openssl: Updated (0.9.8g -> 0.9.8h) : SECURITY - MEDIUM

CVE-2008-1678 (Medium) : Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
17 years ago · 77aa0935f4
2 changed files with 10 additions and 10 deletions
--- a/security/openssl/openssl.desc
+++ b/security/openssl/openssl.desc
@ -1,4 +1,3 @@
-
 [COPY] --- SDE-COPYRIGHT-NOTE-BEGIN ---
 [COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 [COPY]
@ -36,8 +35,7 @@

 [L] OpenSource
 [S] Stable
-[V] 0.9.8g
+[V] 0.9.8h
 [P] X -?---5---9 104.600

-[D] 2772811092 openssl-0.9.8g.tar.gz ftp://ftp.openssl.org/source/
-
+[D] 3186959643 openssl-0.9.8h.tar.gz ftp://ftp.openssl.org/source/
--- a/security/openssl/sparc.patch
+++ b/security/openssl/sparc.patch
@ -2,6 +2,7 @@
 # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 #
 # Filename: package/.../openssl/sparc.patch
+# Copyright (C) 2008 The OpenSDE Project
 # Copyright (C) 2004 - 2006 The T2 SDE Project
 #
 # More information can be found in the files COPYING and README.
@ -20,14 +21,15 @@ intstructions.

  - Rene Rebe <rene@exactcode.de>

--- openssl-0.9.8a/Configure.vanilla	2005-10-19 09:30:46.230000000 +0200
-+++ openssl-0.9.8a/Configure	2005-10-19 09:31:57.520000000 +0200
-@@ -333,7 +333,7 @@
+diff -Nur openssl-0.9.8h-orig/Configure openssl-0.9.8h/Configure
+--- openssl-0.9.8h-orig/Configure	2008-07-01 08:28:55.000000000 +0000
+++ openssl-0.9.8h/Configure	2008-07-01 08:29:42.000000000 +0000
+@@ -337,7 +337,7 @@
 "linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # GCC 3.1 is a requirement
- "linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### Alpha Linux with GNU C and Compaq C setups