Commit a36c8fc7 authored by Natanael Copa's avatar Natanael Copa
Browse files

main/openssl: security upgrade to 1.0.1f (CVE-2013-4353,CVE-2013-6449,CVE-2013-6450)

fixes #2584
parent 52b058a2
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
pkgver=1.0.1e
pkgrel=4
pkgver=1.0.1f
pkgrel=0
pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url="http://openssl.org"
depends=
......@@ -21,7 +21,6 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
0004-crypto-engine-autoload-padlock-dynamic-engine.patch
0005-s_client-ircv3-starttls.patch
openssl-1.0.1-version-eglibc.patch
openssl-disable-rdrand-default.patch
fix-default-apps-capath.patch
c_rehash.sh
"
......@@ -96,7 +95,7 @@ libssl() {
done
}
md5sums="66bf6f10f060d561929de96f9dfe5b8c openssl-1.0.1e.tar.gz
md5sums="f26b09c028a0541cab33da697d522b25 openssl-1.0.1f.tar.gz
115c481cd59b3dba631364e8fb1778f5 fix-manpages.patch
c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch
ddb5fc155145d5b852425adaec32234d 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
......@@ -105,10 +104,9 @@ cef4633142031b59960200e87ce3bb18 0003-engines-e_padlock-implement-sha1-sha224-s
c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch
c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch
d1f3aaad7c36590f21355682983cd14e openssl-1.0.1-version-eglibc.patch
8a251d30c977ffe8bfbf9d9b7eae1a8e openssl-disable-rdrand-default.patch
efec1bce615256961b1756e575ee1d0a fix-default-apps-capath.patch
b1068a6dd30ec8adf63b4fd0057491a0 c_rehash.sh"
sha256sums="f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz
sha256sums="6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a openssl-1.0.1f.tar.gz
fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.patch
82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch
18dd81fefb39b3328a444774ed10871ed50348ca171d2da9f826f916127b2dae 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
......@@ -117,10 +115,9 @@ cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b 0003-engines-e
157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f 0004-crypto-engine-autoload-padlock-dynamic-engine.patch
44b553d92e33c48f854a8e15b23830375bc400e987505c74956ac196266f0d46 0005-s_client-ircv3-starttls.patch
51146851d8454dcb73138f794ced8bd629658b4a0524c466f61b653fff536c93 openssl-1.0.1-version-eglibc.patch
c215b03f9328b8dfb81e3fa90bdf0332d6b649688944ff79fe60be62131ccb60 openssl-disable-rdrand-default.patch
1e11d6b8cdcdd6957c69d33ab670c5918fc96c12fdb9b76b4287cb8f69c3545d fix-default-apps-capath.patch
4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0 c_rehash.sh"
sha512sums="c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e openssl-1.0.1e.tar.gz
sha512sums="8a50892ce0c32707486e248b273631c38e9743371f28f96b635a9e61dac31919e5cf00690d0926c1f425c718cb56c4fe18a87c6e679e0543ad453e42f7a811ef openssl-1.0.1f.tar.gz
880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407 fix-manpages.patch
6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch
ea282b09d4692a29e5a554e19b0798fa921717d4892decc68cba92cad11e85e4064d8ac78d98f6fa8bb45c65fdd1a5d1a6f6755e53102d520e9d8b807c3a7822 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
......@@ -129,6 +126,5 @@ b019320869d215014ad46e0b29aa239e31243571c4d45256b3ce6449a67fdc106a381c1cf3abd55d
3bedc326ca3e5945bc4ec4dccfe596042ee87aaeaf90b5063110a99cc8e38584838d68289907e4a3fcdb8e04635052ad0759c94e1d7070bb317c2066e2506bbe 0004-crypto-engine-autoload-padlock-dynamic-engine.patch
70cd257bbd5a86685dc2508399e67746b60ed5d581eb84fe4d4fc6af214f31b71e2a58ad758d572976a61f67bf64c37a935a9788db160f75bced75397b9bcce3 0005-s_client-ircv3-starttls.patch
6db9d9ee62048d27f80e392eda99a46712ee85f1c8fd49f4931be73c880da8b84844a72657f7bceddb7db0026daddd31870d9c5065494f8d359ee8560284fd4a openssl-1.0.1-version-eglibc.patch
2af7a40d023e4a09c14712661056a45c572416d5bbee8d90caf5d9d44854ffa86b1d3a0bebf78156ec5da2e71ae91724c007c3d0a8de5f025b3947fd0add287d openssl-disable-rdrand-default.patch
f2e737146a473d55b99f27457718ca299a02a0c74009026a30c3d1347c575bc264962b5708995e02ef7d68521b8366ccea7320523efb87b1ab2632d73fec5658 fix-default-apps-capath.patch
55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da c_rehash.sh"
http://seclists.org/fulldisclosure/2013/Dec/99
From: Dr. Stephen Henson <steve@openssl.org>
Date: Wed, 11 Dec 2013 14:45:12 +0000 (+0000)
Subject: Don't use rdrand engine as default unless explicitly requested.
X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=8a1956f3eac8b164f8c741ff1a259008bab3bac1
Don't use rdrand engine as default unless explicitly requested.
(cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)
---
diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c
index a9ba5ae..4e9e91d 100644
--- a/crypto/engine/eng_rdrand.c
+++ b/crypto/engine/eng_rdrand.c
@@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e)
{
if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
!ENGINE_set_name(e, engine_e_rdrand_name) ||
+ !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
!ENGINE_set_init_function(e, rdrand_init) ||
!ENGINE_set_RAND(e, &rdrand_meth) )
return 0;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment