Up to [cvs.NetBSD.org] / pkgsrc / emulators / suse131_openssl
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Update more RPMs from Suse 13.1.
Pullup ticket #4787 - requested by wiz emulators/suse131_base: security update emulators/suse131_freetype2: security update emulators/suse131_glib2: security update emulators/suse131_glx: security update emulators/suse131_gtk2: security update emulators/suse131_krb5: security update emulators/suse131_libSDL: security update emulators/suse131_libcups: security update emulators/suse131_libcurl: security update emulators/suse131_libdbus: security update emulators/suse131_libidn: security update emulators/suse131_libjpeg: security update emulators/suse131_libsndfile: security update emulators/suse131_libssh: security update emulators/suse131_libtiff: security update emulators/suse131_locale: security update emulators/suse131_mozilla-nspr: security update emulators/suse131_mozilla-nss: security update emulators/suse131_openssl: security update emulators/suse131_qt4: security update emulators/suse131_x11: security update Revisions pulled up: - emulators/suse131_base/Makefile 1.15 - emulators/suse131_base/distinfo 1.11 - emulators/suse131_freetype2/Makefile 1.5 - emulators/suse131_freetype2/distinfo 1.2 - emulators/suse131_glib2/Makefile 1.5 - emulators/suse131_glib2/distinfo 1.2 - emulators/suse131_glx/Makefile 1.10 - emulators/suse131_glx/distinfo 1.5 - emulators/suse131_gtk2/Makefile 1.11 - emulators/suse131_gtk2/distinfo 1.7 - emulators/suse131_krb5/Makefile 1.7 - emulators/suse131_krb5/distinfo 1.4 - emulators/suse131_libSDL/Makefile 1.5 - emulators/suse131_libSDL/distinfo 1.2 - emulators/suse131_libcups/Makefile 1.5 - emulators/suse131_libcups/distinfo 1.2 - emulators/suse131_libcurl/Makefile 1.10 - emulators/suse131_libcurl/distinfo 1.7 - emulators/suse131_libdbus/Makefile 1.12 - emulators/suse131_libdbus/distinfo 1.8 - emulators/suse131_libidn/Makefile 1.5 - emulators/suse131_libidn/distinfo 1.2 - emulators/suse131_libjpeg/Makefile 1.5 - emulators/suse131_libjpeg/distinfo 1.2 - emulators/suse131_libsndfile/Makefile 1.6 - emulators/suse131_libsndfile/distinfo 1.3 - emulators/suse131_libssh/Makefile 1.5 - emulators/suse131_libssh/distinfo 1.2 - emulators/suse131_libtiff/Makefile 1.6 - emulators/suse131_libtiff/distinfo 1.3 - emulators/suse131_locale/Makefile 1.5 - emulators/suse131_locale/distinfo 1.2 - emulators/suse131_mozilla-nspr/Makefile 1.8 - emulators/suse131_mozilla-nspr/distinfo 1.5 - emulators/suse131_mozilla-nss/Makefile 1.9 - emulators/suse131_mozilla-nss/distinfo 1.6 - emulators/suse131_openssl/Makefile 1.17 - emulators/suse131_openssl/distinfo 1.14 - emulators/suse131_qt4/Makefile 1.8 - emulators/suse131_qt4/distinfo 1.5 - emulators/suse131_x11/Makefile 1.11 - emulators/suse131_x11/distinfo 1.7 --- Module Name: pkgsrc Committed By: wiz Date: Tue Jul 28 08:49:16 UTC 2015 Modified Files: pkgsrc/emulators/suse131_base: Makefile distinfo pkgsrc/emulators/suse131_freetype2: Makefile distinfo pkgsrc/emulators/suse131_glib2: Makefile distinfo pkgsrc/emulators/suse131_glx: Makefile distinfo pkgsrc/emulators/suse131_gtk2: Makefile distinfo pkgsrc/emulators/suse131_krb5: Makefile distinfo pkgsrc/emulators/suse131_libSDL: Makefile distinfo pkgsrc/emulators/suse131_libcups: Makefile distinfo pkgsrc/emulators/suse131_libcurl: Makefile distinfo pkgsrc/emulators/suse131_libdbus: Makefile distinfo pkgsrc/emulators/suse131_libidn: Makefile distinfo pkgsrc/emulators/suse131_libjpeg: Makefile distinfo pkgsrc/emulators/suse131_libsndfile: Makefile distinfo pkgsrc/emulators/suse131_libssh: Makefile distinfo pkgsrc/emulators/suse131_libtiff: Makefile distinfo pkgsrc/emulators/suse131_locale: Makefile distinfo pkgsrc/emulators/suse131_mozilla-nspr: Makefile distinfo pkgsrc/emulators/suse131_mozilla-nss: Makefile distinfo pkgsrc/emulators/suse131_openssl: Makefile distinfo pkgsrc/emulators/suse131_qt4: Makefile distinfo pkgsrc/emulators/suse131_x11: Makefile distinfo Log Message: Update RPMs from latest openSUSE 13.1 files. >From Rin Okuyama in PR 50082.
