Now
pkgsrc-2013Q4 commitmail json YAML
pkgsrc/security/openssl/Makefile@1.182.2.1
/
diff
pkgsrc/security/openssl/distinfo@1.100.2.1 / diff
pkgsrc/security/openssl/patches/patch-doc_crypto_X509__STORE__CTX__get__error.pod deleted
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod@1.1.6.1 / diff
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod@1.1.6.1 / diff
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__accept.pod@1.1.6.1 / diff
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__connect.pod@1.1.6.1 / diff
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod@1.1.6.1 / diff
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod@1.1.6.1 / diff
pkgsrc/security/openssl/distinfo@1.100.2.1 / diff
pkgsrc/security/openssl/patches/patch-doc_crypto_X509__STORE__CTX__get__error.pod deleted
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod@1.1.6.1 / diff
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod@1.1.6.1 / diff
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__accept.pod@1.1.6.1 / diff
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__connect.pod@1.1.6.1 / diff
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod@1.1.6.1 / diff
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod@1.1.6.1 / diff
Pullup ticket #4293 - requested by tron
security/openssl: security update
Revisions pulled up:
- security/openssl/Makefile 1.183
- security/openssl/distinfo 1.101
- security/openssl/patches/patch-doc_crypto_X509__STORE__CTX__get__error.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod 1.2
- security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod 1.2
- security/openssl/patches/patch-doc_ssl_SSL__accept.pod 1.2
- security/openssl/patches/patch-doc_ssl_SSL__connect.pod 1.2
- security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod 1.2
- security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Fri Jan 10 14:32:42 UTC 2014
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
pkgsrc/security/openssl/patches:
patch-doc_ssl_SSL__CTX__set__client__CA__list.pod
patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod
patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__connect.pod
patch-doc_ssl_SSL__do__handshake.pod
patch-doc_ssl_SSL__shutdown.pod
Removed Files:
pkgsrc/security/openssl/patches:
patch-doc_crypto_X509__STORE__CTX__get__error.pod
Log Message:
Update "openssl" package to version 1.0.1f. Changes since 1.0.1e:
- Fix for TLS record tampering bug. A carefully crafted invalid
handshake could crash OpenSSL with a NULL pointer exception.
Thanks to Anton Johansson for reporting this issues.
(CVE-2013-4353)
- Keep original DTLS digest and encryption contexts in retransmission
structures so we can use the previous session parameters if they need
to be resent. (CVE-2013-6450)
[Steve Henson]
- Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
avoids preferring ECDHE-ECDSA ciphers when the client appears to be
Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug
is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
[Rob Stradling, Adam Langley]
To generate a diff of this commit:
cvs rdiff -u -r1.182 -r1.183 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.100 -r1.101 pkgsrc/security/openssl/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/security/openssl/patches/patch-doc_crypto_X509__STORE__CTX__get__error.pod
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod \
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod \
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__accept.pod \
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__connect.pod \
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod \
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod
security/openssl: security update
Revisions pulled up:
- security/openssl/Makefile 1.183
- security/openssl/distinfo 1.101
- security/openssl/patches/patch-doc_crypto_X509__STORE__CTX__get__error.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod 1.2
- security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod 1.2
- security/openssl/patches/patch-doc_ssl_SSL__accept.pod 1.2
- security/openssl/patches/patch-doc_ssl_SSL__connect.pod 1.2
- security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod 1.2
- security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Fri Jan 10 14:32:42 UTC 2014
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
pkgsrc/security/openssl/patches:
patch-doc_ssl_SSL__CTX__set__client__CA__list.pod
patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod
patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__connect.pod
patch-doc_ssl_SSL__do__handshake.pod
patch-doc_ssl_SSL__shutdown.pod
Removed Files:
pkgsrc/security/openssl/patches:
patch-doc_crypto_X509__STORE__CTX__get__error.pod
Log Message:
Update "openssl" package to version 1.0.1f. Changes since 1.0.1e:
- Fix for TLS record tampering bug. A carefully crafted invalid
handshake could crash OpenSSL with a NULL pointer exception.
Thanks to Anton Johansson for reporting this issues.
(CVE-2013-4353)
- Keep original DTLS digest and encryption contexts in retransmission
structures so we can use the previous session parameters if they need
to be resent. (CVE-2013-6450)
[Steve Henson]
- Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
avoids preferring ECDHE-ECDSA ciphers when the client appears to be
Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug
is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
[Rob Stradling, Adam Langley]
To generate a diff of this commit:
cvs rdiff -u -r1.182 -r1.183 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.100 -r1.101 pkgsrc/security/openssl/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/security/openssl/patches/patch-doc_crypto_X509__STORE__CTX__get__error.pod
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod \
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod \
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__accept.pod \
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__connect.pod \
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod \
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod