Module Name: src
Committed By: bouyer
Date: Fri Dec 10 21:45:17 UTC 2010
Modified Files:
src/doc [netbsd-5-0]: CHANGES-5.0.3
Log Message:
tickets 1509 and 1510
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.22 -r1.1.2.23 src/doc/CHANGES-5.0.3
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-5.0.3
diff -u src/doc/CHANGES-5.0.3:1.1.2.22 src/doc/CHANGES-5.0.3:1.1.2.23
--- src/doc/CHANGES-5.0.3:1.1.2.22 Mon Nov 22 02:54:30 2010
+++ src/doc/CHANGES-5.0.3 Fri Dec 10 21:45:17 2010
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-5.0.3,v 1.1.2.22 2010/11/22 02:54:30 riz Exp $
+# $NetBSD: CHANGES-5.0.3,v 1.1.2.23 2010/12/10 21:45:17 bouyer Exp $
A complete list of changes from the NetBSD 5.0.2 release to the NetBSD 5.0.3
release:
@@ -356,3 +356,22 @@
freeing free block" panics.
[hannken, ticket #1477]
+crypto/external/bsd/openssl/dist/ssl/s3_clnt.c 1.3 via patch
+crypto/external/bsd/openssl/dist/ssl/s3_srvr.c 1.6 via patch
+
+ openssl security patch of the day:
+ Fix a flaw in the OpenSSL SSL/TLS server code where an old bug
+ workaround allows malicous clients to modify the stored session cache
+ ciphersuite. In some cases the ciphersuite can be downgraded to a
+ weaker one on subsequent connections. See
+ http://www.openssl.org/news/secadv_20101202.txt
+ (CVE-2010-4180)
+ [drochner, ticket #1509]
+
+crypto/external/bsd/openssl/dist/ssl/t1_lib.c 1.3 via patch
+
+ fix bug introduced by last security patch, from upstream CVS:
+ Don't assume a decode error if session tlsext_ecpointformatlist is
+ not NULL: it can be legitimately set elsewhere.
+ [drochner, ticket #1510]
+
