CVS commit: pkgsrc/security/openssl

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/openssl
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Tue, 7 Apr 2026 18:37:35 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Tue Apr  7 18:37:35 UTC 2026

Modified Files:
        pkgsrc/security/openssl: Makefile PLIST distinfo
Removed Files:
        pkgsrc/security/openssl/patches: patch-crypto_initthread.c

Log Message:
openssl: update to 3.6.2.

OpenSSL 3.6.2 is a security patch release. The most severe CVE fixed in this
release is Medium.

This release incorporates the following bug fixes and mitigations:

  * Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
    ([CVE-2026-31790])

  * Fixed loss of key agreement group tuple structure when the `DEFAULT` keyword
    is used in the server-side configuration of the key-agreement group list.
    ([CVE-2026-2673])

  * Fixed out-of-bounds read in AES-CFB-128 on x86-64 CPUs with AVX-512 support.
    ([CVE-2026-28386])

  * Fixed potential use-after-free in DANE client code.
    ([CVE-2026-28387])

  * Fixed NULL pointer dereference when processing a delta CRL.
    ([CVE-2026-28388])

  * Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
    ([CVE-2026-28389])

  * Fixed possible NULL dereference when processing CMS
    KeyTransportRecipientInfo.
    ([CVE-2026-28390])

  * Fixed heap buffer overflow in hexadecimal conversion.
    ([CVE-2026-31789])


To generate a diff of this commit:
cvs rdiff -u -r1.316 -r1.317 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.25 -r1.26 pkgsrc/security/openssl/PLIST
cvs rdiff -u -r1.187 -r1.188 pkgsrc/security/openssl/distinfo
cvs rdiff -u -r1.1 -r0 \
    pkgsrc/security/openssl/patches/patch-crypto_initthread.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/openssl/Makefile
diff -u pkgsrc/security/openssl/Makefile:1.316 pkgsrc/security/openssl/Makefile:1.317
--- pkgsrc/security/openssl/Makefile:1.316      Wed Jan 28 07:38:55 2026
+++ pkgsrc/security/openssl/Makefile    Tue Apr  7 18:37:35 2026
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.316 2026/01/28 07:38:55 adam Exp $
+# $NetBSD: Makefile,v 1.317 2026/04/07 18:37:35 wiz Exp $
 
 # Remember to upload-distfiles when updating OpenSSL -- otherwise it
 # is not possible for users who have bootstrapped without OpenSSL
 # to install it and enable HTTPS fetching.
-DISTNAME=      openssl-3.6.1
+DISTNAME=      openssl-3.6.2
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=openssl/}
 GITHUB_RELEASE=        ${DISTNAME}

Index: pkgsrc/security/openssl/PLIST
diff -u pkgsrc/security/openssl/PLIST:1.25 pkgsrc/security/openssl/PLIST:1.26
--- pkgsrc/security/openssl/PLIST:1.25  Wed Jan 28 07:38:55 2026
+++ pkgsrc/security/openssl/PLIST       Tue Apr  7 18:37:35 2026
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.25 2026/01/28 07:38:55 adam Exp $
+@comment $NetBSD: PLIST,v 1.26 2026/04/07 18:37:35 wiz Exp $
 bin/c_rehash
 bin/openssl
 include/openssl/aes.h
@@ -5248,6 +5248,8 @@ man/man3/USERNOTICE_free.3
 man/man3/USERNOTICE_new.3
 man/man3/X509V3_EXT_d2i.3
 man/man3/X509V3_EXT_i2d.3
+man/man3/X509V3_EXT_print.3
+man/man3/X509V3_EXT_print_fp.3
 man/man3/X509V3_add1_i2d.3
 man/man3/X509V3_get_d2i.3
 man/man3/X509V3_set_ctx.3

Index: pkgsrc/security/openssl/distinfo
diff -u pkgsrc/security/openssl/distinfo:1.187 pkgsrc/security/openssl/distinfo:1.188
--- pkgsrc/security/openssl/distinfo:1.187      Wed Jan 28 18:14:41 2026
+++ pkgsrc/security/openssl/distinfo    Tue Apr  7 18:37:35 2026
@@ -1,8 +1,7 @@
-$NetBSD: distinfo,v 1.187 2026/01/28 18:14:41 adam Exp $
+$NetBSD: distinfo,v 1.188 2026/04/07 18:37:35 wiz Exp $
 
-BLAKE2s (openssl-3.6.1.tar.gz) = bb303701bf6c4046902a09385d545a99446ea3a271a8d5193e5c635839b49a8d
-SHA512 (openssl-3.6.1.tar.gz) = 492cd2e0a7506e085d9840a929ead994390409a35c24e47e0cf44987920711b61f1513f21b7eee50e56f226b26cd654cda6dbd1f6e439563a93a8f0e530fefb5
-Size (openssl-3.6.1.tar.gz) = 54891951 bytes
+BLAKE2s (openssl-3.6.2.tar.gz) = a66d68bf51f8c83fead828c4a8e91e73f77ebe16513d8d579b1b5646454ab358
+SHA512 (openssl-3.6.2.tar.gz) = 46549ed4d6b0160adfa3e1406bc16f3083a7f3c85bdda289c1dbebd0db91433c39855dae765787ec68157faffba4cdb05a0600af4652e3e35da939e0bad8ef1e
+Size (openssl-3.6.2.tar.gz) = 54913556 bytes
 SHA1 (patch-Configurations_unix-Makefile.tmpl) = ea9b0a0c8de810362813d84a4f85c5ebdedf9fc6
-SHA1 (patch-crypto_initthread.c) = 78fb9370db592068258c0477a9779eb06f8c77d9
 SHA1 (patch-util_perl_OpenSSL_config.pm) = 3ba3c23046bf69c7d348b4c1c8c8269d83cfa2b4

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index