From nobody Tue Oct 22 15:50:15 2024 X-Original-To: dev-commits-ports-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XXxTM1Vm2z5PcmM; Tue, 22 Oct 2024 15:50:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XXxTM0trGz4M5R; Tue, 22 Oct 2024 15:50:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1729612215; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=o62VB3dzWK5t4lzM1AWNwUNE/WY/E2N+T8q4QUmoIbQ=; b=eyW2IY20hH9Baijttd0GVDFKDR6K2k94eDVUkQrjLoA5IdflrKHdB6BhiSEiwXkrTYd06H O8mh43HG5ahrW2o0kIg7SbloJ52myy+e+wW6qTXIT2KyRle0kb/pQxDHz+6Te9nRnrCjtq UkRvCjgoo2nn02Qt1LXvekm6/2jeUJKaloeRJNnvGpAr7cwwXEYuHGHmkugqiCcorvymtn 1a1jOVzpzgHsJ56T0xauSvtSKi7kiANxdDSefSQkbB9HiZGxMUqRPAYHfqyPaU5GoiRgdd 9bDN4Ponv4Z/m1uqJI+YtKIyiHeE3oROndPu/xmOKAyrsqgUs11WfUlVzP8Wfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1729612215; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=o62VB3dzWK5t4lzM1AWNwUNE/WY/E2N+T8q4QUmoIbQ=; b=heFLIWYQmPWvtMLiIn307KVvUx7GaWLL9Rd8rDX79CS8tP+L/mcivlVIbp6+cNTmyR6b5D JchuSES8b1qWt6jmRonbZLnm9VHUMGain29slUnIW9aULLqLzqHFMcmNjWmCgI1OZF2cpe u4e6TpYNGdFv/iSpuks7pYrMCtkxurA2JNB6iiD95VcvdRjseoJZUrUkLzAMbjWVObsHyn uRHaqYPV/JEpScLelBp2UeDumSHs67bBAeCpcXbion/8MBYbyCd8MeD1HJR97BnDP/gsYm SIlFph/3Jq0032d1GrDNVdPgfawVX8YT+clMOm6Xd1lsyVPPqRUoN0zoXyKlYw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1729612215; a=rsa-sha256; cv=none; b=A3a0H/FhN0OBcdwiY2SKuAMG9kmZInXtjHJJMRXaFJ/hkeEKNrZIeyhsmOB/Xd3eJQGkRj hA5n+wbnfvgub797h/ycCnpuOvN5bB/XPTdzu/8M2idmlA+qu1k62MeR2Uq7htAw3aeQrG t2va0zMdf49ikDtwTTDI4qD9/fk0ySy3FJ6raWESwBXqDS47qnQZ+q2RDmfWqWhqfqinJ3 qA60C+VgMsS+xLcE0CnFaYX4K5EKOTW9HdfIis7lizOip1QA1hOto7uh+EuvWDp0tfQ7kD qvJOZxBlwS2e7L+Tm7tpfbEIlg38hBzrs0xAse83i/ndbuamuek9lKWYmWazEQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XXxTM0V0TzL5b; Tue, 22 Oct 2024 15:50:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 49MFoFmL098773; Tue, 22 Oct 2024 15:50:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 49MFoFxh098770; Tue, 22 Oct 2024 15:50:15 GMT (envelope-from git) Date: Tue, 22 Oct 2024 15:50:15 GMT Message-Id: <202410221550.49MFoFxh098770@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org From: Alex Dupre Subject: git: f4d0d45cbe89 - 2024Q4 - security/cryptlib: update to 3.4.7 release. List-Id: Commits to the quarterly branches of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-branches@freebsd.org Sender: owner-dev-commits-ports-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ale X-Git-Repository: ports X-Git-Refname: refs/heads/2024Q4 X-Git-Reftype: branch X-Git-Commit: f4d0d45cbe89ec6fc49a6501af943fc2995d3703 Auto-Submitted: auto-generated The branch 2024Q4 has been updated by ale: URL: https://cgit.FreeBSD.org/ports/commit/?id=f4d0d45cbe89ec6fc49a6501af943fc2995d3703 commit f4d0d45cbe89ec6fc49a6501af943fc2995d3703 Author: Alex Dupre AuthorDate: 2024-10-22 15:31:22 +0000 Commit: Alex Dupre CommitDate: 2024-10-22 15:50:02 +0000 security/cryptlib: update to 3.4.7 release. PR: 282203 Submitted by: Alven Security: CVE-2024-0202 (cherry picked from commit 53b58221ade14504875fbd818f42ee551f65f79e) --- security/cryptlib/Makefile | 2 +- security/cryptlib/distinfo | 6 ++--- security/cryptlib/files/patch-makefile | 4 +-- security/cryptlib/files/patch-misc_os__spec.h | 4 +-- security/cryptlib/files/patch-test_certs.c | 8 +++--- security/cryptlib/files/patch-tools_ccopts.sh | 36 ++------------------------- 6 files changed, 14 insertions(+), 46 deletions(-) diff --git a/security/cryptlib/Makefile b/security/cryptlib/Makefile index a306eb97b224..42b59ea691f4 100644 --- a/security/cryptlib/Makefile +++ b/security/cryptlib/Makefile @@ -1,5 +1,5 @@ PORTNAME= cryptlib -DISTVERSION= 3.4.6 +DISTVERSION= 3.4.7 CATEGORIES= security MASTER_SITES= https://cryptlib-release.s3-ap-southeast-1.amazonaws.com/ DISTNAME= ${PORTNAME}${PORTVERSION:S/.//g} diff --git a/security/cryptlib/distinfo b/security/cryptlib/distinfo index 4e31fa1950d6..59a3e7b72af6 100644 --- a/security/cryptlib/distinfo +++ b/security/cryptlib/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1679305871 -SHA256 (cryptlib346.zip) = c72cfd103eb9fa9f205c14c84ce4fbdf3ead1e2447e830b164dc335141f747bd -SIZE (cryptlib346.zip) = 6826568 +TIMESTAMP = 1729514079 +SHA256 (cryptlib347.zip) = e3f617ea55b1c2c6ea1a27ccc7c8dd4972d3428dfbb0c8ba52a3e4a3ea98ada6 +SIZE (cryptlib347.zip) = 7041396 diff --git a/security/cryptlib/files/patch-makefile b/security/cryptlib/files/patch-makefile index 6f255e18d9d2..0ab07a73ea8f 100644 --- a/security/cryptlib/files/patch-makefile +++ b/security/cryptlib/files/patch-makefile @@ -1,6 +1,6 @@ ---- makefile.orig 2021-09-10 22:27:18 UTC +--- makefile.orig 2023-07-04 09:46:00 UTC +++ makefile -@@ -1859,7 +1859,7 @@ BSD/OS: +@@ -1941,7 +1941,7 @@ FreeBSD: $(MAKE) $(DEFINES) CFLAGS="$(CFLAGS) -fomit-frame-pointer -O3" FreeBSD: diff --git a/security/cryptlib/files/patch-misc_os__spec.h b/security/cryptlib/files/patch-misc_os__spec.h index 66d060b78bd7..4fc1e99d45aa 100644 --- a/security/cryptlib/files/patch-misc_os__spec.h +++ b/security/cryptlib/files/patch-misc_os__spec.h @@ -1,6 +1,6 @@ ---- misc/os_spec.h.orig 2021-09-11 19:27:14 UTC +--- misc/os_spec.h.orig 2023-02-10 20:29:06 UTC +++ misc/os_spec.h -@@ -610,9 +610,8 @@ typedef int BOOLEAN_INT; +@@ -607,9 +607,8 @@ typedef int BOOLEAN_INT; variants, this presumably extends to SH5 as well so we treat va_lists on Super-H as scalars */ diff --git a/security/cryptlib/files/patch-test_certs.c b/security/cryptlib/files/patch-test_certs.c index 8d9b05f4093c..30ea0fea6744 100644 --- a/security/cryptlib/files/patch-test_certs.c +++ b/security/cryptlib/files/patch-test_certs.c @@ -1,11 +1,11 @@ ---- test/certs.c.orig 2023-03-20 10:42:36 UTC +--- test/certs.c.orig 2023-01-31 00:46:48 UTC +++ test/certs.c @@ -52,7 +52,7 @@ #if defined( __MWERKS__ ) || defined( SYMANTEC_C ) || defined( __MRC__ ) - #define CERTTIME_DATETEST ( ( ( 2021 - 1970 ) * ONE_YEAR_TIME ) + 2082844800L ) + #define CERTTIME_DATETEST ( ( ( 2022 - 1970 ) * ONE_YEAR_TIME ) + 2082844800L ) #else -- #define CERTTIME_DATETEST ( ( 2021 - 1970 ) * ONE_YEAR_TIME ) -+ #define CERTTIME_DATETEST ( ( 2023 - 1970 ) * ONE_YEAR_TIME ) +- #define CERTTIME_DATETEST ( ( 2022 - 1970 ) * ONE_YEAR_TIME ) ++ #define CERTTIME_DATETEST ( ( 2024 - 1970 ) * ONE_YEAR_TIME ) #endif /* Macintosh-specific weird epoch */ #if ( ULONG_MAX > 0xFFFFFFFFUL ) || defined( _M_X64 ) #define SYSTEM_64BIT diff --git a/security/cryptlib/files/patch-tools_ccopts.sh b/security/cryptlib/files/patch-tools_ccopts.sh index 040bf62ddbf0..ad81eac26a3d 100644 --- a/security/cryptlib/files/patch-tools_ccopts.sh +++ b/security/cryptlib/files/patch-tools_ccopts.sh @@ -1,6 +1,6 @@ ---- tools/ccopts.sh.orig 2021-10-21 02:27:26 UTC +--- tools/ccopts.sh.orig 2023-07-11 00:09:58 UTC +++ tools/ccopts.sh -@@ -675,7 +675,7 @@ hasSafeStackLibs() +@@ -603,7 +603,7 @@ if [ $ISCLANG -gt 0 ] && [ $ISSPECIAL -eq 0 ] ; then if [ $ISCLANG -gt 0 ] && [ $ISSPECIAL -eq 0 ] ; then if [ $COMPILER_VER -ge 47 ] ; then @@ -9,35 +9,3 @@ # The versions of clang shipped with OS X or OpenBSD don't # support -fsanitize=safe-stack even as late as clang 12, so # there's not much that we can do. -@@ -892,31 +892,6 @@ fi - # a big deal. As a convenient side-effect, this also enables the use of - # ASLR where it's supported. - --if [ "$ARCH" = "i586" ] || [ "$ARCH" = "i686" ] || [ "$ARCH" = "x86_64" ] ; then -- if [ "$COMPILER_VER" -ge 45 ] ; then -- if [ $GENERICBUILD -gt 0 ] ; then -- echo " (Enabling lowest-common-denominator build options for cross-platform library)." >&2 ; -- else -- CCARGS="$CCARGS -march=native -mtune=generic" ; -- fi -- if [ "$ARCH" = "x86_64" ] ; then -- CCARGS="$CCARGS -fPIC" ; -- fi ; -- elif [ "$COMPILER_VER" -ge 30 ] ; then -- case $ARCH in -- 'x86_64') -- CCARGS="$CCARGS -march=opteron -fPIC" ;; -- -- 'i686') -- CCARGS="$CCARGS -march=pentiumpro" ;; -- -- *) -- CCARGS="$CCARGS -march=pentium" ;; -- esac ; -- else -- CCARGS="$CCARGS -mcpu=pentium" ; -- fi ; --fi - - # gcc 4.x for 64-bit architectures has an optimiser bug that removes an - # empty-list check in cryptlib's list-management code (this has been