From owner-svn-ports-branches@freebsd.org Thu Sep 29 11:52:36 2016 Return-Path: Delivered-To: svn-ports-branches@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C1F73C02CD4; Thu, 29 Sep 2016 11:52:36 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 80A04D69; Thu, 29 Sep 2016 11:52:36 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u8TBqZ4H075573; Thu, 29 Sep 2016 11:52:35 GMT (envelope-from brnrd@FreeBSD.org) Received: (from brnrd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u8TBqZD6075568; Thu, 29 Sep 2016 11:52:35 GMT (envelope-from brnrd@FreeBSD.org) Message-Id: <201609291152.u8TBqZD6075568@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brnrd set sender to brnrd@FreeBSD.org using -f From: Bernard Spil Date: Thu, 29 Sep 2016 11:52:35 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r422912 - in branches/2016Q3: . security/libressl security/libressl/files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Sep 2016 11:52:36 -0000 Author: brnrd Date: Thu Sep 29 11:52:35 2016 New Revision: 422912 URL: https://svnweb.freebsd.org/changeset/ports/422912 Log: MFH: r416626 r419542 r420102 r422829 security/libressl: Update to version 2.3.6 Security: CVE-2016-2178 Sponsored by: BSDCan DevSummit security/libressl: Update to 2.3.7 - Bugfix update [1] Release notes: - http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.7-relnotes.txt security/libressl: Update to 2.4.2 - Update to latest stable version 2.4.2 - Add UPDATING entry - Remove OPENSSL_VERSION_NUMBER patch - Change post-install targets to post-stage where possible - Bump libcrypto version in version.mk PR: 211701 security/libressl: Update to 2.4.3 - Update to 2.4.3 - Only affected by CVE-2016-6304 (high) Security: CVE-2016-6304 Security: 43eaa656-80bc-11e6-bf52-b499baebfeaf Approved by: ports-secteam (feld) Deleted: branches/2016Q3/security/libressl/files/ Modified: branches/2016Q3/UPDATING branches/2016Q3/security/libressl/Makefile branches/2016Q3/security/libressl/distinfo branches/2016Q3/security/libressl/pkg-plist branches/2016Q3/security/libressl/version.mk Directory Properties: branches/2016Q3/ (props changed) Modified: branches/2016Q3/UPDATING ============================================================================== --- branches/2016Q3/UPDATING Thu Sep 29 09:02:54 2016 (r422911) +++ branches/2016Q3/UPDATING Thu Sep 29 11:52:35 2016 (r422912) @@ -6,6 +6,34 @@ You should get into the habit of checkin you update your ports collection, before attempting any port upgrades. 20160811: + AFFECTS: users of security/libressl + AUTHOR: brnrd@FreeBSD.org + + The port has been updated to the latest stable version 2.4 of LibreSSL. + The shared library versions of the libraries have been bumped. + With this update, the patch for the OPENSSL_VERSION_NUMBER has been + removed. This causes issues with a number of ports. Patches for all + ports for which this issues is known can be found on + https://wiki.freebsd.org/LibreSSL/Ports#OPENSSL_VERSION_NUMBER + + After upgrading, manually update all packages that depend on any of the + libraries provided by LibreSSL (libssl, libcrypto and libtls) since the + versions of these libraries have changed. Normally, you can obtain the + list of dependent software by running the following command: + + # pkg info -r libressl + + Then you should rebuild all ports depending on libressl to avoid dangling + shared library dependencies. Poudriere and pkg handle this correctly, + portmaster and portupgrade users can use the following to rebuild all + dependent ports. + + Portmaster users: + portmaster -r libressl + Portupgrade users: + portupgrade -fr security/libressl + +20160811: AFFECTS: users of databases/postgresqlNN-server with ICU patch AUTHOR: girgen@FreeBSD.org Modified: branches/2016Q3/security/libressl/Makefile ============================================================================== --- branches/2016Q3/security/libressl/Makefile Thu Sep 29 09:02:54 2016 (r422911) +++ branches/2016Q3/security/libressl/Makefile Thu Sep 29 11:52:35 2016 (r422912) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= libressl -PORTVERSION= 2.3.6 +PORTVERSION= 2.4.3 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL @@ -32,15 +32,15 @@ CFLAGS+= -fpic -DPIC INSTALL_TARGET= install-strip TEST_TARGET= check -post-install-NC-on: +post-stage-NC-on: ${INSTALL_PROGRAM} ${WRKSRC}/apps/nc/.libs/nc ${STAGEDIR}/${PREFIX}/bin/nc ${INSTALL_MAN} ${WRKSRC}/apps/nc/nc.1 ${STAGEDIR}/${PREFIX}/man/man1/nc.1 +post-stage: + ${RM} -rf ${STAGEDIR}/${PREFIX}/etc/ssl/cert.pem + post-install-MAN3-off: ${RM} -rf ${STAGEDIR}/${PREFIX}/man/man3 ${REINPLACE_CMD} -e '/^man\/man3/d' ${TMPPLIST} -post-install: - ${RM} -rf ${STAGEDIR}/${PREFIX}/etc/ssl/cert.pem - .include Modified: branches/2016Q3/security/libressl/distinfo ============================================================================== --- branches/2016Q3/security/libressl/distinfo Thu Sep 29 09:02:54 2016 (r422911) +++ branches/2016Q3/security/libressl/distinfo Thu Sep 29 11:52:35 2016 (r422912) @@ -1,3 +1,3 @@ -TIMESTAMP = 1465503719 -SHA256 (libressl-2.3.6.tar.gz) = 358a4779e6813bd06f07db0cf0f0fe531401ed0c6ed958973d404416c3d537fa -SIZE (libressl-2.3.6.tar.gz) = 3013459 +TIMESTAMP = 1475008406 +SHA256 (libressl-2.4.3.tar.gz) = bd5726f3e247e7a7d30ce69946d174b8fb92d999d22710c65f176c969812960e +SIZE (libressl-2.4.3.tar.gz) = 3014721 Modified: branches/2016Q3/security/libressl/pkg-plist ============================================================================== --- branches/2016Q3/security/libressl/pkg-plist Thu Sep 29 09:02:54 2016 (r422911) +++ branches/2016Q3/security/libressl/pkg-plist Thu Sep 29 11:52:35 2016 (r422912) @@ -75,16 +75,16 @@ include/openssl/x509v3.h include/tls.h lib/libcrypto.a lib/libcrypto.so -lib/libcrypto.so.37 -lib/libcrypto.so.37.0.0 +lib/libcrypto.so.38 +lib/libcrypto.so.38.0.0 lib/libssl.a lib/libssl.so -lib/libssl.so.38 -lib/libssl.so.38.0.0 +lib/libssl.so.39 +lib/libssl.so.39.0.0 lib/libtls.a lib/libtls.so -lib/libtls.so.10 -lib/libtls.so.10.0.0 +lib/libtls.so.11 +lib/libtls.so.11.0.0 libdata/pkgconfig/libcrypto.pc libdata/pkgconfig/libssl.pc libdata/pkgconfig/libtls.pc Modified: branches/2016Q3/security/libressl/version.mk ============================================================================== --- branches/2016Q3/security/libressl/version.mk Thu Sep 29 09:02:54 2016 (r422911) +++ branches/2016Q3/security/libressl/version.mk Thu Sep 29 11:52:35 2016 (r422912) @@ -1 +1 @@ -OPENSSL_SHLIBVER?= 37 +OPENSSL_SHLIBVER?= 38