[pkgsrc/trunk]: pkgsrc/security/openssl openssl: update to 1.1.1h.

[wiz <wiz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c9e029a96eef
branches:  trunk
changeset: 439938:c9e029a96eef
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Wed Sep 30 09:25:30 2020 +0000

description:
openssl: update to 1.1.1h.

  Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]

      o Disallow explicit curve parameters in verifications chains when
        X509_V_FLAG_X509_STRICT is used
      o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS
        contexts
      o Oracle Developer Studio will start reporting deprecation warnings

diffstat:

 security/openssl/Makefile                               |   5 +-
 security/openssl/PLIST                                  |   6 +-
 security/openssl/distinfo                               |  11 +--
 security/openssl/patches/patch-crypto_rand_rand__unix.c |  47 -----------------
 4 files changed, 12 insertions(+), 57 deletions(-)

diffs (118 lines):

diff -r a494520751d7 -r c9e029a96eef security/openssl/Makefile
--- a/security/openssl/Makefile Wed Sep 30 09:22:59 2020 +0000
+++ b/security/openssl/Makefile Wed Sep 30 09:25:30 2020 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.263 2020/08/31 18:11:09 wiz Exp $
+# $NetBSD: Makefile,v 1.264 2020/09/30 09:25:30 wiz Exp $
 
-DISTNAME=      openssl-1.1.1g
-PKGREVISION=   3
+DISTNAME=      openssl-1.1.1h
 CATEGORIES=    security
 MASTER_SITES=  https://www.openssl.org/source/
 
diff -r a494520751d7 -r c9e029a96eef security/openssl/PLIST
--- a/security/openssl/PLIST    Wed Sep 30 09:22:59 2020 +0000
+++ b/security/openssl/PLIST    Wed Sep 30 09:25:30 2020 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2020/07/13 11:35:54 jperkin Exp $
+@comment $NetBSD: PLIST,v 1.7 2020/09/30 09:25:30 wiz Exp $
 bin/c_rehash
 bin/openssl
 include/openssl/aes.h
@@ -1028,6 +1028,7 @@
 man/man3/EC_KEY_check_key.3
 man/man3/EC_KEY_clear_flags.3
 man/man3/EC_KEY_copy.3
+man/man3/EC_KEY_decoded_from_explicit_params.3
 man/man3/EC_KEY_dup.3
 man/man3/EC_KEY_free.3
 man/man3/EC_KEY_generate_key.3
@@ -3183,6 +3184,7 @@
 man/man3/X509V3_add1_i2d.3
 man/man3/X509V3_get_d2i.3
 man/man3/X509_ALGOR_cmp.3
+man/man3/X509_ALGOR_copy.3
 man/man3/X509_ALGOR_dup.3
 man/man3/X509_ALGOR_free.3
 man/man3/X509_ALGOR_get0.3
@@ -3341,6 +3343,8 @@
 man/man3/X509_REQ_get_subject_name.3
 man/man3/X509_REQ_get_version.3
 man/man3/X509_REQ_new.3
+man/man3/X509_REQ_set0_signature.3
+man/man3/X509_REQ_set1_signature_algo.3
 man/man3/X509_REQ_set_pubkey.3
 man/man3/X509_REQ_set_subject_name.3
 man/man3/X509_REQ_set_version.3
diff -r a494520751d7 -r c9e029a96eef security/openssl/distinfo
--- a/security/openssl/distinfo Wed Sep 30 09:22:59 2020 +0000
+++ b/security/openssl/distinfo Wed Sep 30 09:25:30 2020 +0000
@@ -1,11 +1,10 @@
-$NetBSD: distinfo,v 1.145 2020/09/29 05:45:04 martin Exp $
+$NetBSD: distinfo,v 1.146 2020/09/30 09:25:30 wiz Exp $
 
-SHA1 (openssl-1.1.1g.tar.gz) = b213a293f2127ec3e323fb3cfc0c9807664fd997
-RMD160 (openssl-1.1.1g.tar.gz) = 427b7b12c06715ad1c95d3ff5e38055c6bb66c1d
-SHA512 (openssl-1.1.1g.tar.gz) = 01e3d0b1bceeed8fb066f542ef5480862001556e0f612e017442330bbd7e5faee228b2de3513d7fc347446b7f217e27de1003dc9d7214d5833b97593f3ec25ab
-Size (openssl-1.1.1g.tar.gz) = 9801502 bytes
+SHA1 (openssl-1.1.1h.tar.gz) = 8d0d099e8973ec851368c8c775e05e1eadca1794
+RMD160 (openssl-1.1.1h.tar.gz) = a585a849499d12c1ea44bbdcc5fdecf47961989c
+SHA512 (openssl-1.1.1h.tar.gz) = da50fd99325841ed7a4367d9251c771ce505a443a73b327d8a46b2c6a7d2ea99e43551a164efc86f8743b22c2bdb0020bf24a9cbd445e9d68868b2dc1d34033a
+Size (openssl-1.1.1h.tar.gz) = 9810045 bytes
 SHA1 (patch-Configurations_10-main.conf) = d27643187e0b71041f47a9a7c7eec811f7539085
 SHA1 (patch-Configurations_shared-info.pl) = 0e835f6e343b5d05ef9a0e6ef2a195201262d15c
 SHA1 (patch-Configurations_unix-Makefile.tmpl) = cf6b46c6e10e84100beb468bbe6f85c5e62cbe7a
 SHA1 (patch-Configure) = 479f1bc826f7721f6b44d6b5a6cf460432924bf2
-SHA1 (patch-crypto_rand_rand__unix.c) = 9aa1ff0b0ff1db3fcadacf8707596a7db852f956
diff -r a494520751d7 -r c9e029a96eef security/openssl/patches/patch-crypto_rand_rand__unix.c
--- a/security/openssl/patches/patch-crypto_rand_rand__unix.c   Wed Sep 30 09:22:59 2020 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,47 +0,0 @@
-$NetBSD: patch-crypto_rand_rand__unix.c,v 1.1 2020/04/30 11:21:57 nia Exp $
-
-Fix usage of KERN_ARND on NetBSD.
-
-First, actually include the correct headers.
-Second, disable a hack for old FreeBSD versions (just in case it gets used).
-Third, ensure that we don't ever request more than 256 bytes (just in case).
-
---- crypto/rand/rand_unix.c.orig       2020-04-21 12:22:39.000000000 +0000
-+++ crypto/rand/rand_unix.c
-@@ -26,12 +26,12 @@
- #  include <sys/utsname.h>
- # endif
- #endif
--#if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI)
-+#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI)
- # include <sys/types.h>
- # include <sys/sysctl.h>
- # include <sys/param.h>
- #endif
--#if defined(__OpenBSD__) || defined(__NetBSD__)
-+#if defined(__OpenBSD__)
- # include <sys/param.h>
- #endif
- 
-@@ -247,10 +247,12 @@ static ssize_t sysctl_random(char *buf, 
-      * when the sysctl returns long and we want to request something not a
-      * multiple of longs, which should never be the case.
-      */
-+#if   defined(__FreeBSD__)
-     if (!ossl_assert(buflen % sizeof(long) == 0)) {
-         errno = EINVAL;
-         return -1;
-     }
-+#endif
- 
-     /*
-      * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
-@@ -268,7 +270,7 @@ static ssize_t sysctl_random(char *buf, 
-     mib[1] = KERN_ARND;
- 
-     do {
--        len = buflen;
-+        len = buflen > 256 ? 256 : buflen;
-         if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
-             return done > 0 ? done : -1;
-         done += len;