From owner-svn-ports-head@freebsd.org Tue Oct 10 11:47:22 2017 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 06737E2E516; Tue, 10 Oct 2017 11:47:22 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7A07E7DF3C; Tue, 10 Oct 2017 11:47:21 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9ABlKHP052225; Tue, 10 Oct 2017 11:47:20 GMT (envelope-from brnrd@FreeBSD.org) Received: (from brnrd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9ABlJkW052212; Tue, 10 Oct 2017 11:47:19 GMT (envelope-from brnrd@FreeBSD.org) Message-Id: <201710101147.v9ABlJkW052212@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brnrd set sender to brnrd@FreeBSD.org using -f From: Bernard Spil Date: Tue, 10 Oct 2017 11:47:19 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r451695 - in head/security: . openssl-unsafe openssl-unsafe/files X-SVN-Group: ports-head X-SVN-Commit-Author: brnrd X-SVN-Commit-Paths: in head/security: . openssl-unsafe openssl-unsafe/files X-SVN-Commit-Revision: 451695 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Oct 2017 11:47:22 -0000 Author: brnrd Date: Tue Oct 10 11:47:19 2017 New Revision: 451695 URL: https://svnweb.freebsd.org/changeset/ports/451695 Log: security/openssl-unsafe: Add OpenSSL port for scanning/testing - OpenSSL binary and libs for testing and scanning - Use with e.g. sslscan or testssl.sh Differential Revision: https://reviews.freebsd.org/D9483 Added: head/security/openssl-unsafe/ - copied from r451468, head/security/openssl/ head/security/openssl-unsafe/files/patch-apps_Makefile - copied, changed from r451468, head/security/openssl/files/patch-Makefile Deleted: head/security/openssl-unsafe/files/patch-Makefile head/security/openssl-unsafe/files/patch-apps_s__client.c Modified: head/security/Makefile head/security/openssl-unsafe/Makefile head/security/openssl-unsafe/distinfo head/security/openssl-unsafe/files/patch-Configure head/security/openssl-unsafe/files/patch-RFC-5705 head/security/openssl-unsafe/files/patch-config head/security/openssl-unsafe/files/pkg-message.in head/security/openssl-unsafe/pkg-descr head/security/openssl-unsafe/pkg-plist head/security/openssl-unsafe/version.mk Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Tue Oct 10 11:21:12 2017 (r451694) +++ head/security/Makefile Tue Oct 10 11:47:19 2017 (r451695) @@ -442,6 +442,7 @@ SUBDIR += openssh-portable SUBDIR += openssl SUBDIR += openssl-devel + SUBDIR += openssl-unsafe SUBDIR += openssl_tpm_engine SUBDIR += openvas8 SUBDIR += openvas8-cli Modified: head/security/openssl-unsafe/Makefile ============================================================================== --- head/security/openssl/Makefile Sat Oct 7 17:56:23 2017 (r451468) +++ head/security/openssl-unsafe/Makefile Tue Oct 10 11:47:19 2017 (r451695) @@ -2,150 +2,59 @@ # $FreeBSD$ PORTNAME= openssl -PORTVERSION= 1.0.2l -PORTEPOCH= 1 +PORTVERSION= 1.0.2.20170706 CATEGORIES= security devel -MASTER_SITES= http://www.openssl.org/source/ \ - ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/ -DIST_SUBDIR= ${PORTNAME}-${DISTVERSION:C/[a-z]$//} +PKGNAMESUFFIX= -unsafe MAINTAINER= brnrd@FreeBSD.org -COMMENT= SSL and crypto library +COMMENT= Unsafe SSL and crypto library LICENSE= OpenSSL LICENSE_FILE= ${WRKSRC}/LICENSE -CONFLICTS_INSTALL= libressl-[0-9]* \ - libressl-devel-[0-9]* \ - openssl-devel-[0-9]* +CPE_VERSION= 1.0.2k -OPTIONS_DEFINE= DOCS MAN3 PADLOCK RFC3779 SHARED THREADS ZLIB -OPTIONS_DEFAULT= ASM MD2 MAN3 SCTP SHARED SSE2 SSL2 SSL3 THREADS -OPTIONS_DEFINE_amd64= EC -OPTIONS_DEFAULT_amd64= EC -TARGET_ARCH?= ${MACHINE_ARCH} -.if ${TARGET_ARCH} == "mips64el" -OPTIONS_DEFINE_mips= EC -OPTIONS_DEFAULT_mips= EC -.endif -OPTIONS_GROUP= CIPHERS HASHES OPTIMIZE PROTOCOLS -OPTIONS_GROUP_CIPHERS= EXPCIPHERS RC5 -OPTIONS_GROUP_HASHES= MD2 -OPTIONS_GROUP_OPTIMIZE= ASM SSE2 -OPTIONS_GROUP_PROTOCOLS= SCTP SSL2 SSL3 -.if ${TARGET_ARCH} == "i386" -OPTIONS_GROUP_OPTIMIZE+= I386 -.endif -OPTIONS_SUB= yes -ASM_DESC= Optimized Assembler code -CIPHERS_DESC= Cipher Suite support -EC_DESC= Optimize NIST elliptic curves -EXPCIPHERS_DESC= Include experimental ciphers -HASHES_DESC= Hash Function Support -I386_DESC= Optimize for i386 (instead of i486+) -MAN3_DESC= Install API manpages (section 3) -MD2_DESC= MD2 hash (obsolete) -OPTIMIZE_DESC= Optimizations -PADLOCK_DESC= VIA Padlock support -PROTOCOLS_DESC= Protocol Support -RC5_DESC= RC5 cipher (patented) -RFC3779_DESC= RFC3779 support (BGP) -SCTP_DESC= SCTP protocol support -SHARED_DESC= Build shared libs -SSE2_DESC= Runtime SSE2 detection -SSL2_DESC= SSLv2 protocol support -SSL3_DESC= SSLv3 protocol support -ZLIB_DESC= zlib compression support - -USES= compiler cpe perl5 +USES= cpe perl5 USE_PERL5= build -MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive -MAKE_ENV+= LIBRPATH="${PREFIX}/lib" GREP_OPTIONS= +MAKE_ENV+= LIBRPATH="${PREFIX}/openssl-unsafe/lib" GREP_OPTIONS= SHLIBVER=${OPENSSL_SHLIBVER} +CFLAGS+= -fPIC -DPIC SUB_FILES= pkg-message +PLIST_SUB+= SHLIBVER=${OPENSSL_SHLIBVER} +USE_LDCONFIG= yes +USE_GITHUB= yes +GH_ACCOUNT= PeterMosmans +GH_TAGNAME= c9ba19c8b7fd131137373dbd1fccd6a8bb0628be + MAKE_JOBS_UNSAFE= yes -ASM_CONFIGURE_OFF= no-asm -EC_CONFIGURE_ON= enable-ec_nistp_64_gcc_128 -EC_CONFIGURE_OFF= no-ec_nistp_64_gcc_128 -I386_CONFIGURE_ON= 386 -MD2_CONFIGURE_ON= enable-md2 -MD2_CONFIGURE_OFF= no-md2 -PADLOCK_CFLAGS= -Wno-unused-function -PADLOCK_CONFIGURE_OFF= no-padlock -PADLOCK_PATCH_SITES= http://git.alpinelinux.org/cgit/aports/plain/main/openssl/:padlock -PADLOCK_PATCHFILES= 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch:padlock \ - 1002-backport-changes-from-upstream-padlock-module.patch:padlock \ - 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch:padlock \ - 1004-crypto-engine-autoload-padlock-dynamic-engine.patch:padlock -PADLOCK_VARS= PATCH_DIST_STRIP=-p1 -RC5_CONFIGURE_ON= enable-rc5 -RC5_CONFIGURE_OFF= no-rc5 -RFC3779_CONFIGURE_ON= enable-rfc3779 -RFC3779_CONFIGURE_OFF= no-rfc3779 -SCTP_CONFIGURE_ON= sctp -SCTP_CONFIGURE_OFF= no-sctp -SHARED_CONFIGURE_ON= shared -SHARED_MAKE_ENV= SHLIBVER=${OPENSSL_SHLIBVER} -SHARED_PLIST_SUB= SHLIBVER=${OPENSSL_SHLIBVER} -SHARED_USE= ldconfig=yes -SSE2_CONFIGURE_OFF= no-sse2 -SSL2_CONFIGURE_ON= enable-ssl2 -SSL2_CONFIGURE_OFF= no-ssl2 -SSL3_CONFIGURE_ON= enable-ssl3 -SSL3_CONFIGURE_OFF= no-ssl3 no-ssl3-method -SSL3_EXTRA_PATCHES_OFF= ${PATCHDIR}/extra-patch-test_testssl -THREADS_CONFIGURE_ON= threads -THREADS_CONFIGURE_OFF= no-threads -ZLIB_CONFIGURE_ON= zlib zlib-dynamic -ZLIB_CONFIGURE_OFF= no-zlib no-zlib-dynamic +CONFIGURE_ARGS= enable-camellia enable-cms enable-ec enable-ec2m enable-ec_nistp_64_gcc_128 \ + enable-ecdh enable-ecdsa enable-gost enable-idea enable-md2 enable-mdc2 \ + enable-rc2 enable-rc5 enable-rfc3779 enable-seed enable-ssl-trace \ + enable-ssl2 enable-ssl2-methods enable-ssl3 enable-weak-ssl-ciphers \ + experimental-jpake experimental-store \ + no-gmp sctp shared threads zlib zlib-dynamic -.include - -.if ${CHOSEN_COMPILER_TYPE} != gcc && ${COMPILER_VERSION} != 42 -CFLAGS+= -Werror -Qunused-arguments -.endif - -.if ${PREFIX} == /usr -IGNORE= the OpenSSL port can not be installed over the base version -.endif - -OPENSSLDIR?= ${PREFIX}/openssl +OPENSSLDIR?= ${PREFIX}/openssl-unsafe/etc PLIST_SUB+= OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==} +NOT_FOR_ARCHS= i386 + .include "version.mk" -.if ${PORT_OPTIONS:MASM} -BROKEN_sparc64= option ASM generates illegal instructions -.endif - -CONFIGURE_ARGS+= no-gmp - post-patch: ${REINPLACE_CMD} -e 's|m4 -B 8192|m4|g' \ ${WRKSRC}/crypto/des/Makefile - ${REINPLACE_CMD} -e 's|SHLIB_VERSION_NUMBER "1.0.0"|SHLIB_VERSION_NUMBER "${OPENSSL_SHLIBVER}"|' \ - ${WRKSRC}/crypto/opensslv.h - ${REINPLACE_CMD} -e 's|ERR_R_MALLOC_ERROR|ERR_R_MALLOC_FAILURE|' \ - ${WRKSRC}/crypto/bio/bss_dgram.c -.if ${PORT_OPTIONS:MEXPCIPHERS} - ${REINPLACE_CMD} -e 's|TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0|TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1|' \ - ${WRKSRC}/ssl/tls1.h -.endif + ${REINPLACE_CMD} -e 's|all install_docs |all |;s| tools$$||;s| build_tools$$||' ${WRKSRC}/Makefile.org -post-patch-MAN3-off: - ${GREP} -L openssl_manual_section ${WRKSRC}/doc/crypto/*.pod | ${XARGS} ${RM} - ${RM} -r ${WRKSRC}/doc/ssl/*.pod - ${REINPLACE_CMD} -e 's|pod doc/ssl/\*\.pod|pod|' ${WRKSRC}/Makefile.org - do-configure: ${REINPLACE_CMD} -e "s|options 386|options|" \ ${WRKSRC}/config cd ${WRKSRC} \ && ${SETENV} CC="${CC}" FREEBSDCC="${CC}" CFLAGS="${CFLAGS}" PERL="${PERL}" \ - ./config --prefix=${PREFIX} --openssldir=${OPENSSLDIR} \ + ./config --prefix=${PREFIX}/openssl-unsafe --openssldir=${OPENSSLDIR} \ --install_prefix=${STAGEDIR} \ - -L${PREFIX}/lib ${CONFIGURE_ARGS} + -L${PREFIX}/openssl-unsafe/lib ${CONFIGURE_ARGS} post-configure: ${REINPLACE_CMD} \ @@ -154,24 +63,7 @@ post-configure: -e 's|LIBVERSION=[^ ]* |LIBVERSION=${OPENSSL_SHLIBVER} |' \ ${WRKSRC}/Makefile -post-install-SHARED-on: -.for i in libcrypto libssl - ${INSTALL_DATA} ${WRKSRC}/$i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib - ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/$i.so.${OPENSSL_SHLIBVER} - ${LN} -sf $i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib/$i.so -.endfor - ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl -.for i in 4758cca aep atalla capi chil cswift gmp gost nuron padlock sureware ubsec - ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/engines/lib${i}.so -.endfor - -post-install-DOCS-on: - ${MKDIR} ${STAGEDIR}${DOCSDIR} - ${INSTALL_DATA} ${WRKSRC}/doc/openssl.txt ${STAGEDIR}${DOCSDIR}/ - test: build cd ${WRKSRC} && ${MAKE} test -regression-test: test - -.include +.include Modified: head/security/openssl-unsafe/distinfo ============================================================================== --- head/security/openssl/distinfo Sat Oct 7 17:56:23 2017 (r451468) +++ head/security/openssl-unsafe/distinfo Tue Oct 10 11:47:19 2017 (r451695) @@ -1,11 +1,3 @@ -TIMESTAMP = 1495727915 -SHA256 (openssl-1.0.2/openssl-1.0.2l.tar.gz) = ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c -SIZE (openssl-1.0.2/openssl-1.0.2l.tar.gz) = 5365054 -SHA256 (openssl-1.0.2/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 2eddcb7ab342285cb637ce6b6be143cca835f449f35dd9bb8c7b9167ba2117a7 -SIZE (openssl-1.0.2/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 3717 -SHA256 (openssl-1.0.2/1002-backport-changes-from-upstream-padlock-module.patch) = aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260 -SIZE (openssl-1.0.2/1002-backport-changes-from-upstream-padlock-module.patch) = 5770 -SHA256 (openssl-1.0.2/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea -SIZE (openssl-1.0.2/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = 20935 -SHA256 (openssl-1.0.2/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 97eb4411d0fc0890e94bc7c2d682f68b71135da782af769ca73914b37da2b1fd -SIZE (openssl-1.0.2/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 832 +TIMESTAMP = 1507535912 +SHA256 (PeterMosmans-openssl-1.0.2.20170706-c9ba19c8b7fd131137373dbd1fccd6a8bb0628be_GH0.tar.gz) = 02f561efd265b3303360fcafd57f7e32649cf76986aa7b981154ec18e9a752b3 +SIZE (PeterMosmans-openssl-1.0.2.20170706-c9ba19c8b7fd131137373dbd1fccd6a8bb0628be_GH0.tar.gz) = 5523256 Modified: head/security/openssl-unsafe/files/patch-Configure ============================================================================== --- head/security/openssl/files/patch-Configure Sat Oct 7 17:56:23 2017 (r451468) +++ head/security/openssl-unsafe/files/patch-Configure Tue Oct 10 11:47:19 2017 (r451695) @@ -1,6 +1,6 @@ ---- Configure.orig 2015-06-11 15:50:11.000000000 +0200 -+++ Configure 2015-06-12 16:20:39.000000000 +0200 -@@ -467,19 +467,20 @@ +--- Configure.orig 2017-07-06 01:00:00 UTC ++++ Configure +@@ -477,19 +477,20 @@ my %table=( "android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### *BSD [do see comment about ${BSDthreads} above!] @@ -30,7 +30,7 @@ "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -@@ -2019,10 +2020,12 @@ +@@ -2075,10 +2076,12 @@ EOF if ( $perl =~ m@^/@) { &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("apps/CA.pl",$perl,'^#!/', '#!%s'); @@ -42,4 +42,4 @@ + &dofile("apps/tsget",'/usr/local/bin/perl',,'^#!/', '#!%s'); } if ($depflags ne $default_depflags && !$make_depend) { - print <