d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
283,688 Commits 72 Branches 135 Tags 3.2 GiB
2b519b1707
Commit Graph

139 Commits

Author SHA1 Message Date
Jung-uk Kim
94ad176c68 Merge OpenSSL 1.0.1h. 
Approved by:	so (delphij)
 2014-06-09 05:50:57 +00:00
Xin LI
4a448cff07 Fix OpenSSL multiple vulnerabilities. 
Security:	CVE-2014-0195, CVE-2014-0221, CVE-2014-0224,
		CVE-2014-3470
Security:	SA-14:14.openssl
Approved by:	so
 2014-06-05 12:32:16 +00:00
Xin LI
f5da602e47 Fix OpenSSL NULL pointer deference vulnerability. 
Obtained from:	OpenBSD
Security:	FreeBSD-SA-14:09.openssl
Security:	CVE-2014-0198
 2014-05-13 23:17:24 +00:00
Xin LI
e38c714ed3 Fix OpenSSL use-after-free vulnerability. 
Obtained from:	OpenBSD
Security:	FreeBSD-SA-14:09.openssl
Security:	CVE-2010-5298
 2014-04-30 04:02:36 +00:00
Jung-uk Kim
560ede85d4 Merge OpenSSL 1.0.1g. 
Approved by:	benl (maintainer)
 2014-04-08 21:06:58 +00:00
Xin LI
25bfde79d6 Fix NFS deadlock vulnerability. [SA-14:05] 
Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel
Attack in OpenSSL. [SA-14:06]
 2014-04-08 18:27:32 +00:00
Jung-uk Kim
de78d5d8fd Merge OpenSSL 1.0.1f. 
Approved by:	so (delphij), benl (silence)
 2014-01-22 19:57:11 +00:00
Xin LI
246aa294d7 MFV r260399: 
Apply vendor commits:

197e0ea	Fix for TLS record tampering bug.  (CVE-2013-4353).
3462896	For DTLS we might need to retransmit messages from the
	previous session so keep a copy of write context in DTLS
	retransmission buffers instead of replacing it after
	sending CCS.  (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
	algorithms use the version number in the corresponding
	SSL_METHOD structure instead of the SSL structure.  The
	SSL structure version is sometimes inaccurate.
	Note: OpenSSL 1.0.2 and later effectively do this already.
	(CVE-2013-6449).

Security:	CVE-2013-4353
Security:	CVE-2013-6449
Security:	CVE-2013-6450
 2014-01-07 19:58:45 +00:00
Xin LI
14bf23ce31 MFV r254106 (OpenSSL bugfix for RT #2984): 
Check DTLS_BAD_VER for version number.

The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.

Requested by:	zi
Approved by:	benl
 2013-08-08 22:29:35 +00:00
Jung-uk Kim
09286989d3 Merge OpenSSL 1.0.1e. 
Approved by:	secteam (simon), benl (silence)
 2013-02-13 23:07:20 +00:00
Jung-uk Kim
1f13597d10 Merge OpenSSL 1.0.1c. 
Approved by:	benl (maintainer)
 2012-07-12 19:30:53 +00:00
Jung-uk Kim
12de4ed299 Merge OpenSSL 0.9.8x. 
Reviewed by:	stas
Approved by:	benl (maintainer)
MFC after:	3 days
 2012-06-27 18:44:36 +00:00
Bjoern A. Zeeb
071183ef48 Update the previous openssl fix. [12:01] 
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]

Security:	FreeBSD-SA-12:01.openssl (revised)
Security:	FreeBSD-SA-12:02.crypt
Approved by:	so (bz, simon)
 2012-05-30 12:01:28 +00:00
Bjoern A. Zeeb
a95abaf173 Fix multiple OpenSSL vulnerabilities. 
Security:	CVE-2011-4576, CVE-2011-4619, CVE-2011-4109
Security:	CVE-2012-0884, CVE-2012-2110
Security:	FreeBSD-SA-12:01.openssl
Approved by:	so (bz,simon)
 2012-05-03 15:25:11 +00:00
Xin LI
dfdd332056 Fix SSL memory handlig for (EC)DH cipher suites, in particular for 
multi-threaded use of ECDH.

Security:	CVE-2011-3210
Reviewed by:	stas
Obtained from:	OpenSSL CVS
Approved by:	re (kib)
 2011-09-08 09:33:49 +00:00
Simon L. B. Nielsen
0a70456882 Fix Incorrectly formatted ClientHello SSL/TLS handshake messages could 
cause OpenSSL to parse past the end of the message.

Note: Applications are only affected if they act as a server and call
SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes
Apache httpd >= 2.3.3, if configured with "SSLUseStapling On".

Security:	http://www.openssl.org/news/secadv_20110208.txt
Security:	CVE-2011-0014
Obtained from:	OpenSSL CVS
 2011-02-12 21:30:46 +00:00
Simon L. B. Nielsen
72b8021a0a Merge OpenSSL 0.9.8q into head. 
Security:	CVE-2010-4180
Security:	http://www.openssl.org/news/secadv_20101202.txt
MFC after:	3 days
 2010-12-03 22:59:54 +00:00
Simon L. B. Nielsen
a3ddd25aba Merge OpenSSL 0.9.8p into head. 
Security:	CVE-2010-3864
Security:	http://www.openssl.org/news/secadv_20101116.txt
 2010-11-22 18:23:44 +00:00
Simon L. B. Nielsen
8dced518a6 Fix double-free in OpenSSL's SSL ECDH code. 
It has yet to be determined if this warrants a FreeBSD Security
Advisory, but we might as well get it fixed in the normal branches.

Obtained from:	OpenSSL CVS
Security:	CVE-2010-2939
X-MFC after:	Not long...
 2010-11-14 09:33:47 +00:00
Simon L. B. Nielsen
ab8565e267 Merge OpenSSL 0.9.8n into head. 
This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m)
but not -STABLE branches.

I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD.
This will be investigated further.

Security:	CVE-2010-0433, CVE-2010-0740
Security:	http://www.openssl.org/news/secadv_20100324.txt
 2010-04-01 15:19:51 +00:00
Simon L. B. Nielsen
6a599222bb Merge OpenSSL 0.9.8m into head. 
This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL.  The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.

MFC after:	3 weeks
 2010-03-13 19:22:41 +00:00
Colin Percival
a235643007 Disable SSL renegotiation in order to protect against a serious 
protocol flaw. [09:15]

Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]

Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]

Approved by:	so (cperciva)
Security:	FreeBSD-SA-09:15.ssl
Security:	FreeBSD-SA-09:16.rtld
Security:	FreeBSD-SA-09:17.freebsd-udpate
 2009-12-03 09:18:40 +00:00
Simon L. B. Nielsen
2f1ff7669c Merge DTLS fixes from vendor-crypto/openssl/dist: 
- Fix memory consumption bug with "future epoch" DTLS records.
- Fix fragment handling memory leak.
- Do not access freed data structure.
- Fix DTLS fragment bug - out-of-sequence message handling which could
  result in NULL pointer dereference in
  dtls1_process_out_of_seq_message().

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

MFC after:	1 week
Security:	CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387
 2009-08-23 16:29:47 +00:00
Simon L. B. Nielsen
db522d3ae4 Merge OpenSSL 0.9.8k into head. 
Approved by:	re
 2009-06-14 19:45:16 +00:00
Simon L. B. Nielsen
8978d9e7ef Prevent cross-site forgery attacks on lukemftpd(8) due to splitting 
long commands into multiple requests. [09:01]

Fix incorrect OpenSSL checks for malformed signatures due to invalid
check of return value from EVP_VerifyFinal(), DSA_verify, and
DSA_do_verify. [09:02]

Security:	FreeBSD-SA-09:01.lukemftpd
Security:	FreeBSD-SA-09:02.openssl
Obtained from:	NetBSD [SA-09:01]
Obtained from:	OpenSSL Project [SA-09:02]
Approved by:	so (simon)
 2009-01-07 20:17:55 +00:00
Simon L. B. Nielsen
c4a78426be Flatten OpenSSL vendor tree. 2008-08-23 10:51:00 +00:00
Simon L. B. Nielsen
a0ddfe4e72 Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch. 
From the OpenSSL advisory:

	Andy Polyakov discovered a flaw in OpenSSL's DTLS
	implementation which could lead to the compromise of clients
	and servers with DTLS enabled.

	DTLS is a datagram variant of TLS specified in RFC 4347 first
	supported in OpenSSL version 0.9.8. Note that the
	vulnerabilities do not affect SSL and TLS so only clients and
	servers explicitly using DTLS are affected.

	We believe this flaw will permit remote code execution.

Security:	CVE-2007-4995
Security:	http://www.openssl.org/news/secadv_20071012.txt
 2007-10-18 20:19:33 +00:00
Simon L. B. Nielsen
a87abab4b0 This commit was generated by cvs2svn to compensate for changes in r172767, 
which included commits to RCS files with non-trunk default branches.
 2007-10-18 20:19:33 +00:00
Simon L. B. Nielsen
ec4b528c4a Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers(). 
Security:	FreeBSD-SA-07:08.openssl
Approved by:	re (security blanket)
 2007-10-03 21:38:57 +00:00
Simon L. B. Nielsen
1d1b15c8bf Resolve conflicts after import of OpenSSL 0.9.8e. 2007-03-15 20:07:27 +00:00
Simon L. B. Nielsen
5471f83ea7 Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
Simon L. B. Nielsen
03b688114f This commit was generated by cvs2svn to compensate for changes in r167612, 
which included commits to RCS files with non-trunk default branches.
 2007-03-15 20:03:30 +00:00
Simon L. B. Nielsen
74608424ab Resolve conflicts after import of OpenSSL 0.9.8d. 2006-10-01 07:46:16 +00:00
Simon L. B. Nielsen
ed5d4f9a94 Vendor import of OpenSSL 0.9.8d. 2006-10-01 07:38:44 +00:00
Simon L. B. Nielsen
02d3319f28 This commit was generated by cvs2svn to compensate for changes in r162911, 
which included commits to RCS files with non-trunk default branches.
 2006-10-01 07:38:44 +00:00
Simon L. B. Nielsen
09bf29a41f Resolve conflicts after import of OpenSSL 0.9.8b. 2006-07-29 19:14:51 +00:00
Simon L. B. Nielsen
3b4e3dcb9f Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
Simon L. B. Nielsen
f6ab039488 This commit was generated by cvs2svn to compensate for changes in r160814, 
which included commits to RCS files with non-trunk default branches.
 2006-07-29 19:10:21 +00:00
Colin Percival
51ce0d091c Correct a man-in-the-middle SSL version rollback vulnerability. 
Security:	FreeBSD-SA-05:21.openssl
 2005-10-11 11:50:36 +00:00
Jacques Vidrine
a37fa6607a Remove files that are no longer part of OpenSSL from the vendor 
branch.  This time, these are mostly the `Makefile.ssl' files.
 2005-02-25 06:14:53 +00:00
Jacques Vidrine
3c96cf2e8b This commit was generated by cvs2svn to compensate for changes in r142430, 
which included commits to RCS files with non-trunk default branches.
 2005-02-25 06:14:53 +00:00
Jacques Vidrine
5203f6dc3a Resolve conflicts after import of OpenSSL 0.9.7e. 2005-02-25 05:49:44 +00:00
Jacques Vidrine
6be8ae0724 Vendor import of OpenSSL 0.9.7e. 2005-02-25 05:39:05 +00:00
Jacques Vidrine
eb8fd19957 This commit was generated by cvs2svn to compensate for changes in r142425, 
which included commits to RCS files with non-trunk default branches.
 2005-02-25 05:39:05 +00:00
Jacques Vidrine
01c0bb1d8a Clean up the OpenSSL vendor branch by removing files that are not 
part of recent releases.
 2005-02-25 05:25:37 +00:00
Jacques Vidrine
902aa2e784 Resolve conflicts after import of OpenSSL 0.9.7d. 2004-03-17 17:44:39 +00:00
Jacques Vidrine
ced566fd0b Vendor import of OpenSSL 0.9.7d. 2004-03-17 15:49:33 +00:00
Jacques Vidrine
8f1200ff6f This commit was generated by cvs2svn to compensate for changes in r127128, 
which included commits to RCS files with non-trunk default branches.
 2004-03-17 15:49:33 +00:00
Jacques Vidrine
81ac585294 Correct a denial-of-service vulnerability in OpenSSL (CAN-2004-0079). 
Obtained from:	OpenSSL CVS (http://cvs.openssl.org/chngview?cn=12033)
 2004-03-17 12:11:08 +00:00
Jacques Vidrine
1612471010 This commit was generated by cvs2svn to compensate for changes in r127114, 
which included commits to RCS files with non-trunk default branches.
 2004-03-17 12:11:08 +00:00
Jacques Vidrine
50ef009353 Vendor import of OpenSSL 0.9.7c 2003-10-01 12:32:41 +00:00
Jacques Vidrine
8ae0780c3a This commit was generated by cvs2svn to compensate for changes in r120631, 
which included commits to RCS files with non-trunk default branches.
 2003-10-01 12:32:41 +00:00
Chris D. Faulhaber
35f304853f This commit was generated by cvs2svn to compensate for changes in r112439, 
which included commits to RCS files with non-trunk default branches.
 2003-03-20 20:41:45 +00:00
Chris D. Faulhaber
8786792504 Import of PKCS #1 security fix. 
http://www.openssl.org/news/secadv_20030319.txt
 2003-03-20 20:41:45 +00:00
Jacques Vidrine
def0b8c9c5 Resolve conflicts after import of OpenSSL 0.9.7a. 2003-02-19 23:24:16 +00:00
Jacques Vidrine
fceca8a377 Vendor import of OpenSSL 0.9.7a. 2003-02-19 23:17:42 +00:00
Jacques Vidrine
015ec3c905 This commit was generated by cvs2svn to compensate for changes in r111147, 
which included commits to RCS files with non-trunk default branches.
 2003-02-19 23:17:42 +00:00
Mark Murray
bff3688511 Merge conflicts. 
This is cunning doublespeak for "use vendor code".
 2003-01-28 22:34:21 +00:00
Mark Murray
5c87c606cd Vendor import of OpenSSL release 0.9.7. This release includes 
support for AES and OpenBSD's hardware crypto.
 2003-01-28 21:43:22 +00:00
Mark Murray
5bd38a39ed This commit was generated by cvs2svn to compensate for changes in r109998, 
which included commits to RCS files with non-trunk default branches.
 2003-01-28 21:43:22 +00:00
Jacques Vidrine
fd35706acb Resolve conflicts. 2002-08-10 01:50:50 +00:00
Jacques Vidrine
484549566e Import of OpenSSL 0.9.6f. 2002-08-10 01:46:10 +00:00
Jacques Vidrine
d96a831475 This commit was generated by cvs2svn to compensate for changes in r101615, 
which included commits to RCS files with non-trunk default branches.
 2002-08-10 01:46:10 +00:00
Jacques Vidrine
d57327ee50 Resolve conflicts after import of OpenSSL 0.9.6e. 2002-07-30 13:58:53 +00:00
Jacques Vidrine
4f20a5a274 Import of OpenSSL 0.9.6e. 2002-07-30 13:38:06 +00:00
Jacques Vidrine
0f881ddd5e This commit was generated by cvs2svn to compensate for changes in r100936, 
which included commits to RCS files with non-trunk default branches.
 2002-07-30 13:38:06 +00:00
Jacques Vidrine
018cd73f8c Remove many obsolete files. The majority of these are simply no 
longer included as part of the OpenSSL distribution.  However, a few
we just don't need and are explicitly excluded in FREEBSD-Xlist.
 2002-07-30 12:51:09 +00:00
Jacques Vidrine
c1803d7836 Import of OpenSSL 0.9.6d. 2002-07-30 12:44:15 +00:00
Jacques Vidrine
0135f0027c This commit was generated by cvs2svn to compensate for changes in r100928, 
which included commits to RCS files with non-trunk default branches.
 2002-07-30 12:44:15 +00:00
Kris Kennaway
c21ce79893 Resolve conflicts. 2002-01-27 03:17:13 +00:00
Kris Kennaway
a21b1b381e Initial import of OpenSSL 0.9.6c 2002-01-27 03:13:07 +00:00
Kris Kennaway
a61825c7f3 This commit was generated by cvs2svn to compensate for changes in r89837, 
which included commits to RCS files with non-trunk default branches.
 2002-01-27 03:13:07 +00:00
Kris Kennaway
37b8c2dbf3 Resolve conflicts 2001-07-19 20:05:28 +00:00
Kris Kennaway
26d191b459 Initial import of OpenSSL 0.9.6b 2001-07-19 19:59:37 +00:00
Kris Kennaway
3c738b5631 This commit was generated by cvs2svn to compensate for changes in r79998, 
which included commits to RCS files with non-trunk default branches.
 2001-07-19 19:59:37 +00:00
Kris Kennaway
f06df90bde Resolve conflicts 2001-05-20 03:17:35 +00:00
Kris Kennaway
5740a5e34c Initial import of OpenSSL 0.9.6a 2001-05-20 03:07:21 +00:00
Kris Kennaway
4992dce6f6 This commit was generated by cvs2svn to compensate for changes in r76866, 
which included commits to RCS files with non-trunk default branches.
 2001-05-20 03:07:21 +00:00
Kris Kennaway
b64f39b655 Resolve conflicts 2001-02-18 03:23:30 +00:00
Kris Kennaway
de7cdddab1 Import of OpenSSL 0.9.6-STABLE snapshot dated 2001-02-10 2001-02-18 03:17:36 +00:00
Kris Kennaway
a991678294 This commit was generated by cvs2svn to compensate for changes in r72613, 
which included commits to RCS files with non-trunk default branches.
 2001-02-18 03:17:36 +00:00
Kris Kennaway
ae152dd3aa Resolve conflicts, and garbage collect some local changes that are no 
longer required
 2000-11-13 02:20:29 +00:00
Kris Kennaway
ddd58736f0 Initial import of OpenSSL 0.9.6 2000-11-13 01:03:58 +00:00
Kris Kennaway
feb1e94b6a This commit was generated by cvs2svn to compensate for changes in r68651, 
which included commits to RCS files with non-trunk default branches.
 2000-11-13 01:03:58 +00:00
Kris Kennaway
7e7159cbdc Resolve conflicts. 2000-04-13 07:15:03 +00:00
Kris Kennaway
f579bf8ec7 Initial import of OpenSSL 0.9.5a 2000-04-13 06:33:22 +00:00
Kris Kennaway
193faf8655 This commit was generated by cvs2svn to compensate for changes in r59191, 
which included commits to RCS files with non-trunk default branches.
 2000-04-13 06:33:22 +00:00
Kris Kennaway
ce600b6ae6 Fix breakage when NO_RSA specified. 
Reviewed by:	Ben Laurie <ben@openssl.org>
 2000-01-14 05:24:08 +00:00
Kris Kennaway
7466462628 Initial import of OpenSSL 0.9.4, sans IDEA and RSA code for patent 
infringement reasons.
 2000-01-10 06:22:05 +00:00