Update openssl pacakge to 0.9.8u.

 Changes between 0.9.8t and 0.9.8u [12 Mar 2012]

  *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
     in CMS and PKCS7 code. When RSA decryption fails use a random key for
     content decryption and always return the same error. Note: this attack
     needs on average 2^20 messages so it only affects automated senders. The
     old behaviour can be reenabled in the CMS code by setting the
     CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
     an MMA defence is not necessary.
     Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
     this issue. (CVE-2012-0884)
     [Steve Henson]

  *) Fix CVE-2011-4619: make sure we really are receiving a
     client hello before rejecting multiple SGC restarts. Thanks to
     Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
     [Steve Henson]

3 files changed, 6 insertions, 25 deletions

diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index eb2db2c99d0..7876125a616 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.162 2012/03/05 00:26:54 pettai Exp $
+# $NetBSD: Makefile,v 1.163 2012/03/13 03:11:32 taca Exp $
 
 OPENSSL_SNAPSHOT?=	# empty
 OPENSSL_STABLE?=	# empty
-OPENSSL_VERS?=		0.9.8t
+OPENSSL_VERS?=		0.9.8u
 
 .if empty(OPENSSL_SNAPSHOT)
 DISTNAME=	openssl-${OPENSSL_VERS}
@@ -22,7 +22,6 @@ MASTER_SITES=	ftp://ftp.openssl.org/snapshot/
 .endif
 
 SVR4_PKGNAME=	ossl
-PKGREVISION=	1
 CATEGORIES=	security
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://www.openssl.org/
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index 72ab64e0c10..8cb835e4b16 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.85 2012/03/05 00:26:54 pettai Exp $
+$NetBSD: distinfo,v 1.86 2012/03/13 03:11:32 taca Exp $
 
-SHA1 (openssl-0.9.8t.tar.gz) = 42e2ba06cc859d61f645915c9a30326eda371a5e
-RMD160 (openssl-0.9.8t.tar.gz) = 8d5a32ebc94c578021bce519f92b5d31743d3e47
-Size (openssl-0.9.8t.tar.gz) = 3778943 bytes
+SHA1 (openssl-0.9.8u.tar.gz) = 09b4f2d9c4588d8010eac6f4ab0c96ad0e9d66ac
+RMD160 (openssl-0.9.8u.tar.gz) = e0a7fa3950ca290d0a931a130f8651e54ad2a400
+Size (openssl-0.9.8u.tar.gz) = 3781776 bytes
 SHA1 (patch-aa) = eb25505e8a745eb5ba85f857b0f9302fd5e9bda1
 SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208
 SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3
@@ -11,4 +11,3 @@ SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6
 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8
 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0
 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302
-SHA1 (patch-asn_mime.c) = 45c25660b03687a014e54a24343f775e0e6b9b71
diff --git a/security/openssl/patches/patch-asn_mime.c b/security/openssl/patches/patch-asn_mime.c
deleted file mode 100644
index d44032fd797..00000000000
--- a/security/openssl/patches/patch-asn_mime.c
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD: patch-asn_mime.c,v 1.1 2012/03/05 00:26:55 pettai Exp $
-
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7250
-
---- crypto/asn1/asn_mime.c.orig	2012-03-05 00:08:44.000000000 +0000
-+++ crypto/asn1/asn_mime.c
-@@ -790,6 +790,10 @@ static int mime_hdr_addparam(MIME_HEADER
- static int mime_hdr_cmp(const MIME_HEADER * const *a,
- 			const MIME_HEADER * const *b)
- {
-+	if ((*a)->name == NULL || (*b)->name == NULL)
-+		return (*a)->name - (*b)->name < 0 ? -1 :
-+			(*a)->name - (*b)->name > 0 ? 1 : 0;
-+
- 	return(strcmp((*a)->name, (*b)->name));
- }
-