diff options
| author | spz <spz> | 2010-06-03 08:33:32 +0000 |
|---|---|---|
| committer | spz <spz> | 2010-06-03 08:33:32 +0000 |
| commit | 33170704cc0047c89e166d6f4c7ea2246ba7acab (patch) | |
| tree | 3deccc266895c9da97cc193787d0ece4373527a9 /security/openssl/patches/patch-bc | |
| parent | c87085f6beee5f15bbcaa92ca47141081ab3e624 (diff) | |
| download | pkgsrc-33170704cc0047c89e166d6f4c7ea2246ba7acab.tar.gz | |
Pullup ticket 3135 - requested by taca
security update
Revisions pulled up:
- pkgsrc/security/openssl/Makefile 1.149
- pkgsrc/security/openssl/distinfo 1.75
Files removed:
pkgsrc/security/openssl/patches/patch-bc
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Apr 12 14:19:17 UTC 2010
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Removed Files:
pkgsrc/security/openssl/patches: patch-bc
Log Message:
Update openssl package from 0.9.8m to 0.9.8n.
Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
*) When rejecting SSL/TLS records due to an incorrect version number, never
update s->server with a new major version number. As of
- OpenSSL 0.9.8m if 'short' is a 16-bit type,
- OpenSSL 0.9.8f if 'short' is longer than 16 bits,
the previous behavior could result in a read attempt at NULL when
receiving specific incorrect SSL/TLS records once record payload
protection is active. (CVE-2010-0740)
[Bodo Moeller, Adam Langley <agl@chromium.org>]
*) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
[Tomas Hoger <thoger@redhat.com>]
To generate a diff of this commit:
cvs rdiff -u -r1.146 -r1.147 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.73 -r1.74 pkgsrc/security/openssl/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/security/openssl/patches/patch-bc
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Sat May 8 06:33:41 UTC 2010
Modified Files:
pkgsrc/security/openssl: Makefile
Log Message:
Set correct architecture on Darwin
To generate a diff of this commit:
cvs rdiff -u -r1.147 -r1.148 pkgsrc/security/openssl/Makefile
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 2 13:30:11 UTC 2010
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Log Message:
Update security/openssl package to 0.9.8o.
OpenSSL CHANGES
_______________
Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
*) Correct a typo in the CMS ASN1 module which can result in invalid memory
access or freeing data twice (CVE-2010-0742)
[Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
*) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
common in certificates and some applications which only call
SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
[Steve Henson]
*) VMS fixes:
Reduce copying into .apps and .test in makevms.com
Don't try to use blank CA certificate in CA.com
Allow use of C files from original directories in maketests.com
[Steven M. Schweda" <sms@antinode.info>]
To generate a diff of this commit:
cvs rdiff -u -r1.148 -r1.149 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.74 -r1.75 pkgsrc/security/openssl/distinfo
Diffstat (limited to 'security/openssl/patches/patch-bc')
| -rw-r--r-- | security/openssl/patches/patch-bc | 19 |
1 files changed, 0 insertions, 19 deletions
diff --git a/security/openssl/patches/patch-bc b/security/openssl/patches/patch-bc deleted file mode 100644 index d150c8acb7c..00000000000 --- a/security/openssl/patches/patch-bc +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-bc,v 1.1 2010/03/26 00:20:49 taca Exp $ - -Fix for CVE-2010-0740: http://www.openssl.org/news/secadv_20100324.txt - ---- ssl/s3_pkt.c.orig 2010-01-24 13:52:38.000000000 +0000 -+++ ssl/s3_pkt.c -@@ -291,9 +291,9 @@ again: - if (version != s->version) - { - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); -- /* Send back error using their -- * version number :-) */ -- s->version=version; -+ if ((s->version & 0xFF00) == (version & 0xFF00)) -+ /* Send back error using their minor version number :-) */ -+ s->version = (unsigned short)version; - al=SSL_AD_PROTOCOL_VERSION; - goto f_err; - } |