ports/core (3.5): [notify] openssl: updated to 1.1.1d. Fix for CVE-2019-1549, CVE-2019-1563 and CVE-2019-1547

crux at crux.nu crux at crux.nu
Wed Sep 11 18:21:21 UTC 2019


commit 32f5fb1018c7d7a12b6566d66b5243d296c1a9a8
Author: Fredrik Rinnestam <fredrik at crux.nu>
Date:   Wed Sep 11 20:21:05 2019 +0200

    [notify] openssl: updated to 1.1.1d. Fix for CVE-2019-1549, CVE-2019-1563 and CVE-2019-1547
    
    Advisory: https://www.openssl.org/news/secadv/20190910.txt

diff --git a/openssl/.footprint b/openssl/.footprint
index 59fecb07..015a785a 100644
--- a/openssl/.footprint
+++ b/openssl/.footprint
@@ -792,6 +792,7 @@ lrwxrwxrwx	root/root	usr/share/man/man3/CRYPTO_mem_debug_push.3ssl.gz -> OPENSSL
 lrwxrwxrwx	root/root	usr/share/man/man3/CRYPTO_mem_leaks.3ssl.gz -> OPENSSL_malloc.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/CRYPTO_mem_leaks_cb.3ssl.gz -> OPENSSL_malloc.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/CRYPTO_mem_leaks_fp.3ssl.gz -> OPENSSL_malloc.3ssl.gz
+-rw-r--r--	root/root	usr/share/man/man3/CRYPTO_memcmp.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/CRYPTO_new_ex_data.3ssl.gz -> CRYPTO_get_ex_new_index.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/CRYPTO_realloc.3ssl.gz -> OPENSSL_malloc.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/CRYPTO_secure_clear_free.3ssl.gz -> OPENSSL_secure_malloc.3ssl.gz
@@ -3253,6 +3254,7 @@ lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_INFO_new.3ssl.gz -> X509_dup.3s
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_add0_revoked.3ssl.gz -> X509_CRL_get0_by_serial.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_add1_ext_i2d.3ssl.gz -> X509V3_get_d2i.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_add_ext.3ssl.gz -> X509v3_get_ext_by_NID.3ssl.gz
+lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_cmp.3ssl.gz -> X509_cmp.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_delete_ext.3ssl.gz -> X509v3_get_ext_by_NID.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_digest.3ssl.gz -> X509_digest.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_dup.3ssl.gz -> X509_dup.3ssl.gz
@@ -3273,6 +3275,7 @@ lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_get_ext_d2i.3ssl.gz -> X509V3_g
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_get_issuer.3ssl.gz -> X509_get_subject_name.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_get_signature_nid.3ssl.gz -> X509_get0_signature.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_get_version.3ssl.gz -> X509_get_version.3ssl.gz
+lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_match.3ssl.gz -> X509_cmp.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_new.3ssl.gz -> X509_dup.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_set1_lastUpdate.3ssl.gz -> X509_get0_notBefore.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_CRL_set1_nextUpdate.3ssl.gz -> X509_get0_notBefore.3ssl.gz
@@ -3337,6 +3340,7 @@ lrwxrwxrwx	root/root	usr/share/man/man3/X509_NAME_add_entry.3ssl.gz -> X509_NAME
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_NAME_add_entry_by_NID.3ssl.gz -> X509_NAME_add_entry_by_txt.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_NAME_add_entry_by_OBJ.3ssl.gz -> X509_NAME_add_entry_by_txt.3ssl.gz
 -rw-r--r--	root/root	usr/share/man/man3/X509_NAME_add_entry_by_txt.3ssl.gz
+lrwxrwxrwx	root/root	usr/share/man/man3/X509_NAME_cmp.3ssl.gz -> X509_cmp.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_NAME_delete_entry.3ssl.gz -> X509_NAME_add_entry_by_txt.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_NAME_digest.3ssl.gz -> X509_digest.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_NAME_dup.3ssl.gz -> X509_dup.3ssl.gz
@@ -3537,13 +3541,16 @@ lrwxrwxrwx	root/root	usr/share/man/man3/X509_check_ip.3ssl.gz -> X509_check_host
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_check_ip_asc.3ssl.gz -> X509_check_host.3ssl.gz
 -rw-r--r--	root/root	usr/share/man/man3/X509_check_issued.3ssl.gz
 -rw-r--r--	root/root	usr/share/man/man3/X509_check_private_key.3ssl.gz
+-rw-r--r--	root/root	usr/share/man/man3/X509_cmp.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_cmp_current_time.3ssl.gz -> X509_cmp_time.3ssl.gz
 -rw-r--r--	root/root	usr/share/man/man3/X509_cmp_time.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_delete_ext.3ssl.gz -> X509v3_get_ext_by_NID.3ssl.gz
 -rw-r--r--	root/root	usr/share/man/man3/X509_digest.3ssl.gz
 -rw-r--r--	root/root	usr/share/man/man3/X509_dup.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_free.3ssl.gz -> X509_new.3ssl.gz
+lrwxrwxrwx	root/root	usr/share/man/man3/X509_get0_authority_issuer.3ssl.gz -> X509_get_extension_flags.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_get0_authority_key_id.3ssl.gz -> X509_get_extension_flags.3ssl.gz
+lrwxrwxrwx	root/root	usr/share/man/man3/X509_get0_authority_serial.3ssl.gz -> X509_get_extension_flags.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_get0_extensions.3ssl.gz -> X509V3_get_d2i.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_get0_notAfter.3ssl.gz -> X509_get0_notBefore.3ssl.gz
 -rw-r--r--	root/root	usr/share/man/man3/X509_get0_notBefore.3ssl.gz
@@ -3576,6 +3583,8 @@ lrwxrwxrwx	root/root	usr/share/man/man3/X509_get_signature_nid.3ssl.gz -> X509_g
 -rw-r--r--	root/root	usr/share/man/man3/X509_get_version.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_getm_notAfter.3ssl.gz -> X509_get0_notBefore.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_getm_notBefore.3ssl.gz -> X509_get0_notBefore.3ssl.gz
+lrwxrwxrwx	root/root	usr/share/man/man3/X509_issuer_and_serial_cmp.3ssl.gz -> X509_cmp.3ssl.gz
+lrwxrwxrwx	root/root	usr/share/man/man3/X509_issuer_name_cmp.3ssl.gz -> X509_cmp.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_load_cert_crl_file.3ssl.gz -> X509_LOOKUP_hash_dir.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_load_cert_file.3ssl.gz -> X509_LOOKUP_hash_dir.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_load_crl_file.3ssl.gz -> X509_LOOKUP_hash_dir.3ssl.gz
@@ -3593,6 +3602,7 @@ lrwxrwxrwx	root/root	usr/share/man/man3/X509_set_subject_name.3ssl.gz -> X509_ge
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_set_version.3ssl.gz -> X509_get_version.3ssl.gz
 -rw-r--r--	root/root	usr/share/man/man3/X509_sign.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_sign_ctx.3ssl.gz -> X509_sign.3ssl.gz
+lrwxrwxrwx	root/root	usr/share/man/man3/X509_subject_name_cmp.3ssl.gz -> X509_cmp.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_time_adj.3ssl.gz -> X509_cmp_time.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_time_adj_ex.3ssl.gz -> X509_cmp_time.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/X509_up_ref.3ssl.gz -> X509_new.3ssl.gz
@@ -3662,7 +3672,7 @@ lrwxrwxrwx	root/root	usr/share/man/man3/d2i_DSA_PUBKEY_bio.3ssl.gz -> d2i_X509.3
 lrwxrwxrwx	root/root	usr/share/man/man3/d2i_DSA_PUBKEY_fp.3ssl.gz -> d2i_X509.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/d2i_DSA_SIG.3ssl.gz -> d2i_X509.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/d2i_DSAparams.3ssl.gz -> d2i_X509.3ssl.gz
-lrwxrwxrwx	root/root	usr/share/man/man3/d2i_ECDSA_SIG.3ssl.gz -> ECDSA_SIG_new.3ssl.gz
+lrwxrwxrwx	root/root	usr/share/man/man3/d2i_ECDSA_SIG.3ssl.gz -> d2i_X509.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/d2i_ECPKParameters.3ssl.gz -> d2i_X509.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/d2i_ECParameters.3ssl.gz -> d2i_X509.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/d2i_ECPrivateKey.3ssl.gz -> d2i_X509.3ssl.gz
@@ -3852,7 +3862,7 @@ lrwxrwxrwx	root/root	usr/share/man/man3/i2d_DSA_PUBKEY_bio.3ssl.gz -> d2i_X509.3
 lrwxrwxrwx	root/root	usr/share/man/man3/i2d_DSA_PUBKEY_fp.3ssl.gz -> d2i_X509.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/i2d_DSA_SIG.3ssl.gz -> d2i_X509.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/i2d_DSAparams.3ssl.gz -> d2i_X509.3ssl.gz
-lrwxrwxrwx	root/root	usr/share/man/man3/i2d_ECDSA_SIG.3ssl.gz -> ECDSA_SIG_new.3ssl.gz
+lrwxrwxrwx	root/root	usr/share/man/man3/i2d_ECDSA_SIG.3ssl.gz -> d2i_X509.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/i2d_ECPKParameters.3ssl.gz -> d2i_X509.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/i2d_ECParameters.3ssl.gz -> d2i_X509.3ssl.gz
 lrwxrwxrwx	root/root	usr/share/man/man3/i2d_ECPrivateKey.3ssl.gz -> d2i_X509.3ssl.gz
diff --git a/openssl/.signature b/openssl/.signature
index 8c413b4d..4e93937d 100644
--- a/openssl/.signature
+++ b/openssl/.signature
@@ -1,6 +1,6 @@
 untrusted comment: verify with /etc/ports/core.pub
-RWRJc1FUaeVeqkhBotBtsbQJOJcNJ8jTEKwl9Enl7znAtZNuCSLSCo84VqWxw5ouVd08o4DiORS1oUF5y2FgzPTVyeVdSQ5Uug4=
-SHA256 (Pkgfile) = 4ee783ad73810b534c18c834b706517fecc4ea8632bbbb231a2638ce7cc1b21a
-SHA256 (.footprint) = c89489789f264246c476e1e520bfd8de44ee2bcd8b0b200360607528e781264a
-SHA256 (openssl-1.1.1c.tar.gz) = f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90
+RWRJc1FUaeVequyAia3aVlHLRM2gu1PbGR5ulCX/q5mV2X6BkQLxHWWX5ACAY6NRZxvd95lcI635MYGmnbk5RBIx9F0S+SbWMQQ=
+SHA256 (Pkgfile) = ae4165ce1d09be9997159f94ba59235a01597d3d251474268ae48cfe8ff3a338
+SHA256 (.footprint) = 0a3b0394156698673ab2183bfd93141f42b01f837a2163cf8f5a8e77e98d7949
+SHA256 (openssl-1.1.1d.tar.gz) = 1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2
 SHA256 (mksslcert.sh) = d01cfd061b792f4f7444429582c5c9e83aaa7fc63cafd05669fd3f2970dff779
diff --git a/openssl/Pkgfile b/openssl/Pkgfile
index 6873e887..84fd79c2 100644
--- a/openssl/Pkgfile
+++ b/openssl/Pkgfile
@@ -3,7 +3,7 @@
 # Maintainer:  CRUX System Team, core-ports at crux dot nu
 
 name=openssl
-version=1.1.1c
+version=1.1.1d
 release=1
 source=(http://www.openssl.org/source/$name-$version.tar.gz \
         mksslcert.sh)


More information about the CRUX mailing list