aboutsummaryrefslogtreecommitdiffstats
path: root/security/libressl-devel
diff options
context:
space:
mode:
authorbrnrd <brnrd@FreeBSD.org>2016-01-31 19:51:36 +0800
committerbrnrd <brnrd@FreeBSD.org>2016-01-31 19:51:36 +0800
commita89820e793d5b95c3630268b537e970223cf85fc (patch)
treeb344cdcb783fdc65cba75705344fb4a4150c36ea /security/libressl-devel
parentaf1f9b2134800e5e1bc530cd337cd2af6fbf502d (diff)
downloadfreebsd-ports-gnome-a89820e793d5b95c3630268b537e970223cf85fc.tar.gz
freebsd-ports-gnome-a89820e793d5b95c3630268b537e970223cf85fc.tar.zst
freebsd-ports-gnome-a89820e793d5b95c3630268b537e970223cf85fc.zip
security/libressl-devel: Update to 2.3.2
- Update to version 2.3.2 [1] - Remove patches (upstreamed) - Bump shlib versions - Fix plist issues - Remove CA root cert that is installed by default Changes: ftp://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.2-relnotes.txt [1] Reviewed by: koobs (mentor), feld (mentor), miwi (portmgr) Approved by: koobs (mentor), miwi (portmgr) Differential Revision: D5116
Diffstat (limited to 'security/libressl-devel')
-rw-r--r--security/libressl-devel/Makefile7
-rw-r--r--security/libressl-devel/distinfo4
-rw-r--r--security/libressl-devel/files/patch-crypto_asn1_tasn__dec.c49
-rw-r--r--security/libressl-devel/files/patch-crypto_rsa_rsa__ameth.c35
-rw-r--r--security/libressl-devel/pkg-plist45
5 files changed, 31 insertions, 109 deletions
diff --git a/security/libressl-devel/Makefile b/security/libressl-devel/Makefile
index ea07e12c3035..022671bc08a9 100644
--- a/security/libressl-devel/Makefile
+++ b/security/libressl-devel/Makefile
@@ -2,8 +2,7 @@
# $FreeBSD$
PORTNAME= libressl
-PORTVERSION= 2.3.1
-PORTREVISIION= 1
+PORTVERSION= 2.3.2
CATEGORIES= security devel
MASTER_SITES= OPENBSD/LibreSSL
PKGNAMESUFFIX= -devel
@@ -25,7 +24,6 @@ CONFLICTS?= openssl-[0-9]* \
libressl-[0-9]*
GNU_CONFIGURE= yes
-CONFIGURE_ARGS= --enable-silent-rules
USES= cpe libtool pathfix pkgconfig
USE_LDCONFIG= yes
OPTIONS_SUB= yes
@@ -41,4 +39,7 @@ post-install-MAN3-off:
${RM} -rf ${STAGEDIR}/${PREFIX}/man/man3
${REINPLACE_CMD} -e '/^man\/man3/d' ${TMPPLIST}
+post-install:
+ ${RM} -rf ${STAGEDIR}/${PREFIX}/etc/ssl/cert.pem
+
.include <bsd.port.mk>
diff --git a/security/libressl-devel/distinfo b/security/libressl-devel/distinfo
index b8366fecf9e4..67e166af6d84 100644
--- a/security/libressl-devel/distinfo
+++ b/security/libressl-devel/distinfo
@@ -1,2 +1,2 @@
-SHA256 (libressl-2.3.1.tar.gz) = 410b58db4ebbcab43c3357612e591094f64fb9339269caa2e68728e36f8d589e
-SIZE (libressl-2.3.1.tar.gz) = 3014881
+SHA256 (libressl-2.3.2.tar.gz) = 80f45fae4859f161b1980cad846d4217417d0c89006ad29c0ea8c88da564a96a
+SIZE (libressl-2.3.2.tar.gz) = 3063638
diff --git a/security/libressl-devel/files/patch-crypto_asn1_tasn__dec.c b/security/libressl-devel/files/patch-crypto_asn1_tasn__dec.c
deleted file mode 100644
index 92a4cd7c9f71..000000000000
--- a/security/libressl-devel/files/patch-crypto_asn1_tasn__dec.c
+++ /dev/null
@@ -1,49 +0,0 @@
-From 9900c16beb14eb3bfc8f4d8c6191e6e1a271c861 Mon Sep 17 00:00:00 2001
-From: beck <>
-Date: Fri, 4 Dec 2015 04:19:25 +0000
-Subject: [PATCH] Fix for OpenSSL CVE-2015-3195 ok djm@ jsing@
-
----
- src/lib/libssl/src/crypto/asn1/tasn_dec.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
-index e50ec0a..0a6eaf2 100644
---- crypto/asn1/tasn_dec.c
-+++ crypto/asn1/tasn_dec.c
-@@ -1,4 +1,4 @@
--/* $OpenBSD: tasn_dec.c,v 1.26 2015/03/19 14:00:22 tedu Exp $ */
-+/* $OpenBSD: tasn_dec.c,v 1.27 2015/07/20 15:41:48 miod Exp $ */
- /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-@@ -166,6 +166,10 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
- int otag;
- int ret = 0;
- ASN1_VALUE **pchptr;
-+ int combine;
-+
-+ combine = aclass & ASN1_TFLG_COMBINE;
-+ aclass &= ~ASN1_TFLG_COMBINE;
-
- if (!pval)
- return 0;
-@@ -447,7 +451,8 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
- auxerr:
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
- err:
-- ASN1_item_ex_free(pval, it);
-+ if (combine == 0)
-+ ASN1_item_ex_free(pval, it);
- if (errtt)
- ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name,
- it->sname);
-@@ -642,7 +647,7 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
- } else {
- /* Nothing special */
- ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-- -1, 0, opt, ctx);
-+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
- if (!ret) {
- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
- ERR_R_NESTED_ASN1_ERROR);
diff --git a/security/libressl-devel/files/patch-crypto_rsa_rsa__ameth.c b/security/libressl-devel/files/patch-crypto_rsa_rsa__ameth.c
deleted file mode 100644
index 7e42400b7685..000000000000
--- a/security/libressl-devel/files/patch-crypto_rsa_rsa__ameth.c
+++ /dev/null
@@ -1,35 +0,0 @@
-untrusted comment: signature from openbsd 5.8 base secret key
-RWQNNZXtC/MqP8u13/pPZfTpPeHhU93PG0DBihXvQ7lB0CvONLwoTfHr9f40s515bidPGcGLAH4xu+yz3skT6b3tKETEWZw8BgA=
-
-OpenBSD 5.8 errata 9, Dec 3, 2015:
-
-CVE-2015-3194 - NULL pointer dereference in client certificate validation
-
-Apply by doing:
- signify -Vep /etc/signify/openbsd-58-base.pub -x 009_clientcert.patch.sig \
- -m - | (cd /usr/src && patch -p0)
-
-And then rebuild and install libcrypto:
- cd /usr/src/lib/libcrypto
- make obj
- make depend
- make
- make install
-
-Index: crypto/rsa/rsa_ameth.c
-===================================================================
-RCS file: /cvs/src/lib/libssl/src/crypto/rsa/rsa_ameth.c,v
-retrieving revision 1.14
-retrieving revision 1.14.6.1
-diff -u -p -u -p -r1.14 -r1.14.6.1
---- crypto/rsa/rsa_ameth.c 11 Feb 2015 04:05:14 -0000 1.14
-+++ crypto/rsa/rsa_ameth.c 4 Dec 2015 04:13:43 -0000 1.14.6.1
-@@ -298,7 +298,7 @@ rsa_pss_decode(const X509_ALGOR *alg, X5
- if (pss->maskGenAlgorithm) {
- ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
- if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
-- param->type == V_ASN1_SEQUENCE) {
-+ param && param->type == V_ASN1_SEQUENCE) {
- p = param->value.sequence->data;
- plen = param->value.sequence->length;
- *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
diff --git a/security/libressl-devel/pkg-plist b/security/libressl-devel/pkg-plist
index c8cf130057b8..72fc52638a78 100644
--- a/security/libressl-devel/pkg-plist
+++ b/security/libressl-devel/pkg-plist
@@ -1,6 +1,5 @@
%%NC%%bin/nc
bin/openssl
-etc/ssl/cert.pem
etc/ssl/openssl.cnf
etc/ssl/x509v3.cnf
include/openssl/aes.h
@@ -76,16 +75,16 @@ include/openssl/x509v3.h
include/tls.h
lib/libcrypto.a
lib/libcrypto.so
-lib/libcrypto.so.36
-lib/libcrypto.so.36.0.0
+lib/libcrypto.so.37
+lib/libcrypto.so.37.0.0
lib/libssl.a
lib/libssl.so
-lib/libssl.so.37
-lib/libssl.so.37.0.0
+lib/libssl.so.38
+lib/libssl.so.38.0.0
lib/libtls.a
lib/libtls.so
-lib/libtls.so.9
-lib/libtls.so.9.0.0
+lib/libtls.so.10
+lib/libtls.so.10.0.0
libdata/pkgconfig/libcrypto.pc
libdata/pkgconfig/libssl.pc
libdata/pkgconfig/libtls.pc
@@ -360,6 +359,7 @@ man/man3/BUF_MEM_new.3.gz
man/man3/BUF_strdup.3.gz
man/man3/CMS_add0_cert.3.gz
man/man3/CMS_add1_recipient_cert.3.gz
+man/man3/CMS_add1_signer.3.gz
man/man3/CMS_compress.3.gz
man/man3/CMS_decrypt.3.gz
man/man3/CMS_encrypt.3.gz
@@ -369,7 +369,6 @@ man/man3/CMS_get0_SignerInfos.3.gz
man/man3/CMS_get0_type.3.gz
man/man3/CMS_get1_ReceiptRequest.3.gz
man/man3/CMS_sign.3.gz
-man/man3/CMS_sign_add1_signer.3.gz
man/man3/CMS_sign_receipt.3.gz
man/man3/CMS_uncompress.3.gz
man/man3/CMS_verify.3.gz
@@ -385,6 +384,8 @@ man/man3/CRYPTO_THREADID_current.3.gz
man/man3/CRYPTO_THREADID_get_callback.3.gz
man/man3/CRYPTO_THREADID_hash.3.gz
man/man3/CRYPTO_THREADID_set_callback.3.gz
+man/man3/CRYPTO_THREADID_set_numeric.3.gz
+man/man3/CRYPTO_THREADID_set_pointer.3.gz
man/man3/CRYPTO_add.3.gz
man/man3/CRYPTO_add_lock.3.gz
man/man3/CRYPTO_destroy_dynlockid.3.gz
@@ -402,6 +403,7 @@ man/man3/CRYPTO_set_id_callback.3.gz
man/man3/CRYPTO_set_locking_callback.3.gz
man/man3/CRYPTO_w_lock.3.gz
man/man3/CRYPTO_w_unlock.3.gz
+man/man3/DECLARE_LHASH_OF.3.gz
man/man3/DES_cbc_cksum.3.gz
man/man3/DES_cfb64_encrypt.3.gz
man/man3/DES_cfb_encrypt.3.gz
@@ -647,7 +649,14 @@ man/man3/ERR_remove_state.3.gz
man/man3/ERR_remove_thread_state.3.gz
man/man3/ERR_set_mark.3.gz
man/man3/EVP_BytesToKey.3.gz
+man/man3/EVP_AEAD_CTX_cleanup.3.gz
man/man3/EVP_AEAD_CTX_init.3.gz
+man/man3/EVP_AEAD_CTX_open.3.gz
+man/man3/EVP_AEAD_CTX_seal.3.gz
+man/man3/EVP_AEAD_key_length.3.gz
+man/man3/EVP_AEAD_max_overhead.3.gz
+man/man3/EVP_AEAD_max_tag_len.3.gz
+man/man3/EVP_AEAD_nonce_length.3.gz
man/man3/EVP_CIPHER_CTX_block_size.3.gz
man/man3/EVP_CIPHER_CTX_cipher.3.gz
man/man3/EVP_CIPHER_CTX_cleanup.3.gz
@@ -716,7 +725,6 @@ man/man3/EVP_MD_type.3.gz
man/man3/EVP_OpenFinal.3.gz
man/man3/EVP_OpenInit.3.gz
man/man3/EVP_OpenUpdate.3.gz
-man/man3/EVP_PKEVP_PKEY_CTX_set_app_data.3.gz
man/man3/EVP_PKEY_CTX_ctrl.3.gz
man/man3/EVP_PKEY_CTX_ctrl_str.3.gz
man/man3/EVP_PKEY_CTX_dup.3.gz
@@ -744,7 +752,6 @@ man/man3/EVP_PKEY_assign_RSA.3.gz
man/man3/EVP_PKEY_cmp.3.gz
man/man3/EVP_PKEY_cmp_parameters.3.gz
man/man3/EVP_PKEY_copy_parameters.3.gz
-man/man3/EVP_PKEY_ctrl_str.3.gz
man/man3/EVP_PKEY_decrypt.3.gz
man/man3/EVP_PKEY_decrypt_init.3.gz
man/man3/EVP_PKEY_derive.3.gz
@@ -789,6 +796,10 @@ man/man3/EVP_SignUpdate.3.gz
man/man3/EVP_VerifyFinal.3.gz
man/man3/EVP_VerifyInit.3.gz
man/man3/EVP_VerifyUpdate.3.gz
+man/man3/EVP_aead_aes_128_gcm.3.gz
+man/man3/EVP_aead_aes_256_gcm.3.gz
+man/man3/EVP_aead_chacha20_poly1305.3.gz
+man/man3/EVP_aead_chacha20_poly1305_ietf.3.gz
man/man3/EVP_aes_128_ccm.3.gz
man/man3/EVP_aes_128_gcm.3.gz
man/man3/EVP_aes_192_ccm.3.gz
@@ -856,6 +867,10 @@ man/man3/HMAC_Final.3.gz
man/man3/HMAC_Init.3.gz
man/man3/HMAC_Update.3.gz
man/man3/HMAC_cleanup.3.gz
+man/man3/LHASH_COMP_FN_TYPE.3.gz
+man/man3/LHASH_DOALL_ARG_FN_TYPE.3.gz
+man/man3/LHASH_DOALL_FN_TYPE.3.gz
+man/man3/LHASH_HASH_FN_TYPE.3.gz
man/man3/MD2.3.gz
man/man3/MD2_Final.3.gz
man/man3/MD2_Init.3.gz
@@ -987,7 +1002,6 @@ man/man3/RIPEMD160.3.gz
man/man3/RIPEMD160_Final.3.gz
man/man3/RIPEMD160_Init.3.gz
man/man3/RIPEMD160_Update.3.gz
-man/man3/RSA_PKCS1_RSAref.3.gz
man/man3/RSA_PKCS1_SSLeay.3.gz
man/man3/RSA_blinding_off.3.gz
man/man3/RSA_blinding_on.3.gz
@@ -1088,7 +1102,6 @@ man/man3/SSL_CTX_sess_number.3.gz
man/man3/SSL_CTX_sess_set_cache_size.3.gz
man/man3/SSL_CTX_sess_set_get_cb.3.gz
man/man3/SSL_CTX_sess_set_new_cb.3.gz
-man/man3/SSL_CTX_sess_set_remove.3.gz
man/man3/SSL_CTX_sess_set_remove_cb.3.gz
man/man3/SSL_CTX_sess_timeouts.3.gz
man/man3/SSL_CTX_sessions.3.gz
@@ -1159,7 +1172,6 @@ man/man3/SSL_free.3.gz
man/man3/SSL_get0_session.3.gz
man/man3/SSL_get1_session.3.gz
man/man3/SSL_get_SSL_CTX.3.gz
-man/man3/SSL_get_accept_state.3.gz
man/man3/SSL_get_cipher.3.gz
man/man3/SSL_get_cipher_bits.3.gz
man/man3/SSL_get_cipher_list.3.gz
@@ -1177,7 +1189,6 @@ man/man3/SSL_get_fd.3.gz
man/man3/SSL_get_info_callback.3.gz
man/man3/SSL_get_max_cert_list.3.gz
man/man3/SSL_get_mode.3.gz
-man/man3/SSL_get_msg_callback_arg.3.gz
man/man3/SSL_get_options.3.gz
man/man3/SSL_get_peer_cert_chain.3.gz
man/man3/SSL_get_peer_certificate.3.gz
@@ -1369,7 +1380,6 @@ man/man3/bn_dump.3.gz
man/man3/bn_expand.3.gz
man/man3/bn_expand2.3.gz
man/man3/bn_fix_top.3.gz
-man/man3/bn_internal.3.gz
man/man3/bn_mul_add_words.3.gz
man/man3/bn_mul_comba4.3.gz
man/man3/bn_mul_comba8.3.gz
@@ -1415,7 +1425,6 @@ man/man3/d2i_ECPKParameters.3.gz
man/man3/d2i_ECPKParameters_bio.3.gz
man/man3/d2i_ECPKParameters_fp.3.gz
man/man3/d2i_Netscape_RSA.3.gz
-man/man3/d2i_PKCS8PrivateKey.3.gz
man/man3/d2i_PKCS8PrivateKey_bio.3.gz
man/man3/d2i_PKCS8PrivateKey_fp.3.gz
man/man3/d2i_RSAPrivateKey.3.gz
@@ -1441,7 +1450,6 @@ man/man3/des_read_pw_string.3.gz
man/man3/dh.3.gz
man/man3/dsa.3.gz
man/man3/ec.3.gz
-man/man3/ecdsa.3.gz
man/man3/engine.3.gz
man/man3/evp.3.gz
man/man3/get_session_cb.3.gz
@@ -1493,7 +1501,6 @@ man/man3/lh_node_usage_stats_bio.3.gz
man/man3/lh_retrieve.3.gz
man/man3/lh_stats.3.gz
man/man3/lh_stats_bio.3.gz
-man/man3/lhash.3.gz
man/man3/mul.3.gz
man/man3/mul_add.3.gz
man/man3/new_session_cb.3.gz
@@ -1554,8 +1561,6 @@ man/man3/tls_peer_cert_issuer.3.gz
man/man3/tls_peer_cert_provided.3.gz
man/man3/tls_peer_cert_subject.3.gz
man/man3/tmp_rsa_callback.3.gz
-man/man3/ui.3.gz
-man/man3/ui_compat.3.gz
man/man3/verify_callback.3.gz
man/man3/x509.3.gz
@dir etc/ssl/certs
generated by cgit (git 2.34.1) at 2024-11-17 17:44:36 +0800