Subject: CVS commit: [pkgsrc-2014Q1] pkgsrc/security/openssl
From: Matthias Scheler
Date: 2014-04-08 12:09:27
Message id: 20140408100927.1498196@cvs.netbsd.org

Log Message:
Pullup ticket #4359 - requested by obache
security/openssl: security update

Revisions pulled up:
- security/openssl/Makefile                                     1.186-1.188
- security/openssl/distinfo                                     1.103-1.104
- security/openssl/patches/patch-Configure                      1.1
- security/openssl/patches/patch-Makefile.org                   1.1
- security/openssl/patches/patch-Makefile.shared                1.1
- security/openssl/patches/patch-aa                             deleted
- security/openssl/patches/patch-ac                             deleted
- security/openssl/patches/patch-ad                             deleted
- security/openssl/patches/patch-ae                             deleted
- security/openssl/patches/patch-af                             deleted
- security/openssl/patches/patch-ag                             deleted
- security/openssl/patches/patch-ak                             deleted
- security/openssl/patches/patch-apps_Makefile                  1.1
- security/openssl/patches/patch-config                         1.1
- security/openssl/patches/patch-crypto_bn_bn__prime.pl         1.1
- security/openssl/patches/patch-tools_Makefile                 1.1

---
   Module Name:	pkgsrc
   Committed By:	he
   Date:		Wed Apr  2 12:11:35 UTC 2014

   Modified Files:
   	pkgsrc/security/openssl: Makefile distinfo
   Added Files:
   	pkgsrc/security/openssl/patches: patch-Configure patch-Makefile.org
   	    patch-Makefile.shared patch-apps_Makefile patch-config
   	    patch-crypto_bn_bn.h patch-crypto_bn_bn__lib.c
   	    patch-crypto_bn_bn__prime.pl patch-crypto_ec_ec2__mult.c
   	    patch-tools_Makefile
   Removed Files:
   	pkgsrc/security/openssl/patches: patch-aa patch-ac patch-ad patch-ae
   	    patch-af patch-ag patch-ak

   Log Message:
   Rename all remaining patch-?? files using the newer naming convention.

   Add a fix for CVE-2014-0076:

     Fix for the attack described in the paper "Recovering OpenSSL
     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
     by Yuval Yarom and Naomi Benger. Details can be obtained from:
     http://eprint.iacr.org/2014/140

     Thanks to Yuval Yarom and Naomi Benger for discovering this
     flaw and to Yuval Yarom for supplying a fix.

   Fix from culled from
   http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f
   91e57d247d0fc667aef29

   Bump PKGREVISION.

---
   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Tue Apr  8 02:48:38 UTC 2014

   Modified Files:
   	pkgsrc/security/openssl: Makefile

   Log Message:
   p5-Perl4-CoreLibs is not required for perl<5.16

---
   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Tue Apr  8 06:20:44 UTC 2014

   Modified Files:
   	pkgsrc/security/openssl: Makefile distinfo
   Removed Files:
   	pkgsrc/security/openssl/patches: patch-crypto_bn_bn.h
   	    patch-crypto_bn_bn__lib.c patch-crypto_ec_ec2__mult.c

   Log Message:
   Update openssl to 1.0.1g.
   (CVE-2014-0076 is already fixed in pkgsrc).

    OpenSSL CHANGES
    _______________

    Changes between 1.0.1f and 1.0.1g [7 Apr 2014]

     *) A missing bounds check in the handling of the TLS heartbeat extension
        can be used to reveal up to 64k of memory to a connected client or
        server.

        Thanks for Neel Mehta of Google Security for discovering this bug and
   to
        Adam Langley <agl@chromium.org> and Bodo Moeller \ 
<bmoeller@acm.org> for
        preparing the fix (CVE-2014-0160)
        [Adam Langley, Bodo Moeller]

     *) Fix for the attack described in the paper "Recovering OpenSSL
        ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
        by Yuval Yarom and Naomi Benger. Details can be obtained from:
        http://eprint.iacr.org/2014/140

        Thanks to Yuval Yarom and Naomi Benger for discovering this
        flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
        [Yuval Yarom and Naomi Benger]

     *) TLS pad extension: draft-agl-tls-padding-03

        Workaround for the "TLS hang bug" (see FAQ and \ 
opensslPR#2771): if the
        TLS client Hello record length value would otherwise be > 255 and
        less that 512 pad with a dummy extension containing zeroes so it
        is at least 512 bytes long.

        [Adam Langley, Steve Henson]

Files:
RevisionActionfile
1.185.2.1modifypkgsrc/security/openssl/Makefile
1.102.2.1modifypkgsrc/security/openssl/distinfo
1.1.2.2addpkgsrc/security/openssl/patches/patch-Configure
1.1.2.2addpkgsrc/security/openssl/patches/patch-Makefile.org
1.1.2.2addpkgsrc/security/openssl/patches/patch-Makefile.shared
1.1.2.2addpkgsrc/security/openssl/patches/patch-apps_Makefile
1.1.2.2addpkgsrc/security/openssl/patches/patch-config
1.1.2.2addpkgsrc/security/openssl/patches/patch-crypto_bn_bn__prime.pl
1.1.2.2addpkgsrc/security/openssl/patches/patch-tools_Makefile
1.27removepkgsrc/security/openssl/patches/patch-aa
1.43removepkgsrc/security/openssl/patches/patch-ac
1.16removepkgsrc/security/openssl/patches/patch-ad
1.8removepkgsrc/security/openssl/patches/patch-ae
1.26removepkgsrc/security/openssl/patches/patch-af
1.12removepkgsrc/security/openssl/patches/patch-ag
1.6removepkgsrc/security/openssl/patches/patch-ak