security/openssl111: Recreate OpenSSL 1.1.1 port

* OpenSSL 1.1.1 is EoL
This commit is contained in:
Bernard Spil 2023-10-14 18:57:29 +02:00
parent bbfb41b2a6
commit eb45600f80
10 changed files with 3878 additions and 1 deletions

1
MOVED
View file

@ -3200,7 +3200,6 @@ lang/erlang-runtime16|lang/erlang-runtime21|2020-01-01|Has expired: No longer su
lang/erlang-runtime17|lang/erlang-runtime21|2020-01-01|Has expired: No longer supported upstream, use lang/erlang >=21
lang/erlang-runtime18|lang/erlang-runtime21|2020-01-01|Has expired: No longer supported upstream, use lang/erlang >=21
lang/erlang-runtime19|lang/erlang-runtime21|2020-01-01|Has expired: No longer supported upstream, use lang/erlang >=21
security/openssl111|security/openssl|2020-01-01|Upgrade security/openssl to 1.1.1 as promised in deprecation message
devel/gperf31|devel/gperf|2020-01-04|No longer needed as devel/gperf has been updated to 3.1
devel/yosys|cad/yosys|2020-01-04|Move to a proper category
cad/ujprog|comms/ujprog|2020-01-05|Move to a proper category

View file

@ -420,6 +420,7 @@
SUBDIR += openssl-agent
SUBDIR += openssl-quictls
SUBDIR += openssl-unsafe
SUBDIR += openssl111
SUBDIR += openssl30
SUBDIR += openssl31
SUBDIR += openssl32

View file

@ -0,0 +1,171 @@
PORTNAME= openssl
PORTVERSION= 1.1.1w
CATEGORIES= security devel
MASTER_SITES= https://www.openssl.org/source/ \
ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/
PKGNAMESUFFIX= 111
MAINTAINER= brnrd@FreeBSD.org
COMMENT= TLSv1.3 capable SSL and crypto library
WWW= https://www.openssl.org/
LICENSE= OpenSSL
LICENSE_FILE= ${WRKSRC}/LICENSE
DEPRECATED= End-of-life since 2023-09-11, see https://www.openssl.org/blog/blog/2023/09/11/eol-111/ \
port will be removed when FreeBSD 13 is EoL
EXPIRES= 2026-01-31
CONFLICTS_INSTALL= boringssl libressl libressl-devel openssl openssl3[12] openssl-quictls
USES= cpe perl5
USE_PERL5= build
TEST_TARGET= test
HAS_CONFIGURE= yes
CONFIGURE_SCRIPT= config
CONFIGURE_ENV= PERL="${PERL}"
CONFIGURE_ARGS= --openssldir=${OPENSSLDIR} \
--prefix=${PREFIX}
LDFLAGS_i386= -Wl,-znotext
MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}"
MAKE_ENV+= LIBRPATH="${PREFIX}/lib" GREP_OPTIONS=
OPTIONS_GROUP= CIPHERS HASHES OPTIMIZE PROTOCOLS
OPTIONS_GROUP_CIPHERS= ARIA DES GOST IDEA SM4 RC2 RC4 RC5 WEAK-SSL-CIPHERS
OPTIONS_GROUP_HASHES= MD2 MD4 MDC2 RMD160 SM2 SM3
OPTIONS_GROUP_OPTIMIZE= ASM SSE2 THREADS
OPTIONS_DEFINE_i386= I386
OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2
OPTIONS_DEFINE= ASYNC CRYPTODEV CT KTLS MAN3 RFC3779 SHARED ZLIB
OPTIONS_DEFAULT=ASM ASYNC CT GOST DES EC KTLS MAN3 MD4 NEXTPROTONEG RC2 \
RC4 RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2
OPTIONS_EXCLUDE=${${OSVERSION} < 1300042:?KTLS:} \
${${OSVERSION} > 1300000:?CRYPTODEV:}
.if ${MACHINE_ARCH} == "amd64"
OPTIONS_GROUP_OPTIMIZE+= EC
.elif ${MACHINE_ARCH} == "mips64el"
OPTIONS_GROUP_OPTIMIZE+= EC
.endif
OPTIONS_SUB= yes
ARIA_DESC= ARIA (South Korean standard)
ASM_DESC= Assembler code
ASYNC_DESC= Asynchronous mode
CIPHERS_DESC= Block Cipher Support
CRYPTODEV_DESC= /dev/crypto support
CT_DESC= Certificate Transparency Support
DES_DESC= (Triple) Data Encryption Standard
EC_DESC= Optimize NIST elliptic curves
GOST_DESC= GOST (Russian standard)
HASHES_DESC= Hash Function Support
I386_DESC= i386 (instead of i486+)
IDEA_DESC= International Data Encryption Algorithm
KTLS_DESC= Kernel TLS offload
MAN3_DESC= Install API manpages (section 3, 7)
MD2_DESC= MD2 (obsolete)
MD4_DESC= MD4 (unsafe)
MDC2_DESC= MDC-2 (patented, requires DES)
NEXTPROTONEG_DESC= Next Protocol Negotiation (SPDY)
OPTIMIZE_DESC= Optimizations
PROTOCOLS_DESC= Protocol Support
RC2_DESC= RC2 (unsafe)
RC4_DESC= RC4 (unsafe)
RC5_DESC= RC5 (patented)
RMD160_DESC= RIPEMD-160
RFC3779_DESC= RFC3779 support (BGP)
SCTP_DESC= SCTP (Stream Control Transmission)
SHARED_DESC= Build shared libraries
SM2_DESC= SM2 Elliptic Curve DH (Chinese standard)
SM3_DESC= SM3 256bit (Chinese standard)
SM4_DESC= SM4 128bit (Chinese standard)
SSE2_DESC= Runtime SSE2 detection
SSL3_DESC= SSLv3 (unsafe)
TLS1_DESC= TLSv1.0 (requires TLS1_1, TLS1_2)
TLS1_1_DESC= TLSv1.1 (requires TLS1_2)
TLS1_2_DESC= TLSv1.2
WEAK-SSL-CIPHERS_DESC= Weak cipher support (unsafe)
# Upstream default disabled options
.for _option in ktls md2 rc5 sctp ssl3 zlib weak-ssl-ciphers
${_option:tu}_CONFIGURE_ON= enable-${_option}
.endfor
# Upstream default enabled options
.for _option in aria asm async ct des gost idea md4 mdc2 nextprotoneg rc2 rc4 \
rfc3779 rmd160 shared sm2 sm3 sm4 sse2 threads tls1 tls1_1 tls1_2
${_option:tu}_CONFIGURE_OFF= no-${_option}
.endfor
MDC2_IMPLIES= DES
TLS1_IMPLIES= TLS1_1
TLS1_1_IMPLIES= TLS1_2
EC_CONFIGURE_ON= enable-ec_nistp_64_gcc_128
I386_CONFIGURE_ON= 386
KTLS_EXTRA_PATCHES= ${FILESDIR}/extra-patch-ktls
MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-util_process__docs.pl
SHARED_MAKE_ENV= SHLIBVER=${OPENSSL_SHLIBVER}
SHARED_PLIST_SUB= SHLIBVER=${OPENSSL_SHLIBVER}
SHARED_USE= ldconfig=yes
SSL3_CONFIGURE_ON+= enable-ssl3-method
ZLIB_CONFIGURE_ON= zlib-dynamic
.include <bsd.port.pre.mk>
.if ${PREFIX} == /usr
IGNORE= the OpenSSL port can not be installed over the base version
.endif
.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1300000 && !${PORT_OPTIONS:MCRYPTODEV}
CONFIGURE_ARGS+= no-devcryptoeng
.endif
OPENSSLDIR?= ${PREFIX}/openssl
PLIST_SUB+= OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==}
.include "version.mk"
.if ${PORT_OPTIONS:MASM}
BROKEN_sparc64= option ASM generates illegal instructions
.endif
post-patch:
${REINPLACE_CMD} \
-e 's|^MANDIR=.*$$|MANDIR=$$(INSTALLTOP)/man|' \
-e 's| install_html_docs$$||' \
-e 's|$$(LIBDIR)/pkgconfig|libdata/pkgconfig|g' \
${WRKSRC}/Configurations/unix-Makefile.tmpl
${REINPLACE_CMD} -e 's|\^GNU ld|GNU|' ${WRKSRC}/Configurations/shared-info.pl
post-configure:
${REINPLACE_CMD} \
-e 's|SHLIB_VERSION_NUMBER=1.1|SHLIB_VERSION_NUMBER=${OPENSSL_SHLIBVER}|' \
${WRKSRC}/Makefile
${REINPLACE_CMD} \
-e 's|SHLIB_VERSION_NUMBER "1.1"|SHLIB_VERSION_NUMBER "${OPENSSL_SHLIBVER}"|' \
${WRKSRC}/include/openssl/opensslv.h
post-install-SHARED-on:
.for i in libcrypto libssl
${INSTALL_LIB} ${WRKSRC}/$i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib
${LN} -sf $i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib/$i.so
.endfor
.for i in capi padlock
${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/engines-1.1/${i}.so
.endfor
post-install:
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl
post-install-MAN3-on:
( cd ${STAGEDIR}/${PREFIX} ; ${FIND} man/man3 man/man7 -not -type d ) | \
${SED} 's/$$/.gz/' >>${TMPPLIST}
.include <bsd.port.post.mk>

