Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) by www.NetBSD.org (Postfix) with ESMTP id B917F63E0EE for ; Tue, 13 Mar 2012 03:11:27 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id EB45C14A2BC; Tue, 13 Mar 2012 03:11:34 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id CA87614A2B9 for ; Tue, 13 Mar 2012 03:11:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id R-lRI2Sdkef6 for ; Tue, 13 Mar 2012 03:11:32 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 417BC14A2B6 for ; Tue, 13 Mar 2012 03:11:32 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 623C0175DD; Tue, 13 Mar 2012 03:11:32 +0000 (UTC) MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Date: Tue, 13 Mar 2012 03:11:32 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/security/openssl To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20120313031132.623C0175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: taca Date: Tue Mar 13 03:11:32 UTC 2012 Modified Files: pkgsrc/security/openssl: Makefile distinfo Removed Files: pkgsrc/security/openssl/patches: patch-asn_mime.c Log Message: Update openssl pacakge to 0.9.8u. Changes between 0.9.8t and 0.9.8u [12 Mar 2012] *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness in CMS and PKCS7 code. When RSA decryption fails use a random key for content decryption and always return the same error. Note: this attack needs on average 2^20 messages so it only affects automated senders. The old behaviour can be reenabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where an MMA defence is not necessary. Thanks to Ivan Nestlerode for discovering this issue. (CVE-2012-0884) [Steve Henson] *) Fix CVE-2011-4619: make sure we really are receiving a client hello before rejecting multiple SGC restarts. Thanks to Ivan Nestlerode for discovering this bug. [Steve Henson] To generate a diff of this commit: cvs rdiff -u -r1.162 -r1.163 pkgsrc/security/openssl/Makefile cvs rdiff -u -r1.85 -r1.86 pkgsrc/security/openssl/distinfo cvs rdiff -u -r1.1 -r0 pkgsrc/security/openssl/patches/patch-asn_mime.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.