mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-19 19:59:43 +00:00
security/libressl-devel: Update to 2.3.2
- Update to version 2.3.2 [1] - Remove patches (upstreamed) - Bump shlib versions - Fix plist issues - Remove CA root cert that is installed by default Changes: ftp://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.2-relnotes.txt [1] Reviewed by: koobs (mentor), feld (mentor), miwi (portmgr) Approved by: koobs (mentor), miwi (portmgr) Differential Revision: D5116
This commit is contained in:
parent
3cf7f4e5f5
commit
5d89c27838
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=407614
@ -109,7 +109,7 @@ OPENSSL_SHLIBVER?= ${OPENSSL_SHLIBFILE:E}
|
||||
.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl
|
||||
OPENSSL_SHLIBVER?= 35
|
||||
.elif defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl-devel
|
||||
OPENSSL_SHLIBVER?= 36
|
||||
OPENSSL_SHLIBVER?= 37
|
||||
.endif
|
||||
|
||||
# default
|
||||
|
@ -2,8 +2,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME= libressl
|
||||
PORTVERSION= 2.3.1
|
||||
PORTREVISIION= 1
|
||||
PORTVERSION= 2.3.2
|
||||
CATEGORIES= security devel
|
||||
MASTER_SITES= OPENBSD/LibreSSL
|
||||
PKGNAMESUFFIX= -devel
|
||||
@ -25,7 +24,6 @@ CONFLICTS?= openssl-[0-9]* \
|
||||
libressl-[0-9]*
|
||||
|
||||
GNU_CONFIGURE= yes
|
||||
CONFIGURE_ARGS= --enable-silent-rules
|
||||
USES= cpe libtool pathfix pkgconfig
|
||||
USE_LDCONFIG= yes
|
||||
OPTIONS_SUB= yes
|
||||
@ -41,4 +39,7 @@ post-install-MAN3-off:
|
||||
${RM} -rf ${STAGEDIR}/${PREFIX}/man/man3
|
||||
${REINPLACE_CMD} -e '/^man\/man3/d' ${TMPPLIST}
|
||||
|
||||
post-install:
|
||||
${RM} -rf ${STAGEDIR}/${PREFIX}/etc/ssl/cert.pem
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
@ -1,2 +1,2 @@
|
||||
SHA256 (libressl-2.3.1.tar.gz) = 410b58db4ebbcab43c3357612e591094f64fb9339269caa2e68728e36f8d589e
|
||||
SIZE (libressl-2.3.1.tar.gz) = 3014881
|
||||
SHA256 (libressl-2.3.2.tar.gz) = 80f45fae4859f161b1980cad846d4217417d0c89006ad29c0ea8c88da564a96a
|
||||
SIZE (libressl-2.3.2.tar.gz) = 3063638
|
||||
|
@ -1,49 +0,0 @@
|
||||
From 9900c16beb14eb3bfc8f4d8c6191e6e1a271c861 Mon Sep 17 00:00:00 2001
|
||||
From: beck <>
|
||||
Date: Fri, 4 Dec 2015 04:19:25 +0000
|
||||
Subject: [PATCH] Fix for OpenSSL CVE-2015-3195 ok djm@ jsing@
|
||||
|
||||
---
|
||||
src/lib/libssl/src/crypto/asn1/tasn_dec.c | 11 ++++++++---
|
||||
1 file changed, 8 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
|
||||
index e50ec0a..0a6eaf2 100644
|
||||
--- crypto/asn1/tasn_dec.c
|
||||
+++ crypto/asn1/tasn_dec.c
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $OpenBSD: tasn_dec.c,v 1.26 2015/03/19 14:00:22 tedu Exp $ */
|
||||
+/* $OpenBSD: tasn_dec.c,v 1.27 2015/07/20 15:41:48 miod Exp $ */
|
||||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 2000.
|
||||
*/
|
||||
@@ -166,6 +166,10 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
||||
int otag;
|
||||
int ret = 0;
|
||||
ASN1_VALUE **pchptr;
|
||||
+ int combine;
|
||||
+
|
||||
+ combine = aclass & ASN1_TFLG_COMBINE;
|
||||
+ aclass &= ~ASN1_TFLG_COMBINE;
|
||||
|
||||
if (!pval)
|
||||
return 0;
|
||||
@@ -447,7 +451,8 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
||||
auxerr:
|
||||
ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
|
||||
err:
|
||||
- ASN1_item_ex_free(pval, it);
|
||||
+ if (combine == 0)
|
||||
+ ASN1_item_ex_free(pval, it);
|
||||
if (errtt)
|
||||
ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name,
|
||||
it->sname);
|
||||
@@ -642,7 +647,7 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
|
||||
} else {
|
||||
/* Nothing special */
|
||||
ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
|
||||
- -1, 0, opt, ctx);
|
||||
+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
|
||||
if (!ret) {
|
||||
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
|
||||
ERR_R_NESTED_ASN1_ERROR);
|
@ -1,35 +0,0 @@
|
||||
untrusted comment: signature from openbsd 5.8 base secret key
|
||||
RWQNNZXtC/MqP8u13/pPZfTpPeHhU93PG0DBihXvQ7lB0CvONLwoTfHr9f40s515bidPGcGLAH4xu+yz3skT6b3tKETEWZw8BgA=
|
||||
|
||||
OpenBSD 5.8 errata 9, Dec 3, 2015:
|
||||
|
||||
CVE-2015-3194 - NULL pointer dereference in client certificate validation
|
||||
|
||||
Apply by doing:
|
||||
signify -Vep /etc/signify/openbsd-58-base.pub -x 009_clientcert.patch.sig \
|
||||
-m - | (cd /usr/src && patch -p0)
|
||||
|
||||
And then rebuild and install libcrypto:
|
||||
cd /usr/src/lib/libcrypto
|
||||
make obj
|
||||
make depend
|
||||
make
|
||||
make install
|
||||
|
||||
Index: crypto/rsa/rsa_ameth.c
|
||||
===================================================================
|
||||
RCS file: /cvs/src/lib/libssl/src/crypto/rsa/rsa_ameth.c,v
|
||||
retrieving revision 1.14
|
||||
retrieving revision 1.14.6.1
|
||||
diff -u -p -u -p -r1.14 -r1.14.6.1
|
||||
--- crypto/rsa/rsa_ameth.c 11 Feb 2015 04:05:14 -0000 1.14
|
||||
+++ crypto/rsa/rsa_ameth.c 4 Dec 2015 04:13:43 -0000 1.14.6.1
|
||||
@@ -298,7 +298,7 @@ rsa_pss_decode(const X509_ALGOR *alg, X5
|
||||
if (pss->maskGenAlgorithm) {
|
||||
ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
|
||||
if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
|
||||
- param->type == V_ASN1_SEQUENCE) {
|
||||
+ param && param->type == V_ASN1_SEQUENCE) {
|
||||
p = param->value.sequence->data;
|
||||
plen = param->value.sequence->length;
|
||||
*pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
|
@ -1,6 +1,5 @@
|
||||
%%NC%%bin/nc
|
||||
bin/openssl
|
||||
etc/ssl/cert.pem
|
||||
etc/ssl/openssl.cnf
|
||||
etc/ssl/x509v3.cnf
|
||||
include/openssl/aes.h
|
||||
@ -76,16 +75,16 @@ include/openssl/x509v3.h
|
||||
include/tls.h
|
||||
lib/libcrypto.a
|
||||
lib/libcrypto.so
|
||||
lib/libcrypto.so.36
|
||||
lib/libcrypto.so.36.0.0
|
||||
lib/libcrypto.so.37
|
||||
lib/libcrypto.so.37.0.0
|
||||
lib/libssl.a
|
||||
lib/libssl.so
|
||||
lib/libssl.so.37
|
||||
lib/libssl.so.37.0.0
|
||||
lib/libssl.so.38
|
||||
lib/libssl.so.38.0.0
|
||||
lib/libtls.a
|
||||
lib/libtls.so
|
||||
lib/libtls.so.9
|
||||
lib/libtls.so.9.0.0
|
||||
lib/libtls.so.10
|
||||
lib/libtls.so.10.0.0
|
||||
libdata/pkgconfig/libcrypto.pc
|
||||
libdata/pkgconfig/libssl.pc
|
||||
libdata/pkgconfig/libtls.pc
|
||||
@ -360,6 +359,7 @@ man/man3/BUF_MEM_new.3.gz
|
||||
man/man3/BUF_strdup.3.gz
|
||||
man/man3/CMS_add0_cert.3.gz
|
||||
man/man3/CMS_add1_recipient_cert.3.gz
|
||||
man/man3/CMS_add1_signer.3.gz
|
||||
man/man3/CMS_compress.3.gz
|
||||
man/man3/CMS_decrypt.3.gz
|
||||
man/man3/CMS_encrypt.3.gz
|
||||
@ -369,7 +369,6 @@ man/man3/CMS_get0_SignerInfos.3.gz
|
||||
man/man3/CMS_get0_type.3.gz
|
||||
man/man3/CMS_get1_ReceiptRequest.3.gz
|
||||
man/man3/CMS_sign.3.gz
|
||||
man/man3/CMS_sign_add1_signer.3.gz
|
||||
man/man3/CMS_sign_receipt.3.gz
|
||||
man/man3/CMS_uncompress.3.gz
|
||||
man/man3/CMS_verify.3.gz
|
||||
@ -385,6 +384,8 @@ man/man3/CRYPTO_THREADID_current.3.gz
|
||||
man/man3/CRYPTO_THREADID_get_callback.3.gz
|
||||
man/man3/CRYPTO_THREADID_hash.3.gz
|
||||
man/man3/CRYPTO_THREADID_set_callback.3.gz
|
||||
man/man3/CRYPTO_THREADID_set_numeric.3.gz
|
||||
man/man3/CRYPTO_THREADID_set_pointer.3.gz
|
||||
man/man3/CRYPTO_add.3.gz
|
||||
man/man3/CRYPTO_add_lock.3.gz
|
||||
man/man3/CRYPTO_destroy_dynlockid.3.gz
|
||||
@ -402,6 +403,7 @@ man/man3/CRYPTO_set_id_callback.3.gz
|
||||
man/man3/CRYPTO_set_locking_callback.3.gz
|
||||
man/man3/CRYPTO_w_lock.3.gz
|
||||
man/man3/CRYPTO_w_unlock.3.gz
|
||||
man/man3/DECLARE_LHASH_OF.3.gz
|
||||
man/man3/DES_cbc_cksum.3.gz
|
||||
man/man3/DES_cfb64_encrypt.3.gz
|
||||
man/man3/DES_cfb_encrypt.3.gz
|
||||
@ -647,7 +649,14 @@ man/man3/ERR_remove_state.3.gz
|
||||
man/man3/ERR_remove_thread_state.3.gz
|
||||
man/man3/ERR_set_mark.3.gz
|
||||
man/man3/EVP_BytesToKey.3.gz
|
||||
man/man3/EVP_AEAD_CTX_cleanup.3.gz
|
||||
man/man3/EVP_AEAD_CTX_init.3.gz
|
||||
man/man3/EVP_AEAD_CTX_open.3.gz
|
||||
man/man3/EVP_AEAD_CTX_seal.3.gz
|
||||
man/man3/EVP_AEAD_key_length.3.gz
|
||||
man/man3/EVP_AEAD_max_overhead.3.gz
|
||||
man/man3/EVP_AEAD_max_tag_len.3.gz
|
||||
man/man3/EVP_AEAD_nonce_length.3.gz
|
||||
man/man3/EVP_CIPHER_CTX_block_size.3.gz
|
||||
man/man3/EVP_CIPHER_CTX_cipher.3.gz
|
||||
man/man3/EVP_CIPHER_CTX_cleanup.3.gz
|
||||
@ -716,7 +725,6 @@ man/man3/EVP_MD_type.3.gz
|
||||
man/man3/EVP_OpenFinal.3.gz
|
||||
man/man3/EVP_OpenInit.3.gz
|
||||
man/man3/EVP_OpenUpdate.3.gz
|
||||
man/man3/EVP_PKEVP_PKEY_CTX_set_app_data.3.gz
|
||||
man/man3/EVP_PKEY_CTX_ctrl.3.gz
|
||||
man/man3/EVP_PKEY_CTX_ctrl_str.3.gz
|
||||
man/man3/EVP_PKEY_CTX_dup.3.gz
|
||||
@ -744,7 +752,6 @@ man/man3/EVP_PKEY_assign_RSA.3.gz
|
||||
man/man3/EVP_PKEY_cmp.3.gz
|
||||
man/man3/EVP_PKEY_cmp_parameters.3.gz
|
||||
man/man3/EVP_PKEY_copy_parameters.3.gz
|
||||
man/man3/EVP_PKEY_ctrl_str.3.gz
|
||||
man/man3/EVP_PKEY_decrypt.3.gz
|
||||
man/man3/EVP_PKEY_decrypt_init.3.gz
|
||||
man/man3/EVP_PKEY_derive.3.gz
|
||||
@ -789,6 +796,10 @@ man/man3/EVP_SignUpdate.3.gz
|
||||
man/man3/EVP_VerifyFinal.3.gz
|
||||
man/man3/EVP_VerifyInit.3.gz
|
||||
man/man3/EVP_VerifyUpdate.3.gz
|
||||
man/man3/EVP_aead_aes_128_gcm.3.gz
|
||||
man/man3/EVP_aead_aes_256_gcm.3.gz
|
||||
man/man3/EVP_aead_chacha20_poly1305.3.gz
|
||||
man/man3/EVP_aead_chacha20_poly1305_ietf.3.gz
|
||||
man/man3/EVP_aes_128_ccm.3.gz
|
||||
man/man3/EVP_aes_128_gcm.3.gz
|
||||
man/man3/EVP_aes_192_ccm.3.gz
|
||||
@ -856,6 +867,10 @@ man/man3/HMAC_Final.3.gz
|
||||
man/man3/HMAC_Init.3.gz
|
||||
man/man3/HMAC_Update.3.gz
|
||||
man/man3/HMAC_cleanup.3.gz
|
||||
man/man3/LHASH_COMP_FN_TYPE.3.gz
|
||||
man/man3/LHASH_DOALL_ARG_FN_TYPE.3.gz
|
||||
man/man3/LHASH_DOALL_FN_TYPE.3.gz
|
||||
man/man3/LHASH_HASH_FN_TYPE.3.gz
|
||||
man/man3/MD2.3.gz
|
||||
man/man3/MD2_Final.3.gz
|
||||
man/man3/MD2_Init.3.gz
|
||||
@ -987,7 +1002,6 @@ man/man3/RIPEMD160.3.gz
|
||||
man/man3/RIPEMD160_Final.3.gz
|
||||
man/man3/RIPEMD160_Init.3.gz
|
||||
man/man3/RIPEMD160_Update.3.gz
|
||||
man/man3/RSA_PKCS1_RSAref.3.gz
|
||||
man/man3/RSA_PKCS1_SSLeay.3.gz
|
||||
man/man3/RSA_blinding_off.3.gz
|
||||
man/man3/RSA_blinding_on.3.gz
|
||||
@ -1088,7 +1102,6 @@ man/man3/SSL_CTX_sess_number.3.gz
|
||||
man/man3/SSL_CTX_sess_set_cache_size.3.gz
|
||||
