From owner-svn-doc-all@FreeBSD.ORG Tue Apr 2 18:01:40 2013 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 6D88D20E; Tue, 2 Apr 2013 18:01:40 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 5DBB25E9; Tue, 2 Apr 2013 18:01:40 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r32I1e11088812; Tue, 2 Apr 2013 18:01:40 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r32I1d6P088807; Tue, 2 Apr 2013 18:01:39 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201304021801.r32I1d6P088807@svn.freebsd.org> From: Xin LI Date: Tue, 2 Apr 2013 18:01:39 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r41350 - in head/share: security/advisories security/patches/SA-13:03 security/patches/SA-13:04 xml X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Apr 2013 18:01:40 -0000 Author: delphij Date: Tue Apr 2 18:01:39 2013 New Revision: 41350 URL: http://svnweb.freebsd.org/changeset/doc/41350 Log: Add latest security advisories: Fix OpenSSL multiple vulnerabilities. [13:03] Fix BIND remote denial of service. [13:04] Security: CVE-2013-0166, CVE-2013-0169 Security: FreeBSD-SA-13:03.openssl Security: CVE-2013-2266 Security: FreeBSD-SA-13:04.bind Added: head/share/security/advisories/FreeBSD-SA-13:03.openssl.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-13:04.bind.asc (contents, props changed) head/share/security/patches/SA-13:03/ head/share/security/patches/SA-13:03/openssl-9.1.patch (contents, props changed) head/share/security/patches/SA-13:03/openssl-9.1.patch.asc (contents, props changed) head/share/security/patches/SA-13:03/openssl.patch (contents, props changed) head/share/security/patches/SA-13:03/openssl.patch.asc (contents, props changed) head/share/security/patches/SA-13:04/ head/share/security/patches/SA-13:04/bind.patch (contents, props changed) head/share/security/patches/SA-13:04/bind.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml Added: head/share/security/advisories/FreeBSD-SA-13:03.openssl.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-13:03.openssl.asc Tue Apr 2 18:01:39 2013 (r41350) @@ -0,0 +1,126 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-13:03.openssl Security Advisory + The FreeBSD Project + +Topic: OpenSSL multiple vulnerabilities + +Category: contrib +Module: openssl +Announced: 2013-04-02 +Affects: All supported versions of FreeBSD. +Corrected: 2013-03-08 17:28:40 UTC (stable/8, 8.3-STABLE) + 2013-04-02 17:34:42 UTC (releng/8.3, 8.3-RELEASE-p7) + 2013-03-14 17:48:07 UTC (stable/9, 9.1-STABLE) + 2013-04-02 17:34:42 UTC (releng/9.0, 9.0-RELEASE-p7) + 2013-04-02 17:34:42 UTC (releng/9.1, 9.1-RELEASE-p2) +CVE Name: CVE-2013-0166, CVE-2013-0169 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is +a collaborative effort to develop a robust, commercial-grade, full-featured +Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) +and Transport Layer Security (TLS v1) protocols as well as a full-strength +general purpose cryptography library. + +II. Problem Description + +A flaw in the OpenSSL handling of OCSP response verification could be exploited +to cause a denial of service attack. [CVE-2013-0166] + +OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and +DTLS. The weakness could reveal plaintext in a timing attack. [CVE-2013-0169] + +III. Impact + +The Denial of Service could be caused in the OpenSSL server application by +using an invalid key. [CVE-2013-0166] + +A remote attacker could recover sensitive information by conducting +an attack via statistical analysis of timing data with crafted packets. +[CVE-2013-0169] + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated dated after the correction +date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 8.3 and 9.0] +# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl.patch +# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl.patch.asc +# gpg --verify openssl.patch.asc + +[FreeBSD 9.1] +# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl-9.1.patch +# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl-9.1.patch.asc +# gpg --verify openssl-9.1.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +Recompile the operating system using buildworld and installworld as +described in . + +Restart the all deamons using the library, or reboot your the system. + +3) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/8/ r248057 +releng/8.3/ r249029 +stable/9/ r248272 +releng/9.0/ r249029 +releng/9.1/ r249029 +- ------------------------------------------------------------------------- + +VII. References + +CVE Name: +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-13:03.openssl.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.19 (FreeBSD) + +iEYEARECAAYFAlFbGXYACgkQFdaIBMps37ISqACcCovc+NpuH57guiROqIbTfw3P +4RMAn22ppeZnRVfje8up3cyOx/D8CCmI +=rQqV +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-13:04.bind.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-13:04.bind.asc Tue Apr 2 18:01:39 2013 (r41350) @@ -0,0 +1,112 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-13:04.bind Security Advisory + The FreeBSD Project + +Topic: BIND remote denial of service + +Category: contrib +Module: bind +Announced: 2013-04-02 +Credits: Matthew Horsfall of Dyn, Inc. +Affects: FreeBSD 8.4-BETA1 and FreeBSD 9.x +Corrected: 2013-03-28 05:35:46 UTC (stable/8, 8.4-BETA1) + 2013-03-28 05:39:45 UTC (stable/9, 9.1-STABLE) + 2013-04-02 17:34:42 UTC (releng/9.0, 9.0-RELEASE-p7) + 2013-04-02 17:34:42 UTC (releng/9.1, 9.1-RELEASE-p2) +CVE Name: CVE-2013-2266 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet Domain Name Server. The libdns +library is a library of DNS protocol support functions. + +II. Problem Description + +A flaw in a library used by BIND allows an attacker to deliberately +cause excessive memory consumption by the named(8) process. This +affects both recursive and authoritative servers. + +III. Impact + +A remote attacker can cause the named(8) daemon to consume all available +memory and crash, resulting in a denial of service. Applications linked +with the libdns library, for instance dig(1), may also be affected. + +IV. Workaround + +No workaround is available, but systems not running named(8) service +and not using base system DNS utilities are not affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch +# fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch.asc +# gpg --verify bind.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +Recompile the operating system using buildworld and installworld as +described in . + +Restart the named daemon, or reboot the system. + +3) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/8/ r248807 +stable/9/ r248808 +releng/9.0/ r249029 +releng/9.1/ r249029 +- ------------------------------------------------------------------------- + +VII. References + +https://kb.isc.org/article/AA-00871 + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-13:04.bind.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.19 (FreeBSD) + +iEYEARECAAYFAlFbGYYACgkQFdaIBMps37J4eACeNzJtWElzKJZCqXdzhrHEB+pu +1eoAn0oD7xcjoPOnB7H3xZbIeHldgGcI +=BX1M +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-13:03/openssl-9.1.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-13:03/openssl-9.1.patch Tue Apr 2 18:01:39 2013 (r41350) @@ -0,0 +1,3891 @@ +Index: crypto/openssl/CHANGES +=================================================================== +--- crypto/openssl/CHANGES (revision 248771) ++++ crypto/openssl/CHANGES (working copy) +@@ -2,6 +2,35 @@ + OpenSSL CHANGES + _______________ + ++ Changes between 0.9.8x and 0.9.8y [5 Feb 2013] ++ ++ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. ++ ++ This addresses the flaw in CBC record processing discovered by ++ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found ++ at: http://www.isg.rhul.ac.uk/tls/ ++ ++ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information ++ Security Group at Royal Holloway, University of London ++ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and ++ Emilia Käsper for the initial patch. ++ (CVE-2013-0169) ++ [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] ++ ++ *) Return an error when checking OCSP signatures when key is NULL. ++ This fixes a DoS attack. (CVE-2013-0166) ++ [Steve Henson] ++ ++ *) Call OCSP Stapling callback after ciphersuite has been chosen, so ++ the right response is stapled. Also change SSL_get_certificate() ++ so it returns the certificate actually sent. ++ See http://rt.openssl.org/Ticket/Display.html?id=2836. ++ (This is a backport) ++ [Rob Stradling ] ++ ++ *) Fix possible deadlock when decoding public keys. ++ [Steve Henson] ++ + Changes between 0.9.8w and 0.9.8x [10 May 2012] + + *) Sanity check record length before skipping explicit IV in DTLS +Index: crypto/openssl/Configure +=================================================================== +--- crypto/openssl/Configure (revision 248771) ++++ crypto/openssl/Configure (working copy) +@@ -162,6 +162,7 @@ my %table=( + "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", + "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", + "debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -O2 -pipe::(unknown)::::::", ++"debug-ben-debug-64", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debug-ben-debug-noopt", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -pipe::(unknown)::::::", + "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", + "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +@@ -172,10 +173,10 @@ my %table=( + "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", + "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared", +-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", + "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +@@ -428,8 +429,8 @@ my %table=( + "aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", + # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE + # at build time. $OBJECT_MODE is respected at ./config stage! +-"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", +-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", ++"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", ++"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", + + # + # Cray T90 and similar (SDSC) +Index: crypto/openssl/FAQ +=================================================================== +--- crypto/openssl/FAQ (revision 248771) ++++ crypto/openssl/FAQ (working copy) +@@ -83,7 +83,7 @@ OpenSSL - Frequently Asked Questions + * Which is the current version of OpenSSL? + + The current version is available from . +-OpenSSL 1.0.1c was released on May 10th, 2012. ++OpenSSL 1.0.1d was released on Feb 5th, 2013. + + In addition to the current stable release, you can also access daily + snapshots of the OpenSSL development version at