Bug 152312

Summary: [PATCH] update security/openssl to 1.0.0b, SCTP patchset 20, and clean up DTSL patches
Product: Ports & Packages Reporter: alexander
Component: Individual Port(s)Assignee: Dirk Meyer <dinoex>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch.diff none

Description alexander 2010-11-17 05:00:18 UTC 
	OpenSSL has released a new version 1.0.0b fixing a possible buffer overflow in version 1.0.0a: http://www.openssl.org/
	Also the SCTP patches from http://sctp.fh-muenster.de/dtls-patches.html are outdated

Fix: Attached patch will:
	* Update OpenSSL to 1.0.0b
	* Change the default options to include two patches from http://sctp.fh-muenster.de/dtls-patches.html (TLS key extractor and abbr. negotiations) as those two patches have been integrated into the upcoming version 1.0.1 upstream (if this is undesired feel free to revert it).
	* Remove the DTSL_BUGS option as it is a noop since all patches in that set have been integrated into 1.0.0a upstream

	It does not, however, fix the indentation of the options (I'm not sure if there was a purpose for it to be different for DTLS options)
How-To-Repeat: 	N/A
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2010-11-17 05:00:30 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->dinoex

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Dirk Meyer freebsd_committer freebsd_triage 2010-11-17 09:17:54 UTC 
State Changed
From-To: open->analyzed


- DTLS_BUGS is now obsolte, no new patches have been come out. 

- Changeing the default does not work, 
The check in the makefile must be converted from WITH_* to WITHOUT_*. 
I will keep the old defaults. 

- There is a regression with the new version. 
I am testing some patches. 
http://cvs.openssl.org/chngview?cn=19998
Comment 3 dfilter service freebsd_committer freebsd_triage 2010-11-17 10:35:16 UTC 
dinoex      2010-11-17 10:35:00 UTC

  FreeBSD ports repository

  Modified files:
    security/openssl     Makefile distinfo 
  Added files:
    security/openssl/files patch-t1_lib.c 
  Log:
  - Security update to 1.0.0b
  Security: http://openssl.org/news/secadv_20101116.txt
  Security: CVE-2010-3864
  
  PR:             152312
  Submitted by:   Alexander Wittig
  
  - Fix regression in TLS handling
  Obtained from:  http://cvs.openssl.org/chngview?cn=19998
  
  Revision  Changes    Path
  1.176     +3 -7      ports/security/openssl/Makefile
  1.63      +10 -15    ports/security/openssl/distinfo
  1.1       +16 -0     ports/security/openssl/files/patch-t1_lib.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Dirk Meyer freebsd_committer freebsd_triage 2010-11-17 15:18:27 UTC 
State Changed
From-To: analyzed->closed

committed with changes, thanks.