Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) by www.NetBSD.org (Postfix) with ESMTP id DAF6A63BF06 for ; Wed, 14 Mar 2012 14:48:30 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 83C7214A295; Wed, 14 Mar 2012 14:48:38 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 0CD3514A27A for ; Wed, 14 Mar 2012 14:48:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 23W-zbymhSpe for ; Wed, 14 Mar 2012 14:48:33 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 4194914A28E for ; Wed, 14 Mar 2012 14:48:33 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id A9565175DD; Wed, 14 Mar 2012 14:48:33 +0000 (UTC) MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Date: Wed, 14 Mar 2012 14:48:33 +0000 From: "Matthias Scheler" Subject: CVS commit: [pkgsrc-2011Q4] pkgsrc/security/openssl To: pkgsrc-changes@NetBSD.org Reply-To: tron@netbsd.org X-Mailer: log_accum Message-Id: <20120314144833.A9565175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: tron Date: Wed Mar 14 14:48:33 UTC 2012 Modified Files: pkgsrc/security/openssl [pkgsrc-2011Q4]: Makefile distinfo Removed Files: pkgsrc/security/openssl/patches [pkgsrc-2011Q4]: patch-asn_mime.c Log Message: Pullup ticket #3702 - requested by taca security/openssl: security update Revisions pulled up: - security/openssl/Makefile 1.163 - security/openssl/distinfo 1.86 - security/openssl/patches/patch-asn_mime.c deleted --- Module Name: pkgsrc Committed By: taca Date: Tue Mar 13 03:11:32 UTC 2012 Modified Files: pkgsrc/security/openssl: Makefile distinfo Removed Files: pkgsrc/security/openssl/patches: patch-asn_mime.c Log Message: Update openssl pacakge to 0.9.8u. Changes between 0.9.8t and 0.9.8u [12 Mar 2012] *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness in CMS and PKCS7 code. When RSA decryption fails use a random key for content decryption and always return the same error. Note: this attack needs on average 2^20 messages so it only affects automated senders. The old behaviour can be reenabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where an MMA defence is not necessary. Thanks to Ivan Nestlerode for discovering this issue. (CVE-2012-0884) [Steve Henson] *) Fix CVE-2011-4619: make sure we really are receiving a client hello before rejecting multiple SGC restarts. Thanks to Ivan Nestlerode for discovering this bug. [Steve Henson] To generate a diff of this commit: cvs rdiff -u -r1.159.2.2 -r1.159.2.3 pkgsrc/security/openssl/Makefile cvs rdiff -u -r1.83.2.2 -r1.83.2.3 pkgsrc/security/openssl/distinfo cvs rdiff -u -r1.1.2.2 -r0 pkgsrc/security/openssl/patches/patch-asn_mime.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.