pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/libressl
Module Name: pkgsrc
Committed By: schmonz
Date: Tue May 13 13:17:05 UTC 2025
Modified Files:
pkgsrc/security/libressl: Makefile PLIST distinfo
Log Message:
libressl: update to 4.1.0. Changes:
* Portable changes
- Added initial experimental support for loongarch64.
- Fixed compilation for mips32 and reenable CI.
- Fixed CMake builds on FreeBSD.
- Fixed the --prefix option for cmake --install.
- Fixed tests for MinGW due to missing sh(1).
* Internal improvements
- Cleaned up the error implementation.
- Many bug fixes and simplifications in the EC ASN.1 code.
- Corrected DER encoding for EC keys and parameters.
- Polished EC_POINT_{oct2point,point2oct}() internals.
- Rewrote the wNAF code for fast ECDSA verification.
- Improved the code setting compressed coordinates for EC points.
- Reworked CPU capabilities detection for amd64 and aarch64.
- New SHA-1, SHA-256 and SHA-512 assembly implementations for amd64.
These make use of the SHA-NI instruction if it is available and
replace the perl-generated assembly optimized for museum pieces.
These are not yet enabled in libressl-portable.
- New SHA-256 and SHA-512 assembly implementations for aarch64
making use of the ARM Cryptographic Extension (CE). Not yet
enabled in libressl-portable.
- New simplified, readable MD5 implementation for amd64.
- Rewrote BN_bn2binpad() and its lebin siblings.
- The BIGNUMs in EC_GROUP and EC_POINT are now heap allocated.
- Rewrote TS_ASN1_INTEGER_print_bio().
- Improved bit counter handling in MD5.
- Simplified and cleaned up the BN_RECP_CTX internals.
- Improved SM4 to match other symmetric ciphers more closely.
- Rewrote X509_NAME_oneline() and X509_NAME_print() using CBS/CBB.
- CRLs are now cached in the issuer cache like certificates.
- Replaced combinations of BN_MONT_CTX_new/set with an internal
BN_MONT_CTX_create().
- Replaced BN_bn2hex() reimplementation in openssl(1) ca with
a proper API call.
- Fixed integer overflows due to signed shift in obj_dat.c.
- Improved some X509_VERIFY_PARAM internals and avoid an out of
bounds read from public API.
- Imported ML-KEM 768 and 1024 from BoringSSL (not yet public API).
* Compatibility changes
- Added an OPENSSL_INIT_NO_ATEXIT flag for OPENSSL_init_crypto().
It has no effect since LibreSSL doesn't call atexit().
- Elliptic curve parameters are only accepted if they encode a
built-in curve.
- EC_METHOD is no longer public and the API exposing it has been
removed. This includes EC_GROUP_new(), EC_GFp_mont_method(),
EC_GROUP_method_of() and EC_METHOD_get_field_type().
- The precomputation stubs for EC_GROUP were removed.
- The API setting Jacobian projective coordinates for a point was
removed as were EC_POINTs_{mul,make_affine}().
- All elliptic curves over fields with less than 224 bits and a
few more were removed from the built-in curves. This includes
all WTLS curves and P-192.
- It is no longer necessary to set RSA_FLAG_SIGN_VER to use the
sign and verify handlers set with RSA_meth_set_{sign,verify}.
- Removed the -C option to generate "C code" from the openssl(1)
dh, dhparam, dsaparam, ecparam, and x509 subcommands.
- Removed #error in headers when OPENSSL_NO_* is defined.
- CRYPTO_set_mem_functions() now matches OpenSSL 1.1 and
CRYPTO_set_mem_ex_functions() was removed.
- The tls_session_secret_cb_fn type now matches OpenSSL 1.1.
- Unexport X509_NAME_print() and X509_OBJECT_up_ref_count().
- const corrected UI_OpenSSL() and BN_MONT_CTX_copy().
- Support OPENSSL_NO_FILENAMES.
