Commit graph

238 commits

Author SHA1 Message Date
jlam
c098327def Update security/openssl from 0.9.7h to 0.9.7i. Changes from version
0.9.7h include fixing a shared library upgrade problem where openssl-0.9.7h
had a different ABI than previous 0.9.7 sub-revisions due to a changed
constant.
2005-10-15 06:29:58 +00:00
jlam
56fc9eaed8 If the native openssl-0.9.7d contains the security fixes pulled up to
the netbsd-2-0, netbsd-2, and netbsd-3-0 branches on 2005-10-11, then
for the purposes of satisfying dependencies, pretend it's openssl-0.9.7h.
2005-10-12 02:20:10 +00:00
jlam
524b6ae113 Remove leading "-" from version number when matching the openssl-0.9.6g
from the netbsd-1-6 branch with the 20040401 fix.
2005-10-12 02:00:03 +00:00
jlam
20992756a1 Update security/openssl to version 0.9.7h. This is a security
vulnerability triggered update due to CAN-2005-2969.  Changes from
version 0.9.7f include:

      o Fix SSL 2.0 Rollback, CAN-2005-2969
      o Allow use of fixed-length exponent on DSA signing
      o Default fixed-window RSA, DSA, DH private-key operations
      o More compilation issues fixed.
      o Adaptation to more modern Kerberos API.
      o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
      o Enhanced x86_64 assembler BIGNUM module.
      o More constification.
      o Added processing of proxy certificates (RFC 3820).
2005-10-11 17:19:21 +00:00
jlam
2e8a0d6f8e For NetBSD's crippled OpenSSL distribution, create an <openssl/des_old.h>
header in the buildlink directory that just pulls in /usr/include/des.h.
This should allow packages that purposely include <openssl/des_old.h> on
post-0.9.7 versions of OpenSSL to find it on NetBSD.
2005-08-16 16:58:29 +00:00
grant
31493ef866 the option for fee-based-commercial-use is fee-based-commercial-use,
not fee-based-commercial.
2005-07-19 00:26:19 +00:00
jlam
3e474a90d8 Get rid of USE_PERL5. The new way to express needing the Perl executable
around at either build-time or at run-time is:

	USE_TOOLS+=	perl		# build-time
	USE_TOOLS+=	perl:run	# run-time

Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
2005-07-16 01:19:06 +00:00
jlam
8cba08b973 Some shells don't accept empty word lists in for loops. For those
Makefiles where this occurs, edit the file so that we avoid running
the loop.  This should fix PR pkg/28809.
2005-06-11 22:16:15 +00:00
jlam
dbaf1e860b Fix copy-and-paste error -- in the case where we prefer the pkgsrc
version of the software, USE_BUILTIN.<pkg> should be set to "no", not
to ${IS_BUILTIN.<pkg>}.
2005-06-09 06:07:29 +00:00
jlam
95fd1f6ec9 Massive cleanup of buildlink3.mk and builtin.mk files in pkgsrc.
Several changes are involved since they are all interrelated.  These
changes affect about 1000 files.

The first major change is rewriting bsd.builtin.mk as well as all of
the builtin.mk files to follow the new example in bsd.builtin.mk.
The loop to include all of the builtin.mk files needed by the package
is moved from bsd.builtin.mk and into bsd.buildlink3.mk.  bsd.builtin.mk
is now included by each of the individual builtin.mk files and provides
some common logic for all of the builtin.mk files.  Currently, this
includes the computation for whether the native or pkgsrc version of
the package is preferred.  This causes USE_BUILTIN.* to be correctly
set when one builtin.mk file includes another.

The second major change is teach the builtin.mk files to consider
files under ${LOCALBASE} to be from pkgsrc-controlled packages.  Most
of the builtin.mk files test for the presence of built-in software by
checking for the existence of certain files, e.g. <pthread.h>, and we
now assume that if that file is under ${LOCALBASE}, then it must be
from pkgsrc.  This modification is a nod toward LOCALBASE=/usr.  The
exceptions to this new check are the X11 distribution packages, which
are handled specially as noted below.

The third major change is providing builtin.mk and version.mk files
for each of the X11 distribution packages in pkgsrc.  The builtin.mk
file can detect whether the native X11 distribution is the same as
the one provided by pkgsrc, and the version.mk file computes the
version of the X11 distribution package, whether it's built-in or not.

The fourth major change is that the buildlink3.mk files for X11 packages
that install parts which are part of X11 distribution packages, e.g.
Xpm, Xcursor, etc., now use imake to query the X11 distribution for
whether the software is already provided by the X11 distribution.
This is more accurate than grepping for a symbol name in the imake
config files.  Using imake required sprinkling various builtin-imake.mk
helper files into pkgsrc directories.  These files are used as input
to imake since imake can't use stdin for that purpose.

