diff options
| author | jperkin <jperkin@pkgsrc.org> | 2015-12-07 15:57:42 +0000 |
|---|---|---|
| committer | jperkin <jperkin@pkgsrc.org> | 2015-12-07 15:57:42 +0000 |
| commit | efb05797da6fd9ed974eda3170da4b63e42269ce (patch) | |
| tree | 35cbeab6bdb10c0e623608a5f4a7f20fb80955ae /security/openssl/distinfo | |
| parent | d6ff1b3c4487e6534c45c37b4844f3e5a9d3043c (diff) | |
| download | pkgsrc-efb05797da6fd9ed974eda3170da4b63e42269ce.tar.gz | |
Update security/openssl to 1.0.2e.
pkgsrc changes:
- We now need to run 'make depend' after configure to pick up algorithm
selection changes.
Upstream changes:
Changes between 1.0.2d and 1.0.2e [3 Dec 2015]
*) BN_mod_exp may produce incorrect results on x86_64
There is a carry propagating bug in the x86_64 Montgomery squaring
procedure. No EC algorithms are affected. Analysis suggests that attacks
against RSA and DSA as a result of this defect would be very difficult to
perform and are not believed likely. Attacks against DH are considered just
feasible (although very difficult) because most of the work necessary to
deduce information about a private key may be performed offline. The amount
of resources required for such an attack would be very significant and
likely only accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients. For example this can occur by
default in OpenSSL DHE based SSL/TLS ciphersuites.
This issue was reported to OpenSSL by Hanno Böck.
(CVE-2015-3193)
[Andy Polyakov]
*) Certificate verify crash with missing PSS parameter
The signature verification routines will crash with a NULL pointer
dereference if presented with an ASN.1 signature using the RSA PSS
algorithm and absent mask generation function parameter. Since these
routines are used to verify certificate signature algorithms this can be
used to crash any certificate verification operation and exploited in a
DoS attack. Any application which performs certificate verification is
vulnerable including OpenSSL clients and servers which enable client
authentication.
This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG).
(CVE-2015-3194)
[Stephen Henson]
*) X509_ATTRIBUTE memory leak
When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
memory. This structure is used by the PKCS#7 and CMS routines so any
application which reads PKCS#7 or CMS data from untrusted sources is
affected. SSL/TLS is not affected.
This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
libFuzzer.
(CVE-2015-3195)
[Stephen Henson]
*) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
This changes the decoding behaviour for some invalid messages,
though the change is mostly in the more lenient direction, and
legacy behaviour is preserved as much as possible.
[Emilia Käsper]
*) In DSA_generate_parameters_ex, if the provided seed is too short,
return an error
[Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]
Diffstat (limited to 'security/openssl/distinfo')
| -rw-r--r-- | security/openssl/distinfo | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 0c23287c62f..57c0311e2e4 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.117 2015/11/04 01:17:52 agc Exp $ +$NetBSD: distinfo,v 1.118 2015/12/07 15:57:42 jperkin Exp $ -SHA1 (openssl-1.0.2d.tar.gz) = d01d17b44663e8ffa6a33a5a30053779d9593c3d -RMD160 (openssl-1.0.2d.tar.gz) = a4389911e5f7436dc2f52e4968eb613a11e33027 -SHA512 (openssl-1.0.2d.tar.gz) = 68a051e92aaed0e7a8b218c185427c534c32f30f50c45f5d2c1f5b7a26d1416e83863d2953c77486acde3b636a148f39faf48246d28a207607ec069f62b13d75 -Size (openssl-1.0.2d.tar.gz) = 5295447 bytes +SHA1 (openssl-1.0.2e.tar.gz) = 2c5691496761cb18f98476eefa4d35c835448fb6 +RMD160 (openssl-1.0.2e.tar.gz) = 324ed411043364af2ea908124225eece7d604a94 +SHA512 (openssl-1.0.2e.tar.gz) = b73f114a117ccab284cf5891dac050e3016d28e0b1fc71639442cdb42accef676115af90a12deff4bcc1f599cc0cbdeb38142cbf4570bd7d03634786ad32c95f +Size (openssl-1.0.2e.tar.gz) = 5256555 bytes SHA1 (patch-Configure) = ce5f4ab244f49d3a556b1123190f2424b38fd789 SHA1 (patch-Makefile.org) = 72f023aeead660decaa09b6664936bd73a214069 SHA1 (patch-Makefile.shared) = effbea94f9e7f399f4f46542bed6d54fc42748e6 |