- Support SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION.
- Export PKCS12_key_gen_uni() again.
* New features
- libtls has a new tls_peer_cert_common_name() API call to retrieve
the peer's common name without having to inspect the PEM.
* Bug fixes
- Plugged a leak in eckey_compute_pubkey().
- Again allow the magic values -1, -2 and -3 for the salt length
of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str() interface.
- Fixed a few memory leaks in legacy code.
* Documentation
- The remaining undocumented public EVP API is now documented.
- Reorganization of existing documentation for clarity and accuracy.
* Testing and proactive security
- Improved regress coverage of the EC code.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 pkgsrc/security/libressl/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/security/libressl/PLIST
cvs rdiff -u -r1.14 -r1.15 pkgsrc/security/libressl/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/libressl/Makefile
diff -u pkgsrc/security/libressl/Makefile:1.19 pkgsrc/security/libressl/Makefile:1.20
--- pkgsrc/security/libressl/Makefile:1.19 Wed Oct 30 12:50:23 2024
+++ pkgsrc/security/libressl/Makefile Tue May 13 13:17:05 2025
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.19 2024/10/30 12:50:23 adam Exp $
+# $NetBSD: Makefile,v 1.20 2025/05/13 13:17:05 schmonz Exp $
-DISTNAME= libressl-4.0.0
+DISTNAME= libressl-4.1.0
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_OPENBSD:=LibreSSL/}
Index: pkgsrc/security/libressl/PLIST
diff -u pkgsrc/security/libressl/PLIST:1.13 pkgsrc/security/libressl/PLIST:1.14
--- pkgsrc/security/libressl/PLIST:1.13 Wed Oct 30 12:50:23 2024
+++ pkgsrc/security/libressl/PLIST Tue May 13 13:17:05 2025
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.13 2024/10/30 12:50:23 adam Exp $
+@comment $NetBSD: PLIST,v 1.14 2025/05/13 13:17:05 schmonz Exp $
libressl/bin/ocspcheck
libressl/bin/openssl
libressl/include/openssl/aes.h
@@ -677,7 +677,6 @@ libressl/man/man3/CRYPTO_free.3
libressl/man/man3/CRYPTO_free_ex_data.3
libressl/man/man3/CRYPTO_get_ex_data.3
libressl/man/man3/CRYPTO_get_ex_new_index.3
-libressl/man/man3/CRYPTO_get_mem_functions.3
libressl/man/man3/CRYPTO_hchacha_20.3
libressl/man/man3/CRYPTO_lock.3
libressl/man/man3/CRYPTO_malloc.3
@@ -852,8 +851,6 @@ libressl/man/man3/ECPKParameters_print_f
libressl/man/man3/ECParameters_dup.3
libressl/man/man3/ECParameters_print.3
libressl/man/man3/ECParameters_print_fp.3
-libressl/man/man3/EC_GFp_mont_method.3
-libressl/man/man3/EC_GFp_simple_method.3
libressl/man/man3/EC_GROUP_check.3
libressl/man/man3/EC_GROUP_check_discriminant.3
libressl/man/man3/EC_GROUP_clear_free.3
@@ -873,13 +870,10 @@ libressl/man/man3/EC_GROUP_get_degree.3
libressl/man/man3/EC_GROUP_get_order.3
libressl/man/man3/EC_GROUP_get_point_conversion_form.3
libressl/man/man3/EC_GROUP_get_seed_len.3
-libressl/man/man3/EC_GROUP_have_precompute_mult.3
-libressl/man/man3/EC_GROUP_method_of.3
libressl/man/man3/EC_GROUP_new.3
libressl/man/man3/EC_GROUP_new_by_curve_name.3
libressl/man/man3/EC_GROUP_new_curve_GFp.3
libressl/man/man3/EC_GROUP_order_bits.3
-libressl/man/man3/EC_GROUP_precompute_mult.3
libressl/man/man3/EC_GROUP_set_asn1_flag.3
libressl/man/man3/EC_GROUP_set_curve.3
libressl/man/man3/EC_GROUP_set_curve_GFp.3
@@ -934,7 +928,6 @@ libressl/man/man3/EC_KEY_set_private_key
libressl/man/man3/EC_KEY_set_public_key.3
libressl/man/man3/EC_KEY_set_public_key_affine_coordinates.3
libressl/man/man3/EC_KEY_up_ref.3
-libressl/man/man3/EC_METHOD_get_field_type.3
libressl/man/man3/EC_POINT_add.3
libressl/man/man3/EC_POINT_bn2point.3
libressl/man/man3/EC_POINT_clear_free.3
@@ -943,7 +936,6 @@ libressl/man/man3/EC_POINT_copy.3
libressl/man/man3/EC_POINT_dbl.3
libressl/man/man3/EC_POINT_dup.3
libressl/man/man3/EC_POINT_free.3
-libressl/man/man3/EC_POINT_get_Jprojective_coordinates_GFp.3
libressl/man/man3/EC_POINT_get_affine_coordinates.3
libressl/man/man3/EC_POINT_get_affine_coordinates_GFp.3
libressl/man/man3/EC_POINT_hex2point.3
@@ -951,21 +943,17 @@ libressl/man/man3/EC_POINT_invert.3
libressl/man/man3/EC_POINT_is_at_infinity.3
libressl/man/man3/EC_POINT_is_on_curve.3
libressl/man/man3/EC_POINT_make_affine.3
-libressl/man/man3/EC_POINT_method_of.3
libressl/man/man3/EC_POINT_mul.3
libressl/man/man3/EC_POINT_new.3
libressl/man/man3/EC_POINT_oct2point.3
libressl/man/man3/EC_POINT_point2bn.3
libressl/man/man3/EC_POINT_point2hex.3
libressl/man/man3/EC_POINT_point2oct.3
-libressl/man/man3/EC_POINT_set_Jprojective_coordinates_GFp.3
libressl/man/man3/EC_POINT_set_affine_coordinates.3
libressl/man/man3/EC_POINT_set_affine_coordinates_GFp.3
libressl/man/man3/EC_POINT_set_compressed_coordinates.3
libressl/man/man3/EC_POINT_set_compressed_coordinates_GFp.3
libressl/man/man3/EC_POINT_set_to_infinity.3
-libressl/man/man3/EC_POINTs_make_affine.3
-libressl/man/man3/EC_POINTs_mul.3
libressl/man/man3/EC_curve_nid2nist.3
libressl/man/man3/EC_curve_nist2nid.3
libressl/man/man3/EC_get_builtin_curves.3
@@ -1231,23 +1219,11 @@ libressl/man/man3/EVP_PKEY_CTX_set_rsa_p
libressl/man/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3
libressl/man/man3/EVP_PKEY_CTX_set_signature_md.3
libressl/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3
-libressl/man/man3/EVP_PKEY_asn1_copy.3
libressl/man/man3/EVP_PKEY_asn1_find.3
libressl/man/man3/EVP_PKEY_asn1_find_str.3
-libressl/man/man3/EVP_PKEY_asn1_free.3
libressl/man/man3/EVP_PKEY_asn1_get0.3
libressl/man/man3/EVP_PKEY_asn1_get0_info.3
libressl/man/man3/EVP_PKEY_asn1_get_count.3
-libressl/man/man3/EVP_PKEY_asn1_new.3
-libressl/man/man3/EVP_PKEY_asn1_set_check.3
-libressl/man/man3/EVP_PKEY_asn1_set_ctrl.3
-libressl/man/man3/EVP_PKEY_asn1_set_free.3
-libressl/man/man3/EVP_PKEY_asn1_set_param.3
-libressl/man/man3/EVP_PKEY_asn1_set_param_check.3
-libressl/man/man3/EVP_PKEY_asn1_set_private.3
-libressl/man/man3/EVP_PKEY_asn1_set_public.3
-libressl/man/man3/EVP_PKEY_asn1_set_public_check.3
-libressl/man/man3/EVP_PKEY_asn1_set_security_bits.3
libressl/man/man3/EVP_PKEY_assign.3
libressl/man/man3/EVP_PKEY_assign_DH.3
libressl/man/man3/EVP_PKEY_assign_DSA.3
@@ -1255,7 +1231,6 @@ libressl/man/man3/EVP_PKEY_assign_EC_KEY
libressl/man/man3/EVP_PKEY_assign_RSA.3
libressl/man/man3/EVP_PKEY_base_id.3
libressl/man/man3/EVP_PKEY_bits.3
-libressl/man/man3/EVP_PKEY_check.3
libressl/man/man3/EVP_PKEY_cmp.3
libressl/man/man3/EVP_PKEY_cmp_parameters.3
libressl/man/man3/EVP_PKEY_copy_parameters.3
@@ -1287,42 +1262,17 @@ libressl/man/man3/EVP_PKEY_get_raw_publi
libressl/man/man3/EVP_PKEY_id.3
libressl/man/man3/EVP_PKEY_keygen.3
libressl/man/man3/EVP_PKEY_keygen_init.3
-libressl/man/man3/EVP_PKEY_meth_add0.3
-libressl/man/man3/EVP_PKEY_meth_copy.3
-libressl/man/man3/EVP_PKEY_meth_find.3
-libressl/man/man3/EVP_PKEY_meth_free.3
-libressl/man/man3/EVP_PKEY_meth_get0_info.3
-libressl/man/man3/EVP_PKEY_meth_new.3
-libressl/man/man3/EVP_PKEY_meth_set_check.3
-libressl/man/man3/EVP_PKEY_meth_set_cleanup.3
-libressl/man/man3/EVP_PKEY_meth_set_copy.3
-libressl/man/man3/EVP_PKEY_meth_set_ctrl.3
-libressl/man/man3/EVP_PKEY_meth_set_decrypt.3
-libressl/man/man3/EVP_PKEY_meth_set_derive.3
-libressl/man/man3/EVP_PKEY_meth_set_encrypt.3
-libressl/man/man3/EVP_PKEY_meth_set_init.3
-libressl/man/man3/EVP_PKEY_meth_set_keygen.3
-libressl/man/man3/EVP_PKEY_meth_set_param_check.3
-libressl/man/man3/EVP_PKEY_meth_set_paramgen.3
-libressl/man/man3/EVP_PKEY_meth_set_public_check.3
-libressl/man/man3/EVP_PKEY_meth_set_sign.3
-libressl/man/man3/EVP_PKEY_meth_set_signctx.3
-libressl/man/man3/EVP_PKEY_meth_set_verify.3
-libressl/man/man3/EVP_PKEY_meth_set_verify_recover.3
-libressl/man/man3/EVP_PKEY_meth_set_verifyctx.3
libressl/man/man3/EVP_PKEY_missing_parameters.3
libressl/man/man3/EVP_PKEY_new.3
libressl/man/man3/EVP_PKEY_new_CMAC_key.3
libressl/man/man3/EVP_PKEY_new_mac_key.3
libressl/man/man3/EVP_PKEY_new_raw_private_key.3
libressl/man/man3/EVP_PKEY_new_raw_public_key.3
-libressl/man/man3/EVP_PKEY_param_check.3
