mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-10-19 19:59:43 +00:00
Code Issues Releases Activity

security/libressl-devel: Update to 2.3.2

Browse Source 
- Update to version 2.3.2 [1]
  - Remove patches (upstreamed)
  - Bump shlib versions
  - Fix plist issues
  - Remove CA root cert that is installed by default

Changes:

  ftp://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.2-relnotes.txt [1]

Reviewed by:	koobs (mentor), feld (mentor), miwi (portmgr)
Approved by:	koobs (mentor), miwi (portmgr)
Differential Revision:	D5116
This commit is contained in:
Bernard Spil 2016-01-31 11:51:36 +00:00
parent 3cf7f4e5f5
commit 5d89c27838
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=407614
6 changed files with 32 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Mk/bsd.openssl.mk
View File

@ -109,7 +109,7 @@ OPENSSL_SHLIBVER?= ${OPENSSL_SHLIBFILE:E}
.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl
OPENSSL_SHLIBVER?= 35
.elif defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl-devel
OPENSSL_SHLIBVER?= 36
OPENSSL_SHLIBVER?= 37
.endif
# default

7
security/libressl-devel/Makefile
View File

@ -2,8 +2,7 @@
# $FreeBSD$
PORTNAME= libressl
PORTVERSION= 2.3.1
PORTREVISIION= 1
PORTVERSION= 2.3.2
CATEGORIES= security devel
MASTER_SITES= OPENBSD/LibreSSL
PKGNAMESUFFIX= -devel
@ -25,7 +24,6 @@ CONFLICTS?= openssl-[0-9]* \
libressl-[0-9]*
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --enable-silent-rules
USES= cpe libtool pathfix pkgconfig
USE_LDCONFIG= yes
OPTIONS_SUB= yes
@ -41,4 +39,7 @@ post-install-MAN3-off:
${RM} -rf ${STAGEDIR}/${PREFIX}/man/man3
${REINPLACE_CMD} -e '/^man\/man3/d' ${TMPPLIST}
post-install:
${RM} -rf ${STAGEDIR}/${PREFIX}/etc/ssl/cert.pem
.include <bsd.port.mk>

4
security/libressl-devel/distinfo
View File

@ -1,2 +1,2 @@
SHA256 (libressl-2.3.1.tar.gz) = 410b58db4ebbcab43c3357612e591094f64fb9339269caa2e68728e36f8d589e
SIZE (libressl-2.3.1.tar.gz) = 3014881
SHA256 (libressl-2.3.2.tar.gz) = 80f45fae4859f161b1980cad846d4217417d0c89006ad29c0ea8c88da564a96a
SIZE (libressl-2.3.2.tar.gz) = 3063638

49
security/libressl-devel/files/patch-crypto_asn1_tasn__dec.c
View File

@ -1,49 +0,0 @@
From 9900c16beb14eb3bfc8f4d8c6191e6e1a271c861 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Fri, 4 Dec 2015 04:19:25 +0000
Subject: [PATCH] Fix for OpenSSL CVE-2015-3195 ok djm@ jsing@
---
src/lib/libssl/src/crypto/asn1/tasn_dec.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
index e50ec0a..0a6eaf2 100644
--- crypto/asn1/tasn_dec.c
+++ crypto/asn1/tasn_dec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_dec.c,v 1.26 2015/03/19 14:00:22 tedu Exp $ */
+/* $OpenBSD: tasn_dec.c,v 1.27 2015/07/20 15:41:48 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
@@ -166,6 +166,10 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
int otag;
int ret = 0;
ASN1_VALUE **pchptr;
+ int combine;
+
+ combine = aclass & ASN1_TFLG_COMBINE;
+ aclass &= ~ASN1_TFLG_COMBINE;
if (!pval)
return 0;
@@ -447,7 +451,8 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
auxerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
err:
- ASN1_item_ex_free(pval, it);
+ if (combine == 0)
+ ASN1_item_ex_free(pval, it);
if (errtt)
ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name,
it->sname);
@@ -642,7 +647,7 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
} else {
/* Nothing special */
ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
- -1, 0, opt, ctx);
+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_NESTED_ASN1_ERROR);

