[Midnightbsd-cvs] mports [24454] trunk/security/openssl: update openssl to 1.0.2p
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Tue Oct 9 09:38:06 EDT 2018
Revision: 24454
http://svnweb.midnightbsd.org/mports/?rev=24454
Author: laffer1
Date: 2018-10-09 09:37:48 -0400 (Tue, 09 Oct 2018)
Log Message:
-----------
update openssl to 1.0.2p
Modified Paths:
--------------
trunk/security/openssl/Makefile
trunk/security/openssl/distinfo
Removed Paths:
-------------
trunk/security/openssl/files/patch-CVE-2018-0732
trunk/security/openssl/files/patch-CVE-2018-0737
Modified: trunk/security/openssl/Makefile
===================================================================
--- trunk/security/openssl/Makefile 2018-10-09 13:34:09 UTC (rev 24453)
+++ trunk/security/openssl/Makefile 2018-10-09 13:37:48 UTC (rev 24454)
@@ -1,7 +1,7 @@
# $MidnightBSD$
PORTNAME= openssl
-PORTVERSION= 1.0.2o
+PORTVERSION= 1.0.2p
PORTEPOCH= 1
CATEGORIES= security devel
MASTER_SITES= http://www.openssl.org/source/ \
Modified: trunk/security/openssl/distinfo
===================================================================
--- trunk/security/openssl/distinfo 2018-10-09 13:34:09 UTC (rev 24453)
+++ trunk/security/openssl/distinfo 2018-10-09 13:37:48 UTC (rev 24454)
@@ -1,11 +1,3 @@
-TIMESTAMP = 1522160096
-SHA256 (openssl-1.0.2/openssl-1.0.2o.tar.gz) = ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d
-SIZE (openssl-1.0.2/openssl-1.0.2o.tar.gz) = 5329472
-SHA256 (openssl-1.0.2/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 2eddcb7ab342285cb637ce6b6be143cca835f449f35dd9bb8c7b9167ba2117a7
-SIZE (openssl-1.0.2/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 3717
-SHA256 (openssl-1.0.2/1002-backport-changes-from-upstream-padlock-module.patch) = aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260
-SIZE (openssl-1.0.2/1002-backport-changes-from-upstream-padlock-module.patch) = 5770
-SHA256 (openssl-1.0.2/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea
-SIZE (openssl-1.0.2/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = 20935
-SHA256 (openssl-1.0.2/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 97eb4411d0fc0890e94bc7c2d682f68b71135da782af769ca73914b37da2b1fd
-SIZE (openssl-1.0.2/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 832
+TIMESTAMP = 1539092116
+SHA256 (openssl-1.0.2/openssl-1.0.2p.tar.gz) = 50a98e07b1a89eb8f6a99477f262df71c6fa7bef77df4dc83025a2845c827d00
+SIZE (openssl-1.0.2/openssl-1.0.2p.tar.gz) = 5338192
Deleted: trunk/security/openssl/files/patch-CVE-2018-0732
===================================================================
--- trunk/security/openssl/files/patch-CVE-2018-0732 2018-10-09 13:34:09 UTC (rev 24453)
+++ trunk/security/openssl/files/patch-CVE-2018-0732 2018-10-09 13:37:48 UTC (rev 24454)
@@ -1,39 +0,0 @@
-From 3984ef0b72831da8b3ece4745cac4f8575b19098 Mon Sep 17 00:00:00 2001
-From: Guido Vranken <guidovranken at gmail.com>
-Date: Mon, 11 Jun 2018 19:38:54 +0200
-Subject: [PATCH] Reject excessively large primes in DH key generation.
-
-CVE-2018-0732
-
-Signed-off-by: Guido Vranken <guidovranken at gmail.com>
-
-(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
-
-Reviewed-by: Tim Hudson <tjh at openssl.org>
-Reviewed-by: Matt Caswell <matt at openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/6457)
----
- crypto/dh/dh_key.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index 387558f1467..f235e0d682b 100644
---- crypto/dh/dh_key.c.orig
-+++ crypto/dh/dh_key.c
-@@ -130,10 +130,15 @@ static int generate_key(DH *dh)
- int ok = 0;
- int generate_new_key = 0;
- unsigned l;
-- BN_CTX *ctx;
-+ BN_CTX *ctx = NULL;
- BN_MONT_CTX *mont = NULL;
- BIGNUM *pub_key = NULL, *priv_key = NULL;
-
-+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
-+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
-+ return 0;
-+ }
-+
- ctx = BN_CTX_new();
- if (ctx == NULL)
- goto err;
Deleted: trunk/security/openssl/files/patch-CVE-2018-0737
===================================================================
--- trunk/security/openssl/files/patch-CVE-2018-0737 2018-10-09 13:34:09 UTC (rev 24453)
+++ trunk/security/openssl/files/patch-CVE-2018-0737 2018-10-09 13:37:48 UTC (rev 24454)
@@ -1,28 +0,0 @@
-From 349a41da1ad88ad87825414752a8ff5fdd6a6c3f Mon Sep 17 00:00:00 2001
-From: Billy Brumley <bbrumley at gmail.com>
-Date: Wed, 11 Apr 2018 10:10:58 +0300
-Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont
- both get called with BN_FLG_CONSTTIME flag set.
-
-CVE-2018-0737
-
-Reviewed-by: Rich Salz <rsalz at openssl.org>
-Reviewed-by: Matt Caswell <matt at openssl.org>
-(cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787)
----
- crypto/rsa/rsa_gen.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
-index 9ca5dfefb70..42b89a8dfaa 100644
---- crypto/rsa/rsa_gen.c.orig
-+++ crypto/rsa/rsa_gen.c
-@@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
- if (BN_copy(rsa->e, e_value) == NULL)
- goto err;
-
-+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
-+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
- BN_set_flags(r2, BN_FLG_CONSTTIME);
- /* generate p and q */
- for (;;) {
More information about the Midnightbsd-cvs
mailing list