CVS commit: [netbsd-4-0] src/crypto/dist/openssl/ssl
Module Name:src Committed By: riz Date: Tue May 22 20:14:21 UTC 2012 Modified Files: src/crypto/dist/openssl/ssl [netbsd-4-0]: d1_enc.c Log Message: Pull up following revision(s) (requested by drochner in ticket #1446): crypto/dist/openssl/ssl/d1_enc.c: patch pull in upstream rev.22547: Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and DTLS to fix DoS attack. (CVE-2012-2333) To generate a diff of this commit: cvs rdiff -u -r1.1.1.2 -r1.1.1.2.14.1 src/crypto/dist/openssl/ssl/d1_enc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-4-0] src/crypto/dist/openssl/ssl
Module Name:src Committed By: bouyer Date: Tue Oct 12 10:16:16 UTC 2010 Modified Files: src/crypto/dist/openssl/ssl [netbsd-4-0]: s3_clnt.c Log Message: Pull up following revision(s) (requested by jnemeth in ticket #1408): crypto/external/bsd/openssl/dist/ssl/s3_clnt.c: revision 1.2 via patch fix a double free() in error case, see the thread "openssl-1.0.0a and glibc detected sthg ;)" in openssl-dev. I was getting a SEGV with the example posted there. To generate a diff of this commit: cvs rdiff -u -r1.9.4.1.2.1 -r1.9.4.1.2.2 \ src/crypto/dist/openssl/ssl/s3_clnt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-4-0] src/crypto/dist/openssl/ssl
Module Name:src Committed By: snj Date: Sun Mar 28 18:48:45 UTC 2010 Modified Files: src/crypto/dist/openssl/ssl [netbsd-4-0]: s3_pkt.c Log Message: Apply patch (requested by bouyer in ticket #1392): Apply patchset 19476 from openssl repository, fixing CVE-2010-0740. from http://www.openssl.org/news/secadv_20100324.txt: "In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL". To generate a diff of this commit: cvs rdiff -u -r1.6.4.1.2.2 -r1.6.4.1.2.3 src/crypto/dist/openssl/ssl/s3_pkt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.