diff options
| author | wiz <wiz@pkgsrc.org> | 2020-09-30 09:25:30 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2020-09-30 09:25:30 +0000 |
| commit | 7e2426ef539fa11198655c2cc6ceba876612fc3b (patch) | |
| tree | dd50e5a2f0813aa34bd18428e6d2e67ccaeea088 /security | |
| parent | 4329e2112623c2e7be31261623a23d333ff8f254 (diff) | |
| download | pkgsrc-7e2426ef539fa11198655c2cc6ceba876612fc3b.tar.gz | |
openssl: update to 1.1.1h.
Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]
o Disallow explicit curve parameters in verifications chains when
X509_V_FLAG_X509_STRICT is used
o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS
contexts
o Oracle Developer Studio will start reporting deprecation warnings
Diffstat (limited to 'security')
| -rw-r--r-- | security/openssl/Makefile | 5 | ||||
| -rw-r--r-- | security/openssl/PLIST | 6 | ||||
| -rw-r--r-- | security/openssl/distinfo | 11 | ||||
| -rw-r--r-- | security/openssl/patches/patch-crypto_rand_rand__unix.c | 47 |
4 files changed, 12 insertions, 57 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 9a409672421..a282e16ca45 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.263 2020/08/31 18:11:09 wiz Exp $ +# $NetBSD: Makefile,v 1.264 2020/09/30 09:25:30 wiz Exp $ -DISTNAME= openssl-1.1.1g -PKGREVISION= 3 +DISTNAME= openssl-1.1.1h CATEGORIES= security MASTER_SITES= https://www.openssl.org/source/ diff --git a/security/openssl/PLIST b/security/openssl/PLIST index 9351ebf6957..dc6a85b7ece 100644 --- a/security/openssl/PLIST +++ b/security/openssl/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.6 2020/07/13 11:35:54 jperkin Exp $ +@comment $NetBSD: PLIST,v 1.7 2020/09/30 09:25:30 wiz Exp $ bin/c_rehash bin/openssl include/openssl/aes.h @@ -1028,6 +1028,7 @@ man/man3/EC_GROUP_set_seed.3 man/man3/EC_KEY_check_key.3 man/man3/EC_KEY_clear_flags.3 man/man3/EC_KEY_copy.3 +man/man3/EC_KEY_decoded_from_explicit_params.3 man/man3/EC_KEY_dup.3 man/man3/EC_KEY_free.3 man/man3/EC_KEY_generate_key.3 @@ -3183,6 +3184,7 @@ man/man3/X509V3_EXT_i2d.3 man/man3/X509V3_add1_i2d.3 man/man3/X509V3_get_d2i.3 man/man3/X509_ALGOR_cmp.3 +man/man3/X509_ALGOR_copy.3 man/man3/X509_ALGOR_dup.3 man/man3/X509_ALGOR_free.3 man/man3/X509_ALGOR_get0.3 @@ -3341,6 +3343,8 @@ man/man3/X509_REQ_get_signature_nid.3 man/man3/X509_REQ_get_subject_name.3 man/man3/X509_REQ_get_version.3 man/man3/X509_REQ_new.3 +man/man3/X509_REQ_set0_signature.3 +man/man3/X509_REQ_set1_signature_algo.3 man/man3/X509_REQ_set_pubkey.3 man/man3/X509_REQ_set_subject_name.3 man/man3/X509_REQ_set_version.3 diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 5e07ad07ceb..24fe581b39b 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,11 +1,10 @@ -$NetBSD: distinfo,v 1.145 2020/09/29 05:45:04 martin Exp $ +$NetBSD: distinfo,v 1.146 2020/09/30 09:25:30 wiz Exp $ -SHA1 (openssl-1.1.1g.tar.gz) = b213a293f2127ec3e323fb3cfc0c9807664fd997 -RMD160 (openssl-1.1.1g.tar.gz) = 427b7b12c06715ad1c95d3ff5e38055c6bb66c1d -SHA512 (openssl-1.1.1g.tar.gz) = 01e3d0b1bceeed8fb066f542ef5480862001556e0f612e017442330bbd7e5faee228b2de3513d7fc347446b7f217e27de1003dc9d7214d5833b97593f3ec25ab -Size (openssl-1.1.1g.tar.gz) = 9801502 bytes +SHA1 (openssl-1.1.1h.tar.gz) = 8d0d099e8973ec851368c8c775e05e1eadca1794 +RMD160 (openssl-1.1.1h.tar.gz) = a585a849499d12c1ea44bbdcc5fdecf47961989c +SHA512 (openssl-1.1.1h.tar.gz) = da50fd99325841ed7a4367d9251c771ce505a443a73b327d8a46b2c6a7d2ea99e43551a164efc86f8743b22c2bdb0020bf24a9cbd445e9d68868b2dc1d34033a +Size (openssl-1.1.1h.tar.gz) = 9810045 bytes SHA1 (patch-Configurations_10-main.conf) = d27643187e0b71041f47a9a7c7eec811f7539085 SHA1 (patch-Configurations_shared-info.pl) = 0e835f6e343b5d05ef9a0e6ef2a195201262d15c SHA1 (patch-Configurations_unix-Makefile.tmpl) = cf6b46c6e10e84100beb468bbe6f85c5e62cbe7a SHA1 (patch-Configure) = 479f1bc826f7721f6b44d6b5a6cf460432924bf2 -SHA1 (patch-crypto_rand_rand__unix.c) = 9aa1ff0b0ff1db3fcadacf8707596a7db852f956 diff --git a/security/openssl/patches/patch-crypto_rand_rand__unix.c b/security/openssl/patches/patch-crypto_rand_rand__unix.c deleted file mode 100644 index 5f084c8b396..00000000000 --- a/security/openssl/patches/patch-crypto_rand_rand__unix.c +++ /dev/null @@ -1,47 +0,0 @@ -$NetBSD: patch-crypto_rand_rand__unix.c,v 1.1 2020/04/30 11:21:57 nia Exp $ - -Fix usage of KERN_ARND on NetBSD. - -First, actually include the correct headers. -Second, disable a hack for old FreeBSD versions (just in case it gets used). -Third, ensure that we don't ever request more than 256 bytes (just in case). - ---- crypto/rand/rand_unix.c.orig 2020-04-21 12:22:39.000000000 +0000 -+++ crypto/rand/rand_unix.c -@@ -26,12 +26,12 @@ - # include <sys/utsname.h> - # endif - #endif --#if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI) -+#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI) - # include <sys/types.h> - # include <sys/sysctl.h> - # include <sys/param.h> - #endif --#if defined(__OpenBSD__) || defined(__NetBSD__) -+#if defined(__OpenBSD__) - # include <sys/param.h> - #endif - -@@ -247,10 +247,12 @@ static ssize_t sysctl_random(char *buf, - * when the sysctl returns long and we want to request something not a - * multiple of longs, which should never be the case. - */ -+#if defined(__FreeBSD__) - if (!ossl_assert(buflen % sizeof(long) == 0)) { - errno = EINVAL; - return -1; - } -+#endif - - /* - * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only -@@ -268,7 +270,7 @@ static ssize_t sysctl_random(char *buf, - mib[1] = KERN_ARND; - - do { -- len = buflen; -+ len = buflen > 256 ? 256 : buflen; - if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) - return done > 0 ? done : -1; - done += len; |