Navigation:
Browse pkgsrc (this page)| 2026-01-28 19:14:41 by Adam Ciarcinski | Files touched by this commit (2) |
Log message: openssl: fix crash on NetBSD |
2026-01-28 08:38:55 by Adam Ciarcinski | Files touched by this commit (3) |  |
Log message: openssl: updated to 3.6.1 OpenSSL 3.6.1 is a security patch release. The most severe CVE fixed in this release is High. This release incorporates the following bug fixes and mitigations: * Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. ([CVE-2025-11187]) * Fixed Stack buffer overflow in CMS `AuthEnvelopedData` parsing. ([CVE-2025-15467]) * Fixed NULL dereference in `SSL_CIPHER_find()` function on unknown cipher ID. ([CVE-2025-15468]) * Fixed `openssl dgst` one-shot codepath silently truncates inputs >16 MiB. ([CVE-2025-15469]) * Fixed TLS 1.3 `CompressedCertificate` excessive memory allocation. ([CVE-2025-66199]) * Fixed Heap out-of-bounds write in `BIO_f_linebuffer` on short writes. ([CVE-2025-68160]) * Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB function calls. ([CVE-2025-69418]) * Fixed Out of bounds write in `PKCS12_get_friendlyname()` UTF-8 conversion. ([CVE-2025-69419]) * Fixed Missing `ASN1_TYPE` validation in `TS_RESP_verify_response()` function. ([CVE-2025-69420]) * Fixed NULL Pointer Dereference in `PKCS12_item_decrypt_d2i_ex()` function. ([CVE-2025-69421]) * Fixed Missing `ASN1_TYPE` validation in PKCS#12 parsing. ([CVE-2026-22795]) * Fixed `ASN1_TYPE` Type Confusion in the `PKCS7_digest_from_attributes()` function. ([CVE-2026-22796]) * Fixed a regression in `X509_V_FLAG_CRL_CHECK_ALL` flag handling by restoring its pre-3.6.0 behaviour. * Fixed a regression in handling stapled OCSP responses causing handshake failures for OpenSSL 3.6.0 servers with various client implementations. |
| 2025-10-05 16:22:44 by Jonathan Schleifer | Files touched by this commit (1) |
Log message: devel/openssl: Use BROKEN_ON_PLATFORM instead of NOT_FOR_PLATFORM |
| 2025-10-05 04:26:34 by Jonathan Schleifer | Files touched by this commit (1) |
Log message: security/openssl: NOT_FOR_PLATFORM+=QNX-*-* |
| 2025-10-03 11:11:10 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: openssl: updated to 3.6.0 OpenSSL 3.6.0 is a feature release adding significant new functionality to OpenSSL. This release incorporates the following potentially significant or incompatible changes: Added NIST security categories for PKEY objects. Added support for EVP_SKEY opaque symmetric key objects to the key derivation and key exchange provider methods. Added EVP_KDF_CTX_set_SKEY(), EVP_KDF_derive_SKEY(), and EVP_PKEY_derive_SKEY() functions. Added LMS signature verification support as per [SP 800-208].. This support is present in both the FIPS and default providers. An ANSI-C toolchain is no longer sufficient for building OpenSSL. The code should be built using compilers supporting C-99 features. Support for the VxWorks platforms has been removed. Added an openssl configutl utility for processing the OpenSSL configuration file and dumping the equal configuration file. Added support for FIPS 186-5 deterministic ECDSA signature generation to the FIPS provider. Deprecated EVP_PKEY_ASN1_METHOD-related functions. |
| 2025-09-30 18:11:00 by Thomas Klausner | Files touched by this commit (2) | |
Log message: openssl: update to 3.5.4. OpenSSL 3.5.4 is a security patch release. The most severe CVE fixed in this release is Moderate. This release incorporates the following bug fixes and mitigations: * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. ([CVE-2025-9230]) * Fix Timing side-channel in SM2 algorithm on 64 bit ARM. ([CVE-2025-9231]) * Fix Out-of-bounds read in HTTP client no_proxy handling. ([CVE-2025-9232]) * Reverted the synthesised `OPENSSL_VERSION_NUMBER` change for the release builds, as it broke some exiting applications that relied on the previous 3.x semantics, as documented in `OpenSSL_version(3)`. |
| 2025-09-22 07:51:24 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: openssl: updated to 3.5.3 OpenSSL 3.5.3 is a bug fix release. This release incorporates the following bug fixes and mitigations: Added FIPS 140-3 PCT on DH key generation. Fixed the synthesised OPENSSL_VERSION_NUMBER. |
| 2025-08-05 22:03:24 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: openssl: updated to 3.5.2 OpenSSL 3.5.2 is a bug fix release. This release incorporates the following bug fixes and mitigations: Miscellaneous minor bug fixes. The FIPS provider now performs a PCT on key import for RSA, EC and ECX. This is mandated by FIPS 140-3 IG 10.3.A additional comment 1. |
| 2025-07-03 09:29:11 by Adam Ciarcinski | Files touched by this commit (1) |
Log message: openssl: remove unused patch |
| 2025-07-01 16:45:15 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: openssl: updated to 3.5.1 OpenSSL 3.5.1 is a security patch release. The most severe CVE fixed in this release is Low. This release incorporates the following bug fixes and mitigations: Fix x509 application adds trusted use instead of rejected use. ([CVE-2025-4575]) |
New packages: