Update to 1.0.1k:

 Changes between 1.0.1j and 1.0.1k [8 Jan 2015]

  *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
     message can cause a segmentation fault in OpenSSL due to a NULL pointer
     dereference. This could lead to a Denial Of Service attack. Thanks to
     Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
     (CVE-2014-3571)
     [Steve Henson]

  *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the
     dtls1_buffer_record function under certain conditions. In particular this
     could occur if an attacker sent repeated DTLS records with the same
     sequence number but for the next epoch. The memory leak could be exploited
     by an attacker in a Denial of Service attack through memory exhaustion.
     Thanks to Chris Mueller for reporting this issue.
     (CVE-2015-0206)
     [Matt Caswell]

  *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
     built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
     method would be set to NULL which could later result in a NULL pointer
     dereference. Thanks to Frank Schmirler for reporting this issue.
     (CVE-2014-3569)
     [Kurt Roeckx]

  *) Abort handshake if server key exchange message is omitted for ephemeral
     ECDH ciphersuites.

     Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
     reporting this issue.
     (CVE-2014-3572)
     [Steve Henson]

  *) Remove non-export ephemeral RSA code on client and server. This code
     violated the TLS standard by allowing the use of temporary RSA keys in
     non-export ciphersuites and could be used by a server to effectively
     downgrade the RSA key length used to a value smaller than the server
     certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
     INRIA or reporting this issue.
     (CVE-2015-0204)
     [Steve Henson]

  *) Fixed issue where DH client certificates are accepted without verification.
     An OpenSSL server will accept a DH certificate for client authentication
     without the certificate verify message. This effectively allows a client to
     authenticate without the use of a private key. This only affects servers
     which trust a client certificate authority which issues certificates
     containing DH keys: these are extremely rare and hardly ever encountered.
     Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting
     this issue.
     (CVE-2015-0205)
     [Steve Henson]

  *) Ensure that the session ID context of an SSL is updated when its
     SSL_CTX is updated via SSL_set_SSL_CTX.

     The session ID context is typically set from the parent SSL_CTX,
     and can vary with the CTX.
     [Adam Langley]

  *) Fix various certificate fingerprint issues.

     By using non-DER or invalid encodings outside the signed portion of a
     certificate the fingerprint can be changed without breaking the signature.
     Although no details of the signed portion of the certificate can be changed
     this can cause problems with some applications: e.g. those using the
     certificate fingerprint for blacklists.

     1. Reject signatures with non zero unused bits.

     If the BIT STRING containing the signature has non zero unused bits reject
     the signature. All current signature algorithms require zero unused bits.

     2. Check certificate algorithm consistency.

     Check the AlgorithmIdentifier inside TBS matches the one in the
     certificate signature. NB: this will result in signature failure
     errors for some broken certificates.

     Thanks to Konrad Kraszewski from Google for reporting this issue.

     3. Check DSA/ECDSA signatures use DER.

     Reencode DSA/ECDSA signatures and compare with the original received
     signature. Return an error if there is a mismatch.

     This will reject various cases including garbage after signature
     (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
     program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
     (negative or with leading zeroes).

     Further analysis was conducted and fixes were developed by Stephen Henson
     of the OpenSSL core team.

     (CVE-2014-8275)
     [Steve Henson]

   *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
      results on some platforms, including x86_64. This bug occurs at random
      with a very low probability, and is not known to be exploitable in any
      way, though its exact impact is difficult to determine. Thanks to Pieter
      Wuille (Blockstream) who reported this issue and also suggested an initial
      fix. Further analysis was conducted by the OpenSSL development team and
      Adam Langley of Google. The final fix was developed by Andy Polyakov of
      the OpenSSL core team.
      (CVE-2014-3570)
      [Andy Polyakov]

   *) Do not resume sessions on the server if the negotiated protocol
      version does not match the session's version. Resuming with a different
      version, while not strictly forbidden by the RFC, is of questionable
      sanity and breaks all known clients.
      [David Benjamin, Emilia Käsper]

   *) Tighten handling of the ChangeCipherSpec (CCS) message: reject
      early CCS messages during renegotiation. (Note that because
      renegotiation is encrypted, this early CCS was not exploitable.)
      [Emilia Käsper]

   *) Tighten client-side session ticket handling during renegotiation:
      ensure that the client only accepts a session ticket if the server sends
      the extension anew in the ServerHello. Previously, a TLS client would
      reuse the old extension state and thus accept a session ticket if one was
      announced in the initial ServerHello.

