pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/libressl Updated libressl to 2.5.1.
details: https://anonhg.NetBSD.org/pkgsrc/rev/db754cc84f43
branches: trunk
changeset: 357970:db754cc84f43
user: wiz <wiz%pkgsrc.org@localhost>
date: Thu Feb 02 15:31:16 2017 +0000
description:
Updated libressl to 2.5.1.
2.5.1 - Bug and security fixes, new features, documentation updates
* X509_cmp_time() now passes a malformed GeneralizedTime field as an
error. Reported by Theofilos Petsios.
* Detect zero-length encrypted session data early, instead of when
malloc(0) fails or the HMAC check fails. Noted independently by
jsing@ and Kurt Cancemi.
* Check for and handle failure of HMAC_{Update,Final} or
EVP_DecryptUpdate().
* Massive update and normalization of manpages, conversion to
mandoc format. Many pages were rewritten for clarity and accuracy.
Portable doc links are up-to-date with a new conversion tool.
* Curve25519 Key Exchange support.
* Support for alternate chains for certificate verification.
* Code cleanups, CBS conversions, further unification of DTLS/SSL
handshake code, further ASN1 macro expansion and removal.
* Private symbol are now hidden in libssl and libcryto.
* Friendly certificate verification error messages in libtls, peer
verification is now always enabled.
* Added OCSP stapling support to libtls and netcat.
* Added ocspcheck utility to validate a certificate against its OCSP
responder and save the reply for stapling
* Enhanced regression tests and error handling for libtls.
* Added explicit constant and non-constant time BN functions,
defaulting to constant time wherever possible.
* Moved many leaked implementation details in public structs behind
opaque pointers.
* Added ticket support to libtls.
* Added support for setting the supported EC curves via
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
SSL{_CTX}_set1_curves{_list} names. This also changes the default
list of curves to be X25519, P-256 and P-384. All other curves must
be manually enabled.
* Added -groups option to openssl(1) s_client for specifying the curves
to be used in a colon-separated list.
* Merged client/server version negotiation code paths into one,
reducing much duplicate code.
* Removed error function codes from libssl and libcrypto.
* Fixed an issue where a truncated packet could crash via an OOB read.
* Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
client-initiated renegotiation. This is the default for libtls
servers.
* Avoid a side-channel cache-timing attack that can leak the ECDSA
private keys when signing. This is due to BN_mod_inverse() being
used without the constant time flag being set. Reported by Cesar
Pereida Garcia and Billy Brumley (Tampere University of Technology).
The fix was developed by Cesar Pereida Garcia.
* iOS and MacOS compatibility updates from Simone Basso and Jacob
Berkman.
diffstat:
security/libressl/Makefile | 4 +-
security/libressl/PLIST | 1038 ++++++++++++++++++++++++++++++++++++++++++-
security/libressl/distinfo | 10 +-
3 files changed, 998 insertions(+), 54 deletions(-)
diffs (truncated from 1882 to 300 lines):
diff -r d5d16d3a52ef -r db754cc84f43 security/libressl/Makefile
--- a/security/libressl/Makefile Thu Feb 02 12:39:46 2017 +0000
+++ b/security/libressl/Makefile Thu Feb 02 15:31:16 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.9 2016/10/04 11:39:23 wiz Exp $
+# $NetBSD: Makefile,v 1.10 2017/02/02 15:31:16 wiz Exp $
-DISTNAME= libressl-2.5.0
+DISTNAME= libressl-2.5.1
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_OPENBSD:=LibreSSL/}
diff -r d5d16d3a52ef -r db754cc84f43 security/libressl/PLIST
--- a/security/libressl/PLIST Thu Feb 02 12:39:46 2017 +0000
+++ b/security/libressl/PLIST Thu Feb 02 15:31:16 2017 +0000
@@ -1,8 +1,9 @@
-@comment $NetBSD: PLIST,v 1.6 2016/10/04 11:39:23 wiz Exp $
+@comment $NetBSD: PLIST,v 1.7 2017/02/02 15:31:16 wiz Exp $
lib/pkgconfig/libcrypto.pc
lib/pkgconfig/libssl.pc
lib/pkgconfig/libtls.pc
lib/pkgconfig/openssl.pc
+libressl/bin/ocspcheck
libressl/bin/openssl
libressl/include/openssl/aes.h
libressl/include/openssl/asn1.h
@@ -20,6 +21,7 @@
libressl/include/openssl/conf.h
libressl/include/openssl/conf_api.h
libressl/include/openssl/crypto.h
+libressl/include/openssl/curve25519.h
libressl/include/openssl/des.h
libressl/include/openssl/dh.h
libressl/include/openssl/dsa.h
@@ -34,7 +36,6 @@
libressl/include/openssl/gost.h
libressl/include/openssl/hmac.h
libressl/include/openssl/idea.h
-libressl/include/openssl/krb5_asn.h
libressl/include/openssl/lhash.h
libressl/include/openssl/md4.h
libressl/include/openssl/md5.h
@@ -78,8 +79,30 @@
libressl/lib/libssl.la
libressl/lib/libtls.la
libressl/man/man1/openssl.1
+libressl/man/man3/ACCESS_DESCRIPTION_free.3
+libressl/man/man3/ACCESS_DESCRIPTION_new.3
+libressl/man/man3/ASN1_BIT_STRING_free.3
+libressl/man/man3/ASN1_BIT_STRING_new.3
+libressl/man/man3/ASN1_BMPSTRING_free.3
+libressl/man/man3/ASN1_BMPSTRING_new.3
+libressl/man/man3/ASN1_ENUMERATED_free.3
+libressl/man/man3/ASN1_ENUMERATED_new.3
+libressl/man/man3/ASN1_GENERALIZEDTIME_free.3
+libressl/man/man3/ASN1_GENERALIZEDTIME_new.3
+libressl/man/man3/ASN1_GENERALSTRING_free.3
+libressl/man/man3/ASN1_GENERALSTRING_new.3
+libressl/man/man3/ASN1_IA5STRING_free.3
+libressl/man/man3/ASN1_IA5STRING_new.3
+libressl/man/man3/ASN1_INTEGER_free.3
+libressl/man/man3/ASN1_INTEGER_new.3
libressl/man/man3/ASN1_OBJECT_free.3
libressl/man/man3/ASN1_OBJECT_new.3
+libressl/man/man3/ASN1_OCTET_STRING_free.3
+libressl/man/man3/ASN1_OCTET_STRING_new.3
+libressl/man/man3/ASN1_PRINTABLESTRING_free.3
+libressl/man/man3/ASN1_PRINTABLESTRING_new.3
+libressl/man/man3/ASN1_PRINTABLE_free.3
+libressl/man/man3/ASN1_PRINTABLE_new.3
