./security/openssl, Secure Socket Layer and cryptographic library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2012Q1, Version: 0.9.8x, Package name: openssl-0.9.8x, Maintainer: pkgsrc-users

The OpenSSL Project is a collaborative effort to develop a
robust, commercial-grade, full-featured, and Open Source
toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as
a full-strength general purpose cryptography library. The
project is managed by a worldwide community of volunteers
that use the Internet to communicate, plan, and develop the
OpenSSL toolkit and its related documentation.

MESSAGE.SunOS [+/-]

Required to build:
[lang/perl5] [archivers/gtar-base] [devel/gmake]

Package options: threads

Master sites: (Expand)

SHA1: 8c3be5160513c0af1e558d3f932390ecb16f59e9
RMD160: 18a805c177af1667a05104e87acbff97a420864c
Filesize: 3693.834 KB

Version history: (Expand)

CVS history: (Expand)


   2012-05-11 16:56:49 by Matthias Scheler | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #3782 - requested by taca
security/openssl: security update

Revisions pulled up:
- security/openssl/Makefile                                     1.167
- security/openssl/distinfo                                     1.89

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri May 11 13:27:27 UTC 2012

   Modified Files:
   	pkgsrc/security/openssl: Makefile distinfo

   Log message:
   Update openssl to 0.9.8x.

    OpenSSL CHANGES
    _______________

    Changes between 0.9.8w and 0.9.8x [10 May 2012]

     *) Sanity check record length before skipping explicit IV in DTLS
        to fix DoS attack.

        Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
        fuzzing as a service testing platform.
        (CVE-2012-2333)
        [Steve Henson]

     *) Initialise tkeylen properly when encrypting CMS messages.
        Thanks to Solar Designer of Openwall for reporting this issue.
        [Steve Henson]
   2012-04-24 09:47:28 by Steven Drake | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #3755 - requested by taca
security/openssl security update.

Revisions pulled up:
- security/openssl/Makefile                                     1.166
- security/openssl/distinfo                                     1.88

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Apr 24 05:03:49 UTC 2012

   Modified Files:
   	pkgsrc/security/openssl: Makefile distinfo

   Log message:
   Update openssl package to 0.9.8w.

   Security fix for CVS-2012-2131.

    Changes between 0.9.8v and 0.9.8w [23 Apr 2012]

     *) The fix for CVE-2012-2110 did not take into account that the
        'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
        int in OpenSSL 0.9.8, making it still vulnerable. Fix by
        rejecting negative len parameter. (CVE-2012-2131)
        [Tomas Hoger <thoger@redhat.com>]
   2012-04-22 17:21:43 by S.P.Zeidler | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #3749 - requested by taca
security/openssl: security update

Revisions pulled up:
- security/openssl/Makefile                                     1.165
- security/openssl/distinfo                                     1.87

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Apr 21 07:38:14 UTC 2012

   Modified Files:
   	pkgsrc/security/openssl: Makefile distinfo

   Log message:
   Update openssl package to 0.9.8v.

   NEWS
   ====

   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.

   Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v:

       o Fix for ASN1 overflow bug CVE-2012-2110

   To generate a diff of this commit:
   cvs rdiff -u -r1.164 -r1.165 pkgsrc/security/openssl/Makefile
   cvs rdiff -u -r1.86 -r1.87 pkgsrc/security/openssl/distinfo