Index: head/security/libressl/Makefile =================================================================== --- head/security/libressl/Makefile (revision 432996) +++ head/security/libressl/Makefile (revision 432997) @@ -1,45 +1,50 @@ # Created by: Vsevolod Stakhov # $FreeBSD$ PORTNAME= libressl -PORTVERSION= 2.4.4 -PORTREVISION= 1 +PORTVERSION= 2.4.5 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL MAINTAINER= brnrd@FreeBSD.org COMMENT= Free version of the SSL/TLS protocol forked from OpenSSL LICENSE= BSD4CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING CPE_VENDOR= openbsd OPTIONS_DEFINE= MAN3 NC OPTIONS_DEFAULT= MAN3 NC MAN3_DESC= Install API manpages (section 3) NC_DESC= Install TLS-enabled netcat CONFLICTS_INSTALL= libressl-devel-[0-9]* \ openssl-[0-9]* \ openssl-devel-[0-9]* MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-MAN3 GNU_CONFIGURE= yes USES= cpe libtool pathfix pkgconfig USE_LDCONFIG= yes OPTIONS_SUB= yes CFLAGS+= -fpic -DPIC INSTALL_TARGET= install-strip TEST_TARGET= check +.include + +#.if ${OSVERSION} > 1100037 +#CONFIGURE_ENV= HAVE_EXPLICIT_BZERO=yes +#.endif + post-install: ${RM} -r ${STAGEDIR}/${PREFIX}/etc/ssl/cert.pem post-install-NC-on: ${INSTALL_PROGRAM} ${WRKSRC}/apps/nc/.libs/nc ${STAGEDIR}/${PREFIX}/bin/nc ${INSTALL_MAN} ${WRKSRC}/apps/nc/nc.1 ${STAGEDIR}/${PREFIX}/man/man1/nc.1 -.include +.include Index: head/security/libressl/distinfo =================================================================== --- head/security/libressl/distinfo (revision 432996) +++ head/security/libressl/distinfo (revision 432997) @@ -1,3 +1,3 @@ -TIMESTAMP = 1479221712 -SHA256 (libressl-2.4.4.tar.gz) = 6fcfaf6934733ea1dcb2f6a4d459d9600e2f488793e51c2daf49b70518eebfd1 -SIZE (libressl-2.4.4.tar.gz) = 3014463 +TIMESTAMP = 1485938351 +SHA256 (libressl-2.4.5.tar.gz) = d300c4e358aee951af6dfd1684ef0c034758b47171544230f3ccf6ce24fe4347 +SIZE (libressl-2.4.5.tar.gz) = 3016462 Index: head/security/libressl/files/patch-CVE-2016-7056 =================================================================== --- head/security/libressl/files/patch-CVE-2016-7056 (revision 432996) +++ head/security/libressl/files/patch-CVE-2016-7056 (nonexistent) @@ -1,35 +0,0 @@ -untrusted comment: signature from openbsd 6.0 base secret key -RWSho3oKSqgLQ55BCxFoKK3pckJBYNZ3l6vujvan4SYLtXvRIsH6PNnmu7Xu18ILyYPxIQnYmCf1ux+IeoD8vzKfEeoCb+UVdQg= - -OpenBSD 6.0 errata 16, Jan 5, 2017: - -Avoid possible side-channel leak of ECDSA private keys when signing. - -Apply by doing: - signify -Vep /etc/signify/openbsd-60-base.pub -x 016_libcrypto.patch.sig \ - -m - | (cd /usr/src && patch -p0) - -And then rebuild and install libcrypto: - cd /usr/src/lib/libcrypto - make obj - make depend - make - make install - -Index: lib/libssl/src/crypto/ecdsa/ecs_ossl.c -=================================================================== -RCS file: /cvs/src/lib/libssl/src/crypto/ecdsa/Attic/ecs_ossl.c,v -retrieving revision 1.6 -retrieving revision 1.6.8.1 -diff -u -p -r1.6 -r1.6.8.1 ---- crypto/ecdsa/ecs_ossl.c 8 Feb 2015 13:35:07 -0000 1.6 -+++ crypto/ecdsa/ecs_ossl.c 5 Jan 2017 13:28:48 -0000 1.6.8.1 -@@ -141,6 +141,8 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX * - if (BN_num_bits(k) <= BN_num_bits(order)) - if (!BN_add(k, k, order)) - goto err; -+ -+ BN_set_flags(k, BN_FLG_CONSTTIME); - - /* compute r the x-coordinate of generator * k */ - if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { Property changes on: head/security/libressl/files/patch-CVE-2016-7056 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property