Date: Wed, 17 Nov 2010 05:58:28 +0100 From: Alexander Wittig <alexander@wittig.name> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/152312: [PATCH] update security/openssl to 1.0.0b, SCTP patchset 20, and clean up DTSL patches Message-ID: <E1PIa6G-00023h-Et@hotzenplotz.wittig.name> Resent-Message-ID: <201011170500.oAH50JFt025110@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 152312 >Category: ports >Synopsis: [PATCH] update security/openssl to 1.0.0b, SCTP patchset 20, and clean up DTSL patches >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Nov 17 05:00:18 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Alexander Wittig <alexander@wittig.name> >Release: FreeBSD 8.1-STABLE amd64 >Organization: >Environment: System: FreeBSD hotzenplotz.wittig.name 8.1-STABLE FreeBSD 8.1-STABLE #0: Sat Nov 13 23:43:25 CET 2010 root@hotzenplotz.wittig.name:/usr/obj/usr/src/sys/ALEX amd64 >Description: OpenSSL has released a new version 1.0.0b fixing a possible buffer overflow in version 1.0.0a: http://www.openssl.org/ Also the SCTP patches from http://sctp.fh-muenster.de/dtls-patches.html are outdated >How-To-Repeat: N/A >Fix: Attached patch will: * Update OpenSSL to 1.0.0b * Change the default options to include two patches from http://sctp.fh-muenster.de/dtls-patches.html (TLS key extractor and abbr. negotiations) as those two patches have been integrated into the upcoming version 1.0.1 upstream (if this is undesired feel free to revert it). * Remove the DTSL_BUGS option as it is a noop since all patches in that set have been integrated into 1.0.0a upstream It does not, however, fix the indentation of the options (I'm not sure if there was a purpose for it to be different for DTLS options) --- patch.diff begins here --- diff -u /usr/ports/security/openssl/Makefile openssl/Makefile --- /usr/ports/security/openssl/Makefile 2010-06-11 22:15:30.000000000 +0200 +++ openssl/Makefile 2010-11-17 03:42:29.000000000 +0100 @@ -7,8 +7,8 @@ PORTNAME= openssl PORTVERSION= 1.0.0 -DISTVERSION= 1.0.0a -PORTREVISION= 2 +DISTVERSION= 1.0.0b +PORTREVISION= 3 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \ ftp://ftp.openssl.org/%SUBDIR%/ \ @@ -35,10 +35,9 @@ MD2 "Build with MD2 hash (obsolete)" off \ RC5 "Build with RC5 chipher (patented)" off \ RFC3779 "Build with RFC3779 support" off \ - DTLS_BUGS "Build with DTLS bugfixes" off \ - DTLS_RENEGOTIATION "Build with DTLS Abbr. renegotiations" off \ + DTLS_RENEGOTIATION "Build with DTLS Abbr. renegotiations" on \ DTLS_HEARTBEAT "Build with DTLS Heartbeat Extension" off \ - TLS_EXTRACTOR "Build with TLS key material extractor" off \ + TLS_EXTRACTOR "Build with TLS key material extractor" on \ SCTP "Build with SCTP support" off \ MAKE_JOBS_UNSAFE= yes @@ -1109,7 +1108,7 @@ .endif .if defined(WITH_SCTP) -WITH_DTLS_BUGS=yes +#WITH_DTLS_BUGS=yes WITH_TLS_EXTRACTOR?