Navigation:
Browse pkgsrc
(this page)| 2012-05-22 08:00:11 by Joerg Sonnenberger | Files touched by this commit (2) |
Log message: Fix build on NetBSD/amd64, if the kernel was built on a host with 386 in its name. |
| 2012-05-11 15:27:27 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Update openssl to 0.9.8x.
OpenSSL CHANGES
_______________
Changes between 0.9.8w and 0.9.8x [10 May 2012]
*) Sanity check record length before skipping explicit IV in DTLS
to fix DoS attack.
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
[Steve Henson]
*) Initialise tkeylen properly when encrypting CMS messages.
Thanks to Solar Designer of Openwall for reporting this issue.
[Steve Henson]
|
| 2012-04-24 07:03:49 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Update openssl package to 0.9.8w.
Security fix for CVS-2012-2131.
Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
*) The fix for CVE-2012-2110 did not take into account that the
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter. (CVE-2012-2131)
[Tomas Hoger <thoger@redhat.com>]
|
| 2012-04-21 09:38:14 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Update openssl package to 0.9.8v.
NEWS
====
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v:
o Fix for ASN1 overflow bug CVE-2012-2110
|
| 2012-03-14 23:48:59 by Christoph Egger | Files touched by this commit (1) |
Log message: configure script expects darwin-ppc-cc and not darwin-powerpc-cc. 'should be ok' joerg@ |
| 2012-03-13 04:11:32 by Takahiro Kambe | Files touched by this commit (3) |
Log message:
Update openssl pacakge to 0.9.8u.
Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
in CMS and PKCS7 code. When RSA decryption fails use a random key for
content decryption and always return the same error. Note: this attack
needs on average 2^20 messages so it only affects automated senders. The
old behaviour can be reenabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
an MMA defence is not necessary.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
[Steve Henson]
*) Fix CVE-2011-4619: make sure we really are receiving a
client hello before rejecting multiple SGC restarts. Thanks to
Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
[Steve Henson]
|
| 2012-03-05 01:26:55 by Fredrik Pettai | Files touched by this commit (3) |
Log message: Add fix for CVE-2006-7250 |
| 2012-01-31 06:51:52 by Jens Rehsack | Files touched by this commit (1) |
Log message: add HP-UX handling for Configure parameters |
| 2012-01-20 18:07:39 by Matthias Drochner | Files touched by this commit (3) |
Log message: remove restrictions related to idea and mdc2 patents - both are expired |
| 2012-01-19 01:51:23 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Update security/openssl package to 0.9.8t.
OpenSSL CHANGES
_______________
Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
*) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
[Antonio Martin]
|
New packages: