Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) by www.NetBSD.org (Postfix) with ESMTP id 8E6E163C4B1 for ; Tue, 24 Apr 2012 07:46:16 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id F2ACF14A15B; Tue, 24 Apr 2012 07:46:32 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 18F5414A14B for ; Tue, 24 Apr 2012 07:46:28 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 65Qp831KCkkl for ; Tue, 24 Apr 2012 07:46:27 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 2A3DA14A140 for ; Tue, 24 Apr 2012 07:46:27 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id B50AF175DD; Tue, 24 Apr 2012 07:47:28 +0000 (UTC) MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Date: Tue, 24 Apr 2012 07:47:28 +0000 From: "Steven Drake" Subject: CVS commit: [pkgsrc-2012Q1] pkgsrc/security/openssl To: pkgsrc-changes@NetBSD.org Reply-To: sbd@netbsd.org X-Mailer: log_accum Message-Id: <20120424074728.B50AF175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: sbd Date: Tue Apr 24 07:47:28 UTC 2012 Modified Files: pkgsrc/security/openssl [pkgsrc-2012Q1]: Makefile distinfo Log Message: Pullup ticket #3755 - requested by taca security/openssl security update. Revisions pulled up: - security/openssl/Makefile 1.166 - security/openssl/distinfo 1.88 --- Module Name: pkgsrc Committed By: taca Date: Tue Apr 24 05:03:49 UTC 2012 Modified Files: pkgsrc/security/openssl: Makefile distinfo Log Message: Update openssl package to 0.9.8w. Security fix for CVS-2012-2131. Changes between 0.9.8v and 0.9.8w [23 Apr 2012] *) The fix for CVE-2012-2110 did not take into account that the 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an int in OpenSSL 0.9.8, making it still vulnerable. Fix by rejecting negative len parameter. (CVE-2012-2131) [Tomas Hoger ] To generate a diff of this commit: cvs rdiff -u -r1.164.2.1 -r1.164.2.2 pkgsrc/security/openssl/Makefile cvs rdiff -u -r1.86.2.1 -r1.86.2.2 pkgsrc/security/openssl/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.