CVS commit: pkgsrc/security/openssl

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/openssl
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Thu, 29 Mar 2018 11:08:44 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Thu Mar 29 11:08:44 UTC 2018

Modified Files:
        pkgsrc/security/openssl: Makefile distinfo

Log Message:
openssl: update to 1.0.2o.

 Changes between 1.0.2n and 1.0.2o [27 Mar 2018]

  *) Constructed ASN.1 types with a recursive definition could exceed the stack

     Constructed ASN.1 types with a recursive definition (such as can be found
     in PKCS7) could eventually exceed the stack given malicious input with
     excessive recursion. This could result in a Denial Of Service attack. There
     are no such structures used within SSL/TLS that come from untrusted sources
     so this is considered safe.

     This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
     project.
     (CVE-2018-0739)
     [Matt Caswell]


To generate a diff of this commit:
cvs rdiff -u -r1.237 -r1.238 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.131 -r1.132 pkgsrc/security/openssl/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/openssl/Makefile
diff -u pkgsrc/security/openssl/Makefile:1.237 pkgsrc/security/openssl/Makefile:1.238
--- pkgsrc/security/openssl/Makefile:1.237      Tue Jan  2 05:37:23 2018
+++ pkgsrc/security/openssl/Makefile    Thu Mar 29 11:08:44 2018
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.237 2018/01/02 05:37:23 maya Exp $
+# $NetBSD: Makefile,v 1.238 2018/03/29 11:08:44 wiz Exp $
 
-DISTNAME=      openssl-1.0.2n
-PKGREVISION=   1
+DISTNAME=      openssl-1.0.2o
 CATEGORIES=    security
 MASTER_SITES=  https://www.openssl.org/source/
 

Index: pkgsrc/security/openssl/distinfo
diff -u pkgsrc/security/openssl/distinfo:1.131 pkgsrc/security/openssl/distinfo:1.132
--- pkgsrc/security/openssl/distinfo:1.131      Tue Jan 16 09:48:46 2018
+++ pkgsrc/security/openssl/distinfo    Thu Mar 29 11:08:44 2018
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.131 2018/01/16 09:48:46 jperkin Exp $
+$NetBSD: distinfo,v 1.132 2018/03/29 11:08:44 wiz Exp $
 
-SHA1 (openssl-1.0.2n.tar.gz) = 0ca2957869206de193603eca6d89f532f61680b1
-RMD160 (openssl-1.0.2n.tar.gz) = 90fbf1df8986e04921e14e4c6e408458b5b31f6c
-SHA512 (openssl-1.0.2n.tar.gz) = 144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687
-Size (openssl-1.0.2n.tar.gz) = 5375802 bytes
+SHA1 (openssl-1.0.2o.tar.gz) = a47faaca57b47a0d9d5fb085545857cc92062691
+RMD160 (openssl-1.0.2o.tar.gz) = aac1564f006766e66f5a319def41e5d99122915d
+SHA512 (openssl-1.0.2o.tar.gz) = 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd
+Size (openssl-1.0.2o.tar.gz) = 5329472 bytes
 SHA1 (patch-Configure) = 2d963d781314276a0ee1bc531df6bc50f0f6b32b
 SHA1 (patch-Makefile.org) = d2a9295003a8b88718a328b01ff6bcbbc102ec0b
 SHA1 (patch-Makefile.shared) = 273154600c6cf0cf4de4ae16d56c5555bca5f9ad

Prev by Date: CVS commit: pkgsrc/mail/thunderbird
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/mail/thunderbird
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index