Mon Jul 14 03:52:54 2008 UTC ()

Update to openssl-0.9.8h. Changes from 0.9.8g:

Two crashes discovered using the Codenomicon TLS test suite, as reported
in CVE-2008-0891 and CVE-2008-1672, were fixed. The root CA certificates
of commercial CAs were removed from the distribution. Functions were added
to implement RFC3394 compatible AES key wrapping. Utility functions to
handle ASN1 structures were added. The certificate status request TLS
extension, as defined in RFC3546, was implemented. Several other bugfixes
and enhancements were made.


(tnn)

diff -r1.133 -r1.134 pkgsrc/security/openssl/Makefile
diff -r1.61 -r1.62 pkgsrc/security/openssl/distinfo
diff -r1.12 -r0 pkgsrc/security/openssl/patches/patch-ab
diff -r1.8 -r0 pkgsrc/security/openssl/patches/patch-ah

--- pkgsrc/security/openssl/Makefile 2008/06/16 20:18:20 1.133
+++ pkgsrc/security/openssl/Makefile 2008/07/14 03:52:54 1.134

 @@ -1,19 +1,18 @@
-# $NetBSD: Makefile,v 1.133 2008/06/16 20:18:20 tonnerre Exp $
+# $NetBSD: Makefile,v 1.134 2008/07/14 03:52:54 tnn Exp $
 OPENSSL_SNAPSHOT?=	# empty
 OPENSSL_STABLE?=	# empty
-OPENSSL_VERS?=		0.9.8g
+OPENSSL_VERS?=		0.9.8h
 PKGREVISION=		2
 .if empty(OPENSSL_SNAPSHOT)
 DISTNAME=	openssl-${OPENSSL_VERS}
 MASTER_SITES=	http://mirrors.isc.org/pub/openssl/source/ \
 		http://www.mirrors.wiretapped.net/security/cryptography/libraries/tls/openssl/ \
 		http://sunsite.rediris.es/pub/mirror/OpenSSL/ \
 		http://ftp.wayne.edu/pub/openssl/source/ \
 		http://www.binarycode.org/openssl/source/ \
 		ftp://ftp.openssl.org/source/
 .else
 .  if !empty(OPENSSL_STABLE:M[yY][eE][sS])
 DISTNAME=	openssl-${OPENSSL_VERS:C/[a-z]$//}-stable-SNAP-${OPENSSL_SNAPSHOT}
 PKGNAME=	openssl-${OPENSSL_VERS}beta${OPENSSL_SNAPSHOT}

--- pkgsrc/security/openssl/distinfo 2008/06/16 20:18:20 1.61
+++ pkgsrc/security/openssl/distinfo 2008/07/14 03:52:54 1.62

 @@ -1,15 +1,15 @@
-$NetBSD: distinfo,v 1.61 2008/06/16 20:18:20 tonnerre Exp $
+$NetBSD: distinfo,v 1.62 2008/07/14 03:52:54 tnn Exp $
-SHA1 (openssl-0.9.8g.tar.gz) = 4e9c5ced466715d18fd924de79bde5c15da80fa1
+SHA1 (openssl-0.9.8h.tar.gz) = ced4f2da24a202e01ea22bef30ebc8aee274de86
-RMD160 (openssl-0.9.8g.tar.gz) = f080a32da9becdc8b98c38744d62c6fd8664f603
+RMD160 (openssl-0.9.8h.tar.gz) = 676337da20c3fc3fc4001a79c6d28589cba719cd
-Size (openssl-0.9.8g.tar.gz) = 3354792 bytes
+Size (openssl-0.9.8h.tar.gz) = 3439981 bytes
 SHA1 (patch-aa) = b28ec662bf0586e31d59cab45e3a28b91b10dac1
 SHA1 (patch-ab) = b09beb8db8046293cd63d3f37e0c1ae5001eb5a1
 SHA1 (patch-ac) = a766699f2d007b70689bbad538ede07ded7b34ff
 SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3
 SHA1 (patch-ae) = 7a58f1765a3761321dcc8dafc5fe2e33207be480
 SHA1 (patch-af) = 3c1a88329b1a1c54bdd4624ceaf723af3749ec32
 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8
 SHA1 (patch-ah) = c961d75984a7a94c0584df8e8aa24e1f61158787
 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0
 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302