Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[openssl] bump to 1.0.2p CVE-2018-0732 #4130

Merged
merged 6 commits into from
Sep 2, 2018
Merged

[openssl] bump to 1.0.2p CVE-2018-0732 #4130

merged 6 commits into from
Sep 2, 2018

Conversation

@msftclas
Copy link

msftclas commented Aug 21, 2018

CLA assistant check
All CLA requirements met.

@the-j0k3r
Copy link
Contributor Author

@ras0219-msft Thanks :)

@the-j0k3r
Copy link
Contributor Author

@ras0219-msft May I ask, is there a reason to delay this being merged?

@ras0219-msft ras0219-msft merged commit 88bc189 into microsoft:master Sep 2, 2018
@ras0219-msft
Copy link
Contributor

Nope, sorry for the delay and thanks for the PR!

@the-j0k3r
Copy link
Contributor Author

No problem, also thx for the assist :) much appreciated.

brc-intelight added a commit to Intelight/vcpkg that referenced this pull request Sep 19, 2018
* [fmt] Update to 5.1.0

* Fix error C2338 in botan

* [magnum-integration] Add feature for upcoming GlmIntegration library (microsoft#3869)

* [pybind11] Update to 2.2.3 (microsoft#3879)

* Update osgEarth (microsoft#3878)

* Fixing ogdf and liblemon compile issues on ubuntu (microsoft#3847)

* Fixing ogdf and liblemon compile issues on ubuntu

* [ogdf] Avoid patch by passing cmake options

* [FlatBuffers] Support Non-Windows Platforms (microsoft#3873)

* [FlatBuffers] Patch to ignore the use of a CMake toolchain file which allows the default compilation options to be used.
Use CMake suffixes to allow flatc and shared libraries to be copied on non-Windows systems.

* [flatbuffers] Avoid use of CMAKE_EXECUTABLE_SUFFIX

* Removed unnecessary cmake patch for azure-storage-cpp start from 5.0.0 (microsoft#3883)

* [vcpkg-ci] Fix bug in "vcpkg ci" which results in different features being installed than originally desired.

* Update RESTinio to v.0.4.7. (microsoft#3884)

* Update http-parser version to 2.8.1. (microsoft#3887)

* [realsense2] Update to v2.13.0

Update realsense2 port to librealsense v2.13.0.

* [string-theory] Update to 2.1.

* Update ITK portfile.cmake to fix build on Windows.

Fixes ITK build on Windows. See microsoft#3115 for more details.

* [live555] Update to 2018.07.07 (microsoft#3895)

* [live555] Update to 2018.07.07

* [live555] Update SHA512 hash too.

* [liblzma] Enabled UWP builds

* [dlib] update to 19.15

* [osgearth] Update osgPlugins folder to 3.6.2 (microsoft#3920)

* Update osgPlugins folder to 3.6.2

Update osgPlugins folder to 3.6.2 to stay in sync with osg package.

* [osgearth] Detect osgplugins version automatically

* [grpc] Update to v1.12.0 [protobuf] Update to v3.6.0.1

* [vcpkg] Use -fPIC in all builds to enable mixing static libs with shared objects.

* [angle] Depend on egl-registry instead of deploying vendored copies of EGL and KHR.

* [glib] Add unofficial exports to propagate static dependencies

* [openssl] Split openssl into multiple ports per platform

* [pybind11] update to 2.2.3 and remove unwanted python dependancies fr… (microsoft#3812)

* [pybind11] update to 2.2.3 and remove unwanted python dependancies from CONTROL

* update sol2/pybind11 CONTROL file

* [openssl] Add usage file

* fix small bug in find_from_PATH (which prevents from using already installed tool) (microsoft#3904)

* [curl] update to 7.61.0 (microsoft#3901)

* [curl] update to 7.61.0

* [curl] Fix wrong checksum.

* [curl] Remove winssl-http2 patch which is not needed anymore.

per curl/curl#2591.

* [osg-qt] Add missing Qt dependency

* [libssh2] switch from tarball download to github

* fixed rttr not building on windows because of bad handling of empty cmake vars in portfile.cmake

* [Catch2] Update to 2.3.0 (microsoft#3959)

* [Catch2] Update to 2.3.0

* [Catch2] Fix version in CONTROL file to 2.3

* Fix case mismatch in licence file path (microsoft#3956)

* [openvr] update to 1.0.16 (microsoft#3967)

* [sciter] Update to 4.2.2.6090 (microsoft#3964)

* [sciter] Update to 4.2.0.6064

* [sciter] Update to 4.2.1.6085

* [sciter] Update to 4.2.2.6090

* [shiva] update to 0.6 portfile.cmake (microsoft#3943)

* [shiva] update to 0.6 and update dependancies (microsoft#3942)

* Fix grammar issue (microsoft#3938)

* Update Botan to the latest commit

* [log4cplus] upgrade to REL_2_0_1. (microsoft#3933)

* Install sodium.h

* [libodb-mysql] adapter mysql 8.0

* [log4cplus] upgrade to REL_2_0_1.

* Update the HASH for pmdk and libp7-baical

* Add getopt port

* New port: readline

* [libmorton] Initial libmorton port

* [pmdk, libp7-baical] Bump revision number

* Update portfile.cmake

* [nlopt] Bump CONTROL file

* [Eigen3] Update to 3.3.5 (microsoft#3949)

* Update portfile.cmake

* Update CONTROL

* fix pixman and cairo for macOS (microsoft#3923)

* fix pixman error message about Unknown thread local support

* fixes for building cairo on macOS

* corrected appending files to sources

* [cairo][pixman] Bump package versions to include source code changes

* [pcg] add pcg implementation (microsoft#3966)

* Upgrade to intermediate liblzma version

* Update liblzma to version 5.2.4

* Update Boost DI to 1.0.2 (microsoft#3988)

* [cxxopts] Install via cmake (microsoft#3985)

* Add laszip (microsoft#3978)

* Added laszip package

* Added laszip dependency to pdal

* Cleanup laszip port file

* [laszip] Use LASZIP_BUILD_STATIC

* [pdal] Bump version to include new dependency laszip

* Upgrade protobuf to 3.6.1.

The 3.6.0.1 version of protobuf did not work correctly on Windows,
the 3.6.1 version allegedly does (and my tests pass).

* Initial addition of native visualizer, to improve debugging experience. (microsoft#3906)

* Add python2 port

* [protobuf] Update to 3.6.1

* [cpprestsdk] Update to 2.10.3

* Shiva sfml port (microsoft#4011)

* [shiva] update to 0.7

* [shiva] shiva-sfml plugins

* [shiva] update hash

* Update CONTROL

* add libcheck port (microsoft#3998)

* add check port

* [check] Use vcpkg_from_github() and vcpkg_fixup_cmake_targets()

* Update CONTROL (microsoft#4013)

* Upgrades 2018.06.31

* Add a port for https://github.com/graphql/libgraphqlparser (microsoft#3953)

* Add support for libgraphqlparser in Windows and Linux

* Make the vcpkg_find_acquire_package calls run only for WIN32

* Switch to a SHARED library on Windows (DLL)

* [libgeotiff] support linux build (microsoft#3843)

* [libgeotiff] fix compile on linux

Fix cmake libtiff functions detetion failure
caused by finding no functions in libm.

Signed-off-by: Hiroshi Miura <miurahr@linux.com>

* [libgeotiff] fix utility binary handling in linux

Signed-off-by: Hiroshi Miura <miurahr@linux.com>

* [tiff] Fix static transitive dependencies

* [libgeotiff] Fix .dll and .exe manipulation

* [leptonica] Find dependencies in installed cmake config file

* [tiff] Do not add cmake targets to TIFF_LIBRARIES

* [tiff] Link consumers against m on unix platforms

* [Live555] Add missing symbols due to missing C files and copy paste bug (microsoft#4002)

* Add missing symbols due to missing C files and copy paste bug

* [live555] Bump control version to include package change

* Update to 0.9.6 (microsoft#4015)

* Update to 0.9.6

* [podofo] Use https and avoid downloaded archive conflicts

* [shiva] update shiva to 0.7.2 with proper plugins installation (microsoft#4014)

* [spdlog] update to 1.0.0 (microsoft#4025)

* [spdlog] update to 1.0.0

* [spdlog] Fix cmake targets

* [plib] new contribution (microsoft#4018)

* [plib] new contribution

* [plib] Note that only static linkage is supported.

