diff options
| author | taca <taca@pkgsrc.org> | 2013-02-05 15:54:30 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2013-02-05 15:54:30 +0000 |
| commit | f0ccca2af0f931fbf2c3dd5fa0d70cbf5b757069 (patch) | |
| tree | 2878f5830289a04d745422e5143fc7597d2e4659 | |
| parent | 7cb410ee43ec95c732587abe3232f928d8361224 (diff) | |
| download | pkgsrc-f0ccca2af0f931fbf2c3dd5fa0d70cbf5b757069.tar.gz | |
Update openssl to 0.9.8y.
Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
*) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
This addresses the flaw in CBC record processing discovered by
Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
at: http://www.isg.rhul.ac.uk/tls/
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
Security Group at Royal Holloway, University of London
(www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
Emilia Käsper for the initial patch.
(CVE-2013-0169)
[Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
*) Return an error when checking OCSP signatures when key is NULL.
This fixes a DoS attack. (CVE-2013-0166)
[Steve Henson]
*) Call OCSP Stapling callback after ciphersuite has been chosen, so
the right response is stapled. Also change SSL_get_certificate()
so it returns the certificate actually sent.
See http://rt.openssl.org/Ticket/Display.html?id=2836.
(This is a backport)
[Rob Stradling <rob.stradling@comodo.com>]
*) Fix possible deadlock when decoding public keys.
[Steve Henson]
| -rw-r--r-- | security/openssl/Makefile | 5 | ||||
| -rw-r--r-- | security/openssl/distinfo | 8 |
2 files changed, 6 insertions, 7 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index e7a24673af0..e842ef04169 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.171 2013/02/01 13:13:22 jperkin Exp $ +# $NetBSD: Makefile,v 1.172 2013/02/05 15:54:30 taca Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty -OPENSSL_VERS?= 0.9.8x +OPENSSL_VERS?= 0.9.8y .if empty(OPENSSL_SNAPSHOT) DISTNAME= openssl-${OPENSSL_VERS} @@ -21,7 +21,6 @@ MASTER_SITES= ftp://ftp.openssl.org/snapshot/ . endif .endif -PKGREVISION= 1 SVR4_PKGNAME= ossl CATEGORIES= security diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 43a28688cd7..87f9647d6e5 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.90 2012/05/22 06:00:11 joerg Exp $ +$NetBSD: distinfo,v 1.91 2013/02/05 15:54:30 taca Exp $ -SHA1 (openssl-0.9.8x.tar.gz) = 8c3be5160513c0af1e558d3f932390ecb16f59e9 -RMD160 (openssl-0.9.8x.tar.gz) = 18a805c177af1667a05104e87acbff97a420864c -Size (openssl-0.9.8x.tar.gz) = 3782486 bytes +SHA1 (openssl-0.9.8y.tar.gz) = 32ec994d626555774548c82e48c5d220bec903c4 +RMD160 (openssl-0.9.8y.tar.gz) = a44d14e32c73ee9451089d06d18d04d8f83660bc +Size (openssl-0.9.8y.tar.gz) = 3785001 bytes SHA1 (patch-aa) = c4b27857698c108fe495fe65ea8857b77e89a655 SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208 SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3 |