Subject: CVS commit: pkgsrc/security/openssl
From: Thomas Klausner
Date: 2021-02-20 09:53:23
Message id: 20210220085323.7FDC9FA95@cvs.NetBSD.org
Log Message:
openssl: update to 1.1.1j.

  Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]

      o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
        function (CVE-2021-23841)
      o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
        padding mode to correctly check for rollback attacks
      o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
        EVP_DecryptUpdate functions (CVE-2021-23840)
      o Fixed SRP_Calc_client_key so that it runs in constant time
Files:
RevisionActionfile
1.268modifypkgsrc/security/openssl/Makefile
1.8modifypkgsrc/security/openssl/PLIST
1.148modifypkgsrc/security/openssl/distinfo