man/man3/SSL_CTX_sess_set_get_cb.3.gz
|
||||
man/man3/SSL_CTX_sess_set_new_cb.3.gz
|
||||
man/man3/SSL_CTX_sess_set_remove.3.gz
|
||||
man/man3/SSL_CTX_sess_set_remove_cb.3.gz
|
||||
man/man3/SSL_CTX_sess_timeouts.3.gz
|
||||
man/man3/SSL_CTX_sessions.3.gz
|
||||
@ -1159,7 +1172,6 @@ man/man3/SSL_free.3.gz
|
||||
man/man3/SSL_get0_session.3.gz
|
||||
man/man3/SSL_get1_session.3.gz
|
||||
man/man3/SSL_get_SSL_CTX.3.gz
|
||||
man/man3/SSL_get_accept_state.3.gz
|
||||
man/man3/SSL_get_cipher.3.gz
|
||||
man/man3/SSL_get_cipher_bits.3.gz
|
||||
man/man3/SSL_get_cipher_list.3.gz
|
||||
@ -1177,7 +1189,6 @@ man/man3/SSL_get_fd.3.gz
|
||||
man/man3/SSL_get_info_callback.3.gz
|
||||
man/man3/SSL_get_max_cert_list.3.gz
|
||||
man/man3/SSL_get_mode.3.gz
|
||||
man/man3/SSL_get_msg_callback_arg.3.gz
|
||||
man/man3/SSL_get_options.3.gz
|
||||
man/man3/SSL_get_peer_cert_chain.3.gz
|
||||
man/man3/SSL_get_peer_certificate.3.gz
|
||||
@ -1369,7 +1380,6 @@ man/man3/bn_dump.3.gz
|
||||
man/man3/bn_expand.3.gz
|
||||
man/man3/bn_expand2.3.gz
|
||||
man/man3/bn_fix_top.3.gz
|
||||
man/man3/bn_internal.3.gz
|
||||
man/man3/bn_mul_add_words.3.gz
|
||||
man/man3/bn_mul_comba4.3.gz
|
||||
man/man3/bn_mul_comba8.3.gz
|
||||
@ -1415,7 +1425,6 @@ man/man3/d2i_ECPKParameters.3.gz
|
||||
man/man3/d2i_ECPKParameters_bio.3.gz
|
||||
man/man3/d2i_ECPKParameters_fp.3.gz
|
||||
man/man3/d2i_Netscape_RSA.3.gz
|
||||
man/man3/d2i_PKCS8PrivateKey.3.gz
|
||||
man/man3/d2i_PKCS8PrivateKey_bio.3.gz
|
||||
man/man3/d2i_PKCS8PrivateKey_fp.3.gz
|
||||
man/man3/d2i_RSAPrivateKey.3.gz
|
||||
@ -1441,7 +1450,6 @@ man/man3/des_read_pw_string.3.gz
|
||||
man/man3/dh.3.gz
|
||||
man/man3/dsa.3.gz
|
||||
man/man3/ec.3.gz
|
||||
man/man3/ecdsa.3.gz
|
||||
man/man3/engine.3.gz
|
||||
man/man3/evp.3.gz
|
||||
man/man3/get_session_cb.3.gz
|
||||
@ -1493,7 +1501,6 @@ man/man3/lh_node_usage_stats_bio.3.gz
|
||||
man/man3/lh_retrieve.3.gz
|
||||
man/man3/lh_stats.3.gz
|
||||
man/man3/lh_stats_bio.3.gz
|
||||
man/man3/lhash.3.gz
|
||||
man/man3/mul.3.gz
|
||||
man/man3/mul_add.3.gz
|
||||
man/man3/new_session_cb.3.gz
|
||||
@ -1554,8 +1561,6 @@ man/man3/tls_peer_cert_issuer.3.gz
|
||||
man/man3/tls_peer_cert_provided.3.gz
|
||||
man/man3/tls_peer_cert_subject.3.gz
|
||||
man/man3/tmp_rsa_callback.3.gz
|
||||
man/man3/ui.3.gz
|
||||
man/man3/ui_compat.3.gz
|
||||
man/man3/verify_callback.3.gz
|
||||
man/man3/x509.3.gz
|
||||
@dir etc/ssl/certs
|
||||
|
Loading…
Reference in New Issue
Block a user