CVS commit: pkgsrc/security/openssl

["Takahiro Kambe" <taca%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   taca
Date:           Tue Feb  5 15:54:31 UTC 2013

Modified Files:
        pkgsrc/security/openssl: Makefile distinfo

Log Message:
Update openssl to 0.9.8y.

 Changes between 0.9.8x and 0.9.8y [5 Feb 2013]

  *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.

     This addresses the flaw in CBC record processing discovered by
     Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
     at: http://www.isg.rhul.ac.uk/tls/

     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
     Security Group at Royal Holloway, University of London
     (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
     Emilia Käsper for the initial patch.
     (CVE-2013-0169)
     [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]

  *) Return an error when checking OCSP signatures when key is NULL.
     This fixes a DoS attack. (CVE-2013-0166)
     [Steve Henson]

  *) Call OCSP Stapling callback after ciphersuite has been chosen, so
     the right response is stapled. Also change SSL_get_certificate()
     so it returns the certificate actually sent.
     See http://rt.openssl.org/Ticket/Display.html?id=2836.
     (This is a backport)
     [Rob Stradling <rob.stradling%comodo.com@localhost>]

  *) Fix possible deadlock when decoding public keys.
     [Steve Henson]


To generate a diff of this commit:
cvs rdiff -u -r1.171 -r1.172 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.90 -r1.91 pkgsrc/security/openssl/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.