Commit graph

24 commits

Author SHA1 Message Date
nia
3df0f20e22 security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2021-10-26 11:16:56 +00:00
nia
fa4b2904a6 security: Remove SHA1 hashes for distfiles 2021-10-07 14:53:40 +00:00
schmonz
24d60314a4 Everything except .pc files already goes under the libressl/ hierarchy;
install .pc files there too, now fully avoiding conflicts with OpenSSL.
Add a buildlink3.mk hack for the .pc files to get found. Restore missing
${PLIST.man} to PLIST. Bump PKGREVISION.
2020-11-26 15:49:58 +00:00
schmonz
91311adb43 Not ${PREFIX}/etc, ${PKG_SYSCONFDIR}. 2020-11-02 08:17:43 +00:00
rillig
9637f7852e all: migrate homepages from http to https
pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
2020-01-26 17:30:40 +00:00
rillig
9fd786bb11 security: align variable assignments
pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
2019-11-04 21:12:51 +00:00
ryoon
4090f04985 Update to 2.7.4
Changelog:
2.7.4
We have released LibreSSL 2.7.4, a security update for the
2.7.x series. It contains the following changes:

  * Avoid a timing side-channel leak when generating DSA and ECDSA
    signatures. This is caused by an attempt to do fast modular
    arithmetic, which introduces branches that leak information
    regarding secret values. Issue identified and reported by Keegan
    Ryan of NCC Group.

  * Reject excessively large primes in DH key generation. Problem
    reported by Guido Vranken to OpenSSL
    (https://github.com/openssl/openssl/pull/6457) and based on his
    diff.

2.7.3
We have released LibreSSL 2.7.3, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is the first bugfix
release from the 2.7 series, which includes the following changes from 2.7.2:

 * Removed incorrect NULL checks in DH_set0_key(). Reported by Ondrej Sury.

 * Limited tls_config_clear_keys() to only clear private keys.
   This was inadvertently clearing the keypair, which includes the OCSP staple
   and pubkey hash - if an application called tls_configure() followed by
   tls_config_clear_keys(), this would prevent OCSP staples from working.

 * Fixed an issue normalizing CPU architecture in the configure script,
   which disabled assembly optimizations on platforms that get detected
   as 'amd64', opposed to 'x86_64'.

2.7.2
ve released LibreSSL 2.7.2, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is the first stable release
from the 2.7 series, which is also included with OpenBSD 6.3.

It includes the following changes from 2.7.1

 * Updated and added extensive new HISTORY sections to API manuals.

 * Added support for shared library builds with CMake on all supported
   platforms. Note that some of the CMake options have changed, consult
   the README for details.

LibreSSL 2.7.2 also includes:

 * Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
   observations of real-world usage in applications. These are
   implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility
   changes have not been made to existing structs, allowing code written
   for older OpenSSL APIs to continue working.

 * Extensive corrections, improvements, and additions to the
   API documentation, including new public APIs from OpenSSL that had
   no pre-existing documentation.

 * Added support for automatic library initialization in libcrypto,
   libssl, and libtls. Support for pthread_once or a compatible
   equivalent is now required of the target operating system. As a
   side-effect, minimum Windows support is Vista or higher.

 * Converted more packet handling methods to CBB, which improves
   resiliency when generating TLS messages.

 * Completed TLS extension handling rewrite, improving consistency of
   checks for malformed and duplicate extensions.

 * Rewrote ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
   This removes the last remaining use of the old M_ASN1_* macros
   (asn1_mac.h) from API that needs to continue to exist.

 * Added support for client-side session resumption in libtls.
   A libtls client can specify a session file descriptor (a regular
   file with appropriate ownership and permissions) and libtls will
   manage reading and writing of session data across TLS handshakes.

 * Improved support for strict alignment on ARMv7 architectures,
   conditionally enabling assembly in those cases.

 * Fixed a memory leak in libtls when reusing a tls_config.

 * Merged more DTLS support into the regular TLS code path, removing
   duplicated code.

 * Many improvements to Windows Cmake-based builds and tests,
   especially when targeting Visual Studio.

2.7.1
We have released LibreSSL 2.7.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the second
release from the 2.7 series, which will be part of OpenBSD 6.3.

It includes the following changes from 2.7.0

 * Fixed a bug in int_x509_param_set_hosts, calling strlen() if name
   length provided is 0 to match the OpenSSL behaviour. Issue noticed
   by Christian Heimes <christian@python.org>

 * Fixed builds macOS 10.11 and older.

LibreSSL 2.7.1 also includes:

 * Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
   observations of real-world usage in applications. These are
   implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility
   changes have not been made to existing structs, allowing code written
   for older OpenSSL APIs to continue working.

 * Extensive corrections, improvements, and additions to the
   API documentation, including new public APIs from OpenSSL that had
   no pre-existing documentation.

 * Added support for automatic library initialization in libcrypto,
   libssl, and libtls. Support for pthread_once or a compatible
   equivalent is now required of the target operating system. As a
   side-effect, minimum Windows support is Vista or higher.

 * Converted more packet handling methods to CBB, which improves
   resiliency when generating TLS messages.

 * Completed TLS extension handling rewrite, improving consistency of
   checks for malformed and duplicate extensions.

 * Rewrote ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
   This removes the last remaining use of the old M_ASN1_* macros
   (asn1_mac.h) from API that needs to continue to exist.

 * Added support for client-side session resumption in libtls.
   A libtls client can specify a session file descriptor (a regular
   file with appropriate ownership and permissions) and libtls will
   manage reading and writing of session data across TLS handshakes.

 * Improved support for strict alignment on ARMv7 architectures,
   conditionally enabling assembly in those cases.

 * Fixed a memory leak in libtls when reusing a tls_config.

 * Merged more DTLS support into the regular TLS code path, removing
   duplicated code.

 * Many improvements to Windows Cmake-based builds and tests,
   especially when targeting Visual Studio.

2.7.0
We have released LibreSSL 2.7.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the first
release from the 2.7 series, which will be part of OpenBSD 6.3.
It includes the following changes:

 * Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
   observations of real-world usage in applications. These are
   implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility
   changes have not been made to existing structs, allowing code written
   for older OpenSSL APIs to continue working.

 * Extensive corrections, improvements, and additions to the
   API documentation, including new public APIs from OpenSSL that had
   no pre-existing documentation.

 * Added support for automatic library initialization in libcrypto,
   libssl, and libtls. Support for pthread_once or a compatible
   equivalent is now required of the target operating system. As a
   side-effect, minimum Windows support is Vista or higher.

 * Converted more packet handling methods to CBB, which improves
   resiliency when generating TLS messages.

 * Completed TLS extension handling rewrite, improving consistency of
   checks for malformed and duplicate extensions.

 * Rewrote ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
   This removes the last remaining use of the old M_ASN1_* macros
   (asn1_mac.h) from API that needs to continue to exist.

 * Added support for client-side session resumption in libtls.
   A libtls client can specify a session file descriptor (a regular
   file with appropriate ownership and permissions) and libtls will
   manage reading and writing of session data across TLS handshakes.

 * Improved support for strict alignment on ARMv7 architectures,
   conditionally enabling assembly in those cases.

 * Fixed a memory leak in libtls when reusing a tls_config.

 * Merged more DTLS support into the regular TLS code path, removing
   duplicated code.

 * Many improvements to Windows Cmake-based builds and tests,
   especially when targeting Visual Studio.
2018-06-21 23:10:50 +00:00
jperkin
20648607ff libressl: Leave pkgsrc to handle security features. 2018-02-02 13:46:00 +00:00
rillig
17e39f419d Fix indentation in buildlink3.mk files.
The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.

