pkgsrc.se | The NetBSD package collection

./security/openssl, Secure Socket Layer and cryptographic library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 3.6.1, Package name: openssl-3.6.1, Maintainer: pkgsrc-users

The OpenSSL Project is a collaborative effort to develop a
robust, commercial-grade, full-featured, and Open Source
toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as
a full-strength general purpose cryptography library. The
project is managed by a worldwide community of volunteers
that use the Internet to communicate, plan, and develop the
OpenSSL toolkit and its related documentation.

This package contains major version 3 of OpenSSL.

MESSAGE.SunOS [+/-]

Required to build:
[pkgtools/cwrappers]

Package options: threads

Master sites:

https://github.com/openssl/ (Download)

Filesize: 53605.421 KB

Version history: (Expand)

(2026-01-28) Updated to version: openssl-3.6.1
(2025-10-24) Package has been reborn
(2025-10-24) Package deleted from pkgsrc
(2025-10-03) Updated to version: openssl-3.6.0
(2025-09-30) Updated to version: openssl-3.5.4
(2025-09-22) Updated to version: openssl-3.5.3

CVS history: (Expand)

2026-01-28 19:14:41 by Adam Ciarcinski | Files touched by this commit (2)

Log message:
openssl: fix crash on NetBSD

2026-01-28 08:38:55 by Adam Ciarcinski | Files touched by this commit (3) | Package updated

Log message:
openssl: updated to 3.6.1

OpenSSL 3.6.1 is a security patch release. The most severe CVE fixed in this
release is High.

This release incorporates the following bug fixes and mitigations:

  * Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
    ([CVE-2025-11187])

  * Fixed Stack buffer overflow in CMS `AuthEnvelopedData` parsing.
    ([CVE-2025-15467])

  * Fixed NULL dereference in `SSL_CIPHER_find()` function on unknown cipher ID.
    ([CVE-2025-15468])

  * Fixed `openssl dgst` one-shot codepath silently truncates inputs >16 MiB.
    ([CVE-2025-15469])

  * Fixed TLS 1.3 `CompressedCertificate` excessive memory allocation.
    ([CVE-2025-66199])

  * Fixed Heap out-of-bounds write in `BIO_f_linebuffer` on short writes.
    ([CVE-2025-68160])

  * Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB
    function calls.
    ([CVE-2025-69418])

  * Fixed Out of bounds write in `PKCS12_get_friendlyname()` UTF-8 conversion.
    ([CVE-2025-69419])

  * Fixed Missing `ASN1_TYPE` validation in `TS_RESP_verify_response()`
    function.
    ([CVE-2025-69420])

  * Fixed NULL Pointer Dereference in `PKCS12_item_decrypt_d2i_ex()` function.
    ([CVE-2025-69421])

  * Fixed Missing `ASN1_TYPE` validation in PKCS#12 parsing.
    ([CVE-2026-22795])

  * Fixed `ASN1_TYPE` Type Confusion in the `PKCS7_digest_from_attributes()`
    function.
    ([CVE-2026-22796])

  * Fixed a regression in `X509_V_FLAG_CRL_CHECK_ALL` flag handling by
    restoring its pre-3.6.0 behaviour.

  * Fixed a regression in handling stapled OCSP responses causing handshake
    failures for OpenSSL 3.6.0 servers with various client implementations.

2025-10-05 16:22:44 by Jonathan Schleifer | Files touched by this commit (1)

Log message:
devel/openssl: Use BROKEN_ON_PLATFORM instead of NOT_FOR_PLATFORM

2025-10-05 04:26:34 by Jonathan Schleifer | Files touched by this commit (1)

Log message:
security/openssl: NOT_FOR_PLATFORM+=QNX-*-*

2025-10-03 11:11:10 by Adam Ciarcinski | Files touched by this commit (3) | Package updated

Log message:
openssl: updated to 3.6.0

OpenSSL 3.6.0 is a feature release adding significant new functionality to OpenSSL.

This release incorporates the following potentially significant or incompatible
changes:

Added NIST security categories for PKEY objects.

Added support for EVP_SKEY opaque symmetric key objects to the key
derivation and key exchange provider methods. Added EVP_KDF_CTX_set_SKEY(),
EVP_KDF_derive_SKEY(), and EVP_PKEY_derive_SKEY() functions.

Added LMS signature verification support as per [SP 800-208]..
This support is present in both the FIPS and default providers.

An ANSI-C toolchain is no longer sufficient for building OpenSSL.
The code should be built using compilers supporting C-99 features.

Support for the VxWorks platforms has been removed.

Added an openssl configutl utility for processing the OpenSSL
configuration file and dumping the equal configuration file.

Added support for FIPS 186-5 deterministic ECDSA signature
generation to the FIPS provider.

Deprecated EVP_PKEY_ASN1_METHOD-related functions.

2025-09-30 18:11:00 by Thomas Klausner | Files touched by this commit (2) | Package updated

Log message:
openssl: update to 3.5.4.

OpenSSL 3.5.4 is a security patch release. The most severe CVE fixed in this
release is Moderate.

This release incorporates the following bug fixes and mitigations:

  * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap.
    ([CVE-2025-9230])

  * Fix Timing side-channel in SM2 algorithm on 64 bit ARM.
    ([CVE-2025-9231])

  * Fix Out-of-bounds read in HTTP client no_proxy handling.
    ([CVE-2025-9232])

  * Reverted the synthesised `OPENSSL_VERSION_NUMBER` change for the release
    builds, as it broke some exiting applications that relied on the previous
    3.x semantics, as documented in `OpenSSL_version(3)`.

2025-09-22 07:51:24 by Adam Ciarcinski | Files touched by this commit (3) | Package updated

Log message:
openssl: updated to 3.5.3

OpenSSL 3.5.3 is a bug fix release.

This release incorporates the following bug fixes and mitigations:

Added FIPS 140-3 PCT on DH key generation.
Fixed the synthesised OPENSSL_VERSION_NUMBER.

2025-08-05 22:03:24 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
openssl: updated to 3.5.2

OpenSSL 3.5.2 is a bug fix release.

This release incorporates the following bug fixes and mitigations:

Miscellaneous minor bug fixes.
The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.