ports/152312: [PATCH] update security/openssl to 1.0.0b, SCTP patchset 20, and clean up DTSL patches
Alexander Wittig
alexander at wittig.name
Wed Nov 17 05:00:19 UTC 2010
>Number: 152312
>Category: ports
>Synopsis: [PATCH] update security/openssl to 1.0.0b, SCTP patchset 20, and clean up DTSL patches
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Nov 17 05:00:18 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Alexander Wittig <alexander at wittig.name>
>Release: FreeBSD 8.1-STABLE amd64
>Organization:
>Environment:
System: FreeBSD hotzenplotz.wittig.name 8.1-STABLE FreeBSD 8.1-STABLE #0: Sat Nov 13 23:43:25 CET 2010 root at hotzenplotz.wittig.name:/usr/obj/usr/src/sys/ALEX amd64
>Description:
OpenSSL has released a new version 1.0.0b fixing a possible buffer overflow in version 1.0.0a: http://www.openssl.org/
Also the SCTP patches from http://sctp.fh-muenster.de/dtls-patches.html are outdated
>How-To-Repeat:
N/A
>Fix:
Attached patch will:
* Update OpenSSL to 1.0.0b
* Change the default options to include two patches from http://sctp.fh-muenster.de/dtls-patches.html (TLS key extractor and abbr. negotiations) as those two patches have been integrated into the upcoming version 1.0.1 upstream (if this is undesired feel free to revert it).
* Remove the DTSL_BUGS option as it is a noop since all patches in that set have been integrated into 1.0.0a upstream
It does not, however, fix the indentation of the options (I'm not sure if there was a purpose for it to be different for DTLS options)
--- patch.diff begins here ---
diff -u /usr/ports/security/openssl/Makefile openssl/Makefile
--- /usr/ports/security/openssl/Makefile 2010-06-11 22:15:30.000000000 +0200
+++ openssl/Makefile 2010-11-17 03:42:29.000000000 +0100
@@ -7,8 +7,8 @@
PORTNAME= openssl
PORTVERSION= 1.0.0
-DISTVERSION= 1.0.0a
-PORTREVISION= 2
+DISTVERSION= 1.0.0b
+PORTREVISION= 3
CATEGORIES= security devel
MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \
ftp://ftp.openssl.org/%SUBDIR%/ \
@@ -35,10 +35,9 @@
MD2 "Build with MD2 hash (obsolete)" off \
RC5 "Build with RC5 chipher (patented)" off \
RFC3779 "Build with RFC3779 support" off \
- DTLS_BUGS "Build with DTLS bugfixes" off \
- DTLS_RENEGOTIATION "Build with DTLS Abbr. renegotiations" off \
+ DTLS_RENEGOTIATION "Build with DTLS Abbr. renegotiations" on \
DTLS_HEARTBEAT "Build with DTLS Heartbeat Extension" off \
- TLS_EXTRACTOR "Build with TLS key material extractor" off \
+ TLS_EXTRACTOR "Build with TLS key material extractor" on \
SCTP "Build with SCTP support" off \
MAKE_JOBS_UNSAFE= yes
@@ -1109,7 +1108,7 @@
.endif
.if defined(WITH_SCTP)
-WITH_DTLS_BUGS=yes
+#WITH_DTLS_BUGS=yes
WITH_TLS_EXTRACTOR?= yes
EXTRACONFIGURE+= sctp
.if defined(WITH_DTLS_HEARTBEAT)
@@ -1120,8 +1119,8 @@
.endif
.endif
# order of PATCHFILES is important
-.if defined(WITH_DTLS_BUGS) || make(makesum) || defined(FETCH_ALL)
-.endif
+#.if defined(WITH_DTLS_BUGS) || make(makesum) || defined(FETCH_ALL)