There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
2018-01-07 13:03:53 +00:00
maya
c1257222b3 libressl: update to 2.5.4
We have released LibreSSL 2.5.4, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. It includes the following
changes:

  * Reverted a previous change that forced consistency between return
    value and error code when specifing a certificate verification
    callback, since this breaks the documented API. When a user supplied
    callback always returns 1, and later code checks the error code to
    potentially abort post verification, this will result in incorrect
    successul certificate verification.

  * Switched Linux getrandom() usage to non-blocking mode, continuing to
    use fallback mechanims if unsuccessful. This works around a design
    flaw in Linux getrandom(2) where early boot usage in a library makes
    it impossible to recover if getrandom(2) is not yet initialized.

  * Fixed a bug caused by the return value being set early to signal
    successful DTLS cookie validation. This can mask a later failure and
    result in a positive return value being returned from
    ssl3_get_client_hello(), when it should return a negative value to
    propagate the error.

  * Fixed a build error on non-x86/x86_64 systems running Solaris.

We have released LibreSSL 2.5.3, based on OpenBSD 6.1, which will be the new
stable release series. LibreSSL 2.3.x support has also ended. LibreSSL 2.5.3
contains the following changes from the previous stable release.

 * libtls now supports ALPN and SNI

 * libtls adds a new callback interface for integrating custom IO functions.
    Thanks to Tobias Pape.

 * libtls now handles 4 cipher suite groups:
    "secure" (TLSv1.2+AEAD+PFS)
    "compat" (HIGH:!aNULL)
    "legacy" (HIGH:MEDIUM:!aNULL)
    "insecure" (ALL:!aNULL:!eNULL)
   This allows for flexibility and finer grained control, rather than having
   two extremes (an issue raised by Marko Kreen some time ago).

 * Tightened error handling for tls_config_set_ciphers().

 * libtls now always loads CA, key and certificate files at the time the
   configuration function is called. This simplifies code and results in a single
   memory based code path being used to provide data to libssl.

 * Added support for OCSP intermediate certificates.

 * Added functions used by stunnel and exim from BoringSSL - this brings in
   X509_check_host, X509_check_email, X509_check_ip, and X509_check_ip_asc.

 * Added initial support for iOS, thanks to Jacob Berkman.

 * Improved behavior of arc4random on Windows when using memory leak analysis
   software.

 * Correctly handle an EOF that occurs prior to the TLS handshake completing.
    Reported by Vasily Kolobkov, based on a diff from Marko Kreen.

 * Limit the support of the "backward compatible" ssl2 handshake to only be
   used if TLS 1.0 is enabled.

 * Fix incorrect results in certain cases on 64-bit systems when BN_mod_word()
   can return incorrect results. BN_mod_word() now can return an error condition.
   Thanks to Brian Smith.

 * Added constant-time updates to address CVE-2016-0702

 * Fixed undefined behavior in BN_GF2m_mod_arr()

 * Removed unused Cryptographic Message Support (CMS)

 * More conversions of long long idioms to time_t

 * Improved compatibility by avoiding printing NULL strings with printf.

 * Reverted change that cleans up the EVP cipher context in EVP_EncryptFinal()
   and EVP_DecryptFinal(). Some software relies on the previous behaviour.

 * Avoid unbounded memory growth in libssl, which can be triggered by a TLS
   client repeatedly renegotiating and sending OCSP Status Request TLS extensions.

 * Avoid falling back to a weak digest for (EC)DH when using SNI with libssl.

 * X509_cmp_time() now passes a malformed GeneralizedTime field as an error.
   Reported by Theofilos Petsios.

 * Detect zero-length encrypted session data early, instead of when malloc(0)
   fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi.

 * Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate().

 * Massive update and normalization of manpages, conversion to mandoc format.
   Many pages were rewritten for clarity and accuracy. Portable doc links are
   up-to-date with a new conversion tool.

 * Curve25519 Key Exchange support.

 * Support for alternate chains for certificate verification.

 * Code cleanups, CBB conversions, further unification of DTLS/SSL handshake
   code, further ASN1 macro expansion and removal.

 * Private symbols are now hidden in libssl and libcrypto.

 * Friendly certificate verification error messages in libtls, peer
   verification is now always enabled.

 * Added OCSP stapling support to libtls and nc.

 * Added ocspcheck utility to validate a certificate against its OCSP responder
   and save the reply for stapling

 * Enhanced regression tests and error handling for libtls.

 * Added explicit constant and non-constant time BN functions, defaulting to
   constant time wherever possible.

 * Moved many leaked implementation details in public structs behind opaque
   pointers.

 * Added ticket support to libtls.

 * Added support for setting the supported EC curves via
   SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
   SSL{_CTX}_set1_curves{_list} names. This also changes the default list of
   curves to be X25519, P-256 and P-384. All other curves must be manually
   enabled.

 * Added -groups option to openssl(1) s_client for specifying the curves to be
   used in a colon-separated list.

 * Merged client/server version negotiation code paths into one, reducing much
   duplicate code.

 * Removed error function codes from libssl and libcrypto.

 * Fixed an issue where a truncated packet could crash via an OOB read.

 * Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows client-initiated
   renegotiation. This is the default for libtls servers.

 * Avoid a side-channel cache-timing attack that can leak the ECDSA private
   keys when signing. This is due to BN_mod_inverse() being used without the
   constant time flag being set. Reported by Cesar Pereida Garcia and Billy
   Brumley (Tampere University of Technology). The fix was developed by Cesar
   Pereida Garcia.

 * iOS and MacOS compatibility updates from Simone Basso and Jacob Berkman.

 * Added the recallocarray(3) memory allocation function, and converted various
   places in the library to use it, such as CBB and BUF_MEM_grow. recallocarray(3)
   is similar to reallocarray. Newly allocated memory is cleared similar to
   calloc(3). Memory that becomes unallocated while shrinking or moving existing
   allocations is explicitly discarded by unmapping or clearing to 0.

 * Added new root CAs from SECOM Trust Systems / Security Communication of Japan.

 * Added EVP interface for MD5+SHA1 hashes.

 * Fixed DTLS client failures when the server sends a certificate request.

 * Correct handling of padding when upgrading an SSLv2 challenge into an
   SSLv3/TLS connection.

 * Allow protocols and ciphers to be set on a TLS config object in libtls.

 * Improved nc(1) TLS handshake CPU usage and server-side error reporting.

 * Add a constant time version of BN_gcd and use it default for BN_gcd to avoid
   the possibility of sidechannel timing attacks against RSA private key
   generation - Thanks to Alejandro Cabrera


We have released LibreSSL 2.5.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. It includes the following
changes:

    * Added the recallocarray(3) memory allocation function, and converted
      various places in the library to use it, such as CBB and BUF_MEM_grow.
      recallocarray(3) is similar to reallocarray. Newly allocated memory
      is cleared similar to calloc(3). Memory that becomes unallocated
      while shrinking or moving existing allocations is explicitly
      discarded by unmapping or clearing to 0.

    * Added new root CAs from SECOM Trust Systems / Security Communication
      of Japan.

    * Added EVP interface for MD5+SHA1 hashes.

    * Fixed DTLS client failures when the server sends a certificate
      request.

    * Correct handling of padding when upgrading an SSLv2 challenge into
      an SSLv3/TLS connection.

    * Allow protocols and ciphers to be set on a TLS config object in
      libtls.

    * Improved nc(1) TLS handshake CPU usage and server-side error
      reporting.

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
2017-05-03 11:19:04 +00:00
wiz
efcd64c341 Updated libressl to 2.5.1.
2.5.1 - Bug and security fixes, new features, documentation updates

	* X509_cmp_time() now passes a malformed GeneralizedTime field as an
	  error. Reported by Theofilos Petsios.

	* Detect zero-length encrypted session data early, instead of when
	  malloc(0) fails or the HMAC check fails. Noted independently by
	  jsing@ and Kurt Cancemi.