* [plib] Rename libraries to avoid conflicts from excessively general names

* [liblzma] Bump CONTROL version

* [fastrtps][forest][octomap][sol2] Update hashes

* Fix CMAKE_EXECUTABLE_SUFFIX not available under cmake -P

* [libgit2] update to 0.27.4 (microsoft#4021)

* [libgit2] update to 0.27.3

* [libgit2] Allow vcpkg_configure_cmake() to control BUILD_SHARED_LIBS

* [libgit2] update 0.27.4 see: https://github.com/libgit2/libgit2/releases/tag/v0.27.4

* [libgit2] Depend on openssl on non-windows platforms

* Freeimage/libraw/lcms debug build fixes (microsoft#3643)

* Patch libraw-local FindLCMS2.cmake to handle debug postfix

* Remove library statement from def as name is incorrect for debug builds

https://msdn.microsoft.com/en-us/library/d91k01sh.aspx claims it is
required, but works fine (better) without.

* Patch FindLibRaw.cmake to handle debug postfix

* [lcms] Use vcpkg_from_github()'s PATCHES parameter

* Added DCMTK port (microsoft#3491)

* added dcmtk port

* [dcmtk] Cleanup and use vcpkg_from_github()

* libsndfile: Add feature to make additional libraries optional (microsoft#3528)

* libsndfile: Add feature to make additional libraries optional

* [libsndfile] Make external-libs a default feature

* [libsndfile] Fix typo

* opusfile: Add feature for disabling the openssl dependency (microsoft#3527)

* opusfile: Add feature for disabling the openssl dependency

* [opusfile] Rename feature openssl -> opusurl to better describe this library's interface

* [sfml] Fix using release freetype in debug mode

* [thor][sfgui] Fix outdated FindSFML.cmake files

* New packages: libimobiledevice, getopt, readline (microsoft#3504)

* Add libplist

* Add libusbmuxd

* Fix typos

* Add getopt

* Add libimobiledevice

* Fix typos

* Add libideviceactivation

* Add ideviceinstaller

* Include utilities

* Install usbmuxd

* Add readline

* Fix readline on 64-bit windows

* Add libirecovery

* libideviceactivation: include tools

* Bump versions to fix build issues

* Bump versions

* Add idevicerestore

* [getopt][getopt-win32] Rename to getopt-win32 and only install on Windows Desktop

* [readline][readline-win32] Rename to readline-win32 and only install for Windows Desktop

* [vcpkg_from_github][vcpkg_apply_patches] Make PATCHES relative to the current port directory

* [vcpkg_install_msbuild][vcpkg_check_linkage] Introduce vcpkg_install_msbuild() and vcpkg_check_linkage().

* [libimobiledevice et al] Use vcpkg_from_github() and vcpkg_install_msbuild()

* [readline] Fix static builds

* [docs] Add docs for vcpkg_from_gitlab()

* [docs] Fix GITLAB_INSTANCE-> GITLAB_URL

* breakpad: Enable building the libbreakpad_client library (microsoft#4008)

* breakpad: Enable building the libbreakpad_client library

That's the library that allows creating and uploading .dmp files
when a program crashes.

Use the same flags and setup as for libbreakpad, just note that
this commit changes the installation folder for headers which
was previously incorrect:
The libbreakpad headers were installed in include/google_breakpad,
but the correct path is include/breakpad/google_breakpad,
and client headers go into include/breakpad/client/windows.

* [breakpad] Install headers one directory higher

* [breakpad] Switch to only build static libraries. Disable libbreakpad_client on non-windows due to additional work required.

* [.gitignore] Remove scripts/buildsystems from .gitignore. Fixes microsoft#4032

* [bzip2] Add mirror

* [assimp] Fix release/debug library issue. Fixes microsoft#4026.

* [README.md] Remove outdated VSTS badge

* add fmilib port

* Updated tesseract to 3.05.02

* Upgrade to ACE 6.5.1

    * ports/ace/CONTROL:
    * ports/ace/portfile.cmake:

* Remove invalid URL to bzip.org site

We cannot download http://www.bzip.org/1.0.6/bzip2-1.0.6.tar.gz
It looks like the bzip.org domain is not registered anymore.

* Remove redshell since it is no longer available

* [lodepng] fix build on windows

* [asio] fixed download url (microsoft#4050)

The original URL is not all accessible.

* [allegro5] Update description to 5.2.4.0

* [allegro5] Update portfile to 5.2.4.0

* [openssl-unix] Fix for issue microsoft#4001

[vcpkg_configure_cmake] Use the correct path separators for the current platform instead of assuming ;

* fxied boost-function depends. (microsoft#4049)

* [vcpkg_from_github] Improve documentation to include PATCHES argument

* Update json_dto library to 0.2.6. (microsoft#4059)

* Update json_dto library to 0.2.6.

* [json-dto] Inline version

* [harfbuzz] Update repository URL (microsoft#4061)

* nuget export: fix displayed file name (microsoft#4068)

* Initial addition of native visualizer, to improve debugging experience.

* Fix displayed export name, to match the real file name

* [shiva] update to 0.9 (microsoft#4070)

* [mbedtls] update mbedtls to 2.12.0 (microsoft#4064)

* [grpc] Update grpc to v1.14.1 (microsoft#4056)

* [grpc] Update grpc to v1.14.1

* [grpc] Adopt newer conventions

* [embree] Update embree to 3.2.0 (microsoft#4065)

* Update embree to 3.2.0

* [embree] Use vcpkg_from_github()

* [embree2][embree3] Split embree

* [embree2][embree3] Fix license deployment location

* fix issue microsoft#3683 - fix ICU build on Linux (microsoft#3685)

* fix issue microsoft#3683 - fix ICU build on Linux

The following changes allow ICU to build on Linux:
- use the ICU tgz distribution rather than the zip file, to avoid CRLF
  line endings on Linux
- don't use MSYS on Linux
- fix runConfigureICU options for Linux
- fix CFLAGS, CXXFLAGS, and LDFLAGS for Linux
- don't rename the resulting libraries on Linux

* [icu] Enable VCPKG_CXX_FLAGS

* [icu] Formatting

* [folly] Do not use -Werror

* [live555] Update to 2018.08.05 (microsoft#4087)

* [pybind11] Apply patch for alias templates

* [readerwriterqueue] Add new package (microsoft#4096)

* [shiva] update to 1.0 (microsoft#4088)

* [shiva] update to 0.9

* [shiva] update to 1.0

* [cpprestsdk] 2.10.4

* [boost-python] Apply fix for MSVC /permissive-

* [cpprestsdk] Update to v2.10.5

* [uriparser] Update to 0.8.6

* [shiva] update dependancies (microsoft#4105)

* [libgo] Fix boost-1.68

* [pcl] Support boost 1.68

* [boost] Update to 1.68.0

[boost-vcpkg-helpers] Improve include scanner

[boost-vcpkg-helpers] Fix boost/functional/hash -> boost/container_hash dependency

[boost-context] Install replacement boost/context/all.hpp to support FindBoost.cmake

[boost] Improve port dependency qualifiers for UWP

[boost-contract] Mark as known to fail for ARM

* [nlohmann-json] Update to 3.2.0 from 3.1.2 (microsoft#4129)

* CURL: allow building of http2 option for uwp (microsoft#4131)

* allow building of http2 option for uwp

* [curl] Revert version bump since package is unchanged

* Update to Blaze 3.4 (microsoft#4128)

* [new port] libmaxminddb init (microsoft#4132)

* maxminddb init

* [libmaxminddb] CMake cleanup. Build static lib instead of exporting all symbols on Windows.

