Simon L. B. Nielsen
ab8565e267
Merge OpenSSL 0.9.8n into head.
...
This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m)
but not -STABLE branches.
I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD.
This will be investigated further.
Security: CVE-2010-0433, CVE-2010-0740
Security: http://www.openssl.org/news/secadv_20100324.txt
2010-04-01 15:19:51 +00:00
Simon L. B. Nielsen
6a599222bb
Merge OpenSSL 0.9.8m into head.
...
This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL. The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.
MFC after: 3 weeks
2010-03-13 19:22:41 +00:00
Colin Percival
a235643007
Disable SSL renegotiation in order to protect against a serious
...
protocol flaw. [09:15]
Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]
Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]
Approved by: so (cperciva)
Security: FreeBSD-SA-09:15.ssl
Security: FreeBSD-SA-09:16.rtld
Security: FreeBSD-SA-09:17.freebsd-udpate
2009-12-03 09:18:40 +00:00
Simon L. B. Nielsen
2f1ff7669c
Merge DTLS fixes from vendor-crypto/openssl/dist:
...
- Fix memory consumption bug with "future epoch" DTLS records.
- Fix fragment handling memory leak.
- Do not access freed data structure.
- Fix DTLS fragment bug - out-of-sequence message handling which could
result in NULL pointer dereference in
dtls1_process_out_of_seq_message().
Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.
MFC after: 1 week
Security: CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387
2009-08-23 16:29:47 +00:00
Simon L. B. Nielsen
db522d3ae4
Merge OpenSSL 0.9.8k into head.
...
Approved by: re
2009-06-14 19:45:16 +00:00
Simon L. B. Nielsen
8978d9e7ef
Prevent cross-site forgery attacks on lukemftpd(8) due to splitting
...
long commands into multiple requests. [09:01]
Fix incorrect OpenSSL checks for malformed signatures due to invalid
check of return value from EVP_VerifyFinal(), DSA_verify, and
DSA_do_verify. [09:02]
Security: FreeBSD-SA-09:01.lukemftpd
Security: FreeBSD-SA-09:02.openssl
Obtained from: NetBSD [SA-09:01]
Obtained from: OpenSSL Project [SA-09:02]
Approved by: so (simon)
2009-01-07 20:17:55 +00:00
Simon L. B. Nielsen
c4a78426be
Flatten OpenSSL vendor tree.
2008-08-23 10:51:00 +00:00
Simon L. B. Nielsen
a0ddfe4e72
Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.
...
From the OpenSSL advisory:
Andy Polyakov discovered a flaw in OpenSSL's DTLS
implementation which could lead to the compromise of clients
and servers with DTLS enabled.
DTLS is a datagram variant of TLS specified in RFC 4347 first
supported in OpenSSL version 0.9.8. Note that the
vulnerabilities do not affect SSL and TLS so only clients and
servers explicitly using DTLS are affected.
We believe this flaw will permit remote code execution.
Security: CVE-2007-4995
Security: http://www.openssl.org/news/secadv_20071012.txt
2007-10-18 20:19:33 +00:00
Simon L. B. Nielsen
a87abab4b0
This commit was generated by cvs2svn to compensate for changes in r172767,
...
which included commits to RCS files with non-trunk default branches.
2007-10-18 20:19:33 +00:00
Simon L. B. Nielsen
ec4b528c4a
Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers().
...
Security: FreeBSD-SA-07:08.openssl
Approved by: re (security blanket)
2007-10-03 21:38:57 +00:00
Simon L. B. Nielsen
1d1b15c8bf
Resolve conflicts after import of OpenSSL 0.9.8e.
2007-03-15 20:07:27 +00:00
Simon L. B. Nielsen
5471f83ea7
Vendor import of OpenSSL 0.9.8e.
2007-03-15 20:03:30 +00:00
Simon L. B. Nielsen
03b688114f
This commit was generated by cvs2svn to compensate for changes in r167612,
...
which included commits to RCS files with non-trunk default branches.
2007-03-15 20:03:30 +00:00
Simon L. B. Nielsen
74608424ab
Resolve conflicts after import of OpenSSL 0.9.8d.
2006-10-01 07:46:16 +00:00
Simon L. B. Nielsen
ed5d4f9a94
Vendor import of OpenSSL 0.9.8d.
2006-10-01 07:38:44 +00:00
Simon L. B. Nielsen
02d3319f28
This commit was generated by cvs2svn to compensate for changes in r162911,
...
which included commits to RCS files with non-trunk default branches.
2006-10-01 07:38:44 +00:00
Simon L. B. Nielsen
09bf29a41f
Resolve conflicts after import of OpenSSL 0.9.8b.
2006-07-29 19:14:51 +00:00
Simon L. B. Nielsen
3b4e3dcb9f
Vendor import of OpenSSL 0.9.8b
2006-07-29 19:10:21 +00:00
Simon L. B. Nielsen
f6ab039488
This commit was generated by cvs2svn to compensate for changes in r160814,
...
which included commits to RCS files with non-trunk default branches.
2006-07-29 19:10:21 +00:00
Colin Percival
51ce0d091c
Correct a man-in-the-middle SSL version rollback vulnerability.
...
Security: FreeBSD-SA-05:21.openssl
2005-10-11 11:50:36 +00:00
Jacques Vidrine
a37fa6607a
Remove files that are no longer part of OpenSSL from the vendor
...
branch. This time, these are mostly the `Makefile.ssl' files.