	* Check for and handle failure of HMAC_{Update,Final} or
	  EVP_DecryptUpdate().

	* Massive update and normalization of manpages, conversion to
	  mandoc format. Many pages were rewritten for clarity and accuracy.
	  Portable doc links are up-to-date with a new conversion tool.

	* Curve25519 Key Exchange support.

	* Support for alternate chains for certificate verification.

	* Code cleanups, CBS conversions, further unification of DTLS/SSL
	  handshake code, further ASN1 macro expansion and removal.

	* Private symbol are now hidden in libssl and libcryto.

	* Friendly certificate verification error messages in libtls, peer
	  verification is now always enabled.

	* Added OCSP stapling support to libtls and netcat.

	* Added ocspcheck utility to validate a certificate against its OCSP
	  responder and save the reply for stapling

	* Enhanced regression tests and error handling for libtls.

	* Added explicit constant and non-constant time BN functions,
	  defaulting to constant time wherever possible.

	* Moved many leaked implementation details in public structs behind
	  opaque pointers.

	* Added ticket support to libtls.

	* Added support for setting the supported EC curves via
	  SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
	  SSL{_CTX}_set1_curves{_list} names. This also changes the default
	  list of curves to be X25519, P-256 and P-384. All other curves must
          be manually enabled.

	* Added -groups option to openssl(1) s_client for specifying the curves
          to be used in a colon-separated list.

	* Merged client/server version negotiation code paths into one,
	  reducing much duplicate code.

	* Removed error function codes from libssl and libcrypto.

	* Fixed an issue where a truncated packet could crash via an OOB read.

	* Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
	  client-initiated renegotiation. This is the default for libtls
	  servers.

	* Avoid a side-channel cache-timing attack that can leak the ECDSA
	  private keys when signing. This is due to BN_mod_inverse() being
	  used without the constant time flag being set. Reported by Cesar
	  Pereida Garcia and Billy Brumley (Tampere University of Technology).
	  The fix was developed by Cesar Pereida Garcia.

	* iOS and MacOS compatibility updates from Simone Basso and Jacob
	  Berkman.
2017-02-02 15:31:16 +00:00
wiz
4e062c499f Updated libressl to 2.5.0.
2.5.0 - New APIs, bug fixes and improvements

	* libtls now supports ALPN and SNI

	* libtls adds a new callback interface for integrating custom IO
	  functions. Thanks to Tobias Pape.

	* libtls now handles 4 cipher suite groups:
	    "secure" (TLSv1.2+AEAD+PFS)
	    "compat" (HIGH:!aNULL)
	    "legacy" (HIGH:MEDIUM:!aNULL)
	    "insecure" (ALL:!aNULL:!eNULL)

	    This allows for flexibility and finer grained control, rather than
	    having two extremes (an issue raised by Marko Kreen some time ago).

	* Tightened error handling for tls_config_set_ciphers().

	* libtls now always loads CA, key and certificate files at the time the
	  configuration function is called. This simplifies code and results in
	  a single memory based code path being used to provide data to libssl.

	* Add support for OCSP intermediate certificates.

	* Added functions used by stunnel and exim from BoringSSL - this
	  brings in X509_check_host, X509_check_email, X509_check_ip, and
	  X509_check_ip_asc.

	* Added initial support for iOS, thanks to Jacob Berkman.

	* Improved behavior of arc4random on Windows when using memory leak
	  analysis software.

	* Correctly handle an EOF that occurs prior to the TLS handshake
	  completing. Reported by Vasily Kolobkov, based on a diff from Marko
	  Kreen.

	* Limit the support of the "backward compatible" ssl2 handshake to
	  only be used if TLS 1.0 is enabled.

	* Fix incorrect results in certain cases on 64-bit systems when
	  BN_mod_word() can return incorrect results. BN_mod_word() now can
	  return an error condition. Thanks to Brian Smith.

