From owner-svn-ports-all@freebsd.org  Thu May 25 18:53:11 2017
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 70FACD82564;
 Thu, 25 May 2017 18:53:11 +0000 (UTC)
 (envelope-from brnrd@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4C180132E;
 Thu, 25 May 2017 18:53:11 +0000 (UTC)
 (envelope-from brnrd@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v4PIrA5a066333;
 Thu, 25 May 2017 18:53:10 GMT (envelope-from brnrd@FreeBSD.org)
Received: (from brnrd@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v4PIr9vA066329;
 Thu, 25 May 2017 18:53:09 GMT (envelope-from brnrd@FreeBSD.org)
Message-Id: <201705251853.v4PIr9vA066329@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: brnrd set sender to
 brnrd@FreeBSD.org using -f
From: Bernard Spil <brnrd@FreeBSD.org>
Date: Thu, 25 May 2017 18:53:09 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r441709 - in head/security/openssl: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 May 2017 18:53:11 -0000

Author: brnrd
Date: Thu May 25 18:53:09 2017
New Revision: 441709
URL: https://svnweb.freebsd.org/changeset/ports/441709

Log:
  security/openssl: Update to 1.0.2l
  
   - Bugfix update to 1.0.2l
   - Fix PADLOCK option
     - Build failure -Wunused-function
     - Properly disable with configure
   - Strip patch-version from DIST_SUBDIR, reduce dirs
   - Remove unneeded testssl patch, dtls tests are OK
   - Add new WITHOUT_SSL3 testssl extra-patch
   - Remove md5 patch (inconsistent output)
   - Remove openbsd_hw.c patch (not compiled)
   - Remove srtp patch (upstream fixed)
   - Fix plist

Added:
  head/security/openssl/files/extra-patch-test_testssl
     - copied, changed from r441708, head/security/openssl/files/patch-testssl
Deleted:
  head/security/openssl/files/patch-md5.c
  head/security/openssl/files/patch-openbsd__hw.c
  head/security/openssl/files/patch-srtp.h
  head/security/openssl/files/patch-testssl
Modified:
  head/security/openssl/Makefile
  head/security/openssl/distinfo
  head/security/openssl/pkg-plist

Modified: head/security/openssl/Makefile
==============================================================================
--- head/security/openssl/Makefile	Thu May 25 18:33:54 2017	(r441708)
+++ head/security/openssl/Makefile	Thu May 25 18:53:09 2017	(r441709)
@@ -2,13 +2,12 @@
 # $FreeBSD$
 
 PORTNAME=	openssl
-PORTVERSION=	1.0.2k
-PORTREVISION=	1
+PORTVERSION=	1.0.2l
 PORTEPOCH=	1
 CATEGORIES=	security devel
 MASTER_SITES=	http://www.openssl.org/source/ \
 		ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/
-DIST_SUBDIR=	${DISTNAME}
+DIST_SUBDIR=	${DISTNAME:C/[a-z]$//}
 
 MAINTAINER=	brnrd@FreeBSD.org
 COMMENT=	SSL and crypto library
@@ -74,6 +73,8 @@ EC_CONFIGURE_OFF=	no-ec_nistp_64_gcc_128
 I386_CONFIGURE_ON=	386
 MD2_CONFIGURE_ON=	enable-md2
 MD2_CONFIGURE_OFF=	no-md2
+PADLOCK_CFLAGS=		-Wno-unused-function
+PADLOCK_CONFIGURE_OFF=	no-padlock
 PADLOCK_PATCH_SITES=	http://git.alpinelinux.org/cgit/aports/plain/main/openssl/:padlock
 PADLOCK_PATCHFILES=	1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch:padlock \
 			1002-backport-changes-from-upstream-padlock-module.patch:padlock \
@@ -95,11 +96,14 @@ SSL2_CONFIGURE_ON=	enable-ssl2
 SSL2_CONFIGURE_OFF=	no-ssl2
 SSL3_CONFIGURE_ON=	enable-ssl3
 SSL3_CONFIGURE_OFF=	no-ssl3 no-ssl3-method
+SSL3_EXTRA_PATCHES_OFF=	${PATCHDIR}/extra-patch-test_testssl
 THREADS_CONFIGURE_ON=	threads
 THREADS_CONFIGURE_OFF=	no-threads
 ZLIB_CONFIGURE_ON=	zlib zlib-dynamic
 ZLIB_CONFIGURE_OFF=	no-zlib no-zlib-dynamic
 
+CFLAGS+= -Werror -Qunused-arguments
+
 .include <bsd.port.pre.mk>
 
 .if ${PREFIX} == /usr
@@ -153,8 +157,13 @@ post-configure:
 post-install-SHARED-on:
 .for i in libcrypto libssl
 	${INSTALL_DATA} ${WRKSRC}/$i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/$i.so.${OPENSSL_SHLIBVER}
 	${LN} -sf $i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib/$i.so
 .endfor
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl
+.for i in 4758cca aep atalla capi chil cswift gmp gost nuron padlock sureware ubsec
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/engines/lib${i}.so
+.endfor
 
 post-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}

Modified: head/security/openssl/distinfo
==============================================================================
--- head/security/openssl/distinfo	Thu May 25 18:33:54 2017	(r441708)
+++ head/security/openssl/distinfo	Thu May 25 18:53:09 2017	(r441709)
@@ -1,11 +1,11 @@
-TIMESTAMP = 1485440434
-SHA256 (openssl-1.0.2k/openssl-1.0.2k.tar.gz) = 6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0
-SIZE (openssl-1.0.2k/openssl-1.0.2k.tar.gz) = 5309236
-SHA256 (openssl-1.0.2k/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 2eddcb7ab342285cb637ce6b6be143cca835f449f35dd9bb8c7b9167ba2117a7
-SIZE (openssl-1.0.2k/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 3717
-SHA256 (openssl-1.0.2k/1002-backport-changes-from-upstream-padlock-module.patch) = aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260
-SIZE (openssl-1.0.2k/1002-backport-changes-from-upstream-padlock-module.patch) = 5770
-SHA256 (openssl-1.0.2k/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea
-SIZE (openssl-1.0.2k/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = 20935
-SHA256 (openssl-1.0.2k/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 97eb4411d0fc0890e94bc7c2d682f68b71135da782af769ca73914b37da2b1fd
-SIZE (openssl-1.0.2k/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 832
+TIMESTAMP = 1495727915
+SHA256 (openssl-1.0.2l/openssl-1.0.2l.tar.gz) = ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c
+SIZE (openssl-1.0.2l/openssl-1.0.2l.tar.gz) = 5365054
+SHA256 (openssl-1.0.2l/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 2eddcb7ab342285cb637ce6b6be143cca835f449f35dd9bb8c7b9167ba2117a7
+SIZE (openssl-1.0.2l/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 3717
+SHA256 (openssl-1.0.2l/1002-backport-changes-from-upstream-padlock-module.patch) = aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260
+SIZE (openssl-1.0.2l/1002-backport-changes-from-upstream-padlock-module.patch) = 5770
+SHA256 (openssl-1.0.2l/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea
+SIZE (openssl-1.0.2l/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = 20935
+SHA256 (openssl-1.0.2l/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 97eb4411d0fc0890e94bc7c2d682f68b71135da782af769ca73914b37da2b1fd
+SIZE (openssl-1.0.2l/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 832