View file

@ -0,0 +1,3 @@
TIMESTAMP = 1694449777
SHA256 (openssl-1.1.1w.tar.gz) = cf3098950cb4d853ad95c0841f1f9c6d3dc102dccfcacd521d93925208b76ac8
SIZE (openssl-1.1.1w.tar.gz) = 9893384

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,20 @@
--- util/process_docs.pl.orig 2018-09-11 12:48:25 UTC
+++ util/process_docs.pl
@@ -43,7 +43,7 @@ GetOptions(\%options,
);
unless ($options{section}) {
- $options{section} = [ 1, 3, 5, 7 ];
+ $options{section} = [ 1, 5 ];
}
unless ($options{sourcedir}) {
$options{sourcedir} = catdir($config{sourcedir}, "doc");
@@ -98,7 +98,7 @@ foreach my $section (sort @{$options{sec
my $suffix = { man => ".$podinfo{section}".($options{suffix} // ""),
html => ".html" } -> {$options{type}};
my $generate = { man => "pod2man --name=$name --section=$podinfo{section} --center=OpenSSL --release=$config{version} \"$podpath\"",
- html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=man1:man3:man5:man7 \"--infile=$podpath\" \"--title=$podname\" --quiet"
+ html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=man1:man5 \"--infile=$podpath\" \"--title=$podname\" --quiet"
} -> {$options{type}};
my $output_dir = catdir($options{destdir}, "man$podinfo{section}");
my $output_file = $podname . $suffix;

View file

@ -0,0 +1,8 @@
[
{ type: install
message: <<EOM
Copy %%PREFIX%%/openssl/openssl.cnf.sample to %%PREFIX%%/openssl/openssl.cnf
and edit it to fit your needs.
EOM
}
]

View file

@ -0,0 +1,13 @@
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v3) and Transport Layer Security (TLS v1,
v1.1, v1.2, v1.3) protocols with full-strength cryptography world-wide.
The project is managed by a worldwide community of volunteers that use
the Internet to communicate, plan, and develop the OpenSSL tookit
and its related documentation.
OpenSSL is based on the excellent SSLeay library developed by Eric
A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under
an Apache-style licence, which basically means that you are free
to get and use it for commercial and non-commercial purposes subject
to some simple license conditions.

