pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2012Q1]: pkgsrc/security/openssl Pullup ticket #3755 - request...
details: https://anonhg.NetBSD.org/pkgsrc/rev/ef45d00431b3
branches: pkgsrc-2012Q1
changeset: 602058:ef45d00431b3
user: sbd <sbd%pkgsrc.org@localhost>
date: Tue Apr 24 07:47:28 2012 +0000
description:
Pullup ticket #3755 - requested by taca
security/openssl security update.
Revisions pulled up:
- security/openssl/Makefile 1.166
- security/openssl/distinfo 1.88
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 24 05:03:49 UTC 2012
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Log Message:
Update openssl package to 0.9.8w.
Security fix for CVS-2012-2131.
Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
*) The fix for CVE-2012-2110 did not take into account that the
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter. (CVE-2012-2131)
[Tomas Hoger <thoger%redhat.com@localhost>]
diffstat:
security/openssl/Makefile | 4 ++--
security/openssl/distinfo | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
diffs (30 lines):
diff -r a2718fd92de2 -r ef45d00431b3 security/openssl/Makefile
--- a/security/openssl/Makefile Sun Apr 22 23:07:10 2012 +0000
+++ b/security/openssl/Makefile Tue Apr 24 07:47:28 2012 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.164.2.1 2012/04/22 15:21:43 spz Exp $
+# $NetBSD: Makefile,v 1.164.2.2 2012/04/24 07:47:28 sbd Exp $
OPENSSL_SNAPSHOT?= # empty
OPENSSL_STABLE?= # empty
-OPENSSL_VERS?= 0.9.8v
+OPENSSL_VERS?= 0.9.8w
.if empty(OPENSSL_SNAPSHOT)
DISTNAME= openssl-${OPENSSL_VERS}
diff -r a2718fd92de2 -r ef45d00431b3 security/openssl/distinfo
--- a/security/openssl/distinfo Sun Apr 22 23:07:10 2012 +0000
+++ b/security/openssl/distinfo Tue Apr 24 07:47:28 2012 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.86.2.1 2012/04/22 15:21:43 spz Exp $
+$NetBSD: distinfo,v 1.86.2.2 2012/04/24 07:47:28 sbd Exp $
-SHA1 (openssl-0.9.8v.tar.gz) = ceacc6750b1e912d10ad1da964c90fcffbd6566e
-RMD160 (openssl-0.9.8v.tar.gz) = a59dd24ac07be9118a4b23b6d1874fd46d2b797a
-Size (openssl-0.9.8v.tar.gz) = 3782207 bytes
+SHA1 (openssl-0.9.8w.tar.gz) = 6dd276534f87aaca4bee679537fef3aaa6b43069
+RMD160 (openssl-0.9.8w.tar.gz) = 6904c2b85a199b8ec0262ba7d52adbbe7e8df351
+Size (openssl-0.9.8w.tar.gz) = 3782900 bytes
SHA1 (patch-aa) = eb25505e8a745eb5ba85f857b0f9302fd5e9bda1
SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208
SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3
Home |
Main Index |
Thread Index |
Old Index