security/openssl111: Recreate OpenSSL 1.1.1 port

* OpenSSL 1.1.1 is EoL
2023-10-14 18:57:29 +02:00 · 2023-10-14 18:57:29 +02:00 · eb45600f80
commit eb45600f80
parent bbfb41b2a6
10 changed files with 3878 additions and 1 deletions
--- a/1
+++ b/1
@ -3200,7 +3200,6 @@ lang/erlang-runtime16|lang/erlang-runtime21|2020-01-01|Has expired: No longer su
 lang/erlang-runtime17|lang/erlang-runtime21|2020-01-01|Has expired: No longer supported upstream, use lang/erlang >=21
 lang/erlang-runtime18|lang/erlang-runtime21|2020-01-01|Has expired: No longer supported upstream, use lang/erlang >=21
 lang/erlang-runtime19|lang/erlang-runtime21|2020-01-01|Has expired: No longer supported upstream, use lang/erlang >=21
-security/openssl111|security/openssl|2020-01-01|Upgrade security/openssl to 1.1.1 as promised in deprecation message
 devel/gperf31|devel/gperf|2020-01-04|No longer needed as devel/gperf has been updated to 3.1
 devel/yosys|cad/yosys|2020-01-04|Move to a proper category
 cad/ujprog|comms/ujprog|2020-01-05|Move to a proper category
--- a/security/Makefile
+++ b/security/Makefile
@ -420,6 +420,7 @@
    SUBDIR += openssl-agent
    SUBDIR += openssl-quictls
    SUBDIR += openssl-unsafe
+    SUBDIR += openssl111
    SUBDIR += openssl30
    SUBDIR += openssl31
    SUBDIR += openssl32
--- a/security/openssl111/Makefile
+++ b/security/openssl111/Makefile
@ -0,0 +1,171 @@
+PORTNAME=	openssl
+PORTVERSION=	1.1.1w
+CATEGORIES=	security devel
+MASTER_SITES=	https://www.openssl.org/source/ \
+		ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/
+PKGNAMESUFFIX=	111
+
+MAINTAINER=	brnrd@FreeBSD.org
+COMMENT=	TLSv1.3 capable SSL and crypto library
+WWW=		https://www.openssl.org/
+
+LICENSE=	OpenSSL
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+DEPRECATED=	End-of-life since 2023-09-11, see https://www.openssl.org/blog/blog/2023/09/11/eol-111/ \
+		port will be removed when FreeBSD 13 is EoL
+EXPIRES=	2026-01-31
+
+CONFLICTS_INSTALL=	boringssl libressl libressl-devel openssl openssl3[12] openssl-quictls
+
+USES=		cpe perl5
+USE_PERL5=	build
+TEST_TARGET=	test
+
+HAS_CONFIGURE=	yes
+CONFIGURE_SCRIPT=	config
+CONFIGURE_ENV=	PERL="${PERL}"
+CONFIGURE_ARGS=	--openssldir=${OPENSSLDIR} \
+		--prefix=${PREFIX}
+
+LDFLAGS_i386=	-Wl,-znotext
+
+MAKE_ARGS+=	WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}"
+MAKE_ENV+=	LIBRPATH="${PREFIX}/lib" GREP_OPTIONS=
+
+OPTIONS_GROUP=		CIPHERS HASHES OPTIMIZE PROTOCOLS
+OPTIONS_GROUP_CIPHERS=	ARIA DES GOST IDEA SM4 RC2 RC4 RC5 WEAK-SSL-CIPHERS
+OPTIONS_GROUP_HASHES=	MD2 MD4 MDC2 RMD160 SM2 SM3
+OPTIONS_GROUP_OPTIMIZE=	ASM SSE2 THREADS
+OPTIONS_DEFINE_i386=	I386
+OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2
+
+OPTIONS_DEFINE=	ASYNC CRYPTODEV CT KTLS MAN3 RFC3779 SHARED ZLIB
+
+OPTIONS_DEFAULT=ASM ASYNC CT GOST DES EC KTLS MAN3 MD4 NEXTPROTONEG RC2 \
+		RC4 RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2
+
+OPTIONS_EXCLUDE=${${OSVERSION} < 1300042:?KTLS:} \
+		${${OSVERSION} > 1300000:?CRYPTODEV:}
+
+.if ${MACHINE_ARCH} == "amd64"
+OPTIONS_GROUP_OPTIMIZE+=	EC
+.elif ${MACHINE_ARCH} == "mips64el"
+OPTIONS_GROUP_OPTIMIZE+=	EC
+.endif
+
+OPTIONS_SUB=	yes
+
+ARIA_DESC=	ARIA (South Korean standard)
+ASM_DESC=	Assembler code
+ASYNC_DESC=	Asynchronous mode
+CIPHERS_DESC=	Block Cipher Support
+CRYPTODEV_DESC=	/dev/crypto support
+CT_DESC=	Certificate Transparency Support
+DES_DESC=	(Triple) Data Encryption Standard
+EC_DESC=	Optimize NIST elliptic curves
+GOST_DESC=	GOST (Russian standard)
+HASHES_DESC=	Hash Function Support
+I386_DESC=	i386 (instead of i486+)
+IDEA_DESC=	International Data Encryption Algorithm
+KTLS_DESC=	Kernel TLS offload
+MAN3_DESC=	Install API manpages (section 3, 7)
+MD2_DESC=	MD2 (obsolete)
+MD4_DESC=	MD4 (unsafe)
+MDC2_DESC=	MDC-2 (patented, requires DES)
+NEXTPROTONEG_DESC=	Next Protocol Negotiation (SPDY)
+OPTIMIZE_DESC=	Optimizations
+PROTOCOLS_DESC=	Protocol Support
+RC2_DESC=	RC2 (unsafe)
+RC4_DESC=	RC4 (unsafe)
+RC5_DESC=	RC5 (patented)
+RMD160_DESC=	RIPEMD-160
+RFC3779_DESC=	RFC3779 support (BGP)
+SCTP_DESC=	SCTP (Stream Control Transmission)
+SHARED_DESC=	Build shared libraries
+SM2_DESC=	SM2 Elliptic Curve DH (Chinese standard)
+SM3_DESC=	SM3 256bit (Chinese standard)
+SM4_DESC=	SM4 128bit (Chinese standard)
+SSE2_DESC=	Runtime SSE2 detection
+SSL3_DESC=	SSLv3 (unsafe)
+TLS1_DESC=	TLSv1.0 (requires TLS1_1, TLS1_2)
+TLS1_1_DESC=	TLSv1.1 (requires TLS1_2)
+TLS1_2_DESC=	TLSv1.2
+WEAK-SSL-CIPHERS_DESC=	Weak cipher support (unsafe)
+
+# Upstream default disabled options
+.for _option in ktls md2 rc5 sctp ssl3 zlib weak-ssl-ciphers
+${_option:tu}_CONFIGURE_ON=	enable-${_option}
+.endfor
+
+# Upstream default enabled options
+.for _option in aria asm async ct des gost idea md4 mdc2 nextprotoneg rc2 rc4 \
+	rfc3779 rmd160 shared sm2 sm3 sm4 sse2 threads tls1 tls1_1 tls1_2
+${_option:tu}_CONFIGURE_OFF=	no-${_option}
+.endfor
+
+MDC2_IMPLIES=	DES
+TLS1_IMPLIES=	TLS1_1
+TLS1_1_IMPLIES=	TLS1_2
+
+EC_CONFIGURE_ON=	enable-ec_nistp_64_gcc_128
+I386_CONFIGURE_ON=	386
+KTLS_EXTRA_PATCHES=	${FILESDIR}/extra-patch-ktls
+MAN3_EXTRA_PATCHES_OFF=	${FILESDIR}/extra-patch-util_process__docs.pl
+SHARED_MAKE_ENV=	SHLIBVER=${OPENSSL_SHLIBVER}
+SHARED_PLIST_SUB=	SHLIBVER=${OPENSSL_SHLIBVER}
+SHARED_USE=		ldconfig=yes
+SSL3_CONFIGURE_ON+=	enable-ssl3-method
+ZLIB_CONFIGURE_ON=	zlib-dynamic
+
+.include <bsd.port.pre.mk>
+.if ${PREFIX} == /usr
+IGNORE=	the OpenSSL port can not be installed over the base version
+.endif
+
+.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1300000 && !${PORT_OPTIONS:MCRYPTODEV}
+CONFIGURE_ARGS+=	no-devcryptoeng
+.endif
+
+OPENSSLDIR?=	${PREFIX}/openssl
+PLIST_SUB+=	OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==}
+
+.include "version.mk"
+
+.if ${PORT_OPTIONS:MASM}
+BROKEN_sparc64=	option ASM generates illegal instructions
+.endif
+
+post-patch:
+	${REINPLACE_CMD} \
+		-e 's|^MANDIR=.*$$|MANDIR=$$(INSTALLTOP)/man|' \
+		-e 's| install_html_docs$$||' \
+		-e 's|$$(LIBDIR)/pkgconfig|libdata/pkgconfig|g' \
+		${WRKSRC}/Configurations/unix-Makefile.tmpl
+	${REINPLACE_CMD} -e 's|\^GNU ld|GNU|' ${WRKSRC}/Configurations/shared-info.pl
+
+post-configure:
+	${REINPLACE_CMD} \
+		-e 's|SHLIB_VERSION_NUMBER=1.1|SHLIB_VERSION_NUMBER=${OPENSSL_SHLIBVER}|' \
+		${WRKSRC}/Makefile
+	${REINPLACE_CMD} \
+		-e 's|SHLIB_VERSION_NUMBER "1.1"|SHLIB_VERSION_NUMBER "${OPENSSL_SHLIBVER}"|' \
+		${WRKSRC}/include/openssl/opensslv.h
+
+post-install-SHARED-on:
+.for i in libcrypto libssl
+	${INSTALL_LIB} ${WRKSRC}/$i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib
+	${LN} -sf $i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib/$i.so
+.endfor
+.for i in capi padlock
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/engines-1.1/${i}.so
+.endfor
+
+post-install:
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl
+
+post-install-MAN3-on:
+	( cd ${STAGEDIR}/${PREFIX} ; ${FIND} man/man3 man/man7 -not -type d ) | \
+		${SED} 's/$$/.gz/' >>${TMPPLIST}
+
+.include <bsd.port.post.mk>
--- a/security/openssl111/distinfo
+++ b/security/openssl111/distinfo
@ -0,0 +1,3 @@
+TIMESTAMP = 1694449777
+SHA256 (openssl-1.1.1w.tar.gz) = cf3098950cb4d853ad95c0841f1f9c6d3dc102dccfcacd521d93925208b76ac8
+SIZE (openssl-1.1.1w.tar.gz) = 9893384
--- a/security/openssl111/files/extra-patch-ktls
+++ b/security/openssl111/files/extra-patch-ktls
--- a/security/openssl111/files/extra-patch-util_process__docs.pl
+++ b/security/openssl111/files/extra-patch-util_process__docs.pl
@ -0,0 +1,20 @@
+--- util/process_docs.pl.orig	2018-09-11 12:48:25 UTC
+++ util/process_docs.pl
+@@ -43,7 +43,7 @@ GetOptions(\%options,
+           );
+ 
+ unless ($options{section}) {
+-    $options{section} = [ 1, 3, 5, 7 ];
+    $options{section} = [ 1, 5 ];
+ }
+ unless ($options{sourcedir}) {
+     $options{sourcedir} = catdir($config{sourcedir}, "doc");
+@@ -98,7 +98,7 @@ foreach my $section (sort @{$options{sec
+         my $suffix = { man  => ".$podinfo{section}".($options{suffix} // ""),
+                        html => ".html" } -> {$options{type}};
+         my $generate = { man  => "pod2man --name=$name --section=$podinfo{section} --center=OpenSSL --release=$config{version} \"$podpath\"",
+-                         html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=man1:man3:man5:man7 \"--infile=$podpath\" \"--title=$podname\" --quiet"
+                         html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=man1:man5 \"--infile=$podpath\" \"--title=$podname\" --quiet"
+                          } -> {$options{type}};
+         my $output_dir = catdir($options{destdir}, "man$podinfo{section}");
+         my $output_file = $podname . $suffix;
--- a/security/openssl111/files/pkg-message.in
+++ b/security/openssl111/files/pkg-message.in
@ -0,0 +1,8 @@
+[
+{ type: install
+  message: <<EOM
+Copy %%PREFIX%%/openssl/openssl.cnf.sample to %%PREFIX%%/openssl/openssl.cnf
+and edit it to fit your needs.
+EOM
+}
+]
--- a/security/openssl111/pkg-descr
+++ b/security/openssl111/pkg-descr
@ -0,0 +1,13 @@
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, full-featured, and Open Source toolkit implementing
+the Secure Sockets Layer (SSL v3) and Transport Layer Security (TLS v1,
+v1.1, v1.2, v1.3) protocols with full-strength cryptography world-wide.
+The project is managed by a worldwide community of volunteers that use
+the Internet to communicate, plan, and develop the OpenSSL tookit
+and its related documentation.
+
+OpenSSL is based on the excellent SSLeay library developed by Eric
+A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under
+an Apache-style licence, which basically means that you are free
+to get and use it for commercial and non-commercial purposes subject
+to some simple license conditions.
--- a/security/openssl111/pkg-plist
+++ b/security/openssl111/pkg-plist
@ -0,0 +1,226 @@
+bin/c_rehash
+bin/openssl
+include/openssl/aes.h
+include/openssl/asn1.h
+include/openssl/asn1_mac.h
+include/openssl/asn1err.h
+include/openssl/asn1t.h
+include/openssl/async.h
+include/openssl/asyncerr.h
+include/openssl/bio.h
+include/openssl/bioerr.h
+include/openssl/blowfish.h
+include/openssl/bn.h
+include/openssl/bnerr.h
+include/openssl/buffer.h
+include/openssl/buffererr.h
+include/openssl/camellia.h
+include/openssl/cast.h
+include/openssl/cmac.h
+include/openssl/cms.h
+include/openssl/cmserr.h
+include/openssl/comp.h
+include/openssl/comperr.h
+include/openssl/conf.h
+include/openssl/conf_api.h
+include/openssl/conferr.h
+include/openssl/crypto.h
+include/openssl/cryptoerr.h
+include/openssl/ct.h
+include/openssl/cterr.h
+include/openssl/des.h
+include/openssl/dh.h
+include/openssl/dherr.h
+include/openssl/dsa.h
+include/openssl/dsaerr.h
+include/openssl/dtls1.h
+include/openssl/e_os2.h
+include/openssl/ebcdic.h
+include/openssl/ec.h
+include/openssl/ecdh.h
+include/openssl/ecdsa.h
+include/openssl/ecerr.h
+include/openssl/engine.h
+include/openssl/engineerr.h
+include/openssl/err.h
+include/openssl/evp.h
+include/openssl/evperr.h
+include/openssl/hmac.h
+include/openssl/idea.h
+include/openssl/kdf.h
+include/openssl/kdferr.h
+include/openssl/lhash.h
+include/openssl/md2.h
+include/openssl/md4.h
+include/openssl/md5.h
+include/openssl/mdc2.h
+include/openssl/modes.h
+include/openssl/obj_mac.h
+include/openssl/objects.h
+include/openssl/objectserr.h
+include/openssl/ocsp.h
+include/openssl/ocsperr.h
+include/openssl/opensslconf.h
+include/openssl/opensslv.h
+include/openssl/ossl_typ.h
+include/openssl/pem.h
+include/openssl/pem2.h
+include/openssl/pemerr.h
+include/openssl/pkcs12.h
+include/openssl/pkcs12err.h
+include/openssl/pkcs7.h
+include/openssl/pkcs7err.h
+include/openssl/rand.h
+include/openssl/rand_drbg.h
+include/openssl/randerr.h
+include/openssl/rc2.h
+include/openssl/rc4.h
+include/openssl/rc5.h
+include/openssl/ripemd.h
+include/openssl/rsa.h
+include/openssl/rsaerr.h
+include/openssl/safestack.h
+include/openssl/seed.h
+include/openssl/sha.h
+include/openssl/srp.h
+include/openssl/srtp.h
+include/openssl/ssl.h
+include/openssl/ssl2.h
+include/openssl/ssl3.h
+include/openssl/sslerr.h
+include/openssl/stack.h
+include/openssl/store.h
+include/openssl/storeerr.h
+include/openssl/symhacks.h
+include/openssl/tls1.h
+include/openssl/ts.h
+include/openssl/tserr.h
+include/openssl/txt_db.h
+include/openssl/ui.h
+include/openssl/uierr.h
+include/openssl/whrlpool.h
+include/openssl/x509.h
+include/openssl/x509_vfy.h
+include/openssl/x509err.h
+include/openssl/x509v3.h
+include/openssl/x509v3err.h
+%%SHARED%%lib/engines-1.1/capi.so
+%%SHARED%%lib/engines-1.1/padlock.so
+lib/libcrypto.a
+%%SHARED%%lib/libcrypto.so
+%%SHARED%%lib/libcrypto.so.%%SHLIBVER%%
+lib/libssl.a
+%%SHARED%%lib/libssl.so
+%%SHARED%%lib/libssl.so.%%SHLIBVER%%
+libdata/pkgconfig/libcrypto.pc
+libdata/pkgconfig/libssl.pc
+libdata/pkgconfig/openssl.pc
+man/man1/CA.pl.1.gz
+man/man1/asn1parse.1.gz
+man/man1/c_rehash.1.gz
+man/man1/ca.1.gz
+man/man1/ciphers.1.gz
+man/man1/cms.1.gz
+man/man1/crl.1.gz
+man/man1/crl2pkcs7.1.gz
+man/man1/dgst.1.gz
+man/man1/dhparam.1.gz
+man/man1/dsa.1.gz
+man/man1/dsaparam.1.gz
+man/man1/ec.1.gz
+man/man1/ecparam.1.gz
+man/man1/enc.1.gz
+man/man1/engine.1.gz
+man/man1/errstr.1.gz
+man/man1/gendsa.1.gz
+man/man1/genpkey.1.gz
+man/man1/genrsa.1.gz
+man/man1/list.1.gz
+man/man1/nseq.1.gz
+man/man1/ocsp.1.gz
+man/man1/openssl-asn1parse.1.gz
+man/man1/openssl-c_rehash.1.gz
+man/man1/openssl-ca.1.gz
+man/man1/openssl-ciphers.1.gz
+man/man1/openssl-cms.1.gz
+man/man1/openssl-crl.1.gz
+man/man1/openssl-crl2pkcs7.1.gz
+man/man1/openssl-dgst.1.gz
+man/man1/openssl-dhparam.1.gz
+man/man1/openssl-dsa.1.gz
+man/man1/openssl-dsaparam.1.gz
+man/man1/openssl-ec.1.gz
+man/man1/openssl-ecparam.1.gz
+man/man1/openssl-enc.1.gz
+man/man1/openssl-engine.1.gz
+man/man1/openssl-errstr.1.gz
+man/man1/openssl-gendsa.1.gz
+man/man1/openssl-genpkey.1.gz
+man/man1/openssl-genrsa.1.gz
+man/man1/openssl-list.1.gz
+man/man1/openssl-nseq.1.gz
+man/man1/openssl-ocsp.1.gz
+man/man1/openssl-passwd.1.gz
+man/man1/openssl-pkcs12.1.gz
+man/man1/openssl-pkcs7.1.gz
+man/man1/openssl-pkcs8.1.gz
+man/man1/openssl-pkey.1.gz
+man/man1/openssl-pkeyparam.1.gz
+man/man1/openssl-pkeyutl.1.gz
+man/man1/openssl-prime.1.gz
+man/man1/openssl-rand.1.gz
+man/man1/openssl-rehash.1.gz
+man/man1/openssl-req.1.gz
+man/man1/openssl-rsa.1.gz
+man/man1/openssl-rsautl.1.gz
+man/man1/openssl-s_client.1.gz
+man/man1/openssl-s_server.1.gz
+man/man1/openssl-s_time.1.gz
+man/man1/openssl-sess_id.1.gz
+man/man1/openssl-smime.1.gz
+man/man1/openssl-speed.1.gz
+man/man1/openssl-spkac.1.gz
+man/man1/openssl-srp.1.gz
+man/man1/openssl-storeutl.1.gz
+man/man1/openssl-ts.1.gz
+man/man1/openssl-tsget.1.gz
+man/man1/openssl-verify.1.gz
+man/man1/openssl-version.1.gz
+man/man1/openssl-x509.1.gz
+man/man1/openssl.1.gz
+man/man1/passwd.1.gz
+man/man1/pkcs12.1.gz
+man/man1/pkcs7.1.gz
+man/man1/pkcs8.1.gz
+man/man1/pkey.1.gz
+man/man1/pkeyparam.1.gz
+man/man1/pkeyutl.1.gz
+man/man1/prime.1.gz
+man/man1/rand.1.gz
+man/man1/rehash.1.gz
+man/man1/req.1.gz
+man/man1/rsa.1.gz
+man/man1/rsautl.1.gz
+man/man1/s_client.1.gz
+man/man1/s_server.1.gz
+man/man1/s_time.1.gz
+man/man1/sess_id.1.gz
+man/man1/smime.1.gz
+man/man1/speed.1.gz
+man/man1/spkac.1.gz
+man/man1/srp.1.gz
+man/man1/storeutl.1.gz
+man/man1/ts.1.gz
+man/man1/tsget.1.gz
+man/man1/verify.1.gz
+man/man1/version.1.gz
+man/man1/x509.1.gz
+man/man5/config.5.gz
+man/man5/x509v3_config.5.gz
+%%OPENSSLDIR%%/misc/CA.pl
+%%OPENSSLDIR%%/misc/tsget
+@comment %%OPENSSLDIR%%/misc/tsget.pl
+@sample %%OPENSSLDIR%%/openssl.cnf.dist %%OPENSSLDIR%%/openssl.cnf
+@sample %%OPENSSLDIR%%/ct_log_list.cnf.dist %%OPENSSLDIR%%/ct_log_list.cnf
+@dir %%OPENSSLDIR%%/private
+@dir %%OPENSSLDIR%%/certs
--- a/security/openssl111/version.mk
+++ b/security/openssl111/version.mk
@ -0,0 +1 @@
+OPENSSL_SHLIBVER?=	11