From 33170704cc0047c89e166d6f4c7ea2246ba7acab Mon Sep 17 00:00:00 2001 From: spz Date: Thu, 3 Jun 2010 08:33:32 +0000 Subject: Pullup ticket 3135 - requested by taca security update Revisions pulled up: - pkgsrc/security/openssl/Makefile 1.149 - pkgsrc/security/openssl/distinfo 1.75 Files removed: pkgsrc/security/openssl/patches/patch-bc ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Mon Apr 12 14:19:17 UTC 2010 Modified Files: pkgsrc/security/openssl: Makefile distinfo Removed Files: pkgsrc/security/openssl/patches: patch-bc Log Message: Update openssl package from 0.9.8m to 0.9.8n. Changes between 0.9.8m and 0.9.8n [24 Mar 2010] *) When rejecting SSL/TLS records due to an incorrect version number, never update s->server with a new major version number. As of - OpenSSL 0.9.8m if 'short' is a 16-bit type, - OpenSSL 0.9.8f if 'short' is longer than 16 bits, the previous behavior could result in a read attempt at NULL when receiving specific incorrect SSL/TLS records once record payload protection is active. (CVE-2010-0740) [Bodo Moeller, Adam Langley ] *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted). [Tomas Hoger ] To generate a diff of this commit: cvs rdiff -u -r1.146 -r1.147 pkgsrc/security/openssl/Makefile cvs rdiff -u -r1.73 -r1.74 pkgsrc/security/openssl/distinfo cvs rdiff -u -r1.1 -r0 pkgsrc/security/openssl/patches/patch-bc ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: adam Date: Sat May 8 06:33:41 UTC 2010 Modified Files: pkgsrc/security/openssl: Makefile Log Message: Set correct architecture on Darwin To generate a diff of this commit: cvs rdiff -u -r1.147 -r1.148 pkgsrc/security/openssl/Makefile ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Wed Jun 2 13:30:11 UTC 2010 Modified Files: pkgsrc/security/openssl: Makefile distinfo Log Message: Update security/openssl package to 0.9.8o. OpenSSL CHANGES _______________ Changes between 0.9.8n and 0.9.8o [01 Jun 2010] *) Correct a typo in the CMS ASN1 module which can result in invalid memory access or freeing data twice (CVE-2010-0742) [Steve Henson, Ronald Moesbergen ] *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more common in certificates and some applications which only call SSL_library_init and not OpenSSL_add_all_algorithms() will fail. [Steve Henson] *) VMS fixes: Reduce copying into .apps and .test in makevms.com Don't try to use blank CA certificate in CA.com Allow use of C files from original directories in maketests.com [Steven M. Schweda" ] To generate a diff of this commit: cvs rdiff -u -r1.148 -r1.149 pkgsrc/security/openssl/Makefile cvs rdiff -u -r1.74 -r1.75 pkgsrc/security/openssl/distinfo --- security/openssl/Makefile | 12 +++++++++--- security/openssl/distinfo | 9 ++++----- security/openssl/patches/patch-bc | 19 ------------------- 3 files changed, 13 insertions(+), 27 deletions(-) delete mode 100644 security/openssl/patches/patch-bc diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 97469d43fbe..c59137aa83e 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.146 2010/03/26 00:20:49 taca Exp $ +# $NetBSD: Makefile,v 1.146.2.1 2010/06/03 08:33:32 spz Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty -OPENSSL_VERS?= 0.9.8m -PKGREVISION= 2 +OPENSSL_VERS?= 0.9.8o .if empty(OPENSSL_SNAPSHOT) DISTNAME= openssl-${OPENSSL_VERS} @@ -86,6 +85,13 @@ CONFIGURE_ARGS+= tru64-alpha-gcc CONFIGURE_ARGS+= tru64-alpha-cc . endif .elif ${OPSYS} == "Darwin" +CONFIGURE_SCRIPT= ./Configure +. if ${ABI} == "64" +CONFIGURE_ARGS+= darwin64-${MACHINE_ARCH}-cc +. else +CONFIGURE_ARGS+= darwin-${MACHINE_ARCH}-cc +. endif + .include "../../mk/dlopen.buildlink3.mk" SUBST_CLASSES+= dl diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 1e1681a6c45..194d1bf84d3 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.73 2010/03/26 00:20:49 taca Exp $ +$NetBSD: distinfo,v 1.73.2.1 2010/06/03 08:33:32 spz Exp $ -SHA1 (openssl-0.9.8m.tar.gz) = 2511c709a47f34d5fa6cd1a1c9cb1699bdffa912 -RMD160 (openssl-0.9.8m.tar.gz) = 0296af151993008526b4f2b3a6810e20c4ad3759 -Size (openssl-0.9.8m.tar.gz) = 3767604 bytes +SHA1 (openssl-0.9.8o.tar.gz) = 80c73afc7dca790cd26936cb392a4dfd14d4e4d7 +RMD160 (openssl-0.9.8o.tar.gz) = c2e455a17bce59c8a54522ffaa26c3a5cb26b510 +Size (openssl-0.9.8o.tar.gz) = 3772542 bytes SHA1 (patch-aa) = b3899aebeea9bd9ead58771ca52ecec049589a55 SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208 SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3 @@ -11,4 +11,3 @@ SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302 -SHA1 (patch-bc) = 9200ae3c86fb5c278c9692441555faa4c51afb30 diff --git a/security/openssl/patches/patch-bc b/security/openssl/patches/patch-bc deleted file mode 100644 index d150c8acb7c..00000000000 --- a/security/openssl/patches/patch-bc +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-bc,v 1.1 2010/03/26 00:20:49 taca Exp $ - -Fix for CVE-2010-0740: http://www.openssl.org/news/secadv_20100324.txt - ---- ssl/s3_pkt.c.orig 2010-01-24 13:52:38.000000000 +0000 -+++ ssl/s3_pkt.c -@@ -291,9 +291,9 @@ again: - if (version != s->version) - { - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); -- /* Send back error using their -- * version number :-) */ -- s->version=version; -+ if ((s->version & 0xFF00) == (version & 0xFF00)) -+ /* Send back error using their minor version number :-) */ -+ s->version = (unsigned short)version; - al=SSL_AD_PROTOCOL_VERSION; - goto f_err; - } -- cgit v1.2.3