Subject: CVS commit: pkgsrc/security/openssl
From: Matthias Scheler
Date: 2014-01-10 15:32:42
Message id: 20140110143242.6B46F96@cvs.netbsd.org
Log Message:
Update "openssl" package to version 1.0.1f. Changes since 1.0.1e:
- Fix for TLS record tampering bug. A carefully crafted invalid
  handshake could crash OpenSSL with a NULL pointer exception.
  Thanks to Anton Johansson for reporting this issues.
  (CVE-2013-4353)
- Keep original DTLS digest and encryption contexts in retransmission
  structures so we can use the previous session parameters if they need
  to be resent. (CVE-2013-6450)
  [Steve Henson]
- Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
  avoids preferring ECDHE-ECDSA ciphers when the client appears to be
  Safari on OS X.  Safari on OS X 10.8..10.8.3 advertises support for
  several ECDHE-ECDSA ciphers, but fails to negotiate them.  The bug
  is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
  10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
  [Rob Stradling, Adam Langley]
Files:
RevisionActionfile
1.183modifypkgsrc/security/openssl/Makefile
1.101modifypkgsrc/security/openssl/distinfo
1.2modifypkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod
1.2modifypkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod
1.2modifypkgsrc/security/openssl/patches/patch-doc_ssl_SSL__accept.pod
1.2modifypkgsrc/security/openssl/patches/patch-doc_ssl_SSL__connect.pod
1.2modifypkgsrc/security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod
1.2modifypkgsrc/security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod
1.1removepkgsrc/security/openssl/patches/patch-doc_crypto_X509__STORE__CTX__get__error.pod