Date: Sat, 25 Jun 2022 10:36:44 GMT From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org Subject: git: 0e06657ad406 - 2022Q2 - security/openssl: Security update to 1.1.1p Message-ID: <202206251036.25PAaiui009537@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch 2022Q2 has been updated by brnrd: URL: https://cgit.FreeBSD.org/ports/commit/?id=0e06657ad406eb220a356e8f49cb5cccd025225e commit 0e06657ad406eb220a356e8f49cb5cccd025225e Author: Bernard Spil <brnrd@FreeBSD.org> AuthorDate: 2022-06-22 08:56:18 +0000 Commit: Bernard Spil <brnrd@FreeBSD.org> CommitDate: 2022-06-25 10:36:40 +0000 security/openssl: Security update to 1.1.1p * Adds bungled commit da7e737639a077e954426e5400c3ce15754f54d parts related to security/openssl Security: 4eeb93bf-f204-11ec-8fbd-d4c9ef517024 (cherry picked from commit f8942926a8cb9a03b0ffab32565479d97fa5be05) --- security/openssl/Makefile | 2 +- security/openssl/distinfo | 6 +- .../files/patch-Configurations_10-main.conf | 16 ---- security/openssl/files/patch-config | 20 ----- security/openssl/files/patch-test_v3ext.c | 96 ++++++++++++++++++++++ 5 files changed, 100 insertions(+), 40 deletions(-) diff --git a/security/openssl/Makefile b/security/openssl/Makefile index fd1885241632..98bb3b2dae26 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,7 +1,7 @@ # Created by: Dirk Froemberg <dirk@FreeBSD.org> PORTNAME= openssl -PORTVERSION= 1.1.1o +PORTVERSION= 1.1.1p PORTEPOCH= 1 CATEGORIES= security devel MASTER_SITES= https://www.openssl.org/source/ \ diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 2ea1c2918bbd..6bb4a692578e 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1651649441 -SHA256 (openssl-1.1.1o.tar.gz) = 9384a2b0570dd80358841464677115df785edb941c71211f75076d72fe6b438f -SIZE (openssl-1.1.1o.tar.gz) = 9856386 +TIMESTAMP = 1655885637 +SHA256 (openssl-1.1.1p.tar.gz) = bf61b62aaa66c7c7639942a94de4c9ae8280c08f17d4eac2e44644d9fc8ace6f +SIZE (openssl-1.1.1p.tar.gz) = 9860217 diff --git a/security/openssl/files/patch-Configurations_10-main.conf b/security/openssl/files/patch-Configurations_10-main.conf deleted file mode 100644 index 03be5801b885..000000000000 --- a/security/openssl/files/patch-Configurations_10-main.conf +++ /dev/null @@ -1,16 +0,0 @@ ---- Configurations/10-main.conf.orig 2021-12-14 15:45:01 UTC -+++ Configurations/10-main.conf -@@ -988,6 +988,13 @@ my %targets = ( - perlasm_scheme => "elf", - }, - -+ "BSD-aarch64" => { -+ inherit_from => [ "BSD-generic64", asm("aarch64_asm") ], -+ lib_cppflags => add("-DL_ENDIAN"), -+ bn_ops => "SIXTY_FOUR_BIT_LONG", -+ perlasm_scheme => "linux64", -+ }, -+ - "bsdi-elf-gcc" => { - inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], - CC => "gcc", diff --git a/security/openssl/files/patch-config b/security/openssl/files/patch-config deleted file mode 100644 index d83edae81ff7..000000000000 --- a/security/openssl/files/patch-config +++ /dev/null @@ -1,20 +0,0 @@ ---- config.orig 2021-08-24 13:38:47 UTC -+++ config -@@ -708,14 +708,9 @@ case "$GUESSOS" in - ia64-*-*bsd*) OUT="BSD-ia64" ;; - x86_64-*-dragonfly*) OUT="BSD-x86_64" ;; - amd64-*-*bsd*) OUT="BSD-x86_64" ;; -- *86*-*-*bsd*) # mimic ld behaviour when it's looking for libc... -- if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD -- libc=/usr/lib/libc.so -- else # OpenBSD -- # ld searches for highest libc.so.* and so do we -- libc=`(ls /usr/lib/libc.so.* /lib/libc.so.