CVS commit: pkgsrc/security/openssl

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/openssl
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Sat, 3 Feb 2024 18:21:26 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Sat Feb  3 18:21:26 UTC 2024

Modified Files:
        pkgsrc/security/openssl: Makefile PLIST distinfo

Log Message:
openssl: updated to 3.1.5

Changes between 3.1.4 and 3.1.5 [30 Jan 2024]

 * A file in PKCS12 format can contain certificates and keys and may come from
   an untrusted source. The PKCS12 specification allows certain fields to be
   NULL, but OpenSSL did not correctly check for this case. A fix has been
   applied to prevent a NULL pointer dereference that results in OpenSSL
   crashing. If an application processes PKCS12 files from an untrusted source
   using the OpenSSL APIs then that application will be vulnerable to this
   issue prior to this fix.

   OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
   PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
   and PKCS12_newpass().

   We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
   function is related to writing data we do not consider it security
   significant.

   ([CVE-2024-0727])


To generate a diff of this commit:
cvs rdiff -u -r1.295 -r1.296 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.15 -r1.16 pkgsrc/security/openssl/PLIST
cvs rdiff -u -r1.171 -r1.172 pkgsrc/security/openssl/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/openssl/Makefile
diff -u pkgsrc/security/openssl/Makefile:1.295 pkgsrc/security/openssl/Makefile:1.296
--- pkgsrc/security/openssl/Makefile:1.295      Wed Dec 27 14:41:31 2023
+++ pkgsrc/security/openssl/Makefile    Sat Feb  3 18:21:26 2024
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.295 2023/12/27 14:41:31 schmonz Exp $
+# $NetBSD: Makefile,v 1.296 2024/02/03 18:21:26 adam Exp $
 
 # Remember to upload-distfiles when updating OpenSSL -- otherwise it
 # is not possible for users who have bootstrapped without OpenSSL
 # to install it and enable HTTPS fetching.
-DISTNAME=      openssl-3.1.4
+DISTNAME=      openssl-3.1.5
 CATEGORIES=    security
 MASTER_SITES=  https://www.openssl.org/source/
 

