pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/openssl Update openssl to 0.9.8m.
details: https://anonhg.NetBSD.org/pkgsrc/rev/8a8a8e775205
branches: trunk
changeset: 572436:8a8a8e775205
user: taca <taca%pkgsrc.org@localhost>
date: Fri Feb 26 03:15:13 2010 +0000
description:
Update openssl to 0.9.8m.
The OpenSSL project team is pleased to announce the release of
version 0.9.8m of our open source toolkit for SSL/TLS. This new
OpenSSL version is a security and bugfix release which implements
RFC5746 to address renegotiation vulnerabilities mentioned in
CVE-2009-3555. For a complete list of changes,
please see http://www.openssl.org/source/exp/CHANGES.
diffstat:
security/openssl/Makefile | 7 +++--
security/openssl/distinfo | 19 ++++++----------
security/openssl/patches/patch-aa | 14 ++++++------
security/openssl/patches/patch-ac | 18 +++++++-------
security/openssl/patches/patch-af | 34 ++++++-----------------------
security/openssl/patches/patch-ax | 24 ---------------------
security/openssl/patches/patch-ay | 13 -----------
security/openssl/patches/patch-az | 42 -------------------------------------
security/openssl/patches/patch-ba | 17 ---------------
security/openssl/patches/patch-bb | 44 ---------------------------------------
10 files changed, 34 insertions(+), 198 deletions(-)
diffs (truncated from 370 to 300 lines):
diff -r 2fe09b8e1e74 -r 8a8a8e775205 security/openssl/Makefile
--- a/security/openssl/Makefile Fri Feb 26 01:09:13 2010 +0000
+++ b/security/openssl/Makefile Fri Feb 26 03:15:13 2010 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.143 2010/01/22 03:35:10 taca Exp $
+# $NetBSD: Makefile,v 1.144 2010/02/26 03:15:13 taca Exp $
OPENSSL_SNAPSHOT?= # empty
OPENSSL_STABLE?= # empty
-OPENSSL_VERS?= 0.9.8l
-PKGREVISION= 1
+OPENSSL_VERS?= 0.9.8m
.if empty(OPENSSL_SNAPSHOT)
DISTNAME= openssl-${OPENSSL_VERS}
@@ -124,6 +123,8 @@
${PKG_SYSCONFDIR}/openssl.cnf
OWN_DIRS= ${PKG_SYSCONFDIR}/certs ${PKG_SYSCONFDIR}/private
+INSTALLATION_DIRS+= share/examples/openssl
+
# Fix the path to perl in various scripts.
pre-configure:
cd ${WRKSRC} && ${PERL5} util/perlpath.pl ${PERL5}
diff -r 2fe09b8e1e74 -r 8a8a8e775205 security/openssl/distinfo
--- a/security/openssl/distinfo Fri Feb 26 01:09:13 2010 +0000
+++ b/security/openssl/distinfo Fri Feb 26 03:15:13 2010 +0000
@@ -1,18 +1,13 @@
-$NetBSD: distinfo,v 1.71 2010/01/22 03:35:10 taca Exp $
+$NetBSD: distinfo,v 1.72 2010/02/26 03:15:13 taca Exp $
-SHA1 (openssl-0.9.8l.tar.gz) = d3fb6ec89532ab40646b65af179bb1770f7ca28f
-RMD160 (openssl-0.9.8l.tar.gz) = 9de81ec2583edcba729e62d50fd22c0a98a52903
-Size (openssl-0.9.8l.tar.gz) = 4179422 bytes
-SHA1 (patch-aa) = cb6942b0be960151c185e89af1e09050a6b18dff
-SHA1 (patch-ac) = 3f62d36e18c2b8f587322dac5b329207704f40ad
+SHA1 (openssl-0.9.8m.tar.gz) = 2511c709a47f34d5fa6cd1a1c9cb1699bdffa912
+RMD160 (openssl-0.9.8m.tar.gz) = 0296af151993008526b4f2b3a6810e20c4ad3759
+Size (openssl-0.9.8m.tar.gz) = 3767604 bytes
+SHA1 (patch-aa) = b3899aebeea9bd9ead58771ca52ecec049589a55
+SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208
SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3
SHA1 (patch-ae) = 7a58f1765a3761321dcc8dafc5fe2e33207be480
-SHA1 (patch-af) = 81263ce9dc0e89293ac1fc298e1178253a0b0b1b
+SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6
SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8
SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0
SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302
-SHA1 (patch-ax) = ef0c657de2aa42baa365b9857583d1c55d0e7d1b
-SHA1 (patch-ay) = 6d5de155e5508cd2237387626c8e1ff7ee603f8e
-SHA1 (patch-az) = aa7ef7192d56979ba09aa1dab8a2cdf9868f9c4a
-SHA1 (patch-ba) = b8ab55c0c6ab4b995cae18517609720f0803e11f
-SHA1 (patch-bb) = a4092a65f52d3c9c85c9015901b2a5eeb11d0955
diff -r 2fe09b8e1e74 -r 8a8a8e775205 security/openssl/patches/patch-aa
--- a/security/openssl/patches/patch-aa Fri Feb 26 01:09:13 2010 +0000
+++ b/security/openssl/patches/patch-aa Fri Feb 26 03:15:13 2010 +0000
@@ -1,15 +1,15 @@
-$NetBSD: patch-aa,v 1.22 2010/01/15 04:55:30 taca Exp $
+$NetBSD: patch-aa,v 1.23 2010/02/26 03:15:13 taca Exp $
---- config.orig 2009-02-16 08:43:41.000000000 +0000
+--- config.orig 2009-10-15 12:58:00.000000000 +0000
+++ config
@@ -49,6 +49,7 @@ done
# First get uname entries that we use below
- MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
-+MACHINE_ARCH=`(uname -p) 2>/dev/null` || MACHINE_ARCH="unknown"
- RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
- SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
- VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
+ [ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
++[ "$MACHINE_ARCH" ] || MACHINE_ARCH=`(uname -p) 2>/dev/null` || MACHINE_ARCH="unknown"
+ [ "$RELEASE" ] || RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
+ [ "$SYSTEM" ] || SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
+ [ "$BUILD" ] || VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
@@ -154,6 +155,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${
echo "mips4-sgi-irix64"; exit 0
;;
diff -r 2fe09b8e1e74 -r 8a8a8e775205 security/openssl/patches/patch-ac
--- a/security/openssl/patches/patch-ac Fri Feb 26 01:09:13 2010 +0000
+++ b/security/openssl/patches/patch-ac Fri Feb 26 03:15:13 2010 +0000
@@ -1,17 +1,17 @@
-$NetBSD: patch-ac,v 1.37 2010/01/15 04:55:30 taca Exp $
+$NetBSD: patch-ac,v 1.38 2010/02/26 03:15:13 taca Exp $
---- Configure.orig 2009-11-05 12:07:06.000000000 +0000
+--- Configure.orig 2009-11-09 14:14:26.000000000 +0000
+++ Configure
-@@ -206,7 +206,7 @@ my %table=(
- "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT
DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+@@ -212,7 +212,7 @@ my %table=(
+ "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Solaris x86 with Sun C setups
-"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z
text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-cc","cc:-xO5 -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z
text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT
DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Solaris with GNU C setups
-@@ -318,6 +318,7 @@ my %table=(
+@@ -324,6 +324,7 @@ my %table=(
#
"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
@@ -19,7 +19,7 @@
"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
####
-@@ -380,6 +381,25 @@ my %table=(
+@@ -386,6 +387,25 @@ my %table=(
"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -45,7 +45,7 @@
"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"nextstep", "cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-@@ -808,6 +828,10 @@ PROCESS_ARGS:
+@@ -821,6 +841,10 @@ PROCESS_ARGS:
{
$libs.=$_." ";
}
@@ -56,7 +56,7 @@
elsif (/^-[^-]/ or /^\+/)
{
$flags.=$_." ";
-@@ -1523,7 +1547,7 @@ while (<IN>)
+@@ -1566,7 +1590,7 @@ while (<IN>)
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
{
my $sotmp = $1;
diff -r 2fe09b8e1e74 -r 8a8a8e775205 security/openssl/patches/patch-af
--- a/security/openssl/patches/patch-af Fri Feb 26 01:09:13 2010 +0000
+++ b/security/openssl/patches/patch-af Fri Feb 26 03:15:13 2010 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-af,v 1.23 2010/01/15 04:55:30 taca Exp $
+$NetBSD: patch-af,v 1.24 2010/02/26 03:15:14 taca Exp $
---- Makefile.org.orig 2009-03-03 22:40:29.000000000 +0000
+--- Makefile.org.orig 2010-01-27 16:06:36.000000000 +0000
+++ Makefile.org
@@ -28,6 +28,7 @@ INSTALLTOP=/usr/local/ssl
@@ -10,7 +10,7 @@
# NO_IDEA - Define to build without the IDEA algorithm
# NO_RC4 - Define to build without the RC4 algorithm
-@@ -131,8 +132,8 @@ FIPSCANLIB=
+@@ -132,8 +133,8 @@ FIPSCANLIB=
BASEADDR=
@@ -21,7 +21,7 @@
# dirs in crypto to build
SDIRS= \
-@@ -152,7 +153,7 @@ TESTS = alltests
+@@ -153,7 +154,7 @@ TESTS = alltests
MAKEFILE= Makefile
@@ -30,7 +30,7 @@
MAN1=1
MAN3=3
MANSUFFIX=
-@@ -168,6 +169,7 @@ SHARED_SSL=libssl$(SHLIB_EXT)
+@@ -169,6 +170,7 @@ SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_FIPS=
SHARED_LIBS=
SHARED_LIBS_LINK_EXTS=
@@ -38,16 +38,7 @@
SHARED_LDFLAGS=
GENERAL= Makefile
-@@ -200,7 +202,7 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESS
- CC='${CC}' CFLAG='${CFLAG}' \
- AS='${CC}' ASFLAG='${CFLAG} -c' \
- AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
-- SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \
-+ SDIRS='${SDIRS}' LIBRPATH='${LIBRPATH}' \
- INSTALL_PREFIX='${INSTALL_PREFIX}' \
- INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
- MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
-@@ -611,7 +613,7 @@ dist:
+@@ -615,7 +617,7 @@ dist:
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
@@ -56,18 +47,7 @@
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-@@ -619,9 +621,7 @@ install_sw:
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
- $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
-- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-- $(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+ $(INSTALL_PREFIX)$(EXAMPLEDIR)
- @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-@@ -691,35 +691,53 @@ install_docs:
+@@ -695,35 +697,53 @@ install_docs:
set -e; for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
diff -r 2fe09b8e1e74 -r 8a8a8e775205 security/openssl/patches/patch-ax
--- a/security/openssl/patches/patch-ax Fri Feb 26 01:09:13 2010 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-$NetBSD: patch-ax,v 1.1 2009/06/10 13:57:08 tez Exp $
-
-Part of CVE-2009-1377 fix.
-
---- crypto/pqueue/pqueue.c.orig 2009-06-08 18:55:59.826213100 -0500
-+++ crypto/pqueue/pqueue.c
-@@ -234,3 +234,17 @@ pqueue_next(pitem **item)
-
- return ret;
- }
-+
-+int
-+pqueue_size(pqueue_s *pq)
-+{
-+ pitem *item = pq->items;
-+ int count = 0;
-+
-+ while(item != NULL)
-+ {
-+ count++;
-+ item = item->next;
-+ }
-+ return count;
-+}
diff -r 2fe09b8e1e74 -r 8a8a8e775205 security/openssl/patches/patch-ay
--- a/security/openssl/patches/patch-ay Fri Feb 26 01:09:13 2010 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ay,v 1.1 2009/06/10 13:57:08 tez Exp $
-
-Part of CVE-2009-1377 fix.
-
---- crypto/pqueue/pqueue.h.orig 2009-06-08 18:57:00.672546600 -0500
-+++ crypto/pqueue/pqueue.h
-@@ -91,5 +91,6 @@ pitem *pqueue_iterator(pqueue pq);
- pitem *pqueue_next(piterator *iter);
-
- void pqueue_print(pqueue pq);
-+int pqueue_size(pqueue pq);
-
- #endif /* ! HEADER_PQUEUE_H */
diff -r 2fe09b8e1e74 -r 8a8a8e775205 security/openssl/patches/patch-az
--- a/security/openssl/patches/patch-az Fri Feb 26 01:09:13 2010 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-$NetBSD: patch-az,v 1.1 2009/06/10 13:57:08 tez Exp $
-
-CVE-2009-1378 and CVE-2009-1379 fixes.
-
---- ssl/d1_both.c.orig 2009-06-08 18:59:50.629293200 -0500
-+++ ssl/d1_both.c
-@@ -519,6 +519,8 @@ dtls1_retrieve_buffered_fragment(SSL *s,
-
- if ( s->d1->handshake_read_seq == frag->msg_header.seq)
- {
-+ unsigned long frag_len = frag->msg_header.frag_len;
-+
- pqueue_pop(s->d1->buffered_messages);
-
- al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
-@@ -536,7 +538,7 @@ dtls1_retrieve_buffered_fragment(SSL *s,
- if (al==0)
- {
- *ok = 1;
-- return frag->msg_header.frag_len;
-+ return frag_len;
- }
-
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-@@ -561,7 +563,16 @@ dtls1_process_out_of_seq_message(SSL *s,
- if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
- goto err;
-
-- if (msg_hdr->seq <= s->d1->handshake_read_seq)
-+ /* Try to find item in queue, to prevent duplicate entries */
-+ pq_64bit_init(&seq64);
-+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
-+ item = pqueue_find(s->d1->buffered_messages, seq64);
-+ pq_64bit_free(&seq64);
-+
-+ /* Discard the message if sequence number was already there, is
-+ * too far in the future or the fragment is already in the queue */
-+ if (msg_hdr->seq <= s->d1->handshake_read_seq ||
-+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
- {
- unsigned char devnull [256];
Home |
Main Index |
Thread Index |
Old Index