openssl: updated to 3.1.5

Changes between 3.1.4 and 3.1.5 [30 Jan 2024] * A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL did not correctly check for this case. A fix has been applied to prevent a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue prior to this fix. OpenSSL APIs that were vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. ([CVE-2024-0727])
2024-02-03 18:21:26 +00:00 · 2024-02-03 18:21:26 +00:00 · 52e636bfd4
parent 5dc8c7c07c
commit 52e636bfd4
3 changed files with 75 additions and 7 deletions
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.295 2023/12/27 14:41:31 schmonz Exp $
+# $NetBSD: Makefile,v 1.296 2024/02/03 18:21:26 adam Exp $

 # Remember to upload-distfiles when updating OpenSSL -- otherwise it
 # is not possible for users who have bootstrapped without OpenSSL
 # to install it and enable HTTPS fetching.
-DISTNAME=	openssl-3.1.4
+DISTNAME=	openssl-3.1.5
 CATEGORIES=	security
 MASTER_SITES=	https://www.openssl.org/source/

--- a/security/openssl/PLIST
+++ b/security/openssl/PLIST
@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.15 2023/10/27 18:30:12 jperkin Exp $
+@comment $NetBSD: PLIST,v 1.16 2024/02/03 18:21:26 adam Exp $
 bin/c_rehash
 bin/openssl
 include/openssl/aes.h
@ -834,7 +834,27 @@ man/man3/CMS_set1_eContentType.3
 man/man3/CMS_sign.3
 man/man3/CMS_sign_ex.3
 man/man3/CMS_sign_receipt.3
+man/man3/CMS_signed_add1_attr.3
+man/man3/CMS_signed_add1_attr_by_NID.3
+man/man3/CMS_signed_add1_attr_by_OBJ.3
+man/man3/CMS_signed_add1_attr_by_txt.3
+man/man3/CMS_signed_delete_attr.3
+man/man3/CMS_signed_get0_data_by_OBJ.3
+man/man3/CMS_signed_get_attr.3
+man/man3/CMS_signed_get_attr_by_NID.3
+man/man3/CMS_signed_get_attr_by_OBJ.3
+man/man3/CMS_signed_get_attr_count.3
 man/man3/CMS_uncompress.3
+man/man3/CMS_unsigned_add1_attr.3
+man/man3/CMS_unsigned_add1_attr_by_NID.3
+man/man3/CMS_unsigned_add1_attr_by_OBJ.3
+man/man3/CMS_unsigned_add1_attr_by_txt.3
+man/man3/CMS_unsigned_delete_attr.3
+man/man3/CMS_unsigned_get0_data_by_OBJ.3
+man/man3/CMS_unsigned_get_attr.3
+man/man3/CMS_unsigned_get_attr_by_NID.3
+man/man3/CMS_unsigned_get_attr_by_OBJ.3
+man/man3/CMS_unsigned_get_attr_count.3
 man/man3/CMS_verify.3
 man/man3/CMS_verify_receipt.3
 man/man3/CONF_get1_default_config_file.3
@ -1884,6 +1904,10 @@ man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3
 man/man3/EVP_PKEY_CTX_settable_params.3
 man/man3/EVP_PKEY_METHOD.3
 man/man3/EVP_PKEY_Q_keygen.3
+man/man3/EVP_PKEY_add1_attr.3
+man/man3/EVP_PKEY_add1_attr_by_NID.3
+man/man3/EVP_PKEY_add1_attr_by_OBJ.3
+man/man3/EVP_PKEY_add1_attr_by_txt.3
 man/man3/EVP_PKEY_asn1_add0.3
 man/man3/EVP_PKEY_asn1_add_alias.3
 man/man3/EVP_PKEY_asn1_copy.3
@ -1927,6 +1951,7 @@ man/man3/EVP_PKEY_decapsulate_init.3
 man/man3/EVP_PKEY_decrypt.3
 man/man3/EVP_PKEY_decrypt_init.3
 man/man3/EVP_PKEY_decrypt_init_ex.3
+man/man3/EVP_PKEY_delete_attr.3
 man/man3/EVP_PKEY_derive.3
 man/man3/EVP_PKEY_derive_init.3
 man/man3/EVP_PKEY_derive_init_ex.3
@ -1966,6 +1991,10 @@ man/man3/EVP_PKEY_get1_EC_KEY.3
 man/man3/EVP_PKEY_get1_RSA.3
 man/man3/EVP_PKEY_get1_encoded_public_key.3
 man/man3/EVP_PKEY_get1_tls_encodedpoint.3
+man/man3/EVP_PKEY_get_attr.3
+man/man3/EVP_PKEY_get_attr_by_NID.3
+man/man3/EVP_PKEY_get_attr_by_OBJ.3
+man/man3/EVP_PKEY_get_attr_count.3
 man/man3/EVP_PKEY_get_base_id.3
 man/man3/EVP_PKEY_get_bits.3
 man/man3/EVP_PKEY_get_bn_param.3
@ -2559,13 +2588,16 @@ man/man3/OPENSSL_LH_doall_arg.3
 man/man3/OPENSSL_LH_error.3
 man/man3/OPENSSL_LH_flush.3
 man/man3/OPENSSL_LH_free.3
+man/man3/OPENSSL_LH_get_down_load.3
 man/man3/OPENSSL_LH_insert.3
 man/man3/OPENSSL_LH_new.3
 man/man3/OPENSSL_LH_node_stats.3
 man/man3/OPENSSL_LH_node_stats_bio.3
 man/man3/OPENSSL_LH_node_usage_stats.3
 man/man3/OPENSSL_LH_node_usage_stats_bio.3
+man/man3/OPENSSL_LH_num_items.3
 man/man3/OPENSSL_LH_retrieve.3
+man/man3/OPENSSL_LH_set_down_load.3
 man/man3/OPENSSL_LH_stats.3
 man/man3/OPENSSL_LH_stats_bio.3
 man/man3/OPENSSL_LINE.3
@ -4529,9 +4561,20 @@ man/man3/X509_ALGOR_it.3
 man/man3/X509_ALGOR_new.3
 man/man3/X509_ALGOR_set0.3
 man/man3/X509_ALGOR_set_md.3
+man/man3/X509_ATTRIBUTE.3
+man/man3/X509_ATTRIBUTE_count.3
+man/man3/X509_ATTRIBUTE_create.3
+man/man3/X509_ATTRIBUTE_create_by_NID.3
+man/man3/X509_ATTRIBUTE_create_by_OBJ.3
+man/man3/X509_ATTRIBUTE_create_by_txt.3
 man/man3/X509_ATTRIBUTE_dup.3
 man/man3/X509_ATTRIBUTE_free.3
+man/man3/X509_ATTRIBUTE_get0_data.3
+man/man3/X509_ATTRIBUTE_get0_object.3
+man/man3/X509_ATTRIBUTE_get0_type.3
 man/man3/X509_ATTRIBUTE_new.3
+man/man3/X509_ATTRIBUTE_set1_data.3
+man/man3/X509_ATTRIBUTE_set1_object.3
 man/man3/X509_CERT_AUX_free.3
 man/man3/X509_CERT_AUX_new.3
 man/man3/X509_CINF_free.3
@ -4685,7 +4728,14 @@ man/man3/X509_PUBKEY_set.3
 man/man3/X509_PUBKEY_set0_param.3
 man/man3/X509_REQ_INFO_free.3
 man/man3/X509_REQ_INFO_new.3
+man/man3/X509_REQ_add1_attr.3
+man/man3/X509_REQ_add1_attr_by_NID.3
+man/man3/X509_REQ_add1_attr_by_OBJ.3
+man/man3/X509_REQ_add1_attr_by_txt.3
+man/man3/X509_REQ_add_extensions.3
+man/man3/X509_REQ_add_extensions_nid.3
 man/man3/X509_REQ_check_private_key.3
+man/man3/X509_REQ_delete_attr.3
 man/man3/X509_REQ_digest.3
 man/man3/X509_REQ_dup.3
 man/man3/X509_REQ_free.3
@ -4693,6 +4743,11 @@ man/man3/X509_REQ_get0_distinguishing_id.3
 man/man3/X509_REQ_get0_pubkey.3
 man/man3/X509_REQ_get0_signature.3
 man/man3/X509_REQ_get_X509_PUBKEY.3
+man/man3/X509_REQ_get_attr.3
+man/man3/X509_REQ_get_attr_by_NID.3
+man/man3/X509_REQ_get_attr_by_OBJ.3
+man/man3/X509_REQ_get_attr_count.3
+man/man3/X509_REQ_get_extensions.3
 man/man3/X509_REQ_get_pubkey.3
 man/man3/X509_REQ_get_signature_nid.3
 man/man3/X509_REQ_get_subject_name.3
@ -4971,6 +5026,16 @@ man/man3/X509_up_ref.3
 man/man3/X509_verify.3
 man/man3/X509_verify_cert.3
 man/man3/X509_verify_cert_error_string.3
+man/man3/X509at_add1_attr.3
+man/man3/X509at_add1_attr_by_NID.3
+man/man3/X509at_add1_attr_by_OBJ.3
+man/man3/X509at_add1_attr_by_txt.3
+man/man3/X509at_delete_attr.3
+man/man3/X509at_get0_data_by_OBJ.3
+man/man3/X509at_get_attr.3
+man/man3/X509at_get_attr_by_NID.3
+man/man3/X509at_get_attr_by_OBJ.3
+man/man3/X509at_get_attr_count.3
 man/man3/X509v3_add_ext.3
 man/man3/X509v3_delete_ext.3
 man/man3/X509v3_get_ext.3
@ -5440,9 +5505,12 @@ man/man3/lh_TYPE_doall_arg.3
 man/man3/lh_TYPE_error.3
 man/man3/lh_TYPE_flush.3
 man/man3/lh_TYPE_free.3
+man/man3/lh_TYPE_get_down_load.3
 man/man3/lh_TYPE_insert.3
 man/man3/lh_TYPE_new.3
+man/man3/lh_TYPE_num_items.3
 man/man3/lh_TYPE_retrieve.3
+man/man3/lh_TYPE_set_down_load.3
 man/man3/o2i_SCT.3
 man/man3/o2i_SCT_LIST.3
 man/man3/pem_password_cb.3
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.171 2023/12/27 15:55:58 spz Exp $
+$NetBSD: distinfo,v 1.172 2024/02/03 18:21:26 adam Exp $

-BLAKE2s (openssl-3.1.4.tar.gz) = a2fb05a80f2e8587861edfa5304e995cf7595a262d729593655209de6b67745f
-SHA512 (openssl-3.1.4.tar.gz) = a69df4a018f57dee7d8a57c8003a6869eba11f1eaa394518976642a993780d0de3326019e92dea4c679c6c581fef568ea616ec541afc0792800359c606dffcd2
-Size (openssl-3.1.4.tar.gz) = 15569450 bytes
+BLAKE2s (openssl-3.1.5.tar.gz) = 259837669e34cb57f3822c0fea435b72c517d12c54fc3b0cc5ee67a585ee49be
+SHA512 (openssl-3.1.5.tar.gz) = 82e2ac6b3d9b03f8fc66d2ec421246e989eb702eb94586515abfb5afb5300391a0beedf6a2602f61ac10896b41e5608feeeeb4d37714fa17ac0f2ce465249fa9
+Size (openssl-3.1.5.tar.gz) = 15663524 bytes
 SHA1 (patch-Configurations_unix-Makefile.tmpl) = a482c9b1be14428efb99f3ef638eccbcaea506b7
 SHA1 (patch-util_perl_OpenSSL_config.pm) = 8f335441860597d0074245d49cc9e081b0f9fd4e