35
security/libressl-devel/files/patch-crypto_rsa_rsa__ameth.c
View File

@ -1,35 +0,0 @@
untrusted comment: signature from openbsd 5.8 base secret key
RWQNNZXtC/MqP8u13/pPZfTpPeHhU93PG0DBihXvQ7lB0CvONLwoTfHr9f40s515bidPGcGLAH4xu+yz3skT6b3tKETEWZw8BgA=
OpenBSD 5.8 errata 9, Dec 3, 2015:
CVE-2015-3194 - NULL pointer dereference in client certificate validation
Apply by doing:
signify -Vep /etc/signify/openbsd-58-base.pub -x 009_clientcert.patch.sig \
-m - | (cd /usr/src && patch -p0)
And then rebuild and install libcrypto:
cd /usr/src/lib/libcrypto
make obj
make depend
make
make install
Index: crypto/rsa/rsa_ameth.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/crypto/rsa/rsa_ameth.c,v
retrieving revision 1.14
retrieving revision 1.14.6.1
diff -u -p -u -p -r1.14 -r1.14.6.1
--- crypto/rsa/rsa_ameth.c 11 Feb 2015 04:05:14 -0000 1.14
+++ crypto/rsa/rsa_ameth.c 4 Dec 2015 04:13:43 -0000 1.14.6.1
@@ -298,7 +298,7 @@ rsa_pss_decode(const X509_ALGOR *alg, X5
if (pss->maskGenAlgorithm) {
ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
- param->type == V_ASN1_SEQUENCE) {
+ param && param->type == V_ASN1_SEQUENCE) {
p = param->value.sequence->data;
plen = param->value.sequence->length;
*pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);

45
security/libressl-devel/pkg-plist
View File

@ -1,6 +1,5 @@
%%NC%%bin/nc
bin/openssl
etc/ssl/cert.pem
etc/ssl/openssl.cnf
etc/ssl/x509v3.cnf
include/openssl/aes.h
@ -76,16 +75,16 @@ include/openssl/x509v3.h
include/tls.h
lib/libcrypto.a
lib/libcrypto.so
lib/libcrypto.so.36
lib/libcrypto.so.36.0.0
lib/libcrypto.so.37
lib/libcrypto.so.37.0.0
lib/libssl.a
lib/libssl.so
lib/libssl.so.37
lib/libssl.so.37.0.0
lib/libssl.so.38
lib/libssl.so.38.0.0
lib/libtls.a
lib/libtls.so
lib/libtls.so.9
lib/libtls.so.9.0.0
lib/libtls.so.10
lib/libtls.so.10.0.0
libdata/pkgconfig/libcrypto.pc
libdata/pkgconfig/libssl.pc
libdata/pkgconfig/libtls.pc
@ -360,6 +359,7 @@ man/man3/BUF_MEM_new.3.gz
man/man3/BUF_strdup.3.gz
man/man3/CMS_add0_cert.3.gz
man/man3/CMS_add1_recipient_cert.3.gz
man/man3/CMS_add1_signer.3.gz
man/man3/CMS_compress.3.gz
man/man3/CMS_decrypt.3.gz
man/man3/CMS_encrypt.3.gz
@ -369,7 +369,6 @@ man/man3/CMS_get0_SignerInfos.3.gz
man/man3/CMS_get0_type.3.gz
man/man3/CMS_get1_ReceiptRequest.3.gz
man/man3/CMS_sign.3.gz
man/man3/CMS_sign_add1_signer.3.gz
man/man3/CMS_sign_receipt.3.gz
man/man3/CMS_uncompress.3.gz
man/man3/CMS_verify.3.gz
@ -385,6 +384,8 @@ man/man3/CRYPTO_THREADID_current.3.gz
man/man3/CRYPTO_THREADID_get_callback.3.gz
man/man3/CRYPTO_THREADID_hash.3.gz
man/man3/CRYPTO_THREADID_set_callback.3.gz
man/man3/CRYPTO_THREADID_set_numeric.3.gz
man/man3/CRYPTO_THREADID_set_pointer.3.gz
man/man3/CRYPTO_add.3.gz
man/man3/CRYPTO_add_lock.3.gz
man/man3/CRYPTO_destroy_dynlockid.3.gz
@ -402,6 +403,7 @@ man/man3/CRYPTO_set_id_callback.3.gz
man/man3/CRYPTO_set_locking_callback.3.gz
man/man3/CRYPTO_w_lock.3.gz
man/man3/CRYPTO_w_unlock.3.gz
man/man3/DECLARE_LHASH_OF.3.gz
man/man3/DES_cbc_cksum.3.gz
man/man3/DES_cfb64_encrypt.3.gz
man/man3/DES_cfb_encrypt.3.gz
@ -647,7 +649,14 @@ man/man3/ERR_remove_state.3.gz
man/man3/ERR_remove_thread_state.3.gz
man/man3/ERR_set_mark.3.gz
man/man3/EVP_BytesToKey.3.gz
man/man3/EVP_AEAD_CTX_cleanup.3.gz
man/man3/EVP_AEAD_CTX_init.3.gz
man/man3/EVP_AEAD_CTX_open.3.gz
man/man3/EVP_AEAD_CTX_seal.3.gz
man/man3/EVP_AEAD_key_length.3.gz
man/man3/EVP_AEAD_max_overhead.3.gz
man/man3/EVP_AEAD_max_tag_len.3.gz
man/man3/EVP_AEAD_nonce_length.3.gz
man/man3/EVP_CIPHER_CTX_block_size.3.gz
man/man3/EVP_CIPHER_CTX_cipher.3.gz
man/man3/EVP_CIPHER_CTX_cleanup.3.gz
@ -716,7 +725,6 @@ man/man3/EVP_MD_type.3.gz
man/man3/EVP_OpenFinal.3.gz
man/man3/EVP_OpenInit.3.gz
man/man3/EVP_OpenUpdate.3.gz
man/man3/EVP_PKEVP_PKEY_CTX_set_app_data.3.gz
man/man3/EVP_PKEY_CTX_ctrl.3.gz
man/man3/EVP_PKEY_CTX_ctrl_str.3.gz
man/man3/EVP_PKEY_CTX_dup.3.gz
@ -744,7 +752,6 @@ man/man3/EVP_PKEY_assign_RSA.3.gz
man/man3/EVP_PKEY_cmp.3.gz
man/man3/EVP_PKEY_cmp_parameters.3.gz
man/man3/EVP_PKEY_copy_parameters.3.gz
man/man3/EVP_PKEY_ctrl_str.3.gz
man/man3/EVP_PKEY_decrypt.3.gz
man/man3/EVP_PKEY_decrypt_init.3.gz
man/man3/EVP_PKEY_derive.3.gz
@ -789,6 +796,10 @@ man/man3/EVP_SignUpdate.3.gz
man/man3/EVP_VerifyFinal.3.gz
man/man3/EVP_VerifyInit.3.gz
man/man3/EVP_VerifyUpdate.3.gz
man/man3/EVP_aead_aes_128_gcm.3.gz
man/man3/EVP_aead_aes_256_gcm.3.gz
man/man3/EVP_aead_chacha20_poly1305.3.gz
man/man3/EVP_aead_chacha20_poly1305_ietf.3.gz
man/man3/EVP_aes_128_ccm.3.gz
man/man3/EVP_aes_128_gcm.3.gz
man/man3/EVP_aes_192_ccm.3.gz
@ -856,6 +867,10 @@ man/man3/HMAC_Final.3.gz
man/man3/HMAC_Init.3.gz
man/man3/HMAC_Update.3.gz
man/man3/HMAC_cleanup.3.gz
man/man3/LHASH_COMP_FN_TYPE.3.gz
man/man3/LHASH_DOALL_ARG_FN_TYPE.3.gz
man/man3/LHASH_DOALL_FN_TYPE.3.gz
man/man3/LHASH_HASH_FN_TYPE.3.gz
man/man3/MD2.3.gz
man/man3/MD2_Final.3.gz
man/man3/MD2_Init.3.gz
@ -987,7 +1002,6 @@ man/man3/RIPEMD160.3.gz
man/man3/RIPEMD160_Final.3.gz
man/man3/RIPEMD160_Init.3.gz
man/man3/RIPEMD160_Update.3.gz
man/man3/RSA_PKCS1_RSAref.3.gz
man/man3/RSA_PKCS1_SSLeay.3.gz
man/man3/RSA_blinding_off.3.gz
man/man3/RSA_blinding_on.3.gz
@ -1088,7 +1102,6 @@ man/man3/SSL_CTX_sess_number.3.gz
man/man3/SSL_CTX_sess_set_cache_size.3.gz
man/man3/SSL_CTX_sess_set_get_cb.3.gz
man/man3/SSL_CTX_sess_set_new_cb.3.gz
man/man3/SSL_CTX_sess_set_remove.3.gz
man/man3/SSL_CTX_sess_set_remove_cb.3.gz
man/man3/SSL_CTX_sess_timeouts.3.gz
man/man3/SSL_CTX_sessions.3.gz
@ -1159,7 +1172,6 @@ man/man3/SSL_free.3.gz
man/man3/SSL_get0_session.3.gz
man/man3/SSL_get1_session.3.gz
man/man3/SSL_get_SSL_CTX.3.gz
man/man3/SSL_get_accept_state.3.gz
man/man3/SSL_get_cipher.3.gz
man/man3/SSL_get_cipher_bits.3.gz
man/man3/SSL_get_cipher_list.3.gz
@ -1177,7 +1189,6 @@ man/man3/SSL_get_fd.3.gz
man/man3/SSL_get_info_callback.3.gz
man/man3/SSL_get_max_cert_list.3.gz
man/man3/SSL_get_mode.3.gz
man/man3/SSL_get_msg_callback_arg.3.gz
man/man3/SSL_get_options.3.gz
man/man3/SSL_get_peer_cert_chain.3.gz
man/man3/SSL_get_peer_certificate.3.gz
@ -1369,7 +1380,6 @@ man/man3/bn_dump.3.gz
man/man3/bn_expand.3.gz
man/man3/bn_expand2.3.gz
man/man3/bn_fix_top.3.gz
man/man3/bn_internal.3.gz
man/man3/bn_mul_add_words.3.gz
man/man3/bn_mul_comba4.3.gz
man/man3/bn_mul_comba8.3.gz
@ -1415,7 +1425,6 @@ man/man3/d2i_ECPKParameters.3.gz
man/man3/d2i_ECPKParameters_bio.3.gz
man/man3/d2i_ECPKParameters_fp.3.gz
man/man3/d2i_Netscape_RSA.3.gz
man/man3/d2i_PKCS8PrivateKey.3.gz
man/man3/d2i_PKCS8PrivateKey_bio.3.gz
man/man3/d2i_PKCS8PrivateKey_fp.3.gz
man/man3/d2i_RSAPrivateKey.3.gz
@ -1441,7 +1450,6 @@ man/man3/des_read_pw_string.3.gz
man/man3/dh.3.gz
man/man3/dsa.3.gz
man/man3/ec.3.gz
man/man3/ecdsa.3.gz
man/man3/engine.3.gz
man/man3/evp.3.gz
man/man3/get_session_cb.3.gz
@ -1493,7 +1501,6 @@ man/man3/lh_node_usage_stats_bio.3.gz
man/man3/lh_retrieve.3.gz
man/man3/lh_stats.3.gz
man/man3/lh_stats_bio.3.gz
man/man3/lhash.3.gz
man/man3/mul.3.gz
man/man3/mul_add.3.gz
man/man3/new_session_cb.3.gz
@ -1554,8 +1561,6 @@ man/man3/tls_peer_cert_issuer.3.gz
man/man3/tls_peer_cert_provided.3.gz
man/man3/tls_peer_cert_subject.3.gz
man/man3/tmp_rsa_callback.3.gz
man/man3/ui.3.gz
man/man3/ui_compat.3.gz
man/man3/verify_callback.3.gz
man/man3/x509.3.gz
@dir etc/ssl/certs