diff options
author | spz <spz> | 2010-06-03 08:33:32 +0000 |
---|---|---|
committer | spz <spz> | 2010-06-03 08:33:32 +0000 |
commit | 33170704cc0047c89e166d6f4c7ea2246ba7acab (patch) | |
tree | 3deccc266895c9da97cc193787d0ece4373527a9 | |
parent | c87085f6beee5f15bbcaa92ca47141081ab3e624 (diff) | |
download | pkgsrc-33170704cc0047c89e166d6f4c7ea2246ba7acab.tar.gz |
Pullup ticket 3135 - requested by taca
security update
Revisions pulled up:
- pkgsrc/security/openssl/Makefile 1.149
- pkgsrc/security/openssl/distinfo 1.75
Files removed:
pkgsrc/security/openssl/patches/patch-bc
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Apr 12 14:19:17 UTC 2010
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Removed Files:
pkgsrc/security/openssl/patches: patch-bc
Log Message:
Update openssl package from 0.9.8m to 0.9.8n.
Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
*) When rejecting SSL/TLS records due to an incorrect version number, never
update s->server with a new major version number. As of
- OpenSSL 0.9.8m if 'short' is a 16-bit type,
- OpenSSL 0.9.8f if 'short' is longer than 16 bits,
the previous behavior could result in a read attempt at NULL when
receiving specific incorrect SSL/TLS records once record payload
protection is active. (CVE-2010-0740)
[Bodo Moeller, Adam Langley <agl@chromium.org>]
*) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
[Tomas Hoger <thoger@redhat.com>]
To generate a diff of this commit:
cvs rdiff -u -r1.146 -r1.147 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.73 -r1.74 pkgsrc/security/openssl/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/security/openssl/patches/patch-bc
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Sat May 8 06:33:41 UTC 2010
Modified Files:
pkgsrc/security/openssl: Makefile
Log Message:
Set correct architecture on Darwin
To generate a diff of this commit:
cvs rdiff -u -r1.147 -r1.148 pkgsrc/security/openssl/Makefile
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 2 13:30:11 UTC 2010
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Log Message:
Update security/openssl package to 0.9.8o.
OpenSSL CHANGES
_______________
Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
*) Correct a typo in the CMS ASN1 module which can result in invalid memory
access or freeing data twice (CVE-2010-0742)
[Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
*) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
common in certificates and some applications which only call
SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
[Steve Henson]
*) VMS fixes:
Reduce copying into .apps and .test in makevms.com
Don't try to use blank CA certificate in CA.com
Allow use of C files from original directories in maketests.com
[Steven M. Schweda" <sms@antinode.info>]
To generate a diff of this commit:
cvs rdiff -u -r1.148 -r1.149 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.74 -r1.75 pkgsrc/security/openssl/distinfo
-rw-r--r-- | security/openssl/Makefile | 12 | ||||
-rw-r--r-- | security/openssl/distinfo | 9 | ||||
-rw-r--r-- | security/openssl/patches/patch-bc | 19 |
3 files changed, 13 insertions, 27 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 97469d43fbe..c59137aa83e 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.146 2010/03/26 00:20:49 taca Exp $ +# $NetBSD: Makefile,v 1.146.2.1 2010/06/03 08:33:32 spz Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty -OPENSSL_VERS?= 0.9.8m -PKGREVISION= 2 +OPENSSL_VERS?= 0.9.8o .if empty(OPENSSL_SNAPSHOT) DISTNAME= openssl-${OPENSSL_VERS} @@ -86,6 +85,13 @@ CONFIGURE_ARGS+= tru64-alpha-gcc CONFIGURE_ARGS+= tru64-alpha-cc . endif .elif ${OPSYS} == "Darwin" +CONFIGURE_SCRIPT= ./Configure +. if ${ABI} == "64" +CONFIGURE_ARGS+= darwin64-${MACHINE_ARCH}-cc +. else +CONFIGURE_ARGS+= darwin-${MACHINE_ARCH}-cc +. endif + .include "../../mk/dlopen.buildlink3.mk" SUBST_CLASSES+= dl diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 1e1681a6c45..194d1bf84d3 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.73 2010/03/26 00:20:49 taca Exp $ +$NetBSD: distinfo,v 1.73.2.1 2010/06/03 08:33:32 spz Exp $ -SHA1 (openssl-0.9.8m.tar.gz) = 2511c709a47f34d5fa6cd1a1c9cb1699bdffa912 -RMD160 (openssl-0.9.8m.tar.gz) = 0296af151993008526b4f2b3a6810e20c4ad3759 -Size (openssl-0.9.8m.tar.gz) = 3767604 bytes +SHA1 (openssl-0.9.8o.tar.gz) = 80c73afc7dca790cd26936cb392a4dfd14d4e4d7 +RMD160 (openssl-0.9.8o.tar.gz) = c2e455a17bce59c8a54522ffaa26c3a5cb26b510 +Size (openssl-0.9.8o.tar.gz) = 3772542 bytes SHA1 (patch-aa) = b3899aebeea9bd9ead58771ca52ecec049589a55 SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208 SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3 @@ -11,4 +11,3 @@ SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302 -SHA1 (patch-bc) = 9200ae3c86fb5c278c9692441555faa4c51afb30 diff --git a/security/openssl/patches/patch-bc b/security/openssl/patches/patch-bc deleted file mode 100644 index d150c8acb7c..00000000000 --- a/security/openssl/patches/patch-bc +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-bc,v 1.1 2010/03/26 00:20:49 taca Exp $ - -Fix for CVE-2010-0740: http://www.openssl.org/news/secadv_20100324.txt - ---- ssl/s3_pkt.c.orig 2010-01-24 13:52:38.000000000 +0000 -+++ ssl/s3_pkt.c -@@ -291,9 +291,9 @@ again: - if (version != s->version) - { - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); -- /* Send back error using their -- * version number :-) */ -- s->version=version; -+ if ((s->version & 0xFF00) == (version & 0xFF00)) -+ /* Send back error using their minor version number :-) */ -+ s->version = (unsigned short)version; - al=SSL_AD_PROTOCOL_VERSION; - goto f_err; - } |