diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2020-12-11 08:50:56 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2020-12-11 08:50:56 +0000 |
commit | 1a09bf3640c5d14bda41ee6ac7e5a53885823243 (patch) | |
tree | 2a0b684ffd13dad82a551a278c3df8c9e8374b80 | |
parent | f00309ae3ce5c6adbd0db5cc54f4ad2e64e740e6 (diff) | |
download | pkgsrc-1a09bf3640c5d14bda41ee6ac7e5a53885823243.tar.gz |
Pullup ticket #6384 - requested by wiz
security/openssl: security fix
Revisions pulled up:
- security/openssl/Makefile 1.264-1.266
- security/openssl/PLIST 1.7
- security/openssl/distinfo 1.146-1.147
- security/openssl/patches/patch-Configurations_10-main.conf deleted
- security/openssl/patches/patch-crypto_rand_rand__unix.c deleted
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Sep 30 09:25:31 UTC 2020
Modified Files:
pkgsrc/security/openssl: Makefile PLIST distinfo
Removed Files:
pkgsrc/security/openssl/patches: patch-crypto_rand_rand__unix.c
Log Message:
openssl: update to 1.1.1h.
Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]
o Disallow explicit curve parameters in verifications chains when
X509_V_FLAG_X509_STRICT is used
o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS
contexts
o Oracle Developer Studio will start reporting deprecation warnings
---
Module Name: pkgsrc
Committed By: maya
Date: Tue Oct 13 07:37:29 UTC 2020
Modified Files:
pkgsrc/security/openssl: Makefile
Log Message:
openssl: add -lrt for the benefit of Solaris 10.
PR pkg/55688
PR pkg/54958
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Dec 8 18:54:17 UTC 2020
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Removed Files:
pkgsrc/security/openssl/patches: patch-Configurations_10-main.conf
Log Message:
openssl: update to 1.1.1i.
Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
-rw-r--r-- | security/openssl/Makefile | 7 | ||||
-rw-r--r-- | security/openssl/PLIST | 6 | ||||
-rw-r--r-- | security/openssl/distinfo | 12 | ||||
-rw-r--r-- | security/openssl/patches/patch-Configurations_10-main.conf | 22 | ||||
-rw-r--r-- | security/openssl/patches/patch-crypto_rand_rand__unix.c | 47 |
5 files changed, 14 insertions, 80 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 9a409672421..7808c4b6caf 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.263 2020/08/31 18:11:09 wiz Exp $ +# $NetBSD: Makefile,v 1.263.2.1 2020/12/11 08:50:56 bsiegert Exp $ -DISTNAME= openssl-1.1.1g -PKGREVISION= 3 +DISTNAME= openssl-1.1.1i CATEGORIES= security MASTER_SITES= https://www.openssl.org/source/ @@ -41,6 +40,8 @@ OPENSSL_HOST.SunOS-i386= solaris-x86-gcc OPENSSL_HOST.SunOS-x86_64= solaris64-x86_64-gcc OPENSSL_HOST.Darwin-aarch64= darwin64-arm64-cc +LDFLAGS.SunOS+= -lrt + .if defined(OPENSSL_HOST.${OPSYS}-${MACHINE_ARCH}) CONFIG_SHELL= ${PERL5} CONFIGURE_SCRIPT= ./Configure diff --git a/security/openssl/PLIST b/security/openssl/PLIST index 9351ebf6957..d47b43ebad9 100644 --- a/security/openssl/PLIST +++ b/security/openssl/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.6 2020/07/13 11:35:54 jperkin Exp $ +@comment $NetBSD: PLIST,v 1.6.2.1 2020/12/11 08:50:56 bsiegert Exp $ bin/c_rehash bin/openssl include/openssl/aes.h @@ -1028,6 +1028,7 @@ man/man3/EC_GROUP_set_seed.3 man/man3/EC_KEY_check_key.3 man/man3/EC_KEY_clear_flags.3 man/man3/EC_KEY_copy.3 +man/man3/EC_KEY_decoded_from_explicit_params.3 man/man3/EC_KEY_dup.3 man/man3/EC_KEY_free.3 man/man3/EC_KEY_generate_key.3 @@ -3183,6 +3184,7 @@ man/man3/X509V3_EXT_i2d.3 man/man3/X509V3_add1_i2d.3 man/man3/X509V3_get_d2i.3 man/man3/X509_ALGOR_cmp.3 +man/man3/X509_ALGOR_copy.3 man/man3/X509_ALGOR_dup.3 man/man3/X509_ALGOR_free.3 man/man3/X509_ALGOR_get0.3 @@ -3341,6 +3343,8 @@ man/man3/X509_REQ_get_signature_nid.3 man/man3/X509_REQ_get_subject_name.3 man/man3/X509_REQ_get_version.3 man/man3/X509_REQ_new.3 +man/man3/X509_REQ_set0_signature.3 +man/man3/X509_REQ_set1_signature_algo.3 man/man3/X509_REQ_set_pubkey.3 man/man3/X509_REQ_set_subject_name.3 man/man3/X509_REQ_set_version.3 diff --git a/security/openssl/distinfo b/security/openssl/distinfo index c23136dda2a..e2e751d4e91 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,11 +1,9 @@ -$NetBSD: distinfo,v 1.144.2.1 2020/10/03 19:28:58 bsiegert Exp $ +$NetBSD: distinfo,v 1.144.2.2 2020/12/11 08:50:56 bsiegert Exp $ -SHA1 (openssl-1.1.1g.tar.gz) = b213a293f2127ec3e323fb3cfc0c9807664fd997 -RMD160 (openssl-1.1.1g.tar.gz) = 427b7b12c06715ad1c95d3ff5e38055c6bb66c1d -SHA512 (openssl-1.1.1g.tar.gz) = 01e3d0b1bceeed8fb066f542ef5480862001556e0f612e017442330bbd7e5faee228b2de3513d7fc347446b7f217e27de1003dc9d7214d5833b97593f3ec25ab -Size (openssl-1.1.1g.tar.gz) = 9801502 bytes -SHA1 (patch-Configurations_10-main.conf) = d27643187e0b71041f47a9a7c7eec811f7539085 +SHA1 (openssl-1.1.1i.tar.gz) = eb684ba4ed31fe2c48062aead75233ecd36882a6 +RMD160 (openssl-1.1.1i.tar.gz) = 95a45fa7c2240dde179e8f8028f998bfa5177cc3 +SHA512 (openssl-1.1.1i.tar.gz) = fe12e0ab9e1688f24dd862ac633d0ab703b499c0f34b53c3560aa0d3879d81d647aa0678ed517dda5efb2711f669fcb1a1e0e24f6eac2efc2cf4eae6b62014d8 +Size (openssl-1.1.1i.tar.gz) = 9808346 bytes SHA1 (patch-Configurations_shared-info.pl) = 0e835f6e343b5d05ef9a0e6ef2a195201262d15c SHA1 (patch-Configurations_unix-Makefile.tmpl) = cf6b46c6e10e84100beb468bbe6f85c5e62cbe7a SHA1 (patch-Configure) = 479f1bc826f7721f6b44d6b5a6cf460432924bf2 -SHA1 (patch-crypto_rand_rand__unix.c) = 9aa1ff0b0ff1db3fcadacf8707596a7db852f956 diff --git a/security/openssl/patches/patch-Configurations_10-main.conf b/security/openssl/patches/patch-Configurations_10-main.conf deleted file mode 100644 index 053f59b8f1a..00000000000 --- a/security/openssl/patches/patch-Configurations_10-main.conf +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-Configurations_10-main.conf,v 1.1 2020/07/22 20:41:30 sjmulder Exp $ - -Add support for Apple Silicon. Imported from open pull request: -https://github.com/openssl/openssl/pull/12369 - ---- Configurations/10-main.conf.orig 2020-04-21 12:22:39.000000000 +0000 -+++ Configurations/10-main.conf -@@ -1557,6 +1557,14 @@ my %targets = ( - bn_ops => "SIXTY_FOUR_BIT_LONG", - perlasm_scheme => "macosx", - }, -+ "darwin64-arm64-cc" => { -+ inherit_from => [ "darwin-common", asm("aarch64_asm") ], -+ CFLAGS => add("-Wall"), -+ cflags => add("-arch arm64"), -+ lib_cppflags => add("-DL_ENDIAN"), -+ bn_ops => "SIXTY_FOUR_BIT_LONG", -+ perlasm_scheme => "ios64", -+ }, - - ##### GNU Hurd - "hurd-x86" => { diff --git a/security/openssl/patches/patch-crypto_rand_rand__unix.c b/security/openssl/patches/patch-crypto_rand_rand__unix.c deleted file mode 100644 index 5f084c8b396..00000000000 --- a/security/openssl/patches/patch-crypto_rand_rand__unix.c +++ /dev/null @@ -1,47 +0,0 @@ -$NetBSD: patch-crypto_rand_rand__unix.c,v 1.1 2020/04/30 11:21:57 nia Exp $ - -Fix usage of KERN_ARND on NetBSD. - -First, actually include the correct headers. -Second, disable a hack for old FreeBSD versions (just in case it gets used). -Third, ensure that we don't ever request more than 256 bytes (just in case). - ---- crypto/rand/rand_unix.c.orig 2020-04-21 12:22:39.000000000 +0000 -+++ crypto/rand/rand_unix.c -@@ -26,12 +26,12 @@ - # include <sys/utsname.h> - # endif - #endif --#if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI) -+#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI) - # include <sys/types.h> - # include <sys/sysctl.h> - # include <sys/param.h> - #endif --#if defined(__OpenBSD__) || defined(__NetBSD__) -+#if defined(__OpenBSD__) - # include <sys/param.h> - #endif - -@@ -247,10 +247,12 @@ static ssize_t sysctl_random(char *buf, - * when the sysctl returns long and we want to request something not a - * multiple of longs, which should never be the case. - */ -+#if defined(__FreeBSD__) - if (!ossl_assert(buflen % sizeof(long) == 0)) { - errno = EINVAL; - return -1; - } -+#endif - - /* - * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only -@@ -268,7 +270,7 @@ static ssize_t sysctl_random(char *buf, - mib[1] = KERN_ARND; - - do { -- len = buflen; -+ len = buflen > 256 ? 256 : buflen; - if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) - return done > 0 ? done : -1; - done += len; |