D5116.diff
No OneTemporary
Actions

Size

10 KB

Referenced Files

None

Subscribers

None

D5116.diff
View Options

	Index: head/Mk/bsd.openssl.mk
	===================================================================
	--- head/Mk/bsd.openssl.mk
	+++ head/Mk/bsd.openssl.mk
	@@ -109,7 +109,7 @@
	.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl
	OPENSSL_SHLIBVER?= 35
	.elif defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl-devel
	-OPENSSL_SHLIBVER?= 36
	+OPENSSL_SHLIBVER?= 37
	.endif

	# default
	Index: head/security/libressl-devel/Makefile
	===================================================================
	--- head/security/libressl-devel/Makefile
	+++ head/security/libressl-devel/Makefile
	@@ -2,8 +2,7 @@
	# $FreeBSD$

	PORTNAME= libressl
	-PORTVERSION= 2.3.1
	-PORTREVISIION= 1
	+PORTVERSION= 2.3.2
	CATEGORIES= security devel
	MASTER_SITES= OPENBSD/LibreSSL
	PKGNAMESUFFIX= -devel
	@@ -25,7 +24,6 @@
	libressl-[0-9]*

	GNU_CONFIGURE= yes
	-CONFIGURE_ARGS= --enable-silent-rules
	USES= cpe libtool pathfix pkgconfig
	USE_LDCONFIG= yes
	OPTIONS_SUB= yes
	@@ -41,4 +39,7 @@
	${RM} -rf ${STAGEDIR}/${PREFIX}/man/man3
	${REINPLACE_CMD} -e '/^man\/man3/d' ${TMPPLIST}

	+post-install:
	+ ${RM} -rf ${STAGEDIR}/${PREFIX}/etc/ssl/cert.pem
	+
	.include <bsd.port.mk>
	Index: head/security/libressl-devel/distinfo
	===================================================================
	--- head/security/libressl-devel/distinfo
	+++ head/security/libressl-devel/distinfo
	@@ -1,2 +1,2 @@
	-SHA256 (libressl-2.3.1.tar.gz) = 410b58db4ebbcab43c3357612e591094f64fb9339269caa2e68728e36f8d589e
	-SIZE (libressl-2.3.1.tar.gz) = 3014881
	+SHA256 (libressl-2.3.2.tar.gz) = 80f45fae4859f161b1980cad846d4217417d0c89006ad29c0ea8c88da564a96a
	+SIZE (libressl-2.3.2.tar.gz) = 3063638
	Index: head/security/libressl-devel/files/patch-crypto_asn1_tasn__dec.c
	===================================================================
	--- head/security/libressl-devel/files/patch-crypto_asn1_tasn__dec.c
	+++ head/security/libressl-devel/files/patch-crypto_asn1_tasn__dec.c
	@@ -1,49 +0,0 @@
	-From 9900c16beb14eb3bfc8f4d8c6191e6e1a271c861 Mon Sep 17 00:00:00 2001
	-From: beck <>
	-Date: Fri, 4 Dec 2015 04:19:25 +0000
	-Subject: [PATCH] Fix for OpenSSL CVE-2015-3195 ok djm@ jsing@
	-
	----
	- src/lib/libssl/src/crypto/asn1/tasn_dec.c \| 11 ++++++++---
	- 1 file changed, 8 insertions(+), 3 deletions(-)
	-
	-diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
	-index e50ec0a..0a6eaf2 100644
	---- crypto/asn1/tasn_dec.c
	-+++ crypto/asn1/tasn_dec.c
	-@@ -1,4 +1,4 @@
	--/* $OpenBSD: tasn_dec.c,v 1.26 2015/03/19 14:00:22 tedu Exp $ */
	-+/* $OpenBSD: tasn_dec.c,v 1.27 2015/07/20 15:41:48 miod Exp $ */
	- /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
	- * project 2000.
	- */
	-@@ -166,6 +166,10 @@ ASN1_item_ex_d2i(ASN1_VALUE pval, const unsigned char in, long len,
	- int otag;
	- int ret = 0;
	- ASN1_VALUE **pchptr;
	-+ int combine;
	-+
	-+ combine = aclass & ASN1_TFLG_COMBINE;
	-+ aclass &= ~ASN1_TFLG_COMBINE;
	-
	- if (!pval)
	- return 0;
	-@@ -447,7 +451,8 @@ ASN1_item_ex_d2i(ASN1_VALUE pval, const unsigned char in, long len,
	- auxerr:
	- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
	- err:
	-- ASN1_item_ex_free(pval, it);
	-+ if (combine == 0)
	-+ ASN1_item_ex_free(pval, it);
	- if (errtt)
	- ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name,
	- it->sname);
	-@@ -642,7 +647,7 @@ asn1_template_noexp_d2i(ASN1_VALUE val, const unsigned char in, long len,
	- } else {
	- /* Nothing special */
	- ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
	-- -1, 0, opt, ctx);
	-+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
	- if (!ret) {
	- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
	- ERR_R_NESTED_ASN1_ERROR);
	Index: head/security/libressl-devel/files/patch-crypto_rsa_rsa__ameth.c
	===================================================================
	--- head/security/libressl-devel/files/patch-crypto_rsa_rsa__ameth.c
	+++ head/security/libressl-devel/files/patch-crypto_rsa_rsa__ameth.c
	@@ -1,35 +0,0 @@
	-untrusted comment: signature from openbsd 5.8 base secret key
	-RWQNNZXtC/MqP8u13/pPZfTpPeHhU93PG0DBihXvQ7lB0CvONLwoTfHr9f40s515bidPGcGLAH4xu+yz3skT6b3tKETEWZw8BgA=
	-
	-OpenBSD 5.8 errata 9, Dec 3, 2015:
	-
	-CVE-2015-3194 - NULL pointer dereference in client certificate validation
	-
	-Apply by doing:
	- signify -Vep /etc/signify/openbsd-58-base.pub -x 009_clientcert.patch.sig \
	- -m - \| (cd /usr/src && patch -p0)
	-
	-And then rebuild and install libcrypto:
	- cd /usr/src/lib/libcrypto
	- make obj
	- make depend
	- make
	- make install
	-
