diff options
| author | tnn <tnn> | 2008-07-14 03:52:54 +0000 |
|---|---|---|
| committer | tnn <tnn> | 2008-07-14 03:52:54 +0000 |
| commit | bb477f3c7209a0251891a23b36f1ee87768d9939 (patch) | |
| tree | 90e757be62bac3f3292a9169a63ae511776bc8c9 /security | |
| parent | 78c71b02d9c973982d84ab461326c82ed8abadbc (diff) | |
| download | pkgsrc-bb477f3c7209a0251891a23b36f1ee87768d9939.tar.gz | |
Update to openssl-0.9.8h. Changes from 0.9.8g:
Two crashes discovered using the Codenomicon TLS test suite, as reported
in CVE-2008-0891 and CVE-2008-1672, were fixed. The root CA certificates
of commercial CAs were removed from the distribution. Functions were added
to implement RFC3394 compatible AES key wrapping. Utility functions to
handle ASN1 structures were added. The certificate status request TLS
extension, as defined in RFC3546, was implemented. Several other bugfixes
and enhancements were made.
Diffstat (limited to 'security')
| -rw-r--r-- | security/openssl/Makefile | 5 | ||||
| -rw-r--r-- | security/openssl/distinfo | 8 | ||||
| -rw-r--r-- | security/openssl/patches/patch-ab | 18 | ||||
| -rw-r--r-- | security/openssl/patches/patch-ah | 12 |
4 files changed, 6 insertions, 37 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index d7a8917ed57..d885c25386c 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.133 2008/06/16 20:18:20 tonnerre Exp $ +# $NetBSD: Makefile,v 1.134 2008/07/14 03:52:54 tnn Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty -OPENSSL_VERS?= 0.9.8g -PKGREVISION= 2 +OPENSSL_VERS?= 0.9.8h .if empty(OPENSSL_SNAPSHOT) DISTNAME= openssl-${OPENSSL_VERS} diff --git a/security/openssl/distinfo b/security/openssl/distinfo index ba908ae926e..4908b601d35 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.61 2008/06/16 20:18:20 tonnerre Exp $ +$NetBSD: distinfo,v 1.62 2008/07/14 03:52:54 tnn Exp $ -SHA1 (openssl-0.9.8g.tar.gz) = 4e9c5ced466715d18fd924de79bde5c15da80fa1 -RMD160 (openssl-0.9.8g.tar.gz) = f080a32da9becdc8b98c38744d62c6fd8664f603 -Size (openssl-0.9.8g.tar.gz) = 3354792 bytes +SHA1 (openssl-0.9.8h.tar.gz) = ced4f2da24a202e01ea22bef30ebc8aee274de86 +RMD160 (openssl-0.9.8h.tar.gz) = 676337da20c3fc3fc4001a79c6d28589cba719cd +Size (openssl-0.9.8h.tar.gz) = 3439981 bytes SHA1 (patch-aa) = b28ec662bf0586e31d59cab45e3a28b91b10dac1 SHA1 (patch-ab) = b09beb8db8046293cd63d3f37e0c1ae5001eb5a1 SHA1 (patch-ac) = a766699f2d007b70689bbad538ede07ded7b34ff diff --git a/security/openssl/patches/patch-ab b/security/openssl/patches/patch-ab deleted file mode 100644 index 7b185c9624b..00000000000 --- a/security/openssl/patches/patch-ab +++ /dev/null @@ -1,18 +0,0 @@ -$NetBSD: patch-ab,v 1.12 2008/06/03 21:39:40 tonnerre Exp $ - ---- ssl/s3_clnt.c.orig 2007-08-31 02:28:51.000000000 +0200 -+++ ssl/s3_clnt.c -@@ -1967,6 +1967,13 @@ int ssl3_send_client_key_exchange(SSL *s - { - DH *dh_srvr,*dh_clnt; - -+ if (s->session->sess_cert == NULL) -+ { -+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); -+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); -+ goto err; -+ } -+ - if (s->session->sess_cert->peer_dh_tmp != NULL) - dh_srvr=s->session->sess_cert->peer_dh_tmp; - else diff --git a/security/openssl/patches/patch-ah b/security/openssl/patches/patch-ah deleted file mode 100644 index 69f2080d789..00000000000 --- a/security/openssl/patches/patch-ah +++ /dev/null @@ -1,12 +0,0 @@ -$NetBSD: patch-ah,v 1.8 2008/06/03 21:39:40 tonnerre Exp $ - ---- ssl/t1_lib.c.orig 2007-10-19 09:44:10.000000000 +0200 -+++ ssl/t1_lib.c -@@ -324,6 +324,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, - s->session->tlsext_hostname[len]='\0'; - if (strlen(s->session->tlsext_hostname) != len) { - OPENSSL_free(s->session->tlsext_hostname); -+ s->session->tlsext_hostname = NULL; - *al = TLS1_AD_UNRECOGNIZED_NAME; - return 0; - } |