libressl/man/man3/ASN1_STRING_cmp.3
libressl/man/man3/ASN1_STRING_data.3
libressl/man/man3/ASN1_STRING_dup.3
@@ -94,9 +117,50 @@
libressl/man/man3/ASN1_STRING_to_UTF8.3
libressl/man/man3/ASN1_STRING_type.3
libressl/man/man3/ASN1_STRING_type_new.3
+libressl/man/man3/ASN1_T61STRING_free.3
+libressl/man/man3/ASN1_T61STRING_new.3
+libressl/man/man3/ASN1_TIME_adj.3
+libressl/man/man3/ASN1_TIME_check.3
+libressl/man/man3/ASN1_TIME_free.3
+libressl/man/man3/ASN1_TIME_new.3
+libressl/man/man3/ASN1_TIME_print.3
+libressl/man/man3/ASN1_TIME_set.3
+libressl/man/man3/ASN1_TIME_set_string.3
+libressl/man/man3/ASN1_TYPE_cmp.3
+libressl/man/man3/ASN1_TYPE_free.3
+libressl/man/man3/ASN1_TYPE_get.3
+libressl/man/man3/ASN1_TYPE_new.3
+libressl/man/man3/ASN1_TYPE_set.3
+libressl/man/man3/ASN1_TYPE_set1.3
+libressl/man/man3/ASN1_UNIVERSALSTRING_free.3
+libressl/man/man3/ASN1_UNIVERSALSTRING_new.3
+libressl/man/man3/ASN1_UTCTIME_free.3
+libressl/man/man3/ASN1_UTCTIME_new.3
+libressl/man/man3/ASN1_UTF8STRING_free.3
+libressl/man/man3/ASN1_UTF8STRING_new.3
+libressl/man/man3/ASN1_VISIBLESTRING_free.3
+libressl/man/man3/ASN1_VISIBLESTRING_new.3
libressl/man/man3/ASN1_add_oid_module.3
libressl/man/man3/ASN1_generate_nconf.3
libressl/man/man3/ASN1_generate_v3.3
+libressl/man/man3/ASN1_item_d2i.3
+libressl/man/man3/ASN1_item_d2i_bio.3
+libressl/man/man3/ASN1_item_d2i_fp.3
+libressl/man/man3/ASN1_item_dup.3
+libressl/man/man3/ASN1_item_free.3
+libressl/man/man3/ASN1_item_i2d.3
+libressl/man/man3/ASN1_item_i2d_bio.3
+libressl/man/man3/ASN1_item_i2d_fp.3
+libressl/man/man3/ASN1_item_new.3
+libressl/man/man3/ASN1_item_print.3
+libressl/man/man3/ASN1_time_parse.3
+libressl/man/man3/ASN1_time_tm_cmp.3
+libressl/man/man3/AUTHORITY_INFO_ACCESS_free.3
+libressl/man/man3/AUTHORITY_INFO_ACCESS_new.3
+libressl/man/man3/AUTHORITY_KEYID_free.3
+libressl/man/man3/AUTHORITY_KEYID_new.3
+libressl/man/man3/BASIC_CONSTRAINTS_free.3
+libressl/man/man3/BASIC_CONSTRAINTS_new.3
libressl/man/man3/BF_cbc_encrypt.3
libressl/man/man3/BF_cfb64_encrypt.3
libressl/man/man3/BF_decrypt.3
@@ -105,9 +169,9 @@
libressl/man/man3/BF_ofb64_encrypt.3
libressl/man/man3/BF_options.3
libressl/man/man3/BF_set_key.3
-libressl/man/man3/BIO.3
libressl/man/man3/BIO_append_filename.3
libressl/man/man3/BIO_callback_ctrl.3
+libressl/man/man3/BIO_callback_fn.3
libressl/man/man3/BIO_ctrl.3
libressl/man/man3/BIO_ctrl_get_read_request.3
libressl/man/man3/BIO_ctrl_get_write_guarantee.3
@@ -142,6 +206,8 @@
libressl/man/man3/BIO_get_conn_int_port.3
libressl/man/man3/BIO_get_conn_ip.3
libressl/man/man3/BIO_get_conn_port.3
+libressl/man/man3/BIO_get_ex_data.3
+libressl/man/man3/BIO_get_ex_new_index.3
libressl/man/man3/BIO_get_fd.3
libressl/man/man3/BIO_get_fp.3
libressl/man/man3/BIO_get_info_callback.3
@@ -206,6 +272,7 @@
libressl/man/man3/BIO_set_conn_int_port.3
