From a4e7653b215735f6aff3b742454cd573947c6140 Mon Sep 17 00:00:00 2001 From: Dirk Meyer Date: Sat, 21 Mar 2015 10:53:13 +0000 Subject: - Security update to 1.0.2a - termios.h now default - fix patches - fix manpage generation - option ZLIB removed from default - restore padlock support - restore RFC-5705 - restore patch history - restore build on older FreeBSD - restore soname Security: https://www.openssl.org/news/secadv_20150319.txt Security: CVE-2015-0291 Security: CVE-2015-0204 Security: CVE-2015-0290 Security: CVE-2015-0207 Security: CVE-2015-0286 Security: CVE-2015-0208 Security: CVE-2015-0287 Security: CVE-2015-0289 Security: CVE-2015-0292 Security: CVE-2015-0293 Security: CVE-2015-1787 Security: CVE-2015-0285 Security: CVE-2015-0209 Security: CVE-2015-0288 --- security/openssl/files/patch-RFC-5705 | 38 +++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 security/openssl/files/patch-RFC-5705 (limited to 'security/openssl/files/patch-RFC-5705') diff --git a/security/openssl/files/patch-RFC-5705 b/security/openssl/files/patch-RFC-5705 new file mode 100644 index 000000000000..7138cdf22b7d --- /dev/null +++ b/security/openssl/files/patch-RFC-5705 @@ -0,0 +1,38 @@ +--- ssl/ssl.h 6 Jan 2010 17:37:38 -0000 1.221.2.24 ++++ ssl/ssl.h 17 Jun 2010 12:25:35 -0000 +@@ -1806,6 +1806,10 @@ + /* Pre-shared secret session resumption functions */ + int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); + ++void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len, ++ unsigned char *context, int context_len, ++ unsigned char *out, int olen); ++ + /* BEGIN ERROR CODES */ + /* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + +--- ssl/t1_enc.c.orig 2015-01-22 15:58:32.000000000 +0100 ++++ ssl/t1_enc.c 2015-03-10 07:21:12.000000000 +0100 +@@ -1261,6 +1261,21 @@ + return (rv); + } + ++void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len, ++ unsigned char *context, int context_len, ++ unsigned char *out, int olen) ++ { ++ unsigned char tmp[olen]; ++ ++ tls1_PRF(s->s3->tmp.new_cipher->algorithm2, ++ label, label_len, ++ s->s3->client_random,SSL3_RANDOM_SIZE, ++ s->s3->server_random,SSL3_RANDOM_SIZE, ++ context, context_len, NULL, 0, ++ s->session->master_key, s->session->master_key_length, ++ out, tmp, olen); ++ } ++ + int tls1_alert_code(int code) + { + switch (code) { -- cgit v1.2.3