* | tail -1) 2>/dev/null` -- fi -- case "`(file -L $libc) 2>/dev/null`" in -+ arm64-*-*bsd*) OUT="BSD-aarch64" ;; -+ *86*-*-*bsd*) -+ case "`(file -L /bin/sh) 2>/dev/null`" in - *ELF*) OUT="BSD-x86-elf" ;; - *) OUT="BSD-x86"; options="$options no-sse2" ;; - esac ;; diff --git a/security/openssl/files/patch-test_v3ext.c b/security/openssl/files/patch-test_v3ext.c new file mode 100644 index 000000000000..75769d96ad49 --- /dev/null +++ b/security/openssl/files/patch-test_v3ext.c @@ -0,0 +1,96 @@ +Fixes https://github.com/openssl/openssl/issues/18619 + +Revert the test of 01fc9b6bce82f0534d6673659a0e59a71f57ee82 + +--- test/v3ext.c.orig 2022-06-21 13:39:39 UTC ++++ test/v3ext.c +@@ -37,89 +37,11 @@ end: + return ret; + } + +-static int test_asid(void) +-{ +- ASN1_INTEGER *val1 = NULL, *val2 = NULL; +- ASIdentifiers *asid1 = ASIdentifiers_new(), *asid2 = ASIdentifiers_new(), +- *asid3 = ASIdentifiers_new(), *asid4 = ASIdentifiers_new(); +- int testresult = 0; +- +- if (!TEST_ptr(asid1) +- || !TEST_ptr(asid2) +- || !TEST_ptr(asid3)) +- goto err; +- +- if (!TEST_ptr(val1 = ASN1_INTEGER_new()) +- || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496))) +- goto err; +- +- if (!TEST_true(X509v3_asid_add_id_or_range(asid1, V3_ASID_ASNUM, val1, NULL))) +- goto err; +- +- val1 = NULL; +- if (!TEST_ptr(val2 = ASN1_INTEGER_new()) +- || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497))) +- goto err; +- +- if (!TEST_true(X509v3_asid_add_id_or_range(asid2, V3_ASID_ASNUM, val2, NULL))) +- goto err; +- +- val2 = NULL; +- if (!TEST_ptr(val1 = ASN1_INTEGER_new()) +- || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496)) +- || !TEST_ptr(val2 = ASN1_INTEGER_new()) +- || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497))) +- goto err; +- +- /* +- * Just tests V3_ASID_ASNUM for now. Could be extended at some point to also +- * test V3_ASID_RDI if we think it is worth it. +- */ +- if (!TEST_true(X509v3_asid_add_id_or_range(asid3, V3_ASID_ASNUM, val1, val2))) +- goto err; +- val1 = val2 = NULL; +- +- /* Actual subsets */ +- if (!TEST_true(X509v3_asid_subset(NULL, NULL)) +- || !TEST_true(X509v3_asid_subset(NULL, asid1)) +- || !TEST_true(X509v3_asid_subset(asid1, asid1)) +- || !TEST_true(X509v3_asid_subset(asid2, asid2)) +- || !TEST_true(X509v3_asid_subset(asid1, asid3)) +- || !TEST_true(X509v3_asid_subset(asid2, asid3)) +- || !TEST_true(X509v3_asid_subset(asid3, asid3)) +- || !TEST_true(X509v3_asid_subset(asid4, asid1)) +- || !TEST_true(X509v3_asid_subset(asid4, asid2)) +- || !TEST_true(X509v3_asid_subset(asid4, asid3))) +- goto err; +- +- /* Not subsets */ +- if (!TEST_false(X509v3_asid_subset(asid1, NULL)) +- || !TEST_false(X509v3_asid_subset(asid1, asid2)) +- || !TEST_false(X509v3_asid_subset(asid2, asid1)) +- || !TEST_false(X509v3_asid_subset(asid3, asid1)) +- || !TEST_false(X509v3_asid_subset(asid3, asid2)) +- || !TEST_false(X509v3_asid_subset(asid1, asid4)) +- || !TEST_false(X509v3_asid_subset(asid2, asid4)) +- || !TEST_false(X509v3_asid_subset(asid3, asid4))) +- goto err; +- +- testresult = 1; +- err: +- ASN1_INTEGER_free(val1); +- ASN1_INTEGER_free(val2); +- ASIdentifiers_free(asid1); +- ASIdentifiers_free(asid2); +- ASIdentifiers_free(asid3); +- ASIdentifiers_free(asid4); +- return testresult; +-} +- + int setup_tests(void) + { + if (!TEST_ptr(infile = test_get_argument(0))) + return 0; + + ADD_TEST(test_pathlen); +- ADD_TEST(test_asid); + return 1; + }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206251036.25PAaiui009537>