pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/openssl Update to openssl-0.9.8g. Provided by...
details: https://anonhg.NetBSD.org/pkgsrc/rev/1f9621b4611a
branches: trunk
changeset: 537828:1f9621b4611a
user: tnn <tnn%pkgsrc.org@localhost>
date: Thu Jan 17 06:42:47 2008 +0000
description:
Update to openssl-0.9.8g. Provided by Jukka Salmi in pkgsrc-wip.
pkgsrc notes:
o Tested on NetBSD/i386 (Jukka Salmi), Mac OSX 10.5 (Adrian Portelli),
Linux (Jeremy C. Reed), Tru64 5.1b (tnn), HP-UX 11i (tnn).
Because the Makefile system has been rewamped, other
platforms may require fixes. Please test if you can.
o OpenSSL can now be built with installation to DESTDIR.
Overview of important changes since 0.9.7i:
o Add gcc 4.2 support.
o DTLS improvements.
o RFC4507bis support.
o TLS Extensions support.
o RFC3779 support.
o New cipher Camellia
o Updated ECC cipher suite support.
o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
o Zlib compression usage fixes.
o Major work on the BIGNUM library for higher efficiency and to
make operations more streamlined and less contradictory. This
is the result of a major audit of the BIGNUM library.
o Addition of BIGNUM functions for fields GF(2^m) and NIST
curves, to support the Elliptic Crypto functions.
o Major work on Elliptic Crypto; ECDH and ECDSA added, including
the use through EVP, X509 and ENGINE.
o New ASN.1 mini-compiler that's usable through the OpenSSL
configuration file.
o Added support for ASN.1 indefinite length constructed encoding.
o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
o Complete rework of shared library construction and linking
programs with shared or static libraries, through a separate
Makefile.shared.
o Rework of the passing of parameters from one Makefile to another.
o Changed ENGINE framework to load dynamic engine modules
automatically from specifically given directories.
o New structure and ASN.1 functions for CertificatePair.
o Changed the key-generation and primality testing "progress"
mechanism to take a structure that contains the ticker
function and an argument.
o New engine module: GMP (performs private key exponentiation).
o New engine module: VIA PadLOck ACE extension in VIA C3
Nehemiah processors.
o Added support for IPv6 addresses in certificate extensions.
See RFC 1884, section 2.2.
o Added support for certificate policy mappings, policy
constraints and name constraints.
o Added support for multi-valued AVAs in the OpenSSL
configuration file.
o Added support for multiple certificates with the same subject
in the 'openssl ca' index file.
o Make it possible to create self-signed certificates using
'openssl ca -selfsign'.
o Make it possible to generate a serial number file with
'openssl ca -create_serial'.
o New binary search functions with extended functionality.
o New BUF functions.
o New STORE structure and library to provide an interface to all
sorts of data repositories. Supports storage of public and
private keys, certificates, CRLs, numbers and arbitrary blobs.
This library is unfortunately unfinished and unused withing
OpenSSL.
o New control functions for the error stack.
o Changed the PKCS#7 library to support one-pass S/MIME
processing.
o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
o New X509_VERIFY_PARAM structure to support parametrisation
of X.509 path validation.
o Change the default digest in 'openssl' commands from MD5 to
SHA-1.
o Added support for DTLS.
o New BIGNUM blinding.
o Added support for the RSA-PSS encryption scheme
o Added support for the RSA X.931 padding.
o Added support for files larger than 2GB.
o Added alternate pkg-config files.
diffstat:
security/openssl/DESCR | 15 ++--
security/openssl/Makefile | 31 ++-------
security/openssl/PLIST.common | 50 ++++++++++++++-
security/openssl/PLIST.darwin | 4 +-
security/openssl/buildlink3.mk | 8 +-
security/openssl/builtin.mk | 6 +-
security/openssl/distinfo | 36 +++-------
security/openssl/options.mk | 4 +-
security/openssl/patches/patch-aa | 66 +++++++++++----------
security/openssl/patches/patch-ac | 55 ++++++++---------
security/openssl/patches/patch-ad | 24 +++---
security/openssl/patches/patch-ae | 22 +++---
security/openssl/patches/patch-af | 115 +++++++++----------------------------
security/openssl/patches/patch-ag | 58 +++++++++++++++++++
security/openssl/patches/patch-ah | 15 ----
security/openssl/patches/patch-ai | 64 ---------------------
security/openssl/patches/patch-ak | 8 +-
security/openssl/patches/patch-al | 10 +-
security/openssl/patches/patch-am | 28 ---------
security/openssl/patches/patch-an | 38 ------------
security/openssl/patches/patch-ao | 49 ----------------
security/openssl/patches/patch-ap | 25 --------
security/openssl/patches/patch-aq | 33 ----------
security/openssl/patches/patch-ar | 28 ---------
security/openssl/patches/patch-as | 17 -----
security/openssl/patches/patch-at | 25 --------
security/openssl/patches/patch-au | 32 ----------
security/openssl/patches/patch-av | 14 ----
security/openssl/patches/patch-aw | 16 -----
29 files changed, 262 insertions(+), 634 deletions(-)
diffs (truncated from 1341 to 300 lines):
diff -r fb9024a3df76 -r 1f9621b4611a security/openssl/DESCR
--- a/security/openssl/DESCR Thu Jan 17 04:00:47 2008 +0000
+++ b/security/openssl/DESCR Thu Jan 17 06:42:47 2008 +0000
@@ -1,7 +1,8 @@
-The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, full-featured, and Open Source toolkit implementing
-the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
-v1) protocols as well as a full-strength general purpose cryptography
-library. The project is managed by a worldwide community of volunteers
-that use the Internet to communicate, plan, and develop the OpenSSL
-toolkit and its related documentation.
+The OpenSSL Project is a collaborative effort to develop a
+robust, commercial-grade, full-featured, and Open Source
+toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as
+a full-strength general purpose cryptography library. The
+project is managed by a worldwide community of volunteers
+that use the Internet to communicate, plan, and develop the
+OpenSSL toolkit and its related documentation.
diff -r fb9024a3df76 -r 1f9621b4611a security/openssl/Makefile
--- a/security/openssl/Makefile Thu Jan 17 04:00:47 2008 +0000
+++ b/security/openssl/Makefile Thu Jan 17 06:42:47 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.130 2008/01/05 20:41:25 rillig Exp $
+# $NetBSD: Makefile,v 1.131 2008/01/17 06:42:47 tnn Exp $
OPENSSL_SNAPSHOT?= # empty
OPENSSL_STABLE?= # empty
-OPENSSL_VERS?= 0.9.7i
+OPENSSL_VERS?= 0.9.8g
.if empty(OPENSSL_SNAPSHOT)
DISTNAME= openssl-${OPENSSL_VERS}
@@ -24,7 +24,6 @@
. endif
.endif
-PKGREVISION= 6
SVR4_PKGNAME= ossl
CATEGORIES= security
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
@@ -36,6 +35,7 @@
CRYPTO= yes
PKG_INSTALLATION_TYPES= overwrite pkgviews
+PKG_DESTDIR_SUPPORT= user-destdir
.include "../../mk/bsd.prefs.mk"
.include "../../mk/compiler.mk"
@@ -46,6 +46,7 @@
HAS_CONFIGURE= yes
CONFIGURE_SCRIPT= ./config
CONFIGURE_ARGS+= --prefix=${PREFIX:Q}
+CONFIGURE_ARGS+= --install_prefix=${DESTDIR}
CONFIGURE_ARGS+= --openssldir=${PKG_SYSCONFDIR:Q}
CONFIGURE_ARGS+= shared threads
@@ -81,9 +82,9 @@
PLIST_OPSYS= PLIST.osf1
CONFIGURE_SCRIPT= ./Configure
. if !empty(CC_VERSION:Mgcc*)
-CONFIGURE_ARGS+= alpha-gcc-rpath
+CONFIGURE_ARGS+= tru64-alpha-gcc
. else
-CONFIGURE_ARGS+= alpha-cc-rpath
+CONFIGURE_ARGS+= tru64-alpha-cc
. endif
.elif ${OPSYS} == "Darwin"
.include "../../mk/dlopen.buildlink3.mk"
@@ -92,8 +93,8 @@
SUBST_MESSAGE.dl= Adding dynamic link compatibility library.
SUBST_STAGE.dl= post-configure
SUBST_FILES.dl= Makefile apps/Makefile crypto/Makefile \
- crypto/pkcs7/Makefile fips/Makefile test/Makefile
-SUBST_SED.dl= -e "s,^EX_LIBS=,EX_LIBS=${DL_LDFLAGS} ,g"
+ crypto/pkcs7/Makefile test/Makefile
+SUBST_SED.dl= -e 's,^EX_LIBS=,EX_LIBS=${DL_LDFLAGS:Q} ,g'
.endif
.include "../../security/openssl/options.mk"
@@ -117,22 +118,8 @@
${PKG_SYSCONFDIR}/openssl.cnf
OWN_DIRS= ${PKG_SYSCONFDIR}/certs ${PKG_SYSCONFDIR}/private
-# Some shells don't accept empty word lists in for loops. For those
-# Makefiles where this occurs, edit the file so that we avoid running
-# the loop.
-#
-# Also, fix the path to perl in various scripts.
