pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2011Q4] pkgsrc/security/openssl

Module Name:    pkgsrc
Committed By:   tron
Date:           Wed Mar 14 14:48:33 UTC 2012

Modified Files:
        pkgsrc/security/openssl [pkgsrc-2011Q4]: Makefile distinfo
Removed Files:
        pkgsrc/security/openssl/patches [pkgsrc-2011Q4]: patch-asn_mime.c

Log Message:
Pullup ticket #3702 - requested by taca
security/openssl: security update

Revisions pulled up:
- security/openssl/Makefile                                     1.163
- security/openssl/distinfo                                     1.86
- security/openssl/patches/patch-asn_mime.c                     deleted

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Tue Mar 13 03:11:32 UTC 2012

   Modified Files:
        pkgsrc/security/openssl: Makefile distinfo
   Removed Files:
        pkgsrc/security/openssl/patches: patch-asn_mime.c

   Log Message:
   Update openssl pacakge to 0.9.8u.

    Changes between 0.9.8t and 0.9.8u [12 Mar 2012]

     *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
        in CMS and PKCS7 code. When RSA decryption fails use a random key for
        content decryption and always return the same error. Note: this attack
        needs on average 2^20 messages so it only affects automated senders. The
        old behaviour can be reenabled in the CMS code by setting the
        CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
        an MMA defence is not necessary.
        Thanks to Ivan Nestlerode <inestlerode%us.ibm.com@localhost> for 
discovering
        this issue. (CVE-2012-0884)
        [Steve Henson]

     *) Fix CVE-2011-4619: make sure we really are receiving a
        client hello before rejecting multiple SGC restarts. Thanks to
        Ivan Nestlerode <inestlerode%us.ibm.com@localhost> for discovering this 
bug.
        [Steve Henson]


To generate a diff of this commit:
cvs rdiff -u -r1.159.2.2 -r1.159.2.3 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.83.2.2 -r1.83.2.3 pkgsrc/security/openssl/distinfo
cvs rdiff -u -r1.1.2.2 -r0 pkgsrc/security/openssl/patches/patch-asn_mime.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home | Main Index | Thread Index | Old Index