diff options
| author | tron <tron> | 2009-01-08 18:11:26 +0000 |
|---|---|---|
| committer | tron <tron> | 2009-01-08 18:11:26 +0000 |
| commit | 9566c3b7e5ec3aa9b73350edf3a6163cfe39c265 (patch) | |
| tree | fcbfe7fcbec4357582d88bc66471869c5dba9852 /security | |
| parent | bcae093a49fbb6c209d5e9d015dfa42a1a7325f7 (diff) | |
| download | pkgsrc-9566c3b7e5ec3aa9b73350edf3a6163cfe39c265.tar.gz | |
Pullup ticket #2628 - requested by tnn
openssl: security update
Revisions pulled up:
- security/openssl/Makefile 1.137
- security/openssl/PLIST.common 1.14
- security/openssl/distinfo 1.65
- security/openssl/patches/patch-af 1.22
- security/openssl/patches/patch-am 1.6
---
Module Name: pkgsrc
Committed By: tnn
Date: Thu Jan 8 16:38:22 UTC 2009
Modified Files:
pkgsrc/security/openssl: Makefile PLIST.common distinfo
pkgsrc/security/openssl/patches: patch-af patch-am
Log Message:
Update to openssl-0.9.8j. Fixes CVE-2008-5077.
Diffstat (limited to 'security')
| -rw-r--r-- | security/openssl/Makefile | 7 | ||||
| -rw-r--r-- | security/openssl/PLIST.common | 3 | ||||
| -rw-r--r-- | security/openssl/distinfo | 12 | ||||
| -rw-r--r-- | security/openssl/patches/patch-af | 31 | ||||
| -rw-r--r-- | security/openssl/patches/patch-am | 22 |
5 files changed, 43 insertions, 32 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 8d73800c698..bf1918521bd 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.136 2008/10/25 12:03:35 adrianp Exp $ +# $NetBSD: Makefile,v 1.136.2.1 2009/01/08 18:11:26 tron Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty -OPENSSL_VERS?= 0.9.8h -PKGREVISION= 2 +OPENSSL_VERS?= 0.9.8j .if empty(OPENSSL_SNAPSHOT) DISTNAME= openssl-${OPENSSL_VERS} @@ -50,7 +49,7 @@ CONFIGURE_SCRIPT= ./config CONFIGURE_ARGS+= --prefix=${PREFIX:Q} CONFIGURE_ARGS+= --install_prefix=${DESTDIR} CONFIGURE_ARGS+= --openssldir=${PKG_SYSCONFDIR:Q} -CONFIGURE_ARGS+= shared threads +CONFIGURE_ARGS+= shared threads no-fips .if ${OPSYS} == "SunOS" . if ${MACHINE_ARCH} == "sparc" diff --git a/security/openssl/PLIST.common b/security/openssl/PLIST.common index 6cf4171b92d..9e6c630ea76 100644 --- a/security/openssl/PLIST.common +++ b/security/openssl/PLIST.common @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST.common,v 1.13 2008/04/12 22:43:12 jlam Exp $ +@comment $NetBSD: PLIST.common,v 1.13.10.1 2009/01/08 18:11:26 tron Exp $ bin/c_rehash bin/openssl include/openssl/aes.h @@ -75,6 +75,7 @@ include/openssl/x509v3.h lib/engines/lib4758cca.so lib/engines/libaep.so lib/engines/libatalla.so +lib/engines/libcapi.so lib/engines/libchil.so lib/engines/libcswift.so lib/engines/libgmp.so diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 2522b8bfa03..684048f5700 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,14 +1,14 @@ -$NetBSD: distinfo,v 1.64 2008/10/25 12:03:35 adrianp Exp $ +$NetBSD: distinfo,v 1.64.2.1 2009/01/08 18:11:26 tron Exp $ -SHA1 (openssl-0.9.8h.tar.gz) = ced4f2da24a202e01ea22bef30ebc8aee274de86 -RMD160 (openssl-0.9.8h.tar.gz) = 676337da20c3fc3fc4001a79c6d28589cba719cd -Size (openssl-0.9.8h.tar.gz) = 3439981 bytes +SHA1 (openssl-0.9.8j.tar.gz) = f70f7127a26e951e8a0d854c0c9e6b4c24df78e4 +RMD160 (openssl-0.9.8j.tar.gz) = d60417e0fd943fbffc6dae8391a21dcf5d97e967 +Size (openssl-0.9.8j.tar.gz) = 3738359 bytes SHA1 (patch-aa) = b28ec662bf0586e31d59cab45e3a28b91b10dac1 SHA1 (patch-ac) = a766699f2d007b70689bbad538ede07ded7b34ff SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3 SHA1 (patch-ae) = 7a58f1765a3761321dcc8dafc5fe2e33207be480 -SHA1 (patch-af) = 3c1a88329b1a1c54bdd4624ceaf723af3749ec32 +SHA1 (patch-af) = 1eda5a96835b65d325c77ce5d39f1e524815a3c7 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302 -SHA1 (patch-am) = a2ba07bf35d53b096b3524b2d10ae26eef755da0 +SHA1 (patch-am) = 72d9d776878fc4908c40aacbe4d79ba3edd0a584 diff --git a/security/openssl/patches/patch-af b/security/openssl/patches/patch-af index f6b1053d23d..d1ba1183348 100644 --- a/security/openssl/patches/patch-af +++ b/security/openssl/patches/patch-af @@ -1,7 +1,7 @@ -$NetBSD: patch-af,v 1.21 2008/01/17 06:42:48 tnn Exp $ +$NetBSD: patch-af,v 1.21.12.1 2009/01/08 18:11:26 tron Exp $ ---- Makefile.org.orig 2007-04-24 01:49:54.000000000 +0200 -+++ Makefile.org 2007-10-28 12:44:05.000000000 +0100 +--- Makefile.org.orig 2008-12-30 14:26:26.000000000 +0100 ++++ Makefile.org @@ -28,6 +28,7 @@ INSTALLTOP=/usr/local/ssl # Do not edit this manually. Use Configure --openssldir=DIR do change this! @@ -10,7 +10,18 @@ $NetBSD: patch-af,v 1.21 2008/01/17 06:42:48 tnn Exp $ # NO_IDEA - Define to build without the IDEA algorithm # NO_RC4 - Define to build without the RC4 algorithm -@@ -125,7 +126,7 @@ TESTS = alltests +@@ -131,8 +132,8 @@ FIPSCANLIB= + + BASEADDR= + +-DIRS= crypto fips ssl engines apps test tools +-SHLIBDIRS= crypto ssl fips ++DIRS= crypto ssl engines apps test tools # fips ++SHLIBDIRS= crypto ssl # fips + + # dirs in crypto to build + SDIRS= \ +@@ -152,7 +153,7 @@ TESTS = alltests MAKEFILE= Makefile @@ -19,15 +30,15 @@ $NetBSD: patch-af,v 1.21 2008/01/17 06:42:48 tnn Exp $ MAN1=1 MAN3=3 MANSUFFIX= -@@ -140,6 +141,7 @@ SHARED_CRYPTO=libcrypto$(SHLIB_EXT) - SHARED_SSL=libssl$(SHLIB_EXT) +@@ -168,6 +169,7 @@ SHARED_SSL=libssl$(SHLIB_EXT) + SHARED_FIPS= SHARED_LIBS= SHARED_LIBS_LINK_EXTS= +LIBRPATH=$(INSTALLTOP)/lib SHARED_LDFLAGS= GENERAL= Makefile -@@ -172,7 +174,7 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESS +@@ -200,7 +202,7 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESS CC='${CC}' CFLAG='${CFLAG}' \ AS='${CC}' ASFLAG='${CFLAG} -c' \ AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \ @@ -36,7 +47,7 @@ $NetBSD: patch-af,v 1.21 2008/01/17 06:42:48 tnn Exp $ INSTALL_PREFIX='${INSTALL_PREFIX}' \ INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \ MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \ -@@ -473,7 +475,7 @@ dist: +@@ -608,7 +610,7 @@ dist: dist_pem_h: (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) @@ -45,7 +56,7 @@ $NetBSD: patch-af,v 1.21 2008/01/17 06:42:48 tnn Exp $ install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ -@@ -481,9 +483,7 @@ install_sw: +@@ -616,9 +618,7 @@ install_sw: $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ @@ -56,7 +67,7 @@ $NetBSD: patch-af,v 1.21 2008/01/17 06:42:48 tnn Exp $ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ -@@ -553,35 +553,53 @@ install_docs: +@@ -688,35 +688,53 @@ install_docs: set -e; for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ diff --git a/security/openssl/patches/patch-am b/security/openssl/patches/patch-am index c34822b608f..22c874d6464 100644 --- a/security/openssl/patches/patch-am +++ b/security/openssl/patches/patch-am @@ -1,13 +1,13 @@ -$NetBSD: patch-am,v 1.5 2008/10/25 12:04:34 adrianp Exp $ +$NetBSD: patch-am,v 1.5.2.1 2009/01/08 18:11:26 tron Exp $ ---- crypto/x509/x509_att.c.orig 2008-04-02 12:11:51.000000000 +0100 -+++ crypto/x509/x509_att.c -@@ -303,7 +303,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIB - } - if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; - if(!(ttmp = ASN1_TYPE_new())) goto err; -- if (len == -1) -+ if ((len == -1) && !(attrtype & MBSTRING_FLAG)) +--- crypto/evp/enc_min.c.orig 2008-12-02 19:14:44.000000000 +0100 ++++ crypto/evp/enc_min.c +@@ -199,7 +199,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct + enc = 1; + ctx->encrypt = enc; + } +-#ifdef OPENSSL_NO_FIPS ++#if 0 /* def OPENSSL_NO_FIPS */ + if(FIPS_selftest_failed()) { - if (!ASN1_TYPE_set1(ttmp, attrtype, data)) - goto err; + FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED); |