diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2014-01-07 08:03:37 +0200 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2014-01-07 08:04:34 +0200 |
| commit | be0d0a4451a7e1bca824949ec8fd32e20a33c9f6 (patch) | |
| tree | 123c5ba35b604c66311d9bf73199280317dd4fda /main/openssl | |
| parent | b863af9870ec9b963a1d7f903ee51aae24086062 (diff) | |
| download | aports-be0d0a4451a7e1bca824949ec8fd32e20a33c9f6.tar.bz2 aports-be0d0a4451a7e1bca824949ec8fd32e20a33c9f6.tar.xz | |
main/openssl: security upgrade to 1.0.1f
* Don't include gmt_unix_time in TLS server and client random values
* Fix for TLS record tampering bug CVE-2013-4353
* Fix for TLS version checking bug CVE-2013-6449
* Fix for DTLS retransmission bug CVE-2013-6450
Diffstat (limited to 'main/openssl')
| -rw-r--r-- | main/openssl/APKBUILD | 14 | ||||
| -rw-r--r-- | main/openssl/openssl-disable-rdrand-default.patch | 23 |
2 files changed, 5 insertions, 32 deletions
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index 09bfd3a0f..6464cd72a 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Timo Teras <timo.teras@iki.fi> pkgname=openssl -pkgver=1.0.1e -pkgrel=7 +pkgver=1.0.1f +pkgrel=0 pkgdesc="Toolkit for SSL v2/v3 and TLS v1" url="http://openssl.org" depends= @@ -24,7 +24,6 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz 0005-s_client-ircv3-starttls.patch openssl-1.0.1-version-eglibc.patch openssl-use-termios.patch - openssl-disable-rdrand-default.patch fix-default-apps-capath.patch c_rehash.c " @@ -118,7 +117,7 @@ libssl() { done } -md5sums="66bf6f10f060d561929de96f9dfe5b8c openssl-1.0.1e.tar.gz +md5sums="f26b09c028a0541cab33da697d522b25 openssl-1.0.1f.tar.gz 115c481cd59b3dba631364e8fb1778f5 fix-manpages.patch c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch ddb5fc155145d5b852425adaec32234d 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch @@ -128,10 +127,9 @@ c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-en c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch d1f3aaad7c36590f21355682983cd14e openssl-1.0.1-version-eglibc.patch 2681796363085d01db8a81c249cd2d7b openssl-use-termios.patch -8a251d30c977ffe8bfbf9d9b7eae1a8e openssl-disable-rdrand-default.patch efec1bce615256961b1756e575ee1d0a fix-default-apps-capath.patch 05ad806219cef6fa5692ac727af7fab6 c_rehash.c" -sha256sums="f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz +sha256sums="6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a openssl-1.0.1f.tar.gz fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.patch 82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch 18dd81fefb39b3328a444774ed10871ed50348ca171d2da9f826f916127b2dae 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch @@ -141,10 +139,9 @@ cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b 0003-engines-e 44b553d92e33c48f854a8e15b23830375bc400e987505c74956ac196266f0d46 0005-s_client-ircv3-starttls.patch 51146851d8454dcb73138f794ced8bd629658b4a0524c466f61b653fff536c93 openssl-1.0.1-version-eglibc.patch 05266a671143cf17367dee8d409ad6d0857201392c99731d7ebb8f8cdcdc32f7 openssl-use-termios.patch -c215b03f9328b8dfb81e3fa90bdf0332d6b649688944ff79fe60be62131ccb60 openssl-disable-rdrand-default.patch 1e11d6b8cdcdd6957c69d33ab670c5918fc96c12fdb9b76b4287cb8f69c3545d fix-default-apps-capath.patch 7b0947fd09ad1e8d9cea360b883090025b40193d0fc8a631f2e3bb42db28d76b c_rehash.c" -sha512sums="c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e openssl-1.0.1e.tar.gz +sha512sums="8a50892ce0c32707486e248b273631c38e9743371f28f96b635a9e61dac31919e5cf00690d0926c1f425c718cb56c4fe18a87c6e679e0543ad453e42f7a811ef openssl-1.0.1f.tar.gz 880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407 fix-manpages.patch 6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch ea282b09d4692a29e5a554e19b0798fa921717d4892decc68cba92cad11e85e4064d8ac78d98f6fa8bb45c65fdd1a5d1a6f6755e53102d520e9d8b807c3a7822 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch @@ -154,6 +151,5 @@ b019320869d215014ad46e0b29aa239e31243571c4d45256b3ce6449a67fdc106a381c1cf3abd55d 70cd257bbd5a86685dc2508399e67746b60ed5d581eb84fe4d4fc6af214f31b71e2a58ad758d572976a61f67bf64c37a935a9788db160f75bced75397b9bcce3 0005-s_client-ircv3-starttls.patch 6db9d9ee62048d27f80e392eda99a46712ee85f1c8fd49f4931be73c880da8b84844a72657f7bceddb7db0026daddd31870d9c5065494f8d359ee8560284fd4a openssl-1.0.1-version-eglibc.patch 22261ad902ad4826db889fa0e6196b57d6cb389c1707f5827ba48a4630097e590979257f16f4a36fe611199fa33ba32d5f412c8b93beb84001865c2501b288da openssl-use-termios.patch -2af7a40d023e4a09c14712661056a45c572416d5bbee8d90caf5d9d44854ffa86b1d3a0bebf78156ec5da2e71ae91724c007c3d0a8de5f025b3947fd0add287d openssl-disable-rdrand-default.patch f2e737146a473d55b99f27457718ca299a02a0c74009026a30c3d1347c575bc264962b5708995e02ef7d68521b8366ccea7320523efb87b1ab2632d73fec5658 fix-default-apps-capath.patch 17b5ecda9c51a4a6b7a2b5fea65abc90091ae9c8d43527546148769d8fcfd87450075830b874fcff21b9ad0c31366213b4bfb8665e09cbd2559a8f3688b9aebd c_rehash.c" diff --git a/main/openssl/openssl-disable-rdrand-default.patch b/main/openssl/openssl-disable-rdrand-default.patch deleted file mode 100644 index d9a40d294..000000000 --- a/main/openssl/openssl-disable-rdrand-default.patch +++ /dev/null @@ -1,23 +0,0 @@ -http://seclists.org/fulldisclosure/2013/Dec/99 - -From: Dr. Stephen Henson <steve@openssl.org> -Date: Wed, 11 Dec 2013 14:45:12 +0000 (+0000) -Subject: Don't use rdrand engine as default unless explicitly requested. -X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=8a1956f3eac8b164f8c741ff1a259008bab3bac1 - -Don't use rdrand engine as default unless explicitly requested. -(cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f) ---- - -diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c -index a9ba5ae..4e9e91d 100644 ---- a/crypto/engine/eng_rdrand.c -+++ b/crypto/engine/eng_rdrand.c -@@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e) - { - if (!ENGINE_set_id(e, engine_e_rdrand_id) || - !ENGINE_set_name(e, engine_e_rdrand_name) || -+ !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) || - !ENGINE_set_init_function(e, rdrand_init) || - !ENGINE_set_RAND(e, &rdrand_meth) ) - return 0; |