diff options
| author | dinoex <dinoex@FreeBSD.org> | 2010-11-17 18:35:00 +0800 |
|---|---|---|
| committer | dinoex <dinoex@FreeBSD.org> | 2010-11-17 18:35:00 +0800 |
| commit | fb44a9dd3d462bfc55045f18c1abfe60fbe4303d (patch) | |
| tree | 564cf86d4db617b7bfe124170e3c83f71cb5e5cb /security | |
| parent | 9fe8cef4fac514525420c27159fa585dc18c3804 (diff) | |
| download | freebsd-ports-gnome-fb44a9dd3d462bfc55045f18c1abfe60fbe4303d.tar.gz freebsd-ports-gnome-fb44a9dd3d462bfc55045f18c1abfe60fbe4303d.tar.zst freebsd-ports-gnome-fb44a9dd3d462bfc55045f18c1abfe60fbe4303d.zip | |
- Security update to 1.0.0b
Security: http://openssl.org/news/secadv_20101116.txt
Security: CVE-2010-3864
PR: 152312
Submitted by: Alexander Wittig
- Fix regression in TLS handling
Obtained from: http://cvs.openssl.org/chngview?cn=19998
Diffstat (limited to 'security')
| -rw-r--r-- | security/openssl/Makefile | 10 | ||||
| -rw-r--r-- | security/openssl/distinfo | 25 | ||||
| -rw-r--r-- | security/openssl/files/patch-t1_lib.c | 16 |
3 files changed, 29 insertions, 22 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 84543f31330d..48a894780451 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -7,8 +7,8 @@ PORTNAME= openssl PORTVERSION= 1.0.0 -DISTVERSION= 1.0.0a -PORTREVISION= 2 +DISTVERSION= 1.0.0b +PORTREVISION= 3 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \ ftp://ftp.openssl.org/%SUBDIR%/ \ @@ -35,7 +35,6 @@ OPTIONS= I386 "Use optimized assembler for 80386" off \ MD2 "Build with MD2 hash (obsolete)" off \ RC5 "Build with RC5 chipher (patented)" off \ RFC3779 "Build with RFC3779 support" off \ - DTLS_BUGS "Build with DTLS bugfixes" off \ DTLS_RENEGOTIATION "Build with DTLS Abbr. renegotiations" off \ DTLS_HEARTBEAT "Build with DTLS Heartbeat Extension" off \ TLS_EXTRACTOR "Build with TLS key material extractor" off \ @@ -1109,7 +1108,6 @@ EXTRACONFIGURE+= no-rfc3779 .endif .if defined(WITH_SCTP) -WITH_DTLS_BUGS=yes WITH_TLS_EXTRACTOR?= yes EXTRACONFIGURE+= sctp .if defined(WITH_DTLS_HEARTBEAT) @@ -1120,8 +1118,6 @@ BROKEN= Patches do not merge, please change options .endif .endif # order of PATCHFILES is important -.if defined(WITH_DTLS_BUGS) || make(makesum) || defined(FETCH_ALL) -.endif .if defined(WITH_DTLS_RENEGOTIATION) || make(makesum) || defined(FETCH_ALL) PATCHFILES+= abbreviated-renegotiation.patch .endif @@ -1129,7 +1125,7 @@ PATCHFILES+= abbreviated-renegotiation.patch PATCHFILES+= tls-extractor.patch .endif .if defined(WITH_SCTP) || make(makesum) || defined(FETCH_ALL) -PATCHFILES+= dtls-sctp-17.patch +PATCHFILES+= dtls-sctp-20.patch .endif .if defined(WITH_DTLS_HEARTBEAT) || make(makesum) || defined(FETCH_ALL) PATCHFILES+= dtls-heartbeats.patch diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 0e740d631876..c77486039dff 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,15 +1,10 @@ -MD5 (openssl-1.0.0a/openssl-1.0.0a.tar.gz) = e3873edfffc783624cfbdb65e2249cbd -SHA256 (openssl-1.0.0a/openssl-1.0.0a.tar.gz) = 18a9bd1fc02b8ef90dded34fafaa9089baaafef278a19fc4e89c2ab0dcf70f63 -SIZE (openssl-1.0.0a/openssl-1.0.0a.tar.gz) = 4015794 -MD5 (openssl-1.0.0a/abbreviated-renegotiation.patch) = 2409eb80e65effb928032ee18f690dd7 -SHA256 (openssl-1.0.0a/abbreviated-renegotiation.patch) = ddbc0683461d364af25b3cd7481d73c6476bfcfb945b3b3c9883f72eabb6367f -SIZE (openssl-1.0.0a/abbreviated-renegotiation.patch) = 6578 -MD5 (openssl-1.0.0a/tls-extractor.patch) = 23a88cd05cdb3f2040b0866b87586460 -SHA256 (openssl-1.0.0a/tls-extractor.patch) = bb1aa486327fd96f9d6b870f0a1ad2c83dd4c06a96284eb64dde3f833ba5e0d0 -SIZE (openssl-1.0.0a/tls-extractor.patch) = 1234 -MD5 (openssl-1.0.0a/dtls-sctp-17.patch) = 9037f54f0d851daa8b35fc5ad5f903c0 -SHA256 (openssl-1.0.0a/dtls-sctp-17.patch) = b8968a1a01f459033c40fe15e1b77e8941db301a10bb7668baa3961632c23b4c -SIZE (openssl-1.0.0a/dtls-sctp-17.patch) = 51558 -MD5 (openssl-1.0.0a/dtls-heartbeats.patch) = 628f9a70baaaafbb0ceadb3736bd5782 -SHA256 (openssl-1.0.0a/dtls-heartbeats.patch) = c75dbb87d8afe9f3156993169880c14a1c58addf0cd9bf1e9a31cc14047559f2 -SIZE (openssl-1.0.0a/dtls-heartbeats.patch) = 14129 +SHA256 (openssl-1.0.0b/openssl-1.0.0b.tar.gz) = 4e7b4e2fb33ee2d97c5e143561ab495dbbfc08f0a863e617a0c7adca19017331 +SIZE (openssl-1.0.0b/openssl-1.0.0b.tar.gz) = 4019360 +SHA256 (openssl-1.0.0b/abbreviated-renegotiation.patch) = ddbc0683461d364af25b3cd7481d73c6476bfcfb945b3b3c9883f72eabb6367f +SIZE (openssl-1.0.0b/abbreviated-renegotiation.patch) = 6578 +SHA256 (openssl-1.0.0b/tls-extractor.patch) = bb1aa486327fd96f9d6b870f0a1ad2c83dd4c06a96284eb64dde3f833ba5e0d0 +SIZE (openssl-1.0.0b/tls-extractor.patch) = 1234 +SHA256 (openssl-1.0.0b/dtls-sctp-20.patch) = 3b451618b64d7dbc917942759c26cbc717be3077e9d73cb3c5bd12a82a132268 +SIZE (openssl-1.0.0b/dtls-sctp-20.patch) = 50812 +SHA256 (openssl-1.0.0b/dtls-heartbeats.patch) = c75dbb87d8afe9f3156993169880c14a1c58addf0cd9bf1e9a31cc14047559f2 +SIZE (openssl-1.0.0b/dtls-heartbeats.patch) = 14129 diff --git a/security/openssl/files/patch-t1_lib.c b/security/openssl/files/patch-t1_lib.c new file mode 100644 index 000000000000..f4fe07588283 --- /dev/null +++ b/security/openssl/files/patch-t1_lib.c @@ -0,0 +1,16 @@ +Index: openssl/ssl/t1_lib.c +RCS File: /v/openssl/cvs/openssl/ssl/t1_lib.c,v +rcsdiff -q -kk '-r1.64.2.15' '-r1.64.2.16' -u '/v/openssl/cvs/openssl/ssl/t1_lib.c,v' 2>/dev/null +--- ssl/t1_lib.c 2010/11/16 13:26:24 1.64.2.15 ++++ ssl/t1_lib.c 2010/11/16 22:41:07 1.64.2.16 +@@ -779,8 +779,8 @@ + { + if(s->session->tlsext_ecpointformatlist) + { +- *al = TLS1_AD_DECODE_ERROR; +- return 0; ++ OPENSSL_free(s->session->tlsext_ecpointformatlist); ++ s->session->tlsext_ecpointformatlist = NULL; + } + s->session->tlsext_ecpointformatlist_length = 0; + if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) |