Subject: CVS commit: pkgsrc/security/openssl
From: Takahiro Kambe
Date: 2012-03-13 04:11:32
Message id: 20120313031132.623C0175DD@cvs.netbsd.org
Log Message:
Update openssl pacakge to 0.9.8u.

 Changes between 0.9.8t and 0.9.8u [12 Mar 2012]

  *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
     in CMS and PKCS7 code. When RSA decryption fails use a random key for
     content decryption and always return the same error. Note: this attack
     needs on average 2^20 messages so it only affects automated senders. The
     old behaviour can be reenabled in the CMS code by setting the
     CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
     an MMA defence is not necessary.
     Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
     this issue. (CVE-2012-0884)
     [Steve Henson]

  *) Fix CVE-2011-4619: make sure we really are receiving a
     client hello before rejecting multiple SGC restarts. Thanks to
     Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
     [Steve Henson]
Files:
RevisionActionfile
1.163modifypkgsrc/security/openssl/Makefile
1.86modifypkgsrc/security/openssl/distinfo
1.1removepkgsrc/security/openssl/patches/patch-asn_mime.c