Update RPMs from latest openSUSE 13.1 files. From Rin Okuyama in PR 50082.
Put back PKGNAME definitions.
Revert define PKGNAME instead of fake DISTNAME PKGNAME is unstable variable in current pkgsrc framework, so packages must not rely on it.
Apply following update to suse131_openssl, bump PKGREVISION. openSUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:0130-1 Rating: important References: #911399 #912014 #912015 #912018 #912292 #912293 #912294 #912296 Cross-References: CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: openssl was updated to 1.0.1k to fix various security issues and bugs. More information can be found in the openssl advisory: http://openssl.org/news/secadv_20150108.txt Following issues were fixed: * CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. * CVE-2014-3571 (bsc#912294): Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. * CVE-2014-3572 (bsc#912015): Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. * CVE-2014-8275 (bsc#912018): Fixed various certificate fingerprint issues. * CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA keys in export ciphersuites * CVE-2015-0205 (bsc#912293): A fixwas added to prevent use of DH client certificates without sending certificate verify message. * CVE-2015-0206 (bsc#912292): A memory leak was fixed in dtls1_buffer_record. References: http://support.novell.com/security/cve/CVE-2014-3569.html http://support.novell.com/security/cve/CVE-2014-3570.html http://support.novell.com/security/cve/CVE-2014-3571.html http://support.novell.com/security/cve/CVE-2014-3572.html http://support.novell.com/security/cve/CVE-2014-8275.html http://support.novell.com/security/cve/CVE-2015-0204.html http://support.novell.com/security/cve/CVE-2015-0205.html http://support.novell.com/security/cve/CVE-2015-0206.html https://bugzilla.suse.com/show_bug.cgi?id=911399 https://bugzilla.suse.com/show_bug.cgi?id=912014 https://bugzilla.suse.com/show_bug.cgi?id=912015 https://bugzilla.suse.com/show_bug.cgi?id=912018 https://bugzilla.suse.com/show_bug.cgi?id=912292 https://bugzilla.suse.com/show_bug.cgi?id=912293 https://bugzilla.suse.com/show_bug.cgi?id=912294 https://bugzilla.suse.com/show_bug.cgi?id=912296
Bump PKGREVISION to 11 for suse131_openssl. openSUSE Security Update: openssl: fixed elliptic curve handshake failure ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:1474-1 Rating: low References: #905037 Affected Products: openSUSE 13.2 openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This openssl update fixes a TLS handshake problem when elliptic curves are in use.
Apply following security update to suse131_openssl, bump PKGREVISION to 10. openSUSE Security Update: update for openssl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:1331-1 Rating: important References: #901223 #901277 Cross-References: CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: The following issues were fixed in this release: CVE-2014-3566: SSLv3 POODLE attack (bnc#901223) CVE-2014-3513, CVE-2014-3567: DTLS memory leak and session ticket memory leak
define PKGNAME instead of fake DISTNAME.
Pullup ticket #4481 - requested by obache emulators/suse131_openssl: security update Revisions pulled up: - emulators/suse131_openssl/Makefile 1.10 - emulators/suse131_openssl/distinfo 1.10 --- Module Name: pkgsrc Committed By: obache Date: Fri Aug 22 08:43:09 UTC 2014 Modified Files: pkgsrc/emulators/suse131_openssl: Makefile distinfo Log Message: openSUSE Security Update: update for openssl ___________________________________________________________________________ ___ Announcement ID: openSUSE-SU-2014:1052-1 Rating: moderate References: #890764 #890765 #890766 #890767 #890768 #890769 #890770 #890771 #890772 Cross-References: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-5139 Affected Products: openSUSE 13.1 openSUSE 12.3 ___________________________________________________________________________ ___ An update that fixes 9 vulnerabilities is now available. Description: This openssl update fixes the following security issues: - openssl 1.0.1i * Information leak in pretty printing functions (CVE-2014-3508) * Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139) * Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) * Double Free when processing DTLS packets (CVE-2014-3505) * DTLS memory exhaustion (CVE-2014-3506) * DTLS memory leak from zero-length fragments (CVE-2014-3507) * OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) * OpenSSL TLS protocol downgrade attack (CVE-2014-3511) * SRP buffer overrun (CVE-2014-3512)
openSUSE Security Update: update for openssl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:1052-1 Rating: moderate References: #890764 #890765 #890766 #890767 #890768 #890769 #890770 #890771 #890772 Cross-References: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-5139 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This openssl update fixes the following security issues: - openssl 1.0.1i * Information leak in pretty printing functions (CVE-2014-3508) * Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139) * Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) * Double Free when processing DTLS packets (CVE-2014-3505) * DTLS memory exhaustion (CVE-2014-3506) * DTLS memory leak from zero-length fragments (CVE-2014-3507) * OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) * OpenSSL TLS protocol downgrade attack (CVE-2014-3511) * SRP buffer overrun (CVE-2014-3512)
Pullup ticket #4432 - requested by obache emulators/suse131_openssl: security update Revisions pulled up: - emulators/suse131_openssl/Makefile 1.9 - emulators/suse131_openssl/distinfo 1.9 --- Module Name: pkgsrc Committed By: obache Date: Fri Jun 6 09:53:29 UTC 2014 Modified Files: pkgsrc/emulators/suse131_openssl: Makefile distinfo Log Message: Apply openSUSE-SU-2014:0764-1 openSUSE Security Update: openssl: update to version 1.0.1h Description: The openssl library was updated to version 1.0.1h fixing various security issues and bugs: Security issues fixed: - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. Bump PKGREVISION.
Apply openSUSE-SU-2014:0764-1 openSUSE Security Update: openssl: update to version 1.0.1h Description: The openssl library was updated to version 1.0.1h fixing various security issues and bugs: Security issues fixed: - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. Bump PKGREVISION.
Pullup ticket #4404 - requested by obache emulators/suse131_openssl: security update Revisions pulled up: - emulators/suse131_openssl/Makefile 1.8 - emulators/suse131_openssl/distinfo 1.8 --- Module Name: pkgsrc Committed By: obache Date: Wed May 14 09:31:44 UTC 2014 Modified Files: pkgsrc/emulators/suse131_openssl: Makefile distinfo Log Message: Apply openSUSE Security Update: openSUSE-SU-2014:0635-1 update for openssl Description: - Fixed bug[ bnc#876282], CVE-2014-0198 openssl: OpenSSL NULL pointer dereference in do_ssl3_write Add file: CVE-2014-0198.patch Bump PKGREVISION.
Apply openSUSE Security Update: openSUSE-SU-2014:0635-1 update for openssl Description: - Fixed bug[ bnc#876282], CVE-2014-0198 openssl: OpenSSL NULL pointer dereference in do_ssl3_write Add file: CVE-2014-0198.patch Bump PKGREVISION.
Pullup ticket #4396 - requested by obache emulators/suse131_openssl: security update Revisions pulled up: - emulators/suse131_openssl/Makefile 1.6-1.7 - emulators/suse131_openssl/distinfo 1.6-1.7 --- Module Name: pkgsrc Committed By: obache Date: Wed Apr 23 13:14:42 UTC 2014 Modified Files: pkgsrc/emulators/suse131_openssl: Makefile distinfo Log Message: Apply Security Update: openSUSE-SU-2014:0560-1 update for openssl This is an openssl version update to 1.0.1g. - The main reason for this upgrade was to be clear about the TLS heartbeat problem know as "Heartbleed" (CVE-2014-0160). That problem was already fixed in our previous openssl update. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: obache Date: Sat May 3 02:10:06 UTC 2014 Modified Files: pkgsrc/emulators/suse131_openssl: Makefile distinfo Log Message: Apply Security Update: openSUSE-SU-2014:0592-1 OpenSSL: Fixed a use-after-free race condition in OpenSSL's read buffer. Description: A use-after-free race condition in OpenSSL's read buffer was fixed that could cause connections to drop (CVE-2010-5298). Bump PKGREVISION.
Apply Security Update: openSUSE-SU-2014:0592-1 OpenSSL: Fixed a use-after-free race condition in OpenSSL's read buffer. Description: A use-after-free race condition in OpenSSL's read buffer was fixed that could cause connections to drop (CVE-2010-5298). Bump PKGREVISION.
Apply Security Update: openSUSE-SU-2014:0560-1 update for openssl This is an openssl version update to 1.0.1g. - The main reason for this upgrade was to be clear about the TLS heartbeat problem know as "Heartbleed" (CVE-2014-0160). That problem was already fixed in our previous openssl update. Bump PKGREVISION.
Pullup ticket #4360 - requested by obache emulators/suse131_openssl: security update Revisions pulled up: - emulators/suse131_openssl/Makefile 1.5 - emulators/suse131_openssl/distinfo 1.5 --- Module Name: pkgsrc Committed By: obache Date: Tue Apr 8 14:46:39 UTC 2014 Modified Files: pkgsrc/emulators/suse131_openssl: Makefile distinfo Log Message: Update to libopenssl1_0_0-1.0.1e-11.32.1 for CVE-2014-0160. Bump PKGREVISION.
Update to libopenssl1_0_0-1.0.1e-11.32.1 for CVE-2014-0160. Bump PKGREVISION.
Pullup ticket #4352 - requested by obache emulators/suse131_openssl: security update Revisions pulled up: - emulators/suse131_openssl/Makefile 1.4 - emulators/suse131_openssl/distinfo 1.4 --- Module Name: pkgsrc Committed By: obache Date: Fri Apr 4 12:50:14 UTC 2014 Modified Files: pkgsrc/emulators/suse131_openssl: Makefile distinfo Log Message: Update suse131_openssl RPM to libopenssl1_0_0-1.0.1e-11.28.1 for CVE-2014-0076. Bump PKGREVISION.
Update suse131_openssl RPM to libopenssl1_0_0-1.0.1e-11.28.1 for CVE-2014-0076. Bump PKGREVISION.
Pullup ticket #4306 - requested by obache emulators/suse131_openssl: security update Revisions pulled up: - emulators/suse131_openssl/Makefile 1.3 - emulators/suse131_openssl/distinfo 1.3 --- Module Name: pkgsrc Committed By: obache Date: Mon Jan 20 12:18:12 UTC 2014 Modified Files: pkgsrc/emulators/suse131_openssl: Makefile distinfo Log Message: Update rpm to libopenssl1_0_0-1.0.1e-11.14.1 for CVE-2013-4353. Bump PKGREVISION.
Update rpm to libopenssl1_0_0-1.0.1e-11.14.1 for CVE-2013-4353. Bump PKGREVISION.
Pullup ticket #4283 - requested by obache emulators/suse131_openssl: security update Revisions pulled up: - emulators/suse131_openssl/Makefile 1.2 - emulators/suse131_openssl/distinfo 1.2 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: obache Date: Sun Jan 5 09:44:59 UTC 2014 Modified Files: pkgsrc/emulators/suse131_openssl: Makefile distinfo Log Message: Update rpm to libopenssl1_0_0-1.0.1e-11.10.1 for CVE-2013-6449. Bump PKGREVISION. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 pkgsrc/emulators/suse131_openssl/Makefile \ pkgsrc/emulators/suse131_openssl/distinfo
Update rpm to libopenssl1_0_0-1.0.1e-11.10.1 for CVE-2013-6449. Bump PKGREVISION.
Added openSUSE 13.1 packages, provides a number of components for a openSUSE-based Linux binary emulation environment.