Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) by www.NetBSD.org (Postfix) with ESMTP id 2831F63E568 for ; Fri, 8 Feb 2013 16:19:05 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id CCEA814A166; Fri, 8 Feb 2013 16:19:04 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 5C4A214A283 for ; Fri, 8 Feb 2013 16:19:01 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id eEe0Jc9YFtDQ for ; Fri, 8 Feb 2013 16:19:00 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 7DADE14A280 for ; Fri, 8 Feb 2013 16:19:00 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 2106E175DD; Fri, 8 Feb 2013 16:19:00 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Fri, 8 Feb 2013 16:19:00 +0000 From: "Matthias Scheler" Subject: CVS commit: [pkgsrc-2012Q4] pkgsrc/security/openssl To: pkgsrc-changes@NetBSD.org Reply-To: tron@netbsd.org X-Mailer: log_accum Message-Id: <20130208161900.2106E175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: tron Date: Fri Feb 8 16:19:00 UTC 2013 Modified Files: pkgsrc/security/openssl [pkgsrc-2012Q4]: Makefile distinfo Log Message: Pullup ticket #4055 - requested by taca security/openssl: security update Revisions pulled up: - security/openssl/Makefile 1.172 - security/openssl/distinfo 1.91 --- Module Name: pkgsrc Committed By: taca Date: Tue Feb 5 15:54:31 UTC 2013 Modified Files: pkgsrc/security/openssl: Makefile distinfo Log Message: Update openssl to 0.9.8y. Changes between 0.9.8x and 0.9.8y [5 Feb 2013] *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time= .= This addresses the flaw in CBC record processing discovered by Nadhem Alfardan and Kenny Paterson. Details of this attack can be = found at: http://www.isg.rhul.ac.uk/tls/ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information= Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley an= d Emilia K=E4sper for the initial patch. (CVE-2013-0169) [Emilia K=E4sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve H= enson] *) Return an error when checking OCSP signatures when key is NULL. This fixes a DoS attack. (CVE-2013-0166) [Steve Henson] *) Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=3D2836. (This is a backport) [Rob Stradling ] *) Fix possible deadlock when decoding public keys. [Steve Henson] To generate a diff of this commit: cvs rdiff -u -r1.170 -r1.170.2.1 pkgsrc/security/openssl/Makefile cvs rdiff -u -r1.90 -r1.90.6.1 pkgsrc/security/openssl/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.