libressl/man/man3/EVP_PKEY_paramgen.3
libressl/man/man3/EVP_PKEY_paramgen_init.3
libressl/man/man3/EVP_PKEY_print_params.3
libressl/man/man3/EVP_PKEY_print_private.3
libressl/man/man3/EVP_PKEY_print_public.3
-libressl/man/man3/EVP_PKEY_public_check.3
libressl/man/man3/EVP_PKEY_security_bits.3
libressl/man/man3/EVP_PKEY_set1_DH.3
libressl/man/man3/EVP_PKEY_set1_DSA.3
@@ -1854,6 +1804,13 @@ libressl/man/man3/RAND_seed.3
libressl/man/man3/RAND_set_rand_method.3
libressl/man/man3/RAND_status.3
libressl/man/man3/RAND_write_file.3
+libressl/man/man3/RC2_cbc_encrypt.3
+libressl/man/man3/RC2_cfb64_encrypt.3
+libressl/man/man3/RC2_decrypt.3
+libressl/man/man3/RC2_ecb_encrypt.3
+libressl/man/man3/RC2_encrypt.3
+libressl/man/man3/RC2_ofb64_encrypt.3
+libressl/man/man3/RC2_set_key.3
libressl/man/man3/RC4.3
libressl/man/man3/RC4_set_key.3
libressl/man/man3/RIPEMD160.3
@@ -2458,9 +2415,12 @@ libressl/man/man3/X509V3_EXT_get.3
libressl/man/man3/X509V3_EXT_get_nid.3
libressl/man/man3/X509V3_EXT_i2d.3
libressl/man/man3/X509V3_EXT_print.3
+libressl/man/man3/X509V3_EXT_print_fp.3
libressl/man/man3/X509V3_add1_i2d.3
+libressl/man/man3/X509V3_conf_free.3
libressl/man/man3/X509V3_extensions_print.3
libressl/man/man3/X509V3_get_d2i.3
+libressl/man/man3/X509V3_parse_list.3
libressl/man/man3/X509_ALGOR_cmp.3
libressl/man/man3/X509_ALGOR_dup.3
libressl/man/man3/X509_ALGOR_free.3
@@ -2582,12 +2542,10 @@ libressl/man/man3/X509_NAME_hash.3
libressl/man/man3/X509_NAME_hash_old.3
libressl/man/man3/X509_NAME_new.3
libressl/man/man3/X509_NAME_oneline.3
-libressl/man/man3/X509_NAME_print.3
libressl/man/man3/X509_NAME_print_ex.3
libressl/man/man3/X509_NAME_print_ex_fp.3
libressl/man/man3/X509_NAME_set.3
libressl/man/man3/X509_OBJECT_free.3
-libressl/man/man3/X509_OBJECT_free_contents.3
libressl/man/man3/X509_OBJECT_get0_X509.3
libressl/man/man3/X509_OBJECT_get0_X509_CRL.3
libressl/man/man3/X509_OBJECT_get_type.3
@@ -2595,7 +2553,6 @@ libressl/man/man3/X509_OBJECT_idx_by_sub
libressl/man/man3/X509_OBJECT_new.3
libressl/man/man3/X509_OBJECT_retrieve_by_subject.3
libressl/man/man3/X509_OBJECT_retrieve_match.3
-libressl/man/man3/X509_OBJECT_up_ref_count.3
libressl/man/man3/X509_PKEY_free.3
libressl/man/man3/X509_PKEY_new.3
libressl/man/man3/X509_PUBKEY_free.3
@@ -2892,6 +2849,7 @@ libressl/man/man3/X509_signature_print.3
libressl/man/man3/X509_subject_name_cmp.3
libressl/man/man3/X509_subject_name_hash.3
libressl/man/man3/X509_subject_name_hash_old.3
+libressl/man/man3/X509_supported_extension.3
libressl/man/man3/X509_time_adj.3
libressl/man/man3/X509_time_adj_ex.3
libressl/man/man3/X509_to_X509_REQ.3
