Received: by mail.netbsd.org (Postfix, from userid 605)
	id CF73B84D7B; Fri, 24 Nov 2017 20:34:24 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 58B1F84D73
	for <pkgsrc-changes@NetBSD.org>; Fri, 24 Nov 2017 20:34:24 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id aR8iK_gaRdaA for <pkgsrc-changes@netbsd.org>;
	Fri, 24 Nov 2017 20:34:23 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id 796C284D6E
	for <pkgsrc-changes@NetBSD.org>; Fri, 24 Nov 2017 20:34:23 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 73EE9FB40; Fri, 24 Nov 2017 20:34:23 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1511555663276890"
MIME-Version: 1.0
Date: Fri, 24 Nov 2017 20:34:23 +0000
From: "Benny Siegert" <bsiegert@netbsd.org>
Subject: CVS commit: pkgsrc/security/openssl
To: pkgsrc-changes@NetBSD.org
Reply-To: bsiegert@netbsd.org
X-Mailer: log_accum
Message-Id: <20171124203423.73EE9FB40@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1511555663276890
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	bsiegert
Date:		Fri Nov 24 20:34:23 UTC 2017

Modified Files:
	pkgsrc/security/openssl: Makefile PLIST.common distinfo
Removed Files:
	pkgsrc/security/openssl/patches: patch-crypto_x509v3_v3_addr.c

Log Message:
Update openssl to 1.0.2m.

This is a recommended security update.

Changes between 1.0.2l and 1.0.2m [2 Nov 2017]

 *) bn_sqrx8x_internal carry bug on x86_64

    There is a carry propagating bug in the x86_64 Montgomery squaring
    procedure. No EC algorithms are affected. Analysis suggests that attacks
    against RSA and DSA as a result of this defect would be very difficult to
    perform and are not believed likely. Attacks against DH are considered just
    feasible (although very difficult) because most of the work necessary to
    deduce information about a private key may be performed offline. The amount
    of resources required for such an attack would be very significant and
    likely only accessible to a limited number of attackers. An attacker would
    additionally need online access to an unpatched system using the target
    private key in a scenario with persistent DH parameters and a private
    key that is shared between multiple clients.

    This only affects processors that support the BMI1, BMI2 and ADX extensions
    like Intel Broadwell (5th generation) and later or AMD Ryzen.

    This issue was reported to OpenSSL by the OSS-Fuzz project.
    (CVE-2017-3736)
    [Andy Polyakov]

 *) Malformed X.509 IPAddressFamily could cause OOB read

    If an X.509 certificate has a malformed IPAddressFamily extension,
    OpenSSL could do a one-byte buffer overread. The most likely result
    would be an erroneous display of the certificate in text format.

    This issue was reported to OpenSSL by the OSS-Fuzz project.
    (CVE-2017-3735)
    [Rich Salz]

Changes between 1.0.2k and 1.0.2l [25 May 2017]

 *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
    platform rather than 'mingw'.
    [Richard Levitte]


To generate a diff of this commit:
cvs rdiff -u -r1.232 -r1.233 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.30 -r1.31 pkgsrc/security/openssl/PLIST.common
cvs rdiff -u -r1.128 -r1.129 pkgsrc/security/openssl/distinfo
cvs rdiff -u -r1.1 -r0 \
    pkgsrc/security/openssl/patches/patch-crypto_x509v3_v3_addr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1511555663276890
Content-Disposition: inline
Content-Length: 8439
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/security/openssl/Makefile
diff -u pkgsrc/security/openssl/Makefile:1.232 pkgsrc/security/openssl/Makefile:1.233
--- pkgsrc/security/openssl/Makefile:1.232	Fri Sep 22 21:02:43 2017
+++ pkgsrc/security/openssl/Makefile	Fri Nov 24 20:34:23 2017
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.232 2017/09/22 21:02:43 tez Exp $
+# $NetBSD: Makefile,v 1.233 2017/11/24 20:34:23 bsiegert Exp $
 
-DISTNAME=	openssl-1.0.2k
-PKGREVISION=	1
+DISTNAME=	openssl-1.0.2m
 CATEGORIES=	security
 MASTER_SITES=	https://www.openssl.org/source/
 

