head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.1.0.8
	pkgsrc-2009Q4-base:1.1
	pkgsrc-2009Q3:1.1.0.6
	pkgsrc-2009Q3-base:1.1
	pkgsrc-2009Q2:1.1.0.4
	pkgsrc-2009Q2-base:1.1
	pkgsrc-2009Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2010.02.26.03.15.14;	author taca;	state dead;
branches;
next	1.1;

1.1
date	2009.06.10.13.57.08;	author tez;	state Exp;
branches
	1.1.2.1
	1.1.8.1;
next	;

1.1.2.1
date	2009.06.10.13.57.08;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2009.06.12.11.02.42;	author tron;	state Exp;
branches;
next	;

1.1.8.1
date	2010.03.27.14.44.42;	author tron;	state dead;
branches;
next	;


desc
@@


1.2
log
@Update openssl to 0.9.8m.

   The OpenSSL project team is pleased to announce the release of
   version 0.9.8m of our open source toolkit for SSL/TLS. This new
   OpenSSL version is a security and bugfix release which implements
   RFC5746 to address renegotiation vulnerabilities mentioned in
   CVE-2009-3555.  For a complete list of changes,
   please see http://www.openssl.org/source/exp/CHANGES.
@
text
@$NetBSD: patch-ba,v 1.1 2009/06/10 13:57:08 tez Exp $

Part of CVE-2009-1377 fix.

--- ssl/d1_pkt.c.orig	2009-06-08 18:58:13.784215600 -0500
+++ ssl/d1_pkt.c
@@@@ -167,6 +167,10 @@@@ dtls1_buffer_record(SSL *s, record_pqueu
     DTLS1_RECORD_DATA *rdata;
 	pitem *item;
 
+	/* Limit the size of the queue to prevent DOS attacks */
+	if (pqueue_size(queue->q) >= 100)
+		return 0;
+
 	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
 	item = pitem_new(priority, rdata);
 	if (rdata == NULL || item == NULL)
@


1.1
log
@Patches for CVE-2009-1377, CVE-2009-1378 & CVE-2009-1379 from
http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.9&v2=1.4.2.10
http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.13&v2=1.4.2.15
http://cvs.openssl.org/filediff?f=openssl/crypto/pqueue/pqueue.c&v1=1.2.2.4&v2=1.2.2.5
http://cvs.openssl.org/filediff?f=openssl/crypto/pqueue/pqueue.h&v1=1.2.2.1&v2=1.2.2.2
http://cvs.openssl.org/filediff?f=openssl/ssl/d1_pkt.c&v1=1.4.2.17&v2=1.4.2.18
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.8.1
log
@Pullup ticket #3065 - requested by taca
openssl: security update

Revisions pulled up:
- security/openssl/Makefile			1.144-1.1.146
- security/openssl/PLIST.common			1.17
- security/openssl/distinfo			1.72-1.73
- security/openssl/patches/patch-aa		1.23
- security/openssl/patches/patch-ac		1.38
- security/openssl/patches/patch-af		1.24
- security/openssl/patches/patch-ax		delete
- security/openssl/patches/patch-ay		delete
- security/openssl/patches/patch-az		delete
- security/openssl/patches/patch-ba		delete
- security/openssl/patches/patch-bb		delete
- security/openssl/patches/patch-bc		1.1
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Fri Feb 26 03:15:14 UTC 2010

Modified Files:
	pkgsrc/security/openssl: Makefile distinfo
	pkgsrc/security/openssl/patches: patch-aa patch-ac patch-af
Removed Files:
	pkgsrc/security/openssl/patches: patch-ax patch-ay patch-az patch-ba
	    patch-bb

Log Message:
Update openssl to 0.9.8m.

   The OpenSSL project team is pleased to announce the release of
   version 0.9.8m of our open source toolkit for SSL/TLS. This new
   OpenSSL version is a security and bugfix release which implements
   RFC5746 to address renegotiation vulnerabilities mentioned in
   CVE-2009-3555.  For a complete list of changes,
   please see http://www.openssl.org/source/exp/CHANGES.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Mon Mar  1 08:15:40 UTC 2010

Modified Files:
	pkgsrc/security/openssl: Makefile PLIST.common

Log Message:
Fix broken PLIST.
(I wonder why "make print-PLIST" generated wrong result before...")

Bump PKGREVISION.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Fri Mar 26 00:20:49 UTC 2010

Modified Files:
	pkgsrc/security/openssl: Makefile distinfo
Added Files:
	pkgsrc/security/openssl/patches: patch-bc

Log Message:
Add a patch for Fix for CVE-2010-0740, DoS problem.

http://www.openssl.org/news/secadv_20100324.txt

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD: patch-ba,v 1.1 2009/06/10 13:57:08 tez Exp $
@


1.1.2.1
log
@file patch-ba was added on branch pkgsrc-2009Q1 on 2009-06-12 11:02:42 +0000
@
text
@d1 17
@


1.1.2.2
log
@Pullup ticket #2794 - requested by tez
openssl: security patch

Revisions pulled up:
- security/openssl/Makefile			1.140
- security/openssl/distinfo			1.68
- security/openssl/patches/patch-ax		1.1
- security/openssl/patches/patch-ay		1.1
- security/openssl/patches/patch-az		1.1
- security/openssl/patches/patch-ba		1.1
---
Module Name:    pkgsrc
Committed By:   tez
Date:           Wed Jun 10 13:57:08 UTC 2009

Modified Files:
        pkgsrc/security/openssl: Makefile distinfo
Added Files:
        pkgsrc/security/openssl/patches: patch-ax patch-ay patch-az patch-ba

Log Message:
Patches for CVE-2009-1377, CVE-2009-1378 & CVE-2009-1379 from
http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.9&v2=1.4.2.10
http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.13&v2=1.4.2.15
http://cvs.openssl.org/filediff?f=openssl/crypto/pqueue/pqueue.c&v1=1.2.2.4&v2=1.2.2.5
http://cvs.openssl.org/filediff?f=openssl/crypto/pqueue/pqueue.h&v1=1.2.2.1&v2=1.2.2.2
http://cvs.openssl.org/filediff?f=openssl/ssl/d1_pkt.c&v1=1.4.2.17&v2=1.4.2.18
@
text
@a0 17
$NetBSD: patch-ba,v 1.1 2009/06/10 13:57:08 tez Exp $

Part of CVE-2009-1377 fix.

--- ssl/d1_pkt.c.orig	2009-06-08 18:58:13.784215600 -0500
+++ ssl/d1_pkt.c
@@@@ -167,6 +167,10 @@@@ dtls1_buffer_record(SSL *s, record_pqueu
     DTLS1_RECORD_DATA *rdata;
 	pitem *item;
 
+	/* Limit the size of the queue to prevent DOS attacks */
+	if (pqueue_size(queue->q) >= 100)
+		return 0;
+
 	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
 	item = pitem_new(priority, rdata);
 	if (rdata == NULL || item == NULL)
@