2005-02-25 06:14:53 +00:00
Jacques Vidrine
3c96cf2e8b
This commit was generated by cvs2svn to compensate for changes in r142430,
...
which included commits to RCS files with non-trunk default branches.
2005-02-25 06:14:53 +00:00
Jacques Vidrine
5203f6dc3a
Resolve conflicts after import of OpenSSL 0.9.7e.
2005-02-25 05:49:44 +00:00
Jacques Vidrine
6be8ae0724
Vendor import of OpenSSL 0.9.7e.
2005-02-25 05:39:05 +00:00
Jacques Vidrine
eb8fd19957
This commit was generated by cvs2svn to compensate for changes in r142425,
...
which included commits to RCS files with non-trunk default branches.
2005-02-25 05:39:05 +00:00
Jacques Vidrine
01c0bb1d8a
Clean up the OpenSSL vendor branch by removing files that are not
...
part of recent releases.
2005-02-25 05:25:37 +00:00
Jacques Vidrine
902aa2e784
Resolve conflicts after import of OpenSSL 0.9.7d.
2004-03-17 17:44:39 +00:00
Jacques Vidrine
ced566fd0b
Vendor import of OpenSSL 0.9.7d.
2004-03-17 15:49:33 +00:00
Jacques Vidrine
8f1200ff6f
This commit was generated by cvs2svn to compensate for changes in r127128,
...
which included commits to RCS files with non-trunk default branches.
2004-03-17 15:49:33 +00:00
Jacques Vidrine
81ac585294
Correct a denial-of-service vulnerability in OpenSSL (CAN-2004-0079).
...
Obtained from: OpenSSL CVS (http://cvs.openssl.org/chngview?cn=12033 )
2004-03-17 12:11:08 +00:00
Jacques Vidrine
1612471010
This commit was generated by cvs2svn to compensate for changes in r127114,
...
which included commits to RCS files with non-trunk default branches.
2004-03-17 12:11:08 +00:00
Jacques Vidrine
50ef009353
Vendor import of OpenSSL 0.9.7c
2003-10-01 12:32:41 +00:00
Jacques Vidrine
8ae0780c3a
This commit was generated by cvs2svn to compensate for changes in r120631,
...
which included commits to RCS files with non-trunk default branches.
2003-10-01 12:32:41 +00:00
Chris D. Faulhaber
35f304853f
This commit was generated by cvs2svn to compensate for changes in r112439,
...
which included commits to RCS files with non-trunk default branches.
2003-03-20 20:41:45 +00:00
Chris D. Faulhaber
8786792504
Import of PKCS #1 security fix.
...
http://www.openssl.org/news/secadv_20030319.txt
2003-03-20 20:41:45 +00:00
Jacques Vidrine
def0b8c9c5
Resolve conflicts after import of OpenSSL 0.9.7a.
2003-02-19 23:24:16 +00:00
Jacques Vidrine
fceca8a377
Vendor import of OpenSSL 0.9.7a.
2003-02-19 23:17:42 +00:00
Jacques Vidrine
015ec3c905
This commit was generated by cvs2svn to compensate for changes in r111147,
...
which included commits to RCS files with non-trunk default branches.
2003-02-19 23:17:42 +00:00
Mark Murray
bff3688511
Merge conflicts.
...
This is cunning doublespeak for "use vendor code".
2003-01-28 22:34:21 +00:00
Mark Murray
5c87c606cd
Vendor import of OpenSSL release 0.9.7. This release includes
...
support for AES and OpenBSD's hardware crypto.
2003-01-28 21:43:22 +00:00
Mark Murray
5bd38a39ed
This commit was generated by cvs2svn to compensate for changes in r109998,
...
which included commits to RCS files with non-trunk default branches.
2003-01-28 21:43:22 +00:00
Jacques Vidrine
fd35706acb
Resolve conflicts.
2002-08-10 01:50:50 +00:00
Jacques Vidrine
484549566e
Import of OpenSSL 0.9.6f.
2002-08-10 01:46:10 +00:00
Jacques Vidrine
d96a831475
This commit was generated by cvs2svn to compensate for changes in r101615,
...
which included commits to RCS files with non-trunk default branches.
2002-08-10 01:46:10 +00:00
Jacques Vidrine
d57327ee50
Resolve conflicts after import of OpenSSL 0.9.6e.
2002-07-30 13:58:53 +00:00
Jacques Vidrine
4f20a5a274
Import of OpenSSL 0.9.6e.
2002-07-30 13:38:06 +00:00
Jacques Vidrine
0f881ddd5e
This commit was generated by cvs2svn to compensate for changes in r100936,
...
which included commits to RCS files with non-trunk default branches.
2002-07-30 13:38:06 +00:00
Jacques Vidrine
018cd73f8c
Remove many obsolete files. The majority of these are simply no
...
longer included as part of the OpenSSL distribution. However, a few
we just don't need and are explicitly excluded in FREEBSD-Xlist.
2002-07-30 12:51:09 +00:00
Jacques Vidrine
c1803d7836
Import of OpenSSL 0.9.6d.
2002-07-30 12:44:15 +00:00
Jacques Vidrine
0135f0027c
This commit was generated by cvs2svn to compensate for changes in r100928,
...
which included commits to RCS files with non-trunk default branches.
2002-07-30 12:44:15 +00:00