Update openssl package to 0.9.8w.

Security fix for CVS-2012-2131. Changes between 0.9.8v and 0.9.8w [23 Apr 2012] *) The fix for CVE-2012-2110 did not take into account that the 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an int in OpenSSL 0.9.8, making it still vulnerable. Fix by rejecting negative len parameter. (CVE-2012-2131) [Tomas Hoger <thoger@redhat.com>]
2012-04-24 05:03:48 +00:00 · 2012-04-24 05:03:48 +00:00 · b982de4e94
commit b982de4e94
parent 6caa2a9f27
2 changed files with 6 additions and 6 deletions
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.165 2012/04/21 07:38:14 taca Exp $
+# $NetBSD: Makefile,v 1.166 2012/04/24 05:03:48 taca Exp $

 OPENSSL_SNAPSHOT?=	# empty
 OPENSSL_STABLE?=	# empty
-OPENSSL_VERS?=		0.9.8v
+OPENSSL_VERS?=		0.9.8w

 .if empty(OPENSSL_SNAPSHOT)
 DISTNAME=	openssl-${OPENSSL_VERS}
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.87 2012/04/21 07:38:14 taca Exp $
+$NetBSD: distinfo,v 1.88 2012/04/24 05:03:48 taca Exp $

-SHA1 (openssl-0.9.8v.tar.gz) = ceacc6750b1e912d10ad1da964c90fcffbd6566e
-RMD160 (openssl-0.9.8v.tar.gz) = a59dd24ac07be9118a4b23b6d1874fd46d2b797a
-Size (openssl-0.9.8v.tar.gz) = 3782207 bytes
+SHA1 (openssl-0.9.8w.tar.gz) = 6dd276534f87aaca4bee679537fef3aaa6b43069
+RMD160 (openssl-0.9.8w.tar.gz) = 6904c2b85a199b8ec0262ba7d52adbbe7e8df351
+Size (openssl-0.9.8w.tar.gz) = 3782900 bytes
 SHA1 (patch-aa) = eb25505e8a745eb5ba85f857b0f9302fd5e9bda1
 SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208
 SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3