@@ -2930,6 +2888,9 @@ libressl/man/man3/a2d_ASN1_OBJECT.3
libressl/man/man3/a2i_ASN1_ENUMERATED.3
libressl/man/man3/a2i_ASN1_INTEGER.3
libressl/man/man3/a2i_ASN1_STRING.3
+libressl/man/man3/a2i_IPADDRESS.3
+libressl/man/man3/a2i_IPADDRESS_NC.3
+libressl/man/man3/a2i_ipadd.3
libressl/man/man3/bio_info_cb.3
libressl/man/man3/bn_add_words.3
libressl/man/man3/bn_div_words.3
@@ -3326,6 +3287,7 @@ libressl/man/man3/i2s_ASN1_ENUMERATED_TA
libressl/man/man3/i2s_ASN1_INTEGER.3
libressl/man/man3/i2s_ASN1_OCTET_STRING.3
libressl/man/man3/i2t_ASN1_OBJECT.3
+libressl/man/man3/i2v_ASN1_BIT_STRING.3
libressl/man/man3/lh_delete.3
libressl/man/man3/lh_doall.3
libressl/man/man3/lh_doall_arg.3
@@ -3430,6 +3392,7 @@ libressl/man/man3/tls_init.3
libressl/man/man3/tls_load_file.3
libressl/man/man3/tls_ocsp_process_response.3
libressl/man/man3/tls_peer_cert_chain_pem.3
+libressl/man/man3/tls_peer_cert_common_name.3
libressl/man/man3/tls_peer_cert_contains_name.3
libressl/man/man3/tls_peer_cert_hash.3
libressl/man/man3/tls_peer_cert_issuer.3
@@ -3450,6 +3413,7 @@ libressl/man/man3/tls_reset.3
libressl/man/man3/tls_server.3
libressl/man/man3/tls_unload_file.3
libressl/man/man3/tls_write.3
+libressl/man/man3/v2i_ASN1_BIT_STRING.3
libressl/man/man3/verify_callback.3
libressl/man/man3/x509_verify.3
libressl/man/man3/x509_verify_ctx_chain.3
@@ -3468,3 +3432,4 @@ libressl/man/man8/ocspcheck.8
libressl/share/examples/libressl/cert.pem
libressl/share/examples/libressl/openssl.cnf
libressl/share/examples/libressl/x509v3.cnf
+@pkgdir lib
Index: pkgsrc/security/libressl/distinfo
diff -u pkgsrc/security/libressl/distinfo:1.14 pkgsrc/security/libressl/distinfo:1.15
--- pkgsrc/security/libressl/distinfo:1.14 Wed Oct 30 12:50:23 2024
+++ pkgsrc/security/libressl/distinfo Tue May 13 13:17:05 2025
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.14 2024/10/30 12:50:23 adam Exp $
+$NetBSD: distinfo,v 1.15 2025/05/13 13:17:05 schmonz Exp $
-BLAKE2s (libressl-4.0.0.tar.gz) = 03c5d80db25f498ec5fdb2b30e0e3b3ac062cbbeaf18eb3d7378afa5177f0e8b
-SHA512 (libressl-4.0.0.tar.gz) = b5ec6d1f4e3842ecb487f9a67d86db658d05cbe8cd3fcba61172affa8c65c5d0823aa244065a7233f06c669d04a5a36517c02a2d99d2f2da3c4df729ac243b37
-Size (libressl-4.0.0.tar.gz) = 4259615 bytes
+BLAKE2s (libressl-4.1.0.tar.gz) = 1378a731a5a647ba8d6e2d33987762d1ec6cc3c548860dc1456070975ba0f34e
+SHA512 (libressl-4.1.0.tar.gz) = ee2cdcd2c0c68cf86e63d83af4d08f82433adeae3ea9d42928d564e18bd7f2d73cbe8fa925993fb532d01fb22fd82c185bf9a512fbdad629fa10b1fff79f2d99
+Size (libressl-4.1.0.tar.gz) = 9198928 bytes
SHA1 (patch-configure) = ea5d34736afbb126254e7cbb4b44915b1484b4c9
Home |
Main Index |
Thread Index |
Old Index