pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/openssl Update to openssl-0.9.8k.
details: https://anonhg.NetBSD.org/pkgsrc/rev/f91d155827d7
branches: trunk
changeset: 556747:f91d155827d7
user: tnn <tnn%pkgsrc.org@localhost>
date: Sun Apr 05 15:50:17 2009 +0000
description:
Update to openssl-0.9.8k.
Changes between 0.9.8j and 0.9.8k [25 Mar 2009]
*) Don't set val to NULL when freeing up structures, it is freed up by
underlying code. If sizeof(void *) > sizeof(long) this can result in
zeroing past the valid field. (CVE-2009-0789)
*) Fix bug where return value of CMS_SignerInfo_verify_content() was not
checked correctly. This would allow some invalid signed attributes to
appear to verify correctly. (CVE-2009-0591)
*) Reject UniversalString and BMPString types with invalid lengths. This
prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
a legal length. (CVE-2009-0590)
*) Set S/MIME signing as the default purpose rather than setting it
unconditionally. This allows applications to override it at the store
level.
*) Permit restricted recursion of ASN1 strings. This is needed in practice
to handle some structures.
*) Improve efficiency of mem_gets: don't search whole buffer each time
for a '\n'
*) New -hex option for openssl rand.
*) Print out UTF8String and NumericString when parsing ASN1.
*) Support NumericString type for name components.
*) Allow CC in the environment to override the automatically chosen
compiler. Note that nothing is done to ensure flags work with the
chosen compiler.
diffstat:
security/openssl/Makefile | 4 ++--
security/openssl/distinfo | 9 ++++-----
security/openssl/patches/patch-am | 13 -------------
3 files changed, 6 insertions(+), 20 deletions(-)
diffs (52 lines):
diff -r 7e887443fbd3 -r f91d155827d7 security/openssl/Makefile
--- a/security/openssl/Makefile Sun Apr 05 13:15:01 2009 +0000
+++ b/security/openssl/Makefile Sun Apr 05 15:50:17 2009 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.137 2009/01/08 16:38:22 tnn Exp $
+# $NetBSD: Makefile,v 1.138 2009/04/05 15:50:17 tnn Exp $
OPENSSL_SNAPSHOT?= # empty
OPENSSL_STABLE?= # empty
-OPENSSL_VERS?= 0.9.8j
+OPENSSL_VERS?= 0.9.8k
.if empty(OPENSSL_SNAPSHOT)
DISTNAME= openssl-${OPENSSL_VERS}
diff -r 7e887443fbd3 -r f91d155827d7 security/openssl/distinfo
--- a/security/openssl/distinfo Sun Apr 05 13:15:01 2009 +0000
+++ b/security/openssl/distinfo Sun Apr 05 15:50:17 2009 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.65 2009/01/08 16:38:22 tnn Exp $
+$NetBSD: distinfo,v 1.66 2009/04/05 15:50:17 tnn Exp $
-SHA1 (openssl-0.9.8j.tar.gz) = f70f7127a26e951e8a0d854c0c9e6b4c24df78e4
-RMD160 (openssl-0.9.8j.tar.gz) = d60417e0fd943fbffc6dae8391a21dcf5d97e967
-Size (openssl-0.9.8j.tar.gz) = 3738359 bytes
+SHA1 (openssl-0.9.8k.tar.gz) = 3ba079f91d3c1ec90a36dcd1d43857165035703f
+RMD160 (openssl-0.9.8k.tar.gz) = 496df7a5d33457b0d8e3b930a8e5cf068923182c
+Size (openssl-0.9.8k.tar.gz) = 3852259 bytes
SHA1 (patch-aa) = b28ec662bf0586e31d59cab45e3a28b91b10dac1
SHA1 (patch-ac) = a766699f2d007b70689bbad538ede07ded7b34ff
SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3
@@ -11,4 +11,3 @@
SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8
SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0
SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302
-SHA1 (patch-am) = 72d9d776878fc4908c40aacbe4d79ba3edd0a584
diff -r 7e887443fbd3 -r f91d155827d7 security/openssl/patches/patch-am
--- a/security/openssl/patches/patch-am Sun Apr 05 13:15:01 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-am,v 1.6 2009/01/08 16:38:22 tnn Exp $
-
---- crypto/evp/enc_min.c.orig 2008-12-02 19:14:44.000000000 +0100
-+++ crypto/evp/enc_min.c
-@@ -199,7 +199,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
- enc = 1;
- ctx->encrypt = enc;
- }
--#ifdef OPENSSL_NO_FIPS
-+#if 0 /* def OPENSSL_NO_FIPS */
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
Home |
Main Index |
Thread Index |
Old Index