Index: pkgsrc/security/openssl/PLIST.common
diff -u pkgsrc/security/openssl/PLIST.common:1.30 pkgsrc/security/openssl/PLIST.common:1.31
--- pkgsrc/security/openssl/PLIST.common:1.30	Thu Sep 22 12:28:55 2016
+++ pkgsrc/security/openssl/PLIST.common	Fri Nov 24 20:34:23 2017
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST.common,v 1.30 2016/09/22 12:28:55 jperkin Exp $
+@comment $NetBSD: PLIST.common,v 1.31 2017/11/24 20:34:23 bsiegert Exp $
 bin/c_rehash
 bin/openssl
 include/openssl/aes.h
@@ -122,6 +122,48 @@ man/man1/openssl_md5.1
 man/man1/openssl_mdc2.1
 man/man1/openssl_nseq.1
 man/man1/openssl_ocsp.1
+man/man1/openssl_openssl-asn1parse.1
+man/man1/openssl_openssl-ca.1
+man/man1/openssl_openssl-ciphers.1
+man/man1/openssl_openssl-cms.1
+man/man1/openssl_openssl-crl.1
+man/man1/openssl_openssl-crl2pkcs7.1
+man/man1/openssl_openssl-dgst.1
+man/man1/openssl_openssl-dhparam.1
+man/man1/openssl_openssl-dsa.1
+man/man1/openssl_openssl-dsaparam.1
+man/man1/openssl_openssl-ec.1
+man/man1/openssl_openssl-ecparam.1
+man/man1/openssl_openssl-enc.1
+man/man1/openssl_openssl-errstr.1
+man/man1/openssl_openssl-gendsa.1
+man/man1/openssl_openssl-genpkey.1
+man/man1/openssl_openssl-genrsa.1
+man/man1/openssl_openssl-nseq.1
+man/man1/openssl_openssl-ocsp.1
+man/man1/openssl_openssl-passwd.1
+man/man1/openssl_openssl-pkcs12.1
+man/man1/openssl_openssl-pkcs7.1
+man/man1/openssl_openssl-pkcs8.1
+man/man1/openssl_openssl-pkey.1
+man/man1/openssl_openssl-pkeyparam.1
+man/man1/openssl_openssl-pkeyutl.1
+man/man1/openssl_openssl-rand.1
+man/man1/openssl_openssl-req.1
+man/man1/openssl_openssl-rsa.1
+man/man1/openssl_openssl-rsautl.1
+man/man1/openssl_openssl-s_client.1
+man/man1/openssl_openssl-s_server.1
+man/man1/openssl_openssl-s_time.1
+man/man1/openssl_openssl-sess_id.1
+man/man1/openssl_openssl-smime.1
+man/man1/openssl_openssl-speed.1
+man/man1/openssl_openssl-spkac.1
+man/man1/openssl_openssl-ts.1
+man/man1/openssl_openssl-tsget.1
+man/man1/openssl_openssl-verify.1
+man/man1/openssl_openssl-version.1
+man/man1/openssl_openssl-x509.1
 man/man1/openssl_passwd.1
 man/man1/openssl_pkcs12.1
 man/man1/openssl_pkcs7.1
@@ -814,6 +856,7 @@ man/man3/EVP_PKEY_CTX_set_rsa_padding.3
 man/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3
 man/man3/EVP_PKEY_CTX_set_rsa_rsa_keygen_bits.3
 man/man3/EVP_PKEY_CTX_set_signature_md.3
+man/man3/EVP_PKEY_METHOD.3
 man/man3/EVP_PKEY_assign_DH.3
 man/man3/EVP_PKEY_assign_DSA.3
 man/man3/EVP_PKEY_assign_EC_KEY.3
@@ -837,6 +880,39 @@ man/man3/EVP_PKEY_get_default_digest.3
 man/man3/EVP_PKEY_get_default_digest_nid.3
 man/man3/EVP_PKEY_keygen.3
 man/man3/EVP_PKEY_keygen_init.3
+man/man3/EVP_PKEY_meth_add0.3
+man/man3/EVP_PKEY_meth_copy.3
+man/man3/EVP_PKEY_meth_find.3
+man/man3/EVP_PKEY_meth_free.3
+man/man3/EVP_PKEY_meth_get_cleanup.3
+man/man3/EVP_PKEY_meth_get_copy.3
+man/man3/EVP_PKEY_meth_get_ctrl.3
+man/man3/EVP_PKEY_meth_get_decrypt.3
+man/man3/EVP_PKEY_meth_get_derive.3
+man/man3/EVP_PKEY_meth_get_encrypt.3
+man/man3/EVP_PKEY_meth_get_init.3
+man/man3/EVP_PKEY_meth_get_keygen.3
+man/man3/EVP_PKEY_meth_get_paramgen.3
+man/man3/EVP_PKEY_meth_get_sign.3
+man/man3/EVP_PKEY_meth_get_signctx.3
+man/man3/EVP_PKEY_meth_get_verify.3
+man/man3/EVP_PKEY_meth_get_verify_recover.3
+man/man3/EVP_PKEY_meth_get_verifyctx.3
+man/man3/EVP_PKEY_meth_new.3
+man/man3/EVP_PKEY_meth_set_cleanup.3
+man/man3/EVP_PKEY_meth_set_copy.3
+man/man3/EVP_PKEY_meth_set_ctrl.3
+man/man3/EVP_PKEY_meth_set_decrypt.3
+man/man3/EVP_PKEY_meth_set_derive.3
+man/man3/EVP_PKEY_meth_set_encrypt.3
+man/man3/EVP_PKEY_meth_set_init.3
+man/man3/EVP_PKEY_meth_set_keygen.3
+man/man3/EVP_PKEY_meth_set_paramgen.3
+man/man3/EVP_PKEY_meth_set_sign.3
+man/man3/EVP_PKEY_meth_set_signctx.3
+man/man3/EVP_PKEY_meth_set_verify.3
+man/man3/EVP_PKEY_meth_set_verify_recover.3
+man/man3/EVP_PKEY_meth_set_verifyctx.3
 man/man3/EVP_PKEY_missing_parameters.3
 man/man3/EVP_PKEY_new.3
 man/man3/EVP_PKEY_paramgen.3
@@ -865,10 +941,14 @@ man/man3/EVP_SignUpdate.3
 man/man3/EVP_VerifyFinal.3
 man/man3/EVP_VerifyInit.3
 man/man3/EVP_VerifyUpdate.3
+man/man3/EVP_aes_128_cbc_hmac_sha1.3
+man/man3/EVP_aes_128_cbc_hmac_sha256.3
 man/man3/EVP_aes_128_ccm.3
 man/man3/EVP_aes_128_gcm.3
 man/man3/EVP_aes_192_ccm.3
 man/man3/EVP_aes_192_gcm.3
+man/man3/EVP_aes_256_cbc_hmac_sha1.3
+man/man3/EVP_aes_256_cbc_hmac_sha256.3
 man/man3/EVP_aes_256_ccm.3
 man/man3/EVP_aes_256_gcm.3
 man/man3/EVP_bf_cbc.3
@@ -918,6 +998,7 @@ man/man3/EVP_rc2_ecb.3
 man/man3/EVP_rc2_ofb.3
 man/man3/EVP_rc4.3
 man/man3/EVP_rc4_40.3
+man/man3/EVP_rc4_hmac_md5.3
 man/man3/EVP_rc5_32_12_16_cbc.3
 man/man3/EVP_rc5_32_12_16_cfb.3
 man/man3/EVP_rc5_32_12_16_ecb.3
@@ -1258,6 +1339,8 @@ man/man3/SSL_CTX_set_session_cache_mode.
 man/man3/SSL_CTX_set_session_id_context.3
 man/man3/SSL_CTX_set_ssl_version.3
 man/man3/SSL_CTX_set_timeout.3
+man/man3/SSL_CTX_set_tlsext_servername_arg.3
+man/man3/SSL_CTX_set_tlsext_servername_callback.3
 man/man3/SSL_CTX_set_tlsext_status_arg.3
 man/man3/SSL_CTX_set_tlsext_status_cb.3
 man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3
@@ -1307,6 +1390,7 @@ man/man3/SSL_clear_options.3
 man/man3/SSL_connect.3
 man/man3/SSL_ctrl.3
 man/man3/SSL_do_handshake.3
+man/man3/SSL_export_keying_material.3
 man/man3/SSL_flush_sessions.3
 man/man3/SSL_free.3
 man/man3/SSL_get0_alpn_selected.3
@@ -1342,6 +1426,8 @@ man/man3/SSL_get_quiet_shutdown.3
 man/man3/SSL_get_rbio.3
 man/man3/SSL_get_read_ahead.3
 man/man3/SSL_get_secure_renegotiation_support.3
+man/man3/SSL_get_servername.3
+man/man3/SSL_get_servername_type.3
 man/man3/SSL_get_session.3
 man/man3/SSL_get_shared_curve.3
 man/man3/SSL_get_shutdown.3
@@ -1494,6 +1580,7 @@ man/man3/X509_NAME_oneline.3
 man/man3/X509_NAME_print.3
 man/man3/X509_NAME_print_ex.3
 man/man3/X509_NAME_print_ex_fp.3
+man/man3/X509_REQ_check_private_key.3
 man/man3/X509_STORE_CTX_cleanup.3
 man/man3/X509_STORE_CTX_free.3
 man/man3/X509_STORE_CTX_get0_param.3
@@ -1537,6 +1624,7 @@ man/man3/X509_check_email.3
 man/man3/X509_check_host.3
 man/man3/X509_check_ip.3
 man/man3/X509_check_ip_asc.3
+man/man3/X509_check_private_key.3
 man/man3/X509_free.3
 man/man3/X509_new.3
 man/man3/X509_verify_cert.3

Index: pkgsrc/security/openssl/distinfo
diff -u pkgsrc/security/openssl/distinfo:1.128 pkgsrc/security/openssl/distinfo:1.129
--- pkgsrc/security/openssl/distinfo:1.128	Fri Sep 22 21:02:43 2017
+++ pkgsrc/security/openssl/distinfo	Fri Nov 24 20:34:23 2017
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.128 2017/09/22 21:02:43 tez Exp $
+$NetBSD: distinfo,v 1.129 2017/11/24 20:34:23 bsiegert Exp $
 
-SHA1 (openssl-1.0.2k.tar.gz) = 5f26a624479c51847ebd2f22bb9f84b3b44dcb44
-RMD160 (openssl-1.0.2k.tar.gz) = 56b70831e49f83987ec14b3878d0d693f9a7d862
-SHA512 (openssl-1.0.2k.tar.gz) = 0d314b42352f4b1df2c40ca1094abc7e9ad684c5c35ea997efdd58204c70f22a1abcb17291820f0fff3769620a4e06906034203d31eb1a4d540df3e0db294016
-Size (openssl-1.0.2k.tar.gz) = 5309236 bytes
+SHA1 (openssl-1.0.2m.tar.gz) = 27fb00641260f97eaa587eb2b80fab3647f6013b
+RMD160 (openssl-1.0.2m.tar.gz) = 353479313ecfee1abdf28170e642fc30a4c71c09
+SHA512 (openssl-1.0.2m.tar.gz) = 7619aa223ee50d0f5e270ac9090e95b2b1ba5dfc656c98f625a9a277dda472fb960a4e89a7ba300044cb401b2072b2ca6a6fcce8206d927bf373d1c981806a93
+Size (openssl-1.0.2m.tar.gz) = 5373776 bytes
 SHA1 (patch-Configure) = 2d963d781314276a0ee1bc531df6bc50f0f6b32b
 SHA1 (patch-Makefile.org) = d2a9295003a8b88718a328b01ff6bcbbc102ec0b
 SHA1 (patch-Makefile.shared) = d317004d6ade167fc3b6e533bb8a1e93657188b2
@@ -11,5 +11,4 @@ SHA1 (patch-apps_Makefile) = 60113291f2a
 SHA1 (patch-config) = 345cadece3bdf0ef0a273a6c9ba6d0cbb1026a31
 SHA1 (patch-crypto_bn_bn__prime.pl) = a516f3709a862d85e659d466e895419b1e0a94c8
 SHA1 (patch-crypto_des_Makefile) = 7a23f9883ff6c93ec0e5d08e1332cc95de8cdba2
-SHA1 (patch-crypto_x509v3_v3_addr.c) = 0782668ce0748b58eda9036ee93fa926e575698b
 SHA1 (patch-tools_Makefile) = 67f0b9b501969382fd89b678c277d32bf5d294bc


--_----------=_1511555663276890--