aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authordinoex <dinoex@FreeBSD.org>2011-09-08 02:10:58 +0800
committerdinoex <dinoex@FreeBSD.org>2011-09-08 02:10:58 +0800
commit988de3c766a02df8e056c68e452fc698cc693a1b (patch)
treeb3f04d9153199342752e1a3a01529ee1a2715823 /security
parentf362e6d45436026f734603226a9a0e7f8dabb400 (diff)
downloadfreebsd-ports-gnome-988de3c766a02df8e056c68e452fc698cc693a1b.tar.gz
freebsd-ports-gnome-988de3c766a02df8e056c68e452fc698cc693a1b.tar.zst
freebsd-ports-gnome-988de3c766a02df8e056c68e452fc698cc693a1b.zip
- Security update to 1.0.0e
Security: http://openssl.org/news/secadv_20110906.txt - drop option TLS_EXTRACTOR, now in distribution - add RFC-5705 patch Obtained from: OpenBSD
Diffstat (limited to 'security')
-rw-r--r--security/openssl/Makefile11
-rw-r--r--security/openssl/distinfo18
-rw-r--r--security/openssl/files/patch-RFC-570534
3 files changed, 45 insertions, 18 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index aa5b78292048..4e556c845535 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -7,8 +7,8 @@
PORTNAME= openssl
PORTVERSION= 1.0.0
-DISTVERSION= 1.0.0d
-PORTREVISION= 5
+DISTVERSION= 1.0.0e
+PORTREVISION= 6
CATEGORIES= security devel
MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \
ftp://ftp.openssl.org/%SUBDIR%/ \
@@ -37,7 +37,6 @@ OPTIONS= I386 "Use optimized assembler for 80386" off \
RFC3779 "Build with RFC3779 support" off \
DTLS_RENEGOTIATION "Build with DTLS Abbr. renegotiations" off \
DTLS_HEARTBEAT "Build with DTLS Heartbeat Extension" off \
- TLS_EXTRACTOR "Build with TLS key material extractor" off \
SCTP "Build with SCTP support" off \
MAKE_JOBS_UNSAFE= yes
@@ -1108,7 +1107,6 @@ EXTRACONFIGURE+= no-rfc3779
.endif
.if defined(WITH_SCTP)
-WITH_TLS_EXTRACTOR?= yes
EXTRACONFIGURE+= sctp
.if defined(WITH_DTLS_HEARTBEAT)
BROKEN= Patches do not merge, please change options
@@ -1121,11 +1119,8 @@ BROKEN= Patches do not merge, please change options
.if defined(WITH_DTLS_RENEGOTIATION) || make(makesum) || defined(FETCH_ALL)
PATCHFILES+= abbreviated-renegotiation.patch
.endif
-.if defined(WITH_TLS_EXTRACTOR) || make(makesum) || defined(FETCH_ALL)
-PATCHFILES+= tls-extractor.patch
-.endif
.if defined(WITH_SCTP) || make(makesum) || defined(FETCH_ALL)
-PATCHFILES+= dtls-sctp-20.patch
+PATCHFILES+= dtls-sctp-24.patch
.endif
.if defined(WITH_DTLS_HEARTBEAT) || make(makesum) || defined(FETCH_ALL)
PATCHFILES+= dtls-heartbeats.patch
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index 27ba33b4df59..64955714c32d 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,10 +1,8 @@
-SHA256 (openssl-1.0.0d/openssl-1.0.0d.tar.gz) = 92511d1f0caaa298dba250426f8e7d5d00b271847886d1adc62422778d6320db
-SIZE (openssl-1.0.0d/openssl-1.0.0d.tar.gz) = 4025484
-SHA256 (openssl-1.0.0d/abbreviated-renegotiation.patch) = 606e0fe48d39484d1663be12e35c91f012f2f864bc2fc3fc4ec3f889c94ab3ef
-SIZE (openssl-1.0.0d/abbreviated-renegotiation.patch) = 6578
-SHA256 (openssl-1.0.0d/tls-extractor.patch) = b7dfb15b6ab7d62348eaa191fc8ba06565c92ecdd5d08bb5e9eb01a2e7433bb2
-SIZE (openssl-1.0.0d/tls-extractor.patch) = 1235
-SHA256 (openssl-1.0.0d/dtls-sctp-20.patch) = f002b13fead7c08270a9cfaf556be49c62be5b46f492ad59db29af4d3e9a4e67
-SIZE (openssl-1.0.0d/dtls-sctp-20.patch) = 50812
-SHA256 (openssl-1.0.0d/dtls-heartbeats.patch) = b580ba6419e5732ed09fb9b4a9b2c083b1a002b848b2c71d6357ca7c9c36670e
-SIZE (openssl-1.0.0d/dtls-heartbeats.patch) = 14132
+SHA256 (openssl-1.0.0e/openssl-1.0.0e.tar.gz) = e361dc2775733fb84de7b5bf7b504778b772869e8f7bfac0b28b935cbf7380f7
+SIZE (openssl-1.0.0e/openssl-1.0.0e.tar.gz) = 4040229
+SHA256 (openssl-1.0.0e/abbreviated-renegotiation.patch) = 606e0fe48d39484d1663be12e35c91f012f2f864bc2fc3fc4ec3f889c94ab3ef
+SIZE (openssl-1.0.0e/abbreviated-renegotiation.patch) = 6578
+SHA256 (openssl-1.0.0e/dtls-sctp-24.patch) = 8335423c6f4767b899d923091244ec90cab4aabbd6e557358d04d0daf023001a
+SIZE (openssl-1.0.0e/dtls-sctp-24.patch) = 57229
+SHA256 (openssl-1.0.0e/dtls-heartbeats.patch) = b580ba6419e5732ed09fb9b4a9b2c083b1a002b848b2c71d6357ca7c9c36670e
+SIZE (openssl-1.0.0e/dtls-heartbeats.patch) = 14132
diff --git a/security/openssl/files/patch-RFC-5705 b/security/openssl/files/patch-RFC-5705
new file mode 100644
index 000000000000..73c7e1b64692
--- /dev/null
+++ b/security/openssl/files/patch-RFC-5705
@@ -0,0 +1,34 @@
+--- ssl/ssl.h 6 Jan 2010 17:37:38 -0000 1.221.2.24
++++ ssl/ssl.h 17 Jun 2010 12:25:35 -0000
+@@ -1806,6 +1806,10 @@
+ /* Pre-shared secret session resumption functions */
+ int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
+
++void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
++ unsigned char *context, int context_len,
++ unsigned char *out, int olen);
++
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+
+--- ssl/t1_enc.c 15 Jun 2010 17:25:15 -0000 1.57.2.3
++++ ssl/t1_enc.c 17 Jun 2010 12:25:35 -0000
+@@ -1043,3 +1043,17 @@
+ }
+ }
+
++void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
++ unsigned char *context, int context_len,
++ unsigned char *out, int olen)
++ {
++ unsigned char tmp[olen];
++
++ tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
++ label, label_len,
++ s->s3->client_random,SSL3_RANDOM_SIZE,
++ s->s3->server_random,SSL3_RANDOM_SIZE,
++ context, context_len, NULL, 0,
++ s->session->master_key, s->session->master_key_length,
++ out, tmp, olen);
++ }