Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 40AF684EBB for ; Wed, 8 Nov 2023 14:10:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id R07dSRj04Gw2 for ; Wed, 8 Nov 2023 14:10:21 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 17F2984EB7 for ; Wed, 8 Nov 2023 14:10:21 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 1537BFA2F; Wed, 8 Nov 2023 14:10:21 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_169945262189560" MIME-Version: 1.0 Date: Wed, 8 Nov 2023 14:10:21 +0000 From: "Amitai Schleier" Subject: CVS commit: pkgsrc/security/libretls To: pkgsrc-changes@NetBSD.org Approved: commit_and_comment Reply-To: schmonz@netbsd.org X-Mailer: log_accum Message-Id: <20231108141021.1537BFA2F@cvs.NetBSD.org> This is a multi-part message in MIME format. --_----------=_169945262189560 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: schmonz Date: Wed Nov 8 14:10:20 UTC 2023 Modified Files: pkgsrc/security/libretls: Makefile distinfo pkgsrc/security/libretls/patches: patch-tls.c Log Message: libretls: update to 3.8.1. LibreSSL changes: 3.8.1: * Portable changes - Applications bundled as part of the LibreSSL package internally, nc(1) and openssl(1), now are linked statically if static libraries are built. - Internal compatibility function symbols are no longer exported from libcrypto. Instead, the libcompat library is linked to libcrypto, libssl, and libtls separately. This increases size a little, but ensures that the libraries are not exporting symbols to programs unintentionally. - Selective removal of CET implementation on platforms where it is not supported (macOS). - Integrated four more tests. - Added Windows ARM64 architecture to tested platforms. - Removed Solaris 10 support, fixed Solaris 11. - libtls no longer links statically to libcrypto / libssl unless '--enable-libtls-only' is specified at configure time. - Improved Windows compatibility library, namely handling of files vs sockets, correcting an exception when operating on a closed socket. - CMake builds no longer hardcode '-O2' into the compiler flags, instead using flags from the CMake build type instead. - Set the CMake default build type to 'Release'. This can be overridden during configuration. - Fixed broken ASM support with MinGW builds. * Internal improvements - Fixed alignment handling in SHA-512. - Moved the verified_chain to the correct internal struct. - Improved checks for commonName in libtls. - Fixed error check for X509_get_ext_d2i() failure in libtls. - Improved BIGNUM internals and performance. - Significantly improved Montgomery multiplication performance. - Initial cleanup passes for SHA-256 internals. - Converted more libcrypto internals API using CBB and CBS. - Removed code guarded by #ifdef ZLIB. - Changed ASN1_item_sign_ctx() and ASN1_item_verify() to work with Ed25519 and fixed a few bugs in there. - Fixed various issues with EVP_PKEY_CTX_{new,dup}(). - Improved X.509 certificate version checks. - Cleaned up handling of elliptic curve cofactors. - Made BN_num_bits() independent of bn->top. - Rewrote and simplified bn_sqr(). - Removed EC_GROUP precomp machinery. - Ensure no X.509v3 extensions appear more than once in certificates. - Cleaned up various ECDH, ECDSA and EC internals. - Replaced ASN1_bn_print with a cleaner internal implementation. - Simplified ASN1_item_sign_ctx(). - Rewrote OBJ_find_sigid_algs() and OBJ_find_sigid_by_algs(). - Various improvements in the 'simple' EC code. - Fix OPENSSL_cpuid_setup() invocations on arm/aarch64. - Reduced the dependency of hash implementations on many layers of macros. This results in significant speedups since modern compilers are now less confused. - Significantly simplified the BN_BLINDING internals used in RSA. * New features * Compatibility changes - X509_NAME_get_text_by_{NID,OBJ}() now only succeed if they contain valid UTF-8 without embedded NUL. - Moved libtls from ECDSA_METHOD to EC_KEY_METHOD. - Removed support for ECDH_METHOD and ECDSA_METHOD. - BN_is_prime{,_fasttest}_ex() refuse to check numbers larger than 32 kbits for primality. This mitigates various DoS vectors. - Comp was removed. - Dynamic loading of conf modules is no longer supported. - DSO was removed and OPENSSL_NO_DSO is defined. - ENGINE support was removed and OPENSSL_NO_ENGINE is set. In spite of this, some stub functions are provided to avoid patching some applications that do not honor OPENSSL_NO_ENGINE. - It is no longer possible to make the library use your own error stack or ex_data implementation. * Bug fixes - Fixed aliasing issue in BN_mod_inverse(). - Made CRYPTO_get_ex_new_index() not return 0 to allow applications to use *_{get,set}_app_data() and *_{get,set}_ex_data() alongside each other. - Made EVP_PKEY_set1_hkdf_key() fail on a NULL key. - Plugged leaks in BIO_chain_dup(). - Fixed numerous leaks and other minor bugs in RSA, DH, DSA and EC ASN.1 methods. Unified the coding style. - On socket errors in the poll loop, netcat could issue system calls on invalidated file descriptors. * Documentation improvements - Made it very explicit that the verify callback should not be used. - Called out that the CRL lastUpdate is standardized as thisUpdate. * Testing and Proactive Security - As always, new test coverage is added as bugs are fixed and subsystems are cleaned up. * Security fixes - Disabled TLSv1.0 and TLSv1.1 in libssl so that they may no longer be selected for use. 3.8.0: * Portable changes - Extended the endian.h compat header with hto* and *toh macros. - Adapted more tests to the portable framework. * Internal improvements - Improved sieve of Eratosthenes script used for generating a table of small primes. - Started cleaning up and rewriting SHA internals. - Replace internal use of BN_copy() with bn_copy() for consistency. - Rewrote and improved BN_exp() and BN_copy(). - Add branch target information (BTI) support to arm64 assembly. - Replaced BN_mod_sqrt() with a new implementation. - Removed incomplete and dangerous BN_RECURSION code. - Added endbr64 instructions to amd64 assembly. - Imported RFC 5280 policy checking code from BoringSSL and used it to replace the old exponential time code. - Converted more of libcrypto to use CBB/CBS. - Cleaned up and simplified the code dealing with builtin curves. * New features - Added support for truncated SHA-2 and for SHA-3. - The BPSW primality test performs additional Miller-Rabin rounds with random bases to reduce the likelihood of composites passing. - Allow testing of ciphers and digests using badly aligned buffers in openssl speed. - Added a workaround for a poorly thought-out change in OpenSSL 3 that broke privilege separation support in libtls. * Compatibility changes - Support for GF2m was removed: BIGNUM no longer supports binary extension field arithmetic and all binary elliptic builtin curves were removed. - Removed dangerous, "fast" NIST prime and elliptic curve implementations. In particular, EC_GFp_nist_method() is no longer available. - Removed most public symbols that were deprecated in OpenSSL 0.9.8. - Removed the public X9.31 API (RSA_X931_PADDING is still available). - Removed Cipher Text Stealing mode. - Removed SXNET and NETSCAPE_CERT_SEQUENCE support including the openssl(1) nseq command. - Dropped proxy certificate (RFC 3820) support. - The POLICY_TREE and its related structures and API were removed. - The explicitText user notice uses UTF8String instead of VisibleString to reduce the risk of emitting certificates with invalid DER-encoding. - Initial fixes for RSA-PSS support to make the TLSv1.3 stack more compliant with RFC 8446. * Bug fixes - Correctly handle negative input to various BIGNUM functions. - Ensure ERR_load_ERR_strings() does not set errno unexpectedly. - Fix error checking of i2d_ECDSA_SIG() in ossl_ecdsa_sign(). - Fixed detection of extended operations (XOP) on AMD hardware. - Ensure Montgomery exponentiation is used for the initial RSA blinding. - Policy is always checked in X509 validation. Critical policy extensions are no longer silently ignored. - Fixed error handling in tls_check_common_name(). - Add missing pointer invalidation in SSL_free(). - Fixed X509err() and X509V3err() and their internal versions. - Ensure that OBJ_obj2txt() always returns a C string again. - In X509_VERIFY_PARAM_inherit() copy hostflags independently of the host list. * Documentation improvements - Improved documentation of BIO_ctrl(3), BIO_set_info_callback(3), BIO_get_info_callback(3), BIO_method_type(3), and BIO_method_name(3). - Marked BIO_CB_return(), BIO_cb_pre(), and BIO_cb_post() as intentionally undocumented. * Testing and Proactive Security - Significantly improved test coverage of BN_mod_sqrt() and GCD. - As always, new test coverage is added as bugs are fixed and subsystems are cleaned up. 3.7.3: * Bug fix - Hostflags in the verify parameters would not propagate from an SSL_CTX to newly created SSL. * Reliability fix - A double free or use after free could occur after SSL_clear(3). 3.7.2: * Portable changes - Moved official Github project to https://github.com/libressl/. - Build support for Apple Silicon. - Installed opensslconf.h is now architecture-specific. - Removed internal defines from opensslconf.h. - Support reproducible builds on tagged commits in main branch. * Internal improvements - Initial overhaul of the BIGNUM code: - Added a new framework that allows architecture-dependent replacement implementations for bignum primitives. - Imported various s2n-bignum's constant time assembly primitives and switched amd64 to them. - Lots of cleanup, simplification and bug fixes. - Changed Perl assembly generators to move constants into .rodata, allowing code to run with execute-only permissions. - Capped the number of iterations in DSA and ECDSA signing (avoiding infinite loops), added additional sanity checks to DSA. - ASN.1 parsing improvements. - Made UI_destroy_method() NULL safe. - Various improvements to nc(1). - Always clear EC groups and points on free. - Cleanup and improvements in EC code. - Various openssl(1) improvements. - Remove dependency on system timegm() and gmtime() by replacing traditional Julian date conversion with POSIX epoch-seconds date conversion from BoringSSL. - Clean old and unused BN code dealing with primes. - Start rewriting name constraints code using CBS. - Remove support for the HMAC PRIVATE KEY. - Rework DSA signing and verifying internals. - Internal headers coming from OpenSSL are all called *_local.h now. - Rewrite TLSv1.2 key exporter. - Cleaned up and refactored various aspects of the legacy TLS stack. * Bug fixes - Fixed a memory leak, a double free and various other issues in BIO_new_NDEF(). - Fixed various crashes in the openssl(1) testing utility. - Do not check policies by default in the new X.509 verifier. - Added missing error checking in PKCS7. - Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup(). - Add EVP_chacha20_poly1305() to the list of all ciphers. - Fix potential leaks of EVP_PKEY in various printing functions - Fix potential leak in OBJ_NAME_add(). - Avoid signed overflow in i2c_ASN1_BIT_STRING(). - Clean up EVP_PKEY_ASN1_METHOD related tables and code. - Fix long standing bugs BN_GF2m_poly2arr() and BN_GF2m_mod(). - Fix segfaults in BN_{dec,hex}2bn(). - Fix NULL dereference in x509_constraints_uri_host() reachable only in the process of generating certificates. - Fixed a variety of memory corruption issues in BIO chains coming from poor old and new API: BIO_push(), BIO_pop(), BIO_set_next(). - Avoid potential divide by zero in BIO_dump_indent_cb() * New features - Added UI_null() - Added X509_STORE_*check_issued() - Added X509_CRL_get0_tbs_sigalg() and X509_get0_uids() accessors. - Added EVP_CIPHER_meth_*() setter API. - BIO_read() and BIO_write() now behave more closely to OpenSSL 3 in various corner cases. More work is needed here. - Added Ed25519 support both as a primitive and via OpenSSL's EVP interfaces. - X25519 is now also supported via EVP. - The OpenSSL 1.1 raw public and private key API is available with support for EVP_PKEY_ED25519, EVP_PKEY_HMAC and EVP_PKEY_X25519. Poly1305 is not currently supported via this interface. * Documentation improvements - Marked BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3), BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented. - Document BIO_number_read(3), BIO_number_written(3), BIO_set_retry_read(3), BIO_set_retry_write(3), BIO_set_retry_special(3), BIO_clear_retry_flags(3), BIO_get_retry_flags(3), BIO_dup_chain(3), BIO_set_flags(3), BIO_clear_flags(3), BIO_test_flags(3), BIO_get_flags(3). BIO_callback_fn_ex(3), BIO_set_callback_ex(3), BIO_get_callback_ex(3), BIO_callback_fn(3), and the BIO_FLAGS_* constants - Correct the prototypes of BIO_get_conn_ip(3) and BIO_get_conn_int_port(3). - Document ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3). - Document EVP_PKEY_new_raw_private_key(3), EVP_PKEY_new_raw_public_key(3), EVP_PKEY_get_raw_private_key(3), and EVP_PKEY_get_raw_public_key(3). - Document ASN1_buf_print(3). - Document DH_get0_*, DSA_get0_*, ECDSA_SIG_get0_{r,s}() and RSA_get0_*. - Merged documentation of UI_null() from OpenSSL 1.1 - Various spelling and other documentation improvements. - Numerous improvements and additions for ASN.1, BIO, BN, and X.509. - The BN documentation is now considered to be complete. * Testing and Proactive Security - As always, new test coverage is added as bugs are fixed and subsystems are cleaned up. - New Wycheproof tests added. - OpenSSL 3.0 Interop tests added. - Many old tests rewritten, cleaned up and extended. * Security fixes - A malicious certificate revocation list or timestamp response token would allow an attacker to read arbitrary memory. 3.7.1: * Internal improvements - Initial overhaul of the BIGNUM code: - Added a new framework that allows architecture-dependent replacement implementations for bignum primitives. - Imported various s2n-bignum's constant time assembly primitives and switched amd64 to them. - Lots of cleanup, simplification and bug fixes. - Changed Perl assembly generators to move constants into .rodata, allowing code to run with execute-only permissions. - Capped the number of iterations in DSA and ECDSA signing (avoiding infinite loops), added additional sanity checks to DSA. - ASN.1 parsing improvements. - Made UI_destroy_method() NULL safe. - Various improvements to nc(1). - Always clear EC groups and points on free. - Cleanup and improvements in EC code. - Various openssl(1) improvements. * Bug fixes - Fixed a memory leak, a double free and various other issues in BIO_new_NDEF(). - Fixed various crashes in the openssl(1) testing utility. - Do not check policies by default in the new X.509 verifier. - Avoid crash with ASN.1 BOOLEANS in openssl(1) asn1parse. - Added missing error checking in PKCS7. - Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup(). * Compatibility changes - Correct the prototypes of BIO_get_conn_ip(3) and BIO_get_conn_int_port(3). * New features - Added UI_null() - Added X509_STORE_*check_issued() - Added X509_CRL_get0_sigalg() and X509_get0_uids() accessors. - Added EVP_CIPHER_meth_*() setter API. * Documentation improvements - Marked BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3), BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented. - Merged documentation of UI_null() from OpenSSL 1.1 - Document BIO_number_read(3), BIO_number_written(3), BIO_set_retry_read(3), BIO_set_retry_write(3), BIO_set_retry_special(3), BIO_clear_retry_flags(3), BIO_get_retry_flags(3), BIO_dup_chain(3), BIO_set_flags(3), BIO_clear_flags(3), BIO_test_flags(3), BIO_get_flags(3). BIO_callback_fn_ex(3), BIO_set_callback_ex(3), BIO_get_callback_ex(3), BIO_callback_fn(3), and the BIO_FLAGS_* constants - Document ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3). - Document EVP_PKEY_new_raw_private_key(3), EVP_PKEY_new_raw_public_key(3), EVP_PKEY_get_raw_private_key(3), and EVP_PKEY_get_raw_public_key(3). - Document ASN1_buf_print(3). - Document ECDSA_SIG_get0_{r,s}(). - Document DH_get0_* for individual DH members. - Document DSA_get0_* for individual DSA members - Document RSA_get0_* for individual RSA members. - Various spelling and other documentation improvements. * Testing and Proactive Security - As always, new test coverage is added as bugs are fixed and subsystems are cleaned up. - New Wycheproof tests added. - OpenSSL 3.0 Interop tests added. - Many old tests rewritten, cleaned up and extended. * Security fixes - A malicious certificate revocation list or timestamp response token would allow an attacker to read arbitrary memory. To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 pkgsrc/security/libretls/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/security/libretls/distinfo cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/libretls/patches/patch-tls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_169945262189560 Content-Disposition: inline Content-Length: 2495 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/security/libretls/Makefile diff -u pkgsrc/security/libretls/Makefile:1.9 pkgsrc/security/libretls/Makefile:1.10 --- pkgsrc/security/libretls/Makefile:1.9 Tue Oct 24 22:10:51 2023 +++ pkgsrc/security/libretls/Makefile Wed Nov 8 14:10:20 2023 @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.9 2023/10/24 22:10:51 wiz Exp $ +# $NetBSD: Makefile,v 1.10 2023/11/08 14:10:20 schmonz Exp $ -DISTNAME= libretls-3.7.0 -PKGREVISION= 1 +DISTNAME= libretls-3.8.1 CATEGORIES= security MASTER_SITES= https://causal.agency/libretls/ Index: pkgsrc/security/libretls/distinfo diff -u pkgsrc/security/libretls/distinfo:1.11 pkgsrc/security/libretls/distinfo:1.12 --- pkgsrc/security/libretls/distinfo:1.11 Sun Sep 3 06:23:41 2023 +++ pkgsrc/security/libretls/distinfo Wed Nov 8 14:10:20 2023 @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.11 2023/09/03 06:23:41 vins Exp $ +$NetBSD: distinfo,v 1.12 2023/11/08 14:10:20 schmonz Exp $ -BLAKE2s (libretls-3.7.0.tar.gz) = a41162dc3ed4515da87d053d745e5b35468357dd7f64bbaca2cec0eba17c585f -SHA512 (libretls-3.7.0.tar.gz) = 18987d09ee804883e2c3cfae1209494b7020d976cc7137ba39540c18e0dc23d25034a46c6c64955201b425ca981e03cbe629f9ff979fd4a72d3dcfbd51efdf84 -Size (libretls-3.7.0.tar.gz) = 427980 bytes -SHA1 (patch-tls.c) = 9ec66891d3a16fcfccb365b77ee0cc711ea4a067 +BLAKE2s (libretls-3.8.1.tar.gz) = 970400ab9046223c8b3516925cc4386768c770df2970337d5d0a26bc63d9e326 +SHA512 (libretls-3.8.1.tar.gz) = bbf4854622401bfc8662016a73202467714b603425dea2012e72846f0a22412018448fda8befa777d67c5dae44839b81e3b039130cf4970a4026c178d3a43ce2 +Size (libretls-3.8.1.tar.gz) = 432142 bytes +SHA1 (patch-tls.c) = d5a90a98267be74311e1fa6806d798668b4a35df Index: pkgsrc/security/libretls/patches/patch-tls.c diff -u pkgsrc/security/libretls/patches/patch-tls.c:1.1 pkgsrc/security/libretls/patches/patch-tls.c:1.2 --- pkgsrc/security/libretls/patches/patch-tls.c:1.1 Sun Sep 3 06:23:41 2023 +++ pkgsrc/security/libretls/patches/patch-tls.c Wed Nov 8 14:10:20 2023 @@ -1,8 +1,8 @@ -$NetBSD: patch-tls.c,v 1.1 2023/09/03 06:23:41 vins Exp $ +$NetBSD: patch-tls.c,v 1.2 2023/11/08 14:10:20 schmonz Exp $ Portability fix for OpenSSL 3.x. -With OpenSSL 3.x the EVP_PKEY_get1_RSA returns a cashed copy of the +With OpenSSL 3.x the EVP_PKEY_get1_RSA returns a cached copy of the provider's key, so changing it is meaningless, since other get1/get0 calls will return the previously cached copy. Instead, we have to re-assign the changed rsa after the edit. --_----------=_169945262189560--