Mon Jul 11 23:03:51 2022 UTC ()
openssl: update to 1.1.1q.

  Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [5 Jul 2022]

      o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
        (CVE-2022-2097)


(wiz)
diff -r1.282 -r1.283 pkgsrc/security/openssl/Makefile
diff -r1.160 -r1.161 pkgsrc/security/openssl/distinfo
cvs diff -r1.282 -r1.283 pkgsrc/security/openssl/Makefile (switch to unified diff)

--- pkgsrc/security/openssl/Makefile 2022/06/28 11:35:38 1.282
+++ pkgsrc/security/openssl/Makefile 2022/07/11 23:03:51 1.283
@@ -1,111 +1,110 @@ @@ -1,111 +1,110 @@
1# $NetBSD: Makefile,v 1.282 2022/06/28 11:35:38 wiz Exp $ 1# $NetBSD: Makefile,v 1.283 2022/07/11 23:03:51 wiz Exp $
2 2
3# Remember to upload-distfiles when updating OpenSSL -- otherwise it 3# Remember to upload-distfiles when updating OpenSSL -- otherwise it
4# is not possible for users who have bootstrapped without OpenSSL 4# is not possible for users who have bootstrapped without OpenSSL
5# to install it and enable HTTPS fetching. 5# to install it and enable HTTPS fetching.
6DISTNAME= openssl-1.1.1p 6DISTNAME= openssl-1.1.1q
7PKGREVISION= 1 
8CATEGORIES= security 7CATEGORIES= security
9MASTER_SITES= https://www.openssl.org/source/ 8MASTER_SITES= https://www.openssl.org/source/
10 9
11MAINTAINER= pkgsrc-users@NetBSD.org 10MAINTAINER= pkgsrc-users@NetBSD.org
12HOMEPAGE= https://www.openssl.org/ 11HOMEPAGE= https://www.openssl.org/
13COMMENT= Secure Socket Layer and cryptographic library 12COMMENT= Secure Socket Layer and cryptographic library
14LICENSE= openssl 13LICENSE= openssl
15 14
16USE_GCC_RUNTIME= yes 15USE_GCC_RUNTIME= yes
17 16
18USE_TOOLS+= fgrep gmake perl 17USE_TOOLS+= fgrep gmake perl
19USE_TOOLS.SunOS+= gm4 18USE_TOOLS.SunOS+= gm4
20BUILD_TARGET= depend all 19BUILD_TARGET= depend all
21TEST_TARGET= tests 20TEST_TARGET= tests
22 21
23HAS_CONFIGURE= yes 22HAS_CONFIGURE= yes
24CONFIGURE_SCRIPT= ./config 23CONFIGURE_SCRIPT= ./config
25CONFIGURE_ARGS+= --prefix=${PREFIX} 24CONFIGURE_ARGS+= --prefix=${PREFIX}
26CONFIGURE_ARGS+= --libdir=${PREFIX}/lib 25CONFIGURE_ARGS+= --libdir=${PREFIX}/lib
27CONFIGURE_ARGS+= --openssldir=${PKG_SYSCONFDIR} 26CONFIGURE_ARGS+= --openssldir=${PKG_SYSCONFDIR}
28CONFIGURE_ARGS+= shared 27CONFIGURE_ARGS+= shared
29 28
30.include "../../mk/bsd.prefs.mk" 29.include "../../mk/bsd.prefs.mk"
31 30
32.if !empty(MACHINE_PLATFORM:MDarwin-[0-8].*-powerpc) 31.if !empty(MACHINE_PLATFORM:MDarwin-[0-8].*-powerpc)
33# No {get,make,set}context support before Darwin 9 32# No {get,make,set}context support before Darwin 9
34CONFIGURE_ARGS+= no-async 33CONFIGURE_ARGS+= no-async
35.endif 34.endif
36 35
37# Fix 64-bit build on at least Mac OS X Snow Leopard 36# Fix 64-bit build on at least Mac OS X Snow Leopard
38.if ${OPSYS} == "Darwin" && ${MACHINE_ARCH} == "x86_64" 37.if ${OPSYS} == "Darwin" && ${MACHINE_ARCH} == "x86_64"
39CONFIGURE_ENV+= KERNEL_BITS=${ABI} 38CONFIGURE_ENV+= KERNEL_BITS=${ABI}
40.endif 39.endif
41 40
42.include "options.mk" 41.include "options.mk"
43 42
44CONFIGURE_ENV+= PERL=${PERL5:Q} 43CONFIGURE_ENV+= PERL=${PERL5:Q}
45 44
46# If the config script cannot guess the host system correctly then we need to 45# If the config script cannot guess the host system correctly then we need to
47# specify it manually and call the Configure script directly. 46# specify it manually and call the Configure script directly.
48OPENSSL_HOST.SunOS-i386= solaris-x86-gcc 47OPENSSL_HOST.SunOS-i386= solaris-x86-gcc
49.if ${PKGSRC_COMPILER:Msunpro} 48.if ${PKGSRC_COMPILER:Msunpro}
50OPENSSL_HOST.SunOS-x86_64= solaris64-x86_64-cc 49OPENSSL_HOST.SunOS-x86_64= solaris64-x86_64-cc
51.else 50.else
52OPENSSL_HOST.SunOS-x86_64= solaris64-x86_64-gcc 51OPENSSL_HOST.SunOS-x86_64= solaris64-x86_64-gcc
53.endif 52.endif
54OPENSSL_HOST.Darwin-aarch64= darwin64-arm64-cc 53OPENSSL_HOST.Darwin-aarch64= darwin64-arm64-cc
55 54
56LDFLAGS.SunOS+= -lrt 55LDFLAGS.SunOS+= -lrt
57CPPFLAGS.OpenBSD+= -D__STDC_NO_ATOMICS__ 56CPPFLAGS.OpenBSD+= -D__STDC_NO_ATOMICS__
58 57
59.if defined(OPENSSL_HOST.${OPSYS}-${MACHINE_ARCH}) 58.if defined(OPENSSL_HOST.${OPSYS}-${MACHINE_ARCH})
60CONFIG_SHELL= ${PERL5} 59CONFIG_SHELL= ${PERL5}
61CONFIGURE_SCRIPT= ./Configure 60CONFIGURE_SCRIPT= ./Configure
62CONFIGURE_ARGS+= ${OPENSSL_HOST.${OPSYS}-${MACHINE_ARCH}} 61CONFIGURE_ARGS+= ${OPENSSL_HOST.${OPSYS}-${MACHINE_ARCH}}
63.endif 62.endif
64 63
65PKGCONFIG_OVERRIDE+= libcrypto.pc libssl.pc openssl.pc 64PKGCONFIG_OVERRIDE+= libcrypto.pc libssl.pc openssl.pc
66PKGCONFIG_OVERRIDE_STAGE= post-build 65PKGCONFIG_OVERRIDE_STAGE= post-build
67 66
68PKG_SYSCONFSUBDIR= openssl 67PKG_SYSCONFSUBDIR= openssl
69CONF_FILES= ${PREFIX}/share/examples/openssl/openssl.cnf \ 68CONF_FILES= ${PREFIX}/share/examples/openssl/openssl.cnf \
70 ${PKG_SYSCONFDIR}/openssl.cnf 69 ${PKG_SYSCONFDIR}/openssl.cnf
71OWN_DIRS= ${PKG_SYSCONFDIR}/certs ${PKG_SYSCONFDIR}/private 70OWN_DIRS= ${PKG_SYSCONFDIR}/certs ${PKG_SYSCONFDIR}/private
72 71
73INSTALLATION_DIRS+= share/examples/openssl 72INSTALLATION_DIRS+= share/examples/openssl
74 73
75# 74#
76# Note that this package cannot be updated solely from Darwin, it relies on 75# Note that this package cannot be updated solely from Darwin, it relies on
77# shlib-dylib.awk to convert the normal .so entries to dylib, which doesn't 76# shlib-dylib.awk to convert the normal .so entries to dylib, which doesn't
78# work the other way around. The lib/engines-1.1 plugins also need special 77# work the other way around. The lib/engines-1.1 plugins also need special
79# handling. 78# handling.
80# 79#
81OPSYSVARS+= SOEXT 80OPSYSVARS+= SOEXT
82SOEXT.Darwin= dylib 81SOEXT.Darwin= dylib
83SOEXT.*= so 82SOEXT.*= so
84PLIST_SUBST+= SOEXT=${SOEXT} 83PLIST_SUBST+= SOEXT=${SOEXT}
85 84
86PRINT_PLIST_AWK+= /^lib\/engines/ { gsub(/\.${SOEXT}$$/, ".$${SOEXT}"); } 85PRINT_PLIST_AWK+= /^lib\/engines/ { gsub(/\.${SOEXT}$$/, ".$${SOEXT}"); }
87 86
88# Remove CC from the environment, to fix GCC version handling on HP-UX, 87# Remove CC from the environment, to fix GCC version handling on HP-UX,
89# SunOS and Linux/sparc. 88# SunOS and Linux/sparc.
90# 89#
91# See https://github.com/openssl/openssl/issues/11060. 90# See https://github.com/openssl/openssl/issues/11060.
92do-configure: 91do-configure:
93 ${RUN} cd ${WRKSRC} && ${SETENV} ${_CONFIGURE_SCRIPT_ENV:NCC=*} \ 92 ${RUN} cd ${WRKSRC} && ${SETENV} ${_CONFIGURE_SCRIPT_ENV:NCC=*} \
94 ${CONFIG_SHELL} ${CONFIGURE_SCRIPT} ${CONFIGURE_ARGS} 93 ${CONFIG_SHELL} ${CONFIGURE_SCRIPT} ${CONFIGURE_ARGS}
95 94
96# 95#
97# Get rid of ridiculous namespace collisions like passwd.1 and just leave the 96# Get rid of ridiculous namespace collisions like passwd.1 and just leave the
98# openssl-*.1 style variants. On a more practical note this avoids creating 97# openssl-*.1 style variants. On a more practical note this avoids creating
99# a conflict with moreutils (ts.1). 98# a conflict with moreutils (ts.1).
100# 99#
101post-install: 100post-install:
102 cd ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1; \ 101 cd ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1; \
103 for f in openssl-*; do \ 102 for f in openssl-*; do \
104 ${RM} -f $${f}; \ 103 ${RM} -f $${f}; \
105 ${MV} `${ECHO} $${f} | ${SED} -e 's/openssl-//'` $${f}; \ 104 ${MV} `${ECHO} $${f} | ${SED} -e 's/openssl-//'` $${f}; \
106 done; \ 105 done; \
107 ${RM} -f openssl-c_rehash.1; \ 106 ${RM} -f openssl-c_rehash.1; \
108 ${LN} -s openssl-rehash.1 c_rehash.1 107 ${LN} -s openssl-rehash.1 c_rehash.1
109 108
110.include "../../mk/dlopen.buildlink3.mk" 109.include "../../mk/dlopen.buildlink3.mk"
111.include "../../mk/bsd.pkg.mk" 110.include "../../mk/bsd.pkg.mk"
cvs diff -r1.160 -r1.161 pkgsrc/security/openssl/distinfo (switch to unified diff)

--- pkgsrc/security/openssl/distinfo 2022/06/21 18:48:39 1.160
+++ pkgsrc/security/openssl/distinfo 2022/07/11 23:03:51 1.161
@@ -1,8 +1,8 @@ @@ -1,8 +1,8 @@
1$NetBSD: distinfo,v 1.160 2022/06/21 18:48:39 jperkin Exp $ 1$NetBSD: distinfo,v 1.161 2022/07/11 23:03:51 wiz Exp $
2 2
3BLAKE2s (openssl-1.1.1p.tar.gz) = 9fe91a85ba0ee64d8225c80fa6fd5bf6294a3aae051a9681798aeb1520c6d1f8 3BLAKE2s (openssl-1.1.1q.tar.gz) = 425462aecc856af9dfb5b2dedd5e3f7f7f74a2243570a4643a168f27e6cf5b9c
4SHA512 (openssl-1.1.1p.tar.gz) = 203470b1cd37bdbfabfec5ef37fc97c991d9943f070c988316f6396b09dae7cea16ac884bd8646dbf7dd1ed40ebde6bdfa5700beee2d714d07c97cc70b4e48d9 4SHA512 (openssl-1.1.1q.tar.gz) = cb9f184ec4974a3423ef59c8ec86b6bf523d5b887da2087ae58c217249da3246896fdd6966ee9c13aea9e6306783365239197e9f742c508a0e35e5744e3e085f
5Size (openssl-1.1.1p.tar.gz) = 9860217 bytes 5Size (openssl-1.1.1q.tar.gz) = 9864061 bytes
6SHA1 (patch-Configurations_shared-info.pl) = 0e835f6e343b5d05ef9a0e6ef2a195201262d15c 6SHA1 (patch-Configurations_shared-info.pl) = 0e835f6e343b5d05ef9a0e6ef2a195201262d15c
7SHA1 (patch-Configurations_unix-Makefile.tmpl) = 3f47dd453381485aeb6c37dc53f932428fdcef50 7SHA1 (patch-Configurations_unix-Makefile.tmpl) = 3f47dd453381485aeb6c37dc53f932428fdcef50
8SHA1 (patch-Configure) = 479f1bc826f7721f6b44d6b5a6cf460432924bf2 8SHA1 (patch-Configure) = 479f1bc826f7721f6b44d6b5a6cf460432924bf2