      Similarly, ensure that the client requires a session ticket if one
      was advertised in the ServerHello. Previously, a TLS client would
      ignore a missing NewSessionTicket message.
      [Emilia Käsper]

3 files changed, 6 insertions, 22 deletions

diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index 0623049bb88..bf096542b28 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.200 2014/10/15 19:04:40 jperkin Exp $
+# $NetBSD: Makefile,v 1.201 2015/01/08 16:58:25 wiz Exp $
 
-DISTNAME=	openssl-1.0.1j
+DISTNAME=	openssl-1.0.1k
 MASTER_SITES=	http://ftp.openssl.org/source/
 CATEGORIES=	security
 
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index 16308d2ea9d..237b0409acb 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.109 2014/10/15 19:04:40 jperkin Exp $
+$NetBSD: distinfo,v 1.110 2015/01/08 16:58:25 wiz Exp $
 
-SHA1 (openssl-1.0.1j.tar.gz) = cff86857507624f0ad42d922bb6f77c4f1c2b819
-RMD160 (openssl-1.0.1j.tar.gz) = 6b26ea6db32911eaf98a532cafdc6b3a7c1cf358
-Size (openssl-1.0.1j.tar.gz) = 4432964 bytes
+SHA1 (openssl-1.0.1k.tar.gz) = 19d818e202558c212a9583fcdaf876995a633ddf
+RMD160 (openssl-1.0.1k.tar.gz) = e22c085189c6ce640378f0cc67faa512b4b873f2
+Size (openssl-1.0.1k.tar.gz) = 4434910 bytes
 SHA1 (patch-Configure) = f8b8b3ecfa9d23530d13f8f93582db857f772fc4
 SHA1 (patch-Makefile.org) = be55df602286c7f0265a8c5c3d8edaea13b1d966
 SHA1 (patch-Makefile.shared) = 709283ba4bb4bd568e289fe111b8dea319968328
@@ -10,6 +10,5 @@ SHA1 (patch-apps_Makefile) = 745e01fb967979f5105896f8a728fd7a041af6c9
 SHA1 (patch-config) = ac8ced00cfa7d31b84afb08aedc38102fd777824
 SHA1 (patch-crypto_bn_bn__prime.pl) = c07e8ccba319e4260af46e714c3be56f70579fa6
 SHA1 (patch-crypto_des_Makefile) = 31d772eb8c80b577b9cd05337262ddfad297d9b1
-SHA1 (patch-crypto_dso_dso__dlfcn.c) = 065a8254d9c93b17d300a4be9b9a35a919e8b364
 SHA1 (patch-engines_ccgost_Makefile) = 8834074c74abab604ef1ba7959750c22c0ffb6e7
 SHA1 (patch-tools_Makefile) = 6e7324d01c0cd5e290085fe8124315bcac8cf198
diff --git a/security/openssl/patches/patch-crypto_dso_dso__dlfcn.c b/security/openssl/patches/patch-crypto_dso_dso__dlfcn.c
deleted file mode 100644
index 3c43a68e9ac..00000000000
--- a/security/openssl/patches/patch-crypto_dso_dso__dlfcn.c
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-crypto_dso_dso__dlfcn.c,v 1.2 2014/05/13 02:23:11 rodent Exp $
-
-* Debian GNU/kFreeBSD needs _GNU_SOURCE.
-
---- crypto/dso/dso_dlfcn.c.orig	Mon Mar 17 16:14:20 2014
-+++ crypto/dso/dso_dlfcn.c
-@@ -60,7 +60,7 @@
-    that handle _GNU_SOURCE and other similar macros.  Defining it later
-    is simply too late, because those headers are protected from re-
-    inclusion.  */
--#ifdef __linux
-+#if defined(__linux) || defined(__FreeBSD_kernel__)
- # ifndef _GNU_SOURCE
- #  define _GNU_SOURCE	/* make sure dladdr is declared */
- # endif