The fifth major change is in how packages note that they use X11.
Instead of setting USE_X11, package Makefiles should now include
x11.buildlink3.mk instead.  This causes the X11 package buildlink3
and builtin logic to be executed at the correct place for buildlink3.mk
and builtin.mk files that previously set USE_X11, and fixes packages
that relied on buildlink3.mk files to implicitly note that X11 is
needed.  Package buildlink3.mk should also include x11.buildlink3.mk
when linking against the package libraries requires also linking
against the X11 libraries.  Where it was obvious, redundant inclusions
of x11.buildlink3.mk have been removed.
2005-06-01 18:02:37 +00:00
jlam
585534220c Remove USE_GNU_TOOLS and replace with the correct USE_TOOLS definitions:
USE_GNU_TOOLS	-> USE_TOOLS
	awk		-> gawk
	m4		-> gm4
	make		-> gmake
	sed		-> gsed
	yacc		-> bison
2005-05-22 20:07:36 +00:00
jlam
0dbd0c0762 Rename MAKE_VARS to MAKEVARS so that it more closely resembles
"MAKEFLAGS".  Both "MAKEVARS" and "MAKEFLAGS" affect the package-level
make process, not the software's own make process.
2005-05-11 22:08:18 +00:00
jlam
4fd08abc6e I mixed up MAKE_FLAGS with MAKEFLAGS. The latter is what we actually use
to pass make flags to bmake.
2005-05-11 22:03:52 +00:00
jlam
67ca8c8715 Don't assign to PKG_OPTIONS.<pkg> which has special meaning to the
options framework.  Rename PKG_OPTIONS.* to PKG_BUILD_OPTIONS.*.
2005-05-09 05:14:08 +00:00
jlam
03e9337879 Teach bsd.pkg.mk to create a phase-specific "makevars.mk" file that
caches variable definitions that were computed by make.  These variables
are specified by listing them in MAKE_VARS, e.g.,

	.if !defined(FOO)
	FOO!=	very_time_consuming_command
	.endif
	MAKE_VARS+=	FOO

bsd.pkg.mk will include only the one generated during the most recent
phase.  A particular phase's makevars.mk file consists of variable
definitions that are a superset of all of the ones produced in previous
phases of the build.

The caching is useful because bsd.pkg.mk invokes make recursively,
which in the example above has the potential to run the very time-consuming
command each time unless we cause FOO to be defined for the sub-make
processes.  We don't cache via MAKE_FLAGS because MAKE_FLAGS isn't
consistently applied to every invocation of make, and also because
MAKE_FLAGS can overflow the maximum length of a make variable very
quickly if we add many values to it.

One important and desirable property of variables cached via MAKE_VARS
is that they only apply to the current package, and not to any
dependencies whose builds may have been triggered by the current
package.

The makevars.mk files are generated by new targets fetch-vars,
extract-vars, patch-vars, etc., and these targets are built during
the corresponding real-* target to ensure that they are being invoked
with PKG_PHASE set to the proper value.

Also, remove the variables cache file that bsd.wrapper.mk was generating
since the new makevars.mk files provide the same functionality at a
higher level.  Change all WRAPPER_VARS definitions that were used by
the old wrapper-phase cache file into MAKE_VARS definitions.
2005-05-09 05:06:55 +00:00
jlam
949a7c95f1 PKG_OPTIONS.<pkg> isn't a good approximation to PKG_OPTIONS for the
package because PKG_OPTION.<pkg> could contain negative options, which
are never part of PKG_OPTIONS.  Instead, use the show-var target to
display the value.  We cache it in WRAPPER_VARS and in MAKE_FLAGS to
prevent reinvoking the show-var target recursively.
2005-05-08 12:03:56 +00:00
tv
f816d81489 Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used. 2005-04-11 21:44:48 +00:00
jlam
aa151ceb8b Update security/openssl to openssl-0.9.7f.
Pkgsrc changes from version 0.9.7e include:

  *) Install the man pages with names that are less likely to collide
     with other packages' man pages.
  *) Support PKG_OPTIONS of "idea", "mdc2" and "rc5" to allow building
     with patented algorithms.  By default, this package still builds
     without patented algorithms.

Major changes from version 0.9.7e include:

  *) Prompt for pass phrases when appropriate for PKCS12 input format.
  *) Back-port of selected performance improvements from development
     branch, as well as improved support for PowerPC platforms.
  *) Add lots of checks for memory allocation failure, error codes to indicate
     failure and freeing up memory if a failure occurs.
  *) Add new -passin argument to dgst.
  *) Make an explicit check during certificate validation to see that
     the CA setting in each certificate on the chain is correct.
2005-03-23 09:06:38 +00:00
agc
d81d19f8e0 Add RMD160 digests. 2005-02-24 12:51:41 +00:00
grant
395f2b26c7 when linking shared libssl on Solaris, make sure the rpath is
included so it can find libcrypto.
2005-02-20 05:42:51 +00:00
jlam
fe2f1774b5 Modify openssl/Makefile so that it's easier to test the -STABLE and
-SNAP OpenSSL snapshots.
2005-02-02 23:43:42 +00:00
grant
96c2b7ecc2 when building with SunPro on x86, do not use -fast argument to cc(1)
because:

- its behaviour changes between releases
- it uses build-host specific instructions where possible,
  specifically on >= Solaris 9 update 6 and Sun Studio 9 (sse, sse2)

this breaks using the binary pkg when installed on systems with a
less capable processor. instead, just use -xO5 so the binary pkg will
work everywhere.
2005-01-18 10:25:17 +00:00
jlam
28a95475df Bump PKGREVISION to 1 as a result of fixing the run-time behavior of
openssl on sparc64 and amd64 in the previous commit.
2005-01-13 18:34:47 +00:00
jlam
5767fbbdbc Optimize the NetBSD/amd64 config a bit to improve RC4 performance, and
fix the NetBSD/sparc64 config by adding -DMD32_REG_T=int to the flags.
Tested by martin (at) NetBSD.org.  This should fix PR pkg/28858.
2005-01-13 18:33:48 +00:00
jlam
a980a0325b Fix build on NetBSD/sparc64 by marking the system as ``ULTRASPARC''
so that the appropriate OpenSSL sources are built.  Also, explicitly
mark the endianness of each supported NetBSD platform to avoid potential
endianness issues when doing the crypto arithmetic.
2005-01-11 22:25:00 +00:00
tv
dab9676fdc Fix compilation on Interix. Reported in PR pkg/28938
by HIRAMATSU Yoshifumi <hiramatu@boreas.dti.ne.jp>.
2005-01-11 21:49:25 +00:00
jlam
83ff9738ed Fix a bug in the OpenSSL makefiles that installed a libfips.so symlink
that pointed to nothing.  There is no such thing as "libfips".
2004-12-31 17:34:10 +00:00
jlam
34a211b1e3 Fix compilation on FreeBSD/x86 by ensuring that the FIPS assembly code
isn't used when fips isn't requested during configuration.
2004-12-27 06:14:40 +00:00
jlam
7a022e9cf2 Fix build on non-x86 platforms (PR pkg/28787). 2004-12-27 02:31:07 +00:00
jlam
c264be5d18 Alter patches to make them more likely to be accepted back by the
OpenSSL project.  Also use the sparcv9 MD5 assembly routines on
NetBSD/sparc64.
2004-12-25 22:11:26 +00:00
jlam
0a6f42ca41 Use the correct assembly routines on NetBSD/i386 depending on whether
it's a.out or ELF.
2004-12-25 19:09:08 +00:00
jlam
ac1c08301c Update security/openssl to 0.9.7e. Changes from openssl-0.9.6m are
too numerous to be listed here, but include adding a new DES API
(support for the old one is still present).

Changes to the pkgsrc structure include:

* Install the shared libraries with a version number that matches the
  OpenSSL version number

* Move some of the less often-used c_* utilities back into the examples
  directory.

* Drop support for using the RSAREF library and always use the built-in
  RSA code instead.
2004-12-24 22:02:37 +00:00
grant
830d7cd76e ick: openssl builds PIC static libraries and then later uses them to
build shared libraries. on Darwin with xlc, this fails because of the
way xlc invokes Darwin's in-base libtool to create shared libraries,
meaning that the -all_load argument cannot be used to import all
symbols.

work around this the same way as UnixWare does it, by listing the
archive library contents and linking the object files into the shared
library individually. also remove some other assumed gcc'isms to make
this build on Darwin with xlc.

XXX maybe this pkg should be libtool'ized?
2004-12-19 02:48:32 +00:00
jlam
4df5c48cc4 minor whitespace nit. 2004-12-18 21:32:51 +00:00
jlam
f9127ef977 Fix a typo that caused us not to check the correct header for the presence
of "des_cblock".  This fixes PR pkg/28703.
2004-12-18 17:14:22 +00:00
wiz
51aa86a453 Update to 0.9.6mnb2: Don't install (deprecated) der_chop example
script, since it has insecure temp file handling.
2004-12-17 23:08:36 +00:00
jlam
f9724a680a Change the way that openssl/builtin.mk handles the USE_OLD_DES_API flag.
The idea is to prevent needing to patch source files for packages that
use OpenSSL for DES support by ensuring that including <openssl/des.h>
will always present the old DES API.

(1) If des_old.h exists, then we're using OpenSSL>=0.9.7, and
    <openssl/des.h> already does the right thing.

