Bug 152312 - [PATCH] update security/openssl to 1.0.0b, SCTP patchset 20, and clean up DTSL patches
Summary: [PATCH] update security/openssl to 1.0.0b, SCTP patchset 20, and clean up DTS...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Dirk Meyer
Depends on:
Reported: 2010-11-17 05:00 UTC by alexander
Modified: 2010-11-17 15:18 UTC (History)
0 users

See Also:

patch.diff (4.17 KB, patch)
2010-11-17 05:00 UTC, alexander
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description alexander 2010-11-17 05:00:18 UTC
	OpenSSL has released a new version 1.0.0b fixing a possible buffer overflow in version 1.0.0a: http://www.openssl.org/
	Also the SCTP patches from http://sctp.fh-muenster.de/dtls-patches.html are outdated

Fix: Attached patch will:
	* Update OpenSSL to 1.0.0b
	* Change the default options to include two patches from http://sctp.fh-muenster.de/dtls-patches.html (TLS key extractor and abbr. negotiations) as those two patches have been integrated into the upcoming version 1.0.1 upstream (if this is undesired feel free to revert it).
	* Remove the DTSL_BUGS option as it is a noop since all patches in that set have been integrated into 1.0.0a upstream

	It does not, however, fix the indentation of the options (I'm not sure if there was a purpose for it to be different for DTLS options)
How-To-Repeat: 	N/A
Comment 1 Edwin Groothuis freebsd_committer 2010-11-17 05:00:30 UTC
Responsible Changed
From-To: freebsd-ports-bugs->dinoex

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Dirk Meyer freebsd_committer 2010-11-17 09:17:54 UTC
State Changed
From-To: open->analyzed

- DTLS_BUGS is now obsolte, no new patches have been come out. 

- Changeing the default does not work, 
The check in the makefile must be converted from WITH_* to WITHOUT_*. 
I will keep the old defaults. 

- There is a regression with the new version. 
I am testing some patches. 
Comment 3 dfilter service freebsd_committer 2010-11-17 10:35:16 UTC
dinoex      2010-11-17 10:35:00 UTC

  FreeBSD ports repository

  Modified files:
    security/openssl     Makefile distinfo 
  Added files:
    security/openssl/files patch-t1_lib.c 
  - Security update to 1.0.0b
  Security: http://openssl.org/news/secadv_20101116.txt
  Security: CVE-2010-3864
  PR:             152312
  Submitted by:   Alexander Wittig
  - Fix regression in TLS handling
  Obtained from:  http://cvs.openssl.org/chngview?cn=19998
  Revision  Changes    Path
  1.176     +3 -7      ports/security/openssl/Makefile
  1.63      +10 -15    ports/security/openssl/distinfo
  1.1       +16 -0     ports/security/openssl/files/patch-t1_lib.c (new)
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Dirk Meyer freebsd_committer 2010-11-17 15:18:27 UTC
State Changed
From-To: analyzed->closed

committed with changes, thanks.