-#
+# Fix the path to perl in various scripts.
pre-configure:
- cd ${WRKSRC}; \
- for file in fips/*/Makefile; do \
- if ${GREP} "^EXHEADER=[ ]*\$$" $$file >/dev/null; then \
- ${ECHO} "Fixing 'install' target in $$file."; \
- ${MV} -f $$file $$file.preawk; \
- ${AWK} '/^install:/ { printf "install:\n\nnot-install:\n"; next } { print }' \
- $$file.preawk > $$file; \
- fi; \
- done
cd ${WRKSRC} && ${PERL5} util/perlpath.pl ${PERL5}
.include "../../mk/bsd.pkg.mk"
diff -r fb9024a3df76 -r 1f9621b4611a security/openssl/PLIST.common
--- a/security/openssl/PLIST.common Thu Jan 17 04:00:47 2008 +0000
+++ b/security/openssl/PLIST.common Thu Jan 17 06:42:47 2008 +0000
@@ -1,7 +1,6 @@
-@comment $NetBSD: PLIST.common,v 1.11 2005/10/11 17:19:21 jlam Exp $
+@comment $NetBSD: PLIST.common,v 1.12 2008/01/17 06:42:47 tnn Exp $
bin/c_rehash
bin/openssl
-bin/openssl_fips_fingerprint
include/openssl/aes.h
include/openssl/asn1.h
include/openssl/asn1_mac.h
@@ -20,15 +19,15 @@
include/openssl/dh.h
include/openssl/dsa.h
include/openssl/dso.h
+include/openssl/dtls1.h
include/openssl/e_os2.h
include/openssl/ebcdic.h
include/openssl/ec.h
+include/openssl/ecdh.h
+include/openssl/ecdsa.h
include/openssl/engine.h
include/openssl/err.h
include/openssl/evp.h
-include/openssl/fips.h
-include/openssl/fips_rand.h
-include/openssl/fips_sha.h
include/openssl/hmac.h
${IDEA}include/openssl/idea.h
include/openssl/krb5_asn.h
@@ -48,6 +47,8 @@
include/openssl/pem2.h
include/openssl/pkcs12.h
include/openssl/pkcs7.h
+include/openssl/pq_compat.h
+include/openssl/pqueue.h
include/openssl/rand.h
include/openssl/rc2.h
include/openssl/rc4.h
@@ -61,6 +62,7 @@
include/openssl/ssl23.h
include/openssl/ssl3.h
include/openssl/stack.h
+include/openssl/store.h
include/openssl/symhacks.h
include/openssl/tls1.h
include/openssl/tmdiff.h
@@ -70,8 +72,19 @@
include/openssl/x509.h
include/openssl/x509_vfy.h
include/openssl/x509v3.h
+lib/engines/lib4758cca.so
+lib/engines/libaep.so
+lib/engines/libatalla.so
+lib/engines/libchil.so
+lib/engines/libcswift.so
+lib/engines/libgmp.so
+lib/engines/libnuron.so
+lib/engines/libsureware.so
+lib/engines/libubsec.so
lib/libcrypto.a
lib/libssl.a
+lib/pkgconfig/libcrypto.pc
+lib/pkgconfig/libssl.pc
lib/pkgconfig/openssl.pc
man/man1/CA.pl.1
man/man1/openssl.1
@@ -84,6 +97,8 @@
man/man1/openssl_dhparam.1
man/man1/openssl_dsa.1
man/man1/openssl_dsaparam.1
+man/man1/openssl_ec.1
+man/man1/openssl_ecparam.1
man/man1/openssl_enc.1
man/man1/openssl_errstr.1
man/man1/openssl_gendsa.1
@@ -129,6 +144,8 @@
man/man3/ASN1_STRING_set.3
man/man3/ASN1_STRING_type.3
man/man3/ASN1_STRING_type_new.3
+man/man3/ASN1_generate_nconf.3
+man/man3/ASN1_generate_v3.3
man/man3/BF_cbc_encrypt.3
man/man3/BF_cfb64_encrypt.3
man/man3/BF_decrypt.3
@@ -255,6 +272,18 @@
man/man3/BIO_wpending.3
man/man3/BIO_write.3
man/man3/BIO_write_filename.3
+man/man3/BN_BLINDING_convert.3
+man/man3/BN_BLINDING_convert_ex.3
+man/man3/BN_BLINDING_create_param.3
+man/man3/BN_BLINDING_free.3
+man/man3/BN_BLINDING_get_flags.3
+man/man3/BN_BLINDING_get_thread_id.3
+man/man3/BN_BLINDING_invert.3
+man/man3/BN_BLINDING_invert_ex.3
+man/man3/BN_BLINDING_new.3
