From 3b6ea4db7ee61506d3bf5ec4f40c9a0ea82a715a Mon Sep 17 00:00:00 2001 From: tron Date: Wed, 14 Mar 2012 14:48:33 +0000 Subject: [PATCH] Pullup ticket #3702 - requested by taca security/openssl: security update Revisions pulled up: - security/openssl/Makefile 1.163 - security/openssl/distinfo 1.86 - security/openssl/patches/patch-asn_mime.c deleted --- Module Name: pkgsrc Committed By: taca Date: Tue Mar 13 03:11:32 UTC 2012 Modified Files: pkgsrc/security/openssl: Makefile distinfo Removed Files: pkgsrc/security/openssl/patches: patch-asn_mime.c Log Message: Update openssl pacakge to 0.9.8u. Changes between 0.9.8t and 0.9.8u [12 Mar 2012] *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness in CMS and PKCS7 code. When RSA decryption fails use a random key for content decryption and always return the same error. Note: this attack needs on average 2^20 messages so it only affects automated senders. The old behaviour can be reenabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where an MMA defence is not necessary. Thanks to Ivan Nestlerode for discovering this issue. (CVE-2012-0884) [Steve Henson] *) Fix CVE-2011-4619: make sure we really are receiving a client hello before rejecting multiple SGC restarts. Thanks to Ivan Nestlerode for discovering this bug. [Steve Henson] --- security/openssl/Makefile | 5 ++--- security/openssl/distinfo | 9 ++++----- security/openssl/patches/patch-asn_mime.c | 17 ----------------- 3 files changed, 6 insertions(+), 25 deletions(-) delete mode 100644 security/openssl/patches/patch-asn_mime.c diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 85ca443b206f5..418e95a271a3c 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.159.2.2 2012/03/06 10:29:29 tron Exp $ +# $NetBSD: Makefile,v 1.159.2.3 2012/03/14 14:48:33 tron Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty -OPENSSL_VERS?= 0.9.8t +OPENSSL_VERS?= 0.9.8u .if empty(OPENSSL_SNAPSHOT) DISTNAME= openssl-${OPENSSL_VERS} @@ -22,7 +22,6 @@ MASTER_SITES= ftp://ftp.openssl.org/snapshot/ .endif SVR4_PKGNAME= ossl -PKGREVISION= 1 CATEGORIES= security MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.openssl.org/ diff --git a/security/openssl/distinfo b/security/openssl/distinfo index da10dd6019da5..3f0fd530a037f 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.83.2.2 2012/03/06 10:29:29 tron Exp $ +$NetBSD: distinfo,v 1.83.2.3 2012/03/14 14:48:33 tron Exp $ -SHA1 (openssl-0.9.8t.tar.gz) = 42e2ba06cc859d61f645915c9a30326eda371a5e -RMD160 (openssl-0.9.8t.tar.gz) = 8d5a32ebc94c578021bce519f92b5d31743d3e47 -Size (openssl-0.9.8t.tar.gz) = 3778943 bytes +SHA1 (openssl-0.9.8u.tar.gz) = 09b4f2d9c4588d8010eac6f4ab0c96ad0e9d66ac +RMD160 (openssl-0.9.8u.tar.gz) = e0a7fa3950ca290d0a931a130f8651e54ad2a400 +Size (openssl-0.9.8u.tar.gz) = 3781776 bytes SHA1 (patch-aa) = eb25505e8a745eb5ba85f857b0f9302fd5e9bda1 SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208 SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3 @@ -11,4 +11,3 @@ SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302 -SHA1 (patch-asn_mime.c) = 45c25660b03687a014e54a24343f775e0e6b9b71 diff --git a/security/openssl/patches/patch-asn_mime.c b/security/openssl/patches/patch-asn_mime.c deleted file mode 100644 index 58e85f5b5bb36..0000000000000 --- a/security/openssl/patches/patch-asn_mime.c +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-asn_mime.c,v 1.1.2.2 2012/03/06 10:29:30 tron Exp $ - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7250 - ---- crypto/asn1/asn_mime.c.orig 2012-03-05 00:08:44.000000000 +0000 -+++ crypto/asn1/asn_mime.c -@@ -790,6 +790,10 @@ static int mime_hdr_addparam(MIME_HEADER - static int mime_hdr_cmp(const MIME_HEADER * const *a, - const MIME_HEADER * const *b) - { -+ if ((*a)->name == NULL || (*b)->name == NULL) -+ return (*a)->name - (*b)->name < 0 ? -1 : -+ (*a)->name - (*b)->name > 0 ? 1 : 0; -+ - return(strcmp((*a)->name, (*b)->name)); - } -