Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_170698448634360"
MIME-Version: 1.0
Date: Sat, 3 Feb 2024 18:21:26 +0000
From: "Adam Ciarcinski" <adam@netbsd.org>
Subject: CVS commit: pkgsrc/security/openssl
To: pkgsrc-changes@NetBSD.org
Reply-To: adam@netbsd.org
Message-Id: <20240203182126.3E282FA42@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_170698448634360
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	adam
Date:		Sat Feb  3 18:21:26 UTC 2024

Modified Files:
	pkgsrc/security/openssl: Makefile PLIST distinfo

Log Message:
openssl: updated to 3.1.5

Changes between 3.1.4 and 3.1.5 [30 Jan 2024]

 * A file in PKCS12 format can contain certificates and keys and may come from
   an untrusted source. The PKCS12 specification allows certain fields to be
   NULL, but OpenSSL did not correctly check for this case. A fix has been
   applied to prevent a NULL pointer dereference that results in OpenSSL
   crashing. If an application processes PKCS12 files from an untrusted source
   using the OpenSSL APIs then that application will be vulnerable to this
   issue prior to this fix.

   OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
   PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
   and PKCS12_newpass().

   We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
   function is related to writing data we do not consider it security
   significant.

   ([CVE-2024-0727])


To generate a diff of this commit:
cvs rdiff -u -r1.295 -r1.296 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.15 -r1.16 pkgsrc/security/openssl/PLIST
cvs rdiff -u -r1.171 -r1.172 pkgsrc/security/openssl/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_170698448634360
Content-Disposition: inline
Content-Length: 7674
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/security/openssl/Makefile
diff -u pkgsrc/security/openssl/Makefile:1.295 pkgsrc/security/openssl/Makefile:1.296
--- pkgsrc/security/openssl/Makefile:1.295	Wed Dec 27 14:41:31 2023
+++ pkgsrc/security/openssl/Makefile	Sat Feb  3 18:21:26 2024
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.295 2023/12/27 14:41:31 schmonz Exp $
+# $NetBSD: Makefile,v 1.296 2024/02/03 18:21:26 adam Exp $
 
 # Remember to upload-distfiles when updating OpenSSL -- otherwise it
 # is not possible for users who have bootstrapped without OpenSSL
 # to install it and enable HTTPS fetching.
-DISTNAME=	openssl-3.1.4
+DISTNAME=	openssl-3.1.5
 CATEGORIES=	security
 MASTER_SITES=	https://www.openssl.org/source/
 

Index: pkgsrc/security/openssl/PLIST
diff -u pkgsrc/security/openssl/PLIST:1.15 pkgsrc/security/openssl/PLIST:1.16
--- pkgsrc/security/openssl/PLIST:1.15	Fri Oct 27 18:30:12 2023
+++ pkgsrc/security/openssl/PLIST	Sat Feb  3 18:21:26 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.15 2023/10/27 18:30:12 jperkin Exp $
+@comment $NetBSD: PLIST,v 1.16 2024/02/03 18:21:26 adam Exp $
 bin/c_rehash
 bin/openssl
 include/openssl/aes.h
@@ -834,7 +834,27 @@ man/man3/CMS_set1_eContentType.3
 man/man3/CMS_sign.3
 man/man3/CMS_sign_ex.3
 man/man3/CMS_sign_receipt.3
+man/man3/CMS_signed_add1_attr.3
+man/man3/CMS_signed_add1_attr_by_NID.3
+man/man3/CMS_signed_add1_attr_by_OBJ.3
+man/man3/CMS_signed_add1_attr_by_txt.3
+man/man3/CMS_signed_delete_attr.3
+man/man3/CMS_signed_get0_data_by_OBJ.3
+man/man3/CMS_signed_get_attr.3
+man/man3/CMS_signed_get_attr_by_NID.3
+man/man3/CMS_signed_get_attr_by_OBJ.3
+man/man3/CMS_signed_get_attr_count.3
 man/man3/CMS_uncompress.3
+man/man3/CMS_unsigned_add1_attr.3
+man/man3/CMS_unsigned_add1_attr_by_NID.3
+man/man3/CMS_unsigned_add1_attr_by_OBJ.3
+man/man3/CMS_unsigned_add1_attr_by_txt.3
+man/man3/CMS_unsigned_delete_attr.3
+man/man3/CMS_unsigned_get0_data_by_OBJ.3
+man/man3/CMS_unsigned_get_attr.3
+man/man3/CMS_unsigned_get_attr_by_NID.3
+man/man3/CMS_unsigned_get_attr_by_OBJ.3
+man/man3/CMS_unsigned_get_attr_count.3
 man/man3/CMS_verify.3
 man/man3/CMS_verify_receipt.3
 man/man3/CONF_get1_default_config_file.3
@@ -1884,6 +1904,10 @@ man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3
 man/man3/EVP_PKEY_CTX_settable_params.3
 man/man3/EVP_PKEY_METHOD.3
 man/man3/EVP_PKEY_Q_keygen.3
+man/man3/EVP_PKEY_add1_attr.3
+man/man3/EVP_PKEY_add1_attr_by_NID.3
+man/man3/EVP_PKEY_add1_attr_by_OBJ.3
+man/man3/EVP_PKEY_add1_attr_by_txt.3
 man/man3/EVP_PKEY_asn1_add0.3
 man/man3/EVP_PKEY_asn1_add_alias.3
 man/man3/EVP_PKEY_asn1_copy.3
@@ -1927,6 +1951,7 @@ man/man3/EVP_PKEY_decapsulate_init.3
 man/man3/EVP_PKEY_decrypt.3
 man/man3/EVP_PKEY_decrypt_init.3
 man/man3/EVP_PKEY_decrypt_init_ex.3
+man/man3/EVP_PKEY_delete_attr.3
 man/man3/EVP_PKEY_derive.3
 man/man3/EVP_PKEY_derive_init.3
 man/man3/EVP_PKEY_derive_init_ex.3
@@ -1966,6 +1991,10 @@ man/man3/EVP_PKEY_get1_EC_KEY.3
 man/man3/EVP_PKEY_get1_RSA.3
 man/man3/EVP_PKEY_get1_encoded_public_key.3
 man/man3/EVP_PKEY_get1_tls_encodedpoint.3
+man/man3/EVP_PKEY_get_attr.3
+man/man3/EVP_PKEY_get_attr_by_NID.3
+man/man3/EVP_PKEY_get_attr_by_OBJ.3
+man/man3/EVP_PKEY_get_attr_count.3
 man/man3/EVP_PKEY_get_base_id.3
 man/man3/EVP_PKEY_get_bits.3
 man/man3/EVP_PKEY_get_bn_param.3
@@ -2559,13 +2588,16 @@ man/man3/OPENSSL_LH_doall_arg.3
 man/man3/OPENSSL_LH_error.3
 man/man3/OPENSSL_LH_flush.3
 man/man3/OPENSSL_LH_free.3
+man/man3/OPENSSL_LH_get_down_load.3
 man/man3/OPENSSL_LH_insert.3
 man/man3/OPENSSL_LH_new.3
 man/man3/OPENSSL_LH_node_stats.3
 man/man3/OPENSSL_LH_node_stats_bio.3
 man/man3/OPENSSL_LH_node_usage_stats.3
 man/man3/OPENSSL_LH_node_usage_stats_bio.3
+man/man3/OPENSSL_LH_num_items.3
 man/man3/OPENSSL_LH_retrieve.3
+man/man3/OPENSSL_LH_set_down_load.3
 man/man3/OPENSSL_LH_stats.3
 man/man3/OPENSSL_LH_stats_bio.3
 man/man3/OPENSSL_LINE.3
@@ -4529,9 +4561,20 @@ man/man3/X509_ALGOR_it.3
 man/man3/X509_ALGOR_new.3
 man/man3/X509_ALGOR_set0.3
 man/man3/X509_ALGOR_set_md.3
+man/man3/X509_ATTRIBUTE.3
+man/man3/X509_ATTRIBUTE_count.3
+man/man3/X509_ATTRIBUTE_create.3
+man/man3/X509_ATTRIBUTE_create_by_NID.3
+man/man3/X509_ATTRIBUTE_create_by_OBJ.3
+man/man3/X509_ATTRIBUTE_create_by_txt.3
 man/man3/X509_ATTRIBUTE_dup.3
 man/man3/X509_ATTRIBUTE_free.3
+man/man3/X509_ATTRIBUTE_get0_data.3
+man/man3/X509_ATTRIBUTE_get0_object.3
+man/man3/X509_ATTRIBUTE_get0_type.3
 man/man3/X509_ATTRIBUTE_new.3
+man/man3/X509_ATTRIBUTE_set1_data.3
+man/man3/X509_ATTRIBUTE_set1_object.3
 man/man3/X509_CERT_AUX_free.3
 man/man3/X509_CERT_AUX_new.3
 man/man3/X509_CINF_free.3
@@ -4685,7 +4728,14 @@ man/man3/X509_PUBKEY_set.3
 man/man3/X509_PUBKEY_set0_param.3
 man/man3/X509_REQ_INFO_free.3
 man/man3/X509_REQ_INFO_new.3
+man/man3/X509_REQ_add1_attr.3
+man/man3/X509_REQ_add1_attr_by_NID.3
+man/man3/X509_REQ_add1_attr_by_OBJ.3
+man/man3/X509_REQ_add1_attr_by_txt.3
+man/man3/X509_REQ_add_extensions.3
+man/man3/X509_REQ_add_extensions_nid.3
 man/man3/X509_REQ_check_private_key.3
+man/man3/X509_REQ_delete_attr.3
 man/man3/X509_REQ_digest.3
 man/man3/X509_REQ_dup.3
 man/man3/X509_REQ_free.3
@@ -4693,6 +4743,11 @@ man/man3/X509_REQ_get0_distinguishing_id
 man/man3/X509_REQ_get0_pubkey.3
 man/man3/X509_REQ_get0_signature.3
 man/man3/X509_REQ_get_X509_PUBKEY.3
+man/man3/X509_REQ_get_attr.3
+man/man3/X509_REQ_get_attr_by_NID.3
+man/man3/X509_REQ_get_attr_by_OBJ.3
+man/man3/X509_REQ_get_attr_count.3
+man/man3/X509_REQ_get_extensions.3
 man/man3/X509_REQ_get_pubkey.3
 man/man3/X509_REQ_get_signature_nid.3
 man/man3/X509_REQ_get_subject_name.3
@@ -4971,6 +5026,16 @@ man/man3/X509_up_ref.3
 man/man3/X509_verify.3
 man/man3/X509_verify_cert.3
 man/man3/X509_verify_cert_error_string.3
+man/man3/X509at_add1_attr.3
+man/man3/X509at_add1_attr_by_NID.3
+man/man3/X509at_add1_attr_by_OBJ.3
+man/man3/X509at_add1_attr_by_txt.3
+man/man3/X509at_delete_attr.3
+man/man3/X509at_get0_data_by_OBJ.3
+man/man3/X509at_get_attr.3
+man/man3/X509at_get_attr_by_NID.3
+man/man3/X509at_get_attr_by_OBJ.3
+man/man3/X509at_get_attr_count.3
 man/man3/X509v3_add_ext.3
 man/man3/X509v3_delete_ext.3
 man/man3/X509v3_get_ext.3
@@ -5440,9 +5505,12 @@ man/man3/lh_TYPE_doall_arg.3
 man/man3/lh_TYPE_error.3
 man/man3/lh_TYPE_flush.3
 man/man3/lh_TYPE_free.3
+man/man3/lh_TYPE_get_down_load.3
 man/man3/lh_TYPE_insert.3
 man/man3/lh_TYPE_new.3
+man/man3/lh_TYPE_num_items.3
 man/man3/lh_TYPE_retrieve.3
+man/man3/lh_TYPE_set_down_load.3
 man/man3/o2i_SCT.3
 man/man3/o2i_SCT_LIST.3
 man/man3/pem_password_cb.3

