Tue Jun 21 18:48:39 2022 UTC ()
openssl: Update to 1.1.1p.

Approved during freeze by gdt@, tested on SmartOS and macOS.

Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022]

    o Fixed additional bugs in the c_rehash script which was not properly
      sanitising shell metacharacters to prevent command injection
      (CVE-2022-2068)


(jperkin)
diff -r1.280 -r1.281 pkgsrc/security/openssl/Makefile
diff -r1.11 -r1.12 pkgsrc/security/openssl/PLIST
diff -r1.159 -r1.160 pkgsrc/security/openssl/distinfo
cvs diff -r1.280 -r1.281 pkgsrc/security/openssl/Makefile (expand / switch to unified diff)

--- pkgsrc/security/openssl/Makefile 2022/05/10 05:43:50 1.280
+++ pkgsrc/security/openssl/Makefile 2022/06/21 18:48:39 1.281
@@ -1,19 +1,19 @@ @@ -1,19 +1,19 @@
1# $NetBSD: Makefile,v 1.280 2022/05/10 05:43:50 wiz Exp $ 1# $NetBSD: Makefile,v 1.281 2022/06/21 18:48:39 jperkin Exp $
2 2
3# Remember to upload-distfiles when updating OpenSSL -- otherwise it 3# Remember to upload-distfiles when updating OpenSSL -- otherwise it
4# is not possible for users who have bootstrapped without OpenSSL 4# is not possible for users who have bootstrapped without OpenSSL
5# to install it and enable HTTPS fetching. 5# to install it and enable HTTPS fetching.
6DISTNAME= openssl-1.1.1o 6DISTNAME= openssl-1.1.1p
7CATEGORIES= security 7CATEGORIES= security
8MASTER_SITES= https://www.openssl.org/source/ 8MASTER_SITES= https://www.openssl.org/source/
9 9
10MAINTAINER= pkgsrc-users@NetBSD.org 10MAINTAINER= pkgsrc-users@NetBSD.org
11HOMEPAGE= https://www.openssl.org/ 11HOMEPAGE= https://www.openssl.org/
12COMMENT= Secure Socket Layer and cryptographic library 12COMMENT= Secure Socket Layer and cryptographic library
13LICENSE= openssl 13LICENSE= openssl
14 14
15USE_GCC_RUNTIME= yes 15USE_GCC_RUNTIME= yes
16 16
17USE_TOOLS+= fgrep gmake perl 17USE_TOOLS+= fgrep gmake perl
18USE_TOOLS.SunOS+= gm4 18USE_TOOLS.SunOS+= gm4
19BUILD_TARGET= depend all 19BUILD_TARGET= depend all
cvs diff -r1.11 -r1.12 pkgsrc/security/openssl/PLIST (expand / switch to unified diff)

--- pkgsrc/security/openssl/PLIST 2022/03/15 18:20:02 1.11
+++ pkgsrc/security/openssl/PLIST 2022/06/21 18:48:39 1.12
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.11 2022/03/15 18:20:02 wiz Exp $ 1@comment $NetBSD: PLIST,v 1.12 2022/06/21 18:48:39 jperkin Exp $
2bin/c_rehash 2bin/c_rehash
3bin/openssl 3bin/openssl
4include/openssl/aes.h 4include/openssl/aes.h
5include/openssl/asn1.h 5include/openssl/asn1.h
6include/openssl/asn1_mac.h 6include/openssl/asn1_mac.h
7include/openssl/asn1err.h 7include/openssl/asn1err.h
8include/openssl/asn1t.h 8include/openssl/asn1t.h
9include/openssl/async.h 9include/openssl/async.h
10include/openssl/asyncerr.h 10include/openssl/asyncerr.h
11include/openssl/bio.h 11include/openssl/bio.h
12include/openssl/bioerr.h 12include/openssl/bioerr.h
13include/openssl/blowfish.h 13include/openssl/blowfish.h
14include/openssl/bn.h 14include/openssl/bn.h
@@ -2566,29 +2566,31 @@ man/man3/SSL_CTX_config.3 @@ -2566,29 +2566,31 @@ man/man3/SSL_CTX_config.3
2566man/man3/SSL_CTX_ct_is_enabled.3 2566man/man3/SSL_CTX_ct_is_enabled.3
2567man/man3/SSL_CTX_ctrl.3 2567man/man3/SSL_CTX_ctrl.3
2568man/man3/SSL_CTX_dane_clear_flags.3 2568man/man3/SSL_CTX_dane_clear_flags.3
2569man/man3/SSL_CTX_dane_enable.3 2569man/man3/SSL_CTX_dane_enable.3
2570man/man3/SSL_CTX_dane_mtype_set.3 2570man/man3/SSL_CTX_dane_mtype_set.3
2571man/man3/SSL_CTX_dane_set_flags.3 2571man/man3/SSL_CTX_dane_set_flags.3
2572man/man3/SSL_CTX_decrypt_session_ticket_fn.3 2572man/man3/SSL_CTX_decrypt_session_ticket_fn.3
2573man/man3/SSL_CTX_disable_ct.3 2573man/man3/SSL_CTX_disable_ct.3
2574man/man3/SSL_CTX_enable_ct.3 2574man/man3/SSL_CTX_enable_ct.3
2575man/man3/SSL_CTX_flush_sessions.3 2575man/man3/SSL_CTX_flush_sessions.3
2576man/man3/SSL_CTX_free.3 2576man/man3/SSL_CTX_free.3
2577man/man3/SSL_CTX_generate_session_ticket_fn.3 2577man/man3/SSL_CTX_generate_session_ticket_fn.3
2578man/man3/SSL_CTX_get0_CA_list.3 2578man/man3/SSL_CTX_get0_CA_list.3
 2579man/man3/SSL_CTX_get0_chain_cert_store.3
2579man/man3/SSL_CTX_get0_chain_certs.3 2580man/man3/SSL_CTX_get0_chain_certs.3
2580man/man3/SSL_CTX_get0_param.3 2581man/man3/SSL_CTX_get0_param.3
2581man/man3/SSL_CTX_get0_security_ex_data.3 2582man/man3/SSL_CTX_get0_security_ex_data.3
 2583man/man3/SSL_CTX_get0_verify_cert_store.3
2582man/man3/SSL_CTX_get_cert_store.3 2584man/man3/SSL_CTX_get_cert_store.3
2583man/man3/SSL_CTX_get_ciphers.3 2585man/man3/SSL_CTX_get_ciphers.3
2584man/man3/SSL_CTX_get_client_CA_list.3 2586man/man3/SSL_CTX_get_client_CA_list.3
2585man/man3/SSL_CTX_get_client_cert_cb.3 2587man/man3/SSL_CTX_get_client_cert_cb.3
2586man/man3/SSL_CTX_get_default_passwd_cb.3 2588man/man3/SSL_CTX_get_default_passwd_cb.3
2587man/man3/SSL_CTX_get_default_passwd_cb_userdata.3 2589man/man3/SSL_CTX_get_default_passwd_cb_userdata.3
2588man/man3/SSL_CTX_get_default_read_ahead.3 2590man/man3/SSL_CTX_get_default_read_ahead.3
2589man/man3/SSL_CTX_get_ex_data.3 2591man/man3/SSL_CTX_get_ex_data.3
2590man/man3/SSL_CTX_get_info_callback.3 2592man/man3/SSL_CTX_get_info_callback.3
2591man/man3/SSL_CTX_get_keylog_callback.3 2593man/man3/SSL_CTX_get_keylog_callback.3
2592man/man3/SSL_CTX_get_max_cert_list.3 2594man/man3/SSL_CTX_get_max_cert_list.3
2593man/man3/SSL_CTX_get_max_early_data.3 2595man/man3/SSL_CTX_get_max_early_data.3
2594man/man3/SSL_CTX_get_max_proto_version.3 2596man/man3/SSL_CTX_get_max_proto_version.3
@@ -2824,37 +2826,39 @@ man/man3/SSL_dane_enable.3 @@ -2824,37 +2826,39 @@ man/man3/SSL_dane_enable.3
2824man/man3/SSL_dane_set_flags.3 2826man/man3/SSL_dane_set_flags.3
2825man/man3/SSL_dane_tlsa_add.3 2827man/man3/SSL_dane_tlsa_add.3
2826man/man3/SSL_disable_ct.3 2828man/man3/SSL_disable_ct.3
2827man/man3/SSL_do_handshake.3 2829man/man3/SSL_do_handshake.3
2828man/man3/SSL_dup.3 2830man/man3/SSL_dup.3
2829man/man3/SSL_enable_ct.3 2831man/man3/SSL_enable_ct.3
2830man/man3/SSL_export_keying_material.3 2832man/man3/SSL_export_keying_material.3
2831man/man3/SSL_export_keying_material_early.3 2833man/man3/SSL_export_keying_material_early.3
2832man/man3/SSL_extension_supported.3 2834man/man3/SSL_extension_supported.3
2833man/man3/SSL_free.3 2835man/man3/SSL_free.3
2834man/man3/SSL_free_buffers.3 2836man/man3/SSL_free_buffers.3
2835man/man3/SSL_get0_CA_list.3 2837man/man3/SSL_get0_CA_list.3
2836man/man3/SSL_get0_alpn_selected.3 2838man/man3/SSL_get0_alpn_selected.3
 2839man/man3/SSL_get0_chain_cert_store.3
2837man/man3/SSL_get0_chain_certs.3 2840man/man3/SSL_get0_chain_certs.3
2838man/man3/SSL_get0_dane_authority.3 2841man/man3/SSL_get0_dane_authority.3
2839man/man3/SSL_get0_dane_tlsa.3 2842man/man3/SSL_get0_dane_tlsa.3
2840man/man3/SSL_get0_next_proto_negotiated.3 2843man/man3/SSL_get0_next_proto_negotiated.3
2841man/man3/SSL_get0_param.3 2844man/man3/SSL_get0_param.3
2842man/man3/SSL_get0_peer_CA_list.3 2845man/man3/SSL_get0_peer_CA_list.3
2843man/man3/SSL_get0_peer_scts.3 2846man/man3/SSL_get0_peer_scts.3
2844man/man3/SSL_get0_peername.3 2847man/man3/SSL_get0_peername.3
2845man/man3/SSL_get0_security_ex_data.3 2848man/man3/SSL_get0_security_ex_data.3
2846man/man3/SSL_get0_session.3 2849man/man3/SSL_get0_session.3
2847man/man3/SSL_get0_verified_chain.3 2850man/man3/SSL_get0_verified_chain.3
 2851man/man3/SSL_get0_verify_cert_store.3
2848man/man3/SSL_get1_curves.3 2852man/man3/SSL_get1_curves.3
2849man/man3/SSL_get1_groups.3 2853man/man3/SSL_get1_groups.3
2850man/man3/SSL_get1_session.3 2854man/man3/SSL_get1_session.3
2851man/man3/SSL_get1_supported_ciphers.3 2855man/man3/SSL_get1_supported_ciphers.3
2852man/man3/SSL_get_SSL_CTX.3 2856man/man3/SSL_get_SSL_CTX.3
2853man/man3/SSL_get_all_async_fds.3 2857man/man3/SSL_get_all_async_fds.3
2854man/man3/SSL_get_changed_async_fds.3 2858man/man3/SSL_get_changed_async_fds.3
2855man/man3/SSL_get_cipher.3 2859man/man3/SSL_get_cipher.3
2856man/man3/SSL_get_cipher_bits.3 2860man/man3/SSL_get_cipher_bits.3
2857man/man3/SSL_get_cipher_list.3 2861man/man3/SSL_get_cipher_list.3
2858man/man3/SSL_get_cipher_name.3 2862man/man3/SSL_get_cipher_name.3
2859man/man3/SSL_get_cipher_version.3 2863man/man3/SSL_get_cipher_version.3
2860man/man3/SSL_get_ciphers.3 2864man/man3/SSL_get_ciphers.3
cvs diff -r1.159 -r1.160 pkgsrc/security/openssl/distinfo (expand / switch to unified diff)

--- pkgsrc/security/openssl/distinfo 2022/05/10 05:43:50 1.159
+++ pkgsrc/security/openssl/distinfo 2022/06/21 18:48:39 1.160
@@ -1,8 +1,8 @@ @@ -1,8 +1,8 @@
1$NetBSD: distinfo,v 1.159 2022/05/10 05:43:50 wiz Exp $ 1$NetBSD: distinfo,v 1.160 2022/06/21 18:48:39 jperkin Exp $
2 2
3BLAKE2s (openssl-1.1.1o.tar.gz) = 1cce7975b7c39641707fa142214c6b22255b42151ef6e4da49eeacf1dc9466cc 3BLAKE2s (openssl-1.1.1p.tar.gz) = 9fe91a85ba0ee64d8225c80fa6fd5bf6294a3aae051a9681798aeb1520c6d1f8
4SHA512 (openssl-1.1.1o.tar.gz) = 75b2f1499cb4640229eb6cd35d85cbff2e19db17b959ac4d04b60f1b395b73567f9003521452a0fcfeea9b31b26de0a7bccf476ecf9caae02298f3647cfb7e23 4SHA512 (openssl-1.1.1p.tar.gz) = 203470b1cd37bdbfabfec5ef37fc97c991d9943f070c988316f6396b09dae7cea16ac884bd8646dbf7dd1ed40ebde6bdfa5700beee2d714d07c97cc70b4e48d9
5Size (openssl-1.1.1o.tar.gz) = 9856386 bytes 5Size (openssl-1.1.1p.tar.gz) = 9860217 bytes
6SHA1 (patch-Configurations_shared-info.pl) = 0e835f6e343b5d05ef9a0e6ef2a195201262d15c 6SHA1 (patch-Configurations_shared-info.pl) = 0e835f6e343b5d05ef9a0e6ef2a195201262d15c
7SHA1 (patch-Configurations_unix-Makefile.tmpl) = 3f47dd453381485aeb6c37dc53f932428fdcef50 7SHA1 (patch-Configurations_unix-Makefile.tmpl) = 3f47dd453381485aeb6c37dc53f932428fdcef50
8SHA1 (patch-Configure) = 479f1bc826f7721f6b44d6b5a6cf460432924bf2 8SHA1 (patch-Configure) = 479f1bc826f7721f6b44d6b5a6cf460432924bf2