diff options
| author | taca <taca@pkgsrc.org> | 2012-04-24 05:03:48 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2012-04-24 05:03:48 +0000 |
| commit | 702130711af501f1446889ff02b9e5b77d735b68 (patch) | |
| tree | 7fd88d74ff04be8320ef8c315273b333a7679406 | |
| parent | dabbd1646c0dfa44a6d38824d4c89f8467f2dc19 (diff) | |
| download | pkgsrc-702130711af501f1446889ff02b9e5b77d735b68.tar.gz | |
Update openssl package to 0.9.8w.
Security fix for CVS-2012-2131.
Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
*) The fix for CVE-2012-2110 did not take into account that the
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter. (CVE-2012-2131)
[Tomas Hoger <thoger@redhat.com>]
| -rw-r--r-- | security/openssl/Makefile | 4 | ||||
| -rw-r--r-- | security/openssl/distinfo | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 58e0ea18971..fca319d690d 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.165 2012/04/21 07:38:14 taca Exp $ +# $NetBSD: Makefile,v 1.166 2012/04/24 05:03:48 taca Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty -OPENSSL_VERS?= 0.9.8v +OPENSSL_VERS?= 0.9.8w .if empty(OPENSSL_SNAPSHOT) DISTNAME= openssl-${OPENSSL_VERS} diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 8e77305be65..bc6d3391b70 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.87 2012/04/21 07:38:14 taca Exp $ +$NetBSD: distinfo,v 1.88 2012/04/24 05:03:48 taca Exp $ -SHA1 (openssl-0.9.8v.tar.gz) = ceacc6750b1e912d10ad1da964c90fcffbd6566e -RMD160 (openssl-0.9.8v.tar.gz) = a59dd24ac07be9118a4b23b6d1874fd46d2b797a -Size (openssl-0.9.8v.tar.gz) = 3782207 bytes +SHA1 (openssl-0.9.8w.tar.gz) = 6dd276534f87aaca4bee679537fef3aaa6b43069 +RMD160 (openssl-0.9.8w.tar.gz) = 6904c2b85a199b8ec0262ba7d52adbbe7e8df351 +Size (openssl-0.9.8w.tar.gz) = 3782900 bytes SHA1 (patch-aa) = eb25505e8a745eb5ba85f857b0f9302fd5e9bda1 SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208 SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3 |