libressl/man/man3/BIO_set_conn_ip.3
libressl/man/man3/BIO_set_conn_port.3
+libressl/man/man3/BIO_set_ex_data.3
libressl/man/man3/BIO_set_fd.3
libressl/man/man3/BIO_set_fp.3
libressl/man/man3/BIO_set_info_callback.3
@@ -266,6 +333,7 @@
libressl/man/man3/BN_RECP_CTX_set.3
libressl/man/man3/BN_add.3
libressl/man/man3/BN_add_word.3
+libressl/man/man3/BN_asc2bn.3
libressl/man/man3/BN_bin2bn.3
libressl/man/man3/BN_bn2bin.3
libressl/man/man3/BN_bn2dec.3
@@ -287,10 +355,16 @@
libressl/man/man3/BN_gcd.3
libressl/man/man3/BN_generate_prime.3
libressl/man/man3/BN_generate_prime_ex.3
+libressl/man/man3/BN_get0_nist_prime_192.3
+libressl/man/man3/BN_get0_nist_prime_224.3
+libressl/man/man3/BN_get0_nist_prime_256.3
+libressl/man/man3/BN_get0_nist_prime_384.3
+libressl/man/man3/BN_get0_nist_prime_521.3
libressl/man/man3/BN_get_word.3
libressl/man/man3/BN_hex2bn.3
libressl/man/man3/BN_init.3
libressl/man/man3/BN_is_bit_set.3
+libressl/man/man3/BN_is_negative.3
libressl/man/man3/BN_is_odd.3
libressl/man/man3/BN_is_one.3
libressl/man/man3/BN_is_prime.3
@@ -321,7 +395,7 @@
libressl/man/man3/BN_num_bits_word.3
libressl/man/man3/BN_num_bytes.3
libressl/man/man3/BN_one.3
-libressl/man/man3/BN_print.3
+${PLIST.man}libressl/man/man3/BN_print.3
libressl/man/man3/BN_print_fp.3
libressl/man/man3/BN_pseudo_rand.3
libressl/man/man3/BN_pseudo_rand_range.3
@@ -330,6 +404,8 @@
libressl/man/man3/BN_rshift.3
libressl/man/man3/BN_rshift1.3
libressl/man/man3/BN_set_bit.3
+libressl/man/man3/BN_set_flags.3
+libressl/man/man3/BN_set_negative.3
libressl/man/man3/BN_set_word.3
libressl/man/man3/BN_sqr.3
libressl/man/man3/BN_sub.3
@@ -338,16 +414,26 @@
libressl/man/man3/BN_to_montgomery.3
libressl/man/man3/BN_ucmp.3
libressl/man/man3/BN_value_one.3
+libressl/man/man3/BN_with_flags.3
libressl/man/man3/BN_zero.3
libressl/man/man3/BUF_MEM_free.3
libressl/man/man3/BUF_MEM_grow.3
+libressl/man/man3/BUF_MEM_grow_clean.3
libressl/man/man3/BUF_MEM_new.3
+libressl/man/man3/BUF_reverse.3
libressl/man/man3/BUF_strdup.3
+libressl/man/man3/CERTIFICATEPOLICIES_free.3
+libressl/man/man3/CERTIFICATEPOLICIES_new.3
libressl/man/man3/CONF_modules_finish.3
libressl/man/man3/CONF_modules_free.3
libressl/man/man3/CONF_modules_load.3
libressl/man/man3/CONF_modules_load_file.3
libressl/man/man3/CONF_modules_unload.3
+libressl/man/man3/CRL_DIST_POINTS_free.3
+libressl/man/man3/CRL_DIST_POINTS_new.3
+libressl/man/man3/CRYPTO_EX_dup.3
+libressl/man/man3/CRYPTO_EX_free.3
+libressl/man/man3/CRYPTO_EX_new.3
libressl/man/man3/CRYPTO_THREADID_cmp.3
libressl/man/man3/CRYPTO_THREADID_cpy.3
libressl/man/man3/CRYPTO_THREADID_current.3
@@ -357,20 +443,30 @@
libressl/man/man3/CRYPTO_THREADID_set_numeric.3
libressl/man/man3/CRYPTO_THREADID_set_pointer.3
libressl/man/man3/CRYPTO_add.3
-libressl/man/man3/CRYPTO_add_lock.3
libressl/man/man3/CRYPTO_destroy_dynlockid.3
+libressl/man/man3/CRYPTO_free.3
+libressl/man/man3/CRYPTO_free_ex_data.3
libressl/man/man3/CRYPTO_get_ex_data.3
+libressl/man/man3/CRYPTO_get_ex_new_index.3
+libressl/man/man3/CRYPTO_get_mem_functions.3
libressl/man/man3/CRYPTO_get_new_dynlockid.3
libressl/man/man3/CRYPTO_lock.3
+libressl/man/man3/CRYPTO_malloc.3
+libressl/man/man3/CRYPTO_mem_ctrl.3
+libressl/man/man3/CRYPTO_mem_leaks.3
+libressl/man/man3/CRYPTO_mem_leaks_fp.3
+libressl/man/man3/CRYPTO_new_ex_data.3
libressl/man/man3/CRYPTO_num_locks.3
libressl/man/man3/CRYPTO_r_lock.3
libressl/man/man3/CRYPTO_r_unlock.3
+libressl/man/man3/CRYPTO_realloc.3
libressl/man/man3/CRYPTO_set_dynlock_create_callback.3
libressl/man/man3/CRYPTO_set_dynlock_destroy_callback.3
libressl/man/man3/CRYPTO_set_dynlock_lock_callback.3
libressl/man/man3/CRYPTO_set_ex_data.3
-libressl/man/man3/CRYPTO_set_id_callback.3
libressl/man/man3/CRYPTO_set_locking_callback.3
+libressl/man/man3/CRYPTO_set_mem_functions.3
+libressl/man/man3/CRYPTO_strdup.3
libressl/man/man3/CRYPTO_w_lock.3
libressl/man/man3/CRYPTO_w_unlock.3
libressl/man/man3/DECLARE_LHASH_OF.3
@@ -414,18 +510,24 @@
libressl/man/man3/DH_generate_parameters.3
libressl/man/man3/DH_generate_parameters_ex.3
libressl/man/man3/DH_get_default_method.3
-libressl/man/man3/DH_get_default_openssl_method.3
libressl/man/man3/DH_get_ex_data.3
libressl/man/man3/DH_get_ex_new_index.3
libressl/man/man3/DH_new.3
libressl/man/man3/DH_new_method.3
libressl/man/man3/DH_set_default_method.3
-libressl/man/man3/DH_set_default_openssl_method.3
libressl/man/man3/DH_set_ex_data.3
libressl/man/man3/DH_set_method.3
libressl/man/man3/DH_size.3
libressl/man/man3/DHparams_print.3
libressl/man/man3/DHparams_print_fp.3
+libressl/man/man3/DIRECTORYSTRING_free.3
+libressl/man/man3/DIRECTORYSTRING_new.3
+libressl/man/man3/DISPLAYTEXT_free.3
+libressl/man/man3/DISPLAYTEXT_new.3
+libressl/man/man3/DIST_POINT_NAME_free.3
+libressl/man/man3/DIST_POINT_NAME_new.3
+libressl/man/man3/DIST_POINT_free.3
+libressl/man/man3/DIST_POINT_new.3
libressl/man/man3/DSA_OpenSSL.3
libressl/man/man3/DSA_SIG_free.3
libressl/man/man3/DSA_SIG_new.3
@@ -437,7 +539,6 @@
libressl/man/man3/DSA_generate_parameters.3
libressl/man/man3/DSA_generate_parameters_ex.3
libressl/man/man3/DSA_get_default_method.3
-libressl/man/man3/DSA_get_default_openssl_method.3
libressl/man/man3/DSA_get_ex_data.3
libressl/man/man3/DSA_get_ex_new_index.3
libressl/man/man3/DSA_new.3
@@ -445,15 +546,22 @@
libressl/man/man3/DSA_print.3
libressl/man/man3/DSA_print_fp.3
libressl/man/man3/DSA_set_default_method.3
-libressl/man/man3/DSA_set_default_openssl_method.3
libressl/man/man3/DSA_set_ex_data.3
libressl/man/man3/DSA_set_method.3
libressl/man/man3/DSA_sign.3
libressl/man/man3/DSA_sign_setup.3
libressl/man/man3/DSA_size.3
Home |
Main Index |
Thread Index |
Old Index