diff options
| author | tron <tron@pkgsrc.org> | 2012-03-14 14:48:33 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2012-03-14 14:48:33 +0000 |
| commit | f0ed82b65b220383c9ce8edf782f271f88821325 (patch) | |
| tree | 695e8fa71b79708d26417399d4d13b1f565f9ca9 | |
| parent | 5cacf9c8f6525702c219fba298de4b85da6cc621 (diff) | |
| download | pkgsrc-f0ed82b65b220383c9ce8edf782f271f88821325.tar.gz | |
Pullup ticket #3702 - requested by taca
security/openssl: security update
Revisions pulled up:
- security/openssl/Makefile 1.163
- security/openssl/distinfo 1.86
- security/openssl/patches/patch-asn_mime.c deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Mar 13 03:11:32 UTC 2012
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Removed Files:
pkgsrc/security/openssl/patches: patch-asn_mime.c
Log Message:
Update openssl pacakge to 0.9.8u.
Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
in CMS and PKCS7 code. When RSA decryption fails use a random key for
content decryption and always return the same error. Note: this attack
needs on average 2^20 messages so it only affects automated senders. The
old behaviour can be reenabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
an MMA defence is not necessary.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
[Steve Henson]
*) Fix CVE-2011-4619: make sure we really are receiving a
client hello before rejecting multiple SGC restarts. Thanks to
Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
[Steve Henson]
| -rw-r--r-- | security/openssl/Makefile | 5 | ||||
| -rw-r--r-- | security/openssl/distinfo | 9 | ||||
| -rw-r--r-- | security/openssl/patches/patch-asn_mime.c | 17 |
3 files changed, 6 insertions, 25 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 85ca443b206..418e95a271a 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.159.2.2 2012/03/06 10:29:29 tron Exp $ +# $NetBSD: Makefile,v 1.159.2.3 2012/03/14 14:48:33 tron Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty -OPENSSL_VERS?= 0.9.8t +OPENSSL_VERS?= 0.9.8u .if empty(OPENSSL_SNAPSHOT) DISTNAME= openssl-${OPENSSL_VERS} @@ -22,7 +22,6 @@ MASTER_SITES= ftp://ftp.openssl.org/snapshot/ .endif SVR4_PKGNAME= ossl -PKGREVISION= 1 CATEGORIES= security MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.openssl.org/ diff --git a/security/openssl/distinfo b/security/openssl/distinfo index da10dd6019d..3f0fd530a03 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.83.2.2 2012/03/06 10:29:29 tron Exp $ +$NetBSD: distinfo,v 1.83.2.3 2012/03/14 14:48:33 tron Exp $ -SHA1 (openssl-0.9.8t.tar.gz) = 42e2ba06cc859d61f645915c9a30326eda371a5e -RMD160 (openssl-0.9.8t.tar.gz) = 8d5a32ebc94c578021bce519f92b5d31743d3e47 -Size (openssl-0.9.8t.tar.gz) = 3778943 bytes +SHA1 (openssl-0.9.8u.tar.gz) = 09b4f2d9c4588d8010eac6f4ab0c96ad0e9d66ac +RMD160 (openssl-0.9.8u.tar.gz) = e0a7fa3950ca290d0a931a130f8651e54ad2a400 +Size (openssl-0.9.8u.tar.gz) = 3781776 bytes SHA1 (patch-aa) = eb25505e8a745eb5ba85f857b0f9302fd5e9bda1 SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208 SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3 @@ -11,4 +11,3 @@ SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302 -SHA1 (patch-asn_mime.c) = 45c25660b03687a014e54a24343f775e0e6b9b71 diff --git a/security/openssl/patches/patch-asn_mime.c b/security/openssl/patches/patch-asn_mime.c deleted file mode 100644 index 58e85f5b5bb..00000000000 --- a/security/openssl/patches/patch-asn_mime.c +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-asn_mime.c,v 1.1.2.2 2012/03/06 10:29:30 tron Exp $ - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7250 - ---- crypto/asn1/asn_mime.c.orig 2012-03-05 00:08:44.000000000 +0000 -+++ crypto/asn1/asn_mime.c -@@ -790,6 +790,10 @@ static int mime_hdr_addparam(MIME_HEADER - static int mime_hdr_cmp(const MIME_HEADER * const *a, - const MIME_HEADER * const *b) - { -+ if ((*a)->name == NULL || (*b)->name == NULL) -+ return (*a)->name - (*b)->name < 0 ? -1 : -+ (*a)->name - (*b)->name > 0 ? 1 : 0; -+ - return(strcmp((*a)->name, (*b)->name)); - } - |