the bitrig stable/1.0 branch has been updated by patrick with 2 new commits:
commit 47d550e862006e784525d6cd63eae9741dcef18c diff: https://github.com/bitrig/bitrig/commit/47d550e author: Patrick Wildt <[email protected]> date: Thu Mar 19 15:48:00 2015 +0100 OpenBSD 5.6 errata 20, March 19, 2015 Fix several crash causing defects from OpenSSL. These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref CVE-2015-0289 - PKCS7 NULL pointer dereferences Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt cherry-pick patrick@ ok pedro@ M lib/libssl/src/crypto/asn1/a_int.c M lib/libssl/src/crypto/asn1/a_set.c M lib/libssl/src/crypto/asn1/a_type.c M lib/libssl/src/crypto/asn1/d2i_pr.c M lib/libssl/src/crypto/asn1/d2i_pu.c M lib/libssl/src/crypto/asn1/n_pkey.c M lib/libssl/src/crypto/asn1/tasn_dec.c M lib/libssl/src/crypto/asn1/x_x509.c M lib/libssl/src/crypto/ec/ec_asn1.c M lib/libssl/src/crypto/pkcs7/pk7_doit.c M lib/libssl/src/crypto/pkcs7/pk7_lib.c M lib/libssl/src/crypto/x509/x509_req.c M lib/libssl/src/ssl/d1_lib.c commit 2a893744b20f494901e930c1fd3a64249d650b44 diff: https://github.com/bitrig/bitrig/commit/2a89374 author: Patrick Wildt <[email protected]> date: Thu Mar 19 15:46:00 2015 +0100 OpenBSD 5.6 errata 17, Mar 13, 2015: Don't permit TLS client connections to be downgraded to weak keys. cherry-pick patrick@ ok pedro@ M lib/libssl/src/ssl/d1_clnt.c M lib/libssl/src/ssl/s3_clnt.c M lib/libssl/src/ssl/ssl_cert.c M lib/libssl/src/ssl/ssl_locl.h
