Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (not verified)) by mollari.NetBSD.org (Postfix) with ESMTPS id BB154A61B7 for ; Fri, 10 Jan 2014 18:00:47 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 32A7214A210; Fri, 10 Jan 2014 18:00:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 8F43414A20D for ; Fri, 10 Jan 2014 18:00:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id Ann0tFyLWlGh for ; Fri, 10 Jan 2014 18:00:40 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 5CADB14A1FD for ; Fri, 10 Jan 2014 18:00:40 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 1F5C596; Fri, 10 Jan 2014 18:00:40 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Fri, 10 Jan 2014 18:00:40 +0000 From: "S.P.Zeidler" Subject: CVS commit: [pkgsrc-2013Q4] pkgsrc/security/openssl To: pkgsrc-changes@NetBSD.org Reply-To: spz@netbsd.org X-Mailer: log_accum Message-Id: <20140110180040.1F5C596@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: spz Date: Fri Jan 10 18:00:40 UTC 2014 Modified Files: pkgsrc/security/openssl [pkgsrc-2013Q4]: Makefile distinfo pkgsrc/security/openssl/patches [pkgsrc-2013Q4]: patch-doc_ssl_SSL__CTX__set__client__CA__list.pod patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__connect.pod patch-doc_ssl_SSL__do__handshake.pod patch-doc_ssl_SSL__shutdown.pod Removed Files: pkgsrc/security/openssl/patches [pkgsrc-2013Q4]: patch-doc_crypto_X509__STORE__CTX__get__error.pod Log Message: Pullup ticket #4293 - requested by tron security/openssl: security update Revisions pulled up: - security/openssl/Makefile 1.183 - security/openssl/distinfo 1.101 - security/openssl/patches/patch-doc_crypto_X509__STORE__CTX__get__error.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod 1.2 - security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod 1.2 - security/openssl/patches/patch-doc_ssl_SSL__accept.pod 1.2 - security/openssl/patches/patch-doc_ssl_SSL__connect.pod 1.2 - security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod 1.2 - security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod 1.2 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Fri Jan 10 14:32:42 UTC 2014 Modified Files: pkgsrc/security/openssl: Makefile distinfo pkgsrc/security/openssl/patches: patch-doc_ssl_SSL__CTX__set__client__CA__list.pod patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__connect.pod patch-doc_ssl_SSL__do__handshake.pod patch-doc_ssl_SSL__shutdown.pod Removed Files: pkgsrc/security/openssl/patches: patch-doc_crypto_X509__STORE__CTX__get__error.pod Log Message: Update "openssl" package to version 1.0.1f. Changes since 1.0.1e: - Fix for TLS record tampering bug. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception. Thanks to Anton Johansson for reporting this issues. (CVE-2013-4353) - Keep original DTLS digest and encryption contexts in retransmission structures so we can use the previous session parameters if they need to be resent. (CVE-2013-6450) [Steve Henson] - Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which avoids preferring ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer. [Rob Stradling, Adam Langley] To generate a diff of this commit: cvs rdiff -u -r1.182 -r1.183 pkgsrc/security/openssl/Makefile cvs rdiff -u -r1.100 -r1.101 pkgsrc/security/openssl/distinfo cvs rdiff -u -r1.1 -r0 \ pkgsrc/security/openssl/patches/patch-doc_crypto_X509__STORE__CTX__get__error.pod cvs rdiff -u -r1.1 -r1.2 \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__accept.pod \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__connect.pod \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod To generate a diff of this commit: cvs rdiff -u -r1.182 -r1.182.2.1 pkgsrc/security/openssl/Makefile cvs rdiff -u -r1.100 -r1.100.2.1 pkgsrc/security/openssl/distinfo cvs rdiff -u -r1.1 -r0 \ pkgsrc/security/openssl/patches/patch-doc_crypto_X509__STORE__CTX__get__error.pod cvs rdiff -u -r1.1 -r1.1.6.1 \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__accept.pod \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__connect.pod \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.