View file

@ -0,0 +1,226 @@
bin/c_rehash
bin/openssl
include/openssl/aes.h
include/openssl/asn1.h
include/openssl/asn1_mac.h
include/openssl/asn1err.h
include/openssl/asn1t.h
include/openssl/async.h
include/openssl/asyncerr.h
include/openssl/bio.h
include/openssl/bioerr.h
include/openssl/blowfish.h
include/openssl/bn.h
include/openssl/bnerr.h
include/openssl/buffer.h
include/openssl/buffererr.h
include/openssl/camellia.h
include/openssl/cast.h
include/openssl/cmac.h
include/openssl/cms.h
include/openssl/cmserr.h
include/openssl/comp.h
include/openssl/comperr.h
include/openssl/conf.h
include/openssl/conf_api.h
include/openssl/conferr.h
include/openssl/crypto.h
include/openssl/cryptoerr.h
include/openssl/ct.h
include/openssl/cterr.h
include/openssl/des.h
include/openssl/dh.h
include/openssl/dherr.h
include/openssl/dsa.h
include/openssl/dsaerr.h
include/openssl/dtls1.h
include/openssl/e_os2.h
include/openssl/ebcdic.h
include/openssl/ec.h
include/openssl/ecdh.h
include/openssl/ecdsa.h
include/openssl/ecerr.h
include/openssl/engine.h
include/openssl/engineerr.h
include/openssl/err.h
include/openssl/evp.h
include/openssl/evperr.h
include/openssl/hmac.h
include/openssl/idea.h
include/openssl/kdf.h
include/openssl/kdferr.h
include/openssl/lhash.h
include/openssl/md2.h
include/openssl/md4.h
include/openssl/md5.h
include/openssl/mdc2.h
include/openssl/modes.h
include/openssl/obj_mac.h
include/openssl/objects.h
include/openssl/objectserr.h
include/openssl/ocsp.h
include/openssl/ocsperr.h
include/openssl/opensslconf.h
include/openssl/opensslv.h
include/openssl/ossl_typ.h
include/openssl/pem.h
include/openssl/pem2.h
include/openssl/pemerr.h
include/openssl/pkcs12.h
include/openssl/pkcs12err.h
include/openssl/pkcs7.h
include/openssl/pkcs7err.h
include/openssl/rand.h
include/openssl/rand_drbg.h
include/openssl/randerr.h
include/openssl/rc2.h
include/openssl/rc4.h
include/openssl/rc5.h
include/openssl/ripemd.h
include/openssl/rsa.h
include/openssl/rsaerr.h
include/openssl/safestack.h
include/openssl/seed.h
include/openssl/sha.h
include/openssl/srp.h
include/openssl/srtp.h
include/openssl/ssl.h
include/openssl/ssl2.h
include/openssl/ssl3.h
include/openssl/sslerr.h
include/openssl/stack.h
include/openssl/store.h
include/openssl/storeerr.h
include/openssl/symhacks.h
include/openssl/tls1.h
include/openssl/ts.h
include/openssl/tserr.h
include/openssl/txt_db.h
include/openssl/ui.h
include/openssl/uierr.h
include/openssl/whrlpool.h
include/openssl/x509.h
include/openssl/x509_vfy.h
include/openssl/x509err.h
include/openssl/x509v3.h
include/openssl/x509v3err.h
%%SHARED%%lib/engines-1.1/capi.so
%%SHARED%%lib/engines-1.1/padlock.so
lib/libcrypto.a
%%SHARED%%lib/libcrypto.so
%%SHARED%%lib/libcrypto.so.%%SHLIBVER%%
lib/libssl.a
%%SHARED%%lib/libssl.so
%%SHARED%%lib/libssl.so.%%SHLIBVER%%
libdata/pkgconfig/libcrypto.pc
libdata/pkgconfig/libssl.pc
libdata/pkgconfig/openssl.pc
man/man1/CA.pl.1.gz
man/man1/asn1parse.1.gz
man/man1/c_rehash.1.gz
man/man1/ca.1.gz
man/man1/ciphers.1.gz
man/man1/cms.1.gz
man/man1/crl.1.gz
man/man1/crl2pkcs7.1.gz
man/man1/dgst.1.gz
man/man1/dhparam.1.gz
man/man1/dsa.1.gz
man/man1/dsaparam.1.gz
man/man1/ec.1.gz
man/man1/ecparam.1.gz
man/man1/enc.1.gz
man/man1/engine.1.gz
man/man1/errstr.1.gz
man/man1/gendsa.1.gz
man/man1/genpkey.1.gz
man/man1/genrsa.1.gz
man/man1/list.1.gz
man/man1/nseq.1.gz
man/man1/ocsp.1.gz
man/man1/openssl-asn1parse.1.gz
man/man1/openssl-c_rehash.1.gz
man/man1/openssl-ca.1.gz
man/man1/openssl-ciphers.1.gz
man/man1/openssl-cms.1.gz
man/man1/openssl-crl.1.gz
man/man1/openssl-crl2pkcs7.1.gz
man/man1/openssl-dgst.1.gz
man/man1/openssl-dhparam.1.gz
man/man1/openssl-dsa.1.gz
man/man1/openssl-dsaparam.1.gz
man/man1/openssl-ec.1.gz
man/man1/openssl-ecparam.1.gz
man/man1/openssl-enc.1.gz
man/man1/openssl-engine.1.gz
man/man1/openssl-errstr.1.gz
man/man1/openssl-gendsa.1.gz
man/man1/openssl-genpkey.1.gz
man/man1/openssl-genrsa.1.gz
man/man1/openssl-list.1.gz
man/man1/openssl-nseq.1.gz
man/man1/openssl-ocsp.1.gz
man/man1/openssl-passwd.1.gz
man/man1/openssl-pkcs12.1.gz
man/man1/openssl-pkcs7.1.gz
man/man1/openssl-pkcs8.1.gz
man/man1/openssl-pkey.1.gz
man/man1/openssl-pkeyparam.1.gz
man/man1/openssl-pkeyutl.1.gz
man/man1/openssl-prime.1.gz
man/man1/openssl-rand.1.gz
man/man1/openssl-rehash.1.gz
man/man1/openssl-req.1.gz
man/man1/openssl-rsa.1.gz
man/man1/openssl-rsautl.1.gz
man/man1/openssl-s_client.1.gz
man/man1/openssl-s_server.1.gz
man/man1/openssl-s_time.1.gz
man/man1/openssl-sess_id.1.gz
man/man1/openssl-smime.1.gz
man/man1/openssl-speed.1.gz
man/man1/openssl-spkac.1.gz
man/man1/openssl-srp.1.gz
man/man1/openssl-storeutl.1.gz
man/man1/openssl-ts.1.gz
man/man1/openssl-tsget.1.gz
man/man1/openssl-verify.1.gz
man/man1/openssl-version.1.gz
man/man1/openssl-x509.1.gz
man/man1/openssl.1.gz
man/man1/passwd.1.gz
man/man1/pkcs12.1.gz
man/man1/pkcs7.1.gz
man/man1/pkcs8.1.gz
man/man1/pkey.1.gz
man/man1/pkeyparam.1.gz
man/man1/pkeyutl.1.gz
man/man1/prime.1.gz
man/man1/rand.1.gz
man/man1/rehash.1.gz
man/man1/req.1.gz
man/man1/rsa.1.gz
man/man1/rsautl.1.gz
man/man1/s_client.1.gz
man/man1/s_server.1.gz
man/man1/s_time.1.gz
man/man1/sess_id.1.gz
man/man1/smime.1.gz
man/man1/speed.1.gz
man/man1/spkac.1.gz
man/man1/srp.1.gz
man/man1/storeutl.1.gz
man/man1/ts.1.gz
man/man1/tsget.1.gz
man/man1/verify.1.gz
man/man1/version.1.gz
man/man1/x509.1.gz
man/man5/config.5.gz
man/man5/x509v3_config.5.gz
%%OPENSSLDIR%%/misc/CA.pl
%%OPENSSLDIR%%/misc/tsget
@comment %%OPENSSLDIR%%/misc/tsget.pl
@sample %%OPENSSLDIR%%/openssl.cnf.dist %%OPENSSLDIR%%/openssl.cnf
@sample %%OPENSSLDIR%%/ct_log_list.cnf.dist %%OPENSSLDIR%%/ct_log_list.cnf
@dir %%OPENSSLDIR%%/private
@dir %%OPENSSLDIR%%/certs

View file

@ -0,0 +1 @@
OPENSSL_SHLIBVER?= 11