Index: pkgsrc/security/openssl/distinfo
diff -u pkgsrc/security/openssl/distinfo:1.171 pkgsrc/security/openssl/distinfo:1.172
--- pkgsrc/security/openssl/distinfo:1.171	Wed Dec 27 15:55:58 2023
+++ pkgsrc/security/openssl/distinfo	Sat Feb  3 18:21:26 2024
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.171 2023/12/27 15:55:58 spz Exp $
+$NetBSD: distinfo,v 1.172 2024/02/03 18:21:26 adam Exp $
 
-BLAKE2s (openssl-3.1.4.tar.gz) = a2fb05a80f2e8587861edfa5304e995cf7595a262d729593655209de6b67745f
-SHA512 (openssl-3.1.4.tar.gz) = a69df4a018f57dee7d8a57c8003a6869eba11f1eaa394518976642a993780d0de3326019e92dea4c679c6c581fef568ea616ec541afc0792800359c606dffcd2
-Size (openssl-3.1.4.tar.gz) = 15569450 bytes
+BLAKE2s (openssl-3.1.5.tar.gz) = 259837669e34cb57f3822c0fea435b72c517d12c54fc3b0cc5ee67a585ee49be
+SHA512 (openssl-3.1.5.tar.gz) = 82e2ac6b3d9b03f8fc66d2ec421246e989eb702eb94586515abfb5afb5300391a0beedf6a2602f61ac10896b41e5608feeeeb4d37714fa17ac0f2ce465249fa9
+Size (openssl-3.1.5.tar.gz) = 15663524 bytes
 SHA1 (patch-Configurations_unix-Makefile.tmpl) = a482c9b1be14428efb99f3ef638eccbcaea506b7
 SHA1 (patch-util_perl_OpenSSL_config.pm) = 8f335441860597d0074245d49cc9e081b0f9fd4e


--_----------=_170698448634360--