pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2014Q1] pkgsrc/security/openssl
Module Name: pkgsrc
Committed By: tron
Date: Tue Apr 8 10:09:27 UTC 2014
Modified Files:
pkgsrc/security/openssl [pkgsrc-2014Q1]: Makefile distinfo
Added Files:
pkgsrc/security/openssl/patches [pkgsrc-2014Q1]: patch-Configure
patch-Makefile.org patch-Makefile.shared patch-apps_Makefile
patch-config patch-crypto_bn_bn__prime.pl patch-tools_Makefile
Removed Files:
pkgsrc/security/openssl/patches [pkgsrc-2014Q1]: patch-aa patch-ac
patch-ad patch-ae patch-af patch-ag patch-ak
Log Message:
Pullup ticket #4359 - requested by obache
security/openssl: security update
Revisions pulled up:
- security/openssl/Makefile 1.186-1.188
- security/openssl/distinfo 1.103-1.104
- security/openssl/patches/patch-Configure 1.1
- security/openssl/patches/patch-Makefile.org 1.1
- security/openssl/patches/patch-Makefile.shared 1.1
- security/openssl/patches/patch-aa deleted
- security/openssl/patches/patch-ac deleted
- security/openssl/patches/patch-ad deleted
- security/openssl/patches/patch-ae deleted
- security/openssl/patches/patch-af deleted
- security/openssl/patches/patch-ag deleted
- security/openssl/patches/patch-ak deleted
- security/openssl/patches/patch-apps_Makefile 1.1
- security/openssl/patches/patch-config 1.1
- security/openssl/patches/patch-crypto_bn_bn__prime.pl 1.1
- security/openssl/patches/patch-tools_Makefile 1.1
---
Module Name: pkgsrc
Committed By: he
Date: Wed Apr 2 12:11:35 UTC 2014
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Added Files:
pkgsrc/security/openssl/patches: patch-Configure patch-Makefile.org
patch-Makefile.shared patch-apps_Makefile patch-config
patch-crypto_bn_bn.h patch-crypto_bn_bn__lib.c
patch-crypto_bn_bn__prime.pl patch-crypto_ec_ec2__mult.c
patch-tools_Makefile
Removed Files:
pkgsrc/security/openssl/patches: patch-aa patch-ac patch-ad patch-ae
patch-af patch-ag patch-ak
Log Message:
Rename all remaining patch-?? files using the newer naming convention.
Add a fix for CVE-2014-0076:
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
Fix from culled from
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f
91e57d247d0fc667aef29
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: obache
Date: Tue Apr 8 02:48:38 UTC 2014
Modified Files:
pkgsrc/security/openssl: Makefile
Log Message:
p5-Perl4-CoreLibs is not required for perl<5.16
---
Module Name: pkgsrc
Committed By: obache
Date: Tue Apr 8 06:20:44 UTC 2014
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Removed Files:
pkgsrc/security/openssl/patches: patch-crypto_bn_bn.h
patch-crypto_bn_bn__lib.c patch-crypto_ec_ec2__mult.c
Log Message:
Update openssl to 1.0.1g.
(CVE-2014-0076 is already fixed in pkgsrc).
OpenSSL CHANGES
_______________
Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
*) A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.
Thanks for Neel Mehta of Google Security for discovering this bug and
to
Adam Langley <agl%chromium.org@localhost> and Bodo Moeller
<bmoeller%acm.org@localhost> for
preparing the fix (CVE-2014-0160)
[Adam Langley, Bodo Moeller]
*) Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
[Yuval Yarom and Naomi Benger]
*) TLS pad extension: draft-agl-tls-padding-03
Workaround for the "TLS hang bug" (see FAQ and opensslPR#2771): if the
TLS client Hello record length value would otherwise be > 255 and
less that 512 pad with a dummy extension containing zeroes so it
is at least 512 bytes long.
[Adam Langley, Steve Henson]
To generate a diff of this commit:
cvs rdiff -u -r1.185 -r1.185.2.1 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.102 -r1.102.2.1 pkgsrc/security/openssl/distinfo
cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/security/openssl/patches/patch-Configure \
pkgsrc/security/openssl/patches/patch-Makefile.org \
pkgsrc/security/openssl/patches/patch-Makefile.shared \
pkgsrc/security/openssl/patches/patch-apps_Makefile \
pkgsrc/security/openssl/patches/patch-config \
pkgsrc/security/openssl/patches/patch-crypto_bn_bn__prime.pl \
pkgsrc/security/openssl/patches/patch-tools_Makefile
cvs rdiff -u -r1.27 -r0 pkgsrc/security/openssl/patches/patch-aa
cvs rdiff -u -r1.43 -r0 pkgsrc/security/openssl/patches/patch-ac
cvs rdiff -u -r1.16 -r0 pkgsrc/security/openssl/patches/patch-ad
cvs rdiff -u -r1.8 -r0 pkgsrc/security/openssl/patches/patch-ae
cvs rdiff -u -r1.26 -r0 pkgsrc/security/openssl/patches/patch-af
cvs rdiff -u -r1.12 -r0 pkgsrc/security/openssl/patches/patch-ag
cvs rdiff -u -r1.6 -r0 pkgsrc/security/openssl/patches/patch-ak
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index