Navigation:
Browse pkgsrc
(this page) 2024-12-24 16:30:30 by Adam Ciarcinski | Files touched by this commit (3) |  |
Log message: openssl: updated to 3.4.0 OpenSSL 3.4 Major changes between OpenSSL 3.3 and OpenSSL 3.4.0 [22 Oct 2024] OpenSSL 3.4.0 is a feature release adding significant new functionality to OpenSSL. This release incorporates the following potentially significant or incompatible \ changes: Deprecation of TS_VERIFY_CTX_set_* functions and addition of replacement \ TS_VERIFY_CTX_set0_* functions with improved semantics Redesigned use of OPENSSLDIR/ENGINESDIR/MODULESDIR on Windows such that what \ were formerly build time locations can now be defined at run time with registry \ keys The X25519 and X448 key exchange implementation in the FIPS provider is \ unapproved and has fips=no property. SHAKE-128 and SHAKE-256 implementations have no default digest length anymore. \ That means these algorithms cannot be used with EVP_DigestFinal/_ex() unless the \ xoflen param is set before. Setting config_diagnostics=1 in the config file will cause errors to be returned \ from SSL_CTX_new() and SSL_CTX_new_ex() if there is an error in the ssl module \ configuration. An empty renegotiate extension will be used in TLS client hellos instead of the \ empty renegotiation SCSV, for all connections with a minimum TLS version > \ 1.0. Deprecation of SSL_SESSION_get_time(), SSL_SESSION_set_time() and \ SSL_CTX_flush_sessions() functions in favor of their respective _ex functions \ which are Y2038-safe on platforms with Y2038-safe time_t This release adds the following new features: Support for directly fetched composite signature algorithms such as RSA-SHA2-256 \ including new API functions FIPS indicators support in the FIPS provider and various updates of the FIPS \ provider required for future FIPS 140-3 validations Implementation of RFC 9579 (PBMAC1) in PKCS#12 An optional additional random seed source RNG JITTER using a statically linked \ jitterentropy library New options -not_before and -not_after for explicit setting start and end dates \ of certificates created with the req and x509 apps Support for integrity-only cipher suites TLS_SHA256_SHA256 and TLS_SHA384_SHA384 \ in TLS 1.3, as defined in RFC 9150 Support for requesting CRL in CMP Support for additional X.509v3 extensions related to Attribute Certificates Initial Attribute Certificate (RFC 5755) support Possibility to customize ECC groups initialization to use precomputed values to \ save CPU time and use of this feature by the P-256 implementation |
| 2024-09-17 13:31:52 by Nia Alarie | Files touched by this commit (1) |
Log message: openssl: Fix build by defining USE_TIMEGM on old Darwin versions |
| 2024-09-06 15:47:10 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: openssl: updated to 3.3.2 OpenSSL 3.3.2 is now available, including bug and security fixes: please \ download and upgrade! |
| 2024-06-05 09:47:33 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: openssl: updated to 3.3.1 Changes between 3.3.0 and 3.3.1 [4 Jun 2024] * Fixed potential use after free after SSL_free_buffers() is called. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. ([CVE-2024-4741]) * Fixed an issue where checking excessively long DSA keys or parameters may be very slow. Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error reason. ([CVE-2024-4603]) |
| 2024-05-31 18:22:21 by Aleksey Cheusov | Files touched by this commit (2) |
Log message: Fix build on 64-bit big-endian Linux/PowerPC (32-bit vs. 64-bit) |
| 2024-05-01 23:11:18 by Nia Alarie | Files touched by this commit (1) |
Log message: openssl: Threads broken with Darwin/ppc, pointed out by schmonz |
| 2024-04-16 17:47:25 by Jonathan Perkin | Files touched by this commit (1) |
Log message: openssl: Use consistent socket interfaces on SunOS. The OpenSSL codebase is a forest of preprocessor usage so it's hard to say exactly what's going wrong, but there's definitely inconsistent use across the codebase, resulting in socket failures when trying to use QUIC. Ensure recvmsg/CMSG_* interfaces are available, fixing test suite as well as some real world regressions (e.g. devel/py-poetry) noticed by users. |
| 2024-04-16 09:19:48 by Thomas Klausner | Files touched by this commit (1) |
Log message: openssl: use --libdir as openssl wants it Fixes pkg-config files. Closes PR 58157 by Colin Simmonds. Bump PKGREVISION. |
| 2024-04-10 12:34:13 by Thomas Klausner | Files touched by this commit (1) |
Log message: openssl: sh3 is not a valid MACHINE_ARCH, split into sh3eb/sh3el |
| 2024-04-10 07:23:16 by Adam Ciarcinski | Files touched by this commit (1) |
Log message: openssl: fix PLIST |
New packages: