pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/openssl Update openssl package to 0.9.8l, fix...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/75623f6226df
branches:  trunk
changeset: 569181:75623f6226df
user:      taca <taca%pkgsrc.org@localhost>
date:      Fri Jan 15 04:55:30 2010 +0000

description:
Update openssl package to 0.9.8l, fixing security problem.
Approved by agc@.


Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]

 *) Disable renegotiation completely - this fixes a severe security
    problem (CVE-2009-3555) at the cost of breaking all
    renegotiation. Renegotiation can be re-enabled by setting
    SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
    run-time. This is really not recommended unless you know what
    you're doing.
    [Ben Laurie]

diffstat:

 security/openssl/Makefile         |   7 +++----
 security/openssl/distinfo         |  14 +++++++-------
 security/openssl/patches/patch-aa |  10 +++++-----
 security/openssl/patches/patch-ac |  16 ++++++++--------
 security/openssl/patches/patch-af |  10 +++++-----
 5 files changed, 28 insertions(+), 29 deletions(-)

diffs (169 lines):

diff -r f270f0702229 -r 75623f6226df security/openssl/Makefile
--- a/security/openssl/Makefile Thu Jan 14 22:33:30 2010 +0000
+++ b/security/openssl/Makefile Fri Jan 15 04:55:30 2010 +0000
@@ -1,15 +1,14 @@
-# $NetBSD: Makefile,v 1.141 2009/12/25 11:58:06 obache Exp $
+# $NetBSD: Makefile,v 1.142 2010/01/15 04:55:30 taca Exp $
 
 OPENSSL_SNAPSHOT?=     # empty
 OPENSSL_STABLE?=       # empty
-OPENSSL_VERS?=         0.9.8k
-PKGREVISION=           1
+OPENSSL_VERS?=         0.9.8l
 
 .if empty(OPENSSL_SNAPSHOT)
 DISTNAME=      openssl-${OPENSSL_VERS}
 MASTER_SITES=  ftp://ftp.openssl.org/source/ \
                                ftp://sunsite.cnlab-switch.ch/mirror/openssl/source/ \
-                               ftp://sunsite.uio.no/pub/security/openssl/source/ 
+                               ftp://sunsite.uio.no/pub/security/openssl/source/
 .else
 .  if !empty(OPENSSL_STABLE:M[yY][eE][sS])
 DISTNAME=      openssl-${OPENSSL_VERS:C/[a-z]$//}-stable-SNAP-${OPENSSL_SNAPSHOT}
diff -r f270f0702229 -r 75623f6226df security/openssl/distinfo
--- a/security/openssl/distinfo Thu Jan 14 22:33:30 2010 +0000
+++ b/security/openssl/distinfo Fri Jan 15 04:55:30 2010 +0000
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.69 2009/12/25 11:58:06 obache Exp $
+$NetBSD: distinfo,v 1.70 2010/01/15 04:55:30 taca Exp $
 
-SHA1 (openssl-0.9.8k.tar.gz) = 3ba079f91d3c1ec90a36dcd1d43857165035703f
-RMD160 (openssl-0.9.8k.tar.gz) = 496df7a5d33457b0d8e3b930a8e5cf068923182c
-Size (openssl-0.9.8k.tar.gz) = 3852259 bytes
-SHA1 (patch-aa) = 7191fd8bc34b384f44a9a7c238a556f251ab01c9
-SHA1 (patch-ac) = 1b0954f97524b3896bef562d1b13fa9aec1f0dec
+SHA1 (openssl-0.9.8l.tar.gz) = d3fb6ec89532ab40646b65af179bb1770f7ca28f
+RMD160 (openssl-0.9.8l.tar.gz) = 9de81ec2583edcba729e62d50fd22c0a98a52903
+Size (openssl-0.9.8l.tar.gz) = 4179422 bytes
+SHA1 (patch-aa) = cb6942b0be960151c185e89af1e09050a6b18dff
+SHA1 (patch-ac) = 3f62d36e18c2b8f587322dac5b329207704f40ad
 SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3
 SHA1 (patch-ae) = 7a58f1765a3761321dcc8dafc5fe2e33207be480
-SHA1 (patch-af) = 1eda5a96835b65d325c77ce5d39f1e524815a3c7
+SHA1 (patch-af) = 81263ce9dc0e89293ac1fc298e1178253a0b0b1b
 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8
 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0
 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302
diff -r f270f0702229 -r 75623f6226df security/openssl/patches/patch-aa
--- a/security/openssl/patches/patch-aa Thu Jan 14 22:33:30 2010 +0000
+++ b/security/openssl/patches/patch-aa Fri Jan 15 04:55:30 2010 +0000
@@ -1,7 +1,7 @@
-$NetBSD: patch-aa,v 1.21 2009/12/25 11:58:06 obache Exp $
+$NetBSD: patch-aa,v 1.22 2010/01/15 04:55:30 taca Exp $
 
---- config.orig        2007-08-01 13:21:35.000000000 +0200
-+++ config     2007-10-21 13:18:53.000000000 +0200
+--- config.orig        2009-02-16 08:43:41.000000000 +0000
++++ config
 @@ -49,6 +49,7 @@ done
  # First get uname entries that we use below
  
@@ -39,7 +39,7 @@
        ;;
  
      OpenBSD:*)
-@@ -655,13 +664,18 @@ case "$GUESSOS" in
+@@ -661,13 +670,18 @@ case "$GUESSOS" in
        ;;
    *-*-sunos4)         OUT="sunos-$CC" ;;
  
@@ -59,7 +59,7 @@
                        if [ -L /usr/lib/libc.so ]; then        # [Free|Net]BSD
                            libc=/usr/lib/libc.so
                        else                                    # OpenBSD
-@@ -674,6 +688,8 @@ case "$GUESSOS" in
+@@ -680,6 +694,8 @@ case "$GUESSOS" in
                        esac ;;
    *-*-*bsd*)          OUT="BSD-generic32" ;;
  
diff -r f270f0702229 -r 75623f6226df security/openssl/patches/patch-ac
--- a/security/openssl/patches/patch-ac Thu Jan 14 22:33:30 2010 +0000
+++ b/security/openssl/patches/patch-ac Fri Jan 15 04:55:30 2010 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ac,v 1.36 2009/12/25 11:58:06 obache Exp $
+$NetBSD: patch-ac,v 1.37 2010/01/15 04:55:30 taca Exp $
 
---- Configure.orig     2007-09-16 14:24:17.000000000 +0200
-+++ Configure  2007-10-21 13:21:36.000000000 +0200
-@@ -194,7 +194,7 @@ my %table=(
+--- Configure.orig     2009-11-05 12:07:06.000000000 +0000
++++ Configure
+@@ -206,7 +206,7 @@ my %table=(
  "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT 
DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   
  #### Solaris x86 with Sun C setups
@@ -11,7 +11,7 @@
  "solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT 
DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  
  #### SPARC Solaris with GNU C setups
-@@ -306,6 +306,7 @@ my %table=(
+@@ -318,6 +318,7 @@ my %table=(
  #
  "osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
  "osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
@@ -19,7 +19,7 @@
  "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
  
  ####
-@@ -368,6 +369,25 @@ my %table=(
+@@ -380,6 +381,25 @@ my %table=(
  "BSD-ia64",   "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  "BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT 
DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  
@@ -45,7 +45,7 @@
  "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  
  "nextstep",   "cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-@@ -734,6 +754,10 @@ PROCESS_ARGS:
+@@ -808,6 +828,10 @@ PROCESS_ARGS:
                                {
                                $libs.=$_." ";
                                }
@@ -56,7 +56,7 @@
                        elsif (/^-[^-]/ or /^\+/)
                                {
                                $flags.=$_." ";
-@@ -1371,7 +1395,7 @@ while (<IN>)
+@@ -1523,7 +1547,7 @@ while (<IN>)
        elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
                {
                my $sotmp = $1;
diff -r f270f0702229 -r 75623f6226df security/openssl/patches/patch-af
--- a/security/openssl/patches/patch-af Thu Jan 14 22:33:30 2010 +0000
+++ b/security/openssl/patches/patch-af Fri Jan 15 04:55:30 2010 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-af,v 1.22 2009/01/08 16:38:22 tnn Exp $
+$NetBSD: patch-af,v 1.23 2010/01/15 04:55:30 taca Exp $
 
---- Makefile.org.orig  2008-12-30 14:26:26.000000000 +0100
+--- Makefile.org.orig  2009-03-03 22:40:29.000000000 +0000
 +++ Makefile.org
 @@ -28,6 +28,7 @@ INSTALLTOP=/usr/local/ssl
  
@@ -47,7 +47,7 @@
                INSTALL_PREFIX='${INSTALL_PREFIX}'              \
                INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}'   \
                MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
-@@ -608,7 +610,7 @@ dist:   
+@@ -611,7 +613,7 @@ dist:   
  dist_pem_h:
        (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  
@@ -56,7 +56,7 @@
  
  install_sw:
        @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-@@ -616,9 +618,7 @@ install_sw:
+@@ -619,9 +621,7 @@ install_sw:
                $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
                $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
                $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
@@ -67,7 +67,7 @@
        @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
        do \
        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-@@ -688,35 +688,53 @@ install_docs:
+@@ -691,35 +691,53 @@ install_docs:
        set -e; for i in doc/apps/*.pod; do \
                fn=`basename $$i .pod`; \
                sec=`$(PERL) util/extract-section.pl 1 < $$i`; \



Home | Main Index | Thread Index | Old Index