL pointer deref fix The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice. This issue was discovered by Brian Carpenter. (CVE-2015-0288) [Stephen Henson] - Removed the export ciphers from the DEFAULT ciphers [Kurt Roeckx] @ text @d1 1 a1 1 $NetBSD: patch-Configure,v 1.3 2015/02/12 13:08:53 adam Exp $ d7 3 a9 3 --- Configure.orig 2015-03-19 13:30:36.000000000 +0000 +++ Configure 2015-03-19 20:58:06.000000000 +0000 @@@@ -341,6 +341,7 @@@@ d17 1 a17 1 @@@@ -464,6 +465,29 @@@@ d19 1 a19 1 "BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", d21 1 d43 1 d45 4 a48 2 + "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", d50 1 a50 2 "nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", @@@@ -915,7 +939,7 @@@@ d59 1 a59 1 @@@@ -1737,7 +1761,7 @@@@ @ 1.4.2.1 log @Pullup ticket #4747 - requested by tron security/openssl: security update Revisions pulled up: - security/openssl/Makefile 1.208-1.209 - security/openssl/PLIST.common 1.24 - security/openssl/distinfo 1.113-1.114 - security/openssl/patches/patch-Configure 1.5 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Fri Jun 12 17:02:24 UTC 2015 Modified Files: pkgsrc/security/openssl: Makefile PLIST.common distinfo pkgsrc/security/openssl/patches: patch-Configure Log Message: Update "openssl" package to version 1.0.2b. Changes since version 1.0.2a: - Malformed ECParameters causes infinite loop When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled. This issue was reported to OpenSSL by Joseph Barr-Pixton. (CVE-2015-1788) [Andy Polyakov] - Exploitable out-of-bounds read in X509_cmp_time X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string. An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. This issue was reported to OpenSSL by Robert Swiecki (Google), and independently by Hanno B?ck. (CVE-2015-1789) [Emilia K?sper] - PKCS7 crash with missing EnvelopedContent The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-1790) [Emilia K?sper] - CMS verify infinite loop with unknown hash function When verifying a signedData message the CMS code can enter an infinite lo= op if presented with an unknown hash function OID. This can be used to perfo= rm denial of service against any system which verifies signedData messages u= sing the CMS code. This issue was reported to OpenSSL by Johannes Bauer. (CVE-2015-1792) [Stephen Henson] - Race condition handling NewSessionTicket If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. (CVE-2015-1791) [Matt Caswell] - Removed support for the two export grade static DH ciphersuites EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites were newly added (along with a number of other static DH ciphersuites) to 1.0.2. However the two export ones have *never* worked since they were introduced. It seems strange in any case to be adding new export ciphersuites, and given "logjam" it also does not seem correct to fix the= m. [Matt Caswell] - Only support 256-bit or stronger elliptic curves with the 'ecdh_auto' setting (server) or by default (client). Of supported curves, prefer P-256 (both). [Emilia Kasper] - Reject DH handshakes with parameters shorter than 768 bits. [Kurt Roeckx and Emilia Kasper] To generate a diff of this commit: cvs rdiff -u -r1.207 -r1.208 pkgsrc/security/openssl/Makefile cvs rdiff -u -r1.23 -r1.24 pkgsrc/security/openssl/PLIST.common cvs rdiff -u -r1.112 -r1.113 pkgsrc/security/openssl/distinfo cvs rdiff -u -r1.4 -r1.5 pkgsrc/security/openssl/patches/patch-Configure ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Fri Jun 12 17:32:32 UTC 2015 Modified Files: pkgsrc/security/openssl: Makefile distinfo Log Message: Update "openssl" package to version 1.0.2b. Changes since version 1.0.2c: - Fix HMAC ABI incompatibility. The previous version introduced an ABI incompatibility in the handling of HMAC. The previous ABI has now been restored. To generate a diff of this commit: cvs rdiff -u -r1.208 -r1.209 pkgsrc/security/openssl/Makefile cvs rdiff -u -r1.113 -r1.114 pkgsrc/security/openssl/distinfo @ text @d1 1 a1 1 $NetBSD$ d7 3 a9 3 --- Configure.orig 2015-06-11 14:50:11.000000000 +0100 +++ Configure 2015-06-12 12:07:54.000000000 +0100 @@@@ -358,6 +358,7 @@@@ d17 1 a17 1 @@@@ -481,8 +482,31 @@@@ d19 1 a19 1 "BSD-x86_64", "cc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", a20 1 -"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", d42 3 a45 3 + + "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + d47 1 a47 3 "nextstep3.3", "cc:-O3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", @@@@ -932,7 +956,7 @@@@ d56 1 a56 1 @@@@ -1764,7 +1788,7 @@@@ @ 1.3 log @Changes 1.0.2: Suite B support for TLS 1.2 and DTLS 1.2 Support for DTLS 1.2 TLS automatic EC curve selection. API to set TLS supported signature algorithms and curves SSL_CONF configuration API. TLS Brainpool support. ALPN support. CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. @ text @d1 1 a1 1 $NetBSD: patch-Configure,v 1.2 2014/05/13 02:23:11 rodent Exp $ d7 3 a9 3 --- Configure.orig 2015-01-22 14:58:32.000000000 +0000 +++ Configure @@@@ -341,6 +341,7 @@@@ my %table=( d17 4 a20 4 @@@@ -463,6 +464,28 @@@@ my %table=( "BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", d43 1 a43 1 d46 2 a47 1 @@@@ -915,7 +938,7 @@@@ PROCESS_ARGS: d56 1 a56 1 @@@@ -1737,7 +1760,7 @@@@ while () @ 1.2 log @Fix build on OpenBSD/sparc64. Defuzz patches (sorry if this is annoying). @ text @d1 1 a1 1 $NetBSD: patch-Configure,v 1.1 2014/04/02 12:11:35 he Exp $ d7 1 a7 1 --- Configure.orig Mon Mar 17 16:14:20 2014 d9 1 a9 12 @@@@ -225,8 +225,8 @@@@ my %table=( "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", #### Solaris x86 with Sun C setups -"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", +"solaris-x86-cc","cc:-xO5 -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-x86_64-cc","cc:-xO5 -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", #### SPARC Solaris with GNU C setups "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@@@ -338,6 +338,7 @@@@ my %table=( d17 1 a17 1 @@@@ -422,7 +423,29 @@@@ my %table=( d42 1 a43 1 + d46 1 a46 2 "nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", @@@@ -865,13 +888,13 @@@@ PROCESS_ARGS: d53 1 a53 6 if (/^-[lL](.*)$/ or /^-Wl,/) { $libs.=$_." "; } - elsif (/^-[^-]/ or /^\+/) + elsif (/^-[^-]/ or /^\+/ or /^\//) d55 1 a55 3 $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; $flags.=$_." "; @@@@ -1674,7 +1697,7 @@@@ while () @ 1.1 log @Rename all remaining patch-?? files using the newer naming convention. Add a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. Fix from culled from http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29 Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.43 2013/12/21 12:21:47 is Exp $ d7 1 a7 1 --- Configure.orig 2013-02-11 15:26:04.000000000 +0000 d28 1 a28 1 @@@@ -422,6 +423,28 @@@@ my %table=( d53 1 a54 1 d57 1 @ 1.1.2.1 log @file patch-Configure was added on branch pkgsrc-2014Q1 on 2014-04-08 10:09:26 +0000 @ text @d1 81 @ 1.1.2.2 log @Pullup ticket #4359 - requested by obache security/openssl: security update Revisions pulled up: - security/openssl/Makefile 1.186-1.188 - security/openssl/distinfo 1.103-1.104 - security/openssl/patches/patch-Configure 1.1 - security/openssl/patches/patch-Makefile.org 1.1 - security/openssl/patches/patch-Makefile.shared 1.1 - security/openssl/patches/patch-aa deleted - security/openssl/patches/patch-ac deleted - security/openssl/patches/patch-ad deleted - security/openssl/patches/patch-ae deleted - security/openssl/patches/patch-af deleted - security/openssl/patches/patch-ag deleted - security/openssl/patches/patch-ak deleted - security/openssl/patches/patch-apps_Makefile 1.1 - security/openssl/patches/patch-config 1.1 - security/openssl/patches/patch-crypto_bn_bn__prime.pl 1.1 - security/openssl/patches/patch-tools_Makefile 1.1 --- Module Name: pkgsrc Committed By: he Date: Wed Apr 2 12:11:35 UTC 2014 Modified Files: pkgsrc/security/openssl: Makefile distinfo Added Files: pkgsrc/security/openssl/patches: patch-Configure patch-Makefile.org patch-Makefile.shared patch-apps_Makefile patch-config patch-crypto_bn_bn.h patch-crypto_bn_bn__lib.c patch-crypto_bn_bn__prime.pl patch-crypto_ec_ec2__mult.c patch-tools_Makefile Removed Files: pkgsrc/security/openssl/patches: patch-aa patch-ac patch-ad patch-ae patch-af patch-ag patch-ak Log Message: Rename all remaining patch-?? files using the newer naming convention. Add a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. Fix from culled from http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f 91e57d247d0fc667aef29 Bump PKGREVISION. --- Module Name: pkgsrc Committed By: obache Date: Tue Apr 8 02:48:38 UTC 2014 Modified Files: pkgsrc/security/openssl: Makefile Log Message: p5-Perl4-CoreLibs is not required for perl<5.16 --- Module Name: pkgsrc Committed By: obache Date: Tue Apr 8 06:20:44 UTC 2014 Modified Files: pkgsrc/security/openssl: Makefile distinfo Removed Files: pkgsrc/security/openssl/patches: patch-crypto_bn_bn.h patch-crypto_bn_bn__lib.c patch-crypto_ec_ec2__mult.c Log Message: Update openssl to 1.0.1g. (CVE-2014-0076 is already fixed in pkgsrc). OpenSSL CHANGES _______________ Changes between 1.0.1f and 1.0.1g [7 Apr 2014] *) A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley and Bodo Moeller for preparing the fix (CVE-2014-0160) [Adam Langley, Bodo Moeller] *) Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) [Yuval Yarom and Naomi Benger] *) TLS pad extension: draft-agl-tls-padding-03 Workaround for the "TLS hang bug" (see FAQ and opensslPR#2771): if the TLS client Hello record length value would otherwise be > 255 and less that 512 pad with a dummy extension containing zeroes so it is at least 512 bytes long. [Adam Langley, Steve Henson] @ text @a0 81 $NetBSD$ * Avoid -fast on Solaris, creates non-portable packages which depend on host-specific CPU features. * Add GNU/kFreeBSD support. --- Configure.orig 2013-02-11 15:26:04.000000000 +0000 +++ Configure @@@@ -225,8 +225,8 @@@@ my %table=( "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", #### Solaris x86 with Sun C setups -"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", +"solaris-x86-cc","cc:-xO5 -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-x86_64-cc","cc:-xO5 -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", #### SPARC Solaris with GNU C setups "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@@@ -338,6 +338,7 @@@@ my %table=( # "osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", +"tru64-alpha-gcc", "gcc:-O3::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-Wl,-msym:.so", "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", #### @@@@ -422,6 +423,28 @@@@ my %table=( "BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD","gcc:-DTERMIOS -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-alpha", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-arm", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-arm32", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-m68000", "gcc:-DTERMIOS -DB_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-m68k", "gcc:-DTERMIOS -DB_ENDIAN -O2 -m68020-40 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-mipseb", "gcc:-DTERMIOS -DB_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-mipsel", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-ns32k", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-powerpc", "gcc:-DTERMIOS -DB_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-sparc", "gcc:-DTERMIOS -DB_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::(unknown):ULTRASPARC::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-vax", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-x86-aout", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-x86-elf", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -DMD32_REG_T=int -O2::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"Interix","gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared::-Wl,--image-base,0x5e000000:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"DragonFly-i386", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"DragonFly-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"GNU/kFreeBSD-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIOS -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"GNU/kFreeBSD-i386", "gcc:-DL_ENDIAN -DTERMIOS -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@@@ -865,13 +888,13 @@@@ PROCESS_ARGS: # The check for the option is there so scripts aren't # broken } - elsif (/^[-+]/) + elsif (/^[-+\/]/) { if (/^-[lL](.*)$/ or /^-Wl,/) { $libs.=$_." "; } - elsif (/^-[^-]/ or /^\+/) + elsif (/^-[^-]/ or /^\+/ or /^\//) { $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; $flags.=$_." "; @@@@ -1674,7 +1697,7 @@@@ while () elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) { my $sotmp = $1; - s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/; } elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) { @ 1.1.2.3 log @Pullup ticket #4431 - requested by wiz security/openssl: security update Revisions pulled up: - security/openssl/Makefile 1.193 - security/openssl/builtin.mk 1.42 - security/openssl/distinfo 1.106-1.107 - security/openssl/patches/patch-Configure 1.2 - security/openssl/patches/patch-Makefile.org 1.2 - security/openssl/patches/patch-Makefile.shared 1.2 - security/openssl/patches/patch-apps_Makefile 1.2 - security/openssl/patches/patch-config 1.2 - security/openssl/patches/patch-crypto_bn_bn__prime.pl 1.2 - security/openssl/patches/patch-crypto_des_Makefile 1.1 - security/openssl/patches/patch-crypto_dso_dso__dlfcn.c 1.2 - security/openssl/patches/patch-doc_apps_cms.pod deleted - security/openssl/patches/patch-doc_apps_smine.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__COMP__add__compression__method.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__CTX__add__session.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__CTX__load__verify__locations.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__CTX__set__session__id__context.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__CTX__set__ssl__version.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__accept.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__clear.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__connect.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__read.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__session__reused.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__set__fd.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__set__session.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__write.pod deleted - security/openssl/patches/patch-engines_ccgost_Makefile 1.2 - security/openssl/patches/patch-tools_Makefile 1.2 --- Module Name: pkgsrc Committed By: rodent Date: Tue May 13 02:23:11 UTC 2014 Modified Files: pkgsrc/security/openssl: distinfo pkgsrc/security/openssl/patches: patch-Configure patch-Makefile.org patch-Makefile.shared patch-apps_Makefile patch-config patch-crypto_bn_bn__prime.pl patch-crypto_dso_dso__dlfcn.c patch-doc_apps_cms.pod patch-doc_apps_smine.pod patch-doc_ssl_SSL__COMP__add__compression__method.pod patch-doc_ssl_SSL__CTX__add__session.pod patch-doc_ssl_SSL__CTX__load__verify__locations.pod patch-doc_ssl_SSL__CTX__set__client__CA__list.pod patch-doc_ssl_SSL__CTX__set__session__id__context.pod patch-doc_ssl_SSL__CTX__set__ssl__version.pod patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__clear.pod patch-doc_ssl_SSL__connect.pod patch-doc_ssl_SSL__do__handshake.pod patch-doc_ssl_SSL__read.pod patch-doc_ssl_SSL__session__reused.pod patch-doc_ssl_SSL__set__fd.pod patch-doc_ssl_SSL__set__session.pod patch-doc_ssl_SSL__shutdown.pod patch-doc_ssl_SSL__write.pod patch-engines_ccgost_Makefile patch-tools_Makefile Added Files: pkgsrc/security/openssl/patches: patch-crypto_des_Makefile Log Message: Fix build on OpenBSD/sparc64. Defuzz patches (sorry if this is annoying). --- Module Name: pkgsrc Committed By: wiz Date: Thu Jun 5 12:16:06 UTC 2014 Modified Files: pkgsrc/security/openssl: Makefile builtin.mk distinfo Removed Files: pkgsrc/security/openssl/patches: patch-doc_apps_cms.pod patch-doc_apps_smine.pod patch-doc_ssl_SSL__COMP__add__compression__method.pod patch-doc_ssl_SSL__CTX__add__session.pod patch-doc_ssl_SSL__CTX__load__verify__locations.pod patch-doc_ssl_SSL__CTX__set__client__CA__list.pod patch-doc_ssl_SSL__CTX__set__session__id__context.pod patch-doc_ssl_SSL__CTX__set__ssl__version.pod patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__clear.pod patch-doc_ssl_SSL__connect.pod patch-doc_ssl_SSL__do__handshake.pod patch-doc_ssl_SSL__read.pod patch-doc_ssl_SSL__session__reused.pod patch-doc_ssl_SSL__set__fd.pod patch-doc_ssl_SSL__set__session.pod patch-doc_ssl_SSL__shutdown.pod patch-doc_ssl_SSL__write.pod Log Message: Update to 1.0.1h: Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] o Fix for CVE-2014-0224 o Fix for CVE-2014-0221 o Fix for CVE-2014-0195 o Fix for CVE-2014-3470 o Fix for CVE-2010-5298 @ text @d7 1 a7 1 --- Configure.orig Mon Mar 17 16:14:20 2014 d28 1 a28 1 @@@@ -422,7 +423,29 @@@@ my %table=( d53 1 a54 1 + a56 1 "nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", @