CVS commit: pkgsrc/security/openssl

[Tobias Nygren <tnn%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   tnn
Date:           Sun Apr  5 15:50:17 UTC 2009

Modified Files:
        pkgsrc/security/openssl: Makefile distinfo
Removed Files:
        pkgsrc/security/openssl/patches: patch-am

Log Message:
Update to openssl-0.9.8k.

Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
*) Don't set val to NULL when freeing up structures, it is freed up by
   underlying code. If sizeof(void *) > sizeof(long) this can result in
   zeroing past the valid field. (CVE-2009-0789)
*) Fix bug where return value of CMS_SignerInfo_verify_content() was not
   checked correctly. This would allow some invalid signed attributes to
   appear to verify correctly. (CVE-2009-0591)
*) Reject UniversalString and BMPString types with invalid lengths. This
   prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
   a legal length. (CVE-2009-0590)
*) Set S/MIME signing as the default purpose rather than setting it
   unconditionally. This allows applications to override it at the store
   level.
*) Permit restricted recursion of ASN1 strings. This is needed in practice
   to handle some structures.
*) Improve efficiency of mem_gets: don't search whole buffer each time
   for a '\n'
*) New -hex option for openssl rand.
*) Print out UTF8String and NumericString when parsing ASN1.
*) Support NumericString type for name components.
*) Allow CC in the environment to override the automatically chosen
   compiler. Note that nothing is done to ensure flags work with the
   chosen compiler.


To generate a diff of this commit:
cvs rdiff -u -r1.137 -r1.138 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.65 -r1.66 pkgsrc/security/openssl/distinfo
cvs rdiff -u -r1.6 -r0 pkgsrc/security/openssl/patches/patch-am

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.