pkgsrc.se | The NetBSD package collection

./security/openssl, Secure Socket Layer and cryptographic library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2012Q4, Version: 0.9.8y, Package name: openssl-0.9.8y, Maintainer: pkgsrc-users

The OpenSSL Project is a collaborative effort to develop a
robust, commercial-grade, full-featured, and Open Source
toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as
a full-strength general purpose cryptography library. The
project is managed by a worldwide community of volunteers
that use the Internet to communicate, plan, and develop the
OpenSSL toolkit and its related documentation.

MESSAGE.SunOS [+/-]

Required to build:
[archivers/gtar-base] [devel/gmake] [devel/p5-Perl4-CoreLibs] [lang/perl5]

Package options: threads

Master sites: (Expand)

SHA1: 32ec994d626555774548c82e48c5d220bec903c4
RMD160: a44d14e32c73ee9451089d06d18d04d8f83660bc
Filesize: 3696.29 KB

Version history: (Expand)

(2013-02-08) Updated to version: openssl-0.9.8y
(2013-01-06) Package added to pkgsrc.se, version openssl-0.9.8xnb1 (created)

CVS history: (Expand)

2013-02-08 17:19:00 by Matthias Scheler | Files touched by this commit (2) | Package updated

Log message:
Pullup ticket #4055 - requested by taca
security/openssl: security update

Revisions pulled up:
- security/openssl/Makefile                                     1.172
- security/openssl/distinfo                                     1.91

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Feb  5 15:54:31 UTC 2013

   Modified Files:
   	pkgsrc/security/openssl: Makefile distinfo

   Log message:
   Update openssl to 0.9.8y.

    Changes between 0.9.8x and 0.9.8y [5 Feb 2013]

     *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time=
   .=

        This addresses the flaw in CBC record processing discovered by
        Nadhem Alfardan and Kenny Paterson. Details of this attack can be =
   found
        at: http://www.isg.rhul.ac.uk/tls/

        Thanks go to Nadhem Alfardan and Kenny Paterson of the Information=

        Security Group at Royal Holloway, University of London
        (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley an=
   d
        Emilia K=E4sper for the initial patch.
        (CVE-2013-0169)
        [Emilia K=E4sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve H=
   enson]

     *) Return an error when checking OCSP signatures when key is NULL.
        This fixes a DoS attack. (CVE-2013-0166)
        [Steve Henson]

     *) Call OCSP Stapling callback after ciphersuite has been chosen, so
        the right response is stapled. Also change SSL_get_certificate()
        so it returns the certificate actually sent.
        See http://rt.openssl.org/Ticket/Display.html?id=3D2836.
        (This is a backport)
        [Rob Stradling <rob.stradling@comodo.com>]

     *) Fix possible deadlock when decoding public keys.
        [Steve Henson]