+#.endif
.if defined(WITH_DTLS_RENEGOTIATION) || make(makesum) || defined(FETCH_ALL)
PATCHFILES+= abbreviated-renegotiation.patch
.endif
@@ -1129,7 +1128,7 @@
PATCHFILES+= tls-extractor.patch
.endif
.if defined(WITH_SCTP) || make(makesum) || defined(FETCH_ALL)
-PATCHFILES+= dtls-sctp-17.patch
+PATCHFILES+= dtls-sctp-20.patch
.endif
.if defined(WITH_DTLS_HEARTBEAT) || make(makesum) || defined(FETCH_ALL)
PATCHFILES+= dtls-heartbeats.patch
diff -u /usr/ports/security/openssl/distinfo openssl/distinfo
--- /usr/ports/security/openssl/distinfo 2010-06-11 22:15:00.000000000 +0200
+++ openssl/distinfo 2010-11-17 03:38:08.000000000 +0100
@@ -1,15 +1,10 @@
-MD5 (openssl-1.0.0a/openssl-1.0.0a.tar.gz) = e3873edfffc783624cfbdb65e2249cbd
-SHA256 (openssl-1.0.0a/openssl-1.0.0a.tar.gz) = 18a9bd1fc02b8ef90dded34fafaa9089baaafef278a19fc4e89c2ab0dcf70f63
-SIZE (openssl-1.0.0a/openssl-1.0.0a.tar.gz) = 4015794
-MD5 (openssl-1.0.0a/abbreviated-renegotiation.patch) = 2409eb80e65effb928032ee18f690dd7
-SHA256 (openssl-1.0.0a/abbreviated-renegotiation.patch) = ddbc0683461d364af25b3cd7481d73c6476bfcfb945b3b3c9883f72eabb6367f
-SIZE (openssl-1.0.0a/abbreviated-renegotiation.patch) = 6578
-MD5 (openssl-1.0.0a/tls-extractor.patch) = 23a88cd05cdb3f2040b0866b87586460
-SHA256 (openssl-1.0.0a/tls-extractor.patch) = bb1aa486327fd96f9d6b870f0a1ad2c83dd4c06a96284eb64dde3f833ba5e0d0
-SIZE (openssl-1.0.0a/tls-extractor.patch) = 1234
-MD5 (openssl-1.0.0a/dtls-sctp-17.patch) = 9037f54f0d851daa8b35fc5ad5f903c0
-SHA256 (openssl-1.0.0a/dtls-sctp-17.patch) = b8968a1a01f459033c40fe15e1b77e8941db301a10bb7668baa3961632c23b4c
-SIZE (openssl-1.0.0a/dtls-sctp-17.patch) = 51558
-MD5 (openssl-1.0.0a/dtls-heartbeats.patch) = 628f9a70baaaafbb0ceadb3736bd5782
-SHA256 (openssl-1.0.0a/dtls-heartbeats.patch) = c75dbb87d8afe9f3156993169880c14a1c58addf0cd9bf1e9a31cc14047559f2
-SIZE (openssl-1.0.0a/dtls-heartbeats.patch) = 14129
+SHA256 (openssl-1.0.0b/openssl-1.0.0b.tar.gz) = 4e7b4e2fb33ee2d97c5e143561ab495dbbfc08f0a863e617a0c7adca19017331
+SIZE (openssl-1.0.0b/openssl-1.0.0b.tar.gz) = 4019360
+SHA256 (openssl-1.0.0b/abbreviated-renegotiation.patch) = ddbc0683461d364af25b3cd7481d73c6476bfcfb945b3b3c9883f72eabb6367f
+SIZE (openssl-1.0.0b/abbreviated-renegotiation.patch) = 6578
+SHA256 (openssl-1.0.0b/tls-extractor.patch) = bb1aa486327fd96f9d6b870f0a1ad2c83dd4c06a96284eb64dde3f833ba5e0d0
+SIZE (openssl-1.0.0b/tls-extractor.patch) = 1234
+SHA256 (openssl-1.0.0b/dtls-sctp-20.patch) = 3b451618b64d7dbc917942759c26cbc717be3077e9d73cb3c5bd12a82a132268
+SIZE (openssl-1.0.0b/dtls-sctp-20.patch) = 50812
+SHA256 (openssl-1.0.0b/dtls-heartbeats.patch) = c75dbb87d8afe9f3156993169880c14a1c58addf0cd9bf1e9a31cc14047559f2
+SIZE (openssl-1.0.0b/dtls-heartbeats.patch) = 14129
Common subdirectories: /usr/ports/security/openssl/files and openssl/files
--- patch.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list