	-Index: crypto/rsa/rsa_ameth.c
	-===================================================================
	-RCS file: /cvs/src/lib/libssl/src/crypto/rsa/rsa_ameth.c,v
	-retrieving revision 1.14
	-retrieving revision 1.14.6.1
	-diff -u -p -u -p -r1.14 -r1.14.6.1
	---- crypto/rsa/rsa_ameth.c 11 Feb 2015 04:05:14 -0000 1.14
	-+++ crypto/rsa/rsa_ameth.c 4 Dec 2015 04:13:43 -0000 1.14.6.1
	-@@ -298,7 +298,7 @@ rsa_pss_decode(const X509_ALGOR *alg, X5
	- if (pss->maskGenAlgorithm) {
	- ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
	- if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
	-- param->type == V_ASN1_SEQUENCE) {
	-+ param && param->type == V_ASN1_SEQUENCE) {
	- p = param->value.sequence->data;
	- plen = param->value.sequence->length;
	- *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
	Index: head/security/libressl-devel/pkg-plist
	===================================================================
	--- head/security/libressl-devel/pkg-plist
	+++ head/security/libressl-devel/pkg-plist
	@@ -1,6 +1,5 @@
	%%NC%%bin/nc
	bin/openssl
	-etc/ssl/cert.pem
	etc/ssl/openssl.cnf
	etc/ssl/x509v3.cnf
	include/openssl/aes.h
	@@ -76,16 +75,16 @@
	include/tls.h
	lib/libcrypto.a
	lib/libcrypto.so
	-lib/libcrypto.so.36
	-lib/libcrypto.so.36.0.0
	+lib/libcrypto.so.37
	+lib/libcrypto.so.37.0.0
	lib/libssl.a
	lib/libssl.so
	-lib/libssl.so.37
	-lib/libssl.so.37.0.0
	+lib/libssl.so.38
	+lib/libssl.so.38.0.0
	lib/libtls.a
	lib/libtls.so
	-lib/libtls.so.9
	-lib/libtls.so.9.0.0
	+lib/libtls.so.10
	+lib/libtls.so.10.0.0
	libdata/pkgconfig/libcrypto.pc
	libdata/pkgconfig/libssl.pc
	libdata/pkgconfig/libtls.pc
	@@ -360,6 +359,7 @@
	man/man3/BUF_strdup.3.gz
	man/man3/CMS_add0_cert.3.gz
	man/man3/CMS_add1_recipient_cert.3.gz
	+man/man3/CMS_add1_signer.3.gz
	man/man3/CMS_compress.3.gz
	man/man3/CMS_decrypt.3.gz
	man/man3/CMS_encrypt.3.gz
	@@ -369,7 +369,6 @@
	man/man3/CMS_get0_type.3.gz
	man/man3/CMS_get1_ReceiptRequest.3.gz
	man/man3/CMS_sign.3.gz
	-man/man3/CMS_sign_add1_signer.3.gz
	man/man3/CMS_sign_receipt.3.gz
	man/man3/CMS_uncompress.3.gz
	man/man3/CMS_verify.3.gz
	@@ -385,6 +384,8 @@
	man/man3/CRYPTO_THREADID_get_callback.3.gz
	man/man3/CRYPTO_THREADID_hash.3.gz
	man/man3/CRYPTO_THREADID_set_callback.3.gz
	+man/man3/CRYPTO_THREADID_set_numeric.3.gz
	+man/man3/CRYPTO_THREADID_set_pointer.3.gz
	man/man3/CRYPTO_add.3.gz
	man/man3/CRYPTO_add_lock.3.gz
	man/man3/CRYPTO_destroy_dynlockid.3.gz
	@@ -402,6 +403,7 @@
	man/man3/CRYPTO_set_locking_callback.3.gz
	man/man3/CRYPTO_w_lock.3.gz
	man/man3/CRYPTO_w_unlock.3.gz
	+man/man3/DECLARE_LHASH_OF.3.gz
	man/man3/DES_cbc_cksum.3.gz
	man/man3/DES_cfb64_encrypt.3.gz
	man/man3/DES_cfb_encrypt.3.gz
	@@ -647,7 +649,14 @@
	man/man3/ERR_remove_thread_state.3.gz
	man/man3/ERR_set_mark.3.gz
	man/man3/EVP_BytesToKey.3.gz
	+man/man3/EVP_AEAD_CTX_cleanup.3.gz
	man/man3/EVP_AEAD_CTX_init.3.gz
	+man/man3/EVP_AEAD_CTX_open.3.gz
	+man/man3/EVP_AEAD_CTX_seal.3.gz
	+man/man3/EVP_AEAD_key_length.3.gz
	+man/man3/EVP_AEAD_max_overhead.3.gz
	+man/man3/EVP_AEAD_max_tag_len.3.gz
	+man/man3/EVP_AEAD_nonce_length.3.gz
	man/man3/EVP_CIPHER_CTX_block_size.3.gz
	man/man3/EVP_CIPHER_CTX_cipher.3.gz
	man/man3/EVP_CIPHER_CTX_cleanup.3.gz
	@@ -716,7 +725,6 @@
	man/man3/EVP_OpenFinal.3.gz
	man/man3/EVP_OpenInit.3.gz
	man/man3/EVP_OpenUpdate.3.gz
	-man/man3/EVP_PKEVP_PKEY_CTX_set_app_data.3.gz
	man/man3/EVP_PKEY_CTX_ctrl.3.gz
	man/man3/EVP_PKEY_CTX_ctrl_str.3.gz
	man/man3/EVP_PKEY_CTX_dup.3.gz
	@@ -744,7 +752,6 @@
	man/man3/EVP_PKEY_cmp.3.gz
	man/man3/EVP_PKEY_cmp_parameters.3.gz
	man/man3/EVP_PKEY_copy_parameters.3.gz
	-man/man3/EVP_PKEY_ctrl_str.3.gz
	man/man3/EVP_PKEY_decrypt.3.gz
	man/man3/EVP_PKEY_decrypt_init.3.gz
	man/man3/EVP_PKEY_derive.3.gz
	@@ -789,6 +796,10 @@
	man/man3/EVP_VerifyFinal.3.gz
	man/man3/EVP_VerifyInit.3.gz
	man/man3/EVP_VerifyUpdate.3.gz
	+man/man3/EVP_aead_aes_128_gcm.3.gz
	+man/man3/EVP_aead_aes_256_gcm.3.gz
	+man/man3/EVP_aead_chacha20_poly1305.3.gz
	+man/man3/EVP_aead_chacha20_poly1305_ietf.3.gz
	man/man3/EVP_aes_128_ccm.3.gz
	man/man3/EVP_aes_128_gcm.3.gz
	man/man3/EVP_aes_192_ccm.3.gz
	@@ -856,6 +867,10 @@
	man/man3/HMAC_Init.3.gz
	man/man3/HMAC_Update.3.gz
	man/man3/HMAC_cleanup.3.gz
	+man/man3/LHASH_COMP_FN_TYPE.3.gz
	+man/man3/LHASH_DOALL_ARG_FN_TYPE.3.gz
	+man/man3/LHASH_DOALL_FN_TYPE.3.gz
	+man/man3/LHASH_HASH_FN_TYPE.3.gz
	man/man3/MD2.3.gz
	man/man3/MD2_Final.3.gz
	man/man3/MD2_Init.3.gz
	@@ -987,7 +1002,6 @@
	man/man3/RIPEMD160_Final.3.gz
	man/man3/RIPEMD160_Init.3.gz
	man/man3/RIPEMD160_Update.3.gz
	-man/man3/RSA_PKCS1_RSAref.3.gz
	man/man3/RSA_PKCS1_SSLeay.3.gz
	man/man3/RSA_blinding_off.3.gz
	man/man3/RSA_blinding_on.3.gz
	@@ -1088,7 +1102,6 @@
	man/man3/SSL_CTX_sess_set_cache_size.3.gz
	man/man3/SSL_CTX_sess_set_get_cb.3.gz
	man/man3/SSL_CTX_sess_set_new_cb.3.gz
	-man/man3/SSL_CTX_sess_set_remove.3.gz
	man/man3/SSL_CTX_sess_set_remove_cb.3.gz
	man/man3/SSL_CTX_sess_timeouts.3.gz
	man/man3/SSL_CTX_sessions.3.gz
	@@ -1159,7 +1172,6 @@
	man/man3/SSL_get0_session.3.gz
	man/man3/SSL_get1_session.3.gz
	man/man3/SSL_get_SSL_CTX.3.gz
	-man/man3/SSL_get_accept_state.3.gz
	man/man3/SSL_get_cipher.3.gz
	man/man3/SSL_get_cipher_bits.3.gz
	man/man3/SSL_get_cipher_list.3.gz
	@@ -1177,7 +1189,6 @@
	man/man3/SSL_get_info_callback.3.gz
	man/man3/SSL_get_max_cert_list.3.gz
	man/man3/SSL_get_mode.3.gz
	-man/man3/SSL_get_msg_callback_arg.3.gz
	man/man3/SSL_get_options.3.gz
	man/man3/SSL_get_peer_cert_chain.3.gz
	man/man3/SSL_get_peer_certificate.3.gz
	@@ -1369,7 +1380,6 @@
	man/man3/bn_expand.3.gz
	man/man3/bn_expand2.3.gz
	man/man3/bn_fix_top.3.gz
	-man/man3/bn_internal.3.gz
	man/man3/bn_mul_add_words.3.gz
	man/man3/bn_mul_comba4.3.gz
	man/man3/bn_mul_comba8.3.gz
	@@ -1415,7 +1425,6 @@
	man/man3/d2i_ECPKParameters_bio.3.gz
	man/man3/d2i_ECPKParameters_fp.3.gz
	man/man3/d2i_Netscape_RSA.3.gz
	-man/man3/d2i_PKCS8PrivateKey.3.gz
	man/man3/d2i_PKCS8PrivateKey_bio.3.gz
	man/man3/d2i_PKCS8PrivateKey_fp.3.gz
	man/man3/d2i_RSAPrivateKey.3.gz
	@@ -1441,7 +1450,6 @@
	man/man3/dh.3.gz
	man/man3/dsa.3.gz
	man/man3/ec.3.gz
	-man/man3/ecdsa.3.gz
	man/man3/engine.3.gz
	man/man3/evp.3.gz
	man/man3/get_session_cb.3.gz
	@@ -1493,7 +1501,6 @@
	man/man3/lh_retrieve.3.gz
	man/man3/lh_stats.3.gz
	man/man3/lh_stats_bio.3.gz
	-man/man3/lhash.3.gz
	man/man3/mul.3.gz
	man/man3/mul_add.3.gz
	man/man3/new_session_cb.3.gz
	@@ -1554,8 +1561,6 @@
	man/man3/tls_peer_cert_provided.3.gz
	man/man3/tls_peer_cert_subject.3.gz
	man/man3/tmp_rsa_callback.3.gz
	-man/man3/ui.3.gz
	-man/man3/ui_compat.3.gz
	man/man3/verify_callback.3.gz
	man/man3/x509.3.gz
	@dir etc/ssl/certs

File Metadata

Mime Type: text/plain
Expires: Sun, Apr 12, 7:36 PM (8 h, 11 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 31366720
Default Alt Text: D5116.diff (10 KB)

D5116.diffNo OneTemporaryActions

D5116.diffView Options

File Metadata

Event Timeline

D5116.diff
No OneTemporary
Actions

D5116.diff
View Options