+man/man3/BN_BLINDING_set_flags.3
+man/man3/BN_BLINDING_set_thread_id.3
+man/man3/BN_BLINDING_update.3
man/man3/BN_CTX_end.3
man/man3/BN_CTX_free.3
man/man3/BN_CTX_get.3
@@ -344,6 +373,7 @@
man/man3/BUF_MEM_grow.3
man/man3/BUF_MEM_new.3
man/man3/BUF_strdup.3
+man/man3/CONF_modules_finish.3
man/man3/CONF_modules_free.3
man/man3/CONF_modules_load.3
man/man3/CONF_modules_load_file.3
@@ -457,11 +487,13 @@
man/man3/ERR_peek_last_error.3
man/man3/ERR_peek_last_error_line.3
man/man3/ERR_peek_last_error_line_data.3
+man/man3/ERR_pop_to_mark.3
man/man3/ERR_print_errors.3
man/man3/ERR_print_errors_fp.3
man/man3/ERR_put_error.3
man/man3/ERR_reason_error_string.3
man/man3/ERR_remove_state.3
+man/man3/ERR_set_mark.3
man/man3/EVP_BytesToKey.3
man/man3/EVP_CIPHER_CTX_block_size.3
man/man3/EVP_CIPHER_CTX_cipher.3
@@ -597,8 +629,10 @@
man/man3/OBJ_sn2nid.3
man/man3/OBJ_txt2nid.3
man/man3/OBJ_txt2obj.3
+man/man3/OPENSSL_Applink.3
man/man3/OPENSSL_VERSION_NUMBER.3
man/man3/OPENSSL_config.3
+man/man3/OPENSSL_ia32cap.3
man/man3/OPENSSL_load_builtin_modules.3
man/man3/OPENSSL_no_config.3
man/man3/OpenSSL_add_all_algorithms.3
@@ -774,6 +808,7 @@
man/man3/SSL_SESSION_get_timeout.3
man/man3/SSL_SESSION_set_ex_data.3
man/man3/SSL_SESSION_set_time.3
+man/man3/SSL_SESSION_set_timeout.3
man/man3/SSL_accept.3
man/man3/SSL_add_client_CA.3
man/man3/SSL_add_session.3
@@ -1036,6 +1071,7 @@
man/man3/openssl_des.3
man/man3/openssl_dh.3
man/man3/openssl_dsa.3
+man/man3/openssl_ecdsa.3
man/man3/openssl_engine.3
man/man3/openssl_err.3
man/man3/openssl_evp.3
@@ -1053,8 +1089,9 @@
man/man3/openssl_threads.3
man/man3/openssl_ui.3
man/man3/openssl_ui_compat.3
+man/man3/openssl_x509.3
man/man5/openssl_config.5
-man/man7/Modes_of_DES.7
+man/man5/openssl_x509v3_config.5
man/man7/des_modes.7
share/examples/openssl/CA.pl
share/examples/openssl/CA.sh
@@ -1065,4 +1102,5 @@
share/examples/openssl/openssl.cnf
@dirrm share/examples/openssl
@unexec ${RMDIR} -p %D/lib/pkgconfig 2>/dev/null || ${TRUE}
+@dirrm lib/engines
@dirrm include/openssl
diff -r fb9024a3df76 -r 1f9621b4611a security/openssl/PLIST.darwin
--- a/security/openssl/PLIST.darwin Thu Jan 17 04:00:47 2008 +0000
+++ b/security/openssl/PLIST.darwin Thu Jan 17 06:42:47 2008 +0000
@@ -1,7 +1,5 @@
-@comment $NetBSD: PLIST.darwin,v 1.5 2004/12/24 22:02:38 jlam Exp $
+@comment $NetBSD: PLIST.darwin,v 1.6 2008/01/17 06:42:47 tnn Exp $
lib/libcrypto.${SHLIB_VERSION}.dylib
-lib/libcrypto.${SHLIB_MAJOR}.dylib
lib/libcrypto.dylib
lib/libssl.${SHLIB_VERSION}.dylib
-lib/libssl.${SHLIB_MAJOR}.dylib
lib/libssl.dylib
diff -r fb9024a3df76 -r 1f9621b4611a security/openssl/buildlink3.mk
--- a/security/openssl/buildlink3.mk Thu Jan 17 04:00:47 2008 +0000
+++ b/security/openssl/buildlink3.mk Thu Jan 17 06:42:47 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.38 2008/01/05 20:41:25 rillig Exp $
+# $NetBSD: buildlink3.mk,v 1.39 2008/01/17 06:42:47 tnn Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
OPENSSL_BUILDLINK3_MK:= ${OPENSSL_BUILDLINK3_MK}+
@@ -16,11 +16,7 @@
. include "../../mk/bsd.fast.prefs.mk"
BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.6m
Home |
Main Index |
Thread Index |
Old Index