head 1.4; access; symbols pkgsrc-2014Q1:1.2.0.2 pkgsrc-2014Q1-base:1.2 pkgsrc-2013Q4:1.1.0.6 pkgsrc-2013Q4-base:1.1 pkgsrc-2013Q3:1.1.0.4 pkgsrc-2013Q3-base:1.1 pkgsrc-2013Q2:1.1.0.2 pkgsrc-2013Q2-base:1.1; locks; strict; comment @# @; 1.4 date 2014.06.05.12.16.06; author wiz; state dead; branches; next 1.3; commitid fSIXqk5VIwFHvkDx; 1.3 date 2014.05.13.02.23.11; author rodent; state Exp; branches; next 1.2; commitid QFZ8cokjTyXXXjAx; 1.2 date 2014.01.10.14.32.42; author tron; state Exp; branches 1.2.2.1; next 1.1; commitid VjMSlVwAFOByXzkx; 1.1 date 2013.06.01.08.03.55; author sbd; state Exp; branches 1.1.6.1; next ; commitid VvPiTHUU9FdBYSRw; 1.2.2.1 date 2014.06.05.13.20.18; author tron; state dead; branches; next ; commitid rYQdXVHE8mUKRkDx; 1.1.6.1 date 2014.01.10.18.00.40; author spz; state Exp; branches; next ; commitid 53lydeYMd6LT6Bkx; desc @@ 1.4 log @Update to 1.0.1h: Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] o Fix for CVE-2014-0224 o Fix for CVE-2014-0221 o Fix for CVE-2014-0195 o Fix for CVE-2014-3470 o Fix for CVE-2010-5298 @ text @$NetBSD: patch-doc_ssl_SSL__connect.pod,v 1.3 2014/05/13 02:23:11 rodent Exp $ Fix openssl pod docs to work with the very picky pod2man from perl-5.18.0. --- doc/ssl/SSL_connect.pod.orig Mon Mar 17 16:14:20 2014 +++ doc/ssl/SSL_connect.pod @@@@ -41,13 +41,13 @@@@ The following return values can occur: =over 4 -=item 0 +=item Z<>0 The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value B to find out the reason. -=item 1 +=item Z<>1 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. @ 1.3 log @Fix build on OpenBSD/sparc64. Defuzz patches (sorry if this is annoying). @ text @d1 1 a1 1 $NetBSD: patch-doc_ssl_SSL__connect.pod,v 1.2 2014/01/10 14:32:42 tron Exp $ @ 1.2 log @Update "openssl" package to version 1.0.1f. Changes since 1.0.1e: - Fix for TLS record tampering bug. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception. Thanks to Anton Johansson for reporting this issues. (CVE-2013-4353) - Keep original DTLS digest and encryption contexts in retransmission structures so we can use the previous session parameters if they need to be resent. (CVE-2013-6450) [Steve Henson] - Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which avoids preferring ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer. [Rob Stradling, Adam Langley] @ text @d1 1 a1 1 $NetBSD: patch-doc_ssl_SSL__connect.pod,v 1.1 2013/06/01 08:03:55 sbd Exp $ d5 3 a7 3 --- doc/ssl/SSL_connect.pod.orig 2014-01-06 13:47:42.000000000 +0000 +++ doc/ssl/SSL_connect.pod 2014-01-10 13:30:56.000000000 +0000 @@@@ -41,13 +41,13 @@@@ @ 1.2.2.1 log @Pullup ticket #4431 - requested by wiz security/openssl: security update Revisions pulled up: - security/openssl/Makefile 1.193 - security/openssl/builtin.mk 1.42 - security/openssl/distinfo 1.106-1.107 - security/openssl/patches/patch-Configure 1.2 - security/openssl/patches/patch-Makefile.org 1.2 - security/openssl/patches/patch-Makefile.shared 1.2 - security/openssl/patches/patch-apps_Makefile 1.2 - security/openssl/patches/patch-config 1.2 - security/openssl/patches/patch-crypto_bn_bn__prime.pl 1.2 - security/openssl/patches/patch-crypto_des_Makefile 1.1 - security/openssl/patches/patch-crypto_dso_dso__dlfcn.c 1.2 - security/openssl/patches/patch-doc_apps_cms.pod deleted - security/openssl/patches/patch-doc_apps_smine.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__COMP__add__compression__method.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__CTX__add__session.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__CTX__load__verify__locations.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__CTX__set__session__id__context.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__CTX__set__ssl__version.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__accept.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__clear.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__connect.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__read.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__session__reused.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__set__fd.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__set__session.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__write.pod deleted - security/openssl/patches/patch-engines_ccgost_Makefile 1.2 - security/openssl/patches/patch-tools_Makefile 1.2 --- Module Name: pkgsrc Committed By: rodent Date: Tue May 13 02:23:11 UTC 2014 Modified Files: pkgsrc/security/openssl: distinfo pkgsrc/security/openssl/patches: patch-Configure patch-Makefile.org patch-Makefile.shared patch-apps_Makefile patch-config patch-crypto_bn_bn__prime.pl patch-crypto_dso_dso__dlfcn.c patch-doc_apps_cms.pod patch-doc_apps_smine.pod patch-doc_ssl_SSL__COMP__add__compression__method.pod patch-doc_ssl_SSL__CTX__add__session.pod patch-doc_ssl_SSL__CTX__load__verify__locations.pod patch-doc_ssl_SSL__CTX__set__client__CA__list.pod patch-doc_ssl_SSL__CTX__set__session__id__context.pod patch-doc_ssl_SSL__CTX__set__ssl__version.pod patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__clear.pod patch-doc_ssl_SSL__connect.pod patch-doc_ssl_SSL__do__handshake.pod patch-doc_ssl_SSL__read.pod patch-doc_ssl_SSL__session__reused.pod patch-doc_ssl_SSL__set__fd.pod patch-doc_ssl_SSL__set__session.pod patch-doc_ssl_SSL__shutdown.pod patch-doc_ssl_SSL__write.pod patch-engines_ccgost_Makefile patch-tools_Makefile Added Files: pkgsrc/security/openssl/patches: patch-crypto_des_Makefile Log Message: Fix build on OpenBSD/sparc64. Defuzz patches (sorry if this is annoying). --- Module Name: pkgsrc Committed By: wiz Date: Thu Jun 5 12:16:06 UTC 2014 Modified Files: pkgsrc/security/openssl: Makefile builtin.mk distinfo Removed Files: pkgsrc/security/openssl/patches: patch-doc_apps_cms.pod patch-doc_apps_smine.pod patch-doc_ssl_SSL__COMP__add__compression__method.pod patch-doc_ssl_SSL__CTX__add__session.pod patch-doc_ssl_SSL__CTX__load__verify__locations.pod patch-doc_ssl_SSL__CTX__set__client__CA__list.pod patch-doc_ssl_SSL__CTX__set__session__id__context.pod patch-doc_ssl_SSL__CTX__set__ssl__version.pod patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__clear.pod patch-doc_ssl_SSL__connect.pod patch-doc_ssl_SSL__do__handshake.pod patch-doc_ssl_SSL__read.pod patch-doc_ssl_SSL__session__reused.pod patch-doc_ssl_SSL__set__fd.pod patch-doc_ssl_SSL__set__session.pod patch-doc_ssl_SSL__shutdown.pod patch-doc_ssl_SSL__write.pod Log Message: Update to 1.0.1h: Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] o Fix for CVE-2014-0224 o Fix for CVE-2014-0221 o Fix for CVE-2014-0195 o Fix for CVE-2014-3470 o Fix for CVE-2010-5298 @ text @d1 1 a1 1 $NetBSD: patch-doc_ssl_SSL__connect.pod,v 1.2 2014/01/10 14:32:42 tron Exp $ @ 1.1 log @Fix openssl pod docs to work with the very picky pod2man from perl-5.18.0. @ text @d1 1 a1 1 $NetBSD$ d5 3 a7 3 --- doc/ssl/SSL_connect.pod.orig 2013-02-11 15:02:48.000000000 +0000 +++ doc/ssl/SSL_connect.pod @@@@ -41,18 +41,18 @@@@ The following return values can occur: a10 6 -=item 1 +=item Z<>1 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. d18 2 a19 2 -=item E0 +=item Z<>E0 d21 2 a22 2 The TLS/SSL handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was @ 1.1.6.1 log @Pullup ticket #4293 - requested by tron security/openssl: security update Revisions pulled up: - security/openssl/Makefile 1.183 - security/openssl/distinfo 1.101 - security/openssl/patches/patch-doc_crypto_X509__STORE__CTX__get__error.pod deleted - security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod 1.2 - security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod 1.2 - security/openssl/patches/patch-doc_ssl_SSL__accept.pod 1.2 - security/openssl/patches/patch-doc_ssl_SSL__connect.pod 1.2 - security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod 1.2 - security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod 1.2 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Fri Jan 10 14:32:42 UTC 2014 Modified Files: pkgsrc/security/openssl: Makefile distinfo pkgsrc/security/openssl/patches: patch-doc_ssl_SSL__CTX__set__client__CA__list.pod patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__connect.pod patch-doc_ssl_SSL__do__handshake.pod patch-doc_ssl_SSL__shutdown.pod Removed Files: pkgsrc/security/openssl/patches: patch-doc_crypto_X509__STORE__CTX__get__error.pod Log Message: Update "openssl" package to version 1.0.1f. Changes since 1.0.1e: - Fix for TLS record tampering bug. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception. Thanks to Anton Johansson for reporting this issues. (CVE-2013-4353) - Keep original DTLS digest and encryption contexts in retransmission structures so we can use the previous session parameters if they need to be resent. (CVE-2013-6450) [Steve Henson] - Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which avoids preferring ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer. [Rob Stradling, Adam Langley] To generate a diff of this commit: cvs rdiff -u -r1.182 -r1.183 pkgsrc/security/openssl/Makefile cvs rdiff -u -r1.100 -r1.101 pkgsrc/security/openssl/distinfo cvs rdiff -u -r1.1 -r0 \ pkgsrc/security/openssl/patches/patch-doc_crypto_X509__STORE__CTX__get__error.pod cvs rdiff -u -r1.1 -r1.2 \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__accept.pod \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__connect.pod \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod \ pkgsrc/security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod @ text @d5 3 a7 3 --- doc/ssl/SSL_connect.pod.orig 2014-01-06 13:47:42.000000000 +0000 +++ doc/ssl/SSL_connect.pod 2014-01-10 13:30:56.000000000 +0000 @@@@ -41,13 +41,13 @@@@ d11 6 d24 2 a25 2 -=item 1 +=item Z<>1 d27 2 a28 2 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. @