Index: pkgsrc/security/openssl/PLIST
diff -u pkgsrc/security/openssl/PLIST:1.15 pkgsrc/security/openssl/PLIST:1.16
--- pkgsrc/security/openssl/PLIST:1.15  Fri Oct 27 18:30:12 2023
+++ pkgsrc/security/openssl/PLIST       Sat Feb  3 18:21:26 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.15 2023/10/27 18:30:12 jperkin Exp $
+@comment $NetBSD: PLIST,v 1.16 2024/02/03 18:21:26 adam Exp $
 bin/c_rehash
 bin/openssl
 include/openssl/aes.h
@@ -834,7 +834,27 @@ man/man3/CMS_set1_eContentType.3
 man/man3/CMS_sign.3
 man/man3/CMS_sign_ex.3
 man/man3/CMS_sign_receipt.3
+man/man3/CMS_signed_add1_attr.3
+man/man3/CMS_signed_add1_attr_by_NID.3
+man/man3/CMS_signed_add1_attr_by_OBJ.3
+man/man3/CMS_signed_add1_attr_by_txt.3
+man/man3/CMS_signed_delete_attr.3
+man/man3/CMS_signed_get0_data_by_OBJ.3
+man/man3/CMS_signed_get_attr.3
+man/man3/CMS_signed_get_attr_by_NID.3
+man/man3/CMS_signed_get_attr_by_OBJ.3
+man/man3/CMS_signed_get_attr_count.3
 man/man3/CMS_uncompress.3
+man/man3/CMS_unsigned_add1_attr.3
+man/man3/CMS_unsigned_add1_attr_by_NID.3
+man/man3/CMS_unsigned_add1_attr_by_OBJ.3
+man/man3/CMS_unsigned_add1_attr_by_txt.3
+man/man3/CMS_unsigned_delete_attr.3
+man/man3/CMS_unsigned_get0_data_by_OBJ.3
+man/man3/CMS_unsigned_get_attr.3
+man/man3/CMS_unsigned_get_attr_by_NID.3
+man/man3/CMS_unsigned_get_attr_by_OBJ.3
+man/man3/CMS_unsigned_get_attr_count.3
 man/man3/CMS_verify.3
 man/man3/CMS_verify_receipt.3
 man/man3/CONF_get1_default_config_file.3
@@ -1884,6 +1904,10 @@ man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3
 man/man3/EVP_PKEY_CTX_settable_params.3
 man/man3/EVP_PKEY_METHOD.3
 man/man3/EVP_PKEY_Q_keygen.3
+man/man3/EVP_PKEY_add1_attr.3
+man/man3/EVP_PKEY_add1_attr_by_NID.3
+man/man3/EVP_PKEY_add1_attr_by_OBJ.3
+man/man3/EVP_PKEY_add1_attr_by_txt.3
 man/man3/EVP_PKEY_asn1_add0.3
 man/man3/EVP_PKEY_asn1_add_alias.3
 man/man3/EVP_PKEY_asn1_copy.3
@@ -1927,6 +1951,7 @@ man/man3/EVP_PKEY_decapsulate_init.3
 man/man3/EVP_PKEY_decrypt.3
 man/man3/EVP_PKEY_decrypt_init.3
 man/man3/EVP_PKEY_decrypt_init_ex.3
+man/man3/EVP_PKEY_delete_attr.3
 man/man3/EVP_PKEY_derive.3
 man/man3/EVP_PKEY_derive_init.3
 man/man3/EVP_PKEY_derive_init_ex.3
@@ -1966,6 +1991,10 @@ man/man3/EVP_PKEY_get1_EC_KEY.3
 man/man3/EVP_PKEY_get1_RSA.3
 man/man3/EVP_PKEY_get1_encoded_public_key.3
 man/man3/EVP_PKEY_get1_tls_encodedpoint.3
+man/man3/EVP_PKEY_get_attr.3
+man/man3/EVP_PKEY_get_attr_by_NID.3
+man/man3/EVP_PKEY_get_attr_by_OBJ.3
+man/man3/EVP_PKEY_get_attr_count.3
 man/man3/EVP_PKEY_get_base_id.3
 man/man3/EVP_PKEY_get_bits.3
 man/man3/EVP_PKEY_get_bn_param.3
@@ -2559,13 +2588,16 @@ man/man3/OPENSSL_LH_doall_arg.3
 man/man3/OPENSSL_LH_error.3
 man/man3/OPENSSL_LH_flush.3
 man/man3/OPENSSL_LH_free.3
+man/man3/OPENSSL_LH_get_down_load.3
 man/man3/OPENSSL_LH_insert.3
 man/man3/OPENSSL_LH_new.3
 man/man3/OPENSSL_LH_node_stats.3
 man/man3/OPENSSL_LH_node_stats_bio.3
 man/man3/OPENSSL_LH_node_usage_stats.3
 man/man3/OPENSSL_LH_node_usage_stats_bio.3
+man/man3/OPENSSL_LH_num_items.3
 man/man3/OPENSSL_LH_retrieve.3
+man/man3/OPENSSL_LH_set_down_load.3
 man/man3/OPENSSL_LH_stats.3
 man/man3/OPENSSL_LH_stats_bio.3
 man/man3/OPENSSL_LINE.3
@@ -4529,9 +4561,20 @@ man/man3/X509_ALGOR_it.3
 man/man3/X509_ALGOR_new.3
 man/man3/X509_ALGOR_set0.3
 man/man3/X509_ALGOR_set_md.3
+man/man3/X509_ATTRIBUTE.3
+man/man3/X509_ATTRIBUTE_count.3
+man/man3/X509_ATTRIBUTE_create.3
+man/man3/X509_ATTRIBUTE_create_by_NID.3
+man/man3/X509_ATTRIBUTE_create_by_OBJ.3
+man/man3/X509_ATTRIBUTE_create_by_txt.3
 man/man3/X509_ATTRIBUTE_dup.3
 man/man3/X509_ATTRIBUTE_free.3
+man/man3/X509_ATTRIBUTE_get0_data.3
+man/man3/X509_ATTRIBUTE_get0_object.3
+man/man3/X509_ATTRIBUTE_get0_type.3
 man/man3/X509_ATTRIBUTE_new.3
+man/man3/X509_ATTRIBUTE_set1_data.3
+man/man3/X509_ATTRIBUTE_set1_object.3
 man/man3/X509_CERT_AUX_free.3
 man/man3/X509_CERT_AUX_new.3
 man/man3/X509_CINF_free.3
@@ -4685,7 +4728,14 @@ man/man3/X509_PUBKEY_set.3
 man/man3/X509_PUBKEY_set0_param.3
 man/man3/X509_REQ_INFO_free.3
 man/man3/X509_REQ_INFO_new.3
+man/man3/X509_REQ_add1_attr.3
+man/man3/X509_REQ_add1_attr_by_NID.3
+man/man3/X509_REQ_add1_attr_by_OBJ.3
+man/man3/X509_REQ_add1_attr_by_txt.3
+man/man3/X509_REQ_add_extensions.3
+man/man3/X509_REQ_add_extensions_nid.3
 man/man3/X509_REQ_check_private_key.3
+man/man3/X509_REQ_delete_attr.3
 man/man3/X509_REQ_digest.3
 man/man3/X509_REQ_dup.3
 man/man3/X509_REQ_free.3
@@ -4693,6 +4743,11 @@ man/man3/X509_REQ_get0_distinguishing_id
 man/man3/X509_REQ_get0_pubkey.3
 man/man3/X509_REQ_get0_signature.3
 man/man3/X509_REQ_get_X509_PUBKEY.3
+man/man3/X509_REQ_get_attr.3
+man/man3/X509_REQ_get_attr_by_NID.3
+man/man3/X509_REQ_get_attr_by_OBJ.3
+man/man3/X509_REQ_get_attr_count.3
+man/man3/X509_REQ_get_extensions.3
 man/man3/X509_REQ_get_pubkey.3
 man/man3/X509_REQ_get_signature_nid.3
 man/man3/X509_REQ_get_subject_name.3
@@ -4971,6 +5026,16 @@ man/man3/X509_up_ref.3
 man/man3/X509_verify.3
 man/man3/X509_verify_cert.3
 man/man3/X509_verify_cert_error_string.3
+man/man3/X509at_add1_attr.3
+man/man3/X509at_add1_attr_by_NID.3
+man/man3/X509at_add1_attr_by_OBJ.3
+man/man3/X509at_add1_attr_by_txt.3
+man/man3/X509at_delete_attr.3
+man/man3/X509at_get0_data_by_OBJ.3
+man/man3/X509at_get_attr.3
+man/man3/X509at_get_attr_by_NID.3
+man/man3/X509at_get_attr_by_OBJ.3
+man/man3/X509at_get_attr_count.3
 man/man3/X509v3_add_ext.3
 man/man3/X509v3_delete_ext.3
 man/man3/X509v3_get_ext.3
@@ -5440,9 +5505,12 @@ man/man3/lh_TYPE_doall_arg.3
 man/man3/lh_TYPE_error.3
 man/man3/lh_TYPE_flush.3
 man/man3/lh_TYPE_free.3
+man/man3/lh_TYPE_get_down_load.3
 man/man3/lh_TYPE_insert.3
 man/man3/lh_TYPE_new.3
+man/man3/lh_TYPE_num_items.3
 man/man3/lh_TYPE_retrieve.3
+man/man3/lh_TYPE_set_down_load.3
 man/man3/o2i_SCT.3
 man/man3/o2i_SCT_LIST.3
 man/man3/pem_password_cb.3

Index: pkgsrc/security/openssl/distinfo
diff -u pkgsrc/security/openssl/distinfo:1.171 pkgsrc/security/openssl/distinfo:1.172
--- pkgsrc/security/openssl/distinfo:1.171      Wed Dec 27 15:55:58 2023
+++ pkgsrc/security/openssl/distinfo    Sat Feb  3 18:21:26 2024
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.171 2023/12/27 15:55:58 spz Exp $
+$NetBSD: distinfo,v 1.172 2024/02/03 18:21:26 adam Exp $
 
-BLAKE2s (openssl-3.1.4.tar.gz) = a2fb05a80f2e8587861edfa5304e995cf7595a262d729593655209de6b67745f
-SHA512 (openssl-3.1.4.tar.gz) = a69df4a018f57dee7d8a57c8003a6869eba11f1eaa394518976642a993780d0de3326019e92dea4c679c6c581fef568ea616ec541afc0792800359c606dffcd2
-Size (openssl-3.1.4.tar.gz) = 15569450 bytes
+BLAKE2s (openssl-3.1.5.tar.gz) = 259837669e34cb57f3822c0fea435b72c517d12c54fc3b0cc5ee67a585ee49be
+SHA512 (openssl-3.1.5.tar.gz) = 82e2ac6b3d9b03f8fc66d2ec421246e989eb702eb94586515abfb5afb5300391a0beedf6a2602f61ac10896b41e5608feeeeb4d37714fa17ac0f2ce465249fa9
+Size (openssl-3.1.5.tar.gz) = 15663524 bytes
 SHA1 (patch-Configurations_unix-Makefile.tmpl) = a482c9b1be14428efb99f3ef638eccbcaea506b7
 SHA1 (patch-util_perl_OpenSSL_config.pm) = 8f335441860597d0074245d49cc9e081b0f9fd4e

Prev by Date: CVS commit: pkgsrc/pkgtools/pkg_install/files/lib
Next by Date: CVS commit: pkgsrc/textproc/py-cmudict
Previous by Thread: CVS commit: pkgsrc/pkgtools/pkg_install/files/lib
Next by Thread: CVS commit: pkgsrc/textproc/py-cmudict
Indexes:

Home | Main Index | Thread Index | Old Index