Copied and modified: head/security/openssl/files/extra-patch-test_testssl (from r441708, head/security/openssl/files/patch-testssl)
==============================================================================
--- head/security/openssl/files/patch-testssl	Thu May 25 18:33:54 2017	(r441708, copy source)
+++ head/security/openssl/files/extra-patch-test_testssl	Thu May 25 18:53:09 2017	(r441709)
@@ -1,39 +1,15 @@
---- test/testssl.orig	2015-06-11 15:50:11.000000000 +0200
-+++ test/testssl	2015-06-12 13:43:32.000000000 +0200
-@@ -102,28 +102,28 @@
- $ssltest $extra || exit 1
- 
- echo test dtlsv1
--$ssltest -dtls1 $extra || exit 1
-+#$ssltest -dtls1 $extra || exit 1
- 
- echo test dtlsv1 with server authentication
--$ssltest -dtls1 -server_auth $CA $extra || exit 1
-+#$ssltest -dtls1 -server_auth $CA $extra || exit 1
- 
- echo test dtlsv1 with client authentication
--$ssltest -dtls1 -client_auth $CA $extra || exit 1
-+#$ssltest -dtls1 -client_auth $CA $extra || exit 1
- 
- echo test dtlsv1 with both client and server authentication
--$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
-+#$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
- 
- echo test dtlsv1.2
--$ssltest -dtls12 $extra || exit 1
-+#$ssltest -dtls12 $extra || exit 1
- 
- echo test dtlsv1.2 with server authentication
--$ssltest -dtls12 -server_auth $CA $extra || exit 1
-+#$ssltest -dtls12 -server_auth $CA $extra || exit 1
- 
- echo test dtlsv1.2 with client authentication
--$ssltest -dtls12 -client_auth $CA $extra || exit 1
-+#$ssltest -dtls12 -client_auth $CA $extra || exit 1
- 
- echo test dtlsv1.2 with both client and server authentication
--$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
-+#$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
- 
- if [ $dsa_cert = NO ]; then
-   echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
+Disable SSLv3 test when built without SSL3 option disabled
+
+ - Test for weak DH fails when enabled
+
+--- test/testssl.orig	2017-04-27 12:23:44 UTC
++++ test/testssl
+@@ -160,7 +160,7 @@ test_cipher() {
+ }
+ set -x
+ echo "Testing ciphersuites"
+-for protocol in TLSv1.2 SSLv3; do
++for protocol in TLSv1.2; do
+   echo "Testing ciphersuites for $protocol"
+   for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
+     test_cipher $cipher $protocol

Modified: head/security/openssl/pkg-plist
==============================================================================
--- head/security/openssl/pkg-plist	Thu May 25 18:33:54 2017	(r441708)
+++ head/security/openssl/pkg-plist	Thu May 25 18:53:09 2017	(r441709)
@@ -868,10 +868,14 @@ man/man1/x509.1.gz
 %%MAN3%%man/man3/EVP_VerifyFinal.3.gz
 %%MAN3%%man/man3/EVP_VerifyInit.3.gz
 %%MAN3%%man/man3/EVP_VerifyUpdate.3.gz
+%%MAN3%%man/man3/EVP_aes_128_cbc_hmac_sha1.3.gz
+%%MAN3%%man/man3/EVP_aes_128_cbc_hmac_sha256.3.gz
 %%MAN3%%man/man3/EVP_aes_128_ccm.3.gz
 %%MAN3%%man/man3/EVP_aes_128_gcm.3.gz
 %%MAN3%%man/man3/EVP_aes_192_ccm.3.gz
 %%MAN3%%man/man3/EVP_aes_192_gcm.3.gz
+%%MAN3%%man/man3/EVP_aes_256_cbc_hmac_sha1.3.gz
+%%MAN3%%man/man3/EVP_aes_256_cbc_hmac_sha256.3.gz
 %%MAN3%%man/man3/EVP_aes_256_ccm.3.gz
 %%MAN3%%man/man3/EVP_aes_256_gcm.3.gz
 %%MAN3%%man/man3/EVP_bf_cbc.3.gz
@@ -921,6 +925,7 @@ man/man1/x509.1.gz
 %%MAN3%%man/man3/EVP_rc2_ofb.3.gz
 %%MAN3%%man/man3/EVP_rc4.3.gz
 %%MAN3%%man/man3/EVP_rc4_40.3.gz
+%%MAN3%%man/man3/EVP_rc4_hmac_md5.3.gz
 %%MAN3%%man/man3/EVP_rc5_32_12_16_cbc.3.gz
 %%MAN3%%man/man3/EVP_rc5_32_12_16_cfb.3.gz
 %%MAN3%%man/man3/EVP_rc5_32_12_16_ecb.3.gz