Log message:
Pullup ticket #4055 - requested by taca
security/openssl: security update

Revisions pulled up:
- security/openssl/Makefile                                     1.172
- security/openssl/distinfo                                     1.91

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Feb  5 15:54:31 UTC 2013

   Modified Files:
   	pkgsrc/security/openssl: Makefile distinfo

   Log message:
   Update openssl to 0.9.8y.

    Changes between 0.9.8x and 0.9.8y [5 Feb 2013]

     *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time=
   .=

        This addresses the flaw in CBC record processing discovered by
        Nadhem Alfardan and Kenny Paterson. Details of this attack can be =
   found
        at: http://www.isg.rhul.ac.uk/tls/

        Thanks go to Nadhem Alfardan and Kenny Paterson of the Information=

        Security Group at Royal Holloway, University of London
        (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley an=
   d
        Emilia K=E4sper for the initial patch.
        (CVE-2013-0169)
        [Emilia K=E4sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve H=
   enson]

     *) Return an error when checking OCSP signatures when key is NULL.
        This fixes a DoS attack. (CVE-2013-0166)
        [Steve Henson]

     *) Call OCSP Stapling callback after ciphersuite has been chosen, so
        the right response is stapled. Also change SSL_get_certificate()
        so it returns the certificate actually sent.
        See http://rt.openssl.org/Ticket/Display.html?id=3D2836.
        (This is a backport)
        [Rob Stradling <rob.stradling@comodo.com>]

     *) Fix possible deadlock when decoding public keys.
        [Steve Henson]