= yes EXTRACONFIGURE+= sctp .if defined(WITH_DTLS_HEARTBEAT) @@ -1120,8 +1119,8 @@ .endif .endif # order of PATCHFILES is important -.if defined(WITH_DTLS_BUGS) || make(makesum) || defined(FETCH_ALL) -.endif +#.if defined(WITH_DTLS_BUGS) || make(makesum) || defined(FETCH_ALL) +#.endif .if defined(WITH_DTLS_RENEGOTIATION) || make(makesum) || defined(FETCH_ALL) PATCHFILES+= abbreviated-renegotiation.patch .endif @@ -1129,7 +1128,7 @@ PATCHFILES+= tls-extractor.patch .endif .if defined(WITH_SCTP) || make(makesum) || defined(FETCH_ALL) -PATCHFILES+= dtls-sctp-17.patch +PATCHFILES+= dtls-sctp-20.patch .endif .if defined(WITH_DTLS_HEARTBEAT) || make(makesum) || defined(FETCH_ALL) PATCHFILES+= dtls-heartbeats.patch diff -u /usr/ports/security/openssl/distinfo openssl/distinfo --- /usr/ports/security/openssl/distinfo 2010-06-11 22:15:00.000000000 +0200 +++ openssl/distinfo 2010-11-17 03:38:08.000000000 +0100 @@ -1,15 +1,10 @@ -MD5 (openssl-1.0.0a/openssl-1.0.0a.tar.gz) = e3873edfffc783624cfbdb65e2249cbd -SHA256 (openssl-1.0.0a/openssl-1.0.0a.tar.gz) = 18a9bd1fc02b8ef90dded34fafaa9089baaafef278a19fc4e89c2ab0dcf70f63 -SIZE (openssl-1.0.0a/openssl-1.0.0a.tar.gz) = 4015794 -MD5 (openssl-1.0.0a/abbreviated-renegotiation.patch) = 2409eb80e65effb928032ee18f690dd7 -SHA256 (openssl-1.0.0a/abbreviated-renegotiation.patch) = ddbc0683461d364af25b3cd7481d73c6476bfcfb945b3b3c9883f72eabb6367f -SIZE (openssl-1.0.0a/abbreviated-renegotiation.patch) = 6578 -MD5 (openssl-1.0.0a/tls-extractor.patch) = 23a88cd05cdb3f2040b0866b87586460 -SHA256 (openssl-1.0.0a/tls-extractor.patch) = bb1aa486327fd96f9d6b870f0a1ad2c83dd4c06a96284eb64dde3f833ba5e0d0 -SIZE (openssl-1.0.0a/tls-extractor.patch) = 1234 -MD5 (openssl-1.0.0a/dtls-sctp-17.patch) = 9037f54f0d851daa8b35fc5ad5f903c0 -SHA256 (openssl-1.0.0a/dtls-sctp-17.patch) = b8968a1a01f459033c40fe15e1b77e8941db301a10bb7668baa3961632c23b4c -SIZE (openssl-1.0.0a/dtls-sctp-17.patch) = 51558 -MD5 (openssl-1.0.0a/dtls-heartbeats.patch) = 628f9a70baaaafbb0ceadb3736bd5782 -SHA256 (openssl-1.0.0a/dtls-heartbeats.patch) = c75dbb87d8afe9f3156993169880c14a1c58addf0cd9bf1e9a31cc14047559f2 -SIZE (openssl-1.0.0a/dtls-heartbeats.patch) = 14129 +SHA256 (openssl-1.0.0b/openssl-1.0.0b.tar.gz) = 4e7b4e2fb33ee2d97c5e143561ab495dbbfc08f0a863e617a0c7adca19017331 +SIZE (openssl-1.0.0b/openssl-1.0.0b.tar.gz) = 4019360 +SHA256 (openssl-1.0.0b/abbreviated-renegotiation.patch) = ddbc0683461d364af25b3cd7481d73c6476bfcfb945b3b3c9883f72eabb6367f +SIZE (openssl-1.0.0b/abbreviated-renegotiation.patch) = 6578 +SHA256 (openssl-1.0.0b/tls-extractor.patch) = bb1aa486327fd96f9d6b870f0a1ad2c83dd4c06a96284eb64dde3f833ba5e0d0 +SIZE (openssl-1.0.0b/tls-extractor.patch) = 1234 +SHA256 (openssl-1.0.0b/dtls-sctp-20.patch) = 3b451618b64d7dbc917942759c26cbc717be3077e9d73cb3c5bd12a82a132268 +SIZE (openssl-1.0.0b/dtls-sctp-20.patch) = 50812 +SHA256 (openssl-1.0.0b/dtls-heartbeats.patch) = c75dbb87d8afe9f3156993169880c14a1c58addf0cd9bf1e9a31cc14047559f2 +SIZE (openssl-1.0.0b/dtls-heartbeats.patch) = 14129 Common subdirectories: /usr/ports/security/openssl/files and openssl/files --- patch.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1PIa6G-00023h-Et>