From owner-svn-src-all@FreeBSD.ORG Fri Nov 26 23:16:37 2010 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 94D7E106566B; Fri, 26 Nov 2010 23:16:37 +0000 (UTC) (envelope-from simon@nitro.dk) Received: from smtp.fullrate.dk (smtp.fullrate.dk [90.185.1.42]) by mx1.freebsd.org (Postfix) with ESMTP id 4D9D88FC16; Fri, 26 Nov 2010 23:16:37 +0000 (UTC) Received: from [192.168.4.26] (4304ds2-vlb.1.fullrate.dk [90.184.171.166]) by smtp.fullrate.dk (Postfix) with ESMTP id B5FAC9D02C; Sat, 27 Nov 2010 00:16:35 +0100 (CET) Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii From: "Simon L. B. Nielsen" In-Reply-To: <201011262250.oAQMoxo1094710@svn.freebsd.org> Date: Sat, 27 Nov 2010 00:16:35 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <201011262250.oAQMoxo1094710@svn.freebsd.org> To: "Simon L. Nielsen" X-Mailer: Apple Mail (2.1082) Cc: svn-src-stable@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-8@freebsd.org Subject: Re: svn commit: r215912 - in stable/8: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/... X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Nov 2010 23:16:37 -0000 On 26 Nov 2010, at 23:50, Simon L. Nielsen wrote: > Author: simon > Date: Fri Nov 26 22:50:58 2010 > New Revision: 215912 > URL: http://svn.freebsd.org/changeset/base/215912 >=20 > Log: > Merge OpenSSL 0.9.8p into stable/8. >=20 > This merges up to and including head/crypto/openssl/ r215697; and > head/secure/lib/libcrypto/, head/secure/lib/libssl/, > head/secure/usr.bin/openssl/ r215698. >=20 > To make the merge simpler, a hack was added to set MACHINE_CPUARCH. >=20 > Security: CVE-2010-2939, CVE-2010-3864 > Security: http://www.openssl.org/news/secadv_20101116.txt > Security: FreeBSD-SA-10:10.openssl > Approved by: re (implicitly - they did not object of the general idea > of OpenSSL update) Just in case anyone is wondering, FreeBSD-SA-10:10.openssl will not be = released right now, but should be out early next week. I just thought I = might as well mention it in the commit message as the name is known at = this point. PS from what I read and tested so far, the actual risk with both = CVE-2010-2939 [1] and CVE-2010-3864 is very little. [1] At least for FreeBSD's current OpenSSL 0.9.8. --=20 Simon L. B. Nielsen Hat: OpenSSL maintainer (and a bit of the secteam hat)