pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2012Q4] pkgsrc/security/openssl

Module Name:    pkgsrc
Committed By:   tron
Date:           Fri Feb  8 16:19:00 UTC 2013

Modified Files:
        pkgsrc/security/openssl [pkgsrc-2012Q4]: Makefile distinfo

Log Message:
Pullup ticket #4055 - requested by taca
security/openssl: security update

Revisions pulled up:
- security/openssl/Makefile                                     1.172
- security/openssl/distinfo                                     1.91

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Tue Feb  5 15:54:31 UTC 2013

   Modified Files:
        pkgsrc/security/openssl: Makefile distinfo

   Log Message:
   Update openssl to 0.9.8y.

    Changes between 0.9.8x and 0.9.8y [5 Feb 2013]

     *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time=
   .=

        This addresses the flaw in CBC record processing discovered by
        Nadhem Alfardan and Kenny Paterson. Details of this attack can be =
   found
        at: http://www.isg.rhul.ac.uk/tls/

        Thanks go to Nadhem Alfardan and Kenny Paterson of the Information=

        Security Group at Royal Holloway, University of London
        (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley an=
   d
        Emilia K=E4sper for the initial patch.
        (CVE-2013-0169)
        [Emilia K=E4sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve H=
   enson]

     *) Return an error when checking OCSP signatures when key is NULL.
        This fixes a DoS attack. (CVE-2013-0166)
        [Steve Henson]

     *) Call OCSP Stapling callback after ciphersuite has been chosen, so
        the right response is stapled. Also change SSL_get_certificate()
        so it returns the certificate actually sent.
        See http://rt.openssl.org/Ticket/Display.html?id=3D2836.
        (This is a backport)
        [Rob Stradling <rob.stradling%comodo.com@localhost>]

     *) Fix possible deadlock when decoding public keys.
        [Steve Henson]


To generate a diff of this commit:
cvs rdiff -u -r1.170 -r1.170.2.1 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.90 -r1.90.6.1 pkgsrc/security/openssl/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home | Main Index | Thread Index | Old Index