Subject: CVS commit: [pkgsrc-2011Q4] pkgsrc/security/openssl
From: Matthias Scheler
Date: 2012-03-14 15:48:33
Message id: 20120314144833.A9565175DD@cvs.netbsd.org

Log Message:
Pullup ticket #3702 - requested by taca
security/openssl: security update

Revisions pulled up:
- security/openssl/Makefile                                     1.163
- security/openssl/distinfo                                     1.86
- security/openssl/patches/patch-asn_mime.c                     deleted

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Mar 13 03:11:32 UTC 2012

   Modified Files:
   	pkgsrc/security/openssl: Makefile distinfo
   Removed Files:
   	pkgsrc/security/openssl/patches: patch-asn_mime.c

   Log Message:
   Update openssl pacakge to 0.9.8u.

    Changes between 0.9.8t and 0.9.8u [12 Mar 2012]

     *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
        in CMS and PKCS7 code. When RSA decryption fails use a random key for
        content decryption and always return the same error. Note: this attack
        needs on average 2^20 messages so it only affects automated senders. The
        old behaviour can be reenabled in the CMS code by setting the
        CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
        an MMA defence is not necessary.
        Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
        this issue. (CVE-2012-0884)
        [Steve Henson]

     *) Fix CVE-2011-4619: make sure we really are receiving a
        client hello before rejecting multiple SGC restarts. Thanks to
        Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
        [Steve Henson]

Files:
RevisionActionfile
1.159.2.3modifypkgsrc/security/openssl/Makefile
1.83.2.3modifypkgsrc/security/openssl/distinfo
1.1.2.2removepkgsrc/security/openssl/patches/patch-asn_mime.c