pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/openssl Update to openssl-0.9.8h. Changes fro...
details: https://anonhg.NetBSD.org/pkgsrc/rev/118b11dceb5c
branches: trunk
changeset: 544367:118b11dceb5c
user: tnn <tnn%pkgsrc.org@localhost>
date: Mon Jul 14 03:52:54 2008 +0000
description:
Update to openssl-0.9.8h. Changes from 0.9.8g:
Two crashes discovered using the Codenomicon TLS test suite, as reported
in CVE-2008-0891 and CVE-2008-1672, were fixed. The root CA certificates
of commercial CAs were removed from the distribution. Functions were added
to implement RFC3394 compatible AES key wrapping. Utility functions to
handle ASN1 structures were added. The certificate status request TLS
extension, as defined in RFC3546, was implemented. Several other bugfixes
and enhancements were made.
diffstat:
security/openssl/Makefile | 5 ++---
security/openssl/distinfo | 8 ++++----
security/openssl/patches/patch-ab | 18 ------------------
security/openssl/patches/patch-ah | 12 ------------
4 files changed, 6 insertions(+), 37 deletions(-)
diffs (69 lines):
diff -r 64a341da6a53 -r 118b11dceb5c security/openssl/Makefile
--- a/security/openssl/Makefile Mon Jul 14 02:38:08 2008 +0000
+++ b/security/openssl/Makefile Mon Jul 14 03:52:54 2008 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.133 2008/06/16 20:18:20 tonnerre Exp $
+# $NetBSD: Makefile,v 1.134 2008/07/14 03:52:54 tnn Exp $
OPENSSL_SNAPSHOT?= # empty
OPENSSL_STABLE?= # empty
-OPENSSL_VERS?= 0.9.8g
-PKGREVISION= 2
+OPENSSL_VERS?= 0.9.8h
.if empty(OPENSSL_SNAPSHOT)
DISTNAME= openssl-${OPENSSL_VERS}
diff -r 64a341da6a53 -r 118b11dceb5c security/openssl/distinfo
--- a/security/openssl/distinfo Mon Jul 14 02:38:08 2008 +0000
+++ b/security/openssl/distinfo Mon Jul 14 03:52:54 2008 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.61 2008/06/16 20:18:20 tonnerre Exp $
+$NetBSD: distinfo,v 1.62 2008/07/14 03:52:54 tnn Exp $
-SHA1 (openssl-0.9.8g.tar.gz) = 4e9c5ced466715d18fd924de79bde5c15da80fa1
-RMD160 (openssl-0.9.8g.tar.gz) = f080a32da9becdc8b98c38744d62c6fd8664f603
-Size (openssl-0.9.8g.tar.gz) = 3354792 bytes
+SHA1 (openssl-0.9.8h.tar.gz) = ced4f2da24a202e01ea22bef30ebc8aee274de86
+RMD160 (openssl-0.9.8h.tar.gz) = 676337da20c3fc3fc4001a79c6d28589cba719cd
+Size (openssl-0.9.8h.tar.gz) = 3439981 bytes
SHA1 (patch-aa) = b28ec662bf0586e31d59cab45e3a28b91b10dac1
SHA1 (patch-ab) = b09beb8db8046293cd63d3f37e0c1ae5001eb5a1
SHA1 (patch-ac) = a766699f2d007b70689bbad538ede07ded7b34ff
diff -r 64a341da6a53 -r 118b11dceb5c security/openssl/patches/patch-ab
--- a/security/openssl/patches/patch-ab Mon Jul 14 02:38:08 2008 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-$NetBSD: patch-ab,v 1.12 2008/06/03 21:39:40 tonnerre Exp $
-
---- ssl/s3_clnt.c.orig 2007-08-31 02:28:51.000000000 +0200
-+++ ssl/s3_clnt.c
-@@ -1967,6 +1967,13 @@ int ssl3_send_client_key_exchange(SSL *s
- {
- DH *dh_srvr,*dh_clnt;
-
-+ if (s->session->sess_cert == NULL)
-+ {
-+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
-+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
-+ goto err;
-+ }
-+
- if (s->session->sess_cert->peer_dh_tmp != NULL)
- dh_srvr=s->session->sess_cert->peer_dh_tmp;
- else
diff -r 64a341da6a53 -r 118b11dceb5c security/openssl/patches/patch-ah
--- a/security/openssl/patches/patch-ah Mon Jul 14 02:38:08 2008 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-$NetBSD: patch-ah,v 1.8 2008/06/03 21:39:40 tonnerre Exp $
-
---- ssl/t1_lib.c.orig 2007-10-19 09:44:10.000000000 +0200
-+++ ssl/t1_lib.c
-@@ -324,6 +324,7 @@ int ssl_parse_clienthello_tlsext(SSL *s,
- s->session->tlsext_hostname[len]='\0';
- if (strlen(s->session->tlsext_hostname) != len) {
- OPENSSL_free(s->session->tlsext_hostname);
-+ s->session->tlsext_hostname = NULL;
- *al = TLS1_AD_UNRECOGNIZED_NAME;
- return 0;
- }
Home |
Main Index |
Thread Index |
Old Index