Navigation:
Browse pkgsrc
(this page)| 2014-06-05 04:53:18 by OBATA Akio | Files touched by this commit (1) |
Log message: No reason to require gtar. |
| 2014-05-30 01:38:20 by Thomas Klausner | Files touched by this commit (3049) |
Log message: Bump for perl-5.20.0. Do it for all packages that * mention perl, or * have a directory name starting with p5-*, or * depend on a package starting with p5- like last time, for 5.18, where this didn't lead to complaints. Let me know if you have any this time. |
| 2014-05-18 13:20:53 by OBATA Akio | Files touched by this commit (1) |
Log message: one more catch up to removal of /boot/common on Haiku. |
| 2014-05-18 13:18:17 by OBATA Akio | Files touched by this commit (1) |
Log message: catch up to removal of /boot/common on Haiku. |
| 2014-05-15 11:59:32 by Thomas Klausner | Files touched by this commit (1) |
Log message: Set LICENSE. |
| 2014-05-13 04:23:11 by Blue Rats | Files touched by this commit (30) |
Log message: Fix build on OpenBSD/sparc64. Defuzz patches (sorry if this is annoying). |
| 2014-04-27 03:57:51 by OBATA Akio | Files touched by this commit (1) |
Log message: Remove BUILTIN_PKG.openssl masquerade for NetBSD. We need buitin version to check suficient API, not for security fix. |
| 2014-04-09 01:58:03 by OBATA Akio | Files touched by this commit (1) |
Log message: removed obsolated patche entries. |
2014-04-08 08:20:44 by OBATA Akio | Files touched by this commit (5) |  |
Log message:
Update openssl to 1.0.1g.
(CVE-2014-0076 is already fixed in pkgsrc).
OpenSSL CHANGES
_______________
Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
*) A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller \
<bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
[Adam Langley, Bodo Moeller]
*) Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
[Yuval Yarom and Naomi Benger]
*) TLS pad extension: draft-agl-tls-padding-03
Workaround for the "TLS hang bug" (see FAQ and opensslPR#2771): if the
TLS client Hello record length value would otherwise be > 255 and
less that 512 pad with a dummy extension containing zeroes so it
is at least 512 bytes long.
[Adam Langley, Steve Henson]
|
| 2014-04-08 04:48:38 by OBATA Akio | Files touched by this commit (1) |
Log message: p5-Perl4-CoreLibs is not required for perl<5.16 |
New packages: