Subject: CVS commit: [pkgsrc-2013Q4] pkgsrc/security/openssl
From: S.P.Zeidler
Date: 2014-01-10 19:00:40
Message id: 20140110180040.1F5C596@cvs.netbsd.org
Log Message:
Pullup ticket #4293 - requested by tron
security/openssl: security update

Revisions pulled up:
- security/openssl/Makefile                                     1.183
- security/openssl/distinfo                                     1.101
- security/openssl/patches/patch-doc_crypto_X509__STORE__CTX__get__error.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod 1.2
- security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod 1.2
- security/openssl/patches/patch-doc_ssl_SSL__accept.pod        1.2
- security/openssl/patches/patch-doc_ssl_SSL__connect.pod       1.2
- security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod 1.2
- security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod      1.2

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Fri Jan 10 14:32:42 UTC 2014

   Modified Files:
   	pkgsrc/security/openssl: Makefile distinfo
   	pkgsrc/security/openssl/patches:
   	    patch-doc_ssl_SSL__CTX__set__client__CA__list.pod
   	    patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod
   	    patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__connect.pod
   	    patch-doc_ssl_SSL__do__handshake.pod
   	    patch-doc_ssl_SSL__shutdown.pod
   Removed Files:
   	pkgsrc/security/openssl/patches:
   	    patch-doc_crypto_X509__STORE__CTX__get__error.pod

   Log Message:
   Update "openssl" package to version 1.0.1f. Changes since 1.0.1e:
   - Fix for TLS record tampering bug. A carefully crafted invalid
     handshake could crash OpenSSL with a NULL pointer exception.
     Thanks to Anton Johansson for reporting this issues.
     (CVE-2013-4353)
   - Keep original DTLS digest and encryption contexts in retransmission
     structures so we can use the previous session parameters if they need
     to be resent. (CVE-2013-6450)
     [Steve Henson]
   - Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
     avoids preferring ECDHE-ECDSA ciphers when the client appears to be
     Safari on OS X.  Safari on OS X 10.8..10.8.3 advertises support for
     several ECDHE-ECDSA ciphers, but fails to negotiate them.  The bug
     is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
     10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
     [Rob Stradling, Adam Langley]

   To generate a diff of this commit:
   cvs rdiff -u -r1.182 -r1.183 pkgsrc/security/openssl/Makefile
   cvs rdiff -u -r1.100 -r1.101 pkgsrc/security/openssl/distinfo
   cvs rdiff -u -r1.1 -r0 \
       \ 
pkgsrc/security/openssl/patches/patch-doc_crypto_X509__STORE__CTX__get__error.po \ 
d
   cvs rdiff -u -r1.1 -r1.2 \
       \ 
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod \ 
\
       \ 
pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod \ 
\
       pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__accept.pod \
       pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__connect.pod \
       pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod \
       pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod
Files:
RevisionActionfile
1.182.2.1modifypkgsrc/security/openssl/Makefile
1.100.2.1modifypkgsrc/security/openssl/distinfo
1.1.6.1modifypkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod
1.1.6.1modifypkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod
1.1.6.1modifypkgsrc/security/openssl/patches/patch-doc_ssl_SSL__accept.pod
1.1.6.1modifypkgsrc/security/openssl/patches/patch-doc_ssl_SSL__connect.pod
1.1.6.1modifypkgsrc/security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod
1.1.6.1modifypkgsrc/security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod
1.1removepkgsrc/security/openssl/patches/patch-doc_crypto_X509__STORE__CTX__get__error.pod