diff options
author | nia <nia@pkgsrc.org> | 2020-07-07 23:47:40 +0000 |
---|---|---|
committer | nia <nia@pkgsrc.org> | 2020-07-07 23:47:40 +0000 |
commit | 113f193393c8e91132aad4380acb769f7b36df4b (patch) | |
tree | 02c40e5fd6ad071faf9c2bab60deea1b60d8ad5a /security | |
parent | 5d16cfedfde7c81370ad27178d4e5711565bab41 (diff) | |
download | pkgsrc-113f193393c8e91132aad4380acb769f7b36df4b.tar.gz |
security: Remove boringssl
This is a really old version that is likely vulnerable.
AFAIK the only consumer of boringssl is Chromium which vendors its
own variant, otherwise the library is just for internal Google use
Diffstat (limited to 'security')
-rw-r--r-- | security/Makefile | 3 | ||||
-rw-r--r-- | security/boringssl/DESCR | 19 | ||||
-rw-r--r-- | security/boringssl/Makefile | 48 | ||||
-rw-r--r-- | security/boringssl/PLIST | 77 | ||||
-rw-r--r-- | security/boringssl/distinfo | 13 | ||||
-rw-r--r-- | security/boringssl/patches/patch-crypto__bio__bio_test.cc | 16 | ||||
-rw-r--r-- | security/boringssl/patches/patch-crypto__bio__internal.h | 15 | ||||
-rw-r--r-- | security/boringssl/patches/patch-crypto__bio__socket_helper.c | 17 | ||||
-rw-r--r-- | security/boringssl/patches/patch-crypto__lhash__lhash_test.c | 16 | ||||
-rw-r--r-- | security/boringssl/patches/patch-crypto__mem.c | 16 | ||||
-rw-r--r-- | security/boringssl/patches/patch-crypto_aes_aes__test.cc | 15 | ||||
-rw-r--r-- | security/boringssl/patches/patch-include__openssl__thread.h | 16 |
12 files changed, 1 insertions, 270 deletions
diff --git a/security/Makefile b/security/Makefile index 1fca6142461..45dca8a5661 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.771 2020/07/02 17:59:02 nia Exp $ +# $NetBSD: Makefile,v 1.772 2020/07/07 23:47:40 nia Exp $ # COMMENT= Security tools @@ -31,7 +31,6 @@ SUBDIR+= bcrypt SUBDIR+= bearssl SUBDIR+= beecrypt SUBDIR+= bitstir -SUBDIR+= boringssl SUBDIR+= botan SUBDIR+= botan-devel SUBDIR+= ca-certificates diff --git a/security/boringssl/DESCR b/security/boringssl/DESCR deleted file mode 100644 index 7935d0ea0fb..00000000000 --- a/security/boringssl/DESCR +++ /dev/null @@ -1,19 +0,0 @@ -BoringSSL is a fork of OpenSSL that is designed to meet Google's -needs. - -Although BoringSSL is an open source project, it is not intended for -general use, as OpenSSL is. We don't recommend that third parties -depend upon it. Doing so is likely to be frustrating because there -are no guarantees of API or ABI stability. - -Programs ship their own copies of BoringSSL when they use it and we -update everything as needed when deciding to make API changes. This -allows us to mostly avoid compromises in the name of compatibility. -It works for us, but it may not work for you. - -BoringSSL arose because Google used OpenSSL for many years in various -ways and, over time, built up a large number of patches that were -maintained while tracking upstream OpenSSL. As Google's product -portfolio became more complex, more copies of OpenSSL sprung up and -the effort involved in maintaining all these patches in multiple -places was growing steadily. diff --git a/security/boringssl/Makefile b/security/boringssl/Makefile deleted file mode 100644 index ae81a74767c..00000000000 --- a/security/boringssl/Makefile +++ /dev/null @@ -1,48 +0,0 @@ -# $NetBSD: Makefile,v 1.13 2020/04/12 19:40:22 joerg Exp $ - -DISTNAME= boringssl-20151230 -PKGREVISION= 9 -CATEGORIES= security -MASTER_SITES= ${MASTER_SITE_LOCAL} - -MAINTAINER= pkgsrc-users@NetBSD.org -HOMEPAGE= https://boringssl.googlesource.com/boringssl/ -COMMENT= Fork of OpenSSL designed to meet Google's needs -LICENSE= openssl - -WRKSRC= ${WRKDIR}/boringssl - -.include "../../lang/go/version.mk" - -BUILD_DEPENDS+= ${GO_PACKAGE_DEP} - -USE_TOOLS+= cmake perl -USE_LANGUAGES+= c c++ - -AUTO_MKDIRS= yes - -SUBST_CLASSES+= go -SUBST_STAGE.go= post-patch -SUBST_FILES.go= CMakeLists.txt -SUBST_SED.go= -e '/find_program.GO_EXECUTABLE/s,go,${GO},' - -do-build: - mkdir -p ${WRKSRC}/build - cd ${WRKSRC}/build && ${SETENV} ${MAKE_ENV} cmake .. - cd ${WRKSRC}/build && ${SETENV} ${MAKE_ENV} make - -do-install: - for d in bssl/bin bssl/lib bssl/include/openssl; do \ - mkdir -p ${DESTDIR}${PREFIX}/$$d; \ - done - ${INSTALL_LIB} ${WRKSRC}/build/crypto/libcrypto.a ${DESTDIR}${PREFIX}/bssl/lib - ${INSTALL_LIB} ${WRKSRC}/build/ssl/libssl.a ${DESTDIR}${PREFIX}/bssl/lib - ${INSTALL_PROGRAM} ${WRKSRC}/build/ssl/test/bssl_shim ${DESTDIR}${PREFIX}/bssl/bin/bssl_shim - ${INSTALL_PROGRAM} ${WRKSRC}/build/ssl/ssl_test ${DESTDIR}${PREFIX}/bssl/bin/ssl_test - ${INSTALL_PROGRAM} ${WRKSRC}/build/tool/bssl ${DESTDIR}${PREFIX}/bssl/bin/bssl - (cd ${WRKSRC}/include/openssl && \ - for f in *.h; do \ - ${INSTALL_DATA} $$f ${DESTDIR}${PREFIX}/bssl/include/openssl/$$f; \ - done) - -.include "../../mk/bsd.pkg.mk" diff --git a/security/boringssl/PLIST b/security/boringssl/PLIST deleted file mode 100644 index d85db7ec62c..00000000000 --- a/security/boringssl/PLIST +++ /dev/null @@ -1,77 +0,0 @@ -@comment $NetBSD: PLIST,v 1.1.1.1 2015/12/31 02:57:35 agc Exp $ -bssl/bin/bssl -bssl/bin/bssl_shim -bssl/bin/ssl_test -bssl/include/openssl/aead.h -bssl/include/openssl/aes.h -bssl/include/openssl/arm_arch.h -bssl/include/openssl/asn1.h -bssl/include/openssl/asn1_mac.h -bssl/include/openssl/asn1t.h -bssl/include/openssl/base.h -bssl/include/openssl/base64.h -bssl/include/openssl/bio.h -bssl/include/openssl/blowfish.h -bssl/include/openssl/bn.h -bssl/include/openssl/buf.h -bssl/include/openssl/buffer.h -bssl/include/openssl/bytestring.h -bssl/include/openssl/cast.h -bssl/include/openssl/chacha.h -bssl/include/openssl/cipher.h -bssl/include/openssl/cmac.h -bssl/include/openssl/conf.h -bssl/include/openssl/cpu.h -bssl/include/openssl/crypto.h -bssl/include/openssl/curve25519.h -bssl/include/openssl/des.h -bssl/include/openssl/dh.h -bssl/include/openssl/digest.h -bssl/include/openssl/dsa.h -bssl/include/openssl/dtls1.h -bssl/include/openssl/ec.h -bssl/include/openssl/ec_key.h -bssl/include/openssl/ecdh.h -bssl/include/openssl/ecdsa.h -bssl/include/openssl/engine.h -bssl/include/openssl/err.h -bssl/include/openssl/evp.h -bssl/include/openssl/ex_data.h -bssl/include/openssl/hkdf.h -bssl/include/openssl/hmac.h -bssl/include/openssl/lhash.h -bssl/include/openssl/lhash_macros.h -bssl/include/openssl/md4.h -bssl/include/openssl/md5.h -bssl/include/openssl/mem.h -bssl/include/openssl/obj.h -bssl/include/openssl/obj_mac.h -bssl/include/openssl/objects.h -bssl/include/openssl/opensslfeatures.h -bssl/include/openssl/opensslv.h -bssl/include/openssl/ossl_typ.h -bssl/include/openssl/pem.h -bssl/include/openssl/pkcs12.h -bssl/include/openssl/pkcs7.h -bssl/include/openssl/pkcs8.h -bssl/include/openssl/poly1305.h -bssl/include/openssl/pqueue.h -bssl/include/openssl/rand.h -bssl/include/openssl/rc4.h -bssl/include/openssl/rsa.h -bssl/include/openssl/safestack.h -bssl/include/openssl/sha.h -bssl/include/openssl/srtp.h -bssl/include/openssl/ssl.h -bssl/include/openssl/ssl3.h -bssl/include/openssl/stack.h -bssl/include/openssl/stack_macros.h -bssl/include/openssl/thread.h -bssl/include/openssl/time_support.h -bssl/include/openssl/tls1.h -bssl/include/openssl/type_check.h -bssl/include/openssl/x509.h -bssl/include/openssl/x509_vfy.h -bssl/include/openssl/x509v3.h -bssl/lib/libcrypto.a -bssl/lib/libssl.a diff --git a/security/boringssl/distinfo b/security/boringssl/distinfo deleted file mode 100644 index 99f2e8fd5e9..00000000000 --- a/security/boringssl/distinfo +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: distinfo,v 1.2 2016/12/21 13:38:16 joerg Exp $ - -SHA1 (boringssl-20151230.tar.gz) = eb3681358044990bc54c9ab58a3ce8d951edd022 -RMD160 (boringssl-20151230.tar.gz) = cf2b15e5dc261efcba44cb493947e9c48d346c36 -SHA512 (boringssl-20151230.tar.gz) = 868e53f5cc695c115b261cae67855f95bc017278aecb86b57941a8f0bfa553cb01ebc8cef65d82c18c65cf34b36fbd33a663805b1fcde37f40a88a11c30d7b73 -Size (boringssl-20151230.tar.gz) = 21984504 bytes -SHA1 (patch-crypto__bio__bio_test.cc) = 441f14b565c566528d175d56fec34b905c1400cf -SHA1 (patch-crypto__bio__internal.h) = ca998dc82f208fcc46144c932154c456474a9e88 -SHA1 (patch-crypto__bio__socket_helper.c) = 6ac17f5899817522d3ba883a88d87b5d8541213e -SHA1 (patch-crypto__lhash__lhash_test.c) = 9f411a45fcb8d861911f8ef69651f591a70211b2 -SHA1 (patch-crypto__mem.c) = 186c7f7af8b28defc80266a351456328df0976cc -SHA1 (patch-crypto_aes_aes__test.cc) = d5c442101a42ca46456cb42b6e4cea053f7a98cb -SHA1 (patch-include__openssl__thread.h) = 0faf11db8591026c10ae3271936b1ef6381d977a diff --git a/security/boringssl/patches/patch-crypto__bio__bio_test.cc b/security/boringssl/patches/patch-crypto__bio__bio_test.cc deleted file mode 100644 index 24e5ee69dff..00000000000 --- a/security/boringssl/patches/patch-crypto__bio__bio_test.cc +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-crypto__bio__bio_test.cc,v 1.1.1.1 2015/12/31 02:57:35 agc Exp $ - -NetBSD portability patches - ---- crypto/bio/bio_test.cc.orig 2015-12-30 15:55:50.000000000 -0800 -+++ crypto/bio/bio_test.cc 2015-12-30 18:06:05.000000000 -0800 -@@ -13,7 +13,9 @@ - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - - #if !defined(_POSIX_C_SOURCE) -+# if !defined(__NetBSD__) - #define _POSIX_C_SOURCE 201410L -+# endif - #endif - - #include <openssl/base.h> diff --git a/security/boringssl/patches/patch-crypto__bio__internal.h b/security/boringssl/patches/patch-crypto__bio__internal.h deleted file mode 100644 index de0fa77e10c..00000000000 --- a/security/boringssl/patches/patch-crypto__bio__internal.h +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-crypto__bio__internal.h,v 1.1.1.1 2015/12/31 02:57:35 agc Exp $ - -NetBSD portability patches - ---- crypto/bio/internal.h.orig 2015-12-30 15:55:50.000000000 -0800 -+++ crypto/bio/internal.h 2015-12-30 18:06:05.000000000 -0800 -@@ -59,6 +59,8 @@ - - #include <openssl/base.h> - -+#include <netdb.h> -+ - #if !defined(OPENSSL_WINDOWS) - #if defined(OPENSSL_PNACL) - /* newlib uses u_short in socket.h without defining it. */ diff --git a/security/boringssl/patches/patch-crypto__bio__socket_helper.c b/security/boringssl/patches/patch-crypto__bio__socket_helper.c deleted file mode 100644 index e8f3c01e3ce..00000000000 --- a/security/boringssl/patches/patch-crypto__bio__socket_helper.c +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-crypto__bio__socket_helper.c,v 1.1.1.1 2015/12/31 02:57:35 agc Exp $ - -NetBSD portability patches - ---- crypto/bio/socket_helper.c.orig 2015-12-30 15:55:50.000000000 -0800 -+++ crypto/bio/socket_helper.c 2015-12-30 18:06:05.000000000 -0800 -@@ -12,8 +12,10 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -+#if !defined(__NetBSD__) - #undef _POSIX_C_SOURCE - #define _POSIX_C_SOURCE 200112L -+#endif - - #include <openssl/bio.h> - #include <openssl/err.h> diff --git a/security/boringssl/patches/patch-crypto__lhash__lhash_test.c b/security/boringssl/patches/patch-crypto__lhash__lhash_test.c deleted file mode 100644 index 98f58a8b258..00000000000 --- a/security/boringssl/patches/patch-crypto__lhash__lhash_test.c +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-crypto__lhash__lhash_test.c,v 1.1.1.1 2015/12/31 02:57:35 agc Exp $ - -NetBSD portability patches - ---- crypto/lhash/lhash_test.c.orig 2015-12-30 15:55:51.000000000 -0800 -+++ crypto/lhash/lhash_test.c 2015-12-30 18:06:05.000000000 -0800 -@@ -13,7 +13,9 @@ - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - - #if !defined(_POSIX_C_SOURCE) -+# if !defined(__NetBSD__) - #define _POSIX_C_SOURCE 201410L -+# endif - #endif - - #include <openssl/crypto.h> diff --git a/security/boringssl/patches/patch-crypto__mem.c b/security/boringssl/patches/patch-crypto__mem.c deleted file mode 100644 index 2ca276ad3c8..00000000000 --- a/security/boringssl/patches/patch-crypto__mem.c +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-crypto__mem.c,v 1.1.1.1 2015/12/31 02:57:35 agc Exp $ - -NetBSD portability patches - ---- crypto/mem.c.orig 2015-12-30 15:55:51.000000000 -0800 -+++ crypto/mem.c 2015-12-30 18:06:05.000000000 -0800 -@@ -55,7 +55,9 @@ - * [including the GNU Public Licence.] */ - - #if !defined(_POSIX_C_SOURCE) -+# if !defined(__NetBSD__) - #define _POSIX_C_SOURCE 201410L /* needed for strdup, snprintf, vprintf etc */ -+# endif - #endif - - #include <openssl/mem.h> diff --git a/security/boringssl/patches/patch-crypto_aes_aes__test.cc b/security/boringssl/patches/patch-crypto_aes_aes__test.cc deleted file mode 100644 index a6687ce64c6..00000000000 --- a/security/boringssl/patches/patch-crypto_aes_aes__test.cc +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-crypto_aes_aes__test.cc,v 1.1 2016/12/21 13:38:16 joerg Exp $ - -main() does not return bool. - ---- crypto/aes/aes_test.cc.orig 2016-12-21 00:28:18.783846441 +0000 -+++ crypto/aes/aes_test.cc -@@ -94,7 +94,7 @@ int main() { - "\x88\x99\xaa\xbb\xcc\xdd\xee\xff", - (const uint8_t *)"\x8e\xa2\xb7\xca\x51\x67\x45\xbf" - "\xea\xfc\x49\x90\x4b\x49\x60\x89")) { -- return false; -+ return 0; - } - - printf("PASS\n"); diff --git a/security/boringssl/patches/patch-include__openssl__thread.h b/security/boringssl/patches/patch-include__openssl__thread.h deleted file mode 100644 index 1c0ede384ca..00000000000 --- a/security/boringssl/patches/patch-include__openssl__thread.h +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-include__openssl__thread.h,v 1.1.1.1 2015/12/31 02:57:35 agc Exp $ - -NetBSD portability patches - ---- include/openssl/thread.h.orig 2015-12-30 15:55:52.000000000 -0800 -+++ include/openssl/thread.h 2015-12-30 18:06:05.000000000 -0800 -@@ -87,6 +87,9 @@ - typedef union crypto_mutex_st { - double alignment; - uint8_t padding[3*sizeof(int) + 5*sizeof(unsigned) + 16 + 8]; -+#if defined(__NetBSD__) -+ uint8_t nbpad[64 + 8]; -+#endif - } CRYPTO_MUTEX; - #endif - |