diff options
| author | dinoex <dinoex@FreeBSD.org> | 2011-09-08 02:10:58 +0800 |
|---|---|---|
| committer | dinoex <dinoex@FreeBSD.org> | 2011-09-08 02:10:58 +0800 |
| commit | 988de3c766a02df8e056c68e452fc698cc693a1b (patch) | |
| tree | b3f04d9153199342752e1a3a01529ee1a2715823 | |
| parent | f362e6d45436026f734603226a9a0e7f8dabb400 (diff) | |
| download | freebsd-ports-gnome-988de3c766a02df8e056c68e452fc698cc693a1b.tar.gz freebsd-ports-gnome-988de3c766a02df8e056c68e452fc698cc693a1b.tar.zst freebsd-ports-gnome-988de3c766a02df8e056c68e452fc698cc693a1b.zip | |
- Security update to 1.0.0e
Security: http://openssl.org/news/secadv_20110906.txt
- drop option TLS_EXTRACTOR, now in distribution
- add RFC-5705 patch
Obtained from: OpenBSD
| -rw-r--r-- | security/openssl/Makefile | 11 | ||||
| -rw-r--r-- | security/openssl/distinfo | 18 | ||||
| -rw-r--r-- | security/openssl/files/patch-RFC-5705 | 34 |
3 files changed, 45 insertions, 18 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index aa5b78292048..4e556c845535 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -7,8 +7,8 @@ PORTNAME= openssl PORTVERSION= 1.0.0 -DISTVERSION= 1.0.0d -PORTREVISION= 5 +DISTVERSION= 1.0.0e +PORTREVISION= 6 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \ ftp://ftp.openssl.org/%SUBDIR%/ \ @@ -37,7 +37,6 @@ OPTIONS= I386 "Use optimized assembler for 80386" off \ RFC3779 "Build with RFC3779 support" off \ DTLS_RENEGOTIATION "Build with DTLS Abbr. renegotiations" off \ DTLS_HEARTBEAT "Build with DTLS Heartbeat Extension" off \ - TLS_EXTRACTOR "Build with TLS key material extractor" off \ SCTP "Build with SCTP support" off \ MAKE_JOBS_UNSAFE= yes @@ -1108,7 +1107,6 @@ EXTRACONFIGURE+= no-rfc3779 .endif .if defined(WITH_SCTP) -WITH_TLS_EXTRACTOR?= yes EXTRACONFIGURE+= sctp .if defined(WITH_DTLS_HEARTBEAT) BROKEN= Patches do not merge, please change options @@ -1121,11 +1119,8 @@ BROKEN= Patches do not merge, please change options .if defined(WITH_DTLS_RENEGOTIATION) || make(makesum) || defined(FETCH_ALL) PATCHFILES+= abbreviated-renegotiation.patch .endif -.if defined(WITH_TLS_EXTRACTOR) || make(makesum) || defined(FETCH_ALL) -PATCHFILES+= tls-extractor.patch -.endif .if defined(WITH_SCTP) || make(makesum) || defined(FETCH_ALL) -PATCHFILES+= dtls-sctp-20.patch +PATCHFILES+= dtls-sctp-24.patch .endif .if defined(WITH_DTLS_HEARTBEAT) || make(makesum) || defined(FETCH_ALL) PATCHFILES+= dtls-heartbeats.patch diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 27ba33b4df59..64955714c32d 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,10 +1,8 @@ -SHA256 (openssl-1.0.0d/openssl-1.0.0d.tar.gz) = 92511d1f0caaa298dba250426f8e7d5d00b271847886d1adc62422778d6320db -SIZE (openssl-1.0.0d/openssl-1.0.0d.tar.gz) = 4025484 -SHA256 (openssl-1.0.0d/abbreviated-renegotiation.patch) = 606e0fe48d39484d1663be12e35c91f012f2f864bc2fc3fc4ec3f889c94ab3ef -SIZE (openssl-1.0.0d/abbreviated-renegotiation.patch) = 6578 -SHA256 (openssl-1.0.0d/tls-extractor.patch) = b7dfb15b6ab7d62348eaa191fc8ba06565c92ecdd5d08bb5e9eb01a2e7433bb2 -SIZE (openssl-1.0.0d/tls-extractor.patch) = 1235 -SHA256 (openssl-1.0.0d/dtls-sctp-20.patch) = f002b13fead7c08270a9cfaf556be49c62be5b46f492ad59db29af4d3e9a4e67 -SIZE (openssl-1.0.0d/dtls-sctp-20.patch) = 50812 -SHA256 (openssl-1.0.0d/dtls-heartbeats.patch) = b580ba6419e5732ed09fb9b4a9b2c083b1a002b848b2c71d6357ca7c9c36670e -SIZE (openssl-1.0.0d/dtls-heartbeats.patch) = 14132 +SHA256 (openssl-1.0.0e/openssl-1.0.0e.tar.gz) = e361dc2775733fb84de7b5bf7b504778b772869e8f7bfac0b28b935cbf7380f7 +SIZE (openssl-1.0.0e/openssl-1.0.0e.tar.gz) = 4040229 +SHA256 (openssl-1.0.0e/abbreviated-renegotiation.patch) = 606e0fe48d39484d1663be12e35c91f012f2f864bc2fc3fc4ec3f889c94ab3ef +SIZE (openssl-1.0.0e/abbreviated-renegotiation.patch) = 6578 +SHA256 (openssl-1.0.0e/dtls-sctp-24.patch) = 8335423c6f4767b899d923091244ec90cab4aabbd6e557358d04d0daf023001a +SIZE (openssl-1.0.0e/dtls-sctp-24.patch) = 57229 +SHA256 (openssl-1.0.0e/dtls-heartbeats.patch) = b580ba6419e5732ed09fb9b4a9b2c083b1a002b848b2c71d6357ca7c9c36670e +SIZE (openssl-1.0.0e/dtls-heartbeats.patch) = 14132 diff --git a/security/openssl/files/patch-RFC-5705 b/security/openssl/files/patch-RFC-5705 new file mode 100644 index 000000000000..73c7e1b64692 --- /dev/null +++ b/security/openssl/files/patch-RFC-5705 @@ -0,0 +1,34 @@ +--- ssl/ssl.h 6 Jan 2010 17:37:38 -0000 1.221.2.24 ++++ ssl/ssl.h 17 Jun 2010 12:25:35 -0000 +@@ -1806,6 +1806,10 @@ + /* Pre-shared secret session resumption functions */ + int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); + ++void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len, ++ unsigned char *context, int context_len, ++ unsigned char *out, int olen); ++ + /* BEGIN ERROR CODES */ + /* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + +--- ssl/t1_enc.c 15 Jun 2010 17:25:15 -0000 1.57.2.3 ++++ ssl/t1_enc.c 17 Jun 2010 12:25:35 -0000 +@@ -1043,3 +1043,17 @@ + } + } + ++void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len, ++ unsigned char *context, int context_len, ++ unsigned char *out, int olen) ++ { ++ unsigned char tmp[olen]; ++ ++ tls1_PRF(s->s3->tmp.new_cipher->algorithm2, ++ label, label_len, ++ s->s3->client_random,SSL3_RANDOM_SIZE, ++ s->s3->server_random,SSL3_RANDOM_SIZE, ++ context, context_len, NULL, 0, ++ s->session->master_key, s->session->master_key_length, ++ out, tmp, olen); ++ } |