	* Added constant-time updates to address CVE-2016-0702

	* Fixed undefined behavior in BN_GF2m_mod_arr()

	* Removed unused Cryptographic Message Support (CMS)

	* More conversions of long long idioms to time_t

	* Improved compatibility by avoiding printing NULL strings with
	  printf.

	* Reverted change that cleans up the EVP cipher context in
	  EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
	  previous behaviour.

	* Avoid unbounded memory growth in libssl, which can be triggered by a
	  TLS client repeatedly renegotiating and sending OCSP Status Request
	  TLS extensions.

	* Avoid falling back to a weak digest for (EC)DH when using SNI with
	  libssl.

2.4.2 - Bug fixes and improvements

	* Fixed loading default certificate locations with openssl s_client.

	* Ensured OSCP only uses and compares GENERALIZEDTIME values as per
	  RFC6960. Also added fixes for OCSP to work with intermediate
	  certificates provided in responses.

	* Improved behavior of arc4random on Windows to not appear to leak
	  memory in debug tools, reduced privileges of allocated memory.

	* Fixed incorrect results from BN_mod_word() when the modulus is too
	  large, thanks to Brian Smith from BoringSSL.

	* Correctly handle an EOF prior to completing the TLS handshake in
	  libtls.

	* Improved libtls ceritificate loading and cipher string validation.

	* Updated libtls cipher group suites into four categories:
	    "secure"   (TLSv1.2+AEAD+PFS)
	    "compat"   (HIGH:!aNULL)
	    "legacy"   (HIGH:MEDIUM:!aNULL)
	    "insecure" (ALL:!aNULL:!eNULL)
	  This allows for flexibility and finer grained control, rather than
	  having two extremes.

	* Limited support for 'backward compatible' SSLv2 handshake packets to
	  when TLS 1.0 is enabled, providing more restricted compatibility
	  with TLS 1.0 clients.

	* openssl(1) and other documentation improvements.

	* Removed flags for disabling constant-time operations.
	  This removes support for DSA_FLAG_NO_EXP_CONSTTIME,
	  DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making
	  all of these operations unconditionally constant-time.


2.4.1 - Security fix

	* Correct a problem that prevents the DSA signing algorithm from
	  running in constant time even if the flag BN_FLG_CONSTTIME is set.
	  This issue was reported by Cesar Pereida (Aalto University), Billy
	  Brumley (Tampere University of Technology), and Yuval Yarom (The
	  University of Adelaide and NICTA). The fix was developed by Cesar
	  Pereida.

2.4.0 - Build improvements, new features

	* Many improvements to the CMake build infrastructure, including
	  Solaris, mingw-w64, Cygwin, and HP-UX support. Thanks to Kinichiro
	  Inoguchi for this work.

	* Added missing error handling around bn_wexpand() calls.

	* Added explicit_bzero calls for freed ASN.1 objects.

	* Fixed X509_*set_object functions to return 0 on allocation failure.

	* Implemented the IETF ChaCha20-Poly1305 cipher suites.

	* Changed default EVP_aead_chacha20_poly1305() implementation to the
	  IETF version, which is now the default.

	* Fixed password prompts from openssl(1) to properly handle ^C.

	* Reworked error handling in libtls so that configuration errors are
	  visible.

	* Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.

	* Manpage fixes and updates
2016-10-04 11:39:23 +00:00
maya
881cd485c3 libressl: update to 2.3.8
* Avoid unbounded memory growth in libssl, which can be triggered by a
      TLS client repeatedly renegotiating and sending OCSP Status Request
      TLS extensions.

    * Avoid falling back to a weak digest for (EC)DH when using SNI with
      libssl.
2016-09-27 21:26:05 +00:00
wiz
a499c966ce Fix BUILDLINK_PASSTHRU_DIRS arguments. 2016-07-26 11:53:24 +00:00
wiz
bf3364ba24 Remove obsolete patches. 2016-07-04 20:41:26 +00:00
wiz
6076b38e96 Updated libressl to 2.3.6 (latest stable version, 2.4.x is development).
2.3.6 - Security fix

	* Correct a problem that prevents the DSA signing algorithm from
	  running in constant time even if the flag BN_FLG_CONSTTIME is set.
	  This issue was reported by Cesar Pereida (Aalto University), Billy
	  Brumley (Tampere University of Technology), and Yuval Yarom (The
	  University of Adelaide and NICTA). The fix was developed by Cesar
	  Pereida. See OpenBSD 5.9 errata 11, June 6, 2016

2.3.5 - Reliability fix

	* Fixed an error in libcrypto when parsing some ASN.1 elements > 16k.

2.3.4 - Security Update

	* Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.
	From OpenSSL.

	* Minor build fixes

2.3.3 - OpenBSD 5.9 release branch tagged

	* Reworked build scripts to better sync with OpenNTPD-portable

	* Fixed broken manpage links

	* Fixed an nginx compatibility issue by adding an 'install_sw' make alias

	* Fixed HP-UX builds

	* Changed the default configuration directory to c:\LibreSSL\ssl on Windows
	  binary builds

	* cert.pem has been reorganized and synced with Mozilla's certificate store

2.3.2 - Compatibility and Reliability fixes

	* Changed format of LIBRESSL_VERSION_NUMBER to match that of
	  OPENSSL_VERSION_NUMBER, see:
	  https://wiki.openssl.org/index.php/Manual:OPENSSL_VERSION_NUMBER(3)

	* Added EVP_aead_chacha20_poly1305_ietf() which matches the AEAD
	  construction introduced in RFC 7539, which is different than that
	  already used in TLS with EVP_aead_chacha20_poly1305()

	* Avoid a potential undefined C99+ behavior due to shift overflow in
	  AES_decrypt, reported by Pascal Cuoq <cuoq at trust-in-soft.com>

	* More man pages converted from pod to mdoc format

	* Added COMODO RSA Certification Authority and QuoVadis
	  root certificates to cert.pem

	* Removed Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
	  Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
	  certificate from cert.pem

	* Added support for building nc(1) on Solaris

	* Fixed GCC 5.x+ preprocessor checks, reported by Ruslan Babayev

	* Improved console handling with openssl(1) on Windows

	* Ensure the network stack is enabled on Windows when running
	  tls_init()

	* Fixed incorrect TLS certificate loading by nc(1)

	* Added support for Solaris 11.3's getentropy(2) system call

	* Enabled support for using NetBSD 7.0's arc4random(3) implementation

	* Deprecated the SSL_OP_SINGLE_DH_USE flag by disabling its effect

	* Fixes from OpenSSL 1.0.1q
	 - CVE-2015-3194 - NULL pointer dereference in client side certificate
	                   validation.
	 - CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL

	* The following OpenSSL CVEs did not apply to LibreSSL
	 - CVE-2015-3193 - Carry propagating bug in the x86_64 Montgomery
	                   squaring procedure.
	 - CVE-2015-3196 - Double free race condition of the identify hint
	                   data.

	 See https://marc.info/?l=openbsd-announce&m=144925068504102

2.3.1 - ASN.1 and time handling cleanups

	* ASN.1 cleanups and RFC5280 compliance fixes.

	* Time representations switched from 'unsigned long' to 'time_t'. LibreSSL
	  now checks if the host OS supports 64-bit time_t.

	* Fixed a leak in SSL_new in the error path.

	* Support always extracting the peer cipher and version with libtls.

	* Added ability to check certificate validity times with libtls,
	  tls_peer_cert_notbefore and tls_peer_cert_notafter.

	* Changed tls_connect_servername to use the first address that resolves with
	  getaddrinfo().

	* Remove broken conditional EVP_CHECK_DES_KEY code (non-functional since
	  initial commit in 2004).

	* Fixed a memory leak and out-of-bounds access in OBJ_obj2txt, reported
	  by Qualys Security.

	* Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
	  sizeof(RC4_CHUNK), reported by Pascal Cuoq <cuoq at trust-in-soft.com>.

	* Reject too small bits value in BN_generate_prime_ex(), so that it does
	  not risk becoming negative in probable_prime_dh_safe(), reported by
		Franck Denis.

	* Enable nc(1) builds on more platforms.

2.3.0 - SSLv3 removed, libtls API changes, portability improvements

	* SSLv3 is now permanently removed from the tree.

	* The libtls API is changed from the 2.2.x series.

	  The read/write functions work correctly with external event
	  libraries.  See the tls_init man page for examples of using libtls
	  correctly in asynchronous mode.

	  Client-side verification is now supported, with the client supplying
	  the certificate to the server.

	  Also, when using tls_connect_fds, tls_connect_socket or
	  tls_accept_fds, libtls no longer implicitly closes the passed in
	  sockets. The caller is responsible for closing them in this case.

	* When loading a DSA key from an raw (without DH parameters) ASN.1
	  serialization, perform some consistency checks on its `p' and `q'
	  values, and return an error if the checks failed.

	  Thanks for Georgi Guninski (guninski at guninski dot com) for
	  mentioning the possibility of a weak (non prime) q value and
	  providing a test case.

	  See
	  https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html
	  for a longer discussion.

	* Fixed a bug in ECDH_compute_key that can lead to silent truncation
	  of the result key without error. A coding error could cause software
	  to use much shorter keys than intended.

	* Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no
	  longer supported.

	* The engine command and parameters are removed from the openssl(1).
	  Previous releases removed dynamic and builtin engine support
	  already.

	* SHA-0 is removed, which was withdrawn shortly after publication 20
	  years ago.

	* Added Certplus CA root certificate to the default cert.pem file.

	* New interface OPENSSL_cpu_caps is provided that does not allow
	  software to inadvertently modify cpu capability flags.
	  OPENSSL_ia32cap and OPENSSL_ia32cap_loc are removed.

	* The out_len argument of AEAD changed from ssize_t to size_t.

	* Deduplicated DTLS code, sharing bugfixes and improvements with
	  TLS.

	* Converted 'nc' to use libtls for client and server operations; it is
	  included in the libressl-portable distribution as an example of how
	  to use the library.
2016-07-03 13:46:06 +00:00
wiz
b027fca660 Move pkgconfig files to default location, so they can be found by default.
Bump PKGREVISION.

ok jperkin
2016-06-29 08:23:33 +00:00
wiz
20142ca8e5 Add missing PKGCONFIG_OVERRIDE line for libtls.pc. Bump PKGREVISION. 2016-06-28 13:10:51 +00:00
wiz
a37cc592ce Add buildlink3.mk that passes through directories and adds them to the
preprocessor and linker flags.
2016-06-26 21:36:06 +00:00
sevan
652a9c1ed0 Update to 2.2.6
From http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.6-relnotes.txt
This release is based on the stable OpenBSD 5.8 branch.

	* Deprecated the SSL_OP_SINGLE_DH_USE flag
2016-03-01 02:07:48 +00:00
sevan
7fba822dbb Do not account for BN_print(3) on OS X as this file will not be present a case
insensitive filesystem.
2016-03-01 01:46:00 +00:00
sevan
74dc0e7a18 BUILDLINK_PASSTHRU_RPATHDIRS is required when building on OpenBSD & NetBSD
Resolves PR 50625
Thanks to jgw AT SDF for PR and kamil@ for the heads up.
2016-03-01 01:39:18 +00:00
sevan
b913cb63e8 Add description to patches 2016-01-05 12:51:20 +00:00
sevan
71b4f764cb Import LibreSSL, this will allow it to get a broader range of testing through
the bulk builds before it's plugged into pkgsrc as an OpenSSL alternative within
the infrastructure.

Reviewed by wiz@
2016-01-05 01:09:21 +00:00