Subject: CVS commit: pkgsrc/security/openssl
From: Takahiro Kambe
Date: 2010-01-15 05:55:30
Message id: 20100115045530.CA5BF175DD@cvs.netbsd.org
Log Message:
Update openssl package to 0.9.8l, fixing security problem.
Approved by agc@.

Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]

 *) Disable renegotiation completely - this fixes a severe security
    problem (CVE-2009-3555) at the cost of breaking all
    renegotiation. Renegotiation can be re-enabled by setting
    SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
    run-time. This is really not recommended unless you know what
    you're doing.
    [Ben Laurie]
Files:
RevisionActionfile
1.142modifypkgsrc/security/openssl/Makefile
1.70modifypkgsrc/security/openssl/distinfo
1.22modifypkgsrc/security/openssl/patches/patch-aa
1.37modifypkgsrc/security/openssl/patches/patch-ac
1.23modifypkgsrc/security/openssl/patches/patch-af