From owner-cvs-src-old@FreeBSD.ORG Thu Dec 3 10:18:26 2009 Return-Path: Delivered-To: cvs-src-old@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2E706106566B for ; Thu, 3 Dec 2009 10:18:26 +0000 (UTC) (envelope-from cperciva@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 199F28FC08 for ; Thu, 3 Dec 2009 10:18:26 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id nB3AIPEr087270 for ; Thu, 3 Dec 2009 10:18:25 GMT (envelope-from cperciva@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id nB3AIP8H087269 for cvs-src-old@freebsd.org; Thu, 3 Dec 2009 10:18:25 GMT (envelope-from cperciva@repoman.freebsd.org) Message-Id: <200912031018.nB3AIP8H087269@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to cperciva@repoman.freebsd.org using -f From: Colin Percival Date: Thu, 3 Dec 2009 09:18:40 +0000 (UTC) To: cvs-src-old@freebsd.org X-FreeBSD-CVS-Branch: RELENG_7_2 Subject: cvs commit: src UPDATING src/crypto/openssl/ssl s3_lib.c s3_pkt.c s3_srvr.c src/etc/mtree BSD.var.dist src/libexec/rtld-elf rtld.c src/usr.sbin/freebsd-update freebsd-update.sh X-BeenThere: cvs-src-old@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2009 10:18:26 -0000 cperciva 2009-12-03 09:18:40 UTC FreeBSD src repository Modified files: (Branch: RELENG_7_2) . UPDATING crypto/openssl/ssl s3_lib.c s3_pkt.c s3_srvr.c etc/mtree BSD.var.dist libexec/rtld-elf rtld.c usr.sbin/freebsd-update freebsd-update.sh Log: SVN rev 200054 on 2009-12-03 09:18:40Z by cperciva Disable SSL renegotiation in order to protect against a serious protocol flaw. [09:15] Correctly handle failures from unsetenv resulting from a corrupt environment in rtld-elf. [09:16] Fix permissions in freebsd-update in order to prevent leakage of sensitive files. [09:17] Approved by: so (cperciva) Security: FreeBSD-SA-09:15.ssl Security: FreeBSD-SA-09:16.rtld Security: FreeBSD-SA-09:17.freebsd-udpate Revision Changes Path 1.507.2.23.2.8 +11 -0 src/UPDATING 1.1.1.13.8.1 +3 -0 src/crypto/openssl/ssl/s3_lib.c 1.1.1.12.8.1 +2 -5 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.17.2.1.2.1 +7 -0 src/crypto/openssl/ssl/s3_srvr.c 1.75.8.2 +1 -1 src/etc/mtree/BSD.var.dist 1.124.2.4.2.2 +6 -5 src/libexec/rtld-elf/rtld.c 1.8.2.4.4.2 +1 -0 src/usr.sbin/freebsd-update/freebsd-update.sh