[arch-commits] Commit in openssl/trunk (PKGBUILD)

Pierre Schmitz pierre at archlinux.org
Fri Nov 6 00:54:32 UTC 2009


    Date: Thursday, November 5, 2009 @ 19:54:31
  Author: pierre
Revision: 58215

"fix" CVE-2009-3555

from the changelog:

 Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]

  *) Disable renegotiation completely - this fixes a severe security
     problem (CVE-2009-3555) at the cost of breaking all
     renegotiation. Renegotiation can be re-enabled by setting
     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
     run-time. This is really not recommended unless you know what
     you're doing.
     [Ben Laurie]

Modified:
  openssl/trunk/PKGBUILD

----------+
 PKGBUILD |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2009-11-05 23:58:07 UTC (rev 58214)
+++ PKGBUILD	2009-11-06 00:54:31 UTC (rev 58215)
@@ -2,8 +2,8 @@
 # Maintainer: Pierre Schmitz <pierre at archlinux.de>
 
 pkgname=openssl
-pkgver=0.9.8k
-pkgrel=4
+pkgver=0.9.8l
+pkgrel=1
 pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security'
 arch=('i686' 'x86_64')
 url='http://www.openssl.org'
@@ -20,7 +20,7 @@
         'openssl-0.9.8b-aliasing-bug.patch'
         'openssl-0.9.8g-no-extssl.patch'
         'openssl-0.9.8j-ca-dir.patch')
-md5sums=('e555c6d58d276aec7fdc53363e338ab3'
+md5sums=('05a0ece1372392a2cf310ebb96333025'
          '04a6a88c2ee4badd4f8649792b73eaf3'
          '4738d1eaff4e9975e9a26e4f76e48318'
          'b18e77cbe01bcff8f1c66ac46d139af4'
@@ -44,13 +44,13 @@
 	# mark stack as non-executable: http://bugs.archlinux.org/task/12434
 	./config --prefix=/usr --openssldir=/etc/ssl shared zlib -Wa,--noexecstack
 
-	make
+	make || return 1
 	make INSTALL_PREFIX=$pkgdir MANDIR=/usr/share/man install
 
 	# the test fails due to missing write permissions in /etc/ssl
 	# revert this patch for make test
 	# patch -p1 -R -i $srcdir/openssl-0.9.8j-ca-dir.patch
-	# make test
+	# make test || return 1
 
 	install -D -m644 LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE
 }




More information about the arch-commits mailing list