[pkgsrc/pkgsrc-2020Q3]: pkgsrc/security/openssl Pullup ticket #6384 - request...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2020Q3]: pkgsrc/security/openssl Pullup ticket #6384 - request...
From: bsiegert <bsiegert%pkgsrc.org@localhost>
Date: Fri, 11 Dec 2020 09:49:03 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/2e4b42056573
branches:  pkgsrc-2020Q3
changeset: 443369:2e4b42056573
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Fri Dec 11 08:50:56 2020 +0000

description:
Pullup ticket #6384 - requested by wiz
security/openssl: security fix

Revisions pulled up:
- security/openssl/Makefile                                     1.264-1.266
- security/openssl/PLIST                                        1.7
- security/openssl/distinfo                                     1.146-1.147
- security/openssl/patches/patch-Configurations_10-main.conf    deleted
- security/openssl/patches/patch-crypto_rand_rand__unix.c       deleted

---
   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Wed Sep 30 09:25:31 UTC 2020

   Modified Files:
        pkgsrc/security/openssl: Makefile PLIST distinfo
   Removed Files:
        pkgsrc/security/openssl/patches: patch-crypto_rand_rand__unix.c

   Log Message:
   openssl: update to 1.1.1h.

     Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]

         o Disallow explicit curve parameters in verifications chains when
           X509_V_FLAG_X509_STRICT is used
         o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS
           contexts
         o Oracle Developer Studio will start reporting deprecation warnings

---
   Module Name: pkgsrc
   Committed By:        maya
   Date:                Tue Oct 13 07:37:29 UTC 2020

   Modified Files:
        pkgsrc/security/openssl: Makefile

   Log Message:
   openssl: add -lrt for the benefit of Solaris 10.

   PR pkg/55688
   PR pkg/54958

---
   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Tue Dec  8 18:54:17 UTC 2020

   Modified Files:
        pkgsrc/security/openssl: Makefile distinfo
   Removed Files:
        pkgsrc/security/openssl/patches: patch-Configurations_10-main.conf

   Log Message:
   openssl: update to 1.1.1i.

     Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]

         o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)

diffstat:

 security/openssl/Makefile                                  |   7 +-
 security/openssl/PLIST                                     |   6 +-
 security/openssl/distinfo                                  |  12 +--
 security/openssl/patches/patch-Configurations_10-main.conf |  22 ------
 security/openssl/patches/patch-crypto_rand_rand__unix.c    |  47 --------------
 5 files changed, 14 insertions(+), 80 deletions(-)

diffs (153 lines):

diff -r 0927b0a0b353 -r 2e4b42056573 security/openssl/Makefile
--- a/security/openssl/Makefile Fri Dec 11 08:50:44 2020 +0000
+++ b/security/openssl/Makefile Fri Dec 11 08:50:56 2020 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.263 2020/08/31 18:11:09 wiz Exp $
+# $NetBSD: Makefile,v 1.263.2.1 2020/12/11 08:50:56 bsiegert Exp $
 
-DISTNAME=      openssl-1.1.1g
-PKGREVISION=   3
+DISTNAME=      openssl-1.1.1i
 CATEGORIES=    security
 MASTER_SITES=  https://www.openssl.org/source/
 
@@ -41,6 +40,8 @@
 OPENSSL_HOST.SunOS-x86_64=     solaris64-x86_64-gcc
 OPENSSL_HOST.Darwin-aarch64=   darwin64-arm64-cc
 
+LDFLAGS.SunOS+=        -lrt
+
 .if defined(OPENSSL_HOST.${OPSYS}-${MACHINE_ARCH})
 CONFIG_SHELL=          ${PERL5}
 CONFIGURE_SCRIPT=      ./Configure
diff -r 0927b0a0b353 -r 2e4b42056573 security/openssl/PLIST
--- a/security/openssl/PLIST    Fri Dec 11 08:50:44 2020 +0000
+++ b/security/openssl/PLIST    Fri Dec 11 08:50:56 2020 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2020/07/13 11:35:54 jperkin Exp $
+@comment $NetBSD: PLIST,v 1.6.2.1 2020/12/11 08:50:56 bsiegert Exp $
 bin/c_rehash
 bin/openssl
 include/openssl/aes.h
@@ -1028,6 +1028,7 @@
 man/man3/EC_KEY_check_key.3
 man/man3/EC_KEY_clear_flags.3
 man/man3/EC_KEY_copy.3
+man/man3/EC_KEY_decoded_from_explicit_params.3
 man/man3/EC_KEY_dup.3
 man/man3/EC_KEY_free.3
 man/man3/EC_KEY_generate_key.3
@@ -3183,6 +3184,7 @@
 man/man3/X509V3_add1_i2d.3
 man/man3/X509V3_get_d2i.3
 man/man3/X509_ALGOR_cmp.3
+man/man3/X509_ALGOR_copy.3
 man/man3/X509_ALGOR_dup.3
 man/man3/X509_ALGOR_free.3
 man/man3/X509_ALGOR_get0.3
@@ -3341,6 +3343,8 @@
 man/man3/X509_REQ_get_subject_name.3
 man/man3/X509_REQ_get_version.3
 man/man3/X509_REQ_new.3
+man/man3/X509_REQ_set0_signature.3
+man/man3/X509_REQ_set1_signature_algo.3
 man/man3/X509_REQ_set_pubkey.3
 man/man3/X509_REQ_set_subject_name.3
 man/man3/X509_REQ_set_version.3
diff -r 0927b0a0b353 -r 2e4b42056573 security/openssl/distinfo
--- a/security/openssl/distinfo Fri Dec 11 08:50:44 2020 +0000
+++ b/security/openssl/distinfo Fri Dec 11 08:50:56 2020 +0000
@@ -1,11 +1,9 @@
-$NetBSD: distinfo,v 1.144.2.1 2020/10/03 19:28:58 bsiegert Exp $
+$NetBSD: distinfo,v 1.144.2.2 2020/12/11 08:50:56 bsiegert Exp $
 
-SHA1 (openssl-1.1.1g.tar.gz) = b213a293f2127ec3e323fb3cfc0c9807664fd997
-RMD160 (openssl-1.1.1g.tar.gz) = 427b7b12c06715ad1c95d3ff5e38055c6bb66c1d
-SHA512 (openssl-1.1.1g.tar.gz) = 01e3d0b1bceeed8fb066f542ef5480862001556e0f612e017442330bbd7e5faee228b2de3513d7fc347446b7f217e27de1003dc9d7214d5833b97593f3ec25ab
-Size (openssl-1.1.1g.tar.gz) = 9801502 bytes
-SHA1 (patch-Configurations_10-main.conf) = d27643187e0b71041f47a9a7c7eec811f7539085
+SHA1 (openssl-1.1.1i.tar.gz) = eb684ba4ed31fe2c48062aead75233ecd36882a6
+RMD160 (openssl-1.1.1i.tar.gz) = 95a45fa7c2240dde179e8f8028f998bfa5177cc3
+SHA512 (openssl-1.1.1i.tar.gz) = fe12e0ab9e1688f24dd862ac633d0ab703b499c0f34b53c3560aa0d3879d81d647aa0678ed517dda5efb2711f669fcb1a1e0e24f6eac2efc2cf4eae6b62014d8
+Size (openssl-1.1.1i.tar.gz) = 9808346 bytes
 SHA1 (patch-Configurations_shared-info.pl) = 0e835f6e343b5d05ef9a0e6ef2a195201262d15c
 SHA1 (patch-Configurations_unix-Makefile.tmpl) = cf6b46c6e10e84100beb468bbe6f85c5e62cbe7a
 SHA1 (patch-Configure) = 479f1bc826f7721f6b44d6b5a6cf460432924bf2
-SHA1 (patch-crypto_rand_rand__unix.c) = 9aa1ff0b0ff1db3fcadacf8707596a7db852f956
diff -r 0927b0a0b353 -r 2e4b42056573 security/openssl/patches/patch-Configurations_10-main.conf
--- a/security/openssl/patches/patch-Configurations_10-main.conf        Fri Dec 11 08:50:44 2020 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-Configurations_10-main.conf,v 1.1 2020/07/22 20:41:30 sjmulder Exp $
-
-Add support for Apple Silicon. Imported from open pull request:
-https://github.com/openssl/openssl/pull/12369
-
---- Configurations/10-main.conf.orig   2020-04-21 12:22:39.000000000 +0000
-+++ Configurations/10-main.conf
-@@ -1557,6 +1557,14 @@ my %targets = (
-         bn_ops           => "SIXTY_FOUR_BIT_LONG",
-         perlasm_scheme   => "macosx",
-     },
-+    "darwin64-arm64-cc" => {
-+        inherit_from     => [ "darwin-common", asm("aarch64_asm") ],
-+        CFLAGS           => add("-Wall"),
-+        cflags           => add("-arch arm64"),
-+        lib_cppflags     => add("-DL_ENDIAN"),
-+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
-+        perlasm_scheme   => "ios64",
-+    },
- 
- ##### GNU Hurd
-     "hurd-x86" => {
diff -r 0927b0a0b353 -r 2e4b42056573 security/openssl/patches/patch-crypto_rand_rand__unix.c
--- a/security/openssl/patches/patch-crypto_rand_rand__unix.c   Fri Dec 11 08:50:44 2020 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,47 +0,0 @@
-$NetBSD: patch-crypto_rand_rand__unix.c,v 1.1 2020/04/30 11:21:57 nia Exp $
-
-Fix usage of KERN_ARND on NetBSD.
-
-First, actually include the correct headers.
-Second, disable a hack for old FreeBSD versions (just in case it gets used).
-Third, ensure that we don't ever request more than 256 bytes (just in case).
-
---- crypto/rand/rand_unix.c.orig       2020-04-21 12:22:39.000000000 +0000
-+++ crypto/rand/rand_unix.c
-@@ -26,12 +26,12 @@
- #  include <sys/utsname.h>
- # endif
- #endif
--#if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI)
-+#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI)
- # include <sys/types.h>
- # include <sys/sysctl.h>
- # include <sys/param.h>
- #endif
--#if defined(__OpenBSD__) || defined(__NetBSD__)
-+#if defined(__OpenBSD__)
- # include <sys/param.h>
- #endif
- 
-@@ -247,10 +247,12 @@ static ssize_t sysctl_random(char *buf, 
-      * when the sysctl returns long and we want to request something not a
-      * multiple of longs, which should never be the case.
-      */
-+#if   defined(__FreeBSD__)
-     if (!ossl_assert(buflen % sizeof(long) == 0)) {
-         errno = EINVAL;
-         return -1;
-     }
-+#endif
- 
-     /*
-      * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
-@@ -268,7 +270,7 @@ static ssize_t sysctl_random(char *buf, 
-     mib[1] = KERN_ARND;
- 
-     do {
--        len = buflen;
-+        len = buflen > 256 ? 256 : buflen;
-         if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
-             return done > 0 ? done : -1;
-         done += len;
Prev by Date: [pkgsrc/pkgsrc-2020Q3]: pkgsrc/www/gitea Pullup ticket #6378 - requested by r...
Next by Date: [pkgsrc/trunk]: pkgsrc/devel/ocaml-ppx_stable Updated devel/ocaml-ppx_stable ...
Previous by Thread: [pkgsrc/pkgsrc-2020Q3]: pkgsrc/www/gitea Pullup ticket #6378 - requested by r...
Next by Thread: [pkgsrc/trunk]: pkgsrc/devel/ocaml-ppx_stable Updated devel/ocaml-ppx_stable ...
Indexes:
Home | Main Index | Thread Index | Old Index