* [concurrentqueue] Add new package (microsoft#4115)

* Add graphite2 support for harfbuzz. (microsoft#4097)

* Fix aquire flex and bison when not on Windows (microsoft#4120)

* use find_program to locate flex and bison when not Windows

* reset changes to thrift/portfile.cmake

* fix aquire flex and bison on non win platforms

* [vcpkg_find_acquire_program] Indentation and use CMAKE_HOST_WIN32

* [blaze] Fix the SHA512 in the 'portfile.cmake' (microsoft#4138)

* [blaze] Fix the SHA512 in the 'portfile.cmake'

* [blaze] Use commit SHA to avoid future tag movement. Fix patches.

* Fix typo in FAQ

* [xlnt] update to v1.3.0

* [osg] Update to 3.6.2 (microsoft#4136)

* [graphite2] Update to 1.3.12. Fixes microsoft#4091.

* [new port] wangle init (microsoft#4133)

* wangle init

* [wangle] Simplification

* [wangle] Fix finding gflags

* [chaiscript] 6.1.0 (microsoft#4110)

* Update RESTinio to v.0.4.8. (microsoft#4121)

* Update RESTinio to v.0.4.8.

* [restinio] Inline single-use variable

* [lmdb] Remove non-WIN32 dependencies on ntdll.lib. Fixed microsoft#4053 (microsoft#4054)

* Remove non-WIN32 dependencies on ntdll.lib. Fixed microsoft#4053

* [lmdb] Use vcpkg_from_github

* [lmdb] Fix broken SOURCE_PATH

* [chakracore] Fix Windows port CRT linkage (microsoft#4080)

* Fix Windows ChakraCore port CRT linkage

ChakraCore now supports both static and dynamic CRT linkage on Windows.

* [chakracore] Small cleanups

* [boost-build] Update to 1.68

* [imgui-sfml] introduce new port for imgui with sfml development (microsoft#4106)

* [imgui-sfml] introduce new port for imgui with sfml development

* [imgui-sfml] rename the port

* [milerius-sfml-imgui] Rename from sfml-imgui. Small cleanup

* libmodbus init closes microsoft#283

* [icu] Support for compiling static libraries.

* [docs] Add documentation for VCPKG_VISUAL_STUDIO_PATH

* [nghttp2] update to 1.32.1

* fix linux

error

```
CMake Error at ports/libraw/portfile.cmake:53 (file):
  file RENAME failed to rename
    /opt/vcpkg/packages/libraw_x64-linux/lib/raw_r.lib
  to
    /opt/vcpkg/packages/libraw_x64-linux/lib/raw.lib
  because: No such file or directory
Call Stack (most recent call first):
  scripts/ports.cmake:71 (include)
```

```
Include files should not be duplicated into the /debug/include directory. If this cannot be disabled in the project cmake, use
    file(REMOVE_RECURSE ${CURRENT_PACKAGES_DIR}/debug/include)
/debug/share should not exist. Please reorganize any important files, then use
    file(REMOVE_RECURSE ${CURRENT_PACKAGES_DIR}/debug/share)
Found 2 error(s). Please correct the portfile:
    /opt/vcpkg/ports/libraw/portfile.cmake
-- Performing post-build validation done
```

* [monkeys-audio] Fix x64-installation "file INSTALL cannot find" (microsoft#4159)

* Fix x64 "file INSTALL cannot find"

* [monkeys-audio] Use vcpkg_install_msbuild()

* [libraw] Replace WIN32 with VCPKG_CMAKE_SYSTEM_NAME

* intelrdfpmathlib init (microsoft#4168)

* [icu] Bump package version

* Update HEAD_REF for libimobiledevice-win32 projects (microsoft#4162)

* [libmodbus] Avoid check_include_file on Windows. Move inclues to root.

* [nanomsg] Update to 1.1.4 (microsoft#4158)

* fix thrift only copying compiler to tools on windows

* [nng] Add new package

* Fix build path for win-x86 platform

* Update boost-hana-msvc to use the official develop branch of boost.hana.

The REF contains the commit which enables building boost.hana with VS2017 15.8

BTW, VS2017 15.7 is no longer support after this.

* [boost-hana] Bump version

* [Live555] Update to latest

* [live555] update live555

* [live555] Improve error message

* *Update Meson to 0.47.1. (microsoft#4155)

*Fix acquire meson on Unix platforms.

* sais init

* darts clone init

* esaxx init

* woff2 init

* [vcpkg_download_distfile] Apply workaround from microsoft#3399

* [vcpkg] post-build cmake test (microsoft#3431)

* [vcpkg]  post-build cmake test

- test for applications with cmake build system
- Add a test feature to vcpkg core, make progress for microsoft#72
- Tests for zlib, bzip2, libiconv and openssl for example
- Test for curl will be failed, because of a bug microsoft#3053
  It can detect a this type of problems

* [vcpkg_test_cmake] Add MODULE parameter to explicitly specify which type of integration to test.

* [bzip2] Fix casing of cmake module name

* [brotli] Add unofficial targets

* [nng] Add mbedtls feature

* modp-base64 init

* fastfeat init

* linenoise init

* usrsctp init

* [openssl] bump to 1.0.2p CVE-2018-0732 (microsoft#4130)

* [openssl] bump to 1.0.2p CVE-2018-0732

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732

https://www.openssl.org/news/vulnerabilities.html

* [openssl-unix][openssl-windows] Update control files for 1.0.2p

* [openssl-windows][openssl-uwp] Update hashes

* [libusbmuxd][libplist] Disable LTCG to enable compiler upgrades

* [libirecovery] Add missing getopt dependency

* Update zlib version

* [nanodbc]Update to new URLS (microsoft#4221)

* Fix poco build on osx and linux

* Change poco to Poco as linux seems to be case-sensitive in this case

* [tbb] Add support for Linux and OSX

[tbb] Fix installed cmake file. Add vcpkg_test_cmake()

[tbb] Fix static non-windows builds

[tbb] Fix find_package() on Windows

* [GraphicsMagick] bug-fix: image files won't load (microsoft#4215)

* [GraphicsMagick] bug-fix: image files won't load

GM (GraphicsMagick) was failing to load image files, notably PNG or JPEG
images, as it was being compiled with support for 'GraphicsMagick
Modules'.  These are files with names specific to GM, and of the format,
'IM_*.dll'.  vcpkg's install process was not setting these up.  This
patch makes sure that when GM is built, it embed's GM's own
image-loading code into graphicsmagick.dll.

* [vcpkg_extract_source_archive_ex] Add PATCHES argument

* [openmesh] Use direct download instead of gitlab

* [blaze] Use PATCHES argument

* [graphicsmagick] Use vcpkg_extract_source_archive_ex

* [cpprestsdk] Update to 2.10.6

* [libpqxx] Fix non-Windows

* [vcpkg_extract_source_archive] Fix incorrect var usage in vcpkg_extract_source_archive

* [vcpkg_extract_source_archive] Fix incorrect var usage in vcpkg_extract_source_archive

* [poco] Use PATCHES argument. Avoid WIN32 because it is not defined in portfiles.

* [azure-storage-cpp] Upgrade to 5.1.0

* [curl] update curl to 7.61.1

* [ports] fix curl 001 patch, update nghttp2 to 1.33.0

* Updated Catch2 to 2.4.0

* Imgui updated to 1.64

* [freeglut] Fix the internal default link name of freeglut. Fixed microsoft#4243.

* [alembic] update to 1.7.9

* New package: gracicot/kangaru, a library for dependency injection in C++11, C++14 and later (microsoft#4288)

* New package: gracicot/kangaru, a library for dependency injection in C++11, c++14 and later

* Updated description

* updated to use the latest vcpkg versions for gtest and bzip2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants