Tue Mar 6 10:29:30 2012 UTC ()
Pullup ticket #3698 - requested by pettai
security/openssl: security patch

Revisions pulled up:
- security/openssl/Makefile                                     1.162
- security/openssl/distinfo                                     1.85
- security/openssl/patches/patch-asn_mime.c                     1.1

---
   Module Name:	pkgsrc
   Committed By:	pettai
   Date:		Mon Mar  5 00:26:55 UTC 2012

   Modified Files:
   	pkgsrc/security/openssl: Makefile distinfo
   Added Files:
   	pkgsrc/security/openssl/patches: patch-asn_mime.c

   Log Message:
   Add fix for CVE-2006-7250


(tron)
diff -r1.159.2.1 -r1.159.2.2 pkgsrc/security/openssl/Makefile
diff -r1.83.2.1 -r1.83.2.2 pkgsrc/security/openssl/distinfo
diff -r0 -r1.1.2.2 pkgsrc/security/openssl/patches/patch-asn_mime.c
cvs diff -r1.159.2.1 -r1.159.2.2 pkgsrc/security/openssl/Makefile (expand / switch to unified diff)

--- pkgsrc/security/openssl/Makefile 2012/01/19 06:11:48 1.159.2.1
+++ pkgsrc/security/openssl/Makefile 2012/03/06 10:29:29 1.159.2.2
@@ -1,37 +1,38 @@ @@ -1,37 +1,38 @@
1# $NetBSD: Makefile,v 1.159.2.1 2012/01/19 06:11:48 sbd Exp $ 1# $NetBSD: Makefile,v 1.159.2.2 2012/03/06 10:29:29 tron Exp $
2 2
3OPENSSL_SNAPSHOT?= # empty 3OPENSSL_SNAPSHOT?= # empty
4OPENSSL_STABLE?= # empty 4OPENSSL_STABLE?= # empty
5OPENSSL_VERS?= 0.9.8t 5OPENSSL_VERS?= 0.9.8t
6 6
7.if empty(OPENSSL_SNAPSHOT) 7.if empty(OPENSSL_SNAPSHOT)
8DISTNAME= openssl-${OPENSSL_VERS} 8DISTNAME= openssl-${OPENSSL_VERS}
9MASTER_SITES= ftp://ftp.openssl.org/source/ \ 9MASTER_SITES= ftp://ftp.openssl.org/source/ \
10 ftp://sunsite.cnlab-switch.ch/mirror/openssl/source/ \ 10 ftp://sunsite.cnlab-switch.ch/mirror/openssl/source/ \
11 ftp://sunsite.uio.no/pub/security/openssl/source/ 11 ftp://sunsite.uio.no/pub/security/openssl/source/
12.else 12.else
13. if !empty(OPENSSL_STABLE:M[yY][eE][sS]) 13. if !empty(OPENSSL_STABLE:M[yY][eE][sS])
14DISTNAME= openssl-${OPENSSL_VERS:C/[a-z]$//}-stable-SNAP-${OPENSSL_SNAPSHOT} 14DISTNAME= openssl-${OPENSSL_VERS:C/[a-z]$//}-stable-SNAP-${OPENSSL_SNAPSHOT}
15PKGNAME= openssl-${OPENSSL_VERS}beta${OPENSSL_SNAPSHOT} 15PKGNAME= openssl-${OPENSSL_VERS}beta${OPENSSL_SNAPSHOT}
16MASTER_SITES= ftp://ftp.openssl.org/snapshot/ 16MASTER_SITES= ftp://ftp.openssl.org/snapshot/
17. else 17. else
18DISTNAME= openssl-SNAP-${OPENSSL_SNAPSHOT} 18DISTNAME= openssl-SNAP-${OPENSSL_SNAPSHOT}
19PKGNAME= openssl-${OPENSSL_VERS}alpha${OPENSSL_SNAPSHOT} 19PKGNAME= openssl-${OPENSSL_VERS}alpha${OPENSSL_SNAPSHOT}
20MASTER_SITES= ftp://ftp.openssl.org/snapshot/ 20MASTER_SITES= ftp://ftp.openssl.org/snapshot/
21. endif 21. endif
22.endif 22.endif
23 23
24SVR4_PKGNAME= ossl 24SVR4_PKGNAME= ossl
 25PKGREVISION= 1
25CATEGORIES= security 26CATEGORIES= security
26MAINTAINER= pkgsrc-users@NetBSD.org 27MAINTAINER= pkgsrc-users@NetBSD.org
27HOMEPAGE= http://www.openssl.org/ 28HOMEPAGE= http://www.openssl.org/
28COMMENT= Secure Socket Layer and cryptographic library 29COMMENT= Secure Socket Layer and cryptographic library
29 30
30CONFLICTS= SSLeay-[0-9]* ssleay-[0-9]* 31CONFLICTS= SSLeay-[0-9]* ssleay-[0-9]*
31 32
32CRYPTO= yes 33CRYPTO= yes
33 34
34PKG_INSTALLATION_TYPES= overwrite pkgviews 35PKG_INSTALLATION_TYPES= overwrite pkgviews
35PKG_DESTDIR_SUPPORT= user-destdir 36PKG_DESTDIR_SUPPORT= user-destdir
36 37
37.include "../../mk/bsd.prefs.mk" 38.include "../../mk/bsd.prefs.mk"
cvs diff -r1.83.2.1 -r1.83.2.2 pkgsrc/security/openssl/distinfo (expand / switch to unified diff)

--- pkgsrc/security/openssl/distinfo 2012/01/19 06:11:48 1.83.2.1
+++ pkgsrc/security/openssl/distinfo 2012/03/06 10:29:29 1.83.2.2
@@ -1,13 +1,14 @@ @@ -1,13 +1,14 @@
1$NetBSD: distinfo,v 1.83.2.1 2012/01/19 06:11:48 sbd Exp $ 1$NetBSD: distinfo,v 1.83.2.2 2012/03/06 10:29:29 tron Exp $
2 2
3SHA1 (openssl-0.9.8t.tar.gz) = 42e2ba06cc859d61f645915c9a30326eda371a5e 3SHA1 (openssl-0.9.8t.tar.gz) = 42e2ba06cc859d61f645915c9a30326eda371a5e
4RMD160 (openssl-0.9.8t.tar.gz) = 8d5a32ebc94c578021bce519f92b5d31743d3e47 4RMD160 (openssl-0.9.8t.tar.gz) = 8d5a32ebc94c578021bce519f92b5d31743d3e47
5Size (openssl-0.9.8t.tar.gz) = 3778943 bytes 5Size (openssl-0.9.8t.tar.gz) = 3778943 bytes
6SHA1 (patch-aa) = eb25505e8a745eb5ba85f857b0f9302fd5e9bda1 6SHA1 (patch-aa) = eb25505e8a745eb5ba85f857b0f9302fd5e9bda1
7SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208 7SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208
8SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3 8SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3
9SHA1 (patch-ae) = 7a58f1765a3761321dcc8dafc5fe2e33207be480 9SHA1 (patch-ae) = 7a58f1765a3761321dcc8dafc5fe2e33207be480
10SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6 10SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6
11SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8 11SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8
12SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0 12SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0
13SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302 13SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302
 14SHA1 (patch-asn_mime.c) = 45c25660b03687a014e54a24343f775e0e6b9b71
File Added: pkgsrc/security/openssl/patches/Attic/patch-asn_mime.c
$NetBSD: patch-asn_mime.c,v 1.1.2.2 2012/03/06 10:29:30 tron Exp $

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7250

--- crypto/asn1/asn_mime.c.orig	2012-03-05 00:08:44.000000000 +0000
+++ crypto/asn1/asn_mime.c
@@ -790,6 +790,10 @@ static int mime_hdr_addparam(MIME_HEADER
 static int mime_hdr_cmp(const MIME_HEADER * const *a,
 			const MIME_HEADER * const *b)
 {
+	if ((*a)->name == NULL || (*b)->name == NULL)
+		return (*a)->name - (*b)->name < 0 ? -1 :
+			(*a)->name - (*b)->name > 0 ? 1 : 0;
+
 	return(strcmp((*a)->name, (*b)->name));
 }