(2) If des_old.h doesn't exist, then one of two things is happening:
    (a) If <openssl/des.h> is old and (only) supports the old DES API,
	then <openssl/des.h> does the right thing.
    (b) If it's NetBSD's Special(TM) one that stripped out the old DES
	support into a separate library and header (-ldes, <des.h>),
	then we create a new header <openssl/des.h> that includes the
	system one and <des.h>.

Also modify existing packages that set USE_OLD_DES_API to simply include
<openssl/des.h> instead of either <des.h> or <openssl/des_old.h> (This
step is mostly just removing unnecessary patches).

This should fix building packages that use OpenSSL's old DES API support
on non-NetBSD systems where the built-in OpenSSL is at least 0.9.7.
2004-12-14 19:24:29 +00:00
jlam
98a8065e34 Provide an SSLKEYS variable that points to the location where OpenSSL
private keys are likely to be installed.  Patch directly from PR
pkg/28477 by Jason Thorpe.
2004-12-11 00:04:14 +00:00
jlam
48e1426f67 Attempt to deal with the differing DES APIs between OpenSSL 0.9.6 (in
pkgsrc and in NetBSD-1.6.x) and OpenSSL 0.9.7 (in NetBSD-2.0), by
creating a new yes/no variable USE_OLD_DES_API that flags whether the
package wants to use the old DES API.  If USE_OLD_DES_API is "yes",
then:

  * For OpenSSL 0.9.6, symlink ${BUILDLINK_DIR}/include/openssl/des_old.h
    to ${SSLBASE}/include/openssl/des.h.

  * For NetBSD 2.0's "special" installation of OpenSSL 0.9.7, symlink
    ${BUILDLINK_DIR}/include/openssl/des_old.h to /usr/include/des.h,
    and transform "-lcrypto" into "-ldes -lcrypto".  This makes it
    behave like stock OpenSSL 0.9.7 where the old DES functions are
    part of libcrypto.

Software that wants to use the old DES API should be taught to do it
in a way that works with a stock installation of OpenSSL 0.9.7 -- by
including <openssl/des_old.h> and linking against "-lcrypto".  Software
that wants to use the new DES API should simply depend on openssl>=0.9.7.

This change has no impact on existing packages as the new code is
active only when USE_OLD_DES_API == "yes".
2004-12-03 23:03:09 +00:00
jlam
ce8f0714a0 reorder: commands are specified using WRAPPER_REORDER_CMDS, not
BUILDLINK_TRANSFORM.
2004-12-03 20:33:18 +00:00
tv
c487cb967a Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10
in the process.  (More information on tech-pkg.)

Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.

Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
2004-10-03 00:12:51 +00:00
jlam
7ad48acf7d Back out previous... unintended commit. 2004-08-28 20:38:18 +00:00
jlam
8d572feba3 Use the new BUILDLINK_TRANSFORM commands to more precisely state the
intended transformation: use "rm" to remove an option, "rmdir" to remove
all options containing a path starting with a given directory name, and
"rename" to rename options to something else.
2004-08-28 06:05:31 +00:00
jlam
9d5426ff76 Change the way that legacy USE_* and FOO_USE_* options are converted
into the bsd.options.mk framework.  Instead of appending to
${PKG_OPTIONS_VAR}, it appends to PKG_DEFAULT_OPTIONS.  This causes
the default options to be the union of PKG_DEFAULT_OPTIONS and any
old USE_* and FOO_USE_* settings.

This fixes PR pkg/26590.
2004-08-22 19:32:51 +00:00
jlam
b4e8a59e09 Convert to use bsd.options.mk. 2004-08-05 04:20:28 +00:00
jlam
312137ee1c Document the "rsaref" build option. 2004-08-05 02:45:28 +00:00
jlam
b460ce1ab5 Convert to use bsd.options.mk. The relevant options variable to set
for each package can be determined by invoking:

	make show-var VARNAME=PKG_OPTIONS_VAR

The old options are still supported unless the variable named in
PKG_OPTIONS_VAR is set within make(1) (usually via /etc/mk.conf).
2004-07-30 21:05:41 +00:00
wiz
4237d54a34 Unused. 2004-07-06 22:41:15 +00:00
tv
0fc96ae1c3 Make compile on Interix. No-op change for other platforms, so no PKGREVISION
bump.  (Main MI change:  -soname -> -h, as some GNU ld(1) wants --soname
instead of -soname, but -h works on all GNU ld(1) versions.)
2004-04-25 20:36:11 +00:00
tron
0f086b9983 If the native OpenSSL contains the security fixes pulled up to the
netbsd-1-6 branch on 2004-04-01, then pretend it's openssl-0.9.6m.
2004-04-07 13:31:54 +00:00