FreeBSD Bugzilla – Attachment 245112 Details for
Bug 269473
security/openssl, security/libressl: Use base system CA certificates
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
OpenSSL patch2
0001-security-openssl-Use-base-system-CA-certificates.patch (text/plain), 10.85 KB, created by
Tijl Coosemans
on 2023-09-22 10:24:42 UTC
(
hide
)
Description:
OpenSSL patch2
Filename:
MIME Type:
Creator:
Tijl Coosemans
Created:
2023-09-22 10:24:42 UTC
Size:
10.85 KB
patch
obsolete
>From 6f4b852d852e1abbe9d4a1313935871816978f32 Mon Sep 17 00:00:00 2001 >From: Tijl Coosemans <tijl@FreeBSD.org> >Date: Fri, 3 Feb 2023 13:21:39 +0100 >Subject: [PATCH] security/openssl: Use base system CA certificates > >Link ${OPENSSLDIR}/certs to /etc/ssl/certs so certificates can be >verified out of the box. > >PR: 269473 >--- > UPDATING | 14 ++++++++++++++ > security/openssl-quictls/Makefile | 3 +++ > security/openssl-quictls/pkg-plist | 3 ++- > security/openssl-unsafe/Makefile | 3 +++ > security/openssl-unsafe/pkg-plist | 3 ++- > security/openssl/Makefile | 3 +++ > security/openssl/pkg-plist | 3 ++- > security/openssl30/Makefile | 4 +++- > security/openssl30/pkg-plist | 3 ++- > security/openssl31/Makefile | 4 +++- > security/openssl31/pkg-plist | 3 ++- > security/openssl32/Makefile | 3 +++ > security/openssl32/pkg-plist | 3 ++- > 13 files changed, 44 insertions(+), 8 deletions(-) > >diff --git a/UPDATING b/UPDATING >index 29cb0ac22fe5..b7950aedabf9 100644 >--- a/UPDATING >+++ b/UPDATING >@@ -5,6 +5,20 @@ they are unavoidable. > You should get into the habit of checking this file for changes each time > you update your ports collection, before attempting any port upgrades. > >+20230922: >+AFFECTS: users of security/openssl* and security/libressl* >+AUTHOR: tijl@FreeBSD.org >+ >+The directories /usr/local/openssl/certs and /usr/local/etc/ssl/certs >+have been replaced with symbolic links to /etc/ssl/certs. Any CA >+certificates in these directories should be moved to >+/usr/local/share/certs and then installed to /etc/ssl/certs using >+"certctl rehash". See certctl(8) for more information. >+ >+If the directory certs exists when installing the package it will be >+renamed certs.pkgsave. If certs.pkgsave exists package installation >+will fail. >+ > 20230919: > AFFECTS: users of net-p2p/transmission > AUTHOR: mondo.debater_0q@icloud.com >diff --git a/security/openssl-quictls/Makefile b/security/openssl-quictls/Makefile >index 9e2e1f996919..3d686553c633 100644 >--- a/security/openssl-quictls/Makefile >+++ b/security/openssl-quictls/Makefile >@@ -1,5 +1,6 @@ > PORTNAME= openssl > PORTVERSION= 3.0.10 >+PORTREVISION= 1 > CATEGORIES= security devel > PKGNAMESUFFIX= -quictls > >@@ -179,6 +180,8 @@ post-install-SHARED-off: > > post-install: > ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl >+ ${RMDIR} ${STAGEDIR}${OPENSSLDIR}/certs >+ ${LN} -s /etc/ssl/certs ${STAGEDIR}${OPENSSLDIR}/certs > > post-install-MAN3-on: > ( cd ${STAGEDIR}/${PREFIX} ; find man/man3 -not -type d ; \ >diff --git a/security/openssl-quictls/pkg-plist b/security/openssl-quictls/pkg-plist >index 80c51ba76672..b85c6d3cdde1 100644 >--- a/security/openssl-quictls/pkg-plist >+++ b/security/openssl-quictls/pkg-plist >@@ -265,6 +265,7 @@ man/man1/x509.1ossl.gz > man/man5/config.5ossl.gz > man/man5/fips_config.5ossl.gz > man/man5/x509v3_config.5ossl.gz >+%%OPENSSLDIR%%/certs > %%OPENSSLDIR%%/misc/CA.pl > @comment %%OPENSSLDIR%%/misc/tsget.pl > %%OPENSSLDIR%%/misc/tsget >@@ -273,4 +274,4 @@ man/man5/x509v3_config.5ossl.gz > @sample %%OPENSSLDIR%%/openssl.cnf.dist %%OPENSSLDIR%%/openssl.cnf > @dir lib/ossl-modules > @dir %%OPENSSLDIR%%/private >-@dir %%OPENSSLDIR%%/certs >+@preexec if [ -d %D/%%OPENSSLDIR%%/certs -a ! -L %D/%%OPENSSLDIR%%/certs ]; then [ ! -e %D/%%OPENSSLDIR%%/certs.pkgsave -a ! -L %D/%%OPENSSLDIR%%/certs.pkgsave ] && mv %D/%%OPENSSLDIR%%/certs %D/%%OPENSSLDIR%%/certs.pkgsave; fi >diff --git a/security/openssl-unsafe/Makefile b/security/openssl-unsafe/Makefile >index 172d18b34a2f..ce3ec0151ae8 100644 >--- a/security/openssl-unsafe/Makefile >+++ b/security/openssl-unsafe/Makefile >@@ -1,5 +1,6 @@ > PORTNAME= openssl > PORTVERSION= 1.0.2.20170706 >+PORTREVISION= 1 > CATEGORIES= security devel > PKGNAMESUFFIX= -unsafe > >@@ -69,6 +70,8 @@ post-install: > .for i in ubsec gost capi gmp atalla sureware nuron cswift 4758cca padlock aep chil > ${STRIP_CMD} ${STAGEDIR}${PREFIX}/openssl-unsafe/lib/engines/lib${i}.so > .endfor >+ ${RMDIR} ${STAGEDIR}${OPENSSLDIR}/certs >+ ${LN} -s /etc/ssl/certs ${STAGEDIR}${OPENSSLDIR}/certs > > test: build > cd ${WRKSRC} && ${MAKE} test >diff --git a/security/openssl-unsafe/pkg-plist b/security/openssl-unsafe/pkg-plist >index 305b397560bf..fe18b2e3b07f 100644 >--- a/security/openssl-unsafe/pkg-plist >+++ b/security/openssl-unsafe/pkg-plist >@@ -101,9 +101,10 @@ openssl-unsafe/lib/libssl.so.%%SHLIBVER%% > openssl-unsafe/libdata/pkgconfig/libcrypto.pc > openssl-unsafe/libdata/pkgconfig/libssl.pc > openssl-unsafe/libdata/pkgconfig/openssl.pc >+%%OPENSSLDIR%%/certs > %%OPENSSLDIR%%/misc/CA.pl > %%OPENSSLDIR%%/misc/CA.sh > %%OPENSSLDIR%%/misc/tsget > @sample %%OPENSSLDIR%%/openssl.cnf.sample > @dir %%OPENSSLDIR%%/private >-@dir %%OPENSSLDIR%%/certs >+@preexec if [ -d %D/%%OPENSSLDIR%%/certs -a ! -L %D/%%OPENSSLDIR%%/certs ]; then [ ! -e %D/%%OPENSSLDIR%%/certs.pkgsave -a ! -L %D/%%OPENSSLDIR%%/certs.pkgsave ] && mv %D/%%OPENSSLDIR%%/certs %D/%%OPENSSLDIR%%/certs.pkgsave; fi >diff --git a/security/openssl/Makefile b/security/openssl/Makefile >index 77b05e43a321..ebd11b574c2a 100644 >--- a/security/openssl/Makefile >+++ b/security/openssl/Makefile >@@ -1,5 +1,6 @@ > PORTNAME= openssl > PORTVERSION= 1.1.1w >+PORTREVISION= 1 > PORTEPOCH= 1 > CATEGORIES= security devel > MASTER_SITES= https://www.openssl.org/source/ \ >@@ -161,6 +162,8 @@ post-install-SHARED-on: > > post-install: > ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl >+ ${RMDIR} ${STAGEDIR}${OPENSSLDIR}/certs >+ ${LN} -s /etc/ssl/certs ${STAGEDIR}${OPENSSLDIR}/certs > > post-install-MAN3-on: > ( cd ${STAGEDIR}/${PREFIX} ; ${FIND} man/man3 man/man7 -not -type d ) | \ >diff --git a/security/openssl/pkg-plist b/security/openssl/pkg-plist >index 6d59f6e06c71..33682895e135 100644 >--- a/security/openssl/pkg-plist >+++ b/security/openssl/pkg-plist >@@ -217,10 +217,11 @@ man/man1/version.1.gz > man/man1/x509.1.gz > man/man5/config.5.gz > man/man5/x509v3_config.5.gz >+%%OPENSSLDIR%%/certs > %%OPENSSLDIR%%/misc/CA.pl > %%OPENSSLDIR%%/misc/tsget > @comment %%OPENSSLDIR%%/misc/tsget.pl > @sample %%OPENSSLDIR%%/openssl.cnf.dist %%OPENSSLDIR%%/openssl.cnf > @sample %%OPENSSLDIR%%/ct_log_list.cnf.dist %%OPENSSLDIR%%/ct_log_list.cnf > @dir %%OPENSSLDIR%%/private >-@dir %%OPENSSLDIR%%/certs >+@preexec if [ -d %D/%%OPENSSLDIR%%/certs -a ! -L %D/%%OPENSSLDIR%%/certs ]; then [ ! -e %D/%%OPENSSLDIR%%/certs.pkgsave -a ! -L %D/%%OPENSSLDIR%%/certs.pkgsave ] && mv %D/%%OPENSSLDIR%%/certs %D/%%OPENSSLDIR%%/certs.pkgsave; fi >diff --git a/security/openssl30/Makefile b/security/openssl30/Makefile >index 6a9300d60d5d..d89113a6e215 100644 >--- a/security/openssl30/Makefile >+++ b/security/openssl30/Makefile >@@ -1,6 +1,6 @@ > PORTNAME= openssl > PORTVERSION= 3.0.11 >-PORTREVISION= 1 >+PORTREVISION= 2 > CATEGORIES= security devel > MASTER_SITES= https://www.openssl.org/source/ \ > ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/ >@@ -186,6 +186,8 @@ post-install-SHARED-off: > > post-install: > ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl >+ ${RMDIR} ${STAGEDIR}${OPENSSLDIR}/certs >+ ${LN} -s /etc/ssl/certs ${STAGEDIR}${OPENSSLDIR}/certs > > post-install-MAN3-on: > ( cd ${STAGEDIR}/${PREFIX} ; find man/man3 -not -type d ; \ >diff --git a/security/openssl30/pkg-plist b/security/openssl30/pkg-plist >index 04b64446394e..2fc3ea82540a 100644 >--- a/security/openssl30/pkg-plist >+++ b/security/openssl30/pkg-plist >@@ -264,6 +264,7 @@ man/man1/x509.1ossl.gz > man/man5/config.5ossl.gz > man/man5/fips_config.5ossl.gz > man/man5/x509v3_config.5ossl.gz >+%%OPENSSLDIR%%/certs > %%OPENSSLDIR%%/misc/CA.pl > @comment %%OPENSSLDIR%%/misc/tsget.pl > %%OPENSSLDIR%%/misc/tsget >@@ -272,4 +273,4 @@ man/man5/x509v3_config.5ossl.gz > @sample %%OPENSSLDIR%%/openssl.cnf.dist %%OPENSSLDIR%%/openssl.cnf > @dir lib/ossl-modules > @dir %%OPENSSLDIR%%/private >-@dir %%OPENSSLDIR%%/certs >+@preexec if [ -d %D/%%OPENSSLDIR%%/certs -a ! -L %D/%%OPENSSLDIR%%/certs ]; then [ ! -e %D/%%OPENSSLDIR%%/certs.pkgsave -a ! -L %D/%%OPENSSLDIR%%/certs.pkgsave ] && mv %D/%%OPENSSLDIR%%/certs %D/%%OPENSSLDIR%%/certs.pkgsave; fi >diff --git a/security/openssl31/Makefile b/security/openssl31/Makefile >index bea63e395a88..a8ada37bbc01 100644 >--- a/security/openssl31/Makefile >+++ b/security/openssl31/Makefile >@@ -1,6 +1,6 @@ > PORTNAME= openssl > PORTVERSION= 3.1.3 >-PORTREVISION= 1 >+PORTREVISION= 2 > CATEGORIES= security devel > MASTER_SITES= https://www.openssl.org/source/ \ > ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/ >@@ -186,6 +186,8 @@ post-install-SHARED-off: > > post-install: > ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl >+ ${RMDIR} ${STAGEDIR}${OPENSSLDIR}/certs >+ ${LN} -s /etc/ssl/certs ${STAGEDIR}${OPENSSLDIR}/certs > > post-install-MAN3-on: > ( cd ${STAGEDIR}/${PREFIX} ; find man/man3 -not -type d ; \ >diff --git a/security/openssl31/pkg-plist b/security/openssl31/pkg-plist >index 04b64446394e..2fc3ea82540a 100644 >--- a/security/openssl31/pkg-plist >+++ b/security/openssl31/pkg-plist >@@ -264,6 +264,7 @@ man/man1/x509.1ossl.gz > man/man5/config.5ossl.gz > man/man5/fips_config.5ossl.gz > man/man5/x509v3_config.5ossl.gz >+%%OPENSSLDIR%%/certs > %%OPENSSLDIR%%/misc/CA.pl > @comment %%OPENSSLDIR%%/misc/tsget.pl > %%OPENSSLDIR%%/misc/tsget >@@ -272,4 +273,4 @@ man/man5/x509v3_config.5ossl.gz > @sample %%OPENSSLDIR%%/openssl.cnf.dist %%OPENSSLDIR%%/openssl.cnf > @dir lib/ossl-modules > @dir %%OPENSSLDIR%%/private >-@dir %%OPENSSLDIR%%/certs >+@preexec if [ -d %D/%%OPENSSLDIR%%/certs -a ! -L %D/%%OPENSSLDIR%%/certs ]; then [ ! -e %D/%%OPENSSLDIR%%/certs.pkgsave -a ! -L %D/%%OPENSSLDIR%%/certs.pkgsave ] && mv %D/%%OPENSSLDIR%%/certs %D/%%OPENSSLDIR%%/certs.pkgsave; fi >diff --git a/security/openssl32/Makefile b/security/openssl32/Makefile >index 8009b84c589d..09cecf900278 100644 >--- a/security/openssl32/Makefile >+++ b/security/openssl32/Makefile >@@ -1,5 +1,6 @@ > PORTNAME= openssl > DISTVERSION= 3.2.0-alpha1 >+PORTREVISION= 1 > CATEGORIES= security devel > MASTER_SITES= https://www.openssl.org/source/ \ > ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/ >@@ -199,6 +200,8 @@ post-install-SHARED-off: > > post-install: > ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl >+ ${RMDIR} ${STAGEDIR}${OPENSSLDIR}/certs >+ ${LN} -s /etc/ssl/certs ${STAGEDIR}${OPENSSLDIR}/certs > > post-install-MAN3-on: > ( cd ${STAGEDIR}/${PREFIX} ; find man/man3 -not -type d ; \ >diff --git a/security/openssl32/pkg-plist b/security/openssl32/pkg-plist >index bbb45b11ce26..464c7c096f9e 100644 >--- a/security/openssl32/pkg-plist >+++ b/security/openssl32/pkg-plist >@@ -267,6 +267,7 @@ man/man1/x509.1ossl.gz > man/man5/config.5ossl.gz > man/man5/fips_config.5ossl.gz > man/man5/x509v3_config.5ossl.gz >+%%OPENSSLDIR%%/certs > %%OPENSSLDIR%%/misc/CA.pl > @comment %%OPENSSLDIR%%/misc/tsget.pl > %%OPENSSLDIR%%/misc/tsget >@@ -274,4 +275,4 @@ man/man5/x509v3_config.5ossl.gz > %%OPENSSLDIR%%/fipsmodule.cnf > @sample %%OPENSSLDIR%%/openssl.cnf.dist %%OPENSSLDIR%%/openssl.cnf > @dir %%OPENSSLDIR%%/private >-@dir %%OPENSSLDIR%%/certs >+@preexec if [ -d %D/%%OPENSSLDIR%%/certs -a ! -L %D/%%OPENSSLDIR%%/certs ]; then [ ! -e %D/%%OPENSSLDIR%%/certs.pkgsave -a ! -L %D/%%OPENSSLDIR%%/certs.pkgsave ] && mv %D/%%OPENSSLDIR%%/certs %D/%%OPENSSLDIR%%/certs.pkgsave; fi >-- >2.42.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=245112">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 269473
:
240059
|
240060
| 245112