pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/openssl Update openssl package to 0.9.8l, fix...
details: https://anonhg.NetBSD.org/pkgsrc/rev/75623f6226df
branches: trunk
changeset: 569181:75623f6226df
user: taca <taca%pkgsrc.org@localhost>
date: Fri Jan 15 04:55:30 2010 +0000
description:
Update openssl package to 0.9.8l, fixing security problem.
Approved by agc@.
Changes between 0.9.8k and 0.9.8l [5 Nov 2009]
*) Disable renegotiation completely - this fixes a severe security
problem (CVE-2009-3555) at the cost of breaking all
renegotiation. Renegotiation can be re-enabled by setting
SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
run-time. This is really not recommended unless you know what
you're doing.
[Ben Laurie]
diffstat:
security/openssl/Makefile | 7 +++----
security/openssl/distinfo | 14 +++++++-------
security/openssl/patches/patch-aa | 10 +++++-----
security/openssl/patches/patch-ac | 16 ++++++++--------
security/openssl/patches/patch-af | 10 +++++-----
5 files changed, 28 insertions(+), 29 deletions(-)
diffs (169 lines):
diff -r f270f0702229 -r 75623f6226df security/openssl/Makefile
--- a/security/openssl/Makefile Thu Jan 14 22:33:30 2010 +0000
+++ b/security/openssl/Makefile Fri Jan 15 04:55:30 2010 +0000
@@ -1,15 +1,14 @@
-# $NetBSD: Makefile,v 1.141 2009/12/25 11:58:06 obache Exp $
+# $NetBSD: Makefile,v 1.142 2010/01/15 04:55:30 taca Exp $
OPENSSL_SNAPSHOT?= # empty
OPENSSL_STABLE?= # empty
-OPENSSL_VERS?= 0.9.8k
-PKGREVISION= 1
+OPENSSL_VERS?= 0.9.8l
.if empty(OPENSSL_SNAPSHOT)
DISTNAME= openssl-${OPENSSL_VERS}
MASTER_SITES= ftp://ftp.openssl.org/source/ \
ftp://sunsite.cnlab-switch.ch/mirror/openssl/source/ \
- ftp://sunsite.uio.no/pub/security/openssl/source/
+ ftp://sunsite.uio.no/pub/security/openssl/source/
.else
. if !empty(OPENSSL_STABLE:M[yY][eE][sS])
DISTNAME= openssl-${OPENSSL_VERS:C/[a-z]$//}-stable-SNAP-${OPENSSL_SNAPSHOT}
diff -r f270f0702229 -r 75623f6226df security/openssl/distinfo
--- a/security/openssl/distinfo Thu Jan 14 22:33:30 2010 +0000
+++ b/security/openssl/distinfo Fri Jan 15 04:55:30 2010 +0000
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.69 2009/12/25 11:58:06 obache Exp $
+$NetBSD: distinfo,v 1.70 2010/01/15 04:55:30 taca Exp $
-SHA1 (openssl-0.9.8k.tar.gz) = 3ba079f91d3c1ec90a36dcd1d43857165035703f
-RMD160 (openssl-0.9.8k.tar.gz) = 496df7a5d33457b0d8e3b930a8e5cf068923182c
-Size (openssl-0.9.8k.tar.gz) = 3852259 bytes
-SHA1 (patch-aa) = 7191fd8bc34b384f44a9a7c238a556f251ab01c9
-SHA1 (patch-ac) = 1b0954f97524b3896bef562d1b13fa9aec1f0dec
+SHA1 (openssl-0.9.8l.tar.gz) = d3fb6ec89532ab40646b65af179bb1770f7ca28f
+RMD160 (openssl-0.9.8l.tar.gz) = 9de81ec2583edcba729e62d50fd22c0a98a52903
+Size (openssl-0.9.8l.tar.gz) = 4179422 bytes
+SHA1 (patch-aa) = cb6942b0be960151c185e89af1e09050a6b18dff
+SHA1 (patch-ac) = 3f62d36e18c2b8f587322dac5b329207704f40ad
SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3
SHA1 (patch-ae) = 7a58f1765a3761321dcc8dafc5fe2e33207be480
-SHA1 (patch-af) = 1eda5a96835b65d325c77ce5d39f1e524815a3c7
+SHA1 (patch-af) = 81263ce9dc0e89293ac1fc298e1178253a0b0b1b
SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8
SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0
SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302
diff -r f270f0702229 -r 75623f6226df security/openssl/patches/patch-aa
--- a/security/openssl/patches/patch-aa Thu Jan 14 22:33:30 2010 +0000
+++ b/security/openssl/patches/patch-aa Fri Jan 15 04:55:30 2010 +0000
@@ -1,7 +1,7 @@
-$NetBSD: patch-aa,v 1.21 2009/12/25 11:58:06 obache Exp $
+$NetBSD: patch-aa,v 1.22 2010/01/15 04:55:30 taca Exp $
---- config.orig 2007-08-01 13:21:35.000000000 +0200
-+++ config 2007-10-21 13:18:53.000000000 +0200
+--- config.orig 2009-02-16 08:43:41.000000000 +0000
++++ config
@@ -49,6 +49,7 @@ done
# First get uname entries that we use below
@@ -39,7 +39,7 @@
;;
OpenBSD:*)
-@@ -655,13 +664,18 @@ case "$GUESSOS" in
+@@ -661,13 +670,18 @@ case "$GUESSOS" in
;;
*-*-sunos4) OUT="sunos-$CC" ;;
@@ -59,7 +59,7 @@
if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD
libc=/usr/lib/libc.so
else # OpenBSD
-@@ -674,6 +688,8 @@ case "$GUESSOS" in
+@@ -680,6 +694,8 @@ case "$GUESSOS" in
esac ;;
*-*-*bsd*) OUT="BSD-generic32" ;;
diff -r f270f0702229 -r 75623f6226df security/openssl/patches/patch-ac
--- a/security/openssl/patches/patch-ac Thu Jan 14 22:33:30 2010 +0000
+++ b/security/openssl/patches/patch-ac Fri Jan 15 04:55:30 2010 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ac,v 1.36 2009/12/25 11:58:06 obache Exp $
+$NetBSD: patch-ac,v 1.37 2010/01/15 04:55:30 taca Exp $
---- Configure.orig 2007-09-16 14:24:17.000000000 +0200
-+++ Configure 2007-10-21 13:21:36.000000000 +0200
-@@ -194,7 +194,7 @@ my %table=(
+--- Configure.orig 2009-11-05 12:07:06.000000000 +0000
++++ Configure
+@@ -206,7 +206,7 @@ my %table=(
"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT
DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Solaris x86 with Sun C setups
@@ -11,7 +11,7 @@
"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT
DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Solaris with GNU C setups
-@@ -306,6 +306,7 @@ my %table=(
+@@ -318,6 +318,7 @@ my %table=(
#
"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
@@ -19,7 +19,7 @@
"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
####
-@@ -368,6 +369,25 @@ my %table=(
+@@ -380,6 +381,25 @@ my %table=(
"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -45,7 +45,7 @@
"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"nextstep", "cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-@@ -734,6 +754,10 @@ PROCESS_ARGS:
+@@ -808,6 +828,10 @@ PROCESS_ARGS:
{
$libs.=$_." ";
}
@@ -56,7 +56,7 @@
elsif (/^-[^-]/ or /^\+/)
{
$flags.=$_." ";
-@@ -1371,7 +1395,7 @@ while (<IN>)
+@@ -1523,7 +1547,7 @@ while (<IN>)
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
{
my $sotmp = $1;
diff -r f270f0702229 -r 75623f6226df security/openssl/patches/patch-af
--- a/security/openssl/patches/patch-af Thu Jan 14 22:33:30 2010 +0000
+++ b/security/openssl/patches/patch-af Fri Jan 15 04:55:30 2010 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-af,v 1.22 2009/01/08 16:38:22 tnn Exp $
+$NetBSD: patch-af,v 1.23 2010/01/15 04:55:30 taca Exp $
---- Makefile.org.orig 2008-12-30 14:26:26.000000000 +0100
+--- Makefile.org.orig 2009-03-03 22:40:29.000000000 +0000
+++ Makefile.org
@@ -28,6 +28,7 @@ INSTALLTOP=/usr/local/ssl
@@ -47,7 +47,7 @@
INSTALL_PREFIX='${INSTALL_PREFIX}' \
INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
-@@ -608,7 +610,7 @@ dist:
+@@ -611,7 +613,7 @@ dist:
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
@@ -56,7 +56,7 @@
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-@@ -616,9 +618,7 @@ install_sw:
+@@ -619,9 +621,7 @@ install_sw:
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
@@ -67,7 +67,7 @@
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-@@ -688,35 +688,53 @@ install_docs:
+@@ -691,35 +691,53 @@ install_docs:
set -e; for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
Home |
Main Index |
Thread Index |
Old Index