2009/devel/system/base/openssl - Update to 0.9.8o, merge from corporate.

Gökçen Eraslan paketler-commits at pardus.org.tr
Tue Oct 26 22:59:26 EEST 2010 

Author: gokcen.eraslan
Date: Tue Oct 26 22:59:26 2010
New Revision: 103610

Removed:
   2009/devel/system/base/openssl/files/CVE-2009-1387.diff
   2009/devel/system/base/openssl/files/CVE-2009-2409.patch
   2009/devel/system/base/openssl/files/CVE-2009-3555-no-renegotiation.patch
   2009/devel/system/base/openssl/files/CVE-2009-4355.patch
   2009/devel/system/base/openssl/files/CVE-2010-0740-record-of-death.patch
   2009/devel/system/base/openssl/files/cvs17196.patch
   2009/devel/system/base/openssl/files/openssl-0.9.8-CVE-2009-1377.patch
   2009/devel/system/base/openssl/files/openssl-0.9.8-CVE-2009-1378.patch
   2009/devel/system/base/openssl/files/openssl-0.9.8h-tls-extensions.patch
   2009/devel/system/base/openssl/files/openssl-0.9.8k-toolchain.patch
   2009/devel/system/base/openssl/files/openssl-0.9.8n-cve-2010-0742.patch
Modified:
   2009/devel/system/base/openssl/   (props changed)
   2009/devel/system/base/openssl/pspec.xml
Log:
Update to 0.9.8o, merge from corporate.

BUG:COMMENT:14909



---
 files/CVE-2009-1387.diff                   |   52 ----
 files/CVE-2009-2409.patch                  |   33 --
 files/CVE-2009-3555-no-renegotiation.patch |   42 ---
 files/CVE-2009-4355.patch                  |   49 ----
 files/CVE-2010-0740-record-of-death.patch  |   17 -
 files/cvs17196.patch                       |   11 
 files/openssl-0.9.8-CVE-2009-1377.patch    |   53 ----
 files/openssl-0.9.8-CVE-2009-1378.patch    |   24 --
 files/openssl-0.9.8h-tls-extensions.patch  |  344 -----------------------------
 files/openssl-0.9.8k-toolchain.patch       |   20 -
 files/openssl-0.9.8n-cve-2010-0742.patch   |   14 -
 pspec.xml                                  |   32 +-
 12 files changed, 18 insertions(+), 673 deletions(-)

Modified: 2009/devel/system/base/openssl/pspec.xml
=================================================================
--- 2009/devel/system/base/openssl/pspec.xml	(original)
+++ 2009/devel/system/base/openssl/pspec.xml	Tue Oct 26 22:59:26 2010
@@ -13,7 +13,7 @@
         <IsA>library</IsA>
         <Summary>Toolkit for SSL v2/v3 and TLS v1</Summary>
         <Description>OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.</Description>
-        <Archive sha1sum="3ba079f91d3c1ec90a36dcd1d43857165035703f" type="targz">http://www.openssl.org/source/openssl-0.9.8k.tar.gz</Archive>
+        <Archive sha1sum="80c73afc7dca790cd26936cb392a4dfd14d4e4d7" type="targz">http://www.openssl.org/source/openssl-0.9.8o.tar.gz</Archive>
         <BuildDependencies>
             <Dependency>perl</Dependency>
             <Dependency>sed</Dependency>
@@ -21,19 +21,6 @@
         <Patches>
             <Patch level="1">openssl-0.9.8i-tls-extensions.patch</Patch>
             <Patch level="1">openssl-0.9.8h-ldflags.patch</Patch>
-            <Patch>openssl-0.9.8k-toolchain.patch</Patch>
-            <Patch level="1">openssl-0.9.8-CVE-2009-1377.patch</Patch>
-            <Patch>openssl-0.9.8-CVE-2009-1378.patch</Patch>
-            <Patch level="1">CVE-2009-1387.diff</Patch>
-            <Patch level="1">CVE-2009-2409.patch</Patch>
-            <!-- http://extendedsubset.com/?p=8 , #11515 -->
-            <Patch level="1">CVE-2009-3555-no-renegotiation.patch</Patch>
-            <!-- significant pre-connect memory leak -->
-            <Patch level="1">CVE-2009-4355.patch</Patch>
-            <!-- bug #12513 -->
-            <Patch level="1">CVE-2010-0740-record-of-death.patch</Patch>
-            <!-- Invalid ASN1 Module Definition for CMS (CVE-2010-0742), #13321 -->
-            <Patch level="1">openssl-0.9.8n-cve-2010-0742.patch</Patch>
             <!-- Double-free corruption. http://www.mail-archive.com/openssl-dev@openssl.org/msg28043.html -->
             <Patch level="4">CVE-2010-2939-double-free.patch</Patch>
         </Patches>
@@ -60,6 +47,23 @@
     </Package>
 
     <History>
+        <Update release="30">
+            <Date>2010-10-26</Date>
+            <Version>0.9.8o</Version>
+            <Comment>
+                  * Correct a typo in the CMS ASN1 module which can result in invalid memory
+                     access or freeing data twice (CVE-2010-0742)
+                  * Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
+                     common in certificates and some applications which only call
+                     SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
+                  * VMS fixes:
+                     Reduce copying into .apps and .test in makevms.com
+                     Don't try to use blank CA certificate in CA.com
+                     Allow use of C files from original directories in maketests.com
+            </Comment>
+            <Name>Gökçen Eraslan</Name>
+            <Email>gokcen at pardus.org.tr</Email>
+        </Update>
         <Update release="29" type="security">
             <Date>2010-08-12</Date>
             <Version>